KR20190003029A - Authentication apparatus based on location password based on geo-fencing and system thereof - Google Patents
Authentication apparatus based on location password based on geo-fencing and system thereof Download PDFInfo
- Publication number
- KR20190003029A KR20190003029A KR1020170083458A KR20170083458A KR20190003029A KR 20190003029 A KR20190003029 A KR 20190003029A KR 1020170083458 A KR1020170083458 A KR 1020170083458A KR 20170083458 A KR20170083458 A KR 20170083458A KR 20190003029 A KR20190003029 A KR 20190003029A
- Authority
- KR
- South Korea
- Prior art keywords
- authentication
- password
- geofence
- virtual zone
- location
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0872—Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/021—Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W64/00—Locating users or terminals or network equipment for network management purposes, e.g. mobility management
Abstract
The location context based encryption apparatus according to an embodiment of the present invention may include a memory for storing a geofence entry state using information about a geofence composed of at least one virtual zone and a processor electrically connected to the memory Wherein the processor is configured to: (a) update the geofence entry state based on a current location situation; and (b) if the geofence entry state is confirmed to be an entry, And generating a virtual zone based authentication password based on the request of the user terminal by determining one of the virtual zones.
Description
The present invention relates to an authentication technique, and more particularly, to a location-based password authentication device capable of generating an authentication password based on location information of a user continuously changing in terms of time and space to be used in a user authentication process of various wired and / And a password authentication system including the same.
Security authentication technologies are widely used for user authentication in the provision of specific services requiring security. Among them, there are public authentication certificates, security cards, and OTP as secondary authentication technologies that are mainly used. However, duplication and leakage are increasing every year, and high-level hacking techniques for disabling authentication schemes such as memory hacking are emerging, and development of security authentication technology that provides user convenience while enhancing security is required.
Korean Patent Laid-Open Publication No. 10-2005-0118457 (Dec. 19, 2005) relates to a user location authentication system and a control method thereof, and it relates to a user location authentication system and a control method thereof, in which user identification information capable of identifying a user from a specific user is acquired, A plurality of terminals configured to transmit authentication basic data using geographical location information and time information at this time; And, after comparing the user identification information and pre-registered user reference identification information among the authentication basic data transmitted from each terminal, user location authentication is performed, and the user location authentication result is given to the authentication basic data, And a user location authentication server for storing and storing the location information.
Korean Patent Registration No. 10-1703357 (Jan. 31, 2017) discloses a system and method for authenticating an actual location of a terminal, and is provided with an IP address pool managed by a location authentication apparatus and a location information Storing in a location information database (DB) and managing the location information; The location authentication apparatus searches for an IP address pool and location information stored in the location information database (DB) by using the IP address and the location information received from the application service server in the actual location authentication request of the terminal step; And a location authentication step in which the location authentication apparatus authenticates the actual location of the terminal according to the search result, and transmits the authentication result and the distance information to the application service server.
One embodiment of the present invention is a location-based password authentication device capable of generating an authentication password based on location information of a user continuously changing in time and space dimensions and being used in a user authentication process of various wired and wireless services, System.
One embodiment of the present invention provides a location-based password authentication apparatus that can be used as a secure user authentication means in various wired and wireless and offline services by enhancing security against hacking through a virtual zone-based authentication password and a password authentication system including the same .
In embodiments, the location based password authentication apparatus includes a processor that stores a geofence entry state indicating whether to enter a geofence composed of at least one virtual zone, and a processor that is electrically coupled to the memory, comprising the steps of: a) updating the geofence entry state based on a current location situation; and b) determining one of the at least one virtual zone based on the current location situation if the geofence entry state is confirmed as entering And generating a virtual zone based authentication password.
The step (a) may include determining the current location status based on the base station identifier received from the base station.
In the step (a), when the number of the received base station identifiers is plural, the step (a) may further comprise determining the current positional state with a base station identifier received for a longest time in a recent time interval.
The step (a) may include determining the current location status based on an SSID (Service Set Identifier) received from the wireless access point.
The step (b) may include analyzing a network area identified through the received SSID to determine one of the at least one virtual zone.
The step (a) may include the step of determining the current positional state based on the GPS information received from the GPS (Global Positioning System).
Wherein the step (b) comprises the step of determining whether the radar coordinate detected from the received GPS information is included in a predetermined set of radar coordinate sets constituting the at least one virtual zone to determine the one .
The step (b) may include generating an adjacent virtual zone authentication password by identifying an adjacent virtual zone if the authentication of the password fails with the authentication password generated through the determined virtual zone.
The location-based password authentication apparatus may further include a step of checking the geofence entry state periodically or according to the occurrence of a specific event, between the step (a) and the step (b).
The location-based password authentication apparatus further includes a step of configuring the geofence based on at least one of the base station identifier of the base station, the SSID of the wireless access point, and the GPS information of the user terminal, which is performed before step (a) .
The step of constructing the geophone includes constructing each of the at least one virtual zone for a corresponding band in a case of a plurality of band cells based on the base station identifier and accumulating the GPS information for each virtual zone so as to minimize the influence of cell coverage change, And constructing the geophone by combining the coverage for each band.
The location-based password authentication apparatus may further include a step of providing a different base code to each of the at least one virtual zone, which is performed before the step (a).
The providing of the base code may include providing a push-pull basis code providing step of providing a base code corresponding to the virtual zone to the user terminal by confirming the geofence entry state at the request of the user terminal . ≪ / RTI >
The step of providing the base code may include providing a base broadcasting code of a cell broadcasting method in cooperation with the mobile broadcasting company cell broadcasting server to provide different base codes corresponding to each of the at least one virtual zone can do.
The step (b) includes generating the virtual zone-based authentication password as a password reflecting the spatio-temporal information by using the base code and the current time corresponding to the determined virtual zone as the authentication password seed of the authentication password generation algorithm .
The location-based password authentication device may be performed before step (a), and may further include performing an integrity check on the geofence of the user periodically or in response to the occurrence of a specific event.
Among the embodiments, the location-based password authentication system includes a mobile broadcasting company cell broadcasting server for transmitting data to a user terminal through a cell broadcasting method, a mobile communication company location information server for confirming the location of the user terminal, And a location-based password authentication device for performing a corresponding password authentication in cooperation with the cell broadcasting server and the mobile communication company location information server when a password authentication request associated with the user terminal is received, wherein the location- A geofence entry state update unit for updating a geofence entry state indicating whether or not entry into a geofence composed of at least one virtual zone is based on a location situation; Wherein one of said at least one virtual zone Determined comprises a generator for generating an authentication password for the authentication password for the virtual zone-based.
The disclosed technique may have the following effects. It is to be understood, however, that the scope of the disclosed technology is not to be construed as limited thereby, as it is not meant to imply that a particular embodiment should include all of the following effects or only the following effects.
The location-based password authentication apparatus and the password authentication system including the same according to an embodiment of the present invention generate an authentication password based on the location information of the user continuously changing in time and space, Can be used.
The location-based password authentication device and the password authentication system including the same according to an embodiment of the present invention can enhance security for hacking by using a virtual zone-based authentication password and can be used as a secure user authentication means in various wired and wireless services have.
1 is a view for explaining a location-based password authentication system according to an embodiment of the present invention.
2 is a block diagram illustrating the location-based password authentication apparatus of FIG.
Figure 3 is a block diagram illustrating the functional elements of the processor in Figure 2;
4 is a flow diagram illustrating a location based password authentication procedure performed by the processor of FIG.
5 is a diagram showing an embodiment of the location-based password authentication system shown in FIG.
FIG. 6 is a flowchart illustrating an example of a process of performing a password authentication by the location-based password authentication apparatus of FIG.
FIG. 7 is a view for explaining an embodiment of a process of constructing a geofence by the location-based password authentication apparatus shown in FIG.
8 is a view for explaining an embodiment of a process of performing a secondary authentication by identifying an adjacent virtual zone when password authentication fails in the process of performing the password authentication in the location-based password authentication apparatus of FIG.
9 is a view for explaining an embodiment of a process in which the user terminal of FIG. 1 generates an authentication password through a location-based authentication agent installed in the user terminal.
The description of the present invention is merely an example for structural or functional explanation, and the scope of the present invention should not be construed as being limited by the embodiments described in the text. That is, the embodiments are to be construed as being variously embodied and having various forms, so that the scope of the present invention should be understood to include equivalents capable of realizing technical ideas. Also, the purpose or effect of the present invention should not be construed as limiting the scope of the present invention, since it does not mean that a specific embodiment should include all or only such effect.
Meanwhile, the meaning of the terms described in the present application should be understood as follows.
The terms "first "," second ", and the like are intended to distinguish one element from another, and the scope of the right should not be limited by these terms. For example, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.
It is to be understood that when an element is referred to as being "connected" to another element, it may be directly connected to the other element, but there may be other elements in between. On the other hand, when an element is referred to as being "directly connected" to another element, it should be understood that there are no other elements in between. On the other hand, other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.
It is to be understood that the singular " include " or "have" are to be construed as including the stated feature, number, step, operation, It is to be understood that the combination is intended to specify that it does not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.
In each step, the identification code (e.g., a, b, c, etc.) is used for convenience of explanation, the identification code does not describe the order of each step, Unless otherwise stated, it may occur differently from the stated order. That is, each step may occur in the same order as described, may be performed substantially concurrently, or may be performed in reverse order.
The present invention can be embodied as computer-readable code on a computer-readable recording medium, and the computer-readable recording medium includes all kinds of recording devices for storing data that can be read by a computer system . Examples of the computer-readable recording medium include ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage, and the like. In addition, the computer-readable recording medium may be distributed over network-connected computer systems so that computer readable codes can be stored and executed in a distributed manner.
All terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. Commonly used predefined terms should be interpreted to be consistent with the meanings in the context of the related art and can not be interpreted as having ideal or overly formal meaning unless explicitly defined in the present application.
1 is a view for explaining a location-based password authentication system according to an embodiment of the present invention.
1, the location-based
The location-based
The
The
The mobile broadcasting company
The mobile communication company
In one embodiment, the location-based
2 is a block diagram illustrating the location-based password authentication apparatus of FIG.
2, the location-based
The
The
The
The user input /
The network input /
Figure 3 is a block diagram illustrating the functional elements of the processor in Figure 2;
3, the
The
In one embodiment, the
In another embodiment, the
In another embodiment, the
In one embodiment, the
In one embodiment, the
In one embodiment, the
In one embodiment, the
The geofence entry
In one embodiment, the geofence entry
In the above embodiment, the geofence entry
In another embodiment, the geofence entry
In one embodiment, the geofence entry
The authentication
In the first embodiment, the authentication
In the second embodiment, the authentication-
In one embodiment, the authentication
In one embodiment, when a specific period associated with the base code update is set by the
In one embodiment, the authentication
[Equation 1]
(Here, h avg shall recent disclosure of personal information corresponding to the detected cumulative number of targets of users during a specific time interval and, h t corresponds to the disclosure of personal information detected based on the number of times specified by the designer, t 0 is the designer Or a default period value that can be set by the user)
When the geofence entry state is confirmed to be entered, the authentication
The authentication-
In one embodiment, the
In another embodiment, the authentication
In one embodiment, when the authentication of the password fails with the authentication password generated through the determined one virtual zone, the authentication-
The password
The
Based on the functional elements of the
4 is a flow diagram illustrating a location based password authentication procedure performed by the processor of FIG.
4, the
The geofence entry
If the geofence entry state is confirmed to be entered, the authentication
The password
In one embodiment, the
5 is a diagram showing an embodiment of the location-based password authentication system shown in FIG.
1 to 5, the
In one embodiment, the
In one embodiment, the
In one embodiment, the
FIG. 6 is a flowchart illustrating an example of a process of performing a password authentication by the location-based password authentication apparatus of FIG.
6, the
The location-based
The
When a user performs a specific transaction requiring security on / off-line, such as financial transaction or important information storage, the
When the
The
The location-based
FIG. 7 is a view for explaining an embodiment of a process of constructing a geofence by the location-based password authentication apparatus shown in FIG. More specifically, FIG. 7A shows an embodiment in which the location-based
In FIG. 7A, the
In one embodiment, the
7B, the
8 is a view for explaining an embodiment of a process of performing a secondary authentication by identifying an adjacent virtual zone when password authentication fails in the process of performing the password authentication in the location-based password authentication apparatus of FIG.
8, when the password authentication fails with the authentication password generated through the determined one virtual zone, the authentication
In one embodiment, the encryption
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as set forth in the following claims And changes may be made without departing from the spirit and scope of the invention.
100: Location-based password authentication system
110: Location-based password authentication device
120: user terminal 130: application server
140: Carrier Cell Broadcasting Server
150: Carrier location information server
210: processor 220: memory
230: user input / output unit 240: network input / output unit
310: Geofence management unit 320: Geofence entry state update unit
330: authentication password generation unit 340:
350:
510: geofencing server 520: LFin gateway server
530: LFin Authentication Server
Claims (17)
And a processor electrically coupled to the memory,
The processor
(a) updating the geofence entry state based on a current location situation; And
(b) generating a virtual zone based authentication password by determining one of the at least one virtual zone based on the current location situation if the geofence entry state is confirmed as entering, .
And determining the current location status based on the base station identifier received from the base station.
If the number of the received base station identifiers is more than two, determining the current location state with a base station identifier received for a longest time in a recent time interval.
And determining the current location situation based on an SSID (Service Set Identifier) received from the wireless access point.
And analyzing the network area identified through the received SSID to determine one of the at least one virtual zone.
And determining the current location situation based on GPS information received from a GPS (Global Positioning System).
Determining whether the radar coordinate detected from the received GPS information is included in a predefined radar coordinate set of the at least one virtual zone to determine the one; Password authentication device.
And generating an adjacent virtual zone authentication password by identifying an adjacent virtual zone if password authentication fails with the authentication password generated through the determined one virtual zone.
The method of claim 1, further comprising the step of: checking the geofence entry state periodically or in response to occurrence of a specific event, between the step (a) and the step (b).
Further comprising the step of configuring the geofence based on at least one of the base station identifier of the base station, the SSID of the wireless access point, and the GPS information of the user terminal, performed before the step (a) Authentication device.
The method comprising the steps of: accumulating the GPS information for each virtual zone so as to minimize the influence of the cell coverage change, Further comprising the step of constructing a fence.
The method of claim 1, further comprising: providing a different base code for each of the at least one virtual zone, performed prior to step (a).
And a push-pull basis code providing step of confirming the geofence entrance state according to a request of the user terminal and providing a base code corresponding to the virtual zone to the user terminal. Based password authentication device.
And a base-code providing step of providing a different base code corresponding to each of the at least one virtual zone in cooperation with the mobile broadcasting company cell broadcasting server, Authentication device.
Using the base code and the current time corresponding to the determined virtual zone as the authentication cryptosystem of the authentication cryptographic algorithm to generate the virtual zone based authentication cryptosystem as a cryptography reflecting the spatiotemporal information, Password authentication device.
The method of claim 1, further comprising performing an integrity check on the geofence of the user according to the occurrence of the specific event periodically or before the step (a).
