KR20190036741A - Service providing system and method for security supporting multi-channel authentication with user equipment, and non-transitory computer readable medium having computer program recorded thereon - Google Patents

Abstract

The present invention relates to a security service providing system to support multiple channel authentication with a user terminal, a method thereof, and a nonvolatile recording medium with a computer program recorded therein and, more specifically, to: a security service providing system for supporting multiple channel authentication with one user terminal and a method thereof, which improve security by providing one time authentication information for a user terminal, supporting a communication through different channels, through a first channel, receiving one time authentication information from the user terminal through a second channel, and supporting the source of a text message inducing an input of one time authentication information to be authenticated by a user in authentication through multiple channels for authenticating the user; and a nonvolatile recording medium with a computer program recorded therein. The present invention has an effect of greatly improving security in an authentication process by: preventing authentication information for the authentication of a user from being stolen in a transmission process through mutual authentication between a service provider and the service user by supporting the authentication of the user for a server which requests authentication as well as authentication using a plurality of different channels for the user in the server providing a specific service; and preventing a hacker from inducing a user to manipulate a source by supporting an authentication process using a special key difficult to perform MO and MT service-based falsification and modulation in a server.

Description

[0001] The present invention relates to a security service providing system and method for supporting multi-channel authentication with a user terminal, and a non-volatile recording medium in which a computer program is recorded medium having computer program recorded thereon}

The present invention relates to a security service providing system and method for supporting multi-channel authentication with a user terminal, and a nonvolatile recording medium on which a computer program is recorded, and more particularly, to a user terminal supporting communication via different channels A source of a text message for providing one-time authentication information through the first channel and for receiving one-time authentication information from a user terminal through a second channel and for inputting one-time authentication information upon authentication over a plurality of channels for authenticating a user, The present invention relates to a security service providing system and method for supporting multi-channel authentication with a user terminal so as to enhance security, and a nonvolatile recording medium on which a computer program is recorded.

Currently, various security services for user authentication are inevitably installed and serviced in various services such as web services and application-based services. In addition to the development of hacking technologies, various authentication methods for improving the vulnerability of such security services have appeared have.

Accordingly, a user authentication method using two-channel authentication has been developed by improving the security problem caused by the existing single-channel authentication, in which information is easily captured only by one-time hacking. It is intended to lower the risk of hacking by performing authentication.

When two channels are used, the security is higher than when a single channel is used. However, since the hacking technique has recently become more sophisticated and intelligent, the reliability of the authentication method has been lowered.

In particular, the existing two-channel authentication method relies solely on the authentication process provided by the user through the authentication service and performs authentication without any verification by the user during the authentication process, so that the hacker intervenes in the middle of the authentication process, When the user is guided to transmit security information to the contact, there is a problem that the security information of the user is easily caught by the hacker because no verification of the user about the origin is performed.

Korean Patent Laid-Open No. 10-2000-0017997 [Title of the invention: System and method for user authentication for internet electronic commerce using wireless communication terminal]

The present invention relates to a system and method for supporting a user to authenticate a server requesting authentication in addition to authentication using a plurality of different channels for a user in a server providing a specific service, It is an object of the present invention to prevent authentication information for authentication from being stolen in a transmission process, and to prevent a hacker from manipulating a source to induce a user, thereby enhancing security for multiple channel authentication.

It is another object of the present invention to provide a security service that can enhance security without increasing the number of operations required by a user in an existing multi-channel authentication process.

A method for providing a security service supporting multi-channel authentication with a user terminal of a security service providing system including a first server and a second server communicating with a user terminal according to an embodiment of the present invention through a different communication network, 1 server receives user identification information from the user terminal connected to the data network and transmits authentication request information including terminal information for the user terminal corresponding to the user identification information to the second server, Wherein the second server stores the randomly selected special number corresponding to the authentication request information in a predetermined special list corresponding to the authentication request information and matches the terminal information and generates authentication information corresponding to the authentication request information, To the first server together with special information for the first server The server transmits the special information and the authentication information to the user terminal and is displayed on the user terminal; and the second server transmits a text message for requesting the authentication information to the user terminal The authentication information included in the response message received from the user terminal is compared with the authentication information generated in advance in correspondence with the special number, and the authentication result information is transmitted to the first server And a step of performing an authentication process.

As an example related to the present invention, the authentication information may be OTP information.

In the authentication request step, the first server may generate the authentication request information upon user authentication based on the user identification information.

As a related example of the present invention, a method of providing a security service may include determining whether to allow a user terminal to access the first server according to the authentication result information when the first server receives the authentication result information after the authentication completion step The method comprising the steps of:

In one embodiment of the present invention, the first server is configured as a web server, and the second server is configured as an authentication server.

As an example related to the present invention, the special number is a preset number for receiving the response message through the MO service, and the text message is transmitted through the MT service.

In one embodiment of the present invention, the authentication step may include requesting, by the second server, the one or more digit codes selected from the authentication information including a plurality of digits through the text message, can do.

A security supporting a multi-channel authentication with a user terminal of a security service providing system including a first server and a second server communicating with a user terminal according to another embodiment of the present invention and a second server and an application unit configured in the user terminal The method comprising: receiving user identification information from the user terminal connected to the data network by the first server and transmitting authentication request information including terminal information corresponding to the user identification information to the second server; And the second server stores a randomly selected special number corresponding to the authentication request information in a predetermined special list in association with the terminal information, stores authentication information corresponding to the authentication request information, generates authentication information, To the first server together with the special information; Transmitting the special information and the authentication information to the application unit of the user terminal; displaying, by the application unit, the special information and the authentication information through the user terminal; And transmitting the text message to the user terminal. The method of claim 1, further comprising: transmitting a text message to the user terminal when the text message is received; Transmitting a response message including authentication information according to user input corresponding to the text message to the second server through the user terminal and transmitting the response message from the user terminal to the second server, And the authentication information included in the special information It is to may comprise a Certified transmitting the authentication result information to authenticate the user according to the match to the first server compares the authentication information generated in advance.

A computer-readable nonvolatile recording medium on which the program according to the embodiment of the present invention is recorded may be stored with a computer program for performing the method according to the above-described embodiment.

The security service providing system for supporting multi-channel authentication with a user terminal including a first server and a second server communicating with a user terminal according to an embodiment of the present invention through a communication network different from the user terminal includes: And transmits the authentication request information including the terminal information of the user terminal previously set corresponding to the user identification information to the second server, and transmits the authentication request information to the second server corresponding to the authentication request information, A first server for transmitting special information and authentication information received from the server to the user terminal and displaying the special information and the authentication information received from the server through the user terminal, and a server for matching the randomly selected special number with the terminal information in a predetermined special list corresponding to the authentication request information And stores the authentication information in association with the authentication request information And transmitting the text message to the first server along with the special information on the selected special number, transmitting a text message for requesting the special authentication information to the user terminal, And a second server for comparing the authentication information included in the response message with the authentication information stored in advance in association with the special number, and authenticating the user according to whether the authentication message matches the authentication information and transmitting the authentication result information to the first server.

The present invention relates to a system and method for supporting a user to authenticate a server requesting authentication in addition to authentication using a plurality of different channels for a user in a server providing a specific service, The authentication information for authentication is prevented from being hijacked in the transmission process, and at the same time, the server can support authentication process using a special protocol that is difficult to be falsified based on the MO and MT services, thereby preventing the hacker from manipulating the source and guiding the user , The security in the authentication process can be greatly improved.

In addition, the present invention is characterized in that a server has a special list for a plurality of different specials, and each time a user terminal accesses a server, a special number set in a calling number for a source of authentication information for user authentication Random selection of the authentication information, and at the same time, authentication information is transmitted through the MO service when the authentication information is received from the server, so that the hacker can not recognize the channel through which the authentication information is transmitted.

In addition, according to the present invention, a user who supports a plurality of channels including a data network and a mobile communication network receives a one-time authentication information transmitted from a server through a first channel, It is possible to automatically verify and authenticate at a user terminal about a source which induces input and reply of one-time authentication information through a special procedure which is difficult to be falsified in a two-channel authentication process in which the user transmits authentication information So that it is possible to enhance security without increasing the number of operations of a separate user, and also to enhance user convenience.

1 is a configuration diagram of a security service providing system for supporting multi-channel authentication with a user terminal according to an embodiment of the present invention;
2 is a diagram illustrating a user authentication process of a web server in a security service providing system supporting multi-channel authentication with a user terminal according to an embodiment of the present invention;
3 is a diagram illustrating an example of a user authentication process by interworking a web server and an authentication server in a security service providing system supporting multi-channel authentication with a user terminal according to an embodiment of the present invention.
4 is a view illustrating an authentication information transmission process according to an automatic verification of a source in a user terminal according to an embodiment of the present invention;
5 is a flowchart illustrating a method of providing a security service supporting multi-channel authentication with a user terminal according to an exemplary embodiment of the present invention.

It is noted that the technical terms used in the present invention are used only to describe specific embodiments and are not intended to limit the present invention. In addition, the technical terms used in the present invention should be construed in a sense generally understood by a person having ordinary skill in the art to which the present invention belongs, unless otherwise defined in the present invention, Should not be construed to mean, or be interpreted in an excessively reduced sense. In addition, when a technical term used in the present invention is an erroneous technical term that does not accurately express the concept of the present invention, it should be understood that technical terms that can be understood by a person skilled in the art can be properly understood. In addition, the general terms used in the present invention should be interpreted according to a predefined or prior context, and should not be construed as being excessively reduced.

Furthermore, the singular expressions used in the present invention include plural expressions unless the context clearly dictates otherwise. The term "comprising" or "comprising" or the like in the present invention should not be construed as necessarily including the various elements or steps described in the invention, Or may further include additional components or steps.

Furthermore, terms including ordinals such as first, second, etc. used in the present invention can be used to describe elements, but the elements should not be limited by terms. Terms are used only for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings, wherein like reference numerals refer to like or similar elements throughout the several views, and redundant description thereof will be omitted.

In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. It is to be noted that the accompanying drawings are only for the purpose of facilitating understanding of the present invention, and should not be construed as limiting the scope of the present invention with reference to the accompanying drawings.

When the user accesses the first server through the data network using the first terminal and logs in, the server generates the one-time authentication information and transmits the one-time authentication information to the first terminal. And a text message requesting one-time authentication information is received from a second terminal, which is different from the first terminal and is a different terminal possessed by the user, and transmits the one-time authentication information through the second terminal, And may have a multi-channel authentication configuration for authenticating a user by comparing the generated one-time authentication information with the one-time authentication information received from the second terminal.

However, recently, a user terminal 10 such as a smart phone supporting both a data network and a mobile communication network has appeared, thereby supporting a two-channel authentication configuration with a server in a single user terminal 10. [

Accordingly, the present invention performs the above-described two-channel authentication process of transmitting the one-time authentication information through the mobile communication network, which is the second channel, after receiving the one-time authentication information through the data network of the first channel in the single user terminal 10 When the user confirms the text message and inputs all or a part of the one-time authentication information on the screen configured in the user terminal 10 as the reply, the user transmits the entire or part of the one-time authentication information on the screen through the mobile communication network, And then authenticates the user and permits access to the server to which the user terminal 10 is connected only for the authenticated user, thereby providing various services provided by the server And can be configured to be available.

In this way, according to the present invention, the first channel is responsible for confirming the user's login information and delivering the one-time authentication information, the second channel revealing the authentication request subject through the MO service, receiving the one-time authentication information as a response And may be configured to perform authentication.

In other words, the risk of hacking can be reduced by changing the authentication subject that can be accessed through the first channel to the authentication subject existing in the second channel different from the first channel.

At this time, the first channel and the second channel are formed by different communication networks, and the risk of hacking can be reduced through the network separation.

However, if the hacker intervenes in the middle of the authentication process and requests the user to send the one-time authentication information to the hacker-designated source, the user who uses the authentication service continuously performs the authentication process so that the hacker intervenes abnormally The one-time authentication information is transmitted to the originating place designated by the hacker without confirming the originator, so that the hacker can take out the one-time authentication information of the user. Accordingly, the hacker can impersonate the user and access the web server 100 .

Accordingly, in the present invention, the two-channel authentication is performed by the same operation as the user operation required in the two-channel authentication process as described above, but the security can be further enhanced with a simple configuration without adding additional user operations.

To this end, in the present invention, a plurality of special numbers (special numbers or special numbers) (for example, # 1234) for using the MO and MT services are secured on the server side or one or more specials assigned to the server are further expanded by n (For example, # 123456 in the case of 2-digit extension), increase the number of special numbers that can be used, input one-time authentication information for each authentication for the user, and set the calling number to be returned to the corresponding special number, And transmits a randomly selected special number to the user terminal 10 through the data network and displays the text message. The user terminal 10 transmits a text message requesting the special one-time authentication information through the mobile communication network And transmits the text message received through the MO service of the mobile communication network to the special message received through the data network (Or verification) based on a comparison between the origination numbers of outgoing call origination parties is made known to the user, so that it is possible to confirm in advance a case in which the user inputs a one-time authentication information from a telephone number other than the normal call origin, It is possible to prevent leakage of one-time authentication information in advance.

BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a block diagram of a security service providing system for supporting multi-channel authentication with a user terminal 10 according to an embodiment of the present invention, As shown, may include a first server 100 and a second server 200 that communicate with the user terminal 10 through a plurality of different communication networks.

At this time, the first server 100 and the second server 200 can communicate with each other through a communication network, and can communicate with each other through a wired connection.

It goes without saying that any one of the first server 100 and the second server 200 may be included in the other.

In addition, a security service providing system supporting multiple channel authentication with the user terminal 10 may be implemented by a greater number of components than the components shown in FIG. 1, and the user terminal 10 and A security service providing system supporting multi-channel authentication of a plurality of channels may be implemented.

The user terminal 10 described in the present invention may be a smart phone, a portable terminal, a mobile terminal, a personal digital assistant (PDA), or the like, which supports both communication using a data network and communication using a mobile communication network A personal digital assistant (PDA), a portable multimedia player (PMP) terminal, a telematics terminal, a navigation terminal, a slate PC, a tablet PC, a wearable device, For example, various terminals such as a smartwatch, a smart glass, and a head mounted display (HMD), a flexible terminal, and the like can be applied.

The communication network described in the present invention may include a wired / wireless communication network. Examples of the wireless communication network include a wireless LAN (WLAN), a digital living network alliance (DLNA), a wireless broadband (Wibro) (WIMAX), Global System for Mobile communication (GSM), Code Division Multi Access (CDMA), Code Division Multi Access 2000 (CDMA2000), Enhanced Voice-Data Optimized or Enhanced Voice- Data Only), WCDMA (Wideband CDMA), HSDPA (High Speed Downlink Packet Access), HSUPA (High Speed Uplink Packet Access), IEEE 802.16, Long Term Evolution (LTE) Advanced, Wideband Wireless Mobile Broadband Service (WMBS), Bluetooth, Radio Frequency Identification (RFID), Infrared Data Association (IrDA), Ultra Wideband (UWB), ZigBee, Near Field Communication (NFC), second (UC), Visible Light Communication (VLC), Wi-Fi, and Wi-Fi Direct. The wired communication network may be a wired LAN, a wired WAN, a power line communication (PLC), a USB communication, an Ethernet, a serial communication, Cables and the like.

As described above, the user terminal 10 supports both communication via the data network and the mobile communication network, and includes a wired LAN, a wired wide area network (WAN), a power line communication (PLC) , USB communication, Ethernet, serial communication, optical / coaxial cable communication, wireless LAN (WLAN), DLNA (Digital Living Network Alliance), Wireless Broadband (Wibro), WiMAX And may be configured to communicate with the first server 100 via wired and wireless data networks such as Interoperability for Microwave Access (WIMAX), Wi-Fi, Wi-Fi Direct, and the like.

In addition, the user terminal 10 may be a GSM (Global System for Mobile communication), a Code Division Multi Access (CDMA), a Code Division Multi Access 2000 (CDMA2000), an Enhanced Voice-Data Optimized or Enhanced Voice- WCDMA, HSDPA, HSUPA, IEEE 802.16, Long Term Evolution (LTE), Long Term Evolution-Advanced (LTE) And may communicate with the second server 200 through a mobile communication network such as a wireless mobile broadband service (WMBS).

According to the above-described configuration, the present invention is configured such that the first and second servers 100 and 200 communicate with each other through a communication network of a different type from the user terminal 10 held by the user, (Or channel dispersion).

The first server 100 may be configured as a web server 100 for providing a web service and a plurality of web servers 100 registered through a web site provided by the web server 100 And member DB 101 in which different user-specific member information is stored.

The member information may include the user's name, contact information, address, terminal information for the user terminal 10, and login information (e.g., member ID and password (password)). At this time, the terminal information may include an MDN (Mobile Directory Number), a mobile IP, a mobile MAC, a SIM (subscriber identity module) card unique information, a serial number, and the like.

In addition, some of the information stored in the member information may be set as user identification information, and the user identification information may be used as information for user authentication in at least one of the first server 100 and the second server 200 have.

In addition, the second server 200 accesses the first server 100 in order to use the web service provided by the first server 100 and transmits the user identification information to the normal server 100, And an authentication server 200 for authenticating whether or not the authentication is performed.

Also, the first server 100 and the second server 200 may be implemented in the form of a web server, a database server, a proxy server, or the like. In addition, the first server 100 and the second server 200 may be provided with at least one of a network load balancing mechanism, various software for allowing the server to operate on the Internet or another network, System. The network may also be an http network, a private line, an intranet or any other network. Furthermore, the connection between the first server 100 and the second server 200 and the user terminal 10 can be connected to the secure network so that the data is not attacked by any hacker or other third party. In addition, the first server 100 and the second server 200 may include a plurality of database servers, which may be connected to the first server 100 through any type of network connection, including a distributed database server architecture. And the second server 200 may be separately connected.

Based on the above-described configuration, the first server 100 can receive the user identification information from the user terminal 10 connected to the first server 100 through the data network.

At this time, the first server 100 may store data related to a web site for providing a web service, and the web site may be composed of a plurality of web pages.

The plurality of web pages may include a landing page, a login related web page, a product page for each product, a payment page, a purchase management page related to a purchase history, a content providing page for providing various contents, and the like.

Accordingly, the user terminal 10 can access the web site provided by the first server 100, receive the web page included in the corresponding web site, and receive the web page based on the user input through the received web page User identification information may be generated and transmitted to the first server 100 through the data network.

At this time, the user terminal 10 may transmit the corresponding user identification information as log-in information.

The first server 100 compares the user identification information according to the member information stored in the member DB 101 and the user identification information received from the user terminal 10 upon receiving the user identification information, You can authenticate.

At this time, when the first server 100 authenticates the user only with the user identification information, when the user identification information is hacked, the user is easily impersonated to use the web service, and there is a risk that the user's personal information is leaked do.

Accordingly, even if the user authentication is successfully performed on the basis of the user identification information, the first server 100 maintains a state of blocking access to other web pages configured on web sites other than the currently accessed web page, The connection state of the user terminal 10 can be set to a standby state in which the user terminal 10 is kept in a blocked state so as not to log in to the user-related account registered in advance in the first server 100.

In addition, when the user authentication of the user terminal 10 is completed, the first server 100 accesses the first server 100 and transmits the user identification information to the first server 100, (Or membership information) to allow access to the first server 100 only to the normal user having the login authority, and to block the connection of the abnormal user who masquerades as the user by seizing the user identification information of the user It is possible to communicate with the second server 200 and authenticate the user connected through the user terminal 10 through another channel different from the data network.

To this end, the first server 100 includes terminal information for the user terminal 10 set in advance in the user-related member information of the member DB 101 corresponding to the user identification information upon completion of user authentication based on the user identification information And transmits the generated authentication request information to the second server 200.

At this time, the first server 100 may generate authentication request information only when the user is authenticated by comparing the user identification information with the preset user's membership information.

On the other hand, the second server 200 extracts the terminal information included in the corresponding authentication request information upon receipt of the authentication request information, extracts the terminal information of the user from among a plurality of different specials included in the preset list for MO (Mobile Originated) A random number can be selected for use in authentication.

In this case, the MO (Mobile Originated) service described in the present invention is a service for relaying a text message transmitted from the user terminal 10 to be transmitted to the second server 200, and a special number is used for using the corresponding MO service The second server 200 can receive a text message transmitted from the user's terminal when the text message is transmitted from the user's terminal.

Also, the second server 200 can transmit a text message to the user terminal 10 through the MT service, which is a concept opposite to the MO service.

That is, there are MO (Mobile Originated) and MT (Mobile Terminated) in the text message transmission mode, MO denotes a text message generated from the user terminal, and MT denotes a text message generated in the server.

In addition, a service transmitted from a mobile communication terminal to a server is referred to as an MO service in transmitting / receiving a message between a user's mobile communication terminal and a server, and conversely, a service transmitted from a server to a mobile communication terminal is referred to as an MT service.

In this MO service, in order to transmit a message from a mobile communication terminal to a specific server, a special number (referred to as "special" in the present invention) When a user transmits a message to a mobile communication terminal, the receiver relays the message to a server corresponding to the specified special number when the receiver transmits the message with a special number assigned to the specific server.

Also, although the MO and MT services are provided based on the mobile communication network provided by the mobile communication company, the relay service server for the separate MO and MT services exists in the mobile communication network and relays the corresponding SMS messages based on the MO and MT services .

Accordingly, the second server 200 may previously set a special list including a plurality of different specials in the second server 200 in order to receive a text message from the user terminal 10 through the MO service.

At this time, the mobile communication company can provide the MO and MT services by setting a plurality of different specials corresponding to the second server 200, and the second server 200 can receive MO and MT services allocated from the MO service provider (or mobile communication company) A special list including a plurality of different specials is generated by extending a predetermined number of special digits of a predetermined number of digits by a predetermined number of digits, and then set in a relay service server or a mobile communication company server of the corresponding MO service provider, Different specials are available for MT and MO services. For example, if the second server 200 is assigned # 1234 as a special number, the special number of the special number is extended by 2 digits to generate a special list including a plurality of different special numbers such as # 123411 and # 123412, The special list can be registered in the service server of the MO service provider and the special number of the corresponding special list can be used for the MO and MT services.

Meanwhile, the second server 200 may generate the one-time authentication information in response to the authentication request information upon receiving the authentication request information, and may transmit the one-time authentication information and the special information about the selected special number corresponding to the authentication request information in the special list To the first server 100 in correspondence with the authentication request information received from the first server 100.

Also, the first server 100 may transmit the one-time authentication information and the special information received in response to the authentication request information from the second server 200 to the user terminal 10 through the data network.

Accordingly, the user terminal 10 can display the one-time authentication information and the special information received via the data network so that the user can confirm the one-time authentication information and the special information.

Meanwhile, the second server 200 may store the generated one-time authentication information corresponding to the special request information corresponding to the selected special number and the authentication request information corresponding to the authentication request information with the terminal information included in the authentication request information, The second server 200 may include a separate authentication DB 102 to store and store special (or special information), one-time authentication information, and terminal information in the corresponding authentication DB 102. [

In addition, the second server 200 generates a text message for requesting the one-time authentication information by using the selected special number corresponding to the authentication request information as the calling number of the calling party, and then, matching the selected special number corresponding to the authentication request information And transmit the corresponding text message to the user terminal 10 based on the stored terminal information on the basis of the MT service through the mobile communication network.

Accordingly, the user terminal 10 displays the corresponding text message upon reception of the text message, and the user of the user terminal 10 transmits the special message (originating number) corresponding to the source of the text message and the special information And the originating party can be authenticated according to whether or not they match.

Upon completion of the confirmation of the user's origin, the user terminal 10 generates a response message including the one-time authentication information displayed on the user terminal 10 in response to the corresponding text message on the basis of the user's input, , And can transmit a response message to the second server 200 through the MO service.

Accordingly, when receiving the response message from the user terminal 10, the second server 200 compares the one-time authentication information included in the corresponding response message with the one-time authentication information stored in advance matching the terminal information of the user terminal 10 And the authentication result information can be generated according to the match.

For example, when the one-time authentication information of the response message and the previously stored one-time authentication information match each other, the second server 200 determines that the authentication is successful, generates the authentication result information about the authentication success, The authentication result information for the authentication failure can be generated when the information and the previously stored one-time authentication information are mutually inconsistent.

The second server 200 may transmit the authentication result information to the first server 100. When the first server 100 succeeds in authentication according to the authentication result information upon receiving the authentication result information, ), Or may provide the user terminal 10 with personal information related to the content or the web page or the user requiring security.

As described above, according to the present invention, the first channel-based authentication is performed based on the user identification information transmitted through the data network, which is the first channel, to the user terminal 10 connected to the first server 100 through the data network And transmits the one-time authentication information provided to the user terminal 10 through the first server 100 to the user terminal 10 through the mobile communication network, which is the second channel, according to the communication between the first server 100 and the second server 200, Based authentication by performing channel-based authentication by performing a second channel-based authentication by receiving from the user terminal 10 the special information of the originator transmitted to the user terminal 10 in the second channel- The originating number of the originating source requesting the one-time authentication information is compared with each other to provide a user who can request the one-time authentication information so that the first and second channels can be used together The source is authenticated by the user can be made so as to support.

In other words, besides providing the one-time authentication information in the first server 100, a special number used as a calling number of a source requesting (or requesting) the one-time authentication information at a later time is provided to the user terminal 10 through a data network Information of a source requesting the one-time authentication information in advance to the user, and a special number of special information transmitted from the first server 100 to the user terminal 10 to request the one-time authentication information from the second server 200 The originator of the text message requesting the one-time authentication information that has been received by the user is verified and confirmed based on the corresponding special number, so that the authentication of the originator can be performed.

That is, according to the present invention, a server providing a specific service supports authentication using a plurality of different channels for a user, authentication (or verification) of a user with respect to a server requesting authentication, It is possible to prevent the authentication information for user authentication from being seized in the transmission process and to support the authentication process using the special protocol which is difficult for the server to forge and falsify based on the MO and MT services so that the hacker can manipulate the user It is possible to greatly improve the security in the authentication process.

In addition, the present invention is characterized in that a server has a special list for a plurality of different specials, and each time a user terminal accesses a server, a special number set in a calling number for a source of authentication information for user authentication Randomly selected, and the authentication information is transmitted through the MO service when the authentication information is received from the server, so that the hacker can be prevented from grasping the channel through which the authentication information is transmitted, thereby greatly improving the security.

Hereinafter, a detailed operation of the security service providing process of the security service providing system supporting the multi-channel authentication with the user terminal 10 according to the embodiment of the present invention will be described in detail with reference to the drawings. Explain.

Here, the first server 100 and the second server 200 are described as the web server 100 and the authentication server 200, respectively. However, the first server 100 and the second server 200 are not limited thereto. 2 server 200 may be composed of various kinds of servers.

2 illustrates an operation example of a user authentication process of the web server 100. As shown in the figure, the user terminal 10 communicates with the web server 100 through a data network, which is a first channel, The web server 100 may transmit a predetermined web page among a plurality of web pages constituting a web site for providing web services to the connected user terminal 10. [

At this time, the web server 100 may transmit a log-in related web page when the user terminal 10 is initially connected.

Also, the user terminal 10 may include a control unit, which controls the operation of the user terminal 10 through the login-related web page displayed on the display unit configured on the user terminal 10 based on the user input through the input unit configured on the user terminal 10. [ And transmits the user identification information to the web server 100 through the communication unit configured in the user terminal 10. [

At this time, the user identification information may be composed of login information including a login ID and password of the user.

The web server 100 extracts member information corresponding to the corresponding user identification information among a plurality of different user-specific member information stored in advance in the member DB 101 when the user identification information is received from the user terminal 10, If the comparison result is matched, the user can be first authenticated based on the data network of the first channel.

At this time, even if the user authentication based on the first authentication is succeeded, the web server 100 blocks the connection of the abnormal user such as the hacker who seizes the user identification information, which is not the normal user corresponding to the user identification information, Secondary authentication can be performed.

Also, the web server 100 may block the access of the user terminal 10 to other web pages constituting the web site other than the login related web page until the second authentication for the user is completed, and the user terminal 10 ) Can remain in a standby state while accessing a login related web page.

Referring to FIG. 3, the authentication process of the user through the interworking of the web server 100 and the authentication server 200 will be described. As shown in FIG. 3, when the first channel- The terminal information for the user terminal 10 set in advance in the member information of the member DB 101 corresponding to the terminal information can be extracted from the member information.

Also, the web server 100 may generate authentication request information for secondary authentication including the corresponding terminal information, and may transmit the generated authentication request information to the authentication server 200 interworking with the corresponding web server 100.

At this time, the web server 100 may generate the authentication request information only upon successful user authentication based on the user identification information.

Also, the authentication server 200 extracts the terminal information from the authentication request information upon receiving the authentication request information, extracts the terminal information from the special terminal list in a special list including a plurality of different specials related to the MO and the MT service, The user can randomly select a special number for use in authentication with the personal computer 10.

At this time, the special list may include a plurality of different specials assigned to the authentication server 200 by a service provider providing MO and MT services.

In addition, the service provider providing the corresponding MO and MT services may be a mobile communication company.

Meanwhile, the authentication server 200 may generate one-time authentication information for user authentication in response to the authentication request information upon receiving the authentication request information.

At this time, the one-time authentication information may be configured as OTP (One Time Password) information.

Accordingly, the authentication server 200 generates response information including the special information about the randomly selected special number corresponding to the authentication request information and the one-time authentication information generated in correspondence with the authentication request information, corresponding to the authentication request information, And transmits the response information to the web server 100.

At this time, the authentication server 200 may include the terminal information in the corresponding response information so that the web server 100 can confirm the response information corresponding to the authentication request information to the web server 100.

Also, the authentication server 200 matches the terminal information included in the authentication request information with the special information corresponding to the authentication request information and the one-time authentication information, and stores the matching information in the authentication DB 102 included in the authentication server 200 .

The web server 100 identifies the response information corresponding to the authentication request information transmitted to the authentication server 200 based on the terminal information included in the corresponding authentication request information and the response information, (10) through the data network.

The control unit configured in the user terminal 10 receives the response information from the web server 100 through the communication unit configured in the user terminal 10 and transmits the special information included in the response information and the one- The user can display the special and one-time authentication information according to the special information so that the user can confirm the information.

At this time, the web server 100 may generate the corresponding response information as a pop-up type web page and transmit it to the user terminal 10, and the control unit of the user terminal 10 transmits the corresponding response information to the pop- -up. < / RTI >

Also, the authentication server 200 generates a text message for requesting the one-time authentication information displayed on the user terminal 10 by making the selected special number corresponding to the authentication request information the originating number of the originator, Through the mobile communication network, to the contact of the user terminal 10 in accordance with the message.

At this time, the authentication server 200 can transmit a corresponding text message through the mobile communication network to the MO and MT service system composed of one or more relay devices providing the preset MO and MT services, and can transmit a text message from the authentication server 200 The receiving relay device can relay the transmission of the text message so that the corresponding text message is transmitted to the user terminal 10 based on the MT service.

Also, the text message may be composed of a short messaging service (SMS) message or a multimedia messaging service (MMS) message.

The controller configured in the user terminal 10 receives the text message transmitted on the MT service basis from the authentication server 200 through the mobile communication network through the communication unit configured in the user terminal 10, It is possible to display a response message including the one-time authentication information to the user and to display the corresponding text message to guide the user to reply to the text message.

At this time, the control unit can identify the special number, which is the calling party number of the corresponding text message, and display the corresponding special number through the display unit of the user terminal 10.

Further, the corresponding text message may include a guidance message such as 'Please check the telephone number of the source and the special number displayed on the screen and if they match, please return one-time authentication information (for example, OTP number) to the telephone number of the originator' .

Accordingly, the user can compare the special number, which is the calling party number (the telephone number of the calling party) of the received text message, with the special information received and displayed in the user terminal 10, It is possible to confirm whether or not the requesting originator is the authenticated originator of the service provider of the web server 100 connected to the user terminal 10. [

On the other hand, the controller configured in the user terminal 10 generates a response message including one-time authentication information corresponding to the text message based on user input through the input unit configured in the user terminal 10, The response message can be transmitted to the authentication server 200 corresponding to the special address of the corresponding response message based on the MO service through the mobile communication network .

At this time, the user confirms the one-time authentication information displayed on the user terminal 10, inputs a response message including the one-time authentication information to the user terminal 10, and transmits the response message to the authentication server 200 through the user terminal 10 Can be transmitted by special order.

At this time, the response message may also be composed of an SMS or an MMS message.

Accordingly, the one or more relay apparatuses receiving the response message can transmit the response message to the authentication server 200. At this time, the one or more relay apparatuses can transmit a response message to the authentication server 200 based on the MO service have.

Meanwhile, the authentication server 200 extracts the one-time authentication information from the response message received from the user terminal 10 through the MO service, and transmits the one-time authentication information extracted from the response message to the user terminal 10 in the authentication DB 102. [ And the one-time authentication information matched to the terminal information of the terminal.

At this time, the authentication server 200 identifies the terminal information corresponding to the user terminal 10 in the authentication DB 102 based on the calling number of the response message, and transmits the one-time authentication information matched to the terminal information to the one- It can be compared with the authentication information.

Also, the authentication server 200 may determine that the authentication is successful if the one-time authentication information is mutually matched as a result of the comparison, and may generate the authentication result information about the authentication success and transmit the authentication result information to the web server 100.

If the one-time authentication information does not coincide with each other, the authentication server 200 determines that the authentication fails and generates authentication result information about the authentication failure and transmits the authentication result information to the web server 100.

At this time, the authentication server 200 may transmit the authentication result information to the web server 100, including the terminal information of the user terminal 10 for identification of the user.

Accordingly, when receiving the authentication result information, the web server 100 confirms the authentication result of the authentication result information, permits the user terminal 10 to access the website only when authentication is successful, The connection of the user terminal 10 can be blocked.

At this time, the web server 100 may allow the access of the user terminal 10 to the web site in case of authentication failure, but may block the access of the user terminal 10 to the personal web page or the user's personal information of the web site .

Meanwhile, in the above-described configuration, the authentication server 200 arbitrarily selects one or more digits from one-time authentication information composed of a plurality of digits, and transmits one or more digit codes arbitrarily selected from the one-time authentication information to the user terminal 10).

Accordingly, the control unit of the user terminal 10 generates a response message including at least one selected digit code corresponding to the text message based on the user's input, and transmits the response message to the authentication server 200 through the communication unit of the user terminal 10. [ Lt; / RTI >

At this time, the control unit determines, based on the user's input, the code that is not selected by the authentication server 200 (a place that the authentication server 200 does not request from the user terminal 10) The authentication server 200 can transmit a special code such as "*" in the response message and transmit the code corresponding to the above-mentioned arbitrarily selected place through a predetermined special symbol such as "* " Can be identified.

Also, the authentication server 200 compares one or more digit codes included in the response message with one or more codes constituting preset one-time authentication information corresponding to the user terminal 10 to determine whether they match or not The authentication result information may be generated according to the determination result after the authentication success or failure is determined according to the matching and may be transmitted to the web server 100.

As described above, according to the present invention, authentication information is requested and responded through a special password which is difficult for forgery and falsification, and can be specifically confirmed to be used, thereby enhancing security. Particularly, in the special case used in the present invention, not only the arbitrary users are allocated to the trusted authentication provider by the examination not the number that can be requested, but also the server side A plurality of different specials are randomly selected each time a user attempts to access the terminal, so that the hacker can use the terminal as a source and destination of authentication information so that the hacker can not grasp the channel (or the contact or number of the channel) The security can be greatly enhanced.

In addition, the present invention can be applied to a special channel which is difficult to be falsified in a two-channel authentication process in which a one-time authentication information received through a first channel of a user terminal (10) is input as a text message through a second channel of the user terminal It is possible to easily prevent the user from transmitting the authentication information to the unauthorized source by adding the process of passing the user authentication to the telephone number of the source which induces the input of the authentication information through the naked eye identification of the user. It is possible to increase the security without increasing the number of separate users.

Meanwhile, in the above-described configuration, the user terminal 10 may include a communication unit, a storage unit, a display unit, a sound output unit, and a control unit.

Not all of the components of the user terminal 10 are essential components, and the user terminal 10 may be implemented by more components than the components of the user terminal 10, (10) may be implemented.

The communication unit communicates with at least one external terminal or any internal component via a wired / wireless communication network. At this time, an arbitrary external terminal may include the first server 100 (or the web server 100) and the second server 200 (or the authentication server 200).

The communication unit may include a first communication module that communicates through the wireless data network and a second communication module that communicates through the mobile communication network.

The first communication module may be a wireless LAN (WLAN), a Digital Living Network Alliance (DLNA), a Wireless Broadband (Wibro), a World Interoperability for Microwave Access (WiMAX), a Wi- , Wi-Fi Direct, and the like. The first server 100 may be configured to communicate with the first server 100 via a wireless data network. Here, the first communication module may communicate with the first server through a wired data network such as a wired LAN (Local Area Network), a wired WAN (Wide Area Network), or the like.

Also, the second communication module may be a communication module such as Global System for Mobile communication (GSM), Code Division Multi Access (CDMA), Code Division Multi Access 2000 (CDMA2000), Enhanced Voice-Data Optimized or Enhanced Voice- WCDMA (Wideband CDMA), HSDPA (High Speed Downlink Packet Access), HSUPA (High Speed Uplink Packet Access), IEEE 802.16, Long Term Evolution (LTE), Long Term Evolution- And can communicate with the base station, the first and second servers 100 and 200 through a mobile communication network and a wireless mobile broadband service (WMBS).

At this time, the second communication module transmits data generated by the control unit of the user terminal 10 to the external server through the mobile communication network as well as voice communication, text message such as SMS or MMS through the mobile communication network, To the control unit of the user terminal 10, data received via the mobile communication network.

That is, the second communication module can support data communication based on the mobile communication network.

On the other hand, the communication unit can transmit information to an arbitrary terminal through a universal serial bus (USB).

The communication unit receives various kinds of information transmitted from the first server 100 or the second server 200 under the control of the control unit.

The storage unit stores various user interfaces (UI), a graphical user interface (GUI), and the like.

In addition, the storage unit stores data and programs necessary for the user terminal 10 to operate.

That is, the storage unit may store a plurality of application programs (application programs or applications) running on the user terminal 10, data for operation of the user terminal 10, and commands. At least some of these application programs may be downloaded from the external service providing device via wireless communication. Also, at least some of these application programs may reside on the user terminal 10 from the time of shipment for the basic functions of the user terminal 10 (e.g., call incoming, outgoing, message receiving, originating functions). Meanwhile, the application program may be stored in the storage unit, installed in the user terminal 10, and may be driven to perform the operation (or function) of the user terminal 10 by the control unit.

The storage unit may be a flash memory type, a hard disk type, a multimedia card micro type, a card type memory (for example, SD or XD memory) A random access memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read- Only Memory < / RTI > Also, the user terminal 10 may operate web storage or operate in connection with web storage, which performs the storage function of the storage unit on the internet.

In addition, the storage unit may store various kinds of information received through the communication unit under the control of the control unit.

The display unit may display various contents such as various menu screens by using the user interface and / or graphical user interface stored in the storage unit under the control of the control unit. Here, the content displayed on the display unit includes various text or image data (including various information data) and a menu screen including data such as an icon, a list menu, and a combo box. Further, the display unit may be a touch screen.

The display unit may be a liquid crystal display (LCD), a thin film transistor liquid crystal display (TFT LCD), an organic light-emitting diode (OLED), a flexible display, , A 3D display, an e-ink display, and a light emitting diode (LED).

Further, the display unit may be configured as a stereoscopic display unit for displaying a stereoscopic image.

In the stereoscopic display unit, a three-dimensional display system such as a stereoscopic system (glasses system), an autostereoscopic system (no-glasses system), a projection system (holographic system) can be applied.

Further, the display unit displays various kinds of information received through the communication unit under the control of the control unit.

The voice output unit outputs voice information included in the signal subjected to the predetermined signal processing by the control unit. Here, the audio output unit may include a receiver, a speaker, a buzzer, and the like.

The voice output unit outputs the guidance voice generated by the control unit.

In addition, the sound output unit can output the sound information corresponding to the information received through the communication unit under the control of the control unit.

The control unit executes the overall control function of the user terminal 10.

Also, the control unit executes the overall control function of the user terminal 10 using the program and data stored in the storage unit. The control unit may include a RAM, a ROM, a CPU, a GPU, and a bus, and the RAM, the ROM, the CPU, and the GPU may be connected to each other via a bus. The CPU accesses the storage unit, performs booting using an O / S (Operating System) stored in the storage unit, and can perform various operations using various programs, contents, and data stored in the storage unit .

In addition, the control unit performs the membership registration procedure for the user of the corresponding user terminal 10 by interlocking with the first server 100.

In addition, at the time of performing the membership registration procedure, the control unit normally completes the membership registration procedure for the first server 100 in order to complete the authentication function through the authentication unit (for example, mobile phone, credit card, can do.

If the user of the control unit is not a member registered in advance in the first server 100, the control unit may control the user terminal 10 (or the user terminal 10) based on the guide information related to the membership subscription provided from the first server 100 The user of the corresponding user terminal 10).

The first server 100 may generate membership information upon completion of the membership procedure of the user terminal 10 and may store the membership information in the member DB 101 included in the first server 100. [

At this time, the second server 200 may access the corresponding member DB 101 and share the member DB 101 with the first server 100. [

The user terminal 10 may further include an interface unit (not shown) that serves as an interface with all the external devices connected to the corresponding user terminal 10. For example, the interface unit may include a wired / wireless headset port, an external charger port, a wired / wireless data port, a memory card port, a port for connecting a device having an identification module, an audio I / Input / output (I / O) port, video I / O (input / output) port and earphone port. Here, the identification module is a chip for storing various information for authenticating the usage right of the user terminal 10, and includes a user identity module (UIM), a subscriber identity module (SIM) A Universal Subscriber Identity Module (USIM), and the like. In addition, a device provided with the identification module can be manufactured in a smart card format. Thus, the identification module can be connected to the user terminal 10 via the port. The interface unit receives data from an external device or receives power from the external device and transmits the received data to each component in the user terminal 10 or allows data in the user terminal 10 to be transmitted to an external device.

In addition, when the user terminal 10 is connected to an external cradle, the interface unit may be a path through which power from the cradle is supplied to the corresponding user terminal 10, or various command signals input from the cradle by the user, (10). ≪ / RTI > The various command signals input from the cradle or the corresponding power source may be operated as a signal for recognizing that the user terminal 10 is correctly mounted on the cradle.

The user terminal 10 also includes an input unit (not shown) for receiving a command or a control signal generated by an operation such as a button operation by the user or a function selection, or a touch / Not shown).

The input unit may include at least one of a command, a selection, data, and information of a user. The input unit may include a plurality of input keys and function keys for inputting numeric or character information and setting various functions.

The input unit may include a key pad, a dome switch, a touch pad (static / static), a touch screen, a jog wheel, a jog switch, a jog shuttle, a mouse, , A stylus pen, a touch pen, and the like can be used. Particularly, when the display portion is formed in the form of a touch screen, some or all of the functions of the input can be performed through the display portion.

In addition, each component (or module) of the user terminal 10 may be software stored on the memory (or storage) of the user terminal 10. The memory may be an internal memory of the user terminal 10, and may be an external memory or other type of storage device. Further, the memory may be a non-volatile memory. The software stored on the memory may include a set of instructions that, when executed, cause the user terminal 10 to perform certain operations.

Meanwhile, according to the configuration of the user terminal 10 according to the above description, when the user terminal 10 receives a text message for instructing input of the one-time authentication information from the authentication server 200, The one-time authentication information may be automatically transmitted to the authentication server 200 after confirming whether or not the special number displayed on the user terminal 10 is matched with the special number displayed on the user terminal 10. This will be described in detail with reference to FIG.

As shown in the figure, the user terminal 10 may include an application unit 11 configured to access the web server 100, and the application unit 11 may be a dedicated application configured to communicate with the web server 100 means a control unit in a state in which the application has been executed or may be a dedicated application in a state of being executed by the control unit in the user terminal 10 which is composed of dedicated application related data stored in the storage unit of the user terminal 10. [

The application unit 11 may be configured as a control unit that controls each component of the user terminal 10 or may control each component of the user terminal 10 on behalf of the control unit.

The application unit 11 described above can be activated in the user terminal 10 when the corresponding dedicated application is executed in the user terminal 10 and the application unit 11 accesses the web server 100, And may transmit the user identification information to the web server 100 based on the user input through the input unit of the web server 10.

Also, the web server 100 transmits the authentication request information to the authentication server 200 as described above, and the authentication server 200 transmits the response information including the special information generated in correspondence with the authentication request information and the one- To the web server 100.

The web server 100 may transmit the response information to the application unit 11 of the user terminal 10 and the application unit 11 transmits the response information to the web server 100 via the communication unit of the user terminal 10 100 and display the corresponding response information on the display unit of the user terminal 10. [

Also, the authentication server 200 may transmit a text message to the user terminal 10 using the corresponding special number for requesting the one-time authentication information.

In this case, the application unit 11 of the user terminal 10 can interoperate with a messenger application related to a text message preinstalled in the user terminal 10, and when the text message is received, It is possible to directly identify whether the correspondence between the origination number identified in correspondence with the text message and the special number of the special information contained in the response information displayed on the user terminal 10 is directly compared with the instant message.

Accordingly, if the special number matches the calling number identified in correspondence with the text message, the application unit 11 displays the preset notification-related notification information through the display unit of the user terminal 10 and displays a text message with the special number as the calling number Can be provided.

In addition, the application unit 11 executes a messenger application for sending and receiving a text message, responds to a corresponding text message having a matching special number with the calling number, and transmits a response message including one-time authentication information through the corresponding messenger application And transmit it to the authentication server 200 through the communication unit of the user terminal 10.

At this time, when the messenger application is executed, the application unit 11 is switched to the background state or switched to the inactive state, and the application unit 11 is switched to the control unit. When the messenger application is executed, The control unit may generate the response message according to the user input and transmit the generated response message to the authentication server 200. [

Through the above-described configuration, the authentication server 200 can perform the authentication process for the user in conjunction with the web server 100 when receiving the response message including the one-time authentication information, as described above.

On the other hand, in the above-described configuration, the application unit 11 can perform the hidden processing without exposing the one-time authentication information included in the response information received from the Web server 100, Only the one-time authentication information may be exposed when a text message having the originating number is received.

As described above, according to the present invention, the authentication information is transmitted from the first server 100 to the second server 200 authenticated by the first server 100 through the dedicated application that accesses the first server 100, It is possible to automatically compare the specials transmitted to the user terminal 10 with each other to automatically determine whether they match or not, and to notify the user of the result of the determination. Thus, the user can be assured not to lose the authentication for the source requesting the one- Essentially, verification of the origin can be done.

5 is a flowchart illustrating a method of providing a security service in a security service providing system supporting multi-channel authentication with a user terminal 10 including a first server 100 and a second server 200 according to an embodiment of the present invention It is a flowchart.

As shown in the figure, the first server 100 receives the user identification information from the user terminal 10 connected to the data network (S1), authenticates the user based on the user identification information (S2) And transmits the authentication request information including the terminal information to the user terminal 10 to the second server 200 in step S3.

Also, the second server 200 matches the randomly selected special number with the terminal information in a predetermined special list corresponding to the authentication request information received from the first server 100, stores the random number, and stores the authentication information corresponding to the authentication request information And transmits the random number to the first server 100 together with the special information about the randomly selected special number (S4, S5).

At this time, the second server 200 may match the corresponding authentication information with the terminal information and the special information.

Then, the first server 100 transmits the response information including the special information and the authentication information to the user terminal 10 to display the corresponding response information through the user terminal 10 (S6, S7).

Next, the second server 200 transmits a text message for requesting authentication information to the user terminal 10 (S8), and transmits the authentication information included in the response message, which is received from the user terminal 10, (S9, S10). The authentication result information may be transmitted to the first server 100 (S11).

Accordingly, the first server 100 determines that the authentication of the user is completed upon successful authentication based on the authentication result information, and transmits various service-related contents and data requiring authentication of the user to the user terminal 10, .

The user terminal 10 and the first and second servers 100 and 200 described above may be implemented as a combination of hardware components, software components, and / or hardware components and software components, respectively, A processor, an engine, and the like.

In addition, the components described in the embodiments may be implemented in various forms such as, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable array (FPA) unit, a microprocessor, or any other device capable of executing and responding to instructions.

The user terminal 10 and the first and second servers 100 and 200 may execute one or more software applications that are executed on an operating system (OS) and an operating system.

In addition, the user terminal 10 and the first and second servers 100 and 200 may access, store, manipulate, process, and generate data in response to execution of the software.

For ease of understanding, each component may be described as being used individually, but one of ordinary skill in the art will recognize that the processing device may be configured to include a plurality of processing elements and / Element can be included.

For example, the user terminal 10 and the first and second servers 100 and 200 may comprise a plurality of processors or a processor and a controller. Other processing configurations are also possible, such as a parallel processor.

The software may include a computer program, code, instructions, or a combination of one or more of the foregoing, and may include a user terminal 10 and first and second servers 100, Or to collectively command them independently.

The software and / or data may be interpreted by the user terminal 10 and the first and second servers 100, 200 or may include instructions or data to the user terminal 10 and the first and second servers 100, (Embody) any type of machine, component, physical device, virtual equipment, computer storage media or device, or a signal wave to be transmitted, ).

The software may be distributed over a networked computer system and stored or executed in a distributed manner. The software and data may be stored on one or more computer readable recording media.

The security service providing method for supporting the multi-channel authentication with the user terminal 10 according to the embodiment of the present invention described in the above embodiments can be created by a computer program, and the codes and code segments constituting the computer program are Can be easily deduced by a computer programmer in the field. The computer program may also be stored in a computer readable medium and stored in a computer readable medium such as a computer or the user terminal 10 according to an embodiment of the present invention and the first and second servers 100 and 200 Thereby implementing a security service providing method that supports multi-channel authentication with the user terminal 10. FIG.

The information storage medium includes a magnetic recording medium, an optical recording medium, and a carrier wave medium. A computer program for implementing a security service providing method for supporting multi-channel authentication with a user terminal 10 according to an embodiment of the present invention includes a user terminal 10 and a built-in memory of the first and second servers 100 and 200, As shown in FIG. Alternatively, an external memory such as a smart card storing and installing a computer program implementing a security service providing method for supporting multi-channel authentication with the user terminal 10 according to an embodiment of the present invention may be connected to the user terminal 10 And the first and second servers 100 and 200, respectively.

The various devices and components described herein may be implemented by hardware circuitry (e.g., CMOS-based logic circuitry), firmware, software, or a combination thereof. For example, it can be implemented utilizing transistors, logic gates, and electronic circuits in the form of various electrical structures.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or essential characteristics thereof. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.

The present invention relates to a system and method for supporting a user to authenticate a server requesting authentication in addition to authentication using a plurality of different channels for a user in a server providing a specific service, The authentication information for authentication is prevented from being hijacked in the transmission process, and at the same time, the server can support authentication process using a special protocol that is difficult to be falsified based on the MO and MT services, thereby preventing the hacker from manipulating the source and guiding the user , Which greatly improves the security in the authentication process, and can be widely used in the fields of payment service and security service.

10: user terminal 11: application unit
100: first server, web server 200: second server, authentication server

Claims (10)

A security service providing method of a security service providing system including a first server and a second server communicating with a user terminal through a different communication network,
The first server receives user identification information from the user terminal connected to the data network and transmits authentication request information including terminal information for the user terminal corresponding to the user identification information to the second server An authentication request step;
The second server matches randomly selected special numbers corresponding to the authentication request information in a predetermined special list with the terminal information, stores authentication information corresponding to the authentication request information, generates special information corresponding to the selected special number To the first server together with the first server;
A display step of the first server transmitting the special information and authentication information to the user terminal and displayed through the user terminal; And
The second server transmits a text message for requesting the authentication information to the user terminal, and transmits the authentication information included in the response message received from the user terminal to the authentication server, And authenticating the user according to whether or not the authentication information is matched and transmitting the authentication result information to the first server. The method according to claim 1,
Wherein the authentication information is OTP information, and the authentication information is OTP information. The method according to claim 1,
Wherein the authentication request step further comprises the step of the first server generating the authentication request information upon user authentication based on the user identification information. . The method according to claim 1,
Further comprising the step of determining whether the user terminal is permitted to access the first server according to the authentication result information when the first server receives the authentication result information after the authentication completion step A method for providing a security service supporting multiple channel authentication. The method according to claim 1,
Wherein the first server is configured as a web server and the second server is configured as an authentication server. The method according to claim 1,
Wherein the special message is a preset number for receiving the response message through the MO service, and the text message is transmitted through the MT service. The method according to claim 1,
Wherein the step of authenticating further comprises the step of the second server requesting the one or more digit codes selected from the authentication information composed of a plurality of digits through the text message, To provide security services. A security service providing method of a security service providing system including a first server and a second server communicating with a user terminal through a communication network different from each other, and an application section configured in a user terminal,
Receiving user identification information from the user terminal connected to the first server through a data network and transmitting authentication request information including terminal information corresponding to the user identification information to the second server;
The second server matches randomly selected special numbers corresponding to the authentication request information in a predetermined special list with the terminal information, stores authentication information corresponding to the authentication request information, generates special information corresponding to the selected special number To the first server;
Transmitting, by the first server, the special information and authentication information to an application unit of the user terminal;
The application unit displaying the special information and authentication information through the user terminal;
Transmitting, by the second server, a text message for requesting the authentication information to the user terminal;
Wherein the application unit compares the origination number of the text message with the special number according to the special information when the text message is received, displays the preset notification information through the user terminal, Transmitting a response message including authentication information according to an input to a second server; And
The second server compares the authentication information included in the special response message received from the user terminal with the authentication information previously generated corresponding to the special number, authenticates the user according to whether or not the authentication information matches the authentication information, The method of claim 1, wherein the step of authenticating the user terminal comprises the step of authenticating the user terminal. A computer-readable nonvolatile recording medium on which a program for performing the method according to any one of claims 1 to 8 is recorded. A security service providing system including a first server and a second server communicating with a user terminal through a different communication network,
Receiving authentication identification information from the user terminal connected to the data network and transmitting authentication request information including terminal information on the user terminal corresponding to the user identification information to the second server, A first server for transmitting special information and authentication information received from the second server to the user terminal in response to the information and displaying the special information and the authentication information through the user terminal; And
Wherein the random number is stored in a predetermined special list corresponding to the authentication request information, the random number being matched with the terminal information and stored, and the authentication information corresponding to the authentication request information is generated, Transmitting a text message for requesting the authentication information to the user terminal, transmitting the text message to the user terminal in response to the authentication information included in the specifically received response message, And a second server for comparing the stored authentication information with each other to authenticate the user according to whether the authentication information is matched and transmit authentication result information to the first server.

Images