KR20150034463A - Authentication system and authentication method for smartwork using mobile device - Google Patents

Authentication system and authentication method for smartwork using mobile device Download PDF

Info

Publication number
KR20150034463A
KR20150034463A KR20130114580A KR20130114580A KR20150034463A KR 20150034463 A KR20150034463 A KR 20150034463A KR 20130114580 A KR20130114580 A KR 20130114580A KR 20130114580 A KR20130114580 A KR 20130114580A KR 20150034463 A KR20150034463 A KR 20150034463A
Authority
KR
South Korea
Prior art keywords
authentication
information
user
electronic document
terminal
Prior art date
Application number
KR20130114580A
Other languages
Korean (ko)
Inventor
박지만
박찬원
양회성
표철식
Original Assignee
한국전자통신연구원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국전자통신연구원 filed Critical 한국전자통신연구원
Priority to KR20130114580A priority Critical patent/KR20150034463A/en
Publication of KR20150034463A publication Critical patent/KR20150034463A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information

Abstract

The smart work authentication system using the mobile terminal using the mobile terminal according to the present invention authenticates the user, collects and transmits the location information and the time information, delivers the electronic document request according to the request of the authenticated user, And a smart work server for authenticating the authentication terminal based on the received location information and the received time information, and delivering the electronic document to the authentication terminal based on the received electronic document request .

Figure P1020130114580

Description

Technical Field [0001] The present invention relates to a smart work authentication system and a smart work authentication method using a mobile terminal,

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a smart work, and more particularly, to an authentication process of a smart work system that performs tasks remotely.

Smark Work refers to a work style or business concept that can work efficiently anytime, anywhere, regardless of time and place, away from conventional office work. SmartWORK has started from the concept of teleworking and telecommuting in the past, but smart devices such as Smart Phone and Tablet PC are rapidly spreading, so that it can be used anytime and anywhere by using smart devices. The concept of "

In a smart work system, a work server for supporting a smart work is accessed remotely, and an electronic document related to the work is accessed and performed. However, in the process of accessing electronic documents by connecting to a business server remotely, an authentication process for accessing electronic documents is required for security. Currently, a time stamp certificate is used as a method of electronic document authentication. The method of authenticating an electronic document using a time stamp certificate is a method of obtaining a time stamp by issuing a time stamp for the electronic document through a third authorized certification authority or a business server. However, since the authentication method using a time stamped certificate is performed through the server, a trouble or a time delay may occur. In a smart work system that needs to process work in real time anytime and anywhere, such obstacles and time delays can cause various inconveniences.

A problem to be solved by the present invention is to increase the reliability of data that is processed in real time by preventing time delay and occurrence of a failure that may occur during authentication through a server. It is another object of the present invention to provide an electronic document service securely and conveniently realized through the mobile terminal even in the application of the authentication of the present invention, Documents, program files, etc.) and methods thereof.

The smart work authentication system using the mobile terminal using the mobile terminal according to the present invention authenticates the smart work server access authority of the user, collects and transmits the location information and the time information, and transmits the electronic document request Authenticate the electronic document access authority of the authentication terminal based on the received location information and the received time information, and transmit the received electronic document to the user based on the received electronic document request, And transmits it to the authentication terminal. The authentication terminal collects the biometric information from the user, and compares the collected biometric information with the previously stored biometric information to authenticate the user. In particular, the authentication terminal can acquire at least one or more biometric information from the user through the image capturing device provided therein, from among the iris information, the fingerprint information, and the face information, thereby authenticating the biometric information of the user.

The location information and the time information collected at the authentication terminal can be collected through a Global Positioning System (GPS). The location information and the time information collected from the authentication terminal may be collected from the base station of the mobile network to which the authentication terminal is connected, or may be collected through TCP / IP of the Internet network to which the authentication terminal is connected. The smart work server may limit the location where the authentication terminal can use the electronic document based on the location information collected at the authentication terminal or limit the time that the authentication terminal can use the electronic document based on the time information. Such an authentication terminal can authenticate the user through at least one communication method among a contactless IC card, RFID, NFC, WiFi, and Bluetooth.

As an embodiment using the smart work authentication system using the mobile terminal, a user authentication system of a personalization agent for issuing an electronic document requested by a user and a submission agency for requesting the issued electronic document authenticates a user, An authentication terminal which receives any one of electronic document data requested by the personalization institution or electronic document code data authorized to access the requested electronic document and delivers the data to the submission agency; A cloud server which receives the remaining one data not transmitted to the authentication terminal among the document data or the electronic document code data and transmits the remaining one data received at the request of the submitter to the submitter, Based on your cloud server Requesting one of the data, and the data received from the data and a cloud server received from the authentication terminal includes a submission server authority to authenticate users whether or correspond to each other.

The authentication terminal can collect biometric information from a user, and can compare the collected biometric information with previously stored biometric information to authenticate the user. The authentication terminal collects and transmits the location information and the time information to the personalization agent. The personalization agent generates an authentication protocol including location information and time information received from the authentication terminal, and transmits the generated authentication protocol to the authentication terminal. The user can be authenticated by receiving the authentication protocol from the authentication terminal.

A smart work authentication method using a mobile terminal first acquires biometric information from a user and verifies the user by comparing the collected biometric information with previously stored biometric information. The authentication terminal collects the location information and the time information, and authenticates the user based on the collected location information or the collected time information. The process of authenticating the user based on the collected location information or the collected time information may include generating an authentication protocol based on the collected location information or the collected time information and authenticating the user based on the generated authentication protocol have.

Alternatively, the process of authenticating the user based on the collected position information or the collected time information may be performed by comparing the collected position information or the collected time information with a preset allowable position or a predetermined allowable time, If the information or the collected time information corresponds to the preset allowable position or the preset allowable time, the user can be authenticated.

Since the smart work authentication system and the authentication method using the mobile terminal according to the present invention authenticate the user by using the GPS device built in the mobile terminal or by collecting the time information and the location information by the connected Internet network or the mobile network, Electronic data (data) including an electronic document can be conveniently and securely authenticated.

1 is a block diagram showing an embodiment of a smart work authentication system using a mobile terminal according to the present invention.
2 is a block diagram illustrating an embodiment of a smart work authentication system that does not use GPS according to the present invention.
3 is a block diagram illustrating a smart work authentication system using near field wireless communication according to the present invention.
4 is a configuration diagram showing another embodiment of a smart work authentication system according to the present invention.
5 is a configuration diagram illustrating an authentication protocol of a smart work authentication system according to an embodiment of the present invention.
6 is a flowchart illustrating a smart work authentication method according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. The terms used in the present specification are terms selected in consideration of the functions and effects in the embodiments, and the meaning of the terms may vary depending on the intention of the user or the operator or industry custom. Therefore, the meaning of the term used in the following embodiments is based on the defined definition when specifically stated in this specification, and unless otherwise stated, it should be interpreted in a sense generally recognized by those skilled in the art.

1 is a block diagram showing an embodiment of a smart work authentication system using a mobile terminal according to the present invention.

Referring to FIG. 1, a smart work authentication system 100 using a mobile terminal according to the present invention may include an authentication terminal 110 and a smart work server 130.

The authentication terminal 110 is first authorized to access the smart work server 130 by confirming the identity of the user through the certification authority. For example, an ID and a password are registered, or a personal identification number (PIN) is issued from a certificate authority. The certification authority may vary according to the type of the smart work server 130 to which the certification authority wants to connect. When the user intends to access the server for the company business, the authentication terminal 110 can be authenticated by the company, and the authentication terminal 110 can be authenticated through a public institution such as a government office. (USB memory, smart card, RFID, or the like) is authenticated and connected to the mobile terminal, and the authentication terminal 110 authenticates the mobile terminal directly through the third authentication authority, .

The authentication terminal 110 authenticates whether or not the user has the access right to the smart work server 130 based on the user information input from the user, and permits the user to access the smart work server 130. The authentication terminal 110 receives user information such as an identification number and a password or a personal identification number (PIN) from the user, identifies the user, and authenticates the user's access right to the smart work server 130 .

The authentication terminal 110 includes a biometric information authentication unit 111, a terminal information collection unit 112, and a communication unit 113. The authentication terminal 110 can authenticate the access right of the smart work server 130 through the biometric information of the user. The biometric information authentication unit 111 constituting the authentication terminal 110 can compare the biometric information input from the user with the biometric information registered in advance and authenticate the user's right to access the smart work server 130. [ The biometric information authentication unit 111 can perform user authentication through facial recognition, iris recognition, fingerprint recognition, and palm print recognition by a user using a video photographing device such as a camera provided in the authentication terminal 110. The biometric information authentication unit 111 photographs the biometric information such as the user's face, iris, fingerprint, or palm through the camera, compares the photographed biometric information with the biometric information of the authenticated user stored in advance, (130) access authority. The biometric information authentication unit 111 can authenticate the user by recognizing the user's voice through a voice recognition device such as a microphone provided in the authentication terminal 110, The terminal 110 may be added to authenticate the user through the fingerprint sensor or the user may be authenticated by recognizing the digital signature input from the user through the touch screen interface or a separate digital signature input device.

The authentication terminal 110 can authenticate the access right of the smart work server 130 to the corresponding user in the biometric information authentication unit 111 based on the biometric information collected from the user so that the smart hand server 130 The user can authenticate the access right of the smart work server 130 without accessing the smart work server 130. The authentication terminal 110 may compare the biometric information collected from the user with the biometric information of the stored authenticated user to determine whether or not the authentication of the corresponding user is authenticated and determine whether or not the smart work server 130 is connected.

The authenticated user biometric information stored in advance in the biometric information authentication unit 111 for comparison with the collected user's body information for authenticating the access right of the target user to the smart work server 130 is stored in the authentication terminal 110 In order to do so, it is generally approved and stored by a third certification authority that can certify personal identity. The third certification body that can certify individual status can be a public institution such as a resident center or an internal certification center of each company. The biometric information of the user is accepted from the third certification authority and stored in the storage device, so that the user and the storage device can be justified. The personal information of the user including the biometric information can be stored in a memory in the authentication terminal 110 and stored in an external storage device such as an SD card, USB, or a security key. In use, Can be used in conjunction.

The terminal information collection unit 112 included in the authentication terminal 110 collects current location information and current time information of the authentication terminal 110 and generates terminal information including the collected location information and time information To the smart work server (130). The terminal information collecting unit 113 collects information on the place and time at which the authentication terminal 110 is currently located and transmits the received location information and time information to the smart work server 130. For example, the location tracking unit 113 included in the authentication terminal 110 may be configured as a Global Positioning System (GPS). GPS collects not only location information but also time information. And transmits the location information and time information of the authentication terminal 110 measured by GPS to the smart work server 130. Through the location information and the time information transmitted to the smart work server 130, it is possible to confirm the precise place where the user performs the work and the time when the work was performed, thereby enabling the user to access the smart work server 130, You can authenticate that you are authorized to view and edit documents.

If the authentication terminal 110 has a built-in GPS, the built-in GPS can be used. If the authentication terminal 110 does not have a built-in GPS device, a separate GPS device can be connected, It is possible to receive and use the GPS data from the separate terminal device provided. For example, when the authentication terminal 110 is a smart phone or a tablet PC having a built-in GPS, the terminal information including the location information and the time information can be acquired using the built-in GPS. However, if the authentication terminal 110 is a terminal device that does not have a built-in GPS, the location information and time information can be received in conjunction with pairing with a smartphone or a tablet PC having a built-in GPS.

GPS is an embodiment of the terminal information collecting unit 113. The terminal information collecting unit 113 is not limited to GPS but may be implemented by various means capable of determining the location of the authentication terminal 110, Can be collected.

The information on the place and time when the authentication terminal 110 collected by the terminal information collecting unit 112 performs the task may be determined by checking the current location and location of the authentication terminal 110 in which the current operation is performed, Can be used to confirm the location and time that was performed. Security can be improved by limiting the location information and the time information to only users having the same location and time using the authentication information in the authentication step.

In addition, the right to access the smart work server 130 with respect to each authentication terminal 110 and the right to read the electronic document stored in the smart work server 130 are limited to the location and time through the location information and the time information . For example, if the authentication terminal 110 is authorized to access the smart work server 130 only at a company and an individual home, the authentication terminal 110 can be located at a private home or a company based on the location information. It is possible to grant the right to access the smart work server 130 only when the smart work server 130 is connected. Alternatively, the specific authentication terminal 110 may be granted the right to access the smart work server 130 only during normal business hours.

In this manner, authentication and restriction of the access right of the smart work server 130 and the electronic document reading right based on the access location and access time of the authentication terminal 110 as well as the authentication through the personal information of the user are performed, Can be strengthened, and the authentication can be performed by classifying situations and objects in more detail and detail.

The communication unit 113 transfers the location information and time information collected by the terminal information collection unit 112 to the smart work server 130 and receives data including the electronic document transmitted from the smart work server 130 . The communication unit 113 may be connected to the smart work server 130 through a mobile communication such as a general 3G / 4G or may be connected to a separate wireless AP through a short distance wireless communication such as NFC, WiFi and Bluetooth, To the smart work server 130 through the Internet network. The communication interface for connecting the communication unit 113 to the smart work server 130 is not limited to the above-described contents, and various communication methods applicable to the use environment and the communication environment can be used.

The authentication terminal 110 accesses the smart work server 130 and accesses the smart work server 130 in a variety of forms when the access right of the smart work server 130 and the usage right of the data and information stored in the smart work server 130 are authenticated Information and data can be worked in electronic form. The authentication terminal 110 accesses the smart work server 130 via the authentication process described above and receives the electronic document, the data file, and the application program stored in the smart work server 130 from the smart work server 130, The smart work server 130 can access the smart work server 130 without downloading from the smart work server 130 and use the electronic document, the data file, and the application program through the streaming service or the cloud service. The user can freely access the smart work server 130 at anytime and anywhere according to the access and usage right determined through the authentication terminal 110, and can perform the work to use the smart work system. ///

The smart work server 130 receives the location information and the time information of the authentication terminal 110 from the terminal information collection unit 112 constituting the authentication terminal 110. [ The smart work server 130 can confirm the current location and time of the authentication terminal 110 accessed through the location information and the time information received from the authentication terminal 110. [ The smart work server 130 accesses the smart work server 130 in the authentication terminal 110 and adds the location information and the time information of the authentication terminal 110 to the work contents and saves them together, The authentication terminal 110, the place where the task was performed, and the time at which the task was performed.

The smart work server 130 accesses the smart work server 130 through the smart work server 130 based on the location information and the time information received from the authentication terminal 110, You can set the viewing rights for programs and so on. The access right and the electronic document reading right are not simply granted to each of the authentication terminals 110 but the access position and the connection time can be limited to grant authority. For example, if the authentication terminal 110 is authorized to access the smart work server 130 only at a company and an individual home, the authentication terminal 110 can be located at a private home or a company based on the location information. It is possible to authenticate the authority to connect to the smart work server 130 only when the authentication is performed. Alternatively, the authority to access the smart work server 130 can be authenticated to the specific authentication terminal 110 only during normal business hours.

In addition, the smart work server 130 may limit the location and time for each individual data or electronic document. Only the specific electronic document is set to be accessible only to a specific place or a specific time (period), and only when the position information and time information received from the authentication terminal 110 correspond to the predetermined position and time in the electronic document The corresponding electronic document can be accessed.

The smart work server 130 receives authentication information from the authentication terminal 110 through the authentication terminal 110 when a business person accesses the smart work server 130 through the authentication terminal 110 and reads the stored electronic document to perform the business, And can recognize and authenticate whether the current work performer is working at a proper place and time. For the unauthenticated authentication terminal 110, the smart work server 130 disconnects or restricts the connection.

In addition, the smart work server 130 may access the smart work server 130 from the authentication terminal 110 to assign a time stamp function to the electronic document in operation.

The authentication terminal 110 can transmit the electronic document data and the electronic code to the smart work server 130 in addition to the authentication. When the time information exceeds a predetermined period, the time stamp function including functions such as notification, deletion and blocking of the electronic document data or electronic code can be performed to ensure safe data. The smart work server 130 can set the validity of the electronic document being worked on at the authentication terminal 110 to be valid only for a predetermined time (period) based on the received time information. An expired electronic document can be notified that the legal value of the electronic document has vanished by adding a timestamp that expires. Alternatively, it is possible to block or delete an electronic document whose validity period has expired. As described above, the smart work server 130 can provide the time stamp function to the electronic document operated by the authentication terminal 110, thereby maintaining the security of the work and enhancing the reliability. The smart work server 130 can assign a time stamp function to various data files or application programs as well as stored electronic documents.