A mobile communication company location information server for confirming the location of the user terminal; And
And a location-based password authentication device for performing a corresponding password authentication in cooperation with the cell broadcasting server and the mobile communication company location information server when a password authentication request associated with the user terminal is received,
The location-based password authentication device
A geofence entry state updating unit for updating a geofence entry state indicating whether or not to enter a geofence composed of at least one virtual zone based on a current location situation; And
And an authentication password generator for generating a virtual zone based authentication password by determining one of the at least one virtual zone based on the current location status when the entry state of the geofence is confirmed as entering.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020170083458A KR102004703B1 (en) | 2017-06-30 | 2017-06-30 | Location-based authentication apparatus and system using geofencing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020170083458A KR102004703B1 (en) | 2017-06-30 | 2017-06-30 | Location-based authentication apparatus and system using geofencing |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20190003029A true KR20190003029A (en) | 2019-01-09 |
KR102004703B1 KR102004703B1 (en) | 2019-10-01 |
Family
ID=65017394
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020170083458A KR102004703B1 (en) | 2017-06-30 | 2017-06-30 | Location-based authentication apparatus and system using geofencing |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR102004703B1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116033344A (en) * | 2022-06-13 | 2023-04-28 | 荣耀终端有限公司 | Geofence determination method, equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20050118457A (en) | 2004-06-14 | 2005-12-19 | 안순현 | System for certification of location of user |
KR20130097706A (en) * | 2010-06-15 | 2013-09-03 | 더 유럽피안 유니언, 레프레젠티드 바이 더 유럽피안 커미션 | Method of providing an authenticable time-and-location indication |
KR20150048227A (en) * | 2012-08-30 | 2015-05-06 | 이베이 인크. | Systems and methods for configuring mobile device applications based on location |
JP2015513838A (en) * | 2012-02-22 | 2015-05-14 | クゥアルコム・インコーポレイテッドQualcomm Incorporated | Positioning a wireless identity transmitter using short-range wireless broadcast |
KR101703357B1 (en) | 2010-12-14 | 2017-02-22 | 주식회사 케이티 | System and method for authenticating real-location of terminal |
-
2017
- 2017-06-30 KR KR1020170083458A patent/KR102004703B1/en active IP Right Grant
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20050118457A (en) | 2004-06-14 | 2005-12-19 | 안순현 | System for certification of location of user |
KR20130097706A (en) * | 2010-06-15 | 2013-09-03 | 더 유럽피안 유니언, 레프레젠티드 바이 더 유럽피안 커미션 | Method of providing an authenticable time-and-location indication |
KR101703357B1 (en) | 2010-12-14 | 2017-02-22 | 주식회사 케이티 | System and method for authenticating real-location of terminal |
JP2015513838A (en) * | 2012-02-22 | 2015-05-14 | クゥアルコム・インコーポレイテッドQualcomm Incorporated | Positioning a wireless identity transmitter using short-range wireless broadcast |
KR20150048227A (en) * | 2012-08-30 | 2015-05-06 | 이베이 인크. | Systems and methods for configuring mobile device applications based on location |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116033344A (en) * | 2022-06-13 | 2023-04-28 | 荣耀终端有限公司 | Geofence determination method, equipment and storage medium |
CN116033344B (en) * | 2022-06-13 | 2023-09-26 | 荣耀终端有限公司 | Geofence determination method, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
KR102004703B1 (en) | 2019-10-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11397903B2 (en) | Short-range device communications for secured resource access | |
US11347833B2 (en) | Method and apparatus for optimized access of security credentials via mobile edge-computing systems | |
US9898881B2 (en) | Short-range device communications for secured resource access | |
US10382946B1 (en) | Providing a service with location-based authorization | |
CN102104869B (en) | Secure subscriber identity module service | |
CN1332281C (en) | Global positioning system (gps) based secure access | |
US20170085575A1 (en) | Systems and methods for determining location over a network | |
US9386005B2 (en) | Method and system for data communication over network | |
KR101727414B1 (en) | Communication cotrol device, authentication device, central control device and communication system | |
US20110202460A1 (en) | Method and system for authorizing transactions based on relative location of devices | |
US20220029813A1 (en) | Communication network node, methods, and a mobile terminal | |
CN103797858A (en) | A system and a method for registering network information strings | |
CN101668293A (en) | Control method and system of network access authority in WLAN | |
US10311423B2 (en) | System and method for transaction approval based on confirmation of proximity of mobile subscriber device to a particular location | |
CN103475998A (en) | Wireless network service providing method and system | |
CN111092820B (en) | Equipment node authentication method, device and system | |
JP2011503925A (en) | System and method for wireless network selection based on attributes stored in a network database | |
GB2393073A (en) | Certification scheme for hotspot services | |
JP2012531111A (en) | System and method for locating via a network | |
US10820265B2 (en) | IoT device connectivity provisioning | |
KR20190003029A (en) | Authentication apparatus based on location password based on geo-fencing and system thereof | |
KR101104066B1 (en) | Authentication system and method for wireless fidelity connection authentication | |
US8948745B2 (en) | Rogue tower detection in a wireless network | |
KR20090056322A (en) | Method for selective access control of wibro using uicc and wibro system therefor | |
JP2005332240A (en) | Method, server and system for authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |