KR20170104298A - Method and server for improving security of password authentication by real-time mapping - Google Patents

Method and server for improving security of password authentication by real-time mapping Download PDF

Info

Publication number
KR20170104298A
KR20170104298A KR1020160027195A KR20160027195A KR20170104298A KR 20170104298 A KR20170104298 A KR 20170104298A KR 1020160027195 A KR1020160027195 A KR 1020160027195A KR 20160027195 A KR20160027195 A KR 20160027195A KR 20170104298 A KR20170104298 A KR 20170104298A
Authority
KR
South Korea
Prior art keywords
string
password
user terminal
mapping table
character string
Prior art date
Application number
KR1020160027195A
Other languages
Korean (ko)
Other versions
KR101832815B1 (en
Inventor
김창오
김용진
장진달
Original Assignee
쿠팡 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 쿠팡 주식회사 filed Critical 쿠팡 주식회사
Priority to KR1020160027195A priority Critical patent/KR101832815B1/en
Publication of KR20170104298A publication Critical patent/KR20170104298A/en
Application granted granted Critical
Publication of KR101832815B1 publication Critical patent/KR101832815B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • H04L2209/043Masking or blinding of tables, e.g. lookup, substitution or mapping

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

According to an embodiment of the present invention, an authentication method for allowing an authentication server to perform a password authentication process using a plurality of numbers includes a step (a) of receiving a password authentication request from a user terminal; a step (b) of generating a first character string mapping table indicating a mapping relationship between each of numeric values that can constitute the first digit of a password and an arbitrary character string; a step (c) of transmitting the first character mapping table to the user terminal; a step (d) of receiving the first character string mapped in the first character string mapping table with respect to the numeric value of the first digit of the password inputted by the first input of the user, from the user terminal; and a step (e) of sequentially generating, a second string mapping table indicating a mapping relationship between the numerical values capable of configuring the second digit of the password and an arbitrary string, after receiving the first string from the user terminal. It is possible to prevent password hijacking.

Description

METHOD AND SERVER FOR IMPROVING SECURITY OF PASSWORD AUTHENTICATION BY REAL-TIME MAPPING [0002]

The present invention relates to a password authentication security improvement method and server according to real-time mapping, and more particularly, to a method and system for improving security of password authentication by generating a character string mapping on the basis of the number of digits constituting a password and an input time in real- And a server.

With the development of the Internet infrastructure and the financial transaction infrastructure, user authentication has become a very important issue for financial transactions and website access.

In particular, phishing has recently been used as a means of obtaining phishing, such as obtaining personal financial transaction information (for example, an authentication number or credit card number, account information, etc.) (Pharming) which steals personal information such as personal ID, password, account information, etc., from a user's keyboard or the like (For example, a personal ID, a password, account information, etc.) to be hacked by a user, and the like are becoming a problem, and a safer and more efficient method for financial transactions is sought.

On the other hand, in a recent customer wireless terminal, in order to authenticate the validity of the financial transaction in a predetermined financial transaction (payment and / or bill delivery, etc.) in connection with the connected financial transaction means, Procedures are in progress.

However, due to the nature of the information and communication technology, the password for the financial transaction transmitted through the network may be hacked, stolen, lost or abused, thereby preventing hacking, theft or loss for a safer and more reliable financial transaction, It is necessary to improve the security so that the password can not be easily guessed and stolen even if it is stolen or lost.

SUMMARY OF THE INVENTION The present invention has been made to solve the above-described problems of the conventional art, and it is an object of the present invention to provide a method for preventing password stealing caused by hacking or the like by mapping each numeric value of a password in real time to a character string, For that purpose.

It is another object of the present invention to further enhance security by transmitting and receiving an encrypted string between a user terminal and an authentication server.

Yet another object of the present invention is to prevent a password from being leaked easily by generating a new keyboard layout every time a password is input.

According to another aspect of the present invention, there is provided an authentication method for performing a password authentication process in which an authentication server includes a plurality of numbers, the authentication method comprising the steps of: (a) receiving a password authentication request from a user terminal; (b) generating a first character string mapping table indicating a mapping relationship between each of the numeric values that can constitute the first digit of the password and an arbitrary character string; (c) transmitting the first character mapping table to the user terminal; (d) receiving, from the user terminal, a first character string mapped in the first character string mapping table with respect to the numeric value of the first character string input by the first input of the user; And (e) sequentially generating a second string mapping table indicating a mapping relationship between each of the numerical values capable of configuring the second digit of the password and an arbitrary string after receiving the first string from the user terminal A password authentication security method is provided.

And configuring a keypad array in which the numeric values are randomly arranged after the step (a), and transmitting the keypad array to the user terminal.

Further comprising the step of sequentially generating a second keypad array for inputting a numeric value corresponding to a second digit of the password after receiving the first string from the user terminal before the step (e) A password authentication security method is provided.

Transmitting the second character string mapping table to the user terminal after the step (e); And receiving, from the user terminal, a second character string mapped in the second character string mapping table with respect to the second digit character value when the user inputs a second digit character value by the user A password authentication security method is provided.

And converting the first character string and the second character string received from the user terminal into corresponding numeric values according to the first character string mapping table and the second character string mapping table to extract a value input to the user terminal A password authentication security method is provided.

And encrypting all the strings of the first character mapping table and the second character mapping table after the steps (b) and (e), wherein the first character mapping table and the second character mapping table are transmitted to the user terminal, 2 < / RTI > string mapping table is an encrypted string mapping table.

Wherein the first character string and the second character string received from the user terminal are a first encrypted character string and a second encrypted character string by mapping the encrypted character mapping table.

Decrypting the encrypted first and second strings after receipt of the second encrypted string from the user terminal.

The method of claim 1, further comprising, before steps (b) and (e), randomly combining one or more characters to generate a combination of strings comprising the first string mapping table and the second string mapping table. A password authentication security method is provided.

According to another aspect of the present invention, there is provided an authentication server for performing a password authentication process comprising a plurality of numbers, wherein the keypad array is configured by randomly arranging numeric values configurable for the password, A keypad array generating unit for generating a keypad array; Generating a second string mapping table indicating a mapping relationship between each of the numerical values capable of configuring the second digit of the password and an arbitrary string after inputting the password of the first digit of the user, A character string mapping table generating unit for transmitting the character string mapping table to the user terminal; A string encryption unit for encrypting a string constituting the character string mapping tables; A character string decoding unit for receiving an encryption string corresponding to a value input to the user terminal according to the encrypted string mapping information from the user terminal and decoding the received encryption string; And an input value extracting unit for extracting a value input to the user terminal from the character string received from the user terminal.

Wherein the keypad array generating unit newly generates a second keypad array for numeric values that can constitute a second digit of the password after inputting the password of the first digit of the user, / RTI >

And a user information DB in which user information including card information of a user and a password set by the user are stored.

And an authentication unit that determines whether a value input to the user terminal extracted from the input value extracting unit matches the pre-stored password.

According to the embodiment of the present invention, the numerical value of the password is mapped in real time to the character string by reflecting the number of digits constituting the password and the input time, so that the password can not be stolen by hacking or the like unless the user's input time is accurately known .

According to an embodiment of the present invention, security can be further enhanced by encrypting a string transmitted and received between the user terminal and the authentication server.

According to an embodiment of the present invention, a new keyboard layout is generated each time a password is input, so that a password can be prevented from being leaked easily.

It should be understood that the effects of the present invention are not limited to the above effects and include all effects that can be deduced from the detailed description of the present invention or the configuration of the invention described in the claims.

1 is a configuration diagram of a password authentication security system according to an embodiment of the present invention.
2 is a block diagram illustrating a configuration of an authentication server according to an embodiment of the present invention.
3 is a diagram illustrating an example of an N-th character mapping table according to an embodiment of the present invention.
4 is a flowchart illustrating a password authentication security improvement method according to an exemplary embodiment of the present invention with time.
FIG. 5 is a flowchart illustrating a password authentication security improvement method according to another embodiment of the present invention, according to the flow of time.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.

Throughout the specification, when a part is referred to as being "connected" to another part, it includes not only "directly connected" but also "indirectly connected" . Also, when an element is referred to as "comprising ", it means that it can include other elements, not excluding other elements unless specifically stated otherwise.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a configuration diagram of a password authentication security system according to an embodiment of the present invention.

Referring to FIG. 1, the password authentication security system may include a user terminal 100 and an authentication server 200 that can communicate with each other through a communication network.

First, the communication network can be configured without regard to its communication mode such as wired and wireless. A local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), and the like. Preferably, the communication network according to one embodiment may be implemented as a WWW (World Wide Web).

The user terminal 100 can be connected to an external server such as the authentication server 200 through a network such as a mobile phone, a smart phone, a PDA (Personal Digital Assistant), a PMP (Portable Multimedia Player), a tablet PC, And may be connected to an external server such as the authentication server 200 through a network such as a desktop PC, a tablet PC, a laptop PC, and an IPTV including a set-top box. Lt; / RTI > communication device.

According to the embodiment of the present invention, when the user terminal 100 requires a password to be input when using electronic commerce or the like, the user terminal 100 may request the authentication server 200 to perform password authentication.

The authentication server 200 according to an exemplary embodiment of the present invention performs authentication of a password input to the user terminal 100.

The authentication server 200 maps each numeric value constituting the password to randomly configured strings (hereinafter referred to as " string mapping "). According to the embodiment of the present invention, The time is reflected and different string mappings are made.

Here, 'number of digits' of a numeric value means a position in a secret code of a numerical value inputted by a user. For example, in the case of a 3-digit password, the first digit from the first digit, that is, the digits of the numerical value, is present from the first digit to the third digit. The string mapping according to an embodiment is mapped to a different character string depending on how many digits of the constituent digits are located, even if the same numerical value is used.

Also, the 'input time' according to the embodiment of the present invention means a time when the user inputs a numerical value constituting the password in the password authentication process. When the user inputs the numeric value of the first digit of the password, the authentication server 200 maps the second digit numerical values to the character string. At this time, the first digit input time of the user is reflected and the character string can be mapped .

The authentication server 200 according to an exemplary embodiment may generate a mapping table for the mapping information and transmit the mapping table to the user terminal 100. When a password authentication request is received from the user terminal 100, Not only a mapping table is generated but a new character mapping table is generated according to the number of digits constituting the password and the input time of the password of the user.

The authentication server 200 according to the embodiment can configure the keypad array of the password input screen provided to the user in the user terminal 100 differently for each password authentication process.

That is, when a password authentication request is received from the user terminal 100, the authentication server 200 may randomly configure the keypad arrangement positions of the numeric values and transmit the keypad arrangement positions to the user terminal 100.

According to another embodiment of the present invention, a different keypad array may be provided and provided for each numerical value of each digit constituting the password even when one password is authenticated.

In addition, the authentication server 200 according to an exemplary embodiment can not only encrypt each character string generated by mapping with a numeric value, but also decrypt the encrypted character string when receiving the encrypted character string.

2 is a block diagram illustrating a configuration of an authentication server 200 according to an embodiment of the present invention.

2, the authentication server 200 includes a keypad array generator 210, a string mapping table generator 220, a string encryption unit 230, a character string decryption unit 240, an input value extraction unit 250, A user information DB 260, an authentication unit 270, a control unit 280, and a communication unit 290.

The keypad array generating unit 210 according to an embodiment may provide an arrangement of keypads provided by the user terminal 100 when a password is input.

The keypad array means that the numeric values 0 to 9 are arranged on the keypad of the screen of the user terminal 100 for inputting the password. The keypad array generation unit 210 according to the embodiment of the present invention may arrange such keypad array It can be configured at random without depending on a certain rule.

The keypad array generating unit 210 according to the embodiment can select various types of keypads in which more than ten coordinate values can be generated in relation to the shape of the keypad provided to the user terminal 100. [

Depending on the shape of the keypad, the types of coordinates that can place each numerical value in the keypad array generation unit 210 are different, and the presence or absence of a blank on the keypad may also be changed.

For example, when the keypad of row 3 to row 4 is selected, each numeric value can be placed in the coordinates from (1,1) to (3,4), and includes two spaces, while the keypad of row 5 x 2 If you choose a shape, you will place each numeric value in the coordinates from (1,1) to (5,2), and there will be no blank space.

The keypad array generating unit 210 according to the embodiment may configure a new keypad array every time a password authentication request is received from the user terminal 100. [ Thus, different keypad arrays may be provided in each password authentication procedure.

According to another embodiment of the present invention, a new keypad array can be constituted and provided every time a numerical value of each digit constituting a password is input even in a single password authentication process.

For example, when a three-digit password authentication request is made, the keypad array generating unit 210 randomly arranges a first keypad array. When the first keypad array is provided to a user and a first numerical value is input, A second keypad array that is different from the first keypad array is newly constructed. When the second numeric value of the user is input as the second keypad array is provided, the keypad array generator 210 configures the third keypad array. By configuring a new keypad array for each digit of each password in the keypad array generation unit 210, the leakage of the password can be effectively prevented.

The character string mapping table generator 220 according to an embodiment maps each of the numeric values 0 to 9 to different strings. Each numeric value can be mapped to a randomly constructed string of a plurality of characters, with different strings mapped to different numerical values.

According to the embodiment of the present invention, the character string mapping table generation unit 220 can generate a character string mapping table for each numeric value constituting the password in real time, reflecting the number of digits constituting the password and the input time.

That is, even if they have the same numeric value, different strings can be mapped according to the number of digits constituting the password and the input time of the password of the user.

For example, if the mapping string of the numeric value 2 is mapped to 'sdfsfsdf' in the string mapping table for the first digit of the password generated at the time of the password authentication request, after the input of the first digit of the user's password, In a string mapping table, the numeric value 2 mapping string can be 'sdfsfs'.

Hereinafter, the mapping table for the number of digits of the password will be referred to as an 'N-th mapping table', and the user's numerical value input for each digit constituting the password will be referred to as 'N-th input'. At this time, N is a natural number equal to or greater than 1, which means the number of digits constituting the password.

That is, when the password is composed of N numeric values, the character string mapping table generation unit 220 generates N character string mapping tables in real time separately for each digit constituting the secret number. A string mapping table will consist of different strings even if they have the same numeric value.

Upon receipt of the password authentication request, the first mapping table is generated. When the first mapping table is transmitted to the user terminal 100, the second mapping table is newly constructed when the first input is present.

In this manner, the generation of the first mapping table to the N-th mapping table is sequentially performed according to the user's input of the numeric value for each digit constituting the password, and the N-th mapping table is stored in the ), It can be said that it is generated in real time immediately before the Nth input of the user is performed.

As described above, according to the embodiment of the present invention, since different mapping information is configured in real time according to the number of digits of the password of each numerical value and the input time of the user's password, the mapping information can be grasped by knowing the input time precisely. Security can be improved.

According to an embodiment of the present invention, the string mapping table generation unit 220 generates a string mapping table for each digit of the password every time a password authentication request or input of numerical value of a user is received from the user terminal 100 It is possible to newly create combinations of strings constituting each mapping table as well as to newly combine them in real time.

The string mapping table generation unit 220 provides the N-th character mapping table generated as described above to the user terminal 100 after the (N-1) th input of the user terminal 100, that is, the N th input user terminal 100 do.

The string encryption unit 230 encrypts the strings corresponding to the respective numeric values generated by the string mapping table generation unit 220.

The string encryption unit 230 according to an embodiment can encrypt each string using an encryption algorithm such as DES, 3DES, or AES.

When the authentication server 200 transmits the numeric value and the mapping information of the character string to the user terminal 100, the character string encryption unit 230 encrypts all the strings mapped so that the string combinations are not exposed, You can transfer a string mapping table.

Accordingly, when there is an input of a password in the user terminal 100, as an input numerical value mapping information, what is received by the authentication server 200 becomes an encrypted character string.

Since the string combination is made up of an encrypted string in the password authentication process between the user terminal 100 and the authentication server 200, the type of the string combination is not exposed, so that the probability of inferring the password .

DES (Data Encryption Standard) cipher algorithm is a typical symmetric cipher system, which is a block cipher system which can make a 64-bit plain text into a 64-bit cipher text by using a 56-bit secret key. It is a scheme that repeats DES three times in a proposed way as an alternative to the vulnerability caused by having a short key length of bits. The Advanced Encryption Standard (AES) is one of the symmetric encryption schemes, and is an encryption algorithm specified by the international standard. The symmetric encryption scheme refers to an encryption algorithm or scheme that uses the key used in the encryption process and the key used in the process of decrypting the password.

The string decryption unit 240 receives an encryption string for each digit constituting the password from the user terminal 100 and decrypts the encrypted string.

By decoding the string encrypted by the string decoder 240, when the string combination becomes available, the input value of the user terminal 100 can be extracted from the string combination.

The input value extracting unit 250 may extract a value input to the user terminal 100 by receiving the decoded character string from the character decoding unit 240 and converting the decoded character string into a numeric value corresponding to the character string have.

The input value extractor 250 may convert a character string to a numerical value by receiving a character string mapping table from the character string mapping table generator 220. [

According to the embodiment of the present invention, since each numerical value is mapped to a character string by reflecting the number of digits constituting the password and the password input time of the user, the input value extractor 250 extracts the digits , The input value is extracted based on the character string mapping table generated in real time immediately before the input of the password corresponding to the corresponding digit.

The user information DB 260 stores user basic information using a password authentication security system according to an embodiment of the present invention and a password previously registered by the user. The user basic information stored in the user information DB 260 according to one embodiment may include information related to settlement such as user's personal information and card information owned by the user.

The authentication unit 270 according to an exemplary embodiment may receive the input value extracted from the input value extraction unit 250 and check whether the input value matches the registered password stored in the user information DB 260. [

If it is confirmed that the value input to the user terminal 100 by the authentication unit 270 matches the registration password of the user, the authentication server 200 transmits the password authentication completion information to the user terminal 100, And when the value input to the user terminal 100 does not match the registered password of the user, the password authentication failure information is transmitted to prevent the payment.

The controller 280 according to an embodiment includes a keypad array generator 210, a string mapping table generator 220, a string encryption unit 230, a string decoder 240, an input value extractor 250, The information DB 260, the authentication unit 270, and the communication unit 290. [0100] That is, the control unit 280 according to the present invention includes a keypad array generating unit 210, a character mapping table generating unit 220, a character string encrypting unit 230, a character string decrypting unit 240, an input value extracting unit 250, The user information DB 260, the authentication unit 270, and the communication unit 290, respectively.

The communication unit 290 according to one embodiment enables communication between the authentication server 200 and an external device. Specifically, the authentication server 200 enables communication with the user terminal 100.

3 is a diagram illustrating an example of an N-th character mapping table according to an embodiment of the present invention.

The password according to an embodiment of the present invention may be composed of a plurality of combinations of numbers from 0 to 9, which can be determined by a user's setting.

According to the embodiment of the present invention, in the case of a password consisting of N digits, N (N is a natural number) character string mapping table is generated. That is, one string mapping table indicates string mapping information for each numeric value corresponding to each digit of the secret number.

The character string mapping table of FIG. 3 shows one character string mapping table among the N character string mapping tables constituting the entire password.

For example, if the character string mapping table of FIG. 3 corresponds to the first character string mapping table, when the password authentication request is received from the user terminal 100, the authentication server 200 generates the character string mapping table of FIG. 3 And the user enters a numeric value of 1, the mapping string will be mapped to 'sdfsgsg'. After the first input of the user based on the mapping table, the authentication server generates the second character string mapping table in real time, and the character string corresponding to the numeric value 1 in the second character mapping table is a character string different from the 'sdfsgsg' .

4 is a flowchart illustrating a password authentication security improvement method according to an exemplary embodiment of the present invention with time.

First, the user terminal 100 transmits a password authentication request to the authentication server 200 (S401), and the authentication server 200 generates a keypad array in which the numerical values are randomly arranged (S402).

Then, the authentication server 200 generates a first character string mapping table for each numeric value that can constitute the first digit of the password, i.e., the first digit (S403), and encrypts the first strings using the encryption algorithm (S404). At this time, the authentication server 200 according to an exemplary embodiment may also perform a random combination generation process of a string.

The authentication server 200 transmits the keypad array and the first encryption string mapping table to the user terminal 100 (S405).

When the password input screen in which the numeric values are located is displayed according to the keypad array received from the user terminal 100, the first digit input, i.e., the first input, is performed by the user (S406).

In step S407, the user terminal 100 transmits an encryption string matching the numeric value of the first input to the authentication server 200 according to the first encryption string mapping table received in step S405.

When the first encryption string is received, the authentication server 200 generates a second string mapping table for each numeric value that can constitute the second digit of the password in real time (S408).

Thereafter, the authentication server 200 encrypts the second strings of the second character string mapping table (S409), and transmits the second encryption string mapping table to the user terminal 100 (S410).

If the second input of the password by the user, that is, the second input is made (S411), the user terminal 100 generates a second encrypted string corresponding to the numerical value of the second input based on the second encrypted string mapping table To the authentication server 200 (S412).

After receiving the second encryption string, the authentication server 200 generates a third string mapping table (S413), encrypts the third strings (S414), and transmits the third encryption string mapping table to the user terminal 100 (S415).

In response to the reception of the third encryption string mapping table, the user terminal 100 may perform a third input (S416) and transmit the third encryption string corresponding to the third input to the authentication server 200 (S417).

4 shows an example in which the password is three digits. However, when the password is composed of N digits (N is a natural number) according to another embodiment of the present invention, the string mapping table creation, string encryption, The mapping table transmission, the user's password input, and the encryption string transmission corresponding to the input value are performed N times.

When all of the encryption strings for all the numeric values constituting the password are received in the authentication server 200, the authentication server 200 decrypts the encrypted strings (S418).

Also, the authentication server 200 tracks the numeric value based on the N-th character mapping table corresponding to the number of digits and the input time constituting the password, and outputs the numeric value corresponding to the decoded character string and the numeric value The value input to the user terminal 100 can be known (S419).

The authentication server 200 checks whether the extracted input value matches the pre-registered password of the user (S420), and transmits the matching result, that is, the password authentication result, to the user terminal 100 (S421).

If the input value matches the registration password, the user terminal 100 proceeds with the payment process. If the input value does not match, the user terminal 100 requests the password re-input or stops the payment process.

FIG. 5 is a flowchart illustrating a password authentication security improvement method according to another embodiment of the present invention, according to the flow of time.

The password authentication security improvement method according to the embodiment of FIG. 5 shows a configuration in which a different keypad array is provided for each digit constituting a password.

Upon requesting the password authentication of the user terminal 100 (S501), the authentication server 200 generates a first keypad array and a first character mapping table (S502).

In order to prevent a password from being leaked when a user's password is input in the user terminal 100, the arrangement of numerical values arranged on the keypad is randomly configured. In the embodiment of FIG. 5, Can be newly generated for each digit of the number of digits.

The authentication server 200 encrypts the first character string (S503), and transmits the first keypad array and the first encryption string mapping table to the user terminal 100 (S504).

The user terminal 100 provides the received first keypad array to allow the user to perform the first input (S505).

When the first encryption string corresponding to the first input is transmitted to the authentication server 200 in step S506, the authentication server 200 not only generates the second character mapping table but also newly configures the second keypad arrangement in step S507. .

The second keypad arrangement refers to an arrangement of keypads provided for the input of the password second digit in the user terminal 100.

When the second string encryption of the authentication server 200 is performed in step S508, the second keypad array and the second encryption string mapping table are transmitted to the user terminal 100 in step S509. In the user terminal 100, Array to allow the user to perform a second input (510).

When the second encryption string corresponding to the second input is transmitted to the authentication server 200 (S511), the authentication server 200 newly configures the third keypad array, and the third character string mapping table is newly generated (S512).

According to an exemplary embodiment, when the key is composed of N digits, the character string mapping table generation and the keypad arrangement may be sequentially performed N times.

4, the authentication server 200 decrypts the encrypted string, extracts an input value by tracing back the string mapping table corresponding to the digits constituting the password and the input time, confirms whether or not the password is matched, The authentication result can be transmitted to the terminal.

As described above, according to the embodiment of the present invention, by generating different character string mapping information in real time reflecting the number of digits constituting the password and the input time, password leakage due to hacking and the like can be prevented, Can be improved.

It will be understood by those skilled in the art that the foregoing description of the present invention is for illustrative purposes only and that those of ordinary skill in the art can readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.

The scope of the present invention is defined by the appended claims, and all changes or modifications derived from the meaning and scope of the claims and their equivalents should be construed as being included within the scope of the present invention.

100: User terminal
200: authentication server
210: Keypad array generating unit
220: String mapping table creation unit
230: string encryption unit
240: String decoding unit
250: input value extracting unit
260: User information DB
270:
280:
290:

Claims (13)

An authentication method for performing a password authentication process in which an authentication server is composed of a plurality of numbers,
(a) receiving a password authentication request from a user terminal;
(b) generating a first character string mapping table indicating a mapping relationship between each of the numeric values that can constitute the first digit of the password and an arbitrary character string;
(c) transmitting the first character mapping table to the user terminal;
(d) receiving, from the user terminal, a first character string mapped in the first character string mapping table with respect to the numeric value of the first character string input by the first input of the user; And
(e) sequentially generating a second string mapping table indicating a mapping relationship between each of the numeric values capable of configuring the second digit of the password and an arbitrary string after receiving the first string from the user terminal And a password authentication method.
The method according to claim 1,
After the step (a)
Configuring a keypad array in which the numeric values are randomly arranged, and transmitting the keypad array to the user terminal.
3. The method of claim 2,
Prior to step (e)
And sequentially generating a second keypad array for inputting a numeric value corresponding to a second digit of the password after receiving the first string from the user terminal.
The method according to claim 1,
After the step (e)
Transmitting the second string mapping table to the user terminal; And
Receiving a second string mapped in the second string mapping table from the user terminal with respect to a numeric value of the second digit when the user inputs a second digit value by the user, Includes a password authentication security method.
5. The method of claim 4,
And converting the first character string and the second character string received from the user terminal into corresponding numeric values corresponding to the first character string mapping table and the second character string mapping table to extract a value input to the user terminal Wherein the password authentication method comprises:
5. The method of claim 4,
After the steps (b) and (e)
Encrypting all the strings of the first character mapping table and the second character mapping table,
Wherein the first character string mapping table and the second character string mapping table transmitted to the user terminal are encrypted string mapping tables.
The method according to claim 6,
Wherein the first character string and the second character string received from the user terminal are a first encrypted string and a second encrypted string obtained by mapping the encrypted character string mapping table.
8. The method of claim 7,
Decrypting the encrypted first and second strings after receipt of the second encrypted string from the user terminal.
The method according to claim 1,
Before the steps (b) and (e)
Randomly combining one or more characters to generate a combination of strings constituting the first character mapping table and the second character mapping table.
An authentication server for performing a password authentication process comprising a plurality of numbers,
A keypad array generating unit for generating a keypad array in which numeric values configuring the password are randomly arranged and transmitting the keypad array to a user terminal;
Generating a second string mapping table indicating a mapping relationship between each of the numerical values capable of configuring the second digit of the password and an arbitrary string after inputting the password of the first digit of the user, A character string mapping table generating unit for transmitting the character string mapping table to the user terminal;
A string encryption unit for encrypting a string constituting the character string mapping tables;
A character string decoding unit for receiving an encryption string corresponding to a value input to the user terminal according to the encrypted string mapping information from the user terminal and decoding the received encryption string; And
And an input value extracting unit for extracting a value input to the user terminal from the character string received from the user terminal.
11. The method of claim 10,
Wherein the keypad array generating unit comprises:
Wherein the second keypad array is newly generated for the numerical values that can constitute the second digit of the password after the password input of the first digit of the user.
11. The method of claim 10,
And a user information DB storing user information including card information of a user and a password set by the user.
11. The method of claim 10,
And an authentication unit that determines whether a value input to the user terminal extracted from the input value extracting unit matches the pre-stored password.
KR1020160027195A 2016-03-07 2016-03-07 Method and server for improving security of password authentication by real-time mapping KR101832815B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020160027195A KR101832815B1 (en) 2016-03-07 2016-03-07 Method and server for improving security of password authentication by real-time mapping

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020160027195A KR101832815B1 (en) 2016-03-07 2016-03-07 Method and server for improving security of password authentication by real-time mapping

Publications (2)

Publication Number Publication Date
KR20170104298A true KR20170104298A (en) 2017-09-15
KR101832815B1 KR101832815B1 (en) 2018-02-27

Family

ID=59926851

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160027195A KR101832815B1 (en) 2016-03-07 2016-03-07 Method and server for improving security of password authentication by real-time mapping

Country Status (1)

Country Link
KR (1) KR101832815B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112632572A (en) * 2020-12-04 2021-04-09 中国农业银行股份有限公司深圳市分行 Method, device and storage medium for encrypting and decrypting commands in script

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100734592B1 (en) * 2006-09-27 2007-07-02 주식회사 소리나무미디어 Method of certifing secret number
KR100982199B1 (en) * 2007-12-26 2010-09-14 (주)씽크에이티 Method for Key Information Security on Online

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112632572A (en) * 2020-12-04 2021-04-09 中国农业银行股份有限公司深圳市分行 Method, device and storage medium for encrypting and decrypting commands in script

Also Published As

Publication number Publication date
KR101832815B1 (en) 2018-02-27

Similar Documents

Publication Publication Date Title
US10565357B2 (en) Method for securely transmitting a secret data to a user of a terminal
US20210320910A1 (en) Encryption and decryption techniques using shuffle function
US9258296B2 (en) System and method for generating a strong multi factor personalized server key from a simple user password
US20160104154A1 (en) Securing host card emulation credentials
Nyang et al. Keylogging-resistant visual authentication protocols
CN107733656A (en) A kind of cipher authentication method and device
US20160127134A1 (en) User authentication system and method
CN103905188B (en) Utilize the method and intelligent cipher key equipment of intelligent cipher key equipment generation dynamic password
US20160253510A1 (en) Method for security authentication and apparatus therefor
CN105187382A (en) Multi-factor identity authentication method for preventing library collision attacks
KR101754017B1 (en) Method and server for improving security of password authentication by double mapping
CN111047305A (en) Private key storage and mnemonic method for encrypted digital currency wallet based on digital watermarking technology
US20100005519A1 (en) System and method for authenticating one-time virtual secret information
ES2758706T3 (en) Methods and systems for the secure transmission of identification information through public networks
US20190258829A1 (en) Securely performing a sensitive operation using a non-secure terminal
KR101749304B1 (en) Method and server for improving security of password authentication
KR101832815B1 (en) Method and server for improving security of password authentication by real-time mapping
EP3319067B1 (en) Method for authenticating a user by means of a non-secure terminal
EP3319001A1 (en) Method for securely transmitting a secret data to a user of a terminal
EP3319000A1 (en) Method for securing a transaction performed from a non-secure terminal
KR101271464B1 (en) Method for coding private key in dual certificate system
KR101808313B1 (en) Method of encrypting data
KR101146509B1 (en) Internet banking transaction system and the method that use maintenance of public security card to be mobile
CA2904646A1 (en) Secure authentication using dynamic passcode
KR100828558B1 (en) The financial system and the method which create a variable height arrangement

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
AMND Amendment
E601 Decision to refuse application
AMND Amendment
X701 Decision to grant (after re-examination)
GRNT Written decision to grant