2 is a block diagram illustrating an embodiment of a smart work authentication system that does not use GPS according to the present invention.

Referring to FIG. 2, the smart work authentication system shown in FIG. 1 acquires location information and time information through GPS to perform an authentication process. If the authentication terminal does not have a built-in GPS, And received location information and time information. However, GPS may not work properly indoors, and may not operate normally depending on the surrounding environment or standby conditions. In addition, there may be a situation where connection with a smart device equipped with GPS is impossible. If the location information and the time information can not be collected through the GPS, the smart work authentication system 200 collects the location information and the time information through a method other than GPS.

In the smart work authentication system 200 when GPS is not used, the authentication terminal 210 authenticates the user's access right to the smart work server 230 based on the personal information including the user's biometric information, If the user has a right to access the smart work server 230, the user attempts to connect to the smart work server 230.

The authentication terminal connected to the smart work server 230 transfers the location information and the time information to the smart work server 230. Generally, the authentication terminal collects location information and time information by using built-in GPS or a separate device equipped with GPS, and transmits the collected location information and time information to the smart work server 230. However, there may be situations where you do not have GPS built-in, or you can not connect with GPS-equipped equipment. Or, the weather may not be able to properly receive the GPS signal from the satellite due to the surrounding environment. In this case, the authentication terminal collects the location information and the time information through other methods.

Time information Location information GPS device About GPS Time GPS location information Mobile networks Network information or time information of the terminal Network location information Internet network Time information of the server or time information of the terminal Internet (TCP / IP) location information

Table 1 shows time information and location information when using a GPS device and time information and location information on a mobile network, a wireless network, or an Internet network without a GPS device. When the authentication terminal 211 is a mobile phone such as a smart phone using a mobile network (mobile communication network) such as 3G or LTE, location information and time information can be received from the base station providing the mobile network. Since the location information received from the base station is information on the location of the corresponding base station, it can be used if it is connected only to the mobile communication network in a situation where the accuracy is lower than the position information collected through the GPS but the GPS can not be used.

When the authentication terminal 212 is connected to the PC 50 and accesses the smart work server 230 using the Internet 50 via the PC 50, the authentication terminal 212 registers an IP (Internet Protocol) The location information can be collected by checking the location where the authentication terminal 210 is connected.

The time information of the authentication terminal 210 can be collected using a timer function or a clock function built in the authentication terminal 210 as well as time information received from the base station through the mobile communication network. In this manner, the authentication terminal 210 can acquire location information on the place where the authentication terminal 210 is connected and time information on the connection time without using GPS, and can transmit the collected position information to the smart work server 230. The location information and the time information collected through various methods are transmitted to the smart work server 230 and can be used as information for confirming the work place and the time or the authentication process as shown in FIG.

The smart work server 230 receives the location information and the time information collected by the above-described method from the authentication terminal 210. The smart work server 230 can confirm the current location and time of the authentication terminal 110 accessed through the location information and the time information received from the authentication terminal 210. [ Then, the smart work server 230 accesses the smart work server 230 at the authentication terminal 210 to add the location information and the time information of the authentication terminal 210 to the work contents, The authentication terminal 210, the place where the job was performed, and the time at which the job was performed.

The smart work server 230 accesses the smart work server 230 of the authentication terminal based on the location information and the time information received from the authentication terminal 210 and the electronic document, You can set the viewing rights for programs and so on. It is possible to grant authority to each of the authentication terminals 210 by limiting the connection position and the connection time, rather than merely granting the smart work server 230 access right and the electronic document reading right. For example, if the authentication terminal 210 is authorized to connect to the smart work server 230 only at a company and an individual home, the authentication terminal 210 may be located at a private home or company The smart work server 230 can authenticate the authority to access the smart work server 230 only when it is authenticated. Alternatively, the authority to access the smart work server 230 can be authenticated to the specific authentication terminal 210 only during normal business hours.

The smart work server 130 receives authentication information from the authentication terminal 110 through the authentication terminal 110 when a business person accesses the smart work server 130 through the authentication terminal 110 and reads the stored electronic document to perform the business, And can recognize and authenticate whether the current work performer is working at a proper place and time. For the unauthenticated authentication terminal 110, the smart work server 130 disconnects or restricts the connection.

In addition, the smart work server 230 can access the smart work server 230 from the authentication terminal 210 and assign a time stamp function to the electronic document in operation. The smart work server 230 can set the electronic document being worked on by the authentication terminal 210 to be valid only for a predetermined time (period) based on the received time information. An expired electronic document can be notified that the legal value of the electronic document has vanished by adding a timestamp that expires. Alternatively, it is possible to block or delete an electronic document whose validity period has expired. As described above, the smart work server 230 can provide the time stamp function to the electronic document operated by the authentication terminal 210, thereby maintaining the security of the work and enhancing the reliability. The smart work server 230 can assign a time stamp function to various data files or application programs as well as stored electronic documents.

3 is a block diagram illustrating a smart work authentication system using near field wireless communication according to the present invention.

3, the smart work authentication system 300 according to the present invention performs a user authentication process at the authentication terminal 310 using various methods of short-range wireless communication, Electronic documents, data, application programs, etc.) to perform tasks and build a smart work system.

In FIG. 1, a user authentication process is performed by comparing various biometric information (retina, fingerprint, voice, etc.) of the user stored in the authentication terminal 110 with biometric information measured by the user. In FIG. 3, an authentication process using various short-range wireless communications other than the authentication method using the biometric information of FIG. 1 will be described.

