WO2012020885A1 - An authentication method using two communication terminals - Google Patents

An authentication method using two communication terminals Download PDF

Info

Publication number
WO2012020885A1
WO2012020885A1 PCT/KR2010/007132 KR2010007132W WO2012020885A1 WO 2012020885 A1 WO2012020885 A1 WO 2012020885A1 KR 2010007132 W KR2010007132 W KR 2010007132W WO 2012020885 A1 WO2012020885 A1 WO 2012020885A1
Authority
WO
WIPO (PCT)
Prior art keywords
input information
communication terminal
data
information data
personal information
Prior art date
Application number
PCT/KR2010/007132
Other languages
French (fr)
Inventor
Se Jin Pyo
Original Assignee
Se Jin Pyo
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Se Jin Pyo filed Critical Se Jin Pyo
Publication of WO2012020885A1 publication Critical patent/WO2012020885A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Definitions

  • the present invention relates to an authentication method using two communication terminals; and, more particularly, to an authentication method using two communication terminals for preventing hacking of personal information corresponding to a registration ID, a registration password, a Resident Registration Number, an account number and the like to enter when logging-in a particular site or using an internet banking and an electronic commerce using the communication terminal.
  • malicious hackers may use a key logger program for the purpose of leakage of the personal information
  • the key logger program was pre-installed in user's computer and structured such that important personal information such as the ID, the password, the Resident Registration Number, and the account number for the user to enter via an input apparatus is recorded in log and then transferred to the hacker in a predetermined time. Therefore, if such malicious program has been installed into the user's computer by the hacker, sensitive personal information may be leaked itself when using the internet banking.
  • the hacker can analyze the keyboard hacking protection program which has been pre-installed in the user's computer. The hacker can falsify and neutralize the keyboard hacking protection program executed in the user's computer through such analysis.
  • the present invention is contemplated to resolve the problems mentioned-above, and an object of the present invention is directed to preventing input information data related to personal information from being leaked by replacing the input information data to enter via an input apparatus of a communication terminal with temporary information data, when a user intends to access a particular website thorough the communication terminal and enter the input information data related to the personal information.
  • One embodiment of the present invention is directed to providing authentication method using two communication terminals, performed by a personal information safety server, comprising steps of (a) receiving and storing an input information data to be entered from a first communication terminal to an access server and generating a temporary data corresponding to the received input information data to transfer it to the first communication terminal; (b) searching the input information data corresponding to the temporary data if receiving the temporary data from the access server, which the second communication terminal receives from a user and transfers to the access server; and (c) transferring the searched input information data to the access server.
  • it stores the temporary data in association with the input information data if generating the temporary data corresponding to the input information data.
  • the input information data is a registration ID or a registration password corresponding to login information pre-registered in the access server, or a personal information data such as a Resident Registration Number, an account number, and a card number to be directly entered by the user via the communication terminal.
  • the authentication method using two communication terminals comprising steps of (a)receiving a temporary data issued to a first communication terminal by a personal information safety server to correspond to an input information data from a second communication terminal; (b) transferring the temporary data to the personal information safety server and sending a request to search the input information data corresponding to the temporary data; (c) receiving the input information data corresponding to the temporary data from the personal information safety server; and (d) processing the input information data received from the personal information safety server as the input information data which must be entered from the second communication terminal.
  • the personal information safety server is operatively integrated into the access server.
  • the input information data is a registration ID or a registration password corresponding to login information pre-registered in the access server, or a personal information data such as a Resident Registration Number, an account number, and a card number to be entered by the user via the communication terminal.
  • An authentication method using two communication terminals comprising steps of (a) a first communication terminal receiving, from a user, an input information data which must be entered into an access server through a second communication terminal and transferring it to a personal information safety server; (b) the personal information safety server generating a temporary data corresponding to the input information data and transferring it to the first communication terminal; (c) the second communication terminal receiving the temporary data from the user and transferring it to the access server; (d) the access server sending a request to search the input information data corresponding to the received temporary data and transferring the temporary data to the personal information safety server; (e) the personal information safety server searching the input information data corresponding to the received temporary data and transferring it to the access server; and (f) the access server processing the input information data received from the personal information safety server as the input information data which must be entered from the second communication terminal.
  • the personal information safety serer stores the temporary data in association with the input information data if the temporary data corresponding to the input information data is generated.
  • the input information data is a registration ID or a registration password corresponding to login information pre-registered in the access server, or a personal information data such as a Resident Registration Number, an account number, and a card number to be entered by the user via the communication terminal.
  • the input information data related to the personal information can prevent from being leaked by replacing the input information data to enter via the input apparatus of the communication terminal with the temporary data when the user accesses the particular website via the communication terminal and enters the input information data related to the personal information.
  • Fig. 1 is a structural drawing of an authentication system using two communication terminals according to an embodiment of the present invention.
  • Fig. 2 is a flow diagram of an authentication method using two communication terminals according to an embodiment of the present invention.
  • Fig. 1 is a structural drawing of an authentication system using two communication terminals according to an embodiment of the present invention.
  • a first communication terminal 200 is installed with a dedicated program for temporary data requests and transfers the input information data to a personal information safety server 400 when the input information data is entered via the dedicated program for temporary data requests.
  • the first communication terminal 200 receives and displays the temporary data corresponding to the input information data from the personal information safety server 400.
  • the dedicated program for temporary data requests is not installed in the first communication terminal 200, it is possible to get the temporary data by accessing a particular website which issues the temporary data via the web browser.
  • the input information data may be a registration ID or a registration password corresponding to the login information which has been already registered in the certain website, or the personal information data such as a Resident Registration Number, an account number, and a card number which must be directly entered by the user via the communication terminal.
  • the personal information safety server 400 If the personal information safety server 400 receives the input information data from the first communication terminal 200, the personal information safety server 400 generates the temporary data corresponding to the input information data to transfer it to the first communication terminal 200 and store it in association with the input information data.
  • the temporary data can be set to be used only once or any given times in accordance with user's setting.
  • the temporary data when transferring the temporary data generated in the personal information safety server 400 to the first communication terminal 200 in a case of pre-setting the time that the temporary data must be entered, the temporary data can be determined as an efficient data only if the temporary data transferred to the first communication terminal 200 via an access server 300 is transferred to the personal information safety server 400 within a prescribed time.
  • the second communication terminal 100 is connected with the access server 300 to transfer the temporary data to the access server 300 if the temporary data is entered from the user.
  • the temporary data which is transferred to the access server 300 by the second communication server 100 corresponds to the input information data which must be entered to the access server 300.
  • the second communication terminal 100 and the first communication terminal 200 of the present invention can be applied to any device capable of wired or non-wired communication such as internet, Wi-Fi, infrared communication, including a computer capable of wired or non-wired communication, a smart mobile device, 2G or 3G hand-held device, and a notebook.
  • a device capable of wired or non-wired communication such as internet, Wi-Fi, infrared communication, including a computer capable of wired or non-wired communication, a smart mobile device, 2G or 3G hand-held device, and a notebook.
  • the access server 300 If the access server 300 receives the temporary data from the second communication terminal 100, it transfers the temporary data to the personal information safety server 400 in order to send a request to search the input information data corresponding to the temporary data.
  • the access server 300 receives the input information data corresponding to the temporary data from the personal information safety server 400 and then processes it as the input information data which must be entered by the user via the second communication terminal 100.
  • connection sever 300 and the personal information safety server 400 are provided separately in the embodiment of the present invention, the personal information safety server 400 may be operatively integrated into the access server 300.
  • the access server 300 receives the input information data from the first communication terminal 200, and generates the temporary data corresponding to the received input information data to transfer it to the first communication terminal 200 and store it in association with the input information data.
  • the access server 300 can directly search the input informationcorresponding to the temporary data without a need of requesting the personal information safety server 400 to search the input information data corresponding to the temporary data.
  • the access server 300 processes the searched input information data as the input information data which must be entered from the second communication terminal 100.
  • Fig. 2 is a flow diagram of an authentication method using two communication terminals according to an embodiment of the present invention.
  • the second communication terminal 100 enters the temporary data instead of the registration password in order to login to the access server 300.
  • the registration password is entered into the first communication terminal 200 at a step S201 and transferred to the personal information safety server 400 at a step S202.
  • the personal information safety server 400 receives the registration password from the first communication terminal 200, the temporary password is generated for the received registration password and stored in association with the registration password at a step S203.
  • the personal information safety server 400 transfers the generated temporary password to the first communication terminal 200 at a step S204.
  • the first communication terminal 200 receives the temporary password from the personal information safety server 400, it displays the temporary password on a screen.
  • the second communication terminal 100 receives the registration ID and the temporary password from the user at a step S205 and transfers the registration ID and the temporary password to the access server 300 at a step S206.
  • the access server 300 If the access server 300 receives the registration ID and the temporary password from the second communication terminal 100, it transfers the received temporary password to the personal information safety server 400 at a step S207 and then sends a request to search the registration password for the transferred temporary password.
  • the personal information safety server 400 If the personal information safety server 400 receives the temporary password from the access server 300, it searches the registration password corresponding to the received temporary password at a step S208 and transfers the searched registration password to the access server 300 at a step S209.
  • the access server 300 receives the registration password from the personal information safety server 400, the access server processes it as the registration password which must be entered from the second communication terminal 100.
  • the access server 300 determines whether the registration password of the registration ID received from the second communication terminal 100 matches with the registration password received from the personal information safety server 400 at a step S210.
  • the access server 300 allows logging in of the registration ID at a step S211 if the registration password of the registration ID received from the second communication terminal 100 matches with the registration password received from the personal information safety server 400.
  • the second communication terminal 100 can be also used upon entering the personal information such as the Resident Registration Number, the account number, and the card number into the access server 300.
  • Resident Registration Number is entered into the access server 300 via the second communication terminal 100.
  • the first communication terminal 200 receives the Resident Registration Number from the user and then transfer the received Resident Registration Number to the personal information safety server 400.
  • the personal information safety server 400 receives the Resident Registration Number from the first communication terminal 200, it generates the temporary data corresponding to the Resident Registration Number and transfers the generated temporary data to the first communication terminal 200.
  • the first communication terminal 200 receives and displays the temporary data from the personal information safety server 400.
  • the second terminal 100 receives the temporary data issued to the first communication terminal 200 instead of the Resident Registration Number from the user, it transfers the entered temporary data to the access server 300.
  • the access server 300 If the access server 300 receives the temporary data instead of the Resident Registration Number from the second communication terminal 100, it transfers the received temporary data to the personal information safety server 400 and requests the Resident Registration Number corresponding to the temporary data.
  • the personal information safety server 400 If the personal information safety server 400 receives the temporary data from the access server 300, it searches the Resident Registration Number corresponding to the received temporary data and then transfers the searched Resident Registration Number to the access server 300.
  • the access server 300 receives the Resident Registration Number from the personal information safety server 400, it processes it as the Resident Registration Number which must be entered by the user via the second communication terminal 100.

Abstract

Provided is an authentication method using two communication terminals comprising steps of (a) a first communication terminal receiving, from a user, an input information data which must be entered into an access server through a second communication terminal and transferring it to a personal information safety server; (b) the personal information safety server generating a temporary data corresponding to the input information data and transferring it to the first communication terminal; (c) the second communication terminal receiving the temporary data from the user and transferring it to the access server; (d) the access server sending a request to search the input information data corresponding to the received temporary data and transferring the temporary data to the personal information safety server; (e) the personal information safety server searching the input information data corresponding to the received temporary data and transferring it to the access server; and (f) the access server processing the input information data received from the personal information safety server as the input information data which must be entered from the second communication terminal.

Description

AN AUTHENTICATION METHOD USING TWO COMMUNICATION TERMINALS
The present invention relates to an authentication method using two communication terminals; and, more particularly, to an authentication method using two communication terminals for preventing hacking of personal information corresponding to a registration ID, a registration password, a Resident Registration Number, an account number and the like to enter when logging-in a particular site or using an internet banking and an electronic commerce using the communication terminal.
Although, these days, there exist positive features that an industrial structure has been reorganized due to the remarkable development of IT technology and an improvement of business efficiency has been caused, it is the actual circumstance that a fear of exposure of secrete information to others is accompanied since the personal information such as the ID, the password, the Resident Registration Number, and the account number must be entered when intending to use various fields such as an authentication site, the internet banking, and the electronic commerce.
As the personal information is exposed to hackers and treated illegally by the hackers, damage cases thereof have a tendency of increasing increasingly and methods of prohibiting them have been developed in various phases.
As an example, malicious hackers may use a key logger program for the purpose of leakage of the personal information, and the key logger program was pre-installed in user's computer and structured such that important personal information such as the ID, the password, the Resident Registration Number, and the account number for the user to enter via an input apparatus is recorded in log and then transferred to the hacker in a predetermined time. Therefore, if such malicious program has been installed into the user's computer by the hacker, sensitive personal information may be leaked itself when using the internet banking.
Although the user can install a key-board hacking protection program to prevent hacking of the input apparatus, the hacker can analyze the keyboard hacking protection program which has been pre-installed in the user's computer. The hacker can falsify and neutralize the keyboard hacking protection program executed in the user's computer through such analysis.
Subsequently, there is a limitation to the method of pre-installing the keyboard secret program to prevent from hacking.
The present invention is contemplated to resolve the problems mentioned-above, and an object of the present invention is directed to preventing input information data related to personal information from being leaked by replacing the input information data to enter via an input apparatus of a communication terminal with temporary information data, when a user intends to access a particular website thorough the communication terminal and enter the input information data related to the personal information.
One embodiment of the present invention is directed to providing authentication method using two communication terminals, performed by a personal information safety server, comprising steps of (a) receiving and storing an input information data to be entered from a first communication terminal to an access server and generating a temporary data corresponding to the received input information data to transfer it to the first communication terminal; (b) searching the input information data corresponding to the temporary data if receiving the temporary data from the access server, which the second communication terminal receives from a user and transfers to the access server; and (c) transferring the searched input information data to the access server.
Preferably, it stores the temporary data in association with the input information data if generating the temporary data corresponding to the input information data.
Preferably, the input information data is a registration ID or a registration password corresponding to login information pre-registered in the access server, or a personal information data such as a Resident Registration Number, an account number, and a card number to be directly entered by the user via the communication terminal.
The authentication method using two communication terminals, performed by an access server, comprising steps of (a)receiving a temporary data issued to a first communication terminal by a personal information safety server to correspond to an input information data from a second communication terminal; (b) transferring the temporary data to the personal information safety server and sending a request to search the input information data corresponding to the temporary data; (c) receiving the input information data corresponding to the temporary data from the personal information safety server; and (d) processing the input information data received from the personal information safety server as the input information data which must be entered from the second communication terminal.
Preferably, the personal information safety server is operatively integrated into the access server.
Preferably, the input information data is a registration ID or a registration password corresponding to login information pre-registered in the access server, or a personal information data such as a Resident Registration Number, an account number, and a card number to be entered by the user via the communication terminal.
An authentication method using two communication terminals, comprising steps of (a) a first communication terminal receiving, from a user, an input information data which must be entered into an access server through a second communication terminal and transferring it to a personal information safety server; (b) the personal information safety server generating a temporary data corresponding to the input information data and transferring it to the first communication terminal; (c) the second communication terminal receiving the temporary data from the user and transferring it to the access server; (d) the access server sending a request to search the input information data corresponding to the received temporary data and transferring the temporary data to the personal information safety server; (e) the personal information safety server searching the input information data corresponding to the received temporary data and transferring it to the access server; and (f) the access server processing the input information data received from the personal information safety server as the input information data which must be entered from the second communication terminal.
Preferably, the personal information safety serer stores the temporary data in association with the input information data if the temporary data corresponding to the input information data is generated.
Preferably, the input information data is a registration ID or a registration password corresponding to login information pre-registered in the access server, or a personal information data such as a Resident Registration Number, an account number, and a card number to be entered by the user via the communication terminal.
According to the present invention, there is an advantage in that the input information data related to the personal information can prevent from being leaked by replacing the input information data to enter via the input apparatus of the communication terminal with the temporary data when the user accesses the particular website via the communication terminal and enters the input information data related to the personal information.
Fig. 1 is a structural drawing of an authentication system using two communication terminals according to an embodiment of the present invention.
Fig. 2 is a flow diagram of an authentication method using two communication terminals according to an embodiment of the present invention.
The advantages, features and aspects of the invention will become apparent from the following description of the embodiments with reference to the accompanying drawings, which is set forth hereinafter.
Fig. 1 is a structural drawing of an authentication system using two communication terminals according to an embodiment of the present invention.
A first communication terminal 200 is installed with a dedicated program for temporary data requests and transfers the input information data to a personal information safety server 400 when the input information data is entered via the dedicated program for temporary data requests.
Further, the first communication terminal 200 receives and displays the temporary data corresponding to the input information data from the personal information safety server 400.
If the dedicated program for temporary data requests is not installed in the first communication terminal 200, it is possible to get the temporary data by accessing a particular website which issues the temporary data via the web browser.
Herein, the input information data may be a registration ID or a registration password corresponding to the login information which has been already registered in the certain website, or the personal information data such as a Resident Registration Number, an account number, and a card number which must be directly entered by the user via the communication terminal.
If the personal information safety server 400 receives the input information data from the first communication terminal 200, the personal information safety server 400 generates the temporary data corresponding to the input information data to transfer it to the first communication terminal 200 and store it in association with the input information data.
Herein, the temporary data can be set to be used only once or any given times in accordance with user's setting.
Further, when transferring the temporary data generated in the personal information safety server 400 to the first communication terminal 200 in a case of pre-setting the time that the temporary data must be entered, the temporary data can be determined as an efficient data only if the temporary data transferred to the first communication terminal 200 via an access server 300 is transferred to the personal information safety server 400 within a prescribed time.
The second communication terminal 100 is connected with the access server 300 to transfer the temporary data to the access server 300 if the temporary data is entered from the user.
Herein, the temporary data which is transferred to the access server 300 by the second communication server 100 corresponds to the input information data which must be entered to the access server 300.
Meanwhile, the second communication terminal 100 and the first communication terminal 200 of the present invention can be applied to any device capable of wired or non-wired communication such as internet, Wi-Fi, infrared communication, including a computer capable of wired or non-wired communication, a smart mobile device, 2G or 3G hand-held device, and a notebook.
If the access server 300 receives the temporary data from the second communication terminal 100, it transfers the temporary data to the personal information safety server 400 in order to send a request to search the input information data corresponding to the temporary data.
The access server 300 receives the input information data corresponding to the temporary data from the personal information safety server 400 and then processes it as the input information data which must be entered by the user via the second communication terminal 100.
Although it is described that the connection sever 300 and the personal information safety server 400 are provided separately in the embodiment of the present invention, the personal information safety server 400 may be operatively integrated into the access server 300.
In this case, the access server 300 receives the input information data from the first communication terminal 200, and generates the temporary data corresponding to the received input information data to transfer it to the first communication terminal 200 and store it in association with the input information data.
If the access server 300 receives the temporary data from the second communication terminal 100, the access server 300 can directly search the input informationcorresponding to the temporary data without a need of requesting the personal information safety server 400 to search the input information data corresponding to the temporary data.
The access server 300 processes the searched input information data as the input information data which must be entered from the second communication terminal 100.
Fig. 2 is a flow diagram of an authentication method using two communication terminals according to an embodiment of the present invention.
Referring to Fig. 2, it will be described now on an example that the second communication terminal 100 enters the temporary data instead of the registration password in order to login to the access server 300.
When the user enters the registration password into the first communication terminal 200 for logging in to the access server 300 via the second communication terminal 100, the registration password is entered into the first communication terminal 200 at a step S201 and transferred to the personal information safety server 400 at a step S202.
If the personal information safety server 400 receives the registration password from the first communication terminal 200, the temporary password is generated for the received registration password and stored in association with the registration password at a step S203.
The personal information safety server 400 transfers the generated temporary password to the first communication terminal 200 at a step S204.
If the first communication terminal 200 receives the temporary password from the personal information safety server 400, it displays the temporary password on a screen.
If the user enters the registration ID pre-registered in the access server 300 and the temporary password issued to the first communication terminal 200 instead of the registration password in order to login to the access server 300, the second communication terminal 100 receives the registration ID and the temporary password from the user at a step S205 and transfers the registration ID and the temporary password to the access server 300 at a step S206.
If the access server 300 receives the registration ID and the temporary password from the second communication terminal 100, it transfers the received temporary password to the personal information safety server 400 at a step S207 and then sends a request to search the registration password for the transferred temporary password.
If the personal information safety server 400 receives the temporary password from the access server 300, it searches the registration password corresponding to the received temporary password at a step S208 and transfers the searched registration password to the access server 300 at a step S209.
If the access server 300 receives the registration password from the personal information safety server 400, the access server processes it as the registration password which must be entered from the second communication terminal 100.
Therefore, the access server 300 determines whether the registration password of the registration ID received from the second communication terminal 100 matches with the registration password received from the personal information safety server 400 at a step S210.
The access server 300 allows logging in of the registration ID at a step S211 if the registration password of the registration ID received from the second communication terminal 100 matches with the registration password received from the personal information safety server 400.
Although it has been described on the example in which the second communication terminal 100 enters the login information into the access server 300, the second communication terminal 100 can be also used upon entering the personal information such as the Resident Registration Number, the account number, and the card number into the access server 300.
It will be hereinafter described considering an example that the Resident Registration Number is entered into the access server 300 via the second communication terminal 100.
In a case that the user must access the access server 300 via the second communication terminal 100 and enter the Resident Registration Number, the first communication terminal 200 receives the Resident Registration Number from the user and then transfer the received Resident Registration Number to the personal information safety server 400.
If the personal information safety server 400 receives the Resident Registration Number from the first communication terminal 200, it generates the temporary data corresponding to the Resident Registration Number and transfers the generated temporary data to the first communication terminal 200.
The first communication terminal 200 receives and displays the temporary data from the personal information safety server 400.
If the second terminal 100 receives the temporary data issued to the first communication terminal 200 instead of the Resident Registration Number from the user, it transfers the entered temporary data to the access server 300.
If the access server 300 receives the temporary data instead of the Resident Registration Number from the second communication terminal 100, it transfers the received temporary data to the personal information safety server 400 and requests the Resident Registration Number corresponding to the temporary data.
If the personal information safety server 400 receives the temporary data from the access server 300, it searches the Resident Registration Number corresponding to the received temporary data and then transfers the searched Resident Registration Number to the access server 300.
If the access server 300 receives the Resident Registration Number from the personal information safety server 400, it processes it as the Resident Registration Number which must be entered by the user via the second communication terminal 100.
In a case that the user must access the access server 300 to enter the personal information using the second communication terminal 100, he doesn't have to enter the personal information directly via the second communication terminal 100. Therefore, it is possible to prevent the personal information from being leaked even in hacking of the input device or images.
While the present invention has been described with respect to the specific embodiments, it will be apparent to those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the following claims.

Claims (9)

  1. An authentication method using two communication terminals, performed by a personal information safety server, comprising steps of:
    (a) receiving and storing an input information data to be entered from a first communication terminal to an access server and generating a temporary data corresponding to the received input information data to transfer it to the first communication terminal;
    (b) searching the input information data corresponding to the temporary data if receiving the temporary data from the access server, which the second communication terminal receives from a user and transfers to the access server; and
    (c) transferring the searched input information data to the access server.
  2. The authentication method using two communication terminals of claim 1, further comprising a step of storing the temporary data in association with the input information data if generating the temporary data corresponding to the input information data.
  3. The authentication method using two communication terminals of claim 1, wherein the input information data is a registration ID or a registration password corresponding to a login information pre-registered in the access server, or a personal information data such as a Resident Registration Number, an account number, and a card number to be directly entered by the user via the communication terminal.
  4. The authentication method using two communication terminals, performed by an access server, comprising steps of:
    (a) receiving a temporary data issued to a first communication terminal by a personal information safety server to correspond to an input information data from a second communication terminal;
    (b) transferring the temporary data to the personal information safety server and sending a request to search the input information data corresponding to the temporary data;
    (c) receiving the input information data corresponding to the temporary data from the personal information safety server; and
    (d) processing the input information data received from the personal information safety server as the input information data which must be entered from the second communication terminal.
  5. The authentication method using two communication terminals of claim 4, wherein the personal information safety server is operatively integrated into the access server.
  6. The authentication method using two communication terminals of claims 4, wherein the input information data is a registration ID or a registration password corresponding to a login information pre-registered in the access server, or a personal information data such as a Resident Registration Number, an account number, and a card number to be entered by the user via the communication terminal.
  7. An authentication method using two communication terminals, comprising steps of:
    (a) a first communication terminal receiving, from a user, an input information data which must be entered into an access server through a second communication terminal and transferring it to a personal information safety server;
    (b) the personal information safety server generating a temporary data corresponding to the input information data and transferring it to the first communication terminal;
    (c) the second communication terminal receiving the temporary data from the user and transferring it to the access server;
    (d) the access server sending a request to search the input information data corresponding to the received temporary data and transferring the temporary data to the personal information safety server;
    (e) the personal information safety server searching the input information data corresponding to the received temporary data and transferring it to the access server; and
    (f) the access server processing the input information data received from the personal information safety server as the input information data which must be entered from the second communication terminal.
  8. The authentication method using two communication terminals of claim 7, wherein the personal information safety serer stores the temporary data in association with the input information data if the temporary data corresponding to the input information data is generated.
  9. The authentication method using two communication terminals of claim 7, wherein the input information data is a registration ID or a registration password corresponding to a login information pre-registered in the access server, or a personal information data such as a Resident Registration Number, an account number, and a card number to be entered by the user via the communication terminal.
PCT/KR2010/007132 2010-08-12 2010-10-18 An authentication method using two communication terminals WO2012020885A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020100077893A KR101019617B1 (en) 2010-08-12 2010-08-12 Personal information delivering method using two communication terminals
KR10-2010-0077893 2010-08-12

Publications (1)

Publication Number Publication Date
WO2012020885A1 true WO2012020885A1 (en) 2012-02-16

Family

ID=43938433

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2010/007132 WO2012020885A1 (en) 2010-08-12 2010-10-18 An authentication method using two communication terminals

Country Status (2)

Country Link
KR (1) KR101019617B1 (en)
WO (1) WO2012020885A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020086168A (en) * 2001-05-11 2002-11-18 허성구 The Disposable Random Password User Authentication Method & System Using Mobile Phone
JP2009230601A (en) * 2008-03-25 2009-10-08 Nomura Research Institute Ltd Communication system, communication method, authentication device, authentication method, and authentication program
KR20100038990A (en) * 2008-10-07 2010-04-15 조영미 Apparatus and method of secrity authenticate in network authenticate system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100563544B1 (en) 2005-07-25 2006-03-27 (주) 호미인터랙티브 Method for authenticating a user with one-time password

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020086168A (en) * 2001-05-11 2002-11-18 허성구 The Disposable Random Password User Authentication Method & System Using Mobile Phone
JP2009230601A (en) * 2008-03-25 2009-10-08 Nomura Research Institute Ltd Communication system, communication method, authentication device, authentication method, and authentication program
KR20100038990A (en) * 2008-10-07 2010-04-15 조영미 Apparatus and method of secrity authenticate in network authenticate system

Also Published As

Publication number Publication date
KR101019617B1 (en) 2011-03-07

Similar Documents

Publication Publication Date Title
WO2014104777A2 (en) System and method for safe login, and apparatus therefor
WO2011118871A1 (en) Authentication method and system using portable terminal
WO2013141602A1 (en) Authentication method and system for same
WO2017057899A1 (en) Integrated authentication system for authentication using single-use random numbers
WO2018056601A1 (en) Device and method for blocking ransomware using contents file access control
CN103621009B (en) For the methods, devices and systems based on the open mark of credible platform certification
WO2018182126A1 (en) System and method for authenticating safe software
WO2014027859A1 (en) Device and method for processing transaction request in processing environment of trust zone
WO2012144849A2 (en) Access authentication method for multiple devices and platforms
WO2018124856A1 (en) Method and terminal for authenticating user by utilizing mobile id by means of blockchain database, and server utilizing method and terminal
WO2013100419A1 (en) System and method for controlling applet access
WO2018026109A1 (en) Method, server and computer-readable recording medium for deciding on gate access permission by means of network
WO2014104539A1 (en) Method and apparatus for managing passcode
WO2018139858A1 (en) Apparatus and method for secure personal information retrieval
WO2018169150A1 (en) Locked screen-based user authentication system and method
WO2014175704A1 (en) Iris certification system for website login and personal information security and method therefor
WO2015105289A1 (en) User security authentication system and method therefor in internet environment
WO2014061897A1 (en) Method for implementing login confirmation and authorization service using mobile user terminal
WO2016064127A1 (en) System and method for mobile cross-authentication
WO2010068057A1 (en) Apparatus for managing identity data and method thereof
WO2018026108A1 (en) Method, authorized terminal and computer-readable recording medium for deciding on gate access permission by means of network
WO2015099287A1 (en) Method for authenticating user by using one-time password, and device therefor
WO2011065768A2 (en) Method for protecting application and method for executing application using the same
WO2016064040A1 (en) User terminal using signature information to detect whether application program has been tampered and method for tamper detection using the user terminal
WO2012020885A1 (en) An authentication method using two communication terminals

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10855952

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 12/06/2013)

122 Ep: pct application non-entry in european phase

Ref document number: 10855952

Country of ref document: EP

Kind code of ref document: A1