KR20150056442A - Security authentication method and apparatus therefor - Google Patents

Abstract

The present invention relates to a security authentication method for safely protecting user data from hacking of the outside and a device therefor. A method for performing security authentication of a user according to the present invention comprises the steps of: configuring, by an authentication server, virtual data including virtual codes for each object to transmit to a safety input device; outputting, by the safety input device, an object selection interface, in which each object is arranged and the location of the object may change based on the virtual data; configuring at least one authentication information including the location information of each object which is arranged at the object selection interface, and a virtual code when the safety input device decides the object location; transmitting, by the safety input device, at least one of configured authentication information to the authentication server; and authenticating a user by analyzing the authentication information, by the authentication server, and by confirming whether the virtual code of each security object set by a user has predetermined location information or not.

Description

[0001] DESCRIPTION [0002] Security authentication method and apparatus therefor [

The present invention relates to a security authentication technique, and more particularly, to a security authentication method and apparatus for securely protecting user data from external hacking.

As a universal method for user authentication, a password authentication method is used. The password authentication method stores an initial input password from a user, compares the password input by the user with the pre-stored password whenever necessary, and determines that the password authentication is successful if the password is identical. In addition, a technique for authenticating a user using a touch pattern set by a user is further disclosed in the existing password authentication method. The following patent document discloses a mobile terminal for authenticating a user using a pattern and a method for locking and unlocking the same.

However, passwords have various exposure possibilities. For example, a third party can watch the password input process of the user and find out the password. Further, the hacking program can hack the password input from the user terminal to find out the password.

Therefore, a password authentication method is required to prevent a third party from using a password even if the password of the user is exposed to a third party. In addition, a password input method for protecting a user's password from a peeking attack or the like is needed.

Korean Patent Publication No. 10-2009-0013432

SUMMARY OF THE INVENTION It is an object of the present invention to provide a security authentication method and apparatus for securely authenticating a user's authentication data from peeking attacks and hacking by malicious codes.

It is another object of the present invention to provide a security authentication method and an apparatus therefor, in which an authentication data input screen is exposed to others, and it is impossible for others to detect secret data of a user.

Other objects and advantages of the present invention will become apparent from the following description, and it will be understood by those skilled in the art that the present invention is not limited thereto. It will also be readily apparent that the objects and advantages of the invention may be realized and attained by means of the instrumentalities and combinations particularly pointed out in the appended claims.

According to a first aspect of the present invention, there is provided a method of performing security authentication of a user in an authentication system according to the first aspect of the present invention includes: generating, by an authentication server, virtual data including a virtual code for each entity; The safety input device outputting an object selection interface on the basis of the virtual data, wherein each object is disposed and the position of the object is changeable; Generating one or more pieces of authentication information including location information and virtual codes of each entity disposed in the entity selection interface when the safety input device determines the location of the entity; Transmitting, by the safety input device, the generated one or more pieces of authentication information to the authentication server; And authenticating the user by verifying whether the virtual code of each secret entity set by the user has the promised location information by analyzing the authentication information by the authentication server.

According to a second aspect of the present invention, there is provided an authentication apparatus comprising: a storage unit for storing a plurality of secret entities set by a user; A virtual data providing unit for generating virtual codes for each of the plurality of secret objects and the camouflage objects and transmitting the virtual data including the virtual codes of each of the generated virtual objects to the communication device of the user; And authentication information including an arrangement position and virtual data for each object from the communication device and analyzing the authentication information to check whether or not the virtual code of each secret object has the promised location information, And an authenticating unit for authenticating the authenticated user.

According to a third aspect of the present invention, there is provided a method for performing a security authentication of a user in an authentication system, the method comprising: selecting a plurality of secret objects from an object pool by an authentication server; To a message destination; The authentication server generates virtual data including a virtual code for each entity and transmits the generated virtual data to the safety input device; The safety input device outputting an object selection interface on the basis of the virtual data, wherein each object is disposed and the position of the object is changeable; Generating one or more pieces of authentication information including location information and virtual codes of each entity disposed in the entity selection interface when the safety input device determines the location of the entity; Transmitting, by the safety input device, the generated one or more pieces of authentication information to the authentication server; And authenticating the user by analyzing the authentication information and checking whether the virtual code of each selected secret entity has the promised location information.

According to a fourth aspect of the present invention, there is provided an authentication apparatus comprising: a storage unit storing an entity pool; Selecting a plurality of secret objects from the object pool of the storage unit, and transmitting the selected secret objects to a message destination designated by the user; A plurality of camouflage objects are selected from the object pool in the storage unit, virtual codes for the secret objects and the camouflage objects are generated, and the virtual data including the virtual codes of the individual objects thus generated is transmitted to the communication device To provide virtual data; And authentication information including an arrangement position and virtual data for each object from the communication device and analyzing the authentication information to check whether or not the virtual code of each secret object has the promised location information, And an authenticating unit for authenticating the authenticated user.

According to a fifth aspect of the present invention, there is provided a safety input device comprising: a storage unit for storing a plurality of secret objects set by a user; An interface generation unit for generating and outputting a plurality of object selection interfaces in which respective objects are arranged and whose object positions can be changed; And an authentication unit for authenticating a user by confirming a secret entity in each entity selection interface when the position of the entity is determined in the entity selection interface and checking whether each secret entity is located at a predetermined location .

When each object is sorted in the object selection interface, since the user is authenticated through whether the secret object is located at the appointed position, the authentication data related to the authentication of the user is protected from external attacks such as peeking attack There are advantages.

In addition, the present invention generates object-related data based on a uniform resource locator (URL) and a one-time virtual code randomly generated at every authentication, and generates one-time authentication information based on the object location in the object selection interface By authenticating the user on the basis, it is possible to prevent the user's main data (e.g., a password, etc.) from being exposed to the communication network.

Particularly, the present invention provides a virtual URL and a virtual code for each user to the user, and the virtual code authenticates the user based on the authentication information generated based on the location of the object. Therefore, even if the authentication data related to the user is hacked, It is not only impossible for others to confirm the sorting position of the secret object, but also because the hacked authentication information can not be reused, which is advantageous in protecting user data more securely.

In addition, according to the present invention, when the user selects the variable sorting method by the secret object sorting method, if the sorting position of the secret object is randomly changed and the secret object is leaked but the position information for each object is not received through the legitimate device, It can be designed so as not to proceed to achieve more enhanced security.

In addition, according to another embodiment of the present invention, a one-time secret object randomly selected at each authentication is provided to a user-specified device, and the one-time secret entity thus provided is requested to be aligned at a predetermined position on the object selection interface, There is an advantage that the secret object can be prevented from being reused even if the secret object is leaked.

In addition, since the security authentication method according to the present invention authenticates a user based on a one-time authentication code, it also has an effect of replacing an existing OTP (one time password) authentication method or an electronic signature. Particularly, the security authentication method according to the present invention may exert the effect of digital signature when storing the authentication time and the authentication fingerprint (i.e., the virtual code of the secret entity) after the user is finally authenticated.

BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate exemplary embodiments of the invention and, together with the description, serve to explain the principles of the invention. And shall not be construed as limited to such matters.
1 is a diagram of an authentication system, in accordance with an embodiment of the present invention.
2 is a flowchart illustrating a method of registering a user in a security authentication service in an authentication system according to an embodiment of the present invention.
3 is a view showing a secret object selection window according to an embodiment of the present invention.
4 is a flow diagram illustrating a method for authenticating a user based on a fixed sorting scheme in an authentication system, in accordance with an embodiment of the present invention.
5 is a flow diagram illustrating a method for authenticating a user based on a user-specified sorting scheme in an authentication system, in accordance with an embodiment of the present invention.
Figure 6 is a flow diagram illustrating a method for authenticating a user based on a floating sorting scheme in an authentication system, in accordance with an embodiment of the present invention.
7A and 7B are diagrams illustrating various embodiments of an entity selection interface in accordance with the present invention.
8A and 8B are diagrams illustrating virtual codes recorded in an authentication matrix according to an embodiment of the present invention.
9A and 9B are views showing an image expressing positional information per secret object according to the present invention.
10 is a diagram illustrating an authentication system, in accordance with another embodiment of the present invention.
11 is a flowchart illustrating a method of registering a user in a security authentication service in an authentication system according to another embodiment of the present invention.
12 is a view exemplifying a position setting window.
13 is a flowchart illustrating a method for authenticating a user in an authentication system, according to another embodiment of the present invention.
14 is a diagram illustrating a safety input device applied in a standalone environment according to another embodiment of the present invention.

The foregoing and other objects, features and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings, in which: There will be. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. Hereinafter, a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings.

Prior to describing the constitution of the present invention, the following terms will be described.

An object is placed in an object selection interface as a kind of user-selectable key information such as an image, a moving picture, a sound, a text, a number, and the like.

A secret entity is an entity set for a security authentication service among a plurality of entities.

The gastrointestinal object is an object arbitrarily selected in order to minimize the exposure of the secret object.

A pseudo code is a one-time string corresponding to an object, and is generated randomly at every authentication.

The object selection interface is a graphical user interface in which a plurality of objects are arranged and a position of an object can be moved according to a user's operation. A secret object and a camouflage object are disposed in the object selection interface.

A uniform resource locator (URL) is an object's one-time URL, which is randomly generated every time it is authenticated, just like virtual code.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a diagram of an authentication system, in accordance with an embodiment of the present invention.

As shown in FIG. 1, an authentication system according to an embodiment of the present invention includes a safety input device 10 and an authentication server 20. The safety input device 10 and the authentication server 20 communicate with each other via the network 30. Here, the network 30 includes a mobile communication network and a wired broadband Internet network, and corresponds to a well-known conventional technology in the present invention, and thus a detailed description thereof will be omitted.

The safety input device 10 generates authentication information protected from hacking attacks such as peeking attacks and transmits the authentication information to the authentication server 20. Specifically, the safety input device 10 generates an object selection interface in which a plurality of secret objects and a plurality of camouflage objects are randomly arranged and the object can be moved using the virtual data received from the authentication server 20, do. When the sorting of the objects is completed on the object selection interface, the safety input device 10 generates authentication information in which the virtual code and the position information of each object arranged on the object selection interface are recorded, and transmits the generated authentication information to the authentication server 20 Thereby requesting the authentication server 20 to authenticate the user. At this time, the authentication server 20 may generate an authentication matrix in which the virtual code for each entity is arranged according to the location information, and transmit the authentication matrix to the authentication server 20 as the authentication information.

The safety input device 10 may be a wireless input device such as a wired or wireless information communication terminal such as a notebook computer, a desktop computer, a tablet computer, a mobile communication terminal and other portable terminals, an ATM device (cash dispensing device), a door lock, And the like can be applied to electric and electronic devices having a processor and a memory.

The safety input device 10 includes a service registration unit 11, a data receiving unit 12, an interface generating unit 13, and an authentication information generating unit 14.

The service registration unit 11 registers the security authentication service of the user with the authentication server 20. Specifically, the service registration unit 11 requests the authentication server 20 to register the security authentication service of the user after the user accesses the authentication server 20 and succeeds in the login authentication based on the ID and the password. In addition, the service registration unit 11 receives a secret object selection window (see FIG. 3) in which a plurality of objects are arranged from the authentication server 20 and outputs the secret object selection window to the screen, And registers the entity in the authentication server 20 as a secret entity of the user. The service registering unit 11 can set any one of the fixed sorting method, the user specified sorting method, and the variable sorting method to the sorting method of the secret object based on the user's selection, have. When the user of the service registration unit 11 selects the user-specified sorting method among the secret object sorting methods, the location information of each secret object inputted from the user is transmitted to the authentication server 20, And registers the location information in the authentication server 20. In addition, when the user selects the variable sorting method, the service registering unit 11 registers the reception information (for example, mobile phone number) of the message receiving apparatus that receives the message in which the location information for each secret object is recorded in the authentication server 20 can do.

The data receiving unit 12 receives the virtual data including the virtual code and the virtual URL for each object from the authentication server 20.

The interface generating unit 13 generates an object selecting interface based on the virtual data received by the data receiving unit 12 and outputs the object selecting interface to the screen. That is, the interface generation unit 13 identifies the virtual URL and the virtual code for each object, and obtains the objects through the respective virtual URLs. In addition, the interface generation unit 13 randomly arranges the acquired objects at the object display position of the object selection interface, and outputs the object selection interface (see FIGS. 7A and 7B) on the screen.

The object selection interface may be implemented in various forms, such as a clock-shaped circle in which a plurality of circles are combined, or a grid-like shape in the horizontal and vertical directions. In addition, when a specific entity disposed on the entity selection interface is moved, a plurality of entities disposed on the same line are moved together to minimize exposure of a secret entity to a neighboring user.

When an object sorting completion signal is received from a user, the authentication information generating unit 14 generates an authentication matrix (see FIGS. 8A and 8B) in which the virtual code for each object is arranged according to the location of the object, as the authentication information of the user, 20 to request user authentication. That is, when the sorting of secret objects is confirmed in the object selection interface, the authentication information generation unit 14 checks the position and the virtual code of each object in the object selection interface, and arranges the virtual codes of the objects according to the position of the object And generates an authentication matrix. When the user completes the object sorting, the authentication information generator 14 generates authentication information including the sorted virtual code and the location information in the object selection interface, and transmits the generated authentication information to the authentication server 20.

On the other hand, the authentication information generation unit 14 can convert and encrypt the generated authentication information, i.e., the authentication matrix. At this time, the authentication information generation unit 14 converts the authentication matrix using a conversion function to which a seed value set by the user is applied, encrypts the converted authentication matrix, and transmits the encrypted authentication matrix to the authentication server 20, The user can request authentication. Preferably, the authentication information generating unit 14 converts the authentication matrix by setting the login password of the user as the seed value.

The authentication server 20 is an authentication device for authenticating a user, and performs a function of providing a security authentication service to a user. In particular, the authentication server 20 stores a plurality of secret entities set by the user, generates virtual data so that the unique information (i.e., secret entity) of the user is not exposed, and provides the virtual data to the safety input device 10 of the user . In addition, when the user sets the variable sorting method according to the secret object sorting method, the authentication server 20 transmits a message in which the location information of each secret object to which the secret object is to be located, to the device designated by the user , Directs the secret object to be aligned at the specified location. At this time, the authentication server 20 may transmit the location information for each secret object as text or image. When the authentication server 20 receives the authentication matrix from the safety input device 10, the authentication server 20 analyzes the authentication matrix and verifies whether or not the virtual codes of the secret objects are arranged at the specified location to authenticate the user.

The authentication server 20 includes a storage unit 21, a setting information registration unit 22, a virtual data providing unit 23, and an authentication unit 24.

The storage unit 21 stores the login ID and the login password of the user, and also stores a plurality of secret objects, a seed value, and a secret object sorting method (i.e., a fixed sorting method, a user-specified sorting method, Is mapped to the login ID of the user and stored. At this time, the storage unit 21 sequentially stores each secret object based on the order set by the user. Also, when the secret object sorting method is a user sorting method, the storage unit 21 further maps the location information of the secret object set by the user with the login ID of the user. Meanwhile, when the secret object sorting method is the variable sorting method, the storage unit 21 maps the incoming information (e.g., mobile phone number) of the message receiving apparatus designated by the user to the login ID of the user and additionally stores the information. In addition, the storage unit 21 stores a pool of objects in which a plurality of objects are registered. Various types of objects such as images, moving images, and text are registered in the object pool.

The setting information registration unit 22 receives a plurality of secret entities from a user and stores the received secret entities in the storage unit 21 as a secret entity of the user. That is, upon receiving a request for security authentication service from the safety input device 10, the setting information registration unit 22 transmits a secret object selection window to which the plurality of secret objects can be set, to the safety input device 10. In addition, the setting information registration unit 22 receives a plurality of secret objects sequentially selected by the user from the safety input device 10, maps the plurality of secret objects to the login ID of the user, and stores the mapped secret information in the storage unit 21 . At this time, the setting information registration unit 22 confirms the order of the secret objects selected by the user, and stores the secret objects in the storage unit 21 in this order.

In addition, the setting information registration unit 22 receives the secret object sorting method of the user from the user, maps the secret object sorting method to the login ID of the user, and stores the same in the storage unit 21. In this case, when the user sets the user-specified method as the secret object sorting method, the setting information registering unit 22 receives the location information of each secret object from the user, maps the login information with the login ID of the user, do. On the other hand, when the user sets the variable sorting method as the secret object sorting method, the setting information registering unit 22 receives the incoming information (e.g., mobile phone number) of the message receiving apparatus from the user and maps the received information to the login ID of the user And stores it in the storage unit 21.

The virtual data providing unit 23 performs a function of providing data necessary for the safety login authentication to the safety input device 10. Specifically, the virtual data providing unit 23 identifies a plurality of secret objects and a secret entity sorting method mapped to the user's login ID in the storage unit 21. Further, the virtual data providing unit 23 minimizes exposure of the secret object, and selects a certain number of camouflage objects disposed together with the respective secret objects in the object pool of the storage unit 21. At this time, the virtual data providing unit 23 selects the camouflage entity among the entities excluding the secret entity. In addition, the virtual data providing unit 23 generates virtual URLs of each secret object and each camouflage object, and links the generated virtual URL with the corresponding object. In addition, the virtual data providing unit 23 generates virtual codes for each of the secret objects and the camouflage objects, generates virtual data in which the generated virtual codes and virtual URLs are mapped for each object, ). In other words, the virtual data providing unit 23 randomly generates a virtual URL and a virtual code for each object each time it is authenticated.

Meanwhile, when the secret object sorting method mapped with the user login ID is set as the variable sorting method, the virtual data providing unit 23 arbitrarily generates location information for each secret object to be located on the object selection interface of each secret object, (E.g., mobile communication terminal) designated by the user. At this time, the virtual data providing unit 23 may transmit a message containing the location information of the secret object by text or the image including the location information of the secret object to the message receiving apparatus designated by the user. In addition, the virtual data providing unit 23 may transmit a voice message (i.e., an ARS voice message) to which the location information of each secret entity is output by voice to the message receiving apparatus. In this case, after the virtual data providing unit 23 forms a call session with the message receiving apparatus designated by the user, the virtual data providing unit 23 transmits the voice message indicated by the location information of the secret entity to the message receiving apparatus.

The authentication unit 24 not only performs login authentication based on the ID and the password but also analyzes the authentication matrix received from the safety input device 10 to determine whether or not the virtual codes corresponding to the respective secret objects are arranged at the appointed positions And performs security authentication of the user. That is, the authentication unit 24 confirms the positions where the virtual codes of the respective secret objects generated by the virtual data providing unit 23 are arranged in the authentication matrix, and based on the positions of the virtual codes thus verified, Authenticates the user by checking whether the virtual code of the secret entity is arranged. In addition, when the authentication of the user is completed, the authentication unit 24 deletes the virtual URL, the virtual code, and the per-entity location information generated by the virtual data provider 23. When the user authentication is successful, the authentication unit 24 can store the authentication time and the virtual code of the secret entity in the storage unit 21 as the authentication fingerprint.

On the other hand, when the authentication unit 24 receives the encrypted authentication matrix from the safety input device 10, the authentication unit 24 decrypts the encrypted authentication matrix and stores the seed value set by the user in the decrypted authentication matrix (21), and restores the authentication matrix using an inverse transformation function to which the seed value is applied. Preferably, the seed value may be a user's login password, and the authentication unit 24 confirms the user's login password in the storage unit 21, and uses the inverse transformation function applied as the seed value to set the authentication matrix Restore.

2 is a flowchart illustrating a method of registering a user in a security authentication service in an authentication system according to an embodiment of the present invention.

2, the service registration unit 11 of the safety input device 10 accesses the authentication server 20 and then transmits a login request message including the user's ID and password to the authentication server 20 S201).

Then, the authentication unit 24 of the authentication server 20 extracts the ID and password included in the login request message, and determines whether the extracted ID and password are stored in the storage unit 21 as the authentication information of the same user The login authentication of the user is performed (S203). Then, the authentication unit 24 of the authentication server 20 transmits a login authentication success notification message to the safety input device 10 (S205).

Next, when the safety input device 10 succeeds in the login authentication of the user, the service registration unit 11 can receive the security authentication service registration from the user. In this case, the service registration unit 11 transmits a security authentication service request message to the authentication server 20 (S207).

The setting information registration unit 22 of the authentication server 20 then transmits a secret object selection window to the safety input device 10 in which one or more secret objects can be set among the objects registered in the object pool of the storage unit 21 (S209). Next, the service registration unit 11 of the safety input device 10 outputs the secret object selection window received from the authentication server 20 to the screen.

3 is a view showing a secret object selection window according to an embodiment of the present invention.

3, the setting information registration unit 22 of the authentication server 20 transmits a secret object selection window, such as FIG. 3, to which the plurality of objects are arranged and the user can select a secret object to the safety input device 10 do. At this time, the setting information registration unit 22 may include direction keys 300a and 300b for changing a plurality of entities disposed in the secret object selection window in the secret object selection window. In this case, the setting information registration unit 22 transmits a secret object selection window in which some objects (for example, 16 objects) among the objects registered in the object pool of the storage unit 21 are listed to the safety input device 10, When the direction keys 300b and 300b are input from the safety input device 10, another plurality of objects are extracted from the object pool of the storage unit 21 and transmitted to the safety input device 10, You can change the object.

Next, the service registration unit 11 of the safety input device 10 sequentially selects a plurality of secret objects from among the objects arranged in the secret object selection window from the user (S211). It is preferable that the user sequentially selects a plurality of objects which can be easily memorized in the secret object selection window. For example, the user can sequentially select a plurality of animal image objects constituting the food chain, or can select a plurality of objects having a special meaning to him.

In step S213, the service registration unit 11 sequentially transmits a plurality of secret objects selected by the user through the secret object selection window to the authentication server 20 according to the selected sequence.

Then, the setting information registration unit 22 of the authentication server 20 sequentially receives the plurality of secret objects from the safety input device 10, and maps the plurality of secret objects to the user's login ID according to the received order And stores it in the storage unit 21 (S215), thereby completing registration of the secret entity of the user.

Next, the setting information registration unit 22 transmits a secret object sorting method selection window requesting selection of any one of a fixed sorting method, a user-specified sorting method and a variable sorting method to the safety input device 10 as a secret object sorting method (S217).

Then, the service registering unit 11 of the safety input device 10 outputs a secret object selection window on the screen, and receives either a fixed sorting method, a user-specified sorting method, or a variable sorting method from the user. At this time, when the user selects the user-specified sorting method, the service registering unit 11 receives location information about each secret object set by the user from the user. In addition, when the user selects the variable sorting method, the service registering unit 11 receives incoming information (e.g., mobile communication telephone number, IP address, etc.) of the message receiving apparatus from which location information for each secret entity is received.

Next, the safety input device 10 transmits the secret object sorting method selected by the user to the authentication server 20 (S219). At this time, when the user selects the user-specified sorting method, the safety input device 10 transmits the location information of each secret entity of the user to the authentication server 20 additionally, and when the user selects the variable sorting method, And further transmits the incoming information of the device to the authentication server 20.

Then, the setting information registration unit 22 of the authentication server 20 maps the secret entity sorting method received from the safety input device 10 to the login ID of the user, and stores it in the storage unit 21 (S221). At this time, the setting information registration unit 22 sets the user-specified sorting method as the secret object sorting method, and when the position information of each secret object is received from the safety input device 10, And further stores it in the storage unit 21 by mapping with the login ID of the user. In addition, when the user sets the variable sorting method as the secret object sorting method, the setting information registering unit 22 registers the incoming information of the message receiving apparatus in the case where the incoming information of the message receiving apparatus is received from the safety input apparatus 10 And further stores it in the storage unit 21 by mapping with the login ID of the user.

Hereinafter, various embodiments of the security authentication method according to an embodiment of the present invention will be described in detail with reference to FIGS. 4 to 9. That is, an embodiment according to a fixed sorting method, a user-specified sorting method, and a variable sorting method will be described with reference to FIGS.

4 is a flow diagram illustrating a method for authenticating a user based on a fixed sorting scheme in an authentication system, in accordance with an embodiment of the present invention.

In the description with reference to FIG. 4, it is explained that the user sets a fixed sorting method in the secret object sorting method and registers the fixed sorting method in the authentication server 20.

4, in order to perform the enhanced security authentication service of the user, the safety input device 10 transmits a security authentication request message including the login ID of the user to the authentication server 20 (S401).

Then, the virtual data providing unit 23 of the authentication server 20 confirms the login ID of the user recorded in the authentication request message, and stores a plurality of secret objects and secret object sorting mapped to the login ID into the storage unit 21) (S403). That is, the virtual data providing unit 23 confirms a plurality of secret objects sequentially set by the user in the storage unit 21, and confirms the secret entity sorting method set by the user in the storage unit 21. In the description with reference to FIG. 4, the virtual data providing unit 23 confirms in the storage unit 21 that the secret entity sorting method set by the user is a fixed sorting method.

Then, the virtual data providing unit 23 selects a certain number of camouflage objects arranged in the object selection interface from the object pool of the storage unit 21 (S405). At this time, the virtual data providing unit 23 selects the camouflage entity among the plurality of entities excluding the secret entity.

Next, the virtual data providing unit 23 generates a virtual URL for each of the secret object and the camouflage object, and links each of the generated virtual URL and the corresponding object (i.e., camouflage object or secret object) (S407). Accordingly, the safety input device 10 can access the virtual URL and acquire each entity linked to each URL.

Then, the virtual data providing unit 23 randomly generates a one-time virtual code for each of the individual entities, i.e., the secret entity and the camouflage entity (S409). Next, the virtual data providing unit 23 transmits the virtual data in which the virtual URL and the virtual code are mapped on an object-by-object basis, to the safety input device 10 (S411).

Then, the interface generating unit 13 of the safety input device 10 confirms the virtual URL and the virtual code in the received virtual data. Then, the interface generation unit 13 accesses each of the virtual URLs identified above and acquires each entity (S413). Then, the interface generation unit 13 completes generation of the object selection interface by randomly arranging the acquired objects at the object display positions implemented in the object selection interface. Next, the interface generation unit 13 outputs the generated plurality of object selection interfaces to the screen (S415).

7A and 7B are diagrams illustrating various embodiments of an entity selection interface in accordance with the present invention.

7A and 7B, the interface generation unit 13 generates an object selection interface in which a plurality of objects are arranged. FIG. 7A shows each object placed in a grid-shaped object selection interface, and FIG. 7B shows a circle-shaped object selection interface in which three circles are combined. Meanwhile, the entity selection interface according to the present invention may be modified into various shapes and generated.

In addition, the position of the object placed in each object selection interface can be changed according to the operation of the user. That is, the user can change the position of the object placed on the object selection interface through an input means such as a mouse, a keyboard, or a touch screen. Preferably, when a specific entity is moved in the entity selection interface, a plurality of entities disposed on the same line as the entity moves together to minimize exposure of the secret entity to the surrounding users. In FIG. 7A, when an object having reference numeral 701a moves to the right one column, the other entities located in the third row are moved together with one right column. 7B, when the object having reference numeral 701b arranged in the outermost circle moves in the clockwise direction, other entities arranged in the outermost circle also rotate in the clockwise direction.

When the object selection interface is thus output to the safety input device 10, the user moves one or more objects so that the secret object is positioned at the appointed position according to the fixed alignment method. That is, the user moves the object in the object selection interface so that the secret objects of the user are sequentially arranged, and then enters the sort completion menu.

For example, in FIG. 7A, if the objects of 701a, 702a, and 703a are secret objects set by the user, the user can change the position of one or more objects so that these secret objects are sequentially arranged in rows or columns have. That is, the user moves the 702a object to the coordinates of (3, 3) so that the other secret objects are arranged next to the coordinates of 701a arranged at the XY coordinates (2,3) in the object selection interface of FIG. , 3) to the coordinates of 703a. 7B, when the entities of 701b, 702b, and 703b are respectively the secret entities set by the user, the user can change the positions of the entities such that the secret entities 701b, 702b, and 703b are located at the same azimuth angle have. That is, the user can change the position of the object so that the secret entities 701b, 702b, and 703b set by the user in the entity selection interface of FIG. 7B are arranged in a straight line indicating the same number.

The user arranges the secret object at the appointed position, and then inputs the object sort completion menu to the safety input device 10. Then, the authentication information generating unit 14 of the safety input device 10 generates an authentication matrix in which the virtual codes for each entity are arranged according to the position information (S417). Specifically, the safety input device 10 identifies each entity disposed in the sorted entity selection interface, and generates an authentication matrix in which the virtual codes corresponding to the entity are arranged according to the entity-specific locations.

8A and 8B are diagrams illustrating virtual codes recorded in an authentication matrix according to an embodiment of the present invention.

8A and 8B, the authentication information generation unit 14 identifies an entity placed in the XY coordinates in the interface of FIG. 7A, and the virtual code corresponding to the entity is arranged Lt; / RTI > In FIG. 7A, the entities 701a, 702a, and 703a correspond to the virtual codes "S2C3", "S35C", and "S4C2" in FIG. That is, when the user arranges secret objects in (2,3), (3,3), and (4,3) coordinates, the virtual code for the secret object is sorted in the third row, .

In Fig. 7B, the entities 701b, 702b and 703b correspond to the virtual codes "S9C1 "," S2C2 ", and "S5C3" in Fig. 8B, respectively. That is, when the user aligns each of the secret objects 701b, 702b, and 703b in the direction of 5 o'clock azimuth in the object selection interface of FIG. 7B, the virtual code for the secret object shown in FIG. .

Next, the authentication information generation unit 14 transmits the generated authentication matrix to the authentication server 20 (S419). At this time, the authentication information generation unit 14 receives the seed value from the user, and can convert the virtual code recorded in the authentication matrix using the conversion function to which the seed value is applied. Preferably, the authentication information generating unit 14 receives the user's login password as the seed value, and converts the virtual code recorded in the authentication matrix using the conversion function to which the login password is applied as the seed value.

Next, the authentication unit 24 of the authentication server 20 analyzes the authentication matrix received from the safety input device 10 and performs user authentication. Specifically, the authentication unit 24 confirms the virtual code for each secret object generated by the virtual data provider 23 and verifies whether or not the virtual code of the secret object is sequenced in the authentication matrix, (S421). That is, as the user of the safety input device 10 sets the fixed sorting method by the secret object sorting method, the authentication unit 24 determines whether or not the virtual codes of the secret objects are arranged in the columns or rows of the authentication matrix By verifying, the user is authenticated. On the other hand, when the authentication matrix is transformed, the authentication unit 24 extracts the seed value of the user from the storage unit 21, and uses the inverse transformation function to which the extracted seed value is applied, The virtual code can be restored. If the seed value is the login password of the user, the authentication unit 24 extracts the login password of the user from the storage unit 21, and applies the extracted login password as the seed value of the inverse transformation function.

Then, if the virtual code for each secret entity of the user is not sequenced and arranged in the authentication matrix, the authentication section 24 fails the user authentication to the safety input device 10, An authentication failure notification message is transmitted (S423).

On the other hand, if the virtual code for each secret object of the user is arranged in the column or row of the authentication matrix, the authentication unit 24 successively processes the user authentication for the safety input device 10, Message to the safety input device 10 (S425), and provides the service requested by the user. On the other hand, when the authentication of the user is completed, the authentication unit 24 deletes the virtual URL and the virtual code for each object generated by the virtual data provider 23.

5 is a flow diagram illustrating a method for authenticating a user based on a user-specified sorting scheme in an authentication system, in accordance with an embodiment of the present invention.

In the description with reference to FIG. 5, it is explained that the user sets a custom sorting method by a secret object sorting method, and pre-registers position information of each secret object in the authentication server 20. In the description with reference to FIG. 5, a portion overlapping with FIG. 4 is compressed and summarized.

Referring to FIG. 5, the safety input device 10 transmits a security authentication request message including a login ID of a user to the authentication server 20 (S501).

Then, the virtual data providing unit 23 of the authentication server 20 confirms the login ID of the user recorded in the authentication request message, and stores a plurality of secret objects and secret object sorting mapped to the login ID into the storage unit 21) (S503). In the description with reference to FIG. 5, the virtual data providing unit 23 confirms that the secret object sorting method set by the user is a user-specified sorting method in the storage unit 21, (21).

Then, the virtual data providing unit 23 selects a certain number of camouflage objects from the object pool of the storage unit 21 (S505). Next, the virtual data providing unit 23 generates a virtual URL for each of the secret object and the camouflage object, and links each of the generated virtual URL with the corresponding object of the corresponding object (S507). Then, the virtual data providing unit 23 generates a virtual code for each entity (S509), and transmits the virtual data in which the virtual URL and the virtual code are mapped to each other, to the safety input device 10 (S511).

Then, the interface generation unit 13 of the safety input device 10 acquires the entity through the virtual URL included in the virtual data (S513), randomly arranges the acquired entities in the entity selection interface, And outputs the placed object selection interface to the screen (S515).

When the object selection interface is output to the safety input device 10, the user moves each secret object on the object selection interface at the position of the secret object set by the user. That is, the user registers location information of each secret object to which each secret object should be located in the authentication server 20 in advance, moves each secret object on the object selection interface in a state where the registered location information of the secret object is recognized Then, enter the sort completion menu.

For example, in FIG. 7A, it is assumed that a user has 701a, 702a, 703a, and 701a, 702a, and 703a, respectively, (4,3), the user moves the secret object of 701a to the coordinates of (2,2), moves the secret object of 702a (3,4) and also moves the secret object of 703a, Complete menu can be entered. 7B, when the entities of 701b, 702b and 703b are the secret entities respectively set by the user and the azimuth angles of 701b, 702b and 703b are 360 degrees, 30 degrees and 180 degrees, respectively, Direction, moves the secret object of 702b to the 1 o'clock direction, moves the secret object of 703b to 6 o'clock, and then enters the object sort completion menu.

Next, the authentication information generating unit 14 of the safety input device 10 generates an authentication matrix in which the virtual codes for each entity are arranged according to the position information (S517). That is, the safety input device 10 identifies each entity disposed in the sorted entity selection interface, and generates an authentication matrix of the type shown in FIG. 8 in which the virtual codes corresponding to the entity are arranged according to the entity-specific locations. Next, the authentication information generation unit 14 transmits the generated authentication matrix to the authentication server 20 (S519).

Then, the authentication unit 24 of the authentication server 20 confirms the virtual code of each secret object created by the virtual data providing unit 23, and confirms the location information of each secret object set by the user (S521) . Next, the authentication unit 24 identifies each virtual code representing the secret entity in the authentication matrix based on the virtual code for each secret entity, identifies the location of each confirmed virtual code, The user is authenticated by checking whether or not the location information is identical for each secret entity (S523). That is, the authentication unit 24 authenticates whether or not the virtual code representing the secret entity in the authentication matrix is arranged at the position set by the user.

Then, the authentication unit 24 fails to process the user authentication for the safety input device 10 if any of the virtual codes of the secret entity is not arranged at a preset position by the user, (S525). ≪ / RTI >

On the other hand, if the virtual code for each secret object is arranged at a position preset by the user in the authentication matrix, the authentication unit 24 successively processes the user authentication for the safety input device 10, To the safety input device 10 (S527), and provides the service requested by the user. When the authentication of the user is completed, the authentication unit 24 deletes the virtual URL and the virtual code for each object generated by the virtual data provider 23.

Figure 6 is a flow diagram illustrating a method for authenticating a user based on a floating sorting scheme in an authentication system, in accordance with an embodiment of the present invention.

In the description with reference to FIG. 6, it is explained that the user sets the variable sorting method in the secret object sorting method and registers it in the authentication server 20.

6, the safety input device 10 transmits a security authentication request message including a login ID of the user to the authentication server 20 in order to perform the enhanced security authentication service of the user (S601).

Then, the virtual data providing unit 23 of the authentication server 20 confirms the login ID of the user recorded in the authentication request message, and stores a plurality of secret objects and secret object sorting mapped to the login ID into the storage unit 21) (S603). In the description with reference to FIG. 6, the virtual data providing unit 23 confirms that the virtual data providing unit 23 is the variable sorting method as the secret object sorting method set by the user, and also confirms the reception information of the message receiving apparatus For example, a mobile communication telephone number, an IP address, etc.) in the storage unit 21 is explained.

Subsequently, the virtual data providing unit 23 arbitrarily generates location information for each secret object to be located on the object selection interface, according to the secret sorting scheme set by the user (S605) ). Next, the virtual data providing unit 23 records the generated location information of the secret entity in a message, and sends the message to a message receiving apparatus set by the user as a message receiver in operation S607. That is, the virtual data providing unit 23 confirms the incoming information of the message receiving apparatus designated by the user as a destination of the message, and sends the message in which the incoming information is set as the destination and the location information of the generated secret object is recorded. The virtual data providing unit 23 may transmit a message including location information of the secret entity by text or an image containing location information of the secret entity to a message receiving device designated by the user. Alternatively, the virtual data providing unit 23 may transmit a voice message (i.e., an ARS voice message) to which the location information of each secret entity is output by voice to the message receiving apparatus. In this case, after the virtual data providing unit 23 forms a call session with the message receiving apparatus designated by the user, the virtual data providing unit 23 transmits the voice message indicated by the location information of the secret entity to the message receiving apparatus. Accordingly, the user recognizes through the message received through the message receiving device that each secret object set by the user is located at a position on the object selection interface.

For example, in the case where the number of secret objects set by the user is three and the object selection interface is a lattice shape as shown in FIG. 7A, the virtual data providing unit 23 may include positional information of the X- Quot; 322444 "representing the coordinate can be transmitted to the message receiving apparatus. Here, "322444" indicates that the coordinate of the first secret object is (3, 2), the coordinate of the second secret object is (2,4), and the coordinate of the third secret object is (4, 4). As another example, when there are three secret objects set by the user and the object selection interface is a circle shape in which three circles are combined (see FIG. 7B), the text "113520" Message to the safety input device 10. [ Here, "113520" represents the azimuth coordinate when the first secret object is located at 11 o'clock, azimuth coordinates when the second secret object is located at the 35th minute, and the third secret object This indicates the azimuth coordinate when the second hand is positioned at 20 seconds.

Meanwhile, in order to protect location information of each secret object from external hacking, it is preferable to transmit a message including an image representing location information of each secret object to a message receiver.

9A and 9B are views showing an image expressing positional information per secret object according to the present invention.

Referring to FIGS. 9A and 9B, the virtual data providing unit 23 may generate an image showing location information of each secret object, and may transmit a message including the image to a message receiving apparatus designated by the user. FIG. 9A shows, in the form of images, positional information in which each secret object should be located in a lattice-shaped object selection interface. That is, according to FIG. 9A, the first secret entity set by the user is assigned to the coordinates of (3,2), the second secret entity to the (2,4) coordinate, and the third secret entity to . In addition, FIG. 9B shows, in the form of images, positional information where each secret object should be located in a circle-shaped object selection interface in which three circles are combined. That is, according to FIG. 9B, the first secret object set by the user is located at the azimuth coordinate when the hour hand is located at 11 o'clock, and the second secret object is located at the azimuth coordinate when the minute hand is located at 35 minutes And the third secret object shall be located at the azimuth coordinate when the second hand is positioned at 20 seconds.

Referring again to FIG. 6, the virtual data providing unit 23 selects a certain number of camouflage objects placed in the object selection interface in the object pool of the storage unit 21 (S609). Next, the virtual data providing unit 23 creates a virtual URL for each of the secret object and the camouflage object, and links each of the generated virtual URL and the corresponding object (i.e., camouflage object or secret object) (S611).

Then, the virtual data providing unit 23 generates virtual codes for each of the objects, i.e., the secret objects and the camouflage objects (S613), and transmits the virtual data mapped according to the virtual URLs and the virtual codes to the safety input device 10 (S615).

Then, the interface generating unit 13 of the safety input device 10 confirms the virtual URL and the virtual code of each entity in the received virtual data, and accesses each virtual URL to obtain each entity (S617). In step S619, the interface generation unit 13 creates an object selection interface by randomly arranging the acquired objects in the object display position implemented in the object selection interface, and outputs the object selection interface to the screen.

When the object selection interface is output to the safety input device 10, the user moves each secret object to the designated location based on the location information of each secret object recorded in the message received from the authentication server 20. [ That is, the user confirms the location information of each secret object received from the authentication server 20 through the message receiving device, moves each secret object on the object selection interface in a state of recognizing the location information of each secret object, Enter the sort completion menu.

For example, in FIG. 7A, secret entity location information of 701a, 702a, and 703a received by the entity 701a, 702a, and 703a is a secret entity set by the user, (2,4), (4,4), the user moves the secret object of 701a to the coordinates of (3,2), moves the secret object of 702a (2,4) and also moves the secret object of 703a (4, 4), and then enter an object sort completion menu. 7B, the secret object location information of 701a, 702a, and 703a received from the authentication server 20 is the secret object set by the user, and the text of 701b, 702b, In the case of "113520" or the image shown in FIG. 9B, the user moves the secret object of 701b at 11 o'clock, the secret object of 702b at 7 o'clock, the secret object of 703b at 4 o'clock, Enter the object sort completion menu.

Next, the authentication information generating unit 14 of the safety input device 10 generates an authentication matrix in which the virtual codes for each entity are arranged according to the position information (S621). That is, the authentication information generation unit 14 identifies each entity disposed in the sorted entity selection interface, and generates an authentication matrix of the type shown in FIG. 8 in which the virtual codes corresponding to the entity are arranged according to the locations of the entities .

Next, the authentication information generation unit 14 transmits the generated authentication matrix to the authentication server 20 (S623). Then, the authentication unit 24 of the authentication server 20 confirms the virtual code for each secret entity generated by the virtual data providing unit 23, The location information of the object is confirmed (S625). In step S627, the authentication unit 24 authenticates the user by checking whether or not the virtual code of the secret entity is correctly arranged in the authentication matrix corresponding to the position of the randomly generated secret entity. That is, the authentication unit 24 identifies each virtual code indicating the secret entity in the authentication matrix based on the virtual code for each secret entity, and generates a random number in the virtual data providing unit 23 And authenticates the user by checking whether or not the positional information of each secret object coincides with each secret object.

If none of the virtual codes of the secret objects are arranged at the designated position, the authentication unit 24 fails the user authentication of the safety input device 10 and notifies the safety input device 10 of the authentication failure notification Message (S629).

On the other hand, if the virtual code for each secret object is arranged at a position preset by the user in the authentication matrix, the authentication unit 24 successively processes the user authentication for the safety input device 10, To the safety input device 10 (S631), and provides the service requested by the user. When the authentication of the user is completed, the authentication unit 24 deletes the virtual URL, the virtual code, and the location information for each object generated by the virtual data provider 23.

Meanwhile, the authentication system according to another embodiment of the present invention may arbitrarily generate a one-time secret entity for each authentication without setting a secret entity from the user, and authenticate the user using the randomly generated one-time secret entity have.

10 to 13, the parts overlapping with the embodiments described with reference to FIGS. 1 to 9 will be summarized by compressing. In FIG. 10, the same reference numerals as those in FIG. 1 denote Components having the same functions as those described with reference to Figs. 1 to 9 will not be described in detail.

10 is a diagram illustrating an authentication system, in accordance with another embodiment of the present invention.

As shown in FIG. 10, the authentication system according to another embodiment of the present invention includes a safety input device 40 and an authentication server 50.

The safety input device 40 generates and displays an object selection interface in which a plurality of secret objects and a plurality of camouflage objects are randomly arranged and the object can be moved using the virtual data received from the authentication server 50. When the sorting of the objects is completed on the object selection interface, the safety input device 40 generates authentication information in which the virtual code and the location information of each object arranged on the object selection interface are recorded, and transmits the generated authentication information to the authentication server 50 Thereby requesting the authentication server 50 to authenticate the user.

The safety input device 40 includes a service registration unit 41, a data receiving unit 12, an interface generating unit 13, and an authentication information generating unit 14.

The service registration unit 41 registers the security authentication service of the user with the authentication server 50. Specifically, the service registration unit 41 requests the authentication server 50 to register the security authentication service of the user after the user accesses the authentication server 50 and succeeds in the login authentication based on the ID and the password. In addition, the service registration unit 41 receives a location setting window (see FIG. 12) from which the object image is removed from the authentication server 50, receives the location information from which the secret object should be located through the location setting window, And registers it in the server 50. Unlike the embodiment, the service registration unit 41 sequentially receives a plurality of pieces of location information, from which a secret entity should be located, without setting a plurality of secret entities from the user, Register.

The authentication server 50 is an authentication device for authenticating a user, and performs a function of providing a security authentication service to a user.

The authentication server 50 includes a storage unit 51, a setting information registration unit 52, a virtual data providing unit 53, an authentication unit 54,

The storage unit 51 stores the login ID of the user and the login password, and stores the location information and the seed value to which each secret object should be mapped, with the login ID of the user. In addition, the storage unit 51 further stores the reception information (for example, mobile phone number) of the message receiving apparatus designated by the user, by mapping it to the login ID of the user. In addition, the storage unit 51 stores a pool of objects in which a plurality of objects are registered. Various types of objects such as images, moving pictures, texts, sounds, and numbers are registered in the object pool.

The setting information registration unit 52 receives the location information of each secret object from the user from the user and stores the received location information of each secret object in the storage unit 51. [ Specifically, when the security input device 40 receives a request for the security authentication service from the safety input device 40, the setting information registration unit 52 transmits a location setting window for setting the location information of the secret object to the safety input device 40. In addition, the setting information registration unit 52 receives the location information of each secret object sequentially selected by the user from the safety input device 40, maps the location information of each secret object to the login ID of the user, 51). At this time, the setting information registration unit 52 confirms the order of the location information set by the user, and stores the location information of the secret object in the storage unit 51 in this order. In addition, the setting information registration unit 52 receives the reception information (e.g., mobile communication telephone number) of the message receiving apparatus from the user, maps the received information to the user's login ID, and stores the mapped information in the storage unit 51.

The secret individual providing unit 55 performs a function of providing a secret entity to the safety input device 40. Specifically, the secretive individual providing unit 55 sequentially selects a certain number of one-time secret entities in the object pool of the storage unit 51, confirms the incoming information of the message receiving apparatus of the user stored in the storage unit 51 , And sends a secret object notification message including the selected one-time secret objects to the message receiving device having the incoming information. In this case, the secret-private-data providing unit 55 may separately display an order (for example, 1, 2, 3, etc.) on each one-time secret object so that the user can recognize the order of the selected one- The one-time secret object can be arranged and transmitted to the message receiving device so that the order of the objects is expressed. Preferably, the secret individual providing unit 55 selects a new one-time secret object from the object pool of the storage unit 51 whenever authentication is attempted from the safety input device 40.

The virtual data providing unit 53 performs a function of providing the safety input device 40 with data necessary for the secure login authentication. Specifically, the virtual data providing unit 53 selects a certain number of camouflage entities in the object pool of the storage unit 51, respectively. At this time, the virtual data providing unit 53 selects the camouflage entity among the entities excluding the one-time secret entity selected by the secret entity providing unit 55. In addition, the virtual data providing unit 53 generates a virtual URL of the selected one-time secret object and each camouflage object, and links the generated virtual URL with the corresponding object. In addition, the virtual data providing unit 53 generates virtual codes for each of the one-time secret objects and the camouflage objects, generates virtual data in which the generated virtual codes and virtual URLs are mapped for each object, 40).

The authentication unit 54 not only performs the login authentication based on the ID and the password but also analyzes the authentication matrix received from the safety input device 40 to determine whether or not the virtual codes corresponding to the respective secret objects are arranged at the appointed positions And performs security authentication of the user. Specifically, the authentication unit 54 checks the virtual code of each one-time secret entity generated by the virtual data providing unit 53 in the authentication matrix, and stores the position information of each secret object sequentially set by the user in the storage unit 51 ). In addition, the authentication unit 54 identifies each virtual code representing the one-time secret entity in the authentication matrix based on the virtual code for each one-time secret entity that has been verified. Then, the authentication unit 54 checks the location of each confirmed virtual code, And authenticates the user by checking whether or not the position information of the secret information matches the secret information. That is, the authentication unit 54 authenticates whether or not the virtual code indicating the one-time secret entity in the authentication matrix is correctly located at the position set by the user.

In addition, when the authentication of the user is completed, the authentication unit 54 deletes the virtual URL, the virtual code, and the location information of each object generated by the virtual data provider 53. In addition, when the user authentication is successful, the authentication unit 44 can store the authentication time and the virtual code of the secret entity as the authentication fingerprint in the storage unit 51 separately.

On the other hand, when the authentication unit 54 receives the encrypted authentication matrix from the safety input device 40, the authentication unit 54 decrypts the encrypted authentication matrix and stores the seed value set by the user in the decrypted authentication matrix Unit 51 and restores the authentication matrix using the inverse transformation function to which the seed value is applied. Preferably, the seed value may be a login password of the user. The authentication unit 54 confirms the user's login password in the storage unit 51, and uses the inverse transformation function applied as the seed value to set the authentication matrix Restore.

11 is a flowchart illustrating a method of registering a user in a security authentication service in an authentication system according to another embodiment of the present invention.

11, the service registration unit 41 of the safety input device 40 accesses the authentication server 50 and transmits a login request message including the user's ID and password to the authentication server 50 S1101).

Then, the authentication unit 54 of the authentication server 50 extracts the ID and the password included in the login request message, and determines whether the extracted ID and password are stored in the storage unit 51 as the authentication information of the same user The login authentication of the user is performed (S1103). Then, when the authentication of the user is successful, the authentication unit 54 of the authentication server 50 transmits a login authentication success notification message to the safety input device 40 (S1105).

Next, when the safety input device 40 succeeds in the login authentication of the user, the service registration unit 41 can receive the security authentication service registration from the user. In this case, the service registration unit 41 transmits a security authentication service request message to the authentication server 50 (S1107).

Then, the setting information registration unit 52 of the authentication server 50 transmits a location setting window for setting the location information of the secret entity to the safety input device 40 (S1109). Next, the service registration unit 41 of the safety input device 40 outputs the position setting window received from the authentication server 50 to the screen.

12 is a diagram illustrating a position setting window. The setting information registering unit 52 can transmit a position setting window as shown in Fig. 12 in the form of a grid in which the position information can be specified, to the safety input apparatus 40, . In addition, the setting information registration unit 52 can transmit a circle-shaped position setting window from which the object has been removed to the safety input device 40 in FIG. 7B. That is, the setting information registration unit 52 transmits the location setting window, which is a form in which the object is removed from the object selection interface provided to the user, to the safety input device 40.

Next, the service registration unit 41 of the safety input device 40 sequentially selects the location information on which the secret entity should be located through the location setting window from the user (S1111). Subsequently, the service registration unit 41 sequentially transmits a plurality of pieces of location information sequentially input through the location setting window to the authentication server 50 according to the selected order (S1113).

12, when the user selects coordinates in the order of 1201, 1202, and 1203 in the position setting window of FIG. 12, the service registration unit 41 registers (3,2), (2,4), 4, 4) to the authentication server 50.

Then, the setting information registration unit 52 of the authentication server 50 sequentially receives a plurality of pieces of positional information from the safety input device 40, and sequentially sets the position information of each of the classified objects in accordance with the received order, And stores it in the storage unit 51 (S1115). Next, the setting information registration unit 52 requests the safety input device 40 for the reception information (e.g., mobile phone number, IP address, etc.) of the message receiving device from which the secret entity notification message is received (S1117).

Next, the safety input device 40 transmits the reception information of the message reception device received from the user to the authentication server 50 (S1119). Then, the setting information registration unit 52 of the authentication server 50 maps the incoming information of the message receiving apparatus received from the safety input apparatus 40 to the login ID and stores it in the storage unit 51 (S1121).

13 is a flowchart illustrating a method for authenticating a user in an authentication system, according to another embodiment of the present invention.

Referring to FIG. 13, the safety input device 40 transmits a security authentication request message including the login ID of the user to the authentication server 50 (S1301). Then, the secret entity providing unit 55 of the authentication server 50 selects a certain number of one-time secret entities in the entity pool of the storage unit 51 (S1303) Lt; / RTI >

Next, the private entity providing unit 55 sends a secret object notification message including the selected one-time secret objects to the message receiving apparatus having the called information (S1305). At this time, the secret-private-data providing unit 55 separately displays an order (e.g., 1, 2, 3, etc.) on each one-time secret object so that the user can recognize the order of the selected one- One-time secret objects can be arranged in a line so that the sequence is meaningful. The one-time secret entity may be included in the secret entity notification message in the form of an image.

Subsequently, the virtual data providing unit 53 selects a certain number of camouflage entities from the object pool of the storage unit 51 (S1307). At this time, the virtual data providing unit 53 selects the camouflage entity among the entities excluding the one-time secret entity selected by the secret entity providing unit 55.

Next, the virtual data providing unit 53 generates a virtual URL for each of the selected one-time secret object and the camouflage object, and links each of the generated virtual URL and the corresponding object (i.e., camouflage object or secret object) S1309). Then, the virtual data providing unit 53 randomly generates a one-time virtual code for each of the objects, i.e., the one-time secret object and the camouflage object (S1311). Next, the virtual data providing unit 53 transmits the virtual data in which the virtual URL and the virtual code are mapped on a per-entity basis, to the safety input device 40 (S1313).

Then, the interface generating unit 13 of the safety input device 40 confirms the virtual URL and the virtual code from the received virtual data. Then, the interface generating unit 13 accesses each of the confirmed virtual URLs and acquires each entity (S1315). Then, the interface generation unit 13 completes generation of the object selection interface by randomly arranging the acquired objects at the object display positions implemented in the object selection interface. Next, the interface generation unit 13 outputs the generated plurality of object selection interfaces to the screen (S1317).

When the object selection interface is output to the safety input device 40, the user confirms the order of the one-time secret object and the one-time secret object through the secret object notification message received through the message reception device, Moves each one-time secret object to the specified location. That is, the user confirms the setting order of a plurality of one-time secret objects currently set through the message receiving apparatus and the one-time secret objects, and selects a location of the one-time secret object among the objects displayed in the object selection interface, After each secret object is moved so that the one-time secret object is arranged corresponding to the position and sequence of the secret object, the sort completion menu is input.

7A, when the user sequentially sets (3,2), (2,4), and (4,4) the positional information of each secret object and registers it in the authentication server 50 , It is assumed that the secret individual providing unit 55 of the authentication server 50 selects the one-time secret entity in the order of 701a, 702a, and 703a. In this case, the secretarial object providing unit 55 transmits a secret object notification message arranged from left to right according to the order of the one-time secret objects 701a, 702a, and 703b to the message receiving apparatus designated by the user, Moves the object 701a to the first position information (3,2) set by itself, moves the second position information (2, 4) set by the second secret object 702a by itself, and moves the third secret object 703a To the (4,4) third position information set in advance, and then inputs the object sort completion menu.

When the user completes moving the object on the object selection interface, the authentication information generating unit 14 of the safety input device 40 generates an authentication matrix in which the virtual codes for each object are arranged according to the position information (S1319). Next, the authentication information generation unit 14 transmits the generated authentication matrix to the authentication server 50 (S1321).

Then, the authentication unit 54 of the authentication server 50 confirms the order of the one-time secret entity selected by the secret entity providing unit 55 and the order of the one-time secret entity, and confirms the virtual code of each one-time secret entity (S1323) . Next, the authentication unit 54 confirms the location information of each secret entity sequentially set by the user in the storage unit 51 (S1325). That is, the authentication unit 54 confirms the login ID of the user and the location information of each mapped private entity in the storage unit 51.

Then, the authentication unit 54 checks each of the virtual codes indicating the one-time secret object in the authentication matrix based on the virtual code for each one-time secret object identified above. Then, the authentication unit 54 checks the location of each confirmed virtual code, (Step S1327). In step S1327, the user is authenticated by checking whether the positional information of the secret object matches the position information of the secret object. That is, the authentication unit 54 authenticates whether or not the virtual code indicating the one-time secret entity in the authentication matrix is sequentially located at the position set by the user.

Then, the authentication unit 54 fails to process the user authentication for the safety input device 40 if any of the virtual codes of the secret entity is not arranged at a position preset by the user, The authentication failure notification message is transmitted (S1329).

On the other hand, if the virtual code for each secret object is arranged at a position preset by the user in the authentication matrix, the authentication unit 54 successively processes the user authentication for the safety input device 40, To the safety input device 40 (S1331), and provides the service requested by the user. When the authentication of the user is completed, the authentication unit 54 deletes the virtual URL and the virtual code for each object generated by the virtual data providing unit 53

On the other hand, the authentication unit 54 may authenticate the user by checking the virtual code representing the secret entity in the authentication matrix, and by convincing whether or not the virtual codes of the secret entities are successively arranged in the authentication matrix. That is, similar to the fixed sorting method of the embodiment of the present invention, the authentication unit 54 can authenticate the user by verifying whether or not the virtual codes of the secret entities are successively arranged in the authentication matrix. In this case, the setting information registration unit 52 does not request the user for the location information of each secret object, and the storage unit 51 does not store the location information of each secret object.

In the above-described embodiments, the safety input devices 10 and 40 transmit one authentication matrix to the authentication servers 20 and 50, and the authentication servers 20 and 50 transmit the authentication matrices The safety input apparatuses 10 and 40 generate authentication matrices in proportion to the number of secret entities and transmit authentication matrices to the authentication servers 20 and 50 And the authentication server 20, 50 may analyze each authentication matrix to authenticate the user.

Specifically, when the user moves the first secret object on the object selection interface and then inputs an alignment completion menu for the first secret object, the authentication information generator 14 of the safety input device 10, And generates the first authentication matrix in which the virtual code is arranged according to the position information. When the user inputs the sort completion menu for the second secret object after moving the second object on the object selection interface, the authentication information generator 14 of the safety input device 10, And generates a second authentication matrix arranged according to the location information. Then, the authentication information generating unit 14 transmits a plurality of authentication matrices generated according to the sorting of the secret objects to the authentication servers 20 and 50 to request user authentication.

In another embodiment of generating a plurality of authentication matrices in correspondence with the number of secret entities, when the user moves a specific entity, not only the specific entity but all the other entities on the interface also move And moves together corresponding to the distance to protect the user's secret object from peeking attacks. For example, if an object having reference numeral 701a in FIG. 7A moves to the right one, all other objects move to the right one place. As another example, when an object having the reference numeral 701b arranged in the outermost circle in FIG. 7B is rotated two clockwise, not only the other objects arranged in the outermost circle but also objects arranged in the other two circles Also turns clockwise two turns.

The authentication units 24 and 54 of the authentication servers 20 and 50 receive a plurality of authentication matrices from the safety input devices 10 and 40 and analyze the plurality of authentication matrices to authenticate the users. Specifically, when the plurality of authentication matrices are received from the safety input devices 10 and 40, and the secret object sorting method is a user-specified sorting method or a variable sorting method, In the pseudo code for each object, it is checked whether or not the pseudo code of the first secret object is arranged at the specified position. Similarly, the pseudo code of the second secret object is arranged at the specified position in the object pseudo code recorded in the second authentication matrix Check whether there is. When the virtual codes of the secret entities are correctly arranged in each of the plurality of authentication matrices, the authentication units (24, 54) process the user successfully.

On the other hand, when a plurality of authentication matrices are received from the safety input device 10, the authentication units 24 and 54 check the positions of the virtual codes of the first secret object in the first authentication matrix, Confirm the location of the pseudo code of the secret object. That is, the authentication units 24 and 54 check the positions where the virtual codes of the secret objects are arranged in the corresponding order in each authentication matrix. The authentication units (24, 54) can authenticate the user by checking whether the virtual code of the secret entity confirmed in each authentication matrix has a successive position based on the row or column. For example, when the user sets three secret objects, the authentication server 20, 50 receives three sequential authentication matrices from the safety input device 10, 40, (24, 54) confirms the position of the virtual code of the first secret object in the first authentication matrix, identifies the second authentication matrix, the second secret object and the virtual code position of the third secret object in the third authentication matrix do. Then, the authentication units 24 and 54 confirm whether the positions of the first to third virtual codes are consecutive based on the row or column, thereby authenticating the user.

As described above, in the authentication system according to the present invention, when each object is sorted in the object selection interface, the user is authenticated through whether or not the secret object set by the user is aligned at the appointed position, And protects the user's authentication-related secret data from external attacks such as an attack. Also, the authentication system according to the present invention generates object-related data based on the one-time virtual URL and the one-time virtual code randomly generated at every authentication, and generates one-time authentication information based on the object position By authenticating the user on the basis, it is possible to prevent the user's main data (e.g., a password, etc.) from being exposed to the communication network. In particular, since the authentication system according to the present invention provides the virtual URL and virtual code for each object to the safety input device 10, 40 and authenticates the user based on the authentication information generated based on the virtual code and the location of the object, Even if the authentication data related to the user is hacked, it is impossible for the other person to confirm the actual secret object, and the hacked authentication information can not be reused, thereby protecting the user's main data more securely. In addition, in the authentication system according to the present invention, when the user selects the variable sorting method by the secret object sorting method, the sorting position of the secret object is randomly changed, and even if the secret object is leaked, If not, user authentication can be prevented from proceeding to achieve more enhanced security. Further, the authentication system according to the present invention may exert the effect of digital signature when storing the authentication time and the authentication fingerprint (i.e., the virtual code of the secret entity) after the user is finally authenticated.

Meanwhile, in the above-described embodiment, the safety input devices 10 and 40 generate authentication matrices in the form of a matrix as user authentication information and transmit them to the authentication servers 20 and 50. However, the present invention is not limited thereto It is made clear that the authentication information can be adopted as the authentication information of the present invention without limitation as long as the data includes the location information of the entity and the virtual code.

In addition, the security authentication method using the entity selection interface according to the present invention may also be applied in a stand alone environment.

14 is a diagram illustrating a safety input device applied in a standalone environment according to another embodiment of the present invention.

14, the safety input device 90 according to another embodiment of the present invention includes a display unit 91, a storage unit 92, a secret information setting unit 93, an interface generation unit 94, (95).

The display unit 91 is a display unit based on a liquid crystal display (LCD) technology, a light emitting polymer display (LPD) technology, an LED (light emitting diode) technology or the like, and outputs various information processed by the safety input device 90. Further, the display unit 91 displays an object selection interface. The display unit 91 may be a touch display. In this case, the display unit 91 receives the touch information of the user.

The storage unit 92 stores a secret object sorting method (i.e., a fixed sorting method or a user-specified sorting method) with a plurality of secret objects set by the user. At this time, the storage unit 92 additionally stores location information of each secret object when the user sets a user-specified sorting method. In addition, the storage unit 92 stores a pool of objects in which a plurality of objects are registered.

The confidential information setting unit 93 sets a secret entity for each object selection interface from the user and stores it in the storage unit 92. In addition, the confidential information setting unit 93 sets the object sorting method from the user and stores it in the storage unit 92. [ Specifically, the secret information setting unit 93 outputs to the display unit 91 a secret object selection window in which one or more secret objects can be set among a plurality of objects registered in the object pool of the storage unit 92, And sequentially selects a plurality of secret objects from the user through the selection window. Also, the secret information setting unit 93 stores the secret entity in the storage unit 92 according to the order of the received secret entities.

The interface generation unit 94 generates a plurality of object selection interfaces and outputs the object selection interfaces to the display unit 91. That is, the interface generation unit 94 checks a secret object for each object selection interface in the storage unit 92, and stores a certain number of camouflaged objects disposed together with the secret object in the object selection interface in the object pool of the storage unit 92 Object selection Select by interface. In addition, the interface generation unit 94 generates a plurality of object selection interfaces in which the secret object and the camouflage object are disposed, and outputs the object selection interface to the display unit 91.

The authentication unit 95 performs a function of authenticating the user by checking the position of the aligned object in the object selection interface. More specifically, after the object selection interface is output to the display unit 91 by the interface generation unit 94, when the user sorts the objects and inputs an alignment completion signal, the storage unit 92 displays the secret object sort It is checked whether the method is a fixed sorting method or a user sorting method, and a plurality of user-set secret entities are identified. If the secret object sorting method of the user is stored in the storage unit 92 in a fixed sorting manner, the authentication unit 95 may determine that the secret object (i.e., the secret object stored in the storage unit) It verifies whether or not it is arranged in sequence and performs user authentication. That is, if the secret object sorting method set by the user is a fixed sorting method, the authentication unit 95 checks whether or not each secret object is sorted in the same row, column, or azimuth, Successfully processes the authentication.

Meanwhile, if the secret object sorting method of the user is stored in the storage unit 92 in a user-specified sorting manner, the authentication unit 95 confirms the location information of each secret object set by the user in the storage unit 92. The authentication unit 95 recognizes the position of each secret object in the sorted object selection interface based on the plurality of secret objects stored in the storage unit 92 and stores the position of each secret object in the storage unit 92 Authenticates the user by confirming whether or not it coincides with the location information of the stored secret object for each secret object. The authentication unit 95 successively handles the authentication of the user when the positions of the sorted secret objects in the object selection interface match the positions of the secret objects stored in the storage unit 92.

While the specification contains many features, such features should not be construed as limiting the scope of the invention or the scope of the claims. In addition, the features described in the individual embodiments herein may be combined and implemented in a single embodiment. Conversely, various features described in the singular < Desc / Clms Page number 5 > embodiments herein may be implemented in various embodiments individually or in combination as appropriate.

Although the operations have been described in a particular order in the figures, it should be understood that such operations are performed in a particular order as shown, or that all described operations are performed to obtain a sequence of sequential orders, or a desired result . In certain circumstances, multitasking and parallel processing may be advantageous. It should also be understood that the division of various system components in the above embodiments does not require such distinction in all embodiments. The above-described program components and systems can generally be implemented as a single software product or as a package in multiple software products.

The method of the present invention as described above can be implemented by a program and stored in a computer-readable recording medium (CD-ROM, RAM, ROM, floppy disk, hard disk, magneto optical disk, etc.). Such a process can be easily carried out by those skilled in the art and will not be described in detail.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the invention. The present invention is not limited to the drawings.

10, 40, 90: a safety input device 11, 41:
12: Data receiving unit 13, 94: Interface generating unit
14: authentication information generation unit 20, 50: authentication server
21, 51, 92: storage unit 22, 52: setting information registration unit
23, 53: virtual data providing 24, 54, 95: authentication unit
55: Secret Objective Offering 30: Network
91: Display section 93: Secret information setting section

Claims (27)

A method for performing security authentication of a user in an authentication system,
The authentication server generates virtual data including a virtual code for each object and transmits the generated virtual data to the safety input device;
The safety input device outputting an object selection interface on the basis of the virtual data, wherein each object is disposed and the position of the object is changeable;
Generating one or more pieces of authentication information including location information and virtual codes of each entity disposed in the entity selection interface when the safety input device determines the location of the entity;
Transmitting, by the safety input device, the generated one or more pieces of authentication information to the authentication server; And
And authenticating the user by verifying whether the virtual code of each secret entity set by the user has the promised location information by analyzing the authentication information by the authentication server. The method according to claim 1,
Wherein the authenticating comprises:
If the authentication server determines that the secret entity sorting scheme set by the user is a fixed sort scheme, the authentication server verifies whether the virtual code of each secret entity set by the user has successive location information and authenticates the user The security authentication method comprising: The method according to claim 1,
Wherein the authenticating comprises:
Checking the location information of each secret object set by the user if the secret object sorting scheme set by the user is the user sorting scheme; And
The authentication server confirms the virtual code representing each secret object and the location information of the virtual code in the authentication information, and determines whether or not the location information of each virtual code thus confirmed matches the location information of each secret object set by the user And authenticating the user by checking the authentication information for each secret object. The method according to claim 1,
Before the authenticating step,
Checking the secret object sorting method set by the user by the authentication server and checking a message destination set by the user if the secret object sorting method of the user is a variable sorting method; And
The authentication server further generates location information for each secret entity to which each secret entity set by the user should be located in the entity selection interface and sends the generated location information to the identified message recipient,
Wherein the authenticating comprises:
The authentication server checks the virtual code indicating each secret object and the location information of the virtual code in the authentication information, and determines whether the position information of each virtual code and the generated location information of the secret object match each other, And authenticating the user. 5. The method of claim 4,
Wherein said sending comprises:
Wherein the authentication server generates an image showing information on which each secret object should be located as location information for each secret object, and sends the generated image to the identified message recipient. 6. The method according to any one of claims 1 to 5,
Generating the virtual data and transmitting the generated virtual data to the safety input device,
Checking the plurality of secret entities set by the user by the authentication server; And
The authentication server selecting a plurality of camouflage entities and generating virtual codes for the secret entities and the camouflage entities, respectively. The method according to claim 6,
Generating the virtual data and transmitting the generated virtual data to the safety input device,
The authentication server generates a virtual URL for each of the secret object and the camouflage object, and transmits the virtual URL to the security input device by including the URL for the object in the virtual data,
Wherein the outputting of the object selection interface comprises:
Wherein the security input device identifies a virtual URL for each object in the virtual data, obtains each object by accessing the virtual URL, and places the object in the object selection interface and outputs the object. 6. The method according to any one of claims 1 to 5,
Wherein the generating the authentication information comprises:
Wherein the safety input device generates the authentication information in proportion to the number of secret entities of the user,
Wherein authenticating the user comprises:
Checking the order in which the authentication information is generated and the order of the secret objects set by the user and verifying the virtual codes of the secret objects in the authentication information having the same generation sequence as the order of setting the secret objects, Whether or not the location information has the promised location information. A storage unit for storing a plurality of secret objects set by a user;
A virtual data providing unit for generating virtual codes for each of the plurality of secret objects and the camouflage objects and transmitting the virtual data including the virtual codes of each of the generated virtual objects to the communication device of the user; And
Receiving authentication information including an alignment position for each object and virtual data from the communication device and analyzing the authentication information to confirm whether the virtual code of each secret object has the promised location information and authenticate the user And an authentication unit. 10. The method of claim 9,
Wherein,
And authenticating the user by checking whether the virtual code of each secret object set by the user has successive location information in the authentication information if the secret object sorting method set by the user is a fixed sorting method Device. 10. The method of claim 9,
Wherein,
If the secret object sorting scheme set by the user is a user sorting scheme, the location information of each secret object set by the user is checked in the storage unit, and the virtual code indicating each secret object in the authentication information, And authenticates the user by checking whether the location information of each virtual code thus confirmed matches the location information of the location of each secret object identified by the storage unit for each secret object. 10. The method of claim 9,
Wherein the virtual data providing unit comprises:
If the secret entity sorting scheme set by the user is a variable sort scheme, a message destination set by the user is checked in the storage unit, each secret entity generates location information for each secret object to be located in the object selection interface, Sends the generated location information to the identified message destination,
Wherein,
The virtual code indicating each secret object and the position information of the virtual code are checked in the authentication information, and whether or not the position information of each virtual code thus confirmed matches the position information of each secret object generated in the virtual data providing, And authenticates the user. 13. The method of claim 12,
Wherein the virtual data providing unit comprises:
And generates information indicating the location of each secret object as location information for each secret object, and sends the generated information to the identified message recipient. 14. The method according to any one of claims 9 to 13,
Wherein the virtual data providing unit comprises:
Wherein the authentication server generates a virtual URL for each of the secret object and the spoofed object, and transmits the virtual URL to the communication device by including the URL for the object in the virtual data. 14. The method according to any one of claims 9 to 13,
Wherein,
Receiving a plurality of pieces of authentication information proportional to the number of the secret entities from the communication device, checking the order in which the plurality of pieces of authentication information are generated and the order of the secret entities set by the user, Identifies the virtual code of the secret object in the authentication information having the same generation order, and confirms whether or not each confirmed virtual code has the promised location information. A method for performing security authentication of a user in an authentication system,
The authentication server selects a plurality of secret entities in the object pool and transmits the selected secret entities to a message destination designated by the user;
The authentication server generates virtual data including a virtual code for each entity and transmits the generated virtual data to the safety input device;
The safety input device outputting an object selection interface on the basis of the virtual data, wherein each object is disposed and the position of the object is changeable;
Generating one or more pieces of authentication information including location information and virtual codes of each entity disposed in the entity selection interface when the safety input device determines the location of the entity;
Transmitting, by the safety input device, the generated one or more pieces of authentication information to the authentication server; And
And authenticating the user by analyzing the authentication information and checking whether the virtual code of each selected secret entity has the promised location information. 17. The method of claim 16,
Wherein the authenticating comprises:
Confirming location information of each secret entity set by the user in the authentication server; And
The authentication server confirms the virtual code representing each secret object and the location information of the virtual code in the authentication information, and determines whether or not the location information of each virtual code thus confirmed matches the location information of each secret object set by the user And authenticating the user by checking the authentication information for each secret object. 17. The method of claim 16,
Wherein the authenticating comprises:
And authenticating the user by verifying whether the virtual code of each of the selected secret entities has sequential location information. 19. The method according to any one of claims 16 to 18,
Generating the virtual data and transmitting the generated virtual data to the safety input device,
The authentication server selecting the plurality of camouflage entities by the authentication server; And
And generating a virtual code for each of the secret entity and the spoofed entity by the authentication server. 20. The method of claim 19,
Generating the virtual data and transmitting the generated virtual data to the safety input device,
The authentication server generates a virtual URL for each of the secret object and the camouflage object, and transmits the virtual URL to the security input device by including the URL for the object in the virtual data,
Wherein the outputting of the object selection interface comprises:
Wherein the security input device identifies a virtual URL for each object in the virtual data, obtains each object by accessing the virtual URL, and places the object in the object selection interface and outputs the object. A storage unit for storing the object pool;
Selecting a plurality of secret objects from the object pool of the storage unit, and transmitting the selected secret objects to a message destination designated by the user;
A plurality of camouflage objects are selected from the object pool in the storage unit, virtual codes for the secret objects and the camouflage objects are generated, and the virtual data including the virtual codes of the individual objects thus generated is transmitted to the communication device To provide virtual data; And
Receiving authentication information including an alignment position for each object and virtual data from the communication device and analyzing the authentication information to confirm whether the virtual code of each secret object has the promised location information and authenticate the user And an authentication unit. 22. The method of claim 21,
Wherein,
The location information of each secret object set by the user is confirmed in the storage unit, the virtual code indicating each secret object and the location information of the virtual code are confirmed in the authentication information, and the location information of each virtual code Wherein the authenticating unit authenticates the user by checking whether the location information of each secret object identified by the storage unit matches each secret object. 22. The method of claim 21,
Wherein,
And authenticates the user by verifying whether or not the virtual code of each of the selected secret entities has successive location information. 24. The method according to any one of claims 21 to 23,
Wherein the virtual data providing unit comprises:
Generates a virtual URL for each of the secret object and the spoofed object, and transmits the virtual URL to the communication device by including the URL for the object in the virtual data. A storage unit for storing a plurality of secret objects set by a user;
An interface generation unit for generating and outputting a plurality of object selection interfaces in which respective objects are arranged and whose object positions can be changed; And
And an authentication unit for confirming a secret object in each of the object selection interfaces and confirming whether or not each secret object is located at an appointed position when the position of the object is determined in the object selection interface, . 26. The method of claim 25,
Wherein,
Wherein if the secret entity sorting method set by the user is a fixed sort method, the secure input device authenticates the user by checking whether the secret entity verified by the entity selection interface is located continuously. 26. The method of claim 25,
Wherein,
If the secret object sorting scheme set by the user is a user sorting scheme, the location information of each secret object set by the user is checked in the storage unit, and the location of each secret object, Wherein the authentication unit authenticates the user by checking whether the location information of the secret entity checked by the user is consistent with the secret entity.

Images