The authentication terminal 310 can authenticate a user using NFC (Near Field Communication). The personal user authentication is performed using the NFC mounted in the authentication terminal 310. When the authentication is completed, a large amount of data such as various kinds of necessary electronic files are transmitted to various short-range wireless communication devices such as WiFi or Bluetooth It can transmit and receive using the interface.

In FIGS. 1 to 3, the smart work servers 130, 230, and 330 have been described as a server that can be connected remotely and perform tasks. However, the present invention is not limited thereto. The smart work servers 130, 230, and 330 may store electronic documents such as government offices providing various administrative services, servers providing cultural service spaces, servers providing medical services such as hospitals / pharmacies, certificate issuing servers related to schools / The server may be provided to the user or may be provided by the user, and the authentication method applied to FIG. 1 through FIG. 3 may be applied to the various servers.

For example, when submitting a financial transaction using an electronic passbook or an electronic file-related loan document or an evidential document to a financial institution, the authentication terminal 110, 210, 310 may further enhance the location information and the time information A security system can be constructed. Further, a security device such as biometric information authentication or NFC authentication through the authentication terminals 110, 210, and 310 may be additionally provided. The smart work authentication system of this application type will be described in detail in FIG. 4 which will be described later.

4 is a configuration diagram showing another embodiment of a smart work authentication system according to the present invention.

The configuration diagram shown in FIG. 4 shows a form in which a smart work authentication system is applied to a service for issuing related documents to a financial institution for a financial service, and submitted to a financial institution. When receiving financial services using mobile terminals, related documents may be issued by government offices and submitted to financial institutions depending on the type of financial services. In this case, if the related documents are issued to the financial institution in the form of an electronic document at the government office through the mobile terminal, the user 30 can conveniently use the financial service. However, authentication and security are very important because the documents issued by public institutions such as government offices related to financial services often contain important personal information.

The user 30 accesses the personalization server 10 in order to receive an electronic document required for the service through the authentication terminal 410 and then undergoes a personal authentication procedure for identification. The authentication terminal 410 accesses the personalization agent server 10 through mobile communication, near field wireless communication, and wired communication, and performs personal authentication through various methods. Since an electronic document to be issued by the personalization agent server 10 contains important personal information, a personal authentication procedure for security is required. The authentication terminal 410 may be a biometric information comparing method, an electronic pen signing method, or a personal identification number (Personal Identification Number) method for comparing the biometric information collected from the user 30 with previously stored biometric information, Number, PIN) of the user 30 through a variety of authentication methods. When the personal authentication procedure is identified as a suitable user 30 through the authentication terminal 410, the issuer server 10 receives a necessary electronic document.

The electronic document issued from the personalization agent server 10 by the user authentication can be provided to the authentication terminal 410 in two major forms. First, the electronic document issued from the personalization server 10 is directly stored in the authentication terminal 410, and the electronic document code corresponding to the electronic document is stored in the cloud server 430. When the user 30 is identified as a suitable user 30 through the user authentication process, the personalization agent server 10 issues an electronic document requested by the user 30, and the issued electronic document is delivered to and stored in the authentication terminal 410. The electronic document stored in the authentication terminal 410 may be encrypted and stored for security according to the type and purpose of the electronic document. The electronic document code for accessing the electronic document is stored in the cloud server 430. The electronic document code serves as an identification number or a security key for accessing or restoring the electronic document issued from the personalization server 10.

In the form of storing the electronic document in the authentication terminal 410 and storing the electronic document code in the cloud server 430, it is not necessary to transmit and store a large amount of data to the cloud server 430, Therefore, problems such as overload of the cloud server 430 or communication failure can be prevented, and the cloud server 430 does not need much storage space. In addition, even if the cloud server 430 is hacked and the electronic document code is leaked, the electronic document code does not include any information about the user 30, so that a person illegally acquiring the electronic document code can not have desired information .

Alternatively, the issuance institution server 10 may transmit only the electronic document code for the electronic document issued to the authentication terminal 410 without storing the issued electronic document directly in the authentication terminal 410, The electronic document is transmitted to the separate cloud server 430 rather than the authentication terminal 410. [ That is, the electronic document is stored in the cloud server 430, and the electronic document code transmitted to the authentication terminal 410 is required to access the electronic document stored in the cloud server 430. Accordingly, the electronic document stored in the cloud server 430 can be accessed only through the electronic document code. In this case, since only the electronic document code is stored in the authentication terminal 410, it is not necessary to provide a large-capacity storage space, and even if the communication speed is low, it can be implemented. That is, since only an electronic document code is transmitted through a low-speed communication method, it can be implemented in various forms such as a contact / non-contact IC card, an NFC card, and an RFID card as well as a mobile terminal such as a smart phone.

When the electronic document and the electronic document code are transmitted to the authentication terminal 410 and the cloud server 430, the personalization agent server 10 receives the location information and the time information from the authentication terminal 410, And an electronic document code, so that it can be used as an effective document authentication. Through this, it is possible to increase the security by limiting the use period or the use place of the electronic document or the electronic document code, and can confirm the time and place where the electronic document and the electronic document code are used. The method of collecting the positional information and the time information and utilizing the collected positional information and time information can be applied to the contents of FIGS. 1 to 3 described above.

The user 30 can submit the electronic document or electronic document code stored in the authentication terminal 410 to the storage institution server 20 to receive the desired service. The process of authenticating the user 30 through the one-step authentication process through the authentication terminal 410 in the same manner as the process of accessing the personalization agent server 10 in the process of connecting the user 30 to the financial institution through the authentication terminal 410 You can authenticate.

When the one-step authentication process for the corresponding user 30 is completed in the storage institution server 20, the receiving institution server 20 transmits the electronic document or the electronic document code transmitted from the authentication terminal 410 to the cloud server 430 And authenticates the user 30 through the two-step authentication process. The storage institution server 20 accesses the cloud server 430 based on the received electronic document code so as to store the electronic document code stored in the cloud server 430, Accesses the document, confirms the complete electronic document through the two-step authentication procedure, and provides the corresponding service to the user 30. On the other hand, if the receiving institution server 20 receives the electronic document from the authentication terminal 410, it connects to the cloud server 430 based on the received electronic document, and stores the electronic document code stored in the cloud server 430 And confirms the complete electronic document through the two-step authentication procedure and provides the corresponding service to the user 30.

The electronic document code for accessing the electronic document stored in the cloud server 430 does not simply represent a path for accessing the electronic document but also acts as a security key for securing access to the electronic document stored in the cloud server 430 do. That is, the electronic document code stored in the authentication terminal 410 must be carried, and the contents can be confirmed by accessing the electronic document stored in the cloud server 430. In addition, since the electronic document code is stored in the authentication terminal 410 through the authentication process of the authentication terminal 410, the electronic document code can be normally performed as a security key only when it is stored in the authentication terminal 410.

5 is a configuration diagram illustrating an authentication protocol of a smart work authentication system according to an embodiment of the present invention.

Referring to FIG. 5, an embodiment of four authentication protocols 501, 502, 503, and 504 is described. Each of the four authentication protocols 501, 502, 503, and 504 may include various types of authentication information (PIN information, biometric information, time information, location information, and the like). The fourth authentication protocol 504 uses only the PIN information as authentication information. The third authentication protocol 503 uses the PIN information and the location information together. In addition, the second authentication protocol 502 uses time information as well as PIN information and location information, and the first authentication protocol 503 further uses the biometrics information in addition to the authentication information used in the second authentication protocol 502 do. As described above, the smart work authentication system according to the present invention can perform authentication using not only general PIN information but also biometric information of a user, and can use the collected location information and time information in the authentication process. By using the collected location information and time information as authentication information, the security of the authentication process can be enhanced. The type of authentication information used for the authentication process may vary depending on the purpose of authentication or security level.

6 is a flowchart illustrating a smart work authentication method according to an embodiment of the present invention.

Referring to FIG. 6, in a smart work authentication method according to an embodiment of the present invention, when a user attempts to access a smart work server through a mobile terminal, PIN information is received from the user (601). Then, it is determined whether the PIN information received from the user is normally authenticated (602). The PIN is a personal identification number, which is a kind of ID that is issued through a separate certification authority. And compares the PIN information input by the user with the PIN information stored in the database to determine whether or not the PIN information is normally authenticated. The authentication of the PIN information can be performed by the server (smart work server) to be connected, and the authentication terminal (mobile terminal) can directly determine whether the PIN information is authenticated. The PIN information can be issued by a company when it is desired to access a server for a specific company business, and can be issued from a public institution such as a government office. If PIN information is not normally authenticated in step 602, it is determined that user authentication has failed (step 610).

Steps 601 and 602 for authenticating a user through PIN information are one embodiment for authenticating a user through pre-registered authentication information. Steps 601 and 602 are not limited to authentication using PIN information. An authentication method in which an ID and a password are registered in advance and an authentication method using a certificate issued from a third certification authority can be used. In particular, the authenticated information may be stored in a separate storage device (USB memory, smart card, RFID, etc.) and used as an authentication terminal by connecting to a mobile terminal.

If PIN information is normally authenticated in step 602, biometric information is collected from the user (603). Then, the biometric information collected from the user is compared with the stored biometric information (604). For user authentication through biometric information, recognition methods such as face recognition, iris recognition, fingerprint recognition and palmprint recognition can be used. The biometric information such as the user's face, iris, fingerprint, or palm is photographed through a camera provided in the mobile terminal, and the acquired biometric information is compared with the biometric information of the authenticated user stored in advance, You can authenticate. The user can recognize the voice of the user through a voice recognition device such as a microphone provided in the mobile terminal, perform a user authentication, add a separate fingerprint sensor to the mobile terminal, or use a separate fingerprint recognition device And can authenticate the user through the fingerprint sensor by connecting. Also, the user can be authenticated by recognizing the digital signature inputted from the user through the touch screen interface or a separate digital signature input device. In this way, the biometric information collected from the user is compared with the stored biometric information, and it is determined whether the biometric information is authenticated (605). When the biometric information collected in step 604 is compared with the stored biometric information, if the biometric information of the same user is present, the user is authenticated. If the same biometric information does not exist, it is determined that the user authentication has failed (610).

If the biometric information is authenticated in step 605, positional information and time information are collected (step 606). And acquires location information and time information on which the authentication terminal attempts connection. As a method of collecting the location information and the time information of the authentication terminal, a GPS provided in the authentication terminal can be used. GPS collects not only location information but also time information. And acquires position information and time information measured by the GPS. Through the collected location information and time information, it is possible to confirm the precise place where the user performs the work and the time when the work was performed, thereby allowing the user to access the smart work server to view and modify the electronic document The user can be authenticated.

If the authentication terminal has a built-in GPS, the built-in GPS can be used. If the authentication terminal does not have a built-in GPS device, a separate GPS device can be connected, or a separate terminal device It is possible to receive and use the GPS data. When the authentication terminal uses a mobile network (mobile communication network) such as 3G or LTE, it can receive location information and time information from a base station that provides the mobile network. In addition, when the authentication terminal accesses the smart work server using the Internet network through the wired LAN or the wireless LAN, the location information is confirmed by confirming the location where the authentication terminal is connected through the Internet Protocol (IP) Can be collected. The time information of the authentication terminal can be collected not only by the time information received from the base station through the mobile network but also by using a timer function or a clock function built in the authentication terminal.

The user is authenticated through the location information and the time information collected in step 606 (607). It is possible to confirm the location and place where the job is performed through the collected location information and the time information, or to restrict access to the smart work server and the viewing authority of the stored electronic document to the location and time. For example, if a specific authentication terminal is authorized to connect to a smart work server only at a company and an individual home, only when the authentication terminal is located at an individual home or company based on the location information, You can authenticate the permissions that are present. Alternatively, the authority to access the smart work server can be authenticated for a specific authentication terminal only during normal business hours. In this way, authentication and limitation of the smart-work server access authority and electronic document reading authority based on the connection location and access time of the authentication terminal as well as the authentication through the personal information of the user can be strengthened in the authentication, It is possible to perform authentication by classifying the situation and subject in detail.

In step 607, it is determined whether the location information and the time information are normally authenticated (608). If the location information and the time information are not normally authenticated, it is determined that the user authentication has failed (610).

If the location information and the time information are normally authenticated in step 608, the user authentication is completed (609). When the authentication process based on the location information and the time information is normally performed, it is determined that the authentication for the user is completed, and the user is permitted to access and use the electronic document. Through this authentication process, the user can access the smart work server and access the electronic file such as the electronic document to perform the business.

In FIG. 6, it is described that the user 30 is authenticated including both authentication using PIN information, authentication using biometric information, and authentication methods using time information / position information. However, the present invention is not limited to the simultaneous use of the three authentication methods, and the authentication method can be selectively applied according to the authentication purpose and security level.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, It is possible.

100: Smart Work Certification System
110: authentication terminal
111: Biometric information authentication unit
112: terminal information collecting unit
113:
130: Smart Work Server
10: Issuing authority
20: Submitter

Claims (20)

A smart work authentication terminal for authenticating a user when accessing a smart work server,
A biometric information authentication unit for collecting biometric information from the user and comparing the biometric information with previously stored biometric information to authenticate the user's access right to the smart work server;
A terminal information collecting unit for collecting location information and time information of the authentication terminal; And
A communication unit for transmitting the collected location information and time information to the smart work server and transmitting and receiving an electronic document from the smart work server;
The smart work authentication terminal comprising: The method according to claim 1,
Wherein the biometric information authentication unit comprises:
Wherein at least one of the biometric information among the iris information, the fingerprint information, the face information, the voice information, and the signature information is collected from the user. The method according to claim 1,
The terminal information collecting unit,
Collecting the location information and the time information from a base station of a mobile network to which the authentication terminal is connected,
Wherein the mobile network comprises one of a short-range wireless communication or a long-range wireless communication. The method according to claim 1,
The terminal information collecting unit,
Wherein the location information and the time information are collected through the Internet network to which the authentication terminal is connected. A smart work authentication system for authenticating a user when accessing a smart work server through an authentication terminal,
Acquires and transmits location information and time information, transmits an electronic document request according to a request of the authenticated user, and provides the received electronic document to the user Authentication terminal; And
The access terminal authenticates the authentication terminal based on the received location information and the received time information to determine an access right of the requested electronic document, and if the access right to the authentication terminal is determined as a result of the determination, A smart work server for transmitting an electronic document to the authentication terminal based on the received electronic document and receiving an electronic document from the authentication terminal;
The smart work authentication system using the mobile terminal. 6. The method of claim 5,
The authentication terminal,
And collecting the biometric information from the user and comparing the collected biometric information with previously stored biometric information to authenticate the user. 6. The method of claim 5,
The smart work server,
And the location restriction unit restricts the location where the authentication terminal can use the electronic document based on the location information. 6. The method of claim 5,
The smart work server,
And the time limit for the use of the electronic document by the authentication terminal is limited based on the time information. 6. The method of claim 5,
The authentication terminal
And authenticates the user through short-range wireless communication. 10. The method of claim 9,
Wherein the authentication terminal transmits the electronic document data or the electronic code in addition to the authentication. 11. The method of claim 10,
Wherein the smart work system has secure data protection by performing an expiration time stamp function on the electronic document data or the electronic code when the time information exceeds a predetermined period. A user authentication system of a personalization agent for issuing an electronic document requested by a user and a submission organization for requesting the issued electronic document,
Receiving the electronic document data requested by the personalization institution from the personalization institution and receiving the electronic document code data authorized to access the requested electronic document by authenticating the user and receiving the electronic document data from the personalization institution, An authentication terminal for delivering to an organization;
Receiving the remaining one of the electronic document data or the electronic document code data not transmitted to the authentication terminal from the personalization institution and transmitting the remaining one piece of the received data to the submission agency at the request of the submission agency A cloud server; And
Requesting the other one of the data to the cloud server based on the data received from the authentication terminal and authenticating the user based on whether data received from the authentication terminal and data received from the cloud server correspond to each other Submission agency server;
The smart work authentication system comprising: 13. The method of claim 12,
The authentication terminal,
Collecting biometric information from the user, and comparing the collected biometric information with previously stored biometric information to authenticate the user. 13. The method of claim 12,
The authentication terminal collects and transmits position information and time information to the personalization agent, and the personalization agent generates an authentication protocol including positional information and time information received from the authentication terminal, and transmits the generated authentication protocol to the authentication terminal Smart work certification system. 15. The method of claim 14,
The submission authority server,
And receives the authentication protocol from the authentication terminal and authenticates the user. A smart work authentication method using a mobile terminal for authenticating a user through an authentication terminal to access a smart work server,
Collecting biometric information from a user;
Authenticating the user by comparing the collected biometric information with previously stored biometric information;
Collecting location information and time information at the authentication terminal; And
Authenticating the user based on the collected location information or the collected time information;
The smart work authentication method using the mobile terminal according to claim 1, 17. The method of claim 16,
Wherein the authenticating the user based on the collected location information or the collected time information comprises:
Generating an authentication protocol based on the collected location information or the collected time information; And
Authenticating the user based on the generated authentication protocol;
The smart work authentication method using the mobile terminal according to claim 1, 17. The method of claim 16,
Wherein the authenticating the user based on the collected location information or the collected time information comprises:
Comparing whether the collected position information or the collected time information corresponds to a predetermined allowable position or a predetermined allowable time; And
Authenticating the user if the collected position information or the collected time information corresponds to a predetermined allowable position or a predetermined allowable time as a result of the comparison;
The smart work authentication method using the mobile terminal according to claim 1, 17. The method of claim 16,
Wherein the location information and the time information are collected from a base station of a mobile network to which the authentication terminal is connected. 17. The method of claim 16,
Wherein the location information and the time information are collected through an Internet network to which the authentication terminal is connected.
KR20130114580A 2013-09-26 2013-09-26 Authentication system and authentication method for smartwork using mobile device KR20150034463A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR20130114580A KR20150034463A (en) 2013-09-26 2013-09-26 Authentication system and authentication method for smartwork using mobile device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR20130114580A KR20150034463A (en) 2013-09-26 2013-09-26 Authentication system and authentication method for smartwork using mobile device

Publications (1)

Publication Number Publication Date
KR20150034463A true KR20150034463A (en) 2015-04-03

Family

ID=53031274

Family Applications (1)

Application Number Title Priority Date Filing Date
KR20130114580A KR20150034463A (en) 2013-09-26 2013-09-26 Authentication system and authentication method for smartwork using mobile device

Country Status (1)

Country Link
KR (1) KR20150034463A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017111506A1 (en) * 2015-12-22 2017-06-29 최재훈 Subject face-to-face confirmation verification system device
KR102207715B1 (en) * 2020-07-15 2021-01-26 프라임원테크 주식회사 ELECTRO-MAGNETIC CONTACTOR AND REMOTE CONTROL METHOD TO REMOTELY CONTROL INDUSTRIAL POWER DEVICES BASED ON IoT
KR20210100353A (en) * 2020-02-06 2021-08-17 주식회사 티오이십일콤즈 User device based on cloud and clould computing system with the same
KR102552295B1 (en) * 2022-04-11 2023-07-06 세종대학교산학협력단 Method and System for User Authentication based on Private Blockchain in Open Cloud Platform Including Sensitive Information

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017111506A1 (en) * 2015-12-22 2017-06-29 최재훈 Subject face-to-face confirmation verification system device
KR20210100353A (en) * 2020-02-06 2021-08-17 주식회사 티오이십일콤즈 User device based on cloud and clould computing system with the same
KR102207715B1 (en) * 2020-07-15 2021-01-26 프라임원테크 주식회사 ELECTRO-MAGNETIC CONTACTOR AND REMOTE CONTROL METHOD TO REMOTELY CONTROL INDUSTRIAL POWER DEVICES BASED ON IoT
KR102552295B1 (en) * 2022-04-11 2023-07-06 세종대학교산학협력단 Method and System for User Authentication based on Private Blockchain in Open Cloud Platform Including Sensitive Information

Similar Documents

Publication Publication Date Title
US9531710B2 (en) Behavioral authentication system using a biometric fingerprint sensor and user behavior for authentication
CN112468506B (en) Method and device for obtaining and issuing electronic certificate
KR101676215B1 (en) Method for signing electronic documents with an analog-digital signature with additional verification
US20170093851A1 (en) Biometric authentication system
EP3695397B1 (en) Authentication of a person using a virtual identity card
CA2813855C (en) Methods and systems for conducting smart card transactions
KR101033337B1 (en) The security authentication method to reinforce verification of the user using the terminal unit
US11843599B2 (en) Systems, methods, and non-transitory computer-readable media for secure biometrically-enhanced data exchanges and data storage
US20150046699A1 (en) Method for generating public identity for authenticating an individual carrying an identification object
KR101937136B1 (en) System and method for authenticating identity using multi-biometrics
US10482225B1 (en) Method of authorization dialog organizing
JP2009181153A (en) User authentication system and method, program, medium
JP6840568B2 (en) Authentication system and authentication method
JP2006277028A (en) User registration method and proxy authentication system using biometric information
KR20150034463A (en) Authentication system and authentication method for smartwork using mobile device
KR20220028836A (en) Method for driver's license authentication service using decentralized identifier based on blockchain networks and user device executing driver's license authentication service
JP2017102842A (en) Personal identification system, personal identification information output system, authentication server, personal identification method, personal identification information output method, and program
JP2005309890A (en) Authentication system
RU2573235C2 (en) System and method for checking authenticity of identity of person accessing data over computer network
Ferraiolo et al. Personal Identity Verification (PIV) Credentials
US20140215586A1 (en) Methods and systems for generating and using a derived authentication credential
US20230394179A1 (en) Information processing apparatus, information processing method, and non-transitory computer-readable storage medium
US20210397687A1 (en) Method for authenticating a user on client equipment
KR20140045462A (en) Real name authentication system and method by smart terminal
JP2010049477A (en) Authentication system, authentication method, card device and authentication request device

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination