KR20160100078A - Client Terminal for Supporting Banking Service, Authentication Server, Method and Application for User Terminal - Google Patents

Client Terminal for Supporting Banking Service, Authentication Server, Method and Application for User Terminal Download PDF

Info

Publication number
KR20160100078A
KR20160100078A KR1020150022589A KR20150022589A KR20160100078A KR 20160100078 A KR20160100078 A KR 20160100078A KR 1020150022589 A KR1020150022589 A KR 1020150022589A KR 20150022589 A KR20150022589 A KR 20150022589A KR 20160100078 A KR20160100078 A KR 20160100078A
Authority
KR
South Korea
Prior art keywords
authentication
information
key
client terminal
authentication server
Prior art date
Application number
KR1020150022589A
Other languages
Korean (ko)
Inventor
권오준
김종협
Original Assignee
주식회사 비티웍스
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 비티웍스 filed Critical 주식회사 비티웍스
Priority to KR1020150022589A priority Critical patent/KR20160100078A/en
Publication of KR20160100078A publication Critical patent/KR20160100078A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Abstract

A client terminal according to an embodiment of the present invention is connected to an authentication server through a communications network. The client terminal comprises: a random data generating unit generating random data, and transmitting a portion of the random data to the authentication server; a user authentication information generating unit generating user authentication information based on an identification number, the remainder of the random data, an authentication parameter provided by the authentication server, and transmitting a portion of the user authentication information to the authentication server; a device authentication information generating unit generating device authentication information based on the device information of the client terminal, and transmitting a portion of the device authentication information to the authentication server; and a password processing unit encoding and storing a password by a primary encoding key, encoding and the first encoding key with a secondary encoding key generated on the basis of the random data and the device information, and transmitting the encoded first encoding key to the authentication server.

Description

Technical Field [0001] The present invention relates to a client terminal supporting a financial transaction service, a server for authenticating the client terminal, an authentication method, and an application stored in a medium for executing the client terminal,

The present invention relates to a user authentication technology, and more particularly, to a client terminal supporting a financial transaction service, a server for authenticating the client terminal, an authentication method, and an application stored in a medium for executing the authentication method.

In order to use a personalized service through a communication network, an ID and a password for identifying individual users are required.

In particular, when using financial transaction services through a network, a stronger authentication method is required to confirm the identity of users, prevent the forgery and alteration of documents, and prevent non-repudiation of transaction facts. In addition, in order to enhance security against day-to-day electronic financial fraud, a user's password is set to a longer digit and it is required to include special characters as well as numbers and letters.

In recent years, wearable terminals that can be worn on human bodies or clothes have been commercialized. Generally, a wearable terminal can be classified into an interlocking type and a stand-alone type. The single wearable terminal can be used independently without synchronization with other devices, and the interlocking wearable terminal can be used in synchronization with a master device such as a smart phone. Wearable terminals are manufactured to be compact and easy to carry and wear, and the penetration rate is expected to increase gradually.

As a financial transaction service through a user terminal such as a smart phone is actively used and the penetration rate of a wearable terminal increases, a demand for using a financial transaction service not only in a smart phone but also in a wearable terminal has been raised.

However, due to the characteristics of the wearable terminal, the size of the display unit can not be reduced. On the other hand, the password used in the financial transaction service may include numbers, characters, and special characters, so that there are many restrictions to input the password through the wearable terminal.

The embodiment of the present invention is directed to a client terminal that encrypts a complex password with a simple identification number and supports a financial transaction service that can be used by decrypting an encrypted password in user authentication and a server for authenticating the same, The application stored in the medium can be provided.

The embodiments of the present invention provide a client terminal supporting a financial transaction service in which information necessary for encrypting and decrypting a password is distributed to clients and servers and security can be improved through mutual authentication and a server for authenticating the client terminal, An authentication method and an application stored in a medium to execute the authentication method.

A client terminal according to an exemplary embodiment of the present invention is a client terminal connected to an authentication server through a communication network, comprising: a random data generator for generating random data and transmitting a part of the random data to the authentication server; A user authentication information generating unit for generating user authentication information based on the identification number, the rest of the random data, and authentication parameters provided from the authentication server, and transmitting a part of the user authentication information to the authentication server; A device authentication information generation unit that generates device authentication information based on device information of the client terminal and transmits a part of the device authentication information to the authentication server; And a password processor for encrypting and storing the password with the primary encryption key and encrypting the primary encryption key with the secondary encryption key generated based on the random data and the device information and transmitting the encrypted data to the authentication server .

According to an embodiment of the present invention, there is provided an authentication server connected to a client terminal through a communication network, the authentication server comprising: an authentication parameter manager for managing authentication parameters assigned to the client terminals; A distributed information management unit for receiving and storing a part of random data, a part of user authentication information, a part of device authentication information, and an encrypted primary encryption key from the client terminal; A second public verification key generated based on the authentication parameter and a part of the user authentication information to the client terminal, and a second mutual authentication key generated and transmitted by the client terminal based on the second public verification key A user authentication unit for performing user authentication according to the user authentication; A part of the random data and a part of the device authentication information are transmitted to the client, and a part of the device authentication information derived from the device verification value as the device verification value is received from the client terminal, A device authentication unit comparing a part of the authentication information to perform device authentication; And a decryption information provider for transmitting the encrypted primary encryption key to the client terminal according to the authentication result of the user authentication unit and the device authentication unit.

An authentication method according to an exemplary embodiment of the present invention is an authentication method of a client terminal connected to an authentication server through a communication network. The client terminal accesses the authentication server and requests password encryption, Receiving an authentication parameter from the authentication module; A random data distribution step in which the client terminal generates random data and transmits a part of the random data to the authentication server; Wherein the client terminal generates user authentication information based on the identification number, the authentication parameter, and the random data as the identification number is input to the client terminal, and transmits the user authentication information to the authentication server, Authentication information distribution process; A device authentication information distribution step in which the client terminal generates device authentication information based on device information of the client terminal and transmits a part of the device authentication information to the authentication server; And the client terminal encrypts and stores the password using the primary encryption key and encrypts the primary encryption key with the secondary encryption key generated based on the random data and the device information to transmit the encryption information And a dispersion process.

An application according to an embodiment of the present invention is an application stored in a client terminal connected to an authentication server through a communication network, the application having a function of receiving an authentication parameter from the authentication server by accessing the authentication server and requesting password encryption; A random data distribution function for generating random data and transmitting a part of the random data to the authentication server; A user authentication information distribution function for generating user authentication information based on the identification number, the authentication parameter and the random data, and transmitting a part of the user authentication information to the authentication server, ; A device authentication information distribution function for generating device authentication information based on device information of the client terminal and transmitting a part of the device authentication information to the authentication server; And an encryption information distribution function for encrypting and storing the password with the primary encryption key and encrypting the primary encryption key with the secondary encryption key generated based on the random data and the device information and transmitting the encrypted primary encryption key to the authentication server May be stored in the medium for execution.

According to this technology, a password can be encrypted only by inputting a simple identification number, and information used for encryption can be distributed and stored by a client and a server. In addition, authentication can be performed using distributed information, and a password can be decrypted only when authentication is successful, thereby improving security.

Furthermore, since authentication is performed not only for the user but also for the device to use the service, access to the unauthorized device as well as the unauthorized user can be blocked.

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a diagram for explaining a connection relationship between devices to which the present invention can be applied;
2 is a block diagram of a client terminal according to an embodiment.
3 is a configuration diagram of a password management unit according to an embodiment,
4 is a configuration diagram of an authentication server according to an embodiment,
5 is a configuration diagram of an authentication unit according to an embodiment,
6 is a flowchart illustrating an authentication method according to an embodiment,
7 is a detailed flowchart of a password encryption process according to an embodiment,
8 is a flowchart for explaining an authentication method according to another embodiment;
9 is a detailed flowchart of a password decryption process according to another embodiment.

Hereinafter, embodiments of the present technology will be described in more detail with reference to the accompanying drawings.

BRIEF DESCRIPTION OF DRAWINGS FIG. 1 is a diagram for explaining a connection relationship between devices to which the present invention can be applied. FIG.

The client terminal 10 may be connected to the authentication server 20 via a wired or wireless communication network 30. [ The client terminal 10 may include a master terminal 101 and / or a wearable terminal 102. The master terminal 10 may be a wireless communication terminal, a wired communication terminal, or a wired / wireless communication terminal. The wearable terminal 102 may be configured to be capable of short-range communication with the master terminal 101.

The master terminal 101 and the wearable terminal 102 may each include a short range wireless communication module to perform short range wireless communication. The short range wireless communication module may include a WiFi module, a Bluetooth module, a NFC (Near Field Communication) Module, and a ZigBee module.

In one embodiment, the client terminal 10 may generate random data to encrypt the password. In addition, user authentication information is generated based on the authentication parameters provided from the authentication server 20, the identification number input by the user, and the generated random data, and on the basis of the device information of the client terminal 10, Information can be generated. A part of the random data generated by the client terminal 10, a part of the user authentication information, and a part of the device authentication information may be distributedly stored in the authentication server 20. [ The password is kept encrypted in the client terminal 10 based on the identification number, the random data, and the device authentication information, and the encryption key used to encrypt the password can be encrypted again and stored in the authentication server 20. [

Also, the client terminal 10 can generate a mutual authentication key based on the authentication parameters provided from the authentication server 20, the identification number input by the user, and the generated random data in order to decrypt the password. In addition, the device authentication value can be generated based on the random data and the device authentication information provided from the authentication server 20. In addition, the password can be decrypted based on the encrypted encryption key provided from the authentication server 20. [

In one embodiment, the client terminal 10 performing the above-described password encryption and decryption may be a master device 110, and more preferably a wearable device capable of accessing the authentication server 20 via the master device 110. [ And may be the terminal 102. In addition, the identification number may be a PIN (Personal Identification Number) previously set in the wearable terminal 102, but is not limited thereto. However, the password is composed of a combination of numbers, letters and special characters, whereas the identification number is composed of a simple configuration compared to a password, for example, a number of a specified number of digits, and is configured to be easily input through the user interface of the wearable terminal 102 It should be noted that

The password may be directly input to the master terminal 101, input to the master terminal 101 and then transmitted to the wearable terminal 102, but is not limited thereto.

Meanwhile, the authentication server 20 may provide authentication parameters to the client terminal 10 requesting password encryption. In addition, a part of the distributed information provided from the client terminal 10, that is, a part of the random data, a part of the user authentication information, and a part of the device authentication information are safely stored. The authentication server 20 may provide an authentication parameter to the client terminal 10 so as to decrypt the password, and may generate a mutual authentication key based on a part of the user authentication information that has been distributed and stored. The authentication server 20 can also perform user authentication by comparing the mutual authentication key generated by the authentication server 20 with the mutual authentication key received from the client terminal 10. [ If the user authentication is successful, the authentication server 20 can extract a part of the device authentication information and the random data, which are distributed and stored, and provide it to the client terminal 10. The authentication server 20 can perform the device authentication by verifying the device authentication value provided from the client terminal 10. [ If the device authentication is successful, the authentication server 20 may transmit the encrypted encryption key to the client terminal 10 so as to decrypt the password.

As described above, the user terminal 10 and the authentication server 20 can store the user authentication information, the device authentication information, the user authentication information, and the random data necessary for generating the device authentication information. If the information necessary for encrypting the password exists in only one part of the client terminal or the authentication server, dictionary attack can be performed using the stored information.

However, it is possible to prevent a dictionary attack on a password by distributing information necessary for password encryption as in this technique. In addition, since the identification number is not transmitted as it is during the user authentication for password decryption and the information registration process for the password encryption, the leakage of the identification number can be prevented.

Mutual authentication of the user is performed using the information distributed and stored in the client terminal 10 and the authentication server 20 without direct transmission of the identification number and even if the user authentication is successful, And the authentication of the used device is further performed between them so that the unregistered client terminal 10 can prevent an attempt to decrypt the password. As a result, only when the user authentication and the device authentication are successful, the data necessary for decrypting the password is transmitted, so that the access of the fraudulent user and the unauthorized device can be fundamentally blocked.

2 is a configuration diagram of a client terminal according to an embodiment.

2 includes a controller 110, a communication module 120, a storage unit 130, a user interface 140, an application processing unit 150, and a password management unit 160 .

The controller 110 may be a processor that controls the overall operation of the client terminal 10-1.

The communication module 120 provides an environment in which the client terminal 10-1 can access another device. When the client terminal 10-1 is a wearable terminal 102, the communication module 120 may be at least one of a Wi-Fi module, a Bluetooth module, an NFC module, and a Zigbee module. And can be paired with the terminal 101. Meanwhile, when the client terminal 10-1 is the master terminal 101, the communication module 120 may include a local communication module and a modem chip (wired or wireless).

The storage unit 130 may include a main storage unit and an auxiliary storage unit, and may store programs, control data, application programs, and the like necessary for the client terminal 10-1 to operate.

The user interface 140 may include an input device and an output device. A command from the user can be input through the input device. The output device can output the operation status, the command processing status, the operation result, the command processing result, and the like of the client terminal 10-1.

The application processing unit 150 may cause various applications included in the client terminal 10-1 to be processed according to a user request and / or a control of the controller 110. [

The password management unit 160 is configured to generate the distributed information and provide the distributed information to the authentication server 20, encrypt and store the password, and receive the distributed information from the authentication server 20 to decrypt the password.

3 is an example of a password management unit.

3 may include a random data generating unit 161, a user authentication information generating unit 163, a device authentication information generating unit 165, and a password processing unit 167.

The random data generator 161 may generate the first random data R1 stored in the client terminals 10 and 10-1 and the second random data R2 transmitted and stored in the authentication server 20 .

The user authentication information generating unit 163 generates an authentication private key (X = H (PIN∥R1)) based on the identification number (PIN) and the first random data R1 input from the user for password encryption can do. It is also possible to generate an authentication verification key (Y = G X mod N) based on the authentication parameters (N, G) provided from the authentication server 20 and the authentication private key X. The authentication verification key (Y) is a part of the user authentication information and can be transmitted to the authentication server (20) and stored as one of the distributed information.

On the other hand, the user authentication information generating unit 163 generates an authentication private key (X = H (PIN∥R1)) based on the identification number (PIN) input from the user and the first random data R1 for password decryption, Lt; / RTI > It is also possible to generate the first public verification key (A = G a mod N) by receiving the authentication parameters N and G from the authentication server 20 and generating an arbitrary first random number a. Then, as the second public verification key B and the second random number u are transmitted from the authentication server 20, the first mutual authentication key Z C = (BG X ) (a + uX) And generates mutual authentication key authentication information (M = H (A∥B∥Z C )) together with the first public verification key (A) and the second public verification key (B) ).

The device authentication information generation unit 165 may extract the device information list DI and the device information thereof in order to encrypt the password. The device information may include at least one, preferably two pieces of information D1 and D2 from the device information of the client terminal 10. [ Unique information given to each client terminal 10-1, for example, a MAC (Media Access Control) address can be used as the device information, and furthermore, operating system version information, terminal screen size information, May be used. The device authentication information generation unit 165 can generate the device authentication value DA = H (D1∥D2) based on the extracted device information D1 and D2 and can generate the device information list DI and the device authentication value DA) is transmitted to the authentication server 20 and stored.

On the other hand, in order to decrypt the password, the device authentication information generating unit 165 receives from the authentication server 20 the device verification information including the second random data R2, the device information list DI and the third random number r E1 from the authentication server 20 and extracts the device information D1 and D2 based on the device information list DI received from the authentication server 20. [ The device verification value H1 = H (H (D1∥D2)) ∥r) is generated by encrypting the device authentication information based on the extracted device information D1 and D2 and the third random number r, (E2 = EZ (H1)) to the authentication server 20 by using the mutual authentication key (Z).

The password processing unit 167 can perform password encryption and password decryption.

In order to encrypt the password, the password processing unit 167 generates the primary encryption key K and uses it to encrypt the password PW to generate and store the encrypted password EP = E K (PW) . Here, the primary encryption key (K) may be a random number. Further, based on the identification number (PIN), the first random data R1, the second random data R2 and the device information D1 and D2, the secondary encryption key wk = H (PIN∥R1∥R2∥D1 ≪ RTI ID = 0.0 > D2). ≪ / RTI > The primary encryption key K may be encrypted using the secondary encryption key wk to generate an encrypted primary encryption key EK = E wk (K), and the encrypted primary encryption key EK may be transmitted to the authentication server 20.

On the other hand, in order to decrypt the password, the password processing unit 167 receives the encrypted primary encryption key (EK = E wk (K)) from the authentication server 20. Based on the identification number (PIN), the first random data R1, the second random data R2 extracted by the device authentication information generating unit 165, and the device information D1 and D2, the secondary encryption key wk = H (PIN∥R1∥R2∥D1∥D2)). When the secondary encryption key wk is generated, it decrypts the encrypted primary encryption key EK received from the authentication server 20 to derive a primary encryption key (K = D wk (EK)), (PW = DK (EP)) using the derived primary encryption key (K).

The functions of the password management unit 160 may be stored in the form of a program (application), and may be stored and installed using the client terminals 10, 10-1, 101, and 102 as storage media. Then, the application can execute the above-described functions under the control of the client terminals 10, 10-1, 101,

4 is a configuration diagram of an authentication server according to an embodiment.

4, the authentication server 20-1 may include a controller 210, a communication module 220, a storage unit 230, an operator interface 240, and an authentication unit 250.

The controller 210 may be configured to control the overall operation of the authentication server 20-1.

The communication module 220 may provide an environment in which the authentication server 20-1 can access the communication network 30. [

The storage unit 230 may include a main storage unit and an auxiliary storage unit, and may store programs, control data, application programs, and the like necessary for the authentication server 20-1 to operate.

The operator interface 240 can provide an environment in which the operator of the authentication server 20-1 can access the authentication server 20-1 to manage and control the authentication server 20-1.

The authentication unit 250 can receive and store the distributed information from the client terminal 10 which encrypts and stores the password. Also, the authentication unit 250 provides the distributed information to the client terminal 10 to decrypt the password, performs user and device authentication according to the authentication information generated based on the distributed information, The client terminal 10 can provide information necessary for decrypting the password.

