KR20150065556A - Method and apparatus for protect a phsihing using by multi-path - Google Patents
Method and apparatus for protect a phsihing using by multi-path Download PDFInfo
- Publication number
- KR20150065556A KR20150065556A KR1020130151013A KR20130151013A KR20150065556A KR 20150065556 A KR20150065556 A KR 20150065556A KR 1020130151013 A KR1020130151013 A KR 1020130151013A KR 20130151013 A KR20130151013 A KR 20130151013A KR 20150065556 A KR20150065556 A KR 20150065556A
- Authority
- KR
- South Korea
- Prior art keywords
- keys
- server
- random
- key
- message
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
Abstract
Description
The present invention relates to a method and an apparatus for preventing phishing using a multipath, and more particularly, to a method and apparatus for preventing a phishing attack using multipath, And a method and apparatus for preventing phishing using two or more means utilizing its own key.
In a terminal having a display device such as a smart phone, a tablet PC, a smart TV, and a notebook, a hacker sends a text message or a mail for installing a malicious application to a specific user based on personal information collected beforehand, , The malicious app was infected at the same time as the installation of the malicious app. It was pretending that it was sent by a trustworthy person or company, requiring personal secret information or inducing a small amount of mobile phone payment.
Recently, as the number of smartphone users has increased, there has been an increase in the number of ways to extract information from mobile phones by linking and installing Android application installation files, saying that a birthday party and a wedding invitation card have arrived.
An object of the present invention is to provide a method and apparatus for preventing phishing using multi-path, and it is an object of the present invention to provide a method and apparatus for preventing phishing by using a method of exposing information through multi- And to provide a method and an apparatus for securing stability.
A server capable of encrypting and encrypting and decrypting a plain text using at least two random keys for the anti-phishing method and apparatus using the multi-path according to the object of the present invention; And is configured to include two or more means capable of using each random key obtained from the server and a key held by the random key.
Generally, when a user requests a micropayment, a settlement confirmation message is generally sent to the message server in numeric format from the settlement site, and the message server sends the message to the terminal. At this time, since the outgoing message is sent in a generally readable plain text format, if there is a hacking program installed on the receiving terminal, the confirmation message is transmitted to the external server, and the acquired hacker makes a purchase using it.
As an embodiment of the present invention, a message sent in a weak plaintext form is encrypted, and an encrypted message including an individual, approval, and authentication information that can be verified by an individual is sent from the message server to the user terminal. Is provided in an unidentifiable form, even if it is infected with a malicious application distributed by a hacker, to protect it from the first hacking.
When an authentication message is sent at the settlement site and simultaneously a barcode is output, the authentication terminal recognizes the barcode through the received authentication message and the camera, and transmits the barcode to the settlement site, whereby the authentication can be confirmed.
In another embodiment of the present invention, the portable terminal receiving the information received from the payment site sends the message to the wearable terminal. The wearable terminal decodes the message and exposes the message to the user. The user confirms the received information, . At this time, the user confirmation and the wearable terminal generate biometric information through key generation and encrypt the biometric information, thereby performing the verification of the secondary path, thereby preventing the weakness of the settlement using the initially registered information.
(Hereinafter, referred to as a 'second terminal') such as a smart watch, a smart glass, and the like through a terminal having a display device such as a smart phone, a tablet PC, a smart TV, The user authentication can be strengthened through the anti-phishing device in cooperation with each other, thereby providing a more robust and secure service.
A screen display device for displaying information on a screen; A communication processor for communicating with the second terminal to transmit and receive the encrypted message; A security processing unit for processing information transmitted and received; An authentication processing unit for processing the authentication information; A first terminal including a security storage unit for storing and reading messages transmitted and received and completed security processing;
A communication processor for receiving an encrypted message transmitted and received from the first terminal; A security processing unit for performing security processing for performing encryption and decryption of the transmitted and received encrypted message and displaying the encryption and decryption on a screen; A biometric characteristic recognizer for recognizing biometric characteristic information; a biometric characteristic storage device for storing and reading biometric characteristic information; And a second terminal configured by a screen display device for outputting an information message.
In addition, the second terminal may further include a security storage unit.
The anti-phishing method using the wearable portable terminal and the terminal having the display device according to the present invention may be configured to include at least one of a registration step, a registration confirmation step, and a server confirmation step.
A registration request step of confirming whether a first terminal has received a message and transmitting a registration request to a second terminal; A biometric characteristic extraction step of the biometric characteristic information extracted by the second terminal; Extracting the extracted biometric information and biometric information, and comparing the extracted biometric information and biometric information to generate biometric information; The authentication server generates an authentication confirmation code when the authentication result is verified according to the result of the comparison, generates an authentication unconfirmed code if the authentication result is not verified, and transmits the authentication code including the identification code stored in the payment server ≪ / RTI > And inputting the generated authentication code into a payment confirmation request window requested by the payment server.
The second terminal generating the second terminal creation information including the automatically generated authentication code without executing the step of inputting the authentication code into the payment confirmation request window requested by the payment server in the registration request step, Generating information transmission step; And a first terminal creation information step of generating first terminal creation information based on the received second terminal creation information and transmitting the first terminal creation information to the payment server by the first terminal .
Further comprising a server checking step of completing the registration confirmation step and receiving first server registration confirmation information from the payment server, generating first terminal registration confirmation information using the first terminal registration confirmation information, and transmitting the first terminal registration confirmation information to the second terminal .
According to the anti-phishing apparatus and method using the multi-path as described above, when the multi-path is used by using at least two checking means (hereinafter referred to as 'N means', 'checking means' or 'means') as described above, It is possible to obtain an effect that a safe service can be provided.
In addition, the contents transmitted by the server to the verification means can be provided in a code format such as a barcode or a QR code, and information including symbols, letters, numbers, images, and sounds can be provided. Etc., and registers it in the server and adds it as a shared key, so that a stronger security effect can be obtained.
1 is a block diagram showing a first and second means according to an embodiment of the present invention.
2 is a configuration diagram of a verification means according to an embodiment of the present invention.
3 is a flow diagram of an arrangement having a first means and a second means according to an embodiment of the present invention.
FIG. 4 is a block diagram illustrating N identifying means according to an embodiment of the present invention. Referring to FIG.
5 is a flow diagram of a configuration with N verification means in accordance with an embodiment of the present invention.
6 is a configuration diagram of a first terminal having a first means and a second means according to an embodiment of the present invention.
7 is a configuration diagram of a first terminal having a first means according to an embodiment of the present invention and a second terminal having a second means.
8 is a block diagram of a first terminal having first means according to an embodiment of the present invention, a second terminal having second means, a third terminal having third means and fourth means, Fig.
FIG. 9 is a flowchart illustrating a process in which a malicious app operates on a smoothing flow according to an embodiment of the present invention to acquire a cyber money.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments.
It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
The terms first, second, A, B, etc. may be used to describe various elements, but the elements should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another.
For example, without departing from the scope of the present invention, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component. And / or < / RTI > includes any combination of a plurality of related listed items or any of a plurality of related listed items.
It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, .
On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between
The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise.
In the present application, the terms "comprises" or "having" and the like are used to specify that there is a feature, a number, a step, an operation, an element, a component or a combination thereof described in the specification, But do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.
Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the contextual meaning of the related art and are to be interpreted as either ideal or overly formal in the sense of the present application Do not.
Hereinafter, preferred embodiments according to the present invention will be described in detail with reference to the accompanying drawings.
1 is a block diagram showing a first and second means according to an embodiment of the present invention.
The
The
2 is a configuration diagram of a verification means according to an embodiment of the present invention.
The confirmation means according to the embodiment of the present invention includes a
3 is a flow diagram of an arrangement having a first means and a second means according to an embodiment of the present invention.
The configuration flow diagram of the
The
The
FIG. 4 is a block diagram illustrating N identifying means according to an embodiment of the present invention. Referring to FIG.
A server (100) for performing encrypted message transmission with a system of the type having N confirmation means according to an embodiment of the present invention; A primary verification means 210 for receiving the message, decrypting the cipher text, generating a message of the primary verification means 210 and transmitting the message to the secondary verification means 220; A secondary confirmation means (220) for receiving the message received from the primary confirmation means (210) and delivering it to the confirmation means of the next order (3); And an Nth order checking means 300 for receiving a message from the checking means of the previous order (N-1), processing the same, and transmitting the final result message to the
5 is a flow diagram of a configuration with N verification means in accordance with an embodiment of the present invention.
Figure 5 is a flow diagram of a configuration with N verification means in accordance with an embodiment of the present invention,
The
The first means 210 transmits Key1 and a generated cipher text (S103); And receiving the encryption message from the Nth-order means S30 and transmitting the message to the server (S305). At this time, the encryption message transmission step (S305) may be omitted by transmitting the message from the means capable of directly communicating with the server among the first to Nth means.
The second means 220 receives Key1 and a generated cipher text from the first means 210 (S104); Receiving (S201) Key2 from the
Thus, the Nth means 230 repeatedly receives Key (1 through N-1) from the first means, the second means, and the N-1th means, (S203) receiving a key (1 to N-1) and a generated cipher text from the means -1; Receiving a Key N from the server 100 (S301); Performing decryption of ciphertext using Key (1 to N) (S302); Exposing the decrypted plain text to the user and performing user confirmation (S303); And a step (S304) of generating an Nth means cipher text using the Key (1 to N) and the Nth means key. If the Nth means is a means capable of directly communicating with the server, it further includes a step of transmitting a message (S305). Otherwise, the message is transmitted to a means capable of communicating with the
6 is a configuration diagram of a first terminal having a first means and a second means according to an embodiment of the present invention.
A first terminal 300 having a first means and a second means according to an embodiment of the present invention. The first terminal 300 may include a
7 is a configuration diagram of a first terminal having a first means according to an embodiment of the present invention and a second terminal having a second means.
A first terminal 300 having a
8 is a block diagram of a first terminal having first means according to an embodiment of the present invention, a second terminal having second means, a third terminal having third means and fourth means, Fig.
When the server according to the embodiment of the present invention transmits the generated cipher text to the first terminal 300 capable of communication, the first means 210 transmits the generated cipher text to the second means 220 of the second terminal 400, And the generated ciphertext. The second means 220 in the second terminal 400 drives the camera to input and interpret the bar code of the server to obtain Key2. The generated Key 1, Key 2, and generated ciphertext are transmitted to the third terminal 500. The third means 230 in the third terminal 500 obtains Key3 from the server using the camera. And transmits the obtained keys (1 to 3) and the generated ciphertext to the fourth means 240 in the third terminal 500. The fourth means 240 acquires Key4 using the audio signal from the server and transmits the obtained Key (1 to 4) and the generated ciphertext to the Nth means 300 in the Nth terminal 600 . The N-th means 300 in the N-th terminal 600 acquires the obtained Key (1-N-1) and the generated ciphertext and directly receives the KeyN through communication with the server. (N) of the Nth terminal (600), and transmits the encrypted data to the server directly since the encrypted data is a communication-enabled medium. The server confirms the information using the received keys (1 to N), the Nth means of the Nth terminal (600), and the cipher text.
FIG. 9 is a flowchart illustrating a process in which a malicious app operates on a smoothing flow according to an embodiment of the present invention to acquire a cyber money.
The hacker sends a text message or mail for installing a malicious app to a specific user based on the pre-collected activation information. The user clicks the shortcut link in the received text message to be infected at the same time as the malicious app is installed, and the personal information is transferred to the overseas server. When the micropayments are made to various internet purchase sites such as various game sites and online shopping malls by using the acquired personal information, the purchasing site sends a purchase request to the payment agency.
The payment agency sends a payment approval letter to the user's mobile phone for payment authentication, and the malicious app installed in the user's mobile phone manipulates the approval letter sent by the payment agency to the user and sends it to the malicious external server.
After completing the settlement using the acquired approval character, performing the normal purchase procedure, acquiring cyber money, and making cash using the acquired money.
In order to prevent this, a message transmitted from a hacker to a user is analyzed and a method (A) for notifying a user of hacking is identified and indicated by using a short message transmission server, which is a method of preventing phishing, There has been an effort to solve such a problem, such as a virus check (B), which is to prevent a user from disclosing personal information to an external server. There has been an authentication method for a separate one-time password for authentication between the payment agency and the user terminal.
100: Server
200: means for confirmation
201:
202:
203:
204:
205:
210: primary verification means
220: Second verification means
300: Nth order checking means
Claims (6)
A server generating two or more random keys, encrypting plain text using the random key, and transmitting and receiving messages; A communication processing unit capable of transmitting and receiving the encrypted message; An authentication processing unit for performing authentication through a key obtained through two or more paths; A security storage unit for storing and loading keys in a secure area for key management; A security processing unit for performing key management from the secure storage unit and performing encryption for the received data; A random key generated from the server is converted into a signal form such as an image or voice, and the random key is converted into a random key to obtain a confirmation input of the user; And a screen display unit for displaying the received message on the screen after processing the received message.
Characterized in that the two confirmation means in the input processing unit additionally include position information by recognizing when a certain distance is physically separated from each other.
Wherein the control means further receives the physical address information of the confirmation means and further includes the additional information.
Generating two or more different random keys in the server and encrypting the plain text; Transmitting a random key (K1) and a cipher text to a first means; The first means transmitting the received random key (K1) and ciphertext to the Nth means (1 < N < = M); The N-th means acquires a random key K from the server; Transmitting the obtained random keys (1 to N-1) to the next step; The last M means receives the random keys (1 to M-1) obtained and the cipher text and obtains the random key (M) from the server; Performing decryption using the received random keys and requesting user confirmation; Encrypting the plain text to be transmitted using the keys of the random keys (1 to M) and the M-th means; Comprising means for transmitting to the server means capable of communicating with a server among the means (1 to M) for receiving a message of the M-th means,
Characterized in that it further comprises a further step in the at least two said means (N > 1) for the user to confirm whether to transfer from the anti-phishing method to the next means
Further comprising the step of detecting an event when the first means and each of the means (N > 1) are distant from each other in the anti-flickering method, and displaying the notification without performing the transmission
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130151013A KR20150065556A (en) | 2013-12-05 | 2013-12-05 | Method and apparatus for protect a phsihing using by multi-path |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130151013A KR20150065556A (en) | 2013-12-05 | 2013-12-05 | Method and apparatus for protect a phsihing using by multi-path |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20150065556A true KR20150065556A (en) | 2015-06-15 |
Family
ID=53504446
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020130151013A KR20150065556A (en) | 2013-12-05 | 2013-12-05 | Method and apparatus for protect a phsihing using by multi-path |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20150065556A (en) |
-
2013
- 2013-12-05 KR KR1020130151013A patent/KR20150065556A/en not_active Application Discontinuation
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6543040B2 (en) | System and method for remote access, remote digital signature | |
EP1710980B1 (en) | Authentication services using mobile device | |
JP2019512961A (en) | Method and system for user authentication with improved security | |
CA3042357A1 (en) | Verifying an association between a communication device and a user | |
EP3662430B1 (en) | System and method for authenticating a transaction | |
CN105393489A (en) | Providing digital certificates | |
JP2008269610A (en) | Protecting sensitive data intended for remote application | |
JP2013514556A (en) | Method and system for securely processing transactions | |
MX2015002929A (en) | Method and system for verifying an access request. | |
WO2015065249A1 (en) | Method and system for protecting information against unauthorized use (variants) | |
JP2009124311A (en) | Mutual authentication system, mutual authentication method, and program | |
US20100005519A1 (en) | System and method for authenticating one-time virtual secret information | |
CN103139179A (en) | Multi-channel active type network identity verification system and network identity verification device | |
US10735409B2 (en) | Authenication stick | |
CN105591746B (en) | A kind of processing method and processing system of online binding accepting terminal | |
US10051468B2 (en) | Process for authenticating an identity of a user | |
KR101856530B1 (en) | Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof | |
KR102053993B1 (en) | Method for Authenticating by using Certificate | |
CA3044991A1 (en) | Secure transactional cryptocurrency hardware wallet | |
Nosrati et al. | A review of mobile banking security | |
CN103514540A (en) | USBKEY business realization method and system | |
KR101971428B1 (en) | Contents exchange method based on interaction between users and system performing the same | |
WO2011060739A1 (en) | Security system and method | |
KR20150065556A (en) | Method and apparatus for protect a phsihing using by multi-path | |
WO2017063545A1 (en) | Identity information input method and system relevant to transaction data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WITN | Withdrawal due to no request for examination |