KR20170022405A - User authentication server and method for authenticating user - Google Patents

User authentication server and method for authenticating user Download PDF

Info

Publication number
KR20170022405A
KR20170022405A KR1020150117319A KR20150117319A KR20170022405A KR 20170022405 A KR20170022405 A KR 20170022405A KR 1020150117319 A KR1020150117319 A KR 1020150117319A KR 20150117319 A KR20150117319 A KR 20150117319A KR 20170022405 A KR20170022405 A KR 20170022405A
Authority
KR
South Korea
Prior art keywords
mobile communication
authentication
communication terminal
user
identification information
Prior art date
Application number
KR1020150117319A
Other languages
Korean (ko)
Inventor
박주희
이문상
김종우
Original Assignee
주식회사 케이티
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 케이티 filed Critical 주식회사 케이티
Priority to KR1020150117319A priority Critical patent/KR20170022405A/en
Publication of KR20170022405A publication Critical patent/KR20170022405A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities

Abstract

The present application relates to an authentication server and a user authentication method using the same. The user authentication method in the authentication server according to an embodiment of the present invention comprises: a callback message transmission step of transmitting a callback message to a mobile communication terminal, by the authentication server, when receiving an authentication request signal requesting user authentication on a mobile communication terminal user; an identification information reception step of receiving identification information of the mobile communication terminal, which is collected while an external communication port of the mobile communication terminal is blocked, from an authentication application executed in the mobile communication terminal in response to the callback message, by the authentication server; and a user authentication step of performing the user authentication on the mobile communication terminal user by using the collected identification information, by the authentication server.

Description

[0001] Authentication server and authentication method using same [0002]

The present invention relates to an authentication server and an authentication method using the authentication server. More particularly, the present invention relates to an authentication server that can perform secure authentication by blocking temporary communication and an authentication method using the same.

Recently, personal information has become more important because of the increasing use of personal information on the internet, such as membership of a website, execution of payment at an internet shopping mall, and financial transaction through a financial institution application.

In this regard, in order to prevent leakage of personal information, a personal authentication method using an authorized certificate or a mobile phone has been widely used, and in particular, the personal authentication method using a mobile phone has a problem in that, It is not necessary to provide the information in advance.

Specifically, when the user authentication is performed using the mobile phone, a text message including the authentication number can be transmitted to the user's mobile phone according to the user's authentication request. Then, if the authentication number received by the user is inputted into the authentication number input window, the authentication can be performed by confirming whether or not the authentication number input by the user matches the authentication number included in the transmitted text message. In other words, if the authentication numbers match, it can be seen that the user corresponds to the party user occupying the mobile phone of the user's name, and thus the user authentication can be completed.

The present invention is to provide an authentication server capable of performing secure personal authentication through interception of a temporary communication and an authentication method using the same.

The authentication method in the authentication server according to an embodiment of the present invention is characterized in that when the authentication server receives an authentication request signal requesting authentication of the user of the mobile communication terminal, the authentication server transmits a callback message A callback message transmission step of transmitting a callback message; The authentication server receives identification information for receiving the identification information of the mobile communication terminal collected in a state in which the external communication port of the mobile communication terminal is blocked from the authentication application executed in the mobile communication terminal in response to the callback message step; And an identity authentication step of the authentication server performing identity authentication of the user of the mobile communication terminal using the collected identification information.

Here, the callback message may include authentication application execution means for causing the authentication application to be executed in the mobile communication terminal, and the authentication application execution means may execute the authentication application in an application market (URL) that connects to the marketplace. When the authentication application is not installed in the mobile communication terminal, the authentication application execution means may set the mobile communication terminal to an installation URL (Uniform Resource Locator) in response to the input of the user to the authentication application execution means, As shown in FIG.

Here, in the step of transmitting the callback message, the authentication server requests the short message service center (SMSC) of the mobile communication company to which the mobile communication terminal is subscribed to transmit the callback message, Callback messages can be sent.

Here, the step of transmitting the callback message may include: an authentication request signal receiving step of receiving an authentication request signal including personal information of the user from a service providing server providing a web service requiring authentication by the authentication server; The authentication server compares the received personal information with the mobile communication service subscription information of the user to authenticate whether the user joins the mobile communication service; And transmitting the callback message to the telephone number of the mobile communication terminal included in the personal information when the subscription of the mobile communication service of the user is authenticated.

Here, the subscription authentication process may be such that the authentication server collects mobile communication service subscription information corresponding to the user of the mobile communication terminal from the subscriber database storing the mobile communication service subscription information.

When the authentication application is executed in the mobile communication terminal, the authentication application blocks the external communication port of the mobile communication terminal, collects the identification information of the mobile communication terminal in a state where the external communication port of the mobile communication terminal is blocked , And transmit the identification information to the authentication server. In addition, the authentication application can cancel the blocking of the external communication port when the transmission of the identification information is completed.

Here, the receiving of the identification information may be performed by combining an International Mobile Station Equipment Identity (IMEI), an International Mobile Subscriber Identity (IMSI) of the mobile communication terminal or the IMEI or IMSI according to a predetermined format with a phone number of the mobile communication terminal Code as the identification information.

Here, the identity authentication step may be performed by the authentication server by checking whether the collected identification information matches the identification information of the mobile communication terminal stored in the subscriber database to perform the identity authentication, Even if the identification information is not received from the mobile communication terminal, the authentication server can determine that the identity authentication has failed. Further, in the identity authentication step, the authentication server may notify the service providing server that transmitted the authentication request signal to the authentication result of the mobile communication terminal.

According to an embodiment of the present invention, a method for authenticating a user in a mobile communication terminal includes receiving a callback message in which a mobile communication terminal receives a callback message from an authentication server; An identification information collection step of the mobile communication terminal executing an authentication application corresponding to the callback message to perform an external communication port blocking and identification information collection of the mobile communication terminal; And an identification information transmitting step of transmitting the collected identification information to the authentication server using the authentication application and releasing the blocking of the external communication port when the transmission of the identification information is completed have.

Here, the authentication method of the mobile communication terminal according to an embodiment of the present invention is a method in which a mobile communication terminal transmits personal information of a user to a service providing server that provides a web service requiring authentication, And a web service requesting step of requesting the web service.

Here, the collecting of the identification information may be performed by combining the International Mobile Station Equipment Identity (IMEI), the International Mobile Subscriber Identity (IMSI) of the mobile communication terminal or the IMEI and IMSI according to a preset format Code can be collected as the identification information.

The authentication server according to an embodiment of the present invention includes a callback message transmission unit for transmitting a callback message to the mobile communication terminal in response to an authentication request signal for requesting authentication of a user of the mobile communication terminal; An identification information receiving unit that receives identification information of the mobile communication terminal collected from an authentication application executed in the mobile communication terminal in response to the callback message while the external communication port of the mobile communication terminal is blocked; And a personal authentication unit for performing personal authentication of the user of the mobile communication terminal using the identification information of the received mobile communication terminal.

Here, the callback message may include authentication application execution means for causing the authentication application to be executed in the mobile communication terminal, and the authentication application execution means may execute the authentication application in an application market (URL) that connects to the marketplace. When the authentication application is not installed in the mobile communication terminal, the authentication application execution means may set the mobile communication terminal to an installation URL (Uniform Resource Locator) in response to the input of the user to the authentication application execution means, As shown in Fig.

Here, the callback message transmitting unit may request the short message service center (SMSC) of the mobile communication company to which the mobile communication terminal subscribes to transmit the callback message.

Meanwhile, an authentication server according to an embodiment of the present invention includes: an authentication request signal receiver for receiving the authentication request signal including personal information of a user from a service providing server that provides a web service requiring authentication; And a subscription authenticating unit for comparing the received personal information with the mobile communication service subscription information of the user to authenticate whether the user subscribes to the mobile communication service.

In this case, the callback message transmitting unit may transmit the callback message to the telephone number of the mobile communication terminal included in the personal information when the subscription of the mobile communication service of the user is authenticated.

The subscription authenticating unit may collect mobile communication service subscription information corresponding to a user of the mobile communication terminal from the subscriber database storing the mobile communication service subscription information.

Here, the identification information receiving unit may include a combination of International Mobile Station Equipment Identity (IMEI), International Mobile Subscriber Identity (IMSI), or IMEI or IMSI of the mobile communication terminal according to a predetermined format with a telephone number of the mobile communication terminal As the identification information.

Here, the identity authentication unit may perform the identity authentication by checking whether the collected identity information matches the identification information of the mobile communication terminal stored in the subscriber database, If the identification information is not received from the mobile communication terminal, it can be determined that the identity authentication has failed. Also, the authentication unit may notify the authentication result of the mobile communication terminal to the service providing server that has transmitted the authentication request signal.

A mobile communication terminal according to an embodiment of the present invention includes: a message receiving unit for receiving a callback message from an authentication server; And an application execution unit for collecting the identification information in response to the callback message and blocking the external communication port and transmitting the collected identification information to the authentication server.

In addition, the means for solving the above-mentioned problems are not all enumerating the features of the present invention. The various features of the present invention and the advantages and effects thereof will be more fully understood by reference to the following specific embodiments.

According to the authentication server and the authentication method using the authentication server according to an embodiment of the present invention, it is possible to perform secure authentication by blocking the temporary communication.

According to the authentication server and the authentication method using the authentication server according to the embodiment of the present invention, it is possible to accurately and securely authenticate the user, thereby preventing fraud damage due to hacking or illegal call forwarding.

According to the authentication server and the authentication method using the authentication server according to the embodiment of the present invention, it is possible to easily download and install the authentication application.

1 is a schematic diagram showing a personal authentication system according to an embodiment of the present invention.
2 is a block diagram illustrating an authentication server according to an embodiment of the present invention.
3 is a block diagram illustrating a mobile communication terminal according to an embodiment of the present invention.
4 is a timing diagram showing a method of authenticating an individual according to an embodiment of the present invention.
5 and 6 are flowcharts illustrating a method of authenticating a principal in an authentication server according to an embodiment of the present invention.
7 is a flowchart showing a method of authenticating a principal in a mobile communication terminal according to an embodiment of the present invention.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings, in order that those skilled in the art can easily carry out the present invention. In the following detailed description of the preferred embodiments of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. In the drawings, like reference numerals are used throughout the drawings.

In addition, in the entire specification, when a part is referred to as being 'connected' to another part, it may be referred to as 'indirectly connected' not only with 'directly connected' . Also, to "include" an element means that it may include other elements, rather than excluding other elements, unless specifically stated otherwise. Also, the terms "part," "module, " and the like in the specification mean units for processing at least one function or operation, which may be implemented by hardware or software or by a combination of hardware and software.

1 is a schematic diagram showing a personal authentication system according to an embodiment of the present invention.

Referring to FIG. 1, a user authentication system according to an embodiment of the present invention includes a user terminal 10, a mobile communication terminal 200, a service providing server 20, an authentication server 100, a SMSC : Short Message Service Center (30), and a subscriber database (40).

Hereinafter, a personal authentication system according to an embodiment of the present invention will be described with reference to FIG.

The user terminal 10 is a terminal device capable of accessing the service providing server 20 through a wired or wireless network and may be a terminal device such as a tablet PC, a PDA (Personal Digital Assistant), a notebook, a desktop, a workstation, . The user 1 can request various types of web services from the service providing server 20 using the user terminal 10 and can receive the respective web services from the service providing server 20. [

The mobile communication terminal 200 may be a terminal receiving a mobile communication service such as a call connection service such as a voice call or a video call and a short message service (SMS) through a mobile communication network. Here, unique identification information, a telephone number, and the like may be set in each mobile communication terminal 200. Each of the users 1 may own the mobile communication terminal 200 and can receive the mobile communication service for the mobile communication terminal 200 by subscribing to the mobile communication service of the mobile communication service provider. At the time of subscription to the mobile communication service, the subscriber database 40 of the mobile communication provider stores identification information and telephone number of each mobile communication terminal 200, personal information of the user 1 that has opened the mobile communication terminal 200, Lt; / RTI > Accordingly, it is assumed that the mobile communication terminal 200 is associated with each user 1, and that the mobile communication terminal 200 is occupied by a legitimate user, unless there is a theft or loss.

On the other hand, when the mobile communication terminal 200 is a terminal capable of accessing the service providing server 20 through a data communication network such as a smart phone, the mobile communication terminal 200 accesses the service providing server 20 directly, It is also possible to request. That is, in the case of a smart phone or the like, the user terminal 10 and the mobile communication terminal 200 can operate simultaneously.

The service providing server 20 may be a server for providing various kinds of web services such as online banking, stock trading, email service, and social network service (SNS) service. In response to a request from the user terminal 10, Service can be provided. However, there may be cases where sensitive information such as personal information and financial information should be used among the web services requested by the user terminal 10. [ At this time, in order to prevent the occurrence of a security accident such as leakage of personal information of the user 1, the service providing server 20 needs to perform the identity authentication to determine whether the user 1 connected through the user terminal 10 is a legitimate user . That is, it is possible to check whether or not the other user has requested the corresponding web service by impersonating the user 1, and to provide the web service only when the user corresponds to the user (1). According to the embodiment, the service providing server 20 may directly perform the identity authentication. However, as shown in FIG. 1, the service providing server 20 may access the authentication server 100 It is also possible to ask for personal identification.

The authentication server 100 can receive a request for authentication of the user 1 of the user terminal 10 from the service providing server 20 and perform authentication of the user 1 in response to the user authentication request . First, the authentication server 100 can receive personal information including the telephone number of the mobile communication terminal 200 of the user 1 from the service providing server 20. [ The service providing server 20 can request personal information from the user terminal 10 and receive the personal information from the user terminal 10. [ Accordingly, the authentication server 100 can receive the personal information of the user 1 from the service providing server 20, and can perform the primary authentication on the user 1 using the personal information.

Specifically, the authentication server 100 accesses the subscriber database 40 of the mobile communication provider and can confirm mobile communication service subscription information and the like. After comparing the personal information of the user 1 with the mobile communication service subscription information, Whether or not they match. If the mobile communication service subscription information corresponding to the personal information inputted by the user terminal 10 does not exist, the service providing server 20 can notify the failure of the authentication of the user. According to the embodiment, it is possible to notify the service providing server 20 of the failure of the identity authentication only when the personal information inputted by the user terminal 10 does not coincide with the mobile communication service registration information more than a predetermined number of times, The service providing server 20 may not provide the corresponding web service to the user terminal 10. [ On the other hand, when the mobile communication service subscription information corresponding to the personal information inputted by the user terminal 10 exists, the authentication server 100 can determine that the primary authentication of the user 1 is successful, It is possible to notify the service providing server 20 of the authentication result.

The authentication server 100 may then perform a secondary authentication by transmitting a callback message to the telephone number of the mobile communication terminal 200 included in the mobile communication service subscription information of the user 1. [ Here, although the authentication server 100 may directly transmit the callback message, the authentication server 100 may request the short message service center 30 to transmit the callback message, It is also possible that the mobile communication terminal 30 transmits a callback message to the mobile communication terminal 200. That is, the authentication server 100 may transmit a callback message to the mobile communication terminal 200, which is presumed to be occupied by a legitimate user, to notify the user 1 that the corresponding web service is requested. Then, the user 1 can transmit a response signal corresponding to the callback message to the authentication server 100 through the mobile communication terminal 200. [ That is, if the user 1 notifies the authentication server 100 whether or not the user 1 directly corresponds to the web service requested by himself / herself through the response signal, the authentication server 100 determines whether the user 1 is a legitimate user Can be determined.

Here, it is assumed that the authentication server 100 transmits a callback message to a mobile communication terminal 100 occupied by a legitimate user. However, when the mobile communication terminal 200 of the user 1 is notified of a call- A callback message can be transmitted to the mobile communication terminal of the other person who pretends to be the user 1. [ In this case, the other party can transmit the response signal in response to the callback message, and the authentication server 100 can perform wrong authentication by the response signal of the other party. Thereafter, the service providing server 20, which has relied on the authentication result of the authentication server 100, can provide the corresponding web service to the other person, thereby enabling the user 1 to know the leakage of personal information, illegal transfer of the account May occur.

However, the authentication server 100 according to an embodiment of the present invention can determine whether or not the mobile communication terminal receiving the callback message corresponds to the mobile communication terminal 200 of the user 1, It is possible to accurately perform the identity authentication even when the mobile terminal 200 is redirected by hacking or the like. Hereinafter, an authentication server according to an embodiment of the present invention will be described in detail with reference to FIG.

2 is a block diagram showing an authentication server 100 according to an embodiment of the present invention.

2, an authentication server according to an exemplary embodiment of the present invention includes a callback message transmitting unit 110, an identification information receiving unit 120, a user authentication unit 130, an authentication request signal receiving unit 140, (150).

The authentication request signal receiving unit 140 can receive an authentication request signal including personal information of the user 1. [ Here, the authentication request signal is a signal for requesting authentication of the user 1, and can be received from the service providing server 20 providing the web service requiring authentication. It is also possible to receive the authentication request signal directly from the user terminal 10 according to the embodiment. Here, since the personal information of the user 1 is necessary for the user 1's authentication, the personal information of the user 1 may be included in the authentication request signal. For example, when the user terminal 10 requests a web service such as a password change to the service providing server 20, the service providing server 20 first informs the user terminal 10 of the name, address, Telephone number, date of birth, etc., and may transmit the personal information, which is input in response to the request, to the authentication request signal receiving unit 140 in the authentication request signal.

Upon receipt of the authentication request signal from the authentication request signal receiving unit 140, the subscription authenticating unit 150 can compare the personal information included in the authentication request signal with the mobile communication service subscription information of the user 1. [ Herein, the mobile communication service subscription information of the user 1 may be stored in the subscriber database 40, and the subscriber authenticating unit 150 may register the mobile communication service subscription information of the user 1 in the subscriber database 40, Service subscription information can be retrieved. Thereafter, if there is mobile communication service subscription information matching the inputted personal information, the subscription authenticating unit 150 can authenticate that the user 1, which is the target of the authentication request, is subscribed to the mobile communication service. That is, since the user is authenticated as correctly inputting the personal information requested by the service providing server, it can be determined that the primary authentication for the user is successful.

The callback message transmitting unit 110 may transmit a callback message to the mobile communication terminal 200 in response to the authentication request signal. Here, the callback message transmitting unit 110 may receive an authentication request signal through the authentication request signal receiving unit 140, and may transmit the authentication request signal to the user 1 (1) directly from the user terminal 10 or the service providing server 20, It is also possible to receive an authentication request signal requesting authentication of the user. In addition, the callback message transmitting unit 110 may transmit the callback message only when the subscriber authenticating unit 150 succeeds in the primary authentication using the personal information of the user 1, but according to the embodiment, It is also possible to omit authentication and send a callback message.

Here, the callback message transmitted by the callback message transmitting unit 110 may include authentication application executing means for allowing the authentication application to be executed in the mobile communication terminal 200. [ The authentication application may be executed in the mobile communication terminal 200 and may collect identification information of the mobile communication terminal 200 while blocking the external communication port of the mobile communication terminal 200. [ That is, according to the authentication application, it is possible to collect the identification information of the mobile communication terminal 200, while blocking the possibility of hacking or call forwarding to the mobile communication terminal 200.

Here, the authentication application can be executed only when the user 1 applies the input, such as clicking or touching the authentication application execution means displayed on the mobile communication terminal 200. [ That is, when the authentication application is executed, the mobile communication terminal 200 is prevented from communicating with the outside, so that the authentication application can be executed when the user 1 is ready. Here, the authentication application can block the remaining external communication ports except the communication with the authentication server 100, and additionally performs a function similar to the security program such as stopping the process executed in the mobile communication terminal 200 in addition to the communication port blocking can do.

However, there may be a case where an authentication application is not installed in the mobile communication terminal 200. In this case, it is necessary to induce the mobile communication terminal 200 to install an authentication application. To this end, the authentication application execution means may include an installation URL (Uniform Resource Locator) that connects to an application market where the authentication application can be installed. Therefore, when the user 1 inputs an input to the authentication application execution means in a state in which the authentication application is not installed in the mobile communication terminal 200, the mobile communication terminal 200 transmits an installation URL (Uniform Resource Locator) So that the installation of the authentication application can be induced.

Meanwhile, the callback message transmitting unit 110 of the authentication server 100 may directly generate a callback message and transmit the generated callback message to each mobile communication terminal 200. However, when the mobile communication terminal 200 transmits a short message It is also possible to request the transmission of the callback message to a Short Message Service Center (SMSC).

The identification information receiving unit 120 can receive the identification information of the mobile communication terminal 200 from the authentication application executed in the mobile communication terminal 200 in response to the callback message.

Specifically, the authentication application can first block the external communication port of the mobile communication terminal 200, thereby preventing the mobile communication terminal 200 from communicating with the outside. That is, the authentication application can prevent the malicious program or the like, which is illegally installed in the mobile communication terminal 200 by hacking or the like, from interfering with the external server by interrupting the external communication of the mobile communication terminal 200, . Then, the authentication application can collect the identification information of the mobile communication terminal 200 while the external communication port of the mobile communication terminal 200 is blocked, and can transmit the collected identification information to the authentication server 100. Here, when the transmission of the identification information is completed, the authentication application can release the blocking of the external communication port of the mobile communication terminal 200, thereby allowing the mobile communication terminal 200 to operate normally.

The identification information of the mobile communication terminal 200 collected by the authentication application may include International Mobile Station Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) of the mobile communication terminal 200. In addition, Or a combination of the IMSI and the telephone number of the mobile communication terminal 200 according to a predetermined format.

The identity authentication unit 130 can perform the identity authentication of the user of the mobile communication terminal 200 using the identification information of the mobile communication terminal 200 that has received the authentication. More specifically, the identity authentication unit 130 can compare the identification information received from the mobile communication terminal 200 with the identification information of the mobile communication terminal 200 stored in the subscriber database 40, If the identification information stored in the storage unit 40 coincides with each other, it can be determined that the authentication of the user is successful. That is, when a callback message is transmitted to another mobile communication terminal by hacking, call forwarding, or the like, identification information different from the identification information stored in the subscriber database 40 may be transmitted to the identity authentication unit 130. Therefore, the identity authentication unit 130 can perform identity authentication for the user 1 by comparing the identification information stored in the subscriber database 40 with the received identification information. In addition, the mobile communication terminal 200 receiving the callback message is prevented from communicating with the outside by the authentication application. Therefore, after the callback message is transmitted, the mobile communication terminal 200 may hack the mobile communication terminal 200 from the outside, Manipulation, or alteration is impossible. Therefore, the identity authentication unit 130 can perform accurate identity authentication in spite of hacking, call forwarding, and the like. In addition, the identity authentication unit 130 can determine that the identity authentication has failed if identity information is not received from the mobile communication terminal 200 within a predetermined time limit after transmitting the callback message. That is, it is possible to minimize the interference of the user authentication due to the hacking or the like to the mobile communication terminal 200 by adding the time limit for the transmission of the identification information.

Then, when the identity authentication using the identification information is completed, the identity authentication unit 130 can notify the service providing server 20 of the identity authentication result for the mobile communication terminal 200, and the service providing server 20 A service according to the authentication result can be provided. For example, if the user is authenticated successfully, the user 1 can change the password requested by the user 1, or transfer the account. On the other hand, if the authentication fails, the service providing server 20 may reject the provision of the corresponding web service requested by the user

3, the mobile communication terminal 200 according to an embodiment of the present invention may include a message receiving unit 210 and an application executing unit 220. [

The message receiving unit 210 may receive a callback message from the authentication server 100. [ Here, the callback message may be transmitted in the form of a short message, and the short message may include an authentication application execution means for executing the authentication application. The mobile communication terminal 200 receiving the callback message may display a callback message including the authentication application execution means and present it to the user 1. The authentication application execution means may have the form of a url address. Thereafter, when the user 1 inputs an input such as touching the authentication application execution means, the application execution unit 220 can execute the authentication application in the mobile communication terminal 200. [

The application executing section 220 can execute the authentication application according to the input of the user 1. [ The authentication application can first block all the external communication ports of the mobile communication terminal 200 and can collect and collect the identification information of the mobile communication terminal 200 while the external communication port is blocked. In this case, the authentication application may block communication with the outside and allow only communication with the authentication server 100. In some embodiments, the authentication application may stop the process in the mobile communication terminal 200, It is also possible to perform the function of

However, there may be a case where an authentication application is not installed in the mobile communication terminal 200. In this case, it is necessary to install an authentication application. Here, when the user 1 inputs an input to the authentication application execution means, the application execution unit 220 can first connect the mobile communication terminal 200 to the installation URL to induce the installation of the authentication application, Once completed, the authentication application can be launched automatically.

On the other hand, when the collection of the identification information is completed by the execution of the authentication application, the authentication application can display the collection completion to the mobile communication terminal 200 and wait. The user 1 can input an OK button or the like for transmitting the identification information to the mobile communication terminal 200 in the standby state and the mobile communication terminal 200 can receive the authentication application The identification information can be transmitted to the authentication server 100 through the network. Thereafter, the authentication application can unblock the external communication port and control the mobile communication terminal 200 to operate normally.

4 is a timing diagram showing a method of authenticating an individual according to an embodiment of the present invention. First, the user terminal 10 can request a web service requiring authentication by the service providing server 20 (S1). In this case, the service providing server 20 may first request personal information input to the user terminal 10 (S2). In other words, personal information such as the name, address, date of birth, telephone number, and business registration number of the user 1 required for authentication of the user can be requested. Here, the personal information requested by the service providing server 20 is information for identifying each user 1 among the mobile communication service subscription information stored in the subscriber database 40 at the time of the subscription by the user 1 during the mobile communication service Lt; / RTI >

Thereafter, when the user inputs personal information to the user terminal 10 in response to the personal information input request of the service providing server 20, the user terminal 10 can transmit the personal information to the service providing server 20 (S3). The service providing server 20 can transmit an authentication request signal to the authentication server 100 including the inputted personal information at step S4 and the authentication server 100 transmits the authentication request signal to the mobile communication It is possible to authenticate whether or not to join the service. Specifically, the authentication server 100 can inquire the subscriber database with the received personal information, and confirm whether or not there is matching data, thereby authenticating whether the subscriber is a mobile communication service subscriber. Here, when the user 1 is authenticated as a mobile communication service subscriber, the authentication server 100 transmits a callback message to the corresponding mobile communication terminal 200 Lt; / RTI > In particular, the authentication server 100 may request the short message service center 30 to send a callback message to the mobile communication terminal 200 in step S7, and the short message service center 30 may transmit the callback message to the mobile communication terminal 200 A callback message can be sent in the form of a short message. Here, the calling number of the callback message may be set to a representative telephone number of an operating company operating the service providing server 20 or a representative telephone number of an authentication company operating the authentication server 100. In addition, the callback message may include a content to be presented to the user 1, such as a method of responding to the callback message, an instruction for authentication of the user, and the like. The content included in the callback message can be set in the authentication server 100.

When the user gives a click input to the authentication application execution means at the mobile communication terminal 200 receiving the callback message at step S9, the mobile communication terminal 200 transmits the click input to the authentication server 100 or the application market And an authentication application can be downloaded and installed (S10). However, when the authentication application is already installed in the mobile communication terminal 200, the download and installation of the authentication application (S10) may be omitted. When the installation of the authentication application is completed or an input is given to the authentication application execution means, the authentication application can be automatically executed. The authentication application blocks the external communication port of the mobile communication terminal 200, (S11). That is, in order to prevent a malicious program, which is illegally installed through hacking or the like, from interfering with the authentication process through communication with the external server, the authentication application can communicate with other external devices other than the communication with the authentication server 100 Can be blocked. Thereafter, when the authentication application completes the collection of the identification information, it can display the completion of the collection of the identification information and wait for the input of the user (S11).

When the user inputs an input for an OK button or the like displayed on the mobile communication terminal 200 for transmission of the identification information, the mobile communication terminal 200 can transmit the identification information to the authentication server 100 (S12) The authentication application can normalize the mobile communication terminal 200 by canceling the blocking of the external communication port of the mobile communication terminal 200 (S13).

The authentication server 100 that has received the identification information from the mobile communication terminal 200 can perform the identity authentication using the received identification information (S14). That is, the user authentication can be performed by checking whether the received identification information matches the identification information stored in the subscriber database 40. Here, if the identification information is identical to each other, it can be determined that the web service request of the user terminal 10 is performed by a legitimate user possessing the actual mobile communication terminal 200. In addition, if the identification information is not received from the mobile communication terminal 200 within a predetermined period of time after the transmission of the callback message, it can be determined that the identity authentication has failed.

The authentication server 100 can transmit the authentication result to the service providing server 20 (S15) and the service providing server 20 can provide the web service to the user terminal 10 according to the authentication result (S16 ).

5 and 6 are flowcharts illustrating a method of authenticating a principal in an authentication server according to an embodiment of the present invention.

5 and 6, the authentication method in the authentication server according to an embodiment of the present invention may include a step of transmitting a callback message (S110), an identification information receiving step (S120), and a personal authentication step (S130) have.

Hereinafter, an authentication method in the authentication server according to an embodiment of the present invention will be described with reference to FIGs. 5 and 6. FIG.

In the callback message transmission step S110, when the authentication server receives the authentication request signal requesting the authentication of the user of the mobile communication terminal, the mobile communication terminal can transmit a callback message to the mobile communication terminal. Here, the callback message may have a short message form, and may include an authentication application execution means for causing the authentication application to be executed in the mobile communication terminal.

The authentication application inquires and collects the identification information of the mobile communication terminal in a state where the external communication port of the mobile communication terminal is blocked. The authentication application, while blocking the possibility of hacking or call forwarding to the mobile communication terminal, The identification information of the communication terminal can be collected. The callback message can be displayed on the mobile communication terminal. When the user clicks or touches the authentication application execution means included in the callback message, the authentication application can be executed. Here, the authentication application can exceptionally allow communication with the authentication server, and can interrupt the process executed in the mobile communication terminal, in addition to blocking the external communication port.

However, there may be a case where an authentication application is not installed in the mobile communication terminal, and in this case, it is necessary to induce the authentication application to be installed in the mobile communication terminal. To this end, the authentication application execution means may include an installation URL (Uniform Resource Locator) that connects to an application market in which the authentication application can be installed. Therefore, when the user inputs an input to the authentication application execution means, the mobile communication terminal can connect to the installation URL (Uniform Resource Locator) to induce the installation of the authentication application. When the installation of the authentication application is completed, Can be executed automatically. However, when an authentication application is already installed in the mobile communication terminal, connection to the installation URL may be omitted.

In addition, in the step of transmitting the callback message (S110), instead of directly generating a callback message and transmitting the callback message to each mobile communication terminal, the mobile communication terminal sends a short message service (SMSC) It is also possible to request the transmission of the callback message to the center. That is, it is also possible that the short message service center transmits the callback message at the request of the authentication server.

6, the authentication request signal receiving process S111, the subscription authenticating process S112, and the transmitting process S113 may be included in the callback message transmitting step S110 .

In the authentication request signal receiving process (S111), the authentication server can receive an authentication request signal including personal information of the user from a service providing server that provides a web service requiring authentication. Here, the authentication request signal is a signal for requesting authentication of the user, and can be received from a service providing server that provides a web service requiring authentication. Here, since the user's personal information is required for the user's authentication, the user's personal information and the like may be included in the authentication request signal. For example, when a user terminal requests a web service such as a password change to a service providing server, the service providing server may first request personal information such as a user's name, address, telephone number, and date of birth to the user terminal. Thereafter, the personal information input in response to the request may be included in the authentication request signal and transmitted to the authentication server.

In the subscription authentication process (S112), the authentication server compares the received personal information with the mobile communication service subscription information of the user to authenticate whether or not the user joins the mobile communication service. Here, since the mobile communication service subscription information of the user may be stored in the subscriber database, the mobile communication service subscription information corresponding to the user can be retrieved from the subscriber database. At this time, it is possible to utilize the personal information of the user received in the authentication request signal receiving step S111. Here, if the mobile communication service subscription information matching the input personal information exists, the user who is the target of the authentication request can be authenticated as being subscribed to the mobile communication service. That is, since the user is authenticated as correctly inputting the personal information requested by the service providing server, it can be determined that the primary authentication for the user is successful.

In the transmission step S113, if the subscription of the user's mobile communication service is authenticated, the call back message can be transmitted to the telephone number of the mobile communication terminal included in the personal information. If the primary authentication for the user is successful through the subscription authentication process (S112), the secondary authentication for the user can be performed by transmitting a callback message to the user's mobile communication terminal.

In the step of receiving the identification information (S120), the authentication server transmits, to the mobile communication terminal in response to the callback message, an authentication application executed in the mobile communication terminal, Identification information can be received. Specifically, since the authentication application first blocks the external communication of the mobile communication terminal, malicious programs or the like illegally installed in the mobile communication terminal by hacking or the like can be prevented from communicating with the external server and intervening in the authentication process. Then, the authentication application can collect the identification information of the mobile communication terminal while the external communication port of the mobile communication terminal is blocked, and transmit the collected identification information to the authentication server. Here, the identification information of the mobile communication terminals collected by the authentication application may be any of those capable of distinguishing the mobile communication terminals from each other. Specifically, the IMEI (International Mobile Station Equipment Identity) and the IMSI (International Mobile Subscriber Identity) of the mobile communication terminal may be used as the identification information. In some embodiments, the IMEI or IMSI may be associated with the mobile communication terminal It is also possible to use codes or the like combined according to a predetermined format as the identification information.

In the identity authentication step (S130), the authentication server can perform identity authentication of the user of the mobile communication terminal using the collected identification information. Specifically, in the identity authentication step (S130), the identification information received from the mobile communication terminal can be compared with the identification information of the mobile communication terminal stored in the subscriber database. If the collected identification information matches the identification information stored in the subscriber database, It can be determined that the authentication of the user is successful. That is, when a callback message is transmitted to another mobile communication terminal by call forwarding or the like, identification information different from the identification information stored in the subscriber database is transmitted to the authentication server. Accordingly, in the identity authentication step (S130), identity authentication is performed for the user by comparing the identification information stored in the subscriber database with the received identification information. In addition, since the mobile communication terminal receiving the callback message is prevented from communicating with the outside by the authentication application, it is impossible for the other person to hack the mobile communication terminal from outside or manipulate or change the identification information after the callback message is transmitted . Therefore, in the identity authentication step (S130), accurate identity authentication can be performed in spite of hacking or call forwarding. In addition, the user authentication step S130 according to the embodiment of the present invention can determine that the user authentication fails if the identification information is not received from the mobile communication terminal within a predetermined time limit after transmitting the callback message. That is, it is possible to minimize the interference of the user authentication due to the hacking or the like to the mobile communication terminal by adding the time limit for the transmission of the identification information.

On the other hand, when the identity authentication using the identification information is completed, the authentication result for the mobile communication terminal can be notified to the service providing server, and the service providing server can provide the service according to the authentication result.

7 is a flowchart showing a method of authenticating a principal in a mobile communication terminal according to an embodiment of the present invention.

Referring to FIG. 7, the authentication method in the mobile communication terminal according to an exemplary embodiment of the present invention includes receiving a callback message (S210), collecting identification information (S220), and transmitting identification information (S230) .

Hereinafter, with reference to FIG. 7, a method of authenticating a user in a mobile communication terminal according to an embodiment of the present invention will be described.

In the callback message receiving step (S210), the mobile communication terminal can receive a callback message from the authentication server. Here, the callback message may be transmitted in the form of a short message, and an authentication application execution means for executing the authentication application in the short message may be included. The mobile communication terminal receiving the callback message may display a callback message including the authentication application execution means and present it to the user. The authentication application execution means may have the form of a url address. Thereafter, when the user inputs an input such as touching the authentication application execution means, the mobile communication terminal can execute the authentication application. However, there may be a case where the authentication application is not installed in the mobile communication terminal. In this case, it is necessary to install the authentication application in the mobile communication terminal. For this purpose, when the user gives an input to the authentication application execution means, the mobile communication terminal can connect to the installation URL included in the authentication application execution means. Here, the installation URL may be a connection address such as an application market where the authentication application can be installed. Thereafter, when the authentication application for the mobile communication terminal is completed, the authentication application can be automatically executed in the mobile communication terminal.

In the identification information collection step S220, the mobile communication terminal may execute the authentication application corresponding to the callback message to perform the external communication port blocking and identification information collection of the mobile communication terminal. The authentication application can first block all the external communication ports of the mobile communication terminal and collect and inquire the identification information of the mobile communication terminal while the external communication port is blocked. Here, the authentication application can completely block communication with the outside, allow only communication with the authentication server, and according to the embodiment, perform functions as a security program by stopping all processes in the mobile communication terminal Lt; / RTI > Meanwhile, the identification information collected in the identification information collection step S220 may be International Mobile Station Equipment Identity (IMEI) or International Mobile Subscriber Identity (IMSI) of the mobile communication terminal. According to the embodiment, it is also possible to collect a code in which IMEI and IMSI are combined with the telephone number of the mobile communication terminal according to a predetermined format, as the identification information.

In the identification information transmission step S230, the mobile communication terminal transmits the collected identification information to the authentication server using the authentication application, and cancels the blocking of the external communication port when the transmission of the identification information is completed . When the collection of the identification information is completed by the execution of the authentication application, the authentication application can display the collection completion to the mobile communication terminal and wait. The user can input an OK button or the like for transmitting the identification information to the mobile communication terminal in the standby state. In this case, the mobile communication terminal can transmit the identification information to the authentication server through the authentication application. When the transmission of the identification information is completed, the authentication application can unblock the external communication port and control the mobile communication terminal to operate normally.

Meanwhile, although not shown, the authentication method in the mobile communication terminal according to an exemplary embodiment of the present invention may further include a web service requesting step. That is, when the mobile communication terminal can directly connect to the service providing server through the data communication network such as a smart phone, the mobile communication terminal can request the web service to the service providing server that provides the web service requiring authentication. Accordingly, the mobile communication terminal can request the web service by transmitting the user's personal information to the service providing server through the web service requesting step.

The present invention is not limited to the above-described embodiments and the accompanying drawings. It will be apparent to those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

10: user terminal 20: service providing server
30: short message service center 40: subscriber database
100: Authentication server 110: Callback message transmission unit
120: Identification information receiving unit 130:
140: authentication request signal receiving unit 150:
200: mobile communication terminal 210: message receiver
220: application execution unit
S110: Callback message transmission step S120: Identification information reception step
S130: Personal authentication step
S210: Callback message reception step S220: Identification information collection step
S230: identification information transmission step

Claims (29)

Transmitting a callback message to the mobile communication terminal when the authentication server receives an authentication request signal requesting authentication of the user of the mobile communication terminal;
The authentication server receives identification information for receiving the identification information of the mobile communication terminal collected in a state in which the external communication port of the mobile communication terminal is blocked from the authentication application executed in the mobile communication terminal in response to the callback message step; And
Wherein the authentication server performs authentication of the user of the mobile communication terminal using the collected identification information.
The method of claim 1, wherein the callback message
And authentication application execution means for causing the authentication server to execute the authentication application in the mobile communication terminal.
3. The system according to claim 2, wherein the authentication application execution means
And an installation URL (Uniform Resource Locator) for connecting the authentication application to an application market installed in the mobile communication terminal.
4. The system according to claim 3, wherein the authentication application execution means
Wherein when the authentication application is not installed in the mobile communication terminal, an authentication server that connects the mobile communication terminal to an installation URL (Uniform Resource Locator) in response to the input of the user to the authentication application execution means .
The method of claim 1, wherein the step of transmitting the callback message comprises:
The authentication server requests the transmission of the callback message to the Short Message Service Center (SMSC) of the mobile communication company to which the mobile communication terminal is subscribed, and transmits the callback message to the mobile communication terminal .
The method of claim 1, wherein the step of transmitting the callback message comprises:
An authentication request signal reception step of the authentication server receiving an authentication request signal including personal information of the user from a service provision server providing a web service requiring authentication of the user;
The authentication server compares the received personal information with the mobile communication service subscription information of the user to authenticate whether the user joins the mobile communication service; And
And transmitting the callback message to the telephone number of the mobile communication terminal included in the personal information when the subscription of the mobile communication service of the user is authenticated.
7. The method of claim 6,
Wherein the authentication server collects mobile communication service subscription information corresponding to a user of the mobile communication terminal from a subscriber database in which the mobile communication service subscription information is stored.
The method of claim 1, wherein the authentication application
Wherein the mobile communication terminal collects identification information of the mobile communication terminal in a state in which the external communication port of the mobile communication terminal is blocked, And transmitting the authentication information to the authentication server.
9. The system of claim 8, wherein the authentication application
And when the transfer of the identification information is completed, disconnecting the external communication port is canceled.
2. The method according to claim 1,
(IMEI), an International Mobile Subscriber Identity (IMSI) of the mobile communication terminal, or a combination of the IMEI or the IMSI according to a preset format and the telephone number of the mobile communication terminal, as the identification information Authentication method in the authentication server.
2. The method according to claim 1,
Wherein the authentication server confirms whether the collected identification information matches the identification information of the mobile communication terminal stored in the subscriber database to perform the identity authentication.
2. The method according to claim 1,
Wherein the authentication server determines that the identity authentication has failed if the identification information is not received from the mobile communication terminal within a predetermined time limit.
2. The method according to claim 1,
Wherein the authentication server notifies the service providing server that has transmitted the authentication request signal to the authentication result for the mobile communication terminal.
Receiving a callback message in which the mobile communication terminal receives a callback message from the authentication server;
An identification information collection step of the mobile communication terminal executing an authentication application corresponding to the callback message to perform an external communication port blocking and identification information collection of the mobile communication terminal; And
The mobile communication terminal transmits the collected identification information to the authentication server using the authentication application and releases the blocking of the external communication port when the transmission of the identification information is completed, A method for authenticating a user at a terminal.
15. The method of claim 14,
Further comprising a web service request step of requesting the web service by transmitting the personal information of the user to the service providing server providing the web service requiring the authentication of the user by the mobile communication terminal.
15. The method according to claim 14,
(IMSI), IMEI, or IMSI of the mobile communication terminal according to a preset format and the telephone number of the mobile communication terminal, as the identification information A method for authenticating a principal in a mobile communication terminal.
A callback message transmitting unit for transmitting a callback message to the mobile communication terminal in response to an authentication request signal for requesting authentication of a user of the mobile communication terminal;
An identification information receiving unit that receives identification information of the mobile communication terminal collected from an authentication application executed in the mobile communication terminal in response to the callback message while the external communication port of the mobile communication terminal is blocked; And
And an identity authentication unit for performing identity authentication for a user of the mobile communication terminal using the identification information of the received mobile communication terminal.
18. The method of claim 17, wherein the callback message
And authentication application execution means for causing the authentication application to be executed in the mobile communication terminal.
19. The system according to claim 18, wherein the authentication application execution means
And an installation URL (Uniform Resource Locator) for connecting the authentication application to an application market installed in the mobile communication terminal.
20. The system according to claim 19, wherein the authentication application execution means
Wherein when the authentication application is not installed in the mobile communication terminal, the authentication server connects the mobile communication terminal to an installation URL (Uniform Resource Locator) in response to the input of the user to the authentication application execution means.
18. The apparatus of claim 17, wherein the callback message transmitter comprises:
Wherein the mobile communication terminal requests transmission of the callback message to a Short Message Service Center (SMSC) of a mobile communication company to which the mobile communication terminal subscribes.
18. The method of claim 17,
An authentication request signal receiving unit that receives the authentication request signal including the user's personal information from a service providing server that provides a web service requiring authentication of the user; And
And a subscriber authentication unit for comparing the received personal information with mobile communication service subscription information of the user to authenticate whether the user joins the mobile communication service.
23. The apparatus of claim 22, wherein the callback message transmitter comprises:
And transmits the callback message to the telephone number of the mobile communication terminal included in the personal information when the subscription of the mobile communication service of the user is authenticated.
23. The apparatus of claim 22, wherein the subscriber authentication unit
And collects mobile communication service subscription information corresponding to a user of the mobile communication terminal from a subscriber database storing the mobile communication service subscription information.
The apparatus according to claim 1, wherein the identification information receiver
(IMEI), an International Mobile Subscriber Identity (IMSI) of the mobile communication terminal, or a combination of the IMEI or the IMSI according to a preset format and the telephone number of the mobile communication terminal, as the identification information Authentication server.
18. The system according to claim 17, wherein the authentication unit
And verifying whether or not the collected identification information matches the identification information of the mobile communication terminal stored in the subscriber database, thereby performing the identity authentication.
18. The system according to claim 17, wherein the authentication unit
And judges that the identity authentication has failed if the identification information is not received from the mobile communication terminal within a predetermined time limit.
18. The system according to claim 17, wherein the authentication unit
And notifies a service providing server that has transmitted the authentication request signal to the mobile communication terminal.
A message receiving unit for receiving a callback message from the authentication server; And
And an application execution unit that collects identification information in response to the callback message and blocks the external communication port and transmits the collected identification information to the authentication server.
KR1020150117319A 2015-08-20 2015-08-20 User authentication server and method for authenticating user KR20170022405A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150117319A KR20170022405A (en) 2015-08-20 2015-08-20 User authentication server and method for authenticating user

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150117319A KR20170022405A (en) 2015-08-20 2015-08-20 User authentication server and method for authenticating user

Publications (1)

Publication Number Publication Date
KR20170022405A true KR20170022405A (en) 2017-03-02

Family

ID=58426755

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150117319A KR20170022405A (en) 2015-08-20 2015-08-20 User authentication server and method for authenticating user

Country Status (1)

Country Link
KR (1) KR20170022405A (en)

Similar Documents

Publication Publication Date Title
US10305902B2 (en) Two-channel authentication proxy system capable of detecting application tampering and method therefor
US11856132B2 (en) Validating automatic number identification data
US11706212B2 (en) Method for securing electronic transactions
US10032168B2 (en) Secure validation of financial transactions
US20200210988A1 (en) System and method for authentication of a mobile device
CN109076080B (en) Authentication method and system
US11620650B2 (en) Mobile authentication method and system therefor
JP6370771B2 (en) Method and system for providing secure transactions using cyber IDs
US11658962B2 (en) Systems and methods of push-based verification of a transaction
KR20190111006A (en) Authentication server, authentication system and method
KR101879843B1 (en) Authentication mehtod and system using ip address and short message service
KR101412159B1 (en) An authentication system using mobile phone and the authentication method
KR101328993B1 (en) An authentication system using mobile phone and the authentication method
KR102300021B1 (en) Authentication method and telecommunication server using IP address and SMS
KR101534753B1 (en) Method of on-the-spot smartphone athentification
US11599607B2 (en) Authentication method and system for a telecommunications system
KR101381388B1 (en) Real name authentication system by smart terminal
KR20170022405A (en) User authentication server and method for authenticating user
KR20070090463A (en) A micro payment sevice using mobile telecommunication sms
KR20150022298A (en) System and method of payment confirmation using auto-call dialing
TWI839875B (en) Payment method, user terminal, device, equipment, system and medium
KR20130026265A (en) System and method for providing user authentication
KR20130005635A (en) System for providing secure card payment system using mobile terminal and method thereof
RU92592U1 (en) MOBILE RADIOTELEPHONE USER IDENTIFICATION SYSTEM BASED ON THE SUBSCRIBER NUMBER IN THE MOBILE RADIOTELEPHONE COMMUNICATION NETWORK
KR20150102652A (en) Authentication method using in-house e-mail for in-house bulletin board service