5 shows an example of the authentication unit 250-1 and includes an authentication parameter management unit 251, a distributed information management unit 253, a user authentication unit 255, a device authentication unit 257, and a decryption information providing unit 259, . ≪ / RTI >

The authentication parameter management unit 251 generates a plurality of authentication parameter lists and transmits an authentication parameter list to be shared with the client terminal 10 by one of the authentication parameter lists created by the client terminal 10, N, G). The authentication parameter management unit 251 stores the authentication parameter N and G information selected for each client terminal 10 and provides the authentication parameters N and G when the client terminal 10 requests password decryption .

The distributed information management unit 253 can receive the distributed information from the client terminal 10 and securely store the distributed information. The distributed information may include the second random data R2, the verification key for authentication Y, the device information list DI, the device authentication value DA, and the encrypted primary encryption key EK.

The user authentication unit 255 generates the second random number u as the client terminal 10 desires to decrypt the password and generates the second verification value Y for the authentication which has been distributed and stored by the distributed information management unit 253, It is possible to generate the second public verification key B based on the authentication parameters N and G and the fourth random number b. The generated second random number u and the second public verification key B can be transmitted to the client terminal 10.

The user authentication unit 255 also receives the first public verification key A from the client terminal 10 and transmits the verification key for authentication Y that has been distributed and stored by the distributed information management unit 253, A second mutual authentication key (Z S = (A-Y u ) b ) may be generated based on a second random number u and a fourth random number b. In addition, upon receiving the mutual authentication key authentication information M from the client terminal 10 and comparing the first mutual authentication key Z C derived therefrom with the second mutual authentication key Z s generated by itself And the first and second mutual authentication keys (Z C = Z S = Z) are shared between the authentication server 20 and the client terminal 10 when the authentication is successful. The shared mutual authentication key Z may then be used for encryption / decryption of the device authentication information.

The device authentication unit 257 extracts the second random data R2 and the device information list DI that are distributed and stored by the distributed information management unit 253 in response to the client terminal 10 desiring to decrypt the password, 3 random number r and encrypt it with the mutual authentication key Z to provide the encrypted device validation information E1 to the client terminal 10. [ The device authentication unit 257 derives the device authentication value DA and the third random number r from the encrypted device verification value E2 as it is transmitted from the client terminal 10, (DA) and the third random number (r) generated by the device authentication unit 253 (253).

The decryption information providing unit 259 decrypts information for password decryption distributed and stored by the distributed information management unit 253 when the authentication is successful through the user authentication unit 255 and the device authentication unit 257, The primary encryption key (EK) can be extracted and provided to the client terminal (10).

FIG. 6 is a flowchart for explaining an authentication method according to an embodiment, and shows an example of a password encryption process. FIG. 7 is a detailed flowchart of a password encryption process according to an exemplary embodiment. Referring to FIGS. 6 and 7, a password encryption process will be described below.

Authentication parameters N and G are shared between the authentication server 20 and the client terminal 10 as the client terminal 10 accesses the authentication server 20 and requests password encryption.

Referring to FIG. 7, the authentication server 20 first generates an authentication parameter list that can be shared with the client terminal 10 (S10). Then, as the client terminal 10 connects to the authentication server 20 (S101), one of the generated authentication parameter lists is selected as authentication parameters N and G to be shared with the client terminal 10 (S103 To the client terminal 10 (S105). Here, the client terminal 10 can transmit a predetermined ID when accessing the authentication server 20. [ The authentication server 20 may store the shared authentication parameters N and G for each ID of the client terminal 10. [

Upon reception of the authentication parameters N and G, the client terminal 10 transmits random data, preferably first random data R1 and second random data R2 for distributed storage with the authentication server 20 And distributes it to the authentication server 20 (S200).

7, after the random data generator 161 of the client terminal 10 generates the first and second random data R1 and R2 (S201), a part of the random data R1 And transmits the second random data R2 to the authentication server 20 (S203). Accordingly, the distribution information management unit 253 of the authentication server 20 safely stores the second random data R2 (S205).

Next, as the identification number (PIN) is input to the client terminal 10, the client terminal 10 generates user authentication information and distributes it to the authentication server 20 (S300).

An embodiment in which user authentication information is generated and distributedly stored will be described with reference to FIG. The user authentication information generating unit 163 of the client terminal 10 generates the authentication private key (X = H (PIN∥R1)) on the basis of the identification number (PIN) input from the user and the first random data R1 (S301). The user authentication information generating unit 163 generates the authentication verification key (Y = G X ) based on the authentication parameters N and G provided from the authentication server 20 and the authentication private key X generated in step S301 mod N) (S303). The authentication verification key Y is a part of the user authentication information, and may be transmitted to the authentication server 20 (S305) and stored as one of the distributed information (S307).

Then, a device authentication information generation and distributed storage process (S400) may be performed.

Specifically, as shown in FIG. 7, the device authentication information generation unit 165 of the client terminal 10 can extract the device information list DI and device information therefrom (S401, S403). The device information may include at least one, preferably two, information D1, D2. Unique information given to each client terminal 10-1, for example, a MAC (Media Access Control) address can be used as the device information, and furthermore, operating system version information, terminal screen size information, May be used. The device authentication information generation unit 165 can generate the device authentication value DA = H (D1∥D2) based on the extracted device information D1 and D2 (S405) The authentication value DA is transmitted to the authentication server 20 to be stored (S407, S409).

A part (R2) of the random data R1 and R2 generated by the client terminal 10, a part Y of the user authentication information X and Y and a part of the device authentication information D1, D2, DI and DA DI, and DA) are distributed and stored in the authentication server 20, a password encryption process (S500) may be performed.

7, the password processing unit 167 of the client terminal 10 generates a primary encryption key K (S501), encrypts the password PW using the generated primary encryption key K, The password (EP = E K (PW)) can be generated and stored (S503). Here, the primary encryption key (K) may be a random number.

After the password is encrypted, the encryption key encryption and distributed storage process (S600) may be performed.

7, the password processing unit 167 of the client terminal 10 receives the input PIN, the first random data R1 generated in the process S200, the second random data R2, and the process S400 (Wk = H (PIN∥R1∥R2∥D1∥D2)) based on the device information D1 and D2 generated in step S601. Then, the password processing unit 167 encrypts the primary encryption key K with the secondary encryption key wk to generate an encrypted primary encryption key EK = E wk (K) (S603) 20) (S605, S607).

Accordingly, the encryption-related information generated by the client terminal 10, that is, the random data, the user authentication information, and the apparatus authentication information can be distributedly stored in the client terminal 10 and the authentication server 20. [ Also, the password encrypted with the primary encryption key (K) is stored in the client terminal (10), and the primary encryption key (K) used to encrypt the password) is encrypted with the secondary encryption key (wk) And stores it in the server 20.

As described above, when information necessary for authentication and password encryption is distributed and stored, a dictionary attack against a password can be prevented. In addition, since the identification number is not transmitted as it is in the information registration process for password encryption, the leakage of the identification number can be prevented.

FIG. 8 is a flowchart for explaining an authentication method according to another embodiment, and shows an example of a password decryption process, and FIG. 9 is a detailed flowchart of a password decryption process according to another embodiment.

First, an authentication parameter sharing process (S700) may be performed between the client terminal 10 and the authentication server 20 to decrypt a password encrypted and stored in the client terminal 10. [

9, the authentication parameter management unit 251 of the authentication server 20 extracts the authentication parameters N and G shared by the client terminal 10, and the distributed information management unit 253, for example, The user verification information, that is, the verification key Y for authentication, among the distributed information can be extracted (S701). Then, the extracted authentication parameters N and G can be transmitted to the client terminal 10 (S703). Here, the client terminal 10 can transmit a predetermined ID when accessing the authentication server 20. [ Accordingly, the authentication server 20 can extract the authentication parameters N and G stored for each ID of the client terminal 10.

Next, the client terminal 10 and the authentication server 20 can perform the user and server authentication process based on the random data and the user authentication information (S800).

8, the user authentication information generating unit 163 of the client terminal 10 generates an authentication private key (X = H ((R)) based on the identification number (PIN) PIN? R1)) (S801). It is needless to say that the first random data R1 is data generated and stored in the random data generation and distributed storage process S200 during the password encryption process. The user authentication information generating unit 163 generates an arbitrary first random number a and generates a first public key for verification A based on the authentication parameters N and G received from the authentication server 20 in step S703 = G a mod N) (S803). The first public verification key A can be transmitted to the authentication server 20 (S805).

On the other hand, the authentication server 20 generates the second random number u and the fourth random number b. Then, based on the verification key (Y) for authentication stored in the distributed information management unit 253 in the password encryption process, the authentication parameters N and G extracted in step S701, and the fourth random number b, The key B can be generated (S807). The second random number u and the second public verification key B generated in step S807 may be transmitted to the client terminal 10 (S809).

The second public verification key B and the second random number u are transmitted from the authentication server 20 so that the user authentication information generating unit 163 of the client terminal 10 generates the first mutual authentication key B Z C = (BG X ) (a + uX ) ) (S811). That is, the first mutual authentication key Z C includes the authentication parameters N and G, the second public verification key B, the authentication private key X, the first random number a, and the second random number u. . ≪ / RTI > At this time, the authentication server 20 transmits the first public verification key A received from the client terminal 10 in step S805, the verification key Y for distributed authentication stored in the distributed information management unit 253, The second mutual authentication key Z S = (A-Y u ) b ) may be generated based on the generated second random number u and the fourth random number b in step S813.

After the first mutual authentication key Z C is generated, the user authentication information generator 163 of the client terminal 10 transmits the first mutual authentication key Z C to the first public verification key A, (A = B∥Z C ) (S815) to the authentication server 20 (S817) by encrypting the mutual authentication key authentication information together with the public verification key (B).

As the mutual authentication key authentication information M is received from the client terminal 10, the user authentication unit 255 of the authentication server 20 derives the first mutual authentication key Z C from it, a second mutual authentication key to perform user authentication by comparison of the (Z S), if a successful authentication the first and second mutual authentication key (Z C = Z S = Z), the certification server 20 and the client terminal (Step S819). The shared mutual authentication key Z may then be used for encryption / decryption of the device authentication information.

That is, mutual authentication is performed between the client terminal 10 and the authentication server 20 using the distributed information in the user and server authentication process (S800).

If the user authentication is successful, the apparatus and the server authentication process using the random data and the device authentication information (S900) may be performed.

9, the device authentication unit 257 of the authentication server 20 extracts the second random data R2 and the device information list DI distributed and stored by the distributed information management unit 253, (r), and can encrypt it with the mutual authentication key (Z) (S901). Then, the encrypted device verification information E1 may be transmitted to the client terminal 10 (S903).

The device authentication information generating unit 165 of the client terminal 10 extracts the device information list DI and the third random number r from the device verification information E1 and outputs the device information list DI and the third random number r to the extracted device information list DI The device information D1 and D2 can be extracted based on the information (S905). The device verification value H1 = H (H (D1∥D2)) ∥r) can be generated based on the extracted device information D1 and D2 and the third random number r extracted in step S905 (S907 ). Then, the device verification value H1 may be encrypted with the mutual authentication key Z in step S909, and the encrypted device verification value E2 = E Z (H1) may be transmitted to the authentication server 20 in step S911.

The device authentication unit 257 of the authentication server 20 derives the device authentication value DA and the third random number r from the encrypted device verification value E2 transmitted from the client terminal 10, The device authentication can be performed by comparing the device authentication value DA distributed and stored by the distributed information management unit 253 with the third random number r generated by itself in step S913.

As described above, it can be seen that the device authentication process is also performed by mutual authentication between the client terminal 10 and the authentication server 20 based on the distributed information.

When user authentication and device authentication are completed, a password decryption process (S1000) can be performed.

9, the decryption information providing unit 259 of the authentication server 20 stores information for decrypting password distributed and stored by the distributed information managing unit 253, for example, And extract the key encryption key (EK) and provide it to the client terminal 10 (S1001, S1003).

The password processing unit 167 of the client terminal 10 stores the identification number PIN, the first random data R1, the second random data R2 extracted by the device authentication information generating unit 165, and the device information D1, D2), the secondary encryption key (wk = H (PIN∥R1∥R2∥D1∥D2)) (S1005).

When the secondary encryption key wk is generated, it decrypts the encrypted primary encryption key EK received from the authentication server 20 to derive a primary encryption key (K = D wk (EK)) ( (PW = DK (EP)) using the derived primary encryption key K (S1009).

In this way, only when the authentication of the user and the device is successful between the client terminal 10 and the authentication server 20, the authentication server 20 provides the information necessary for password decryption, so that the password stored in the client terminal 10 Can be decrypted securely.

In addition, when the user authentication fails in the user authentication process, for example, if the incorrect identification number is input a predetermined number of times, the distributed information stored in the authentication server 20 can be deleted. In addition, in the device authentication process, for example, even when an invalid identification number is input a specified number of times and the device authentication fails, the distributed information stored in the authentication server 20 is deleted to block the access by the fraudulent user and the unauthorized device . In one embodiment, the deletion of the distributed information can be performed by the distributed information management unit 253 of the authentication server 20, but is not limited thereto.

In this way, the dictionary attack can be prevented by distributing and storing information necessary for user and device authentication between the client terminal 10 and the authentication server 20, and only when both user authentication and device authentication are successful, information necessary for password decryption It is possible to encrypt and store and use a complex password using only a simple identification number.

It will be understood by those skilled in the art that the present invention can be embodied in other specific forms without departing from the spirit or essential characteristics thereof. It is therefore to be understood that the embodiments described above are to be considered in all respects only as illustrative and not restrictive. The scope of the present invention is defined by the appended claims rather than the detailed description and all changes or modifications derived from the meaning and scope of the claims and their equivalents are to be construed as being included within the scope of the present invention do.

10: Client terminal
20: Authentication server
30: Network
101: Master terminal
102: Wearable terminal

Claims (36)

1. A client terminal connected to an authentication server via a communication network,
A random data generation unit generating random data and transmitting a part of the random data to the authentication server;
A user authentication information generating unit for generating user authentication information based on the identification number, the rest of the random data, and authentication parameters provided from the authentication server, and transmitting a part of the user authentication information to the authentication server;
A device authentication information generation unit that generates device authentication information based on device information of the client terminal and transmits a part of the device authentication information to the authentication server; And
A password processing unit for encrypting and storing the password with the primary encryption key, encrypting the primary encryption key with the secondary encryption key generated based on the random data and the device information, and transmitting the encrypted primary encryption key to the authentication server;
Lt; / RTI > The method according to claim 1,
Wherein the random data generator generates the first random data and the second random data and transmits the second random data to the authentication server. The method according to claim 1,
Wherein the user authentication information generation unit generates the authentication private key generated based on the identification number and the remainder of the random data and the authentication verification key generated based on the authentication parameter and the authentication private key, And transmits the authentication verification key to the authentication server. The method according to claim 1,
Wherein the user authentication information generating unit generates an authentication private key based on the identification number and the remainder of the random data and transmits the first public verification key generated based on the authentication parameter to the authentication server,
Generating a first mutual authentication key based on the second public verification key, the authentication parameter, and the authentication private key as the second public verification key is received from the authentication server, And transmits the mutual authentication key authentication information including the first public verification key and the second public verification key to the authentication server. 5. The method of claim 4,
And the second public verification key is information generated based on a part of the user authentication information. The method according to claim 1,
The device authentication information generation unit extracts a device information list and device information based on the device information list, generates a device authentication value based on the device information, and transmits the device information list and the device authentication value to the authentication server The transmitting client terminal. The method according to claim 1,
The device authentication information generation unit generates device authentication information based on device information extracted based on the device information list as part of the random data and device verification information including a device information list are transmitted from the authentication server To the authentication server. The method according to claim 1,
Wherein the primary encryption key is an arbitrary random number, and the secondary encryption key is generated based on the identification number, the random data, and the device information. The method according to claim 1,
Wherein the password processing unit generates the secondary encryption key and decrypts the primary encryption key as the encrypted primary encryption key is transmitted from the authentication server, and the password processing unit decrypts the primary encryption key using the decrypted primary encryption key, To the client terminal. The method according to claim 1,
Wherein the client terminal is a wearable terminal for short-range wireless communication with a master terminal connected to the authentication server through the communication network. The method according to claim 1,
Wherein the identification number is composed of a number of specified digits,
Wherein the password is composed of a combination of numbers, letters, and special characters of a specified number of digits. An authentication server connected to a client terminal through a communication network,
An authentication parameter management unit for managing authentication parameters assigned to the client terminals;
A distributed information management unit for receiving and storing a part of random data, a part of user authentication information, a part of device authentication information, and an encrypted primary encryption key from the client terminal;
A second public verification key generated based on the authentication parameter and a part of the user authentication information to the client terminal, and a second mutual authentication key generated and transmitted by the client terminal based on the second public verification key A user authentication unit for performing user authentication according to the user authentication;
A part of the random data and a part of the device authentication information are transmitted to the client, and a part of the device authentication information derived from the device verification value as the device verification value is received from the client terminal, A device authentication unit comparing a part of the authentication information to perform device authentication; And
A decryption information providing unit for transmitting the encrypted primary encryption key to the client terminal according to an authentication result of the user authentication unit and the device authentication unit;
. 13. The method of claim 12,
Wherein the user authentication unit receives a first public verification key from the client terminal and generates a second mutual authentication key based on the first public verification key and a part of the user authentication information, And an authentication server for comparing the second mutual authentication key to perform user authentication. 13. The method of claim 12,
Wherein the distributed information management unit stores a device information list and a device authentication value as a part of the device authentication information,
The device authentication unit extracts the device information list and transmits the device information list to the client terminal. The device authentication unit compares the device authentication value derived from the device verification value received from the client terminal with the device authentication value stored in the distributed information management unit, The authentication server that performs the authentication. 13. The method of claim 12,
Wherein the distributed information management unit is configured to delete a part of the user authentication information when the user authentication in the user authentication unit fails more than a specified number of times. 13. The method of claim 12,
Wherein the distributed information management unit is configured to delete a part of the random data and a part of the device authentication information when the device authentication in the device authentication unit fails more than a specified number of times. 1. An authentication method of a client terminal connected to an authentication server via a communication network,
The client terminal accessing the authentication server and requesting password encryption, the client terminal receiving an authentication parameter from the authentication server;
A random data distribution step in which the client terminal generates random data and transmits a part of the random data to the authentication server;
Wherein the client terminal generates user authentication information based on the identification number, the authentication parameter, and the random data as the identification number is input to the client terminal, and transmits the user authentication information to the authentication server, Authentication information distribution process;
A device authentication information distribution step in which the client terminal generates device authentication information based on device information of the client terminal and transmits a part of the device authentication information to the authentication server; And
The client terminal encrypts and stores the password using the primary encryption key and encrypts the primary encryption key with the secondary encryption key generated based on the random data and the device information to transmit the encrypted information distributed to the authentication server process;
. 18. The method of claim 17,
Wherein the random data distribution process is a process in which the client terminal generates first random data and second random data and transmits the second random data to the authentication server. 18. The method of claim 17,
Wherein the user authentication information distribution step includes the steps of the client terminal generating a private key for authentication based on the identification number and the remainder of the random data;
The client terminal generating a verification key for authentication based on the authentication parameter and the authentication private key; And
Transmitting, by the client terminal, the verification key for authentication to the authentication server;
. 18. The method of claim 17,
The device authentication information distribution process includes: the client terminal extracting a device information list and device information based on the device information list;
The client terminal generating a device authentication value based on the device information; And
The client terminal sending the device information list and the device authentication value to the authentication server;
. 18. The method of claim 17,
The encryption information distribution process may include: generating the primary encryption key by the client terminal;
The client terminal encrypting the password with the primary encryption key and storing the encrypted password;
The client terminal generating a secondary encryption key based on the identification number, the random data, and the device information;
Encrypting the primary encryption key with the secondary encryption key; And
The client terminal transmitting the encrypted primary encryption key to the authentication server;
. 18. The method of claim 17,
A step in which the client terminal receives an authentication parameter from the authentication server after the client terminal accesses the authentication server and requests password decryption after the encryption information distribution process;
Generating a mutual authentication key authentication information based on the identification number, the rest of the random data, and authentication data received from the authentication server, and transmitting the mutual authentication key authentication information to the authentication server;
A part of the random data and a part of the device authentication information are transmitted from the authentication server, the client terminal generates a device verification value based on the device authentication data derived according to a part of the device authentication information, A device authentication process for transmitting the device authentication request; And
A decryption process in which the client terminal decrypts the password when the encrypted primary encryption key is transmitted from the authentication server;
. 23. The method of claim 22,
Wherein the user authentication step comprises: the client terminal generating a private key for authentication based on the identification number and the remainder of the random data;
Generating a first public verification key based on the authentication parameter and transmitting the first public verification key to the authentication server;
Generating a first mutual authentication key based on the second public verification key, the authentication private key and the authentication parameter as the second public verification key is transmitted from the authentication server as the authentication data; ; And
Generating the mutual authentication key authentication information based on the first mutual authentication key, the first public verification key, and the second public verification key, and transmitting the mutual authentication key authentication information to the authentication server;
. 23. The method of claim 22,
Wherein the device authentication process is a process in which the client terminal transmits device information as the device authentication data based on the device information list as a part of the random data and a device information list as part of the device authentication information are transmitted from the authentication server Extracting; And
Generating the device verification value from the device information and transmitting the device verification value to the authentication server;
. 23. The method of claim 22,
Wherein the decryption includes: generating the secondary encryption key by the client terminal when the encrypted primary encryption key is transmitted from the authentication server;
Decrypting the encrypted primary encryption key received from the authentication server by the client terminal with the secondary encryption key; And
The client terminal decrypting the password with the decrypted primary encryption key;
. 23. The method of claim 22,
Wherein the authentication server deletes a part of the user authentication information when the user authentication process fails for a predetermined number of times or more. 23. The method of claim 22,
Wherein the authentication server deletes a part of the random data and a part of the device authentication information when the device authentication process fails more than the designated number of times. An application stored in a client terminal connected to an authentication server via a communication network,
A function of receiving an authentication parameter from the authentication server by accessing the authentication server and requesting password encryption;
A random data distribution function for generating random data and transmitting a part of the random data to the authentication server;
A user authentication information distribution function for generating user authentication information based on the identification number, the authentication parameter and the random data, and transmitting a part of the user authentication information to the authentication server, ;
A device authentication information distribution function for generating device authentication information based on device information of the client terminal and transmitting a part of the device authentication information to the authentication server; And
An encryption information distribution function for encrypting and storing a password with a primary encryption key, encrypting the primary encryption key with a secondary encryption key generated based on the random data and the device information, and transmitting the encrypted primary encryption key to the authentication server;
An application that is stored on the medium to run. 29. The method of claim 28,
Wherein the random data distribution function is stored in a medium which is a function of generating first random data and second random data and transmitting the second random data to the authentication server. 29. The method of claim 28,
Wherein the user authentication information distribution function includes: a function of generating an authentication private key based on the identification number and the remainder of the random data;
A function of generating a verification key for authentication based on the authentication parameter and the authentication private key; And
A function of transmitting the authentication key for authentication to the authentication server;
An application that is stored on a medium for further execution. 29. The method of claim 28,
The device authentication information distribution function includes: a function of extracting a device information list and device information based on the device information list;
A function of generating a device authentication value based on the device information; And
Transmitting the device information list and the device authentication value to the authentication server;
An application that is stored on a medium for further execution. 29. The method of claim 28,
The encryption information distribution function includes: a function of generating the primary encryption key;
A function of encrypting the password with the primary encryption key and storing the encrypted password;
A function of generating a secondary encryption key based on the identification number, the random data, and the device information;
A function of encrypting the primary encryption key with the secondary encryption key; And
A function of transmitting the encrypted primary encryption key to the authentication server;
An application that is stored on a medium for further execution. 29. The method of claim 28,
A function of receiving an authentication parameter from the authentication server by accessing the authentication server and requesting password decryption after the encryption information distribution function;
A user authentication function for generating mutual authentication key authentication information based on the identification number, the rest of the random data, and authentication data received from the authentication server, and transmitting the mutual authentication key authentication information to the authentication server;
A part of the random data and a part of the device authentication information are transmitted from the authentication server to generate a device verification value based on the device authentication data derived in accordance with a part of the device authentication information, Authentication function; And
A decryption function for decrypting the password when the encrypted primary encryption key is transmitted from the authentication server;
An application that is stored on a medium for further execution. 34. The method of claim 33,
The user authentication function includes a function of generating a private key for authentication based on the identification number and the remainder of the random data;
Generating a first public key for verification based on the authentication parameter and transmitting the first public key to the authentication server;
A function of generating a first mutual authentication key based on the second public verification key, the authentication private key and the authentication parameter as the second public verification key is transmitted as the authentication data from the authentication server; And
A function of generating the mutual authentication key authentication information based on the first mutual authentication key, the first public verification key, and the second public verification key and transmitting the mutual authentication key authentication information to the authentication server;
An application that is stored on a medium for further execution. 35. The method of claim 34,
The function of extracting device information as the device authentication data based on the device information list as a part of the random data and a device information list are transmitted as part of the device authentication information from the authentication server; And
Generating the device verification value from the device information and transmitting the device verification value to the authentication server;
An application that is stored on a medium for further execution. 34. The method of claim 33,
Wherein the decryption function has a function of generating the secondary encryption key as the encrypted primary encryption key is transmitted from the authentication server;
A function of decrypting the encrypted primary encryption key received from the authentication server with the secondary encryption key; And
Decrypting the password with the decrypted primary encryption key;
An application that is stored on a medium for further execution.
KR1020150022589A 2015-02-13 2015-02-13 Client Terminal for Supporting Banking Service, Authentication Server, Method and Application for User Terminal KR20160100078A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150022589A KR20160100078A (en) 2015-02-13 2015-02-13 Client Terminal for Supporting Banking Service, Authentication Server, Method and Application for User Terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150022589A KR20160100078A (en) 2015-02-13 2015-02-13 Client Terminal for Supporting Banking Service, Authentication Server, Method and Application for User Terminal

Publications (1)

Publication Number Publication Date
KR20160100078A true KR20160100078A (en) 2016-08-23

Family

ID=56875454

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150022589A KR20160100078A (en) 2015-02-13 2015-02-13 Client Terminal for Supporting Banking Service, Authentication Server, Method and Application for User Terminal

Country Status (1)

Country Link
KR (1) KR20160100078A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190024221A (en) * 2017-08-31 2019-03-08 (주)비바리퍼블리카 Method for scrapping user information of account-running-institue and application system thereof
KR20190054280A (en) * 2017-11-13 2019-05-22 주식회사 하나은행 Method and mobile terminal unit for providing asset management service
CN114095202A (en) * 2021-10-09 2022-02-25 浪潮软件股份有限公司 Method for fast authentication of client-server architecture
WO2022124431A1 (en) * 2020-12-08 2022-06-16 주식회사 앰진시큐러스 Method for automating trusted execution environment-based non-contact identity generation and mutual authentication

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190024221A (en) * 2017-08-31 2019-03-08 (주)비바리퍼블리카 Method for scrapping user information of account-running-institue and application system thereof
KR20190054280A (en) * 2017-11-13 2019-05-22 주식회사 하나은행 Method and mobile terminal unit for providing asset management service
WO2022124431A1 (en) * 2020-12-08 2022-06-16 주식회사 앰진시큐러스 Method for automating trusted execution environment-based non-contact identity generation and mutual authentication
CN114095202A (en) * 2021-10-09 2022-02-25 浪潮软件股份有限公司 Method for fast authentication of client-server architecture
CN114095202B (en) * 2021-10-09 2024-04-12 浪潮软件股份有限公司 Method for rapidly authenticating client-server architecture

Similar Documents

Publication Publication Date Title
CN109495274B (en) Decentralized intelligent lock electronic key distribution method and system
CN1689297B (en) Method of preventing unauthorized distribution and use of electronic keys using a key seed
CN101834853B (en) Method and system for sharing anonymous resource
CN105684346A (en) Method for securing over-the-air communication between a mobile application and a gateway
CN109150519A (en) Anti- quantum calculation cloud storage method of controlling security and system based on public keys pond
CN1939028A (en) Accessing protected data on network storage from multiple devices
CN1985466A (en) Method of delivering direct proof private keys in signed groups to devices using a distribution CD
JP5380583B1 (en) Device authentication method and system
CN110690956B (en) Bidirectional authentication method and system, server and terminal
CN108199847B (en) Digital security processing method, computer device, and storage medium
KR20180101870A (en) Method and system for data sharing using attribute-based encryption in cloud computing
EP1501238B1 (en) Method and system for key distribution comprising a step of authentication and a step of key distribution using a KEK (key encryption key)
CN104539420A (en) General intelligent hardware safe secret key management method
CN103329589A (en) System and method for issuing an authentication key for authenticating a user in a cpns environment
CN110505055A (en) Based on unsymmetrical key pond to and key card outer net access identity authentication method and system
CN101944216A (en) Two-factor online transaction safety authentication method and system
KR20160100078A (en) Client Terminal for Supporting Banking Service, Authentication Server, Method and Application for User Terminal
CN109379345B (en) Sensitive information transmission method and system
CN111586023A (en) Authentication method, authentication equipment and storage medium
EP3292654B1 (en) A security approach for storing credentials for offline use and copy-protected vault content in devices
CN112822021B (en) Key management method and related device
KR102053993B1 (en) Method for Authenticating by using Certificate
WO2018043466A1 (en) Data extraction system, data extraction method, registration device, and program
KR20200000978A (en) Data security method and system
KR20190007336A (en) Method and apparatus for generating end-to-end security channel, and method and apparatus for transmitting/receiving secure information using security channel

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
N231 Notification of change of applicant
E902 Notification of reason for refusal
E601 Decision to refuse application