WO2012169752A2 - Authentication system and method for device attempting connection - Google Patents

Authentication system and method for device attempting connection Download PDF

Info

Publication number
WO2012169752A2
WO2012169752A2 PCT/KR2012/004388 KR2012004388W WO2012169752A2 WO 2012169752 A2 WO2012169752 A2 WO 2012169752A2 KR 2012004388 W KR2012004388 W KR 2012004388W WO 2012169752 A2 WO2012169752 A2 WO 2012169752A2
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
unique value
registration
verification
connection attempt
Prior art date
Application number
PCT/KR2012/004388
Other languages
French (fr)
Korean (ko)
Other versions
WO2012169752A3 (en
Inventor
김영기
원현식
정명재
유장선
김인수
Original Assignee
(주)잉카인터넷
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)잉카인터넷 filed Critical (주)잉카인터넷
Priority to KR1020137028306A priority Critical patent/KR101583698B1/en
Publication of WO2012169752A2 publication Critical patent/WO2012169752A2/en
Publication of WO2012169752A3 publication Critical patent/WO2012169752A3/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Definitions

  • the present invention relates to a system and method for authenticating a device attempting to access an online service. More specifically, the present invention relates to a registered device that a user attempts to access a web server in a PC environment or a mobile environment. A connection attempt device authentication system and method for authenticating authentication.
  • the impersonator may be a person who has stolen the personal authentication information of the party user in an illegal manner against the party user's intention.
  • PC designated service technology As a complementary security countermeasure, a technology (hereinafter, referred to as a PC designated service technology) has been proposed in which an online service can be used only by a registered PC designated by a user.
  • Prior arts related to PC designation services include Korean Patent Publication No. 2010-125496 and Korean Patent Registration No. 1023793. These prior arts register a web server by associating a user's user ID with one or more pieces of computer information specified by the customer for online services (Internet banking). When any computer attempts to connect, the web server checks whether the computer attempting the connection is a computer that is pre-registered for the online service, and provides the online service to the computer only if the computer is a pre-registered computer.
  • NCsoft In the case of the online game website, NCsoft first applied PC-specific services to the online game Massively Multiplayer Online Role Playing Game (MMORPG) Lineage series in September 2006, and other online game companies (NHN Han Games, Nexon, etc.) It is known that the PC designated service is in service or under service review.
  • some bank websites provide PC-designated services for Internet banking websites. For example, in the case of a PC designated service applied to KB Kookmin Bank, a user may register up to 10 computers to use Internet banking. Financial transactions, such as transfer services, can be made through 10 registered computers that are registered in advance, but only inquiry services are possible on unregistered computers.
  • the web server calculates an authentication unique value from the hardware information of the requested PC and registers it with the user's personal authentication information (user ID) and registers it in advance. Thereafter, the web server calculates the authentication unique value of the connection attempt PC from the hardware information of the PC attempting to access the web server using the personal authentication information (user ID) of the user.
  • the method of calculating the authentication unique value of the registered PC and the method of calculating the authentication unique value of the connection attempt PC are the same.
  • the web server compares the calculated authentication unique value of the access attempted PC with the authentication unique value of the registered PC matched with the user's personal authentication information, and determines whether to grant or reject the corresponding online service to the access attempted PC. .
  • the authentication intrinsic value of the access attempted PC transmitted to the network can be easily hacked and tampered by hackers. Therefore, even if the impersonator attempts to access the web server using a non-registered PC instead of a registered user's PC, the unregistered PC
  • the authentication unique value of may be modified into the authentication unique value of the registered PC. In this case, there is a problem that the web server does not recognize this and allows the user to use the online service on a connection attempt unregistered PC used by the name impersonator.
  • the prior art calculates the authentication unique value of the PC from the same hardware information regardless of the system configuration state of the registration PC and the connection attempt PC, the authority of the user account of the CMOS setting of the PC or the operating system (OS). In some cases, some PCs may not be able to collect the information needed to calculate the unique value of authentication. However, if the authentication unique value (for example, the MAC address mainly used in the PC designated service of the website) is calculated based on the limited hardware information that all PCs have, the authentication unique value has a vulnerability that is easy to be tampered with. have. In addition, the conventional technology has a problem that the convenience of the user is reduced because the device registered by the user to access the web server is limited to the PC.
  • An object of the present invention devised to solve the above-described problems of the related art is to first authenticate whether a connection attempt device is a registered device by itself, and to determine whether the web server is a registered device only for a first attempted connection attempt device.
  • the present invention provides a system and a method for authenticating an attempted device for second authentication, and allowing a user to use an online service to an access attempted device in which both first and second authentications are successful.
  • connection attempt device authentication system for achieving the above object, in the connection attempt device authentication system installed in the device connected to the user authentication server,
  • An information collection module for collecting at least two environmental information of a hardware environment and a software environment installed in the device
  • An authentication control module that performs a device registration procedure for the device when a user requests a device registration, and performs a device verification procedure for an attempt to access the device when the user requests an online service;
  • a first authentication unique value is calculated by combining at least two or more environmental information collected by the information collecting module according to the type of the device and the type of operating system installed in the device, and providing the authentication control module with the first authentication unique value.
  • the authentication control module stores the first authentication unique value for registration input from the first authentication unique value calculation module during the device registration procedure in a storage unit of the device and transmits the stored to the user authentication server.
  • the primary authentication unique value for verification inputted from the primary authentication unique value calculation module is compared with the primary authentication unique value for registration, and then verified and transmitted to the user authentication server. do.
  • connection attempt device authentication method in the connection attempt device authentication method of the connection attempt device authentication system installed in the device connected to the user authentication server,
  • a third step of the connection attempt device authentication system combining at least two or more environmental information from the connection attempt device to calculate a primary authentication unique value for verification;
  • a fourth step of the connection attempt device authentication system comparing the primary authentication unique value for verification and the registration primary authentication unique value stored in a storage unit of the connection attempt device;
  • the connection attempting device authentication system transmits the verification first authentication unique value to the user authentication server.
  • connection attempt device authentication system compares the fourth step with the verification first authentication unique value and the registration first authentication unique value, the authentication from the user authentication server fails after the fifth step. And a seventh step of blocking an online service to the access attempt device.
  • connection attempt device authentication method may include: a first step of identifying, by the connection attempt device authentication system, a device type and an operating system of the connection attempt device when a request for verification of a connection attempt device for the device is requested;
  • a third step of the connection attempt device authentication system combining at least two or more environmental information from the connection attempt device to calculate a primary authentication unique value for verification;
  • a fourth step of the connection attempt device authentication system comparing the primary authentication unique value for verification and the registration primary authentication unique value stored in a storage unit of the connection attempt device;
  • the connection attempting device authentication system transmits the verification first authentication unique value to the user authentication server.
  • connection attempt device authentication system compares the fourth step with the verification first authentication unique value and the registration first authentication unique value, the authentication from the user authentication server fails after the fifth step. And a seventh step of blocking an online service to the access attempt device.
  • the registered device calculates the first authentication unique value and the second authentication unique value based on the software and / or hardware environment information, and performs the second authentication through the web server after the first authentication. Therefore, there is an effect that can enhance the security against network packet hacking.
  • the authentication unique value is calculated by combining the information that can be collected according to the type of the registered device and the connection attempt device (PC, mobile phone, tablet PC) and the operating system (OS) installed in the device. For example, it is difficult to tamper with the authentication intrinsic value, thereby enhancing security.
  • FIG. 1 is a block diagram showing a connection attempt device authentication system according to the present invention.
  • FIGS. 2 and 3 are flowcharts illustrating a method for authenticating a connection attempt device according to the present invention.
  • communication unit 120 communication network
  • connection attempt device authentication system 141 information collection module
  • FIG. 1 is a block diagram showing a connection attempt device authentication system according to the present invention.
  • the device 110 is connected to the user authentication server 130 through the communication network 120.
  • the user authentication server 130 may be physically used together with a typical web server that provides various online services to the device 110.
  • the user authentication server 130 is connected with the server database 131 and provides a device designation service to the device 110.
  • the server database 131 stores authentication unique values for each registered device that are matched with user identification information (user ID) and designated by the user. When a plurality of registered devices are matched and stored in one user identification information, the server database 131 may also store unique identification names for each registered device.
  • the device designation service refers to a procedure in which a user designates or cancels an arbitrary device as a registered device for using an online service on the user authentication server 130, or a device that attempts to access a web server with an arbitrary user ID. And a procedure for verifying whether the registered device is based on the user ID.
  • the device 110 includes a connection attempt device authentication system 140 according to the present invention.
  • the connection attempt device authentication system 140 is made of software, installed in the device 110, and executed using hardware equipment of the device 110. This software may be downloaded and installed on the device 110 through the user authentication server 130 or other software supply server.
  • the device 110 In order to use the online service (eg, electronic banking service, electronic bidding, online games, online sales, etc.) through the web server, the device 110 must install the access attempt device authentication system 140.
  • the online service eg, electronic banking service, electronic bidding, online games, online sales, etc.
  • the connection attempt device authentication system 140 includes an information collection module 141, a first authentication unique value calculation module 142, a second authentication unique value calculation module 143, and an authentication control module 144. do.
  • the information collection module 141 collects hardware environment and software environment information installed in the device 110, which includes a hardware serial number, a universally unique ID (UUID), a hard disk serial number (HDD serial number), and a hard disk volume.
  • Serial number HDMI volumn serial number
  • HDD model name HDD model name
  • OS operating system
  • ID OS installation ID
  • IMSI subscriber identification number
  • USIM Universal Subscriber Identity Module
  • IMEI International Mobile Equipment Identity
  • the information collection module 141 is a type of device, whether it is a mobile phone, a PC, or a tablet PC, and whether the operating system (OS) installed in the device is Windows, Windows, Linux, iOS, Android, or Windows. Collect different environmental information depending on whether it is mobile.
  • OS operating system
  • the authentication control module 144 performs a device registration procedure and a connection attempt device verification procedure according to the present invention.
  • the registration device and the connection attempt device are the same device, in the device registration procedure designated by the user as the registration device, the user attempts to connect to the web server and use the online service by naming it as the registration device.
  • the device verification procedure it is called a connection attempt device.
  • the authentication control module 144 converts the registration primary authentication unique value calculated by the primary authentication unique value calculation module 142 into a hash value and stores it as a file in the storage unit 111. Then, the storage unit 111 stores the first authentication unique value file and records the first authentication unique value file generation time. Next, the authentication control module 144 converts the second authentication unique value for registration calculated by the second authentication unique value calculation module 143 into a hash value and transmits the user authentication server through the communication unit 112 together with the user identification information. 130). In this case, the unique identification name for identifying the registered device may be transmitted together. Then, the user authentication server 130 stores the user identification information, the secondary authentication unique value for registration of the registered device, and the unique identification name in the server database 131. The second authentication unique value calculation module 143 may be omitted. In this case, the first authentication unique value for registration calculated by the first authentication unique value calculation module 142 may be used as the second authentication unique value for registration.
  • the authentication control module 144 converts the primary authentication unique value for verification calculated by the primary authentication unique value calculation module 142 into a hash value for registration stored as a file in the registration device registration procedure.
  • the primary authentication is made as to whether the connection attempting device is a registered device compared with the primary authentication unique value.
  • the authentication control module 144 converts the second authentication unique value for verification calculated by the second authentication unique value calculation module 143 into a hash value to convert the communication unit 112 together with the user identification information. Transfer to the user authentication server 130 through.
  • the user authentication server 130 compares the received second authentication unique value for verification with the registration second authentication unique value stored in the server database 131 to secondly authenticate whether or not the connection attempting device is a registered device.
  • the second authentication unique value calculation module 143 is omitted, the first authentication unique value for verification and the second authentication unique value for verification are the same.
  • the registration device and the connection attempt device are the same and the hardware and software environment has not changed, the first authentication unique value for registration and the first authentication unique value for verification are the same, the second authentication unique value for registration and second verification for verification are the same. Since the eigenvalues are the same, the connection attempting device can succeed in both the first authentication and the second authentication to use the online service. However, if the registration device and the connection attempt device are different, the primary authentication unique value (authentication unique value stored in the registered device) and the verification primary authentication unique value cannot be the same. Even if the first authentication passes, the second authentication unique value for registration (the authentication unique value stored in the user authentication server) and the second authentication unique value for verification (or the first authentication unique value for verification) are not the same. You will not be able to pass Secondary Authentication. If the attempted device does not succeed in the first or second authentication, the web server's online service cannot be used.
  • the authentication control module 144 Since the authentication control module 144 combines various hardware environment and software environment information of the registration device and the connection attempt device to generate an authentication unique value, when the hardware or software of the registration device is changed (for example, replacing a hard disk or an operating system). Reinstallation, file change), and the authentication control module 144 determines that the registration device and the connection attempt device are not the same. In this case, the authentication control module 144 recognizes the registered device whose hardware and software environment has been changed as a new device, and guides the user to proceed with the new device registration procedure.
  • the first authentication unique value calculation module 142 performs first authentication using information that can be collected according to an operating system (OS) installed in the device among hardware and software environment information of the device 110 collected by the information collection module 141. Calculate the eigenvalues, convert them to hash values, and create them as files.
  • OS operating system
  • the first authentication unique value is generated by combining different device identification information according to the type of device and the type of operating system installed in the device.
  • the primary authentication unique value calculation module 142 may identify the OS installation ID, hard disk serial number, file creation time, and user identification.
  • the first authentication unique value is generated by combining information and the like.
  • the OS installation ID means a unique installation ID generated based on the product ID and hardware identifier information when installing the Windows OS.
  • the first authentication unique value calculation module 142 generates a UUID and HDD model name (HDD model name)
  • the first authentication unique value is generated by combining time and user identification information.
  • the reason why the Linux operating system generates the first authentication unique value by combining the hard disk model names is that the Linux operating system cannot access the hard disk serial number information with general user authority.
  • the operating system installed in the device is a Mac operating system (Mac OS)
  • the first authentication unique value is generated by combining the hardware serial number, the hard disk serial number, the creation time, and the user identification information.
  • a mobile phone can be used by subscribing to a mobile carrier, and according to a communication protocol technology (W-CDMA or GSM) serviced by the mobile carrier, the mobile phone has a Universal Subscriber Identity Module (USIM) card or a Subscriber Identity Module (SIM) card. Is fitted.
  • USIM Universal Subscriber Identity Module
  • SIM Subscriber Identity Module
  • the USIM card or SIM card stores personal additional contents such as text messages, e-mails, phone books, etc. along with important information such as subscriber identification number (IMSI), network information, authentication information, and the like.
  • the first authentication unique value calculation module 142 is a subscriber identification number (IMSI), device unique number (IMEI), model number, firmware version, baseband version, kernel version, build number And the like to generate the first authentication unique value. If the device is a mobile phone and the OS is iOS, the first authentication unique value is generated by combining the subscriber identification number (IMSI), the device unique number (IMEI), the iOS version, and the integrated circuit card IDentifier (ICCID). If the device is a mobile phone and the OS is Windows Mobile, a first authentication unique value is generated by combining the subscriber identification number (IMSI), the device unique number (IMEI), and the like.
  • the second authentication unique value calculation module 143 may also generate the second authentication unique value by extracting hardware information and / or software information from the device as described above.
  • the primary authentication unique value calculation module 142 calculates the primary authentication unique value for registration based on the time (creation time) at which the primary authentication unique value file for registration is recorded in the storage and converts it into a hash value. In this case, the generation time of the primary authentication unique value file for registration is recorded. Subsequently, when verifying the access attempt device, the first authentication unique value calculation module 142 calculates a first authentication unique value for verification based on the file generation time information recorded in the storage unit and registers the first authentication unique value for registration. Compare. As a result, it is possible to prevent the primary authentication unique value file for registration from being copied and used in the access attempt device.
  • the second authentication unique value calculation module 143 calculates the second authentication unique value based on hardware-specific hardware information of the hardware environment information of the device 110 collected by the information collection module 141.
  • the second authentication unique value calculation module 143 may be omitted, and second authentication (communication between the device and the user authentication server using the first authentication unique value generated by the first authentication unique value calculation module) may be omitted. Can also be performed through authentication).
  • FIGS. 2 and 3 are flowcharts illustrating a method for authenticating a connection attempt device according to the present invention.
  • the connection attempt device authentication system 140 identifies a device type and an operating system type (S202), and collects hardware and / or software for each device type and operating system. Collect the environment (S203).
  • the hardware and / or software environment that can be collected for each operating system may be set in advance.
  • the collected first authentication unique value for registration is calculated by combining the collected hardware and / or software environment information, generation time information, and user identification information (S204), and the first authentication unique value for registration is converted into a hash value.
  • the primary authentication unique value file for registration is stored in the storage unit (S205).
  • the storage unit records the generation time of the primary authentication unique value file for registration.
  • the generation time information combined to calculate the primary authentication unique value for registration means the generation time of the primary authentication unique value file for registration, so that the file is equal to the time recorded in the storage unit.
  • connection attempt device authentication system 140 calculates a second authentication unique value for registration from preset hardware and / or software environment information (S206), and calculates the calculated second authentication unique value for the user authentication server. It transmits (S207).
  • step S206 may be omitted, and the registration primary authentication unique value calculated in step S204 may be set as the registration secondary authentication unique value in step S207 and transmitted to the user authentication server.
  • the second authentication unique value (which may be the same as or different from the first authentication unique value) of the registered device is registered in the user authentication server.
  • the access attempt device authentication system 140 determines the device type and operating system of the access attempt device. (S209), collect hardware and / or software environment that can be collected for each device type and operating system (S210). Then, the first authentication unique value for verification is calculated by combining the collected hardware and / or software environment information, the generation time information of the registration first authentication unique value file recorded in the storage unit, and the user identification information (S211). ), And compares the primary authentication unique value for verification with the primary authentication unique value for registration stored in the storage unit (S212).
  • the secondary authentication unique value for verification is calculated (S214), and the secondary authentication unique value for verification is transmitted to the user authentication server. (S215).
  • the step S214 may be omitted, and the verification first authentication unique value calculated in step S211 may be set as the verification second authentication unique value in step S215 and transmitted to the user authentication server.
  • the primary authentication unique value for verification and the primary authentication unique value for registration are not the same in step S213 (S213), the online service of the connection attempting device is blocked (S216), and the current connection attempting device is recognized as a new device. And the device registration for the new device guides (S217).
  • step S215 if the second authentication is successful from the user authentication server (S218), since the first and second authentications are successful, the access attempting device provides an online service to the access attempting device (S219). However, if the second authentication from the user authentication server fails (S218), the online service of the attempted device is blocked (S216), the current attempted device is recognized as a new device, and the device registration for the recognized new device is guided. (S217).

Abstract

The present invention relates to a system and a method for authenticating a device attempting connection in a PC environment or mobile environment which authenticate whether the device which is presently attempting connection to a web server is a registered device predetermined by a user. According to the present invention, the system for authenticating the device attempting connection, which is within a system for authenticating a device attempting connection while provided in a device connected to a user authentication server, includes: an information collection module which collects hardware environment and software environment information from the device; an authentication control module which performs a registration process for the device when a user requests device registration and performs a verification process for the device attempting connection with respect to the device of an online service request by the user; a first-round authentication eigenvalue production module which produces an eigenvalue for first-round authentication by combining at least two kinds of environment information collected by the information collection module according to an operating system provided in the device, and provides the first-round authentication eigenvalue for the authentication control module; and a second-round authentication eigenvalue production module which produces an eigenvalue for second-round authentication by combining at least two kinds of environment information collected by the information collection module, and provides the second-round authentication eigenvalue for the authentication control module.

Description

접속 시도 기기 인증 시스템 및 방법Authentication system and method for access attempt
이 발명은 온라인 서비스를 이용하기 위해 접속을 시도하는 기기를 인증하는 시스템 및 방법에 관한 것으로서, 보다 상세하게는 PC환경 또는 모바일환경에서 현재 웹서버에 접속 시도하는 기기가 사용자가 미리 지정해 놓은 등록 기기인지 여부를 인증하는 접속 시도 기기 인증 시스템 및 방법에 관한 것이다.The present invention relates to a system and method for authenticating a device attempting to access an online service. More specifically, the present invention relates to a registered device that a user attempts to access a web server in a PC environment or a mobile environment. A connection attempt device authentication system and method for authenticating authentication.
인터넷 통신망이 고속화됨에 따라, 인터넷 통신망을 이용하여 인터넷 뱅킹, 온라인 게임, 온라인 쇼핑 등과 같은 다양한 온라인 서비스가 활성화되고 있다. 통상적으로 사용자가 상술한 온라인 서비스를 이용하려면 해당 온라인 서비스를 제공하는 웹서버에 개인 인증 정보(사용자 아이디와 패스워드)를 입력하여 로그인 인증을 통과해야 한다. 정당사용자뿐만 아니라 명의도용자(정당사용자의 개인 인증 정보를 획득한 자)라 하더라도 컴퓨터나 모바일폰 등의 기기에 정당사용자의 개인 인증 정보를 이용하여 웹서버에 로그인하면, 현재 사용중인 기기를 통해 해당 웹서버에서 제공하는 정당사용자의 온라인 서비스를 이용할 수 있다.As the internet communication network is speeded up, various online services such as internet banking, online games, online shopping, etc. are activated using the internet communication network. In general, in order for a user to use the aforementioned online service, the user must pass login authentication by inputting personal authentication information (user ID and password) into a web server providing the online service. Even if you are a party user as well as an impersonator (a person who has obtained the party's personal authentication information), if you log into the web server using the party user's personal authentication information on a device such as a computer or mobile phone, You can use online service of party user provided by web server.
명의도용자는 정당사용자의 의사에 반하여 부정한 방법으로 정당사용자의 개인 인증 정보를 탈취한 자일 수 있다. 이렇게 부정한 방법으로 정당사용자의 개인 인증 정보를 탈취한 명의도용자가 정당사용자의 계정에 불법적으로 접속하여 정당사용자의 온라인 서비스를 불법적으로 사용하는 피해 사례가 늘어나고 있다. 이에, 명의도용자가 사용자의 개인 인증 정보를 탈취하더라도 정당사용자에게 제공되는 온라인 서비스에는 접근하지 못하도록 차단하는 보완적인 보안 대책 마련이 시급하다.The impersonator may be a person who has stolen the personal authentication information of the party user in an illegal manner against the party user's intention. There are a growing number of victims of illegal use of online services of political party users by illegal hijackers who have stolen personal authentication information of political party users. Therefore, it is urgent to prepare supplementary security measures to block access to online services provided to party users even if a name thief steals user's personal authentication information.
이러한 보완적인 보안 대책으로서, 사용자가 미리 지정해 놓은 등록 PC에서만 온라인 서비스를 이용할 수 있도록 하는 기술(이하, PC 지정 서비스 기술이라 함)이 제안되었다.As a complementary security countermeasure, a technology (hereinafter, referred to as a PC designated service technology) has been proposed in which an online service can be used only by a registered PC designated by a user.
PC 지정 서비스에 관한 선행기술로서, 대한민국공개특허 제2010-125496호와 대한민국등록특허 제1023793호가 있다. 이 선행기술들은 고객의 사용자 아이디와 고객이 온라인 서비스(인터넷 뱅킹)를 위해 지정한 하나 이상의 컴퓨터 정보를 연계하여 웹서버에 등록한다. 웹서버는 임의의 컴퓨터가 접속을 시도하면, 그 접속을 시도한 컴퓨터가 온라인 서비스를 위해 사전 등록된 컴퓨터인지를 확인하여 사전 등록된 컴퓨터인 경우에만 상기 컴퓨터에게 온라인 서비스를 제공한다.Prior arts related to PC designation services include Korean Patent Publication No. 2010-125496 and Korean Patent Registration No. 1023793. These prior arts register a web server by associating a user's user ID with one or more pieces of computer information specified by the customer for online services (Internet banking). When any computer attempts to connect, the web server checks whether the computer attempting the connection is a computer that is pre-registered for the online service, and provides the online service to the computer only if the computer is a pre-registered computer.
온라인 게임 웹사이트의 경우, 2006년 9월 엔씨소프트는 업체 최초로 온라인 게임 MMORPG(Massive Multiplayer Online Role Playing Game) 리니지 시리즈에 PC 지정 서비스를 적용하였으며, 다른 온라인 게임업체(NHN 한 게임, 넥슨 등)에서도 PC 지정 서비스를 서비스중이거나 서비스 검토중인 것으로 알려져 있다. 아울러, 인터넷 뱅킹 웹사이트의 경우도 일부 은행 웹사이트에서 PC 지정 서비스를 제공하고 있다. 일 예로서, KB 국민은행에 적용되는 PC 지정 서비스인 경우, 사용자는 인터넷 뱅킹을 사용할 컴퓨터를 최대 10개까지 등록할 수 있다. 미리 등록해 놓은 10개의 등록 컴퓨터를 통해서는 이체 서비스 등의 금융 거래를 할 수 있지만, 미등록 컴퓨터에서는 조회 서비스만이 가능하도록 한다.In the case of the online game website, NCsoft first applied PC-specific services to the online game Massively Multiplayer Online Role Playing Game (MMORPG) Lineage series in September 2006, and other online game companies (NHN Han Games, Nexon, etc.) It is known that the PC designated service is in service or under service review. In addition, some bank websites provide PC-designated services for Internet banking websites. For example, in the case of a PC designated service applied to KB Kookmin Bank, a user may register up to 10 computers to use Internet banking. Financial transactions, such as transfer services, can be made through 10 registered computers that are registered in advance, but only inquiry services are possible on unregistered computers.
상술한 선행기술들에 따른 PC 지정 서비스 기술을 간략하게 설명한다. 웹서버는 사용자로부터 PC 지정 서비스가 요청되고 신규 PC 등록이 요청되면, 그 등록 요청된 PC의 하드웨어 정보로부터 인증고유값을 산출하여 사용자의 개인 인증 정보(사용자 아이디)와 매칭시켜 사전 등록해 놓는다. 그 후, 웹서버는 상기 사용자의 개인 인증 정보(사용자 아이디)를 이용하여 웹서버에 접속을 시도하는 PC의 하드웨어 정보로부터 해당 접속 시도 PC의 인증고유값을 산출한다. 물론, 등록 PC의 인증고유값을 산출하는 방법과 접속 시도 PC의 인증고유값을 산출하는 방법은 동일한 것이 바람직하다. 다음, 웹서버는 산출된 접속 시도 PC의 인증고유값과, 상기 사용자의 개인 인증 정보와 매칭된 등록 PC의 인증고유값을 비교하여, 접속 시도 PC에게 해당 온라인 서비스를 허여 또는 거부할 지를 판단한다.A brief description will be given of a PC specific service technology according to the above-mentioned prior arts. When a PC designation service is requested from a user and a new PC registration is requested, the web server calculates an authentication unique value from the hardware information of the requested PC and registers it with the user's personal authentication information (user ID) and registers it in advance. Thereafter, the web server calculates the authentication unique value of the connection attempt PC from the hardware information of the PC attempting to access the web server using the personal authentication information (user ID) of the user. Of course, it is preferable that the method of calculating the authentication unique value of the registered PC and the method of calculating the authentication unique value of the connection attempt PC are the same. Next, the web server compares the calculated authentication unique value of the access attempted PC with the authentication unique value of the registered PC matched with the user's personal authentication information, and determines whether to grant or reject the corresponding online service to the access attempted PC. .
이러한 선행기술들은 웹서버가 사용자의 개인 인증 정보를 확인하는 것과 아울러 접속 시도 PC가 사전 등록된 PC인지 여부를 확인한 후, 접속 시도 PC에 온라인 서비스를 허여함으로써 종래에 대비하여 보안이 강화되는 잇점이 있다.These prior arts have the advantage that the web server checks the user's personal authentication information and checks whether the connection attempt PC is a pre-registered PC, and then grants the online service to the access attempt PC, thereby enhancing security compared to the prior art. have.
그러나, 네트워크로 전송되는 접속 시도 PC의 인증고유값은 해커에 의해 쉽게 해킹되어 변조될 수 있는 바, 명의도용자가 정당사용자의 등록 PC가 아닌 미등록 PC를 이용하여 웹서버에 접속을 시도하더라도 미등록 PC의 인증고유값이 등록 PC의 인증고유값으로 변조될 수 있다. 이 경우, 웹서버는 이를 인지하지 못하고 명의도용자가 이용하는 접속 시도 미등록 PC에 사용자의 온라인 서비스 사용을 허여하게 되는 문제점이 있다.However, the authentication intrinsic value of the access attempted PC transmitted to the network can be easily hacked and tampered by hackers. Therefore, even if the impersonator attempts to access the web server using a non-registered PC instead of a registered user's PC, the unregistered PC The authentication unique value of may be modified into the authentication unique value of the registered PC. In this case, there is a problem that the web server does not recognize this and allows the user to use the online service on a connection attempt unregistered PC used by the name impersonator.
또한, 선행기술들은 등록 PC와 접속 시도 PC의 시스템 구성 상태와는 무관하게 모두 동일한 하드웨어 정보로부터 해당 PC의 인증고유값을 산출하기 때문에, 해당 PC의 CMOS 설정이나 운영체제(OS)의 사용계정자의 권한에 따라 일부 PC에서는 인증고유값 산출에 필요한 정보를 수집하지 못하는 경우도 발생한다. 그렇다고 모든 PC가 필수적으로 구비한 한정된 하드웨어 정보를 기반으로 인증고유값(예컨대 현재 웹사이트의 PC 지정 서비스에서 주로 사용되는 MAC 주소)을 산출한다면 그 인증고유값은 변조되기 쉬운 취약점을 가지게 되는 문제점이 있다. 또한, 종래의 기술은 사용자가 웹서버에 접속하기 위해 등록하는 기기가 PC에 한정되기 때문에 사용자의 편리성이 줄어드는 문제점이 있다. In addition, since the prior art calculates the authentication unique value of the PC from the same hardware information regardless of the system configuration state of the registration PC and the connection attempt PC, the authority of the user account of the CMOS setting of the PC or the operating system (OS). In some cases, some PCs may not be able to collect the information needed to calculate the unique value of authentication. However, if the authentication unique value (for example, the MAC address mainly used in the PC designated service of the website) is calculated based on the limited hardware information that all PCs have, the authentication unique value has a vulnerability that is easy to be tampered with. have. In addition, the conventional technology has a problem that the convenience of the user is reduced because the device registered by the user to access the web server is limited to the PC.
이와 같이 선행기술들은 다기종의 하드웨어 기기(PC, 모바일폰, 태블릿 PC), 멀티플랫폼 환경(Windows, 리눅스, Mac, iOS, 안드로이드, 윈도우즈모바일 등) 및 멀티 브라우저(Multi Browser) 환경에 적용하기 어려우며, 많은 보안 취약점을 가지고 있기 때문에 현재의 해킹 기술과 금융 및 온라인 사고 등에 대처하기 어려운 문제점이 있다.As such, the prior arts are difficult to apply to a variety of hardware devices (PCs, mobile phones, tablet PCs), multiplatform environments (Windows, Linux, Mac, iOS, Android, Windows Mobile, etc.) and multi-browser environments. In addition, because there are many security vulnerabilities, it is difficult to cope with current hacking technology and financial and online accidents.
상술한 종래기술의 문제점을 해결하기 위하여 안출된 이 발명의 목적은, 접속 시도 기기가 자체적으로 등록 기기인지 여부를 1차 인증하고, 1차 인증 완료된 접속 시도 기기에 한해 웹서버가 등록 기기 여부를 2차 인증하며, 1차 인증과 2차 인증이 모두 성공된 접속 시도 기기에게 사용자의 온라인 서비스 이용이 허여되도록 하는 접속 시도 기기 인증 시스템 및 방법을 제공하기 위한 것이다.An object of the present invention devised to solve the above-described problems of the related art is to first authenticate whether a connection attempt device is a registered device by itself, and to determine whether the web server is a registered device only for a first attempted connection attempt device. The present invention provides a system and a method for authenticating an attempted device for second authentication, and allowing a user to use an online service to an access attempted device in which both first and second authentications are successful.
상술한 목적을 달성하기 위한 이 발명에 따른 접속 시도 기기 인증 시스템은, 사용자인증서버와 접속된 기기에 설치되는 접속 시도 기기 인증 시스템에 있어서,In the connection attempt device authentication system according to the present invention for achieving the above object, in the connection attempt device authentication system installed in the device connected to the user authentication server,
상기 기기에 설치된 하드웨어 환경과 소프트웨어 환경 중 적어도 둘 이상의 환경 정보를 수집하는 정보수집모듈과,An information collection module for collecting at least two environmental information of a hardware environment and a software environment installed in the device;
사용자의 기기 등록 요청시 상기 기기에 대한 기기 등록 절차를 수행하고, 사용자가 온라인 서비스 요청시 상기 기기에 대한 접속 시도 기기 검증 절차를 수행하는 인증제어모듈과,An authentication control module that performs a device registration procedure for the device when a user requests a device registration, and performs a device verification procedure for an attempt to access the device when the user requests an online service;
상기 기기의 종류 및 상기 기기에 설치된 운영체제의 종류에 따라 상기 정보수집모듈에서 수집된 적어도 둘 이상의 환경 정보를 조합하여 1차인증고유값을 산출하고 상기 인증제어모듈에게 제공하는 1차인증고유값산출모듈을 포함하고,A first authentication unique value is calculated by combining at least two or more environmental information collected by the information collecting module according to the type of the device and the type of operating system installed in the device, and providing the authentication control module with the first authentication unique value. Contains modules,
상기 인증제어모듈은 상기 기기 등록 절차시 상기 1차인증고유값산출모듈로부터 입력되는 등록용 1차인증고유값을 상기 기기의 저장부에 저장하고 상기 사용자인증서버에게 전송하여 저장되도록 하며, 상기 접속 시도 기기 검증 절차시 상기 1차인증고유값산출모듈로부터 입력되는 검증용 1차인증고유값을 상기 등록용 1차인증고유값과 비교하여 검증하고 상기 사용자인증서버에게 전송하여 검증되도록 하는 것을 특징으로 한다.The authentication control module stores the first authentication unique value for registration input from the first authentication unique value calculation module during the device registration procedure in a storage unit of the device and transmits the stored to the user authentication server. In the trial device verification procedure, the primary authentication unique value for verification inputted from the primary authentication unique value calculation module is compared with the primary authentication unique value for registration, and then verified and transmitted to the user authentication server. do.
또한, 이 발명에 따른 접속 시도 기기 인증 방법은, 사용자인증서버와 접속된 기기에 설치되는 접속 시도 기기 인증 시스템의 접속 시도 기기 인증 방법에 있어서,In addition, the connection attempt device authentication method according to the present invention, in the connection attempt device authentication method of the connection attempt device authentication system installed in the device connected to the user authentication server,
상기 기기에 대한 접속 시도 기기 검증이 요청되면, 상기 접속 시도 기기 인증 시스템이 상기 접속 시도 기기의 기기 종류 및 운영체제를 파악하는 제1단계와,A first step of identifying, by the access attempted device authentication system, a device type and an operating system of the access attempted device, when the verification of the attempted access device to the device is requested;
상기 접속 시도 기기 인증 시스템이 상기 접속 시도 기기의 기기 종류 및 운영체제별로 수집 가능한 하드웨어와 소프트웨어 환경 정보 중 적어도 둘 이상의 환경 정보를 수집하는 제2단계와,A second step of collecting, by the connection attempt device authentication system, at least two or more pieces of environment information among hardware and software environment information that can be collected for each device type and operating system of the connection attempt device;
상기 접속 시도 기기 인증 시스템이 상기 접속 시도 기기로부터 적어도 둘 이상의 환경 정보를 조합하여 검증용 1차인증고유값을 산출하는 제3단계와,A third step of the connection attempt device authentication system combining at least two or more environmental information from the connection attempt device to calculate a primary authentication unique value for verification;
상기 접속 시도 기기 인증 시스템이 상기 검증용 1차 인증고유값과 상기 접속 시도 기기의 저장부에 저장된 등록용 1차인증고유값을 비교하는 제4단계와,A fourth step of the connection attempt device authentication system comparing the primary authentication unique value for verification and the registration primary authentication unique value stored in a storage unit of the connection attempt device;
상기 제4단계의 비교결과 상기 검증용 1차인증고유값과 상기 등록용 1차인증고유값이 동일하면, 상기 접속 시도 기기 인증 시스템이 검증용 1차인증고유값을 상기 사용자인증서버에게 전송하는 제5단계와,If the verification first authentication unique value and the registration first authentication unique value are the same as the result of the comparison in the fourth step, the connection attempting device authentication system transmits the verification first authentication unique value to the user authentication server. The fifth step,
상기 접속 시도 기기 인증 시스템이 상기 제5단계 후 상기 사용자인증서버로부터의 인증이 성공되면 상기 접속 시도 기기에 온라인 서비스가 제공되도록 하는 제6단계와,A sixth step of allowing the connection attempting device authentication system to provide an online service to the connection attempting device if authentication from the user authentication server is successful after the fifth step;
상기 접속 시도 기기 인증 시스템이 상기 제4단계의 비교결과 상기 검증용 1차인증고유값과 상기 등록용 1차인증고유값이 동일하지 않거나, 상기 제5단계 후 상기 사용자인증서버로부터의 인증이 실패되면, 상기 접속 시도 기기에 온라인 서비스가 차단되도록 하는 제7단계를 포함한 것을 특징으로 한다.When the connection attempt device authentication system compares the fourth step with the verification first authentication unique value and the registration first authentication unique value, the authentication from the user authentication server fails after the fifth step. And a seventh step of blocking an online service to the access attempt device.
또한, 이 발명에 따른 컴퓨터로 읽을 수 있는 기록매체에 있어서, 사용자인증서버와 접속된 기기에 접속 시도 기기 인증 방법을 실행하기 위한 컴퓨터로 읽을 수 있는 기록매체에 있어서,In addition, in the computer-readable recording medium according to the present invention, in a computer-readable recording medium for executing a device authentication method for connecting to a device connected to the user authentication server,
상기 접속 시도 기기 인증 방법은, 상기 기기에 대한 접속 시도 기기 검증이 요청되면, 상기 접속 시도 기기 인증 시스템이 상기 접속 시도 기기의 기기 종류 및 운영체제를 파악하는 제1단계와,The connection attempt device authentication method may include: a first step of identifying, by the connection attempt device authentication system, a device type and an operating system of the connection attempt device when a request for verification of a connection attempt device for the device is requested;
상기 접속 시도 기기 인증 시스템이 상기 접속 시도 기기의 기기 종류 및 운영체제별로 수집 가능한 하드웨어와 소프트웨어 환경 정보 중 적어도 둘 이상의 환경 정보를 수집하는 제2단계와,A second step of collecting, by the connection attempt device authentication system, at least two or more pieces of environment information among hardware and software environment information that can be collected for each device type and operating system of the connection attempt device;
상기 접속 시도 기기 인증 시스템이 상기 접속 시도 기기로부터 적어도 둘 이상의 환경 정보를 조합하여 검증용 1차인증고유값을 산출하는 제3단계와,A third step of the connection attempt device authentication system combining at least two or more environmental information from the connection attempt device to calculate a primary authentication unique value for verification;
상기 접속 시도 기기 인증 시스템이 상기 검증용 1차 인증고유값과 상기 접속 시도 기기의 저장부에 저장된 등록용 1차인증고유값을 비교하는 제4단계와,A fourth step of the connection attempt device authentication system comparing the primary authentication unique value for verification and the registration primary authentication unique value stored in a storage unit of the connection attempt device;
상기 제4단계의 비교결과 상기 검증용 1차인증고유값과 상기 등록용 1차인증고유값이 동일하면, 상기 접속 시도 기기 인증 시스템이 검증용 1차인증고유값을 상기 사용자인증서버에게 전송하는 제5단계와,If the verification first authentication unique value and the registration first authentication unique value are the same as the result of the comparison in the fourth step, the connection attempting device authentication system transmits the verification first authentication unique value to the user authentication server. The fifth step,
상기 접속 시도 기기 인증 시스템이 상기 제5단계 후 상기 사용자인증서버로부터의 인증이 성공되면 상기 접속 시도 기기에 온라인 서비스가 제공되도록 하는 제6단계와,A sixth step of allowing the connection attempting device authentication system to provide an online service to the connection attempting device if authentication from the user authentication server is successful after the fifth step;
상기 접속 시도 기기 인증 시스템이 상기 제4단계의 비교결과 상기 검증용 1차인증고유값과 상기 등록용 1차인증고유값이 동일하지 않거나, 상기 제5단계 후 상기 사용자인증서버로부터의 인증이 실패되면, 상기 접속 시도 기기에 온라인 서비스가 차단되도록 하는 제7단계를 포함한 것을 특징으로 한다.When the connection attempt device authentication system compares the fourth step with the verification first authentication unique value and the registration first authentication unique value, the authentication from the user authentication server fails after the fifth step. And a seventh step of blocking an online service to the access attempt device.
이상과 같이 이 발명에 따르면 등록 기기가 소프트웨어 및/또는 하드웨어 환경 정보를 기반으로 1차인증고유값과 2차인증고유값을 산출하고 자체적인 1차 인증 후 웹서버를 통한 2차 인증을 수행하기 때문에 네트워크 패킷 해킹으로부터 보안을 강화할 수 있는 효과가 있다. 또한, 이 발명에 따르면 등록 기기 및 접속 시도 기기의 종류(PC, 모바일폰, 태블릿PC), 해당 기기에 설치된 운영체제(OS)의 종류에 따라 각각 수집 가능한 정보들을 조합하여 인증고유값을 산출하기 때문에, 인증고유값 변조가 어렵게 되어 보안이 강화되는 효과가 있다.As described above, according to the present invention, the registered device calculates the first authentication unique value and the second authentication unique value based on the software and / or hardware environment information, and performs the second authentication through the web server after the first authentication. Therefore, there is an effect that can enhance the security against network packet hacking. In addition, according to the present invention, since the authentication unique value is calculated by combining the information that can be collected according to the type of the registered device and the connection attempt device (PC, mobile phone, tablet PC) and the operating system (OS) installed in the device. For example, it is difficult to tamper with the authentication intrinsic value, thereby enhancing security.
도 1은 이 발명에 따른 접속 시도 기기 인증 시스템을 도시한 구성 블록도이다.1 is a block diagram showing a connection attempt device authentication system according to the present invention.
도 2 및 도 3은 이 발명에 따른 접속 시도 기기 인증 방법을 도시한 동작 흐름도이다.2 and 3 are flowcharts illustrating a method for authenticating a connection attempt device according to the present invention.
* 부호의 설명 ** Explanation of Codes *
110 : 컴퓨터 유저 기기 111 : 저장부110: computer user device 111: storage unit
112 : 통신부 120 : 통신망112: communication unit 120: communication network
130 : 사용자인증서버 131 : 서버데이터베이스130: user authentication server 131: server database
140 : 접속 시도 기기 인증 시스템 141 : 정보수집모듈140: connection attempt device authentication system 141: information collection module
142 : 1차인증고유값산출모듈 143 : 2차인증고유값산출모듈142: second authentication unique value calculation module 143: second authentication unique value calculation module
144 : 인증제어모듈144: authentication control module
이하, 첨부된 도면을 참조하여 이 발명에 따른 접속 시도 기기 인증 시스템 및 방법을 보다 상세하게 설명한다.Hereinafter, a system and method for authenticating a connection attempt according to the present invention will be described in detail with reference to the accompanying drawings.
도 1은 이 발명에 따른 접속 시도 기기 인증 시스템을 도시한 구성 블록도이다.1 is a block diagram showing a connection attempt device authentication system according to the present invention.
기기(110)는 통신망(120)을 통해 사용자인증서버(130)와 접속된다. 사용자인증서버(130)는 기기(110)에 다양한 온라인 서비스를 제공하는 통상적인 웹서버와 물리적으로 병용될 수도 있다. 사용자인증서버(130)는 서버데이터베이스(131)와 연결되며 기기(110)에게 기기 지정 서비스를 제공한다. 서버데이터베이스(131)에는 사용자 식별정보(사용자 아이디)와 매칭되어 사용자가 지정해 놓은 등록 기기별 인증고유값이 저장된다. 하나의 사용자 식별정보에 다수의 등록 기기가 매칭되어 저장된 경우, 서버데이터베이스(131)에는 등록 기기별 고유식별명도 함께 저장될 수 있다. 여기서, 기기 지정 서비스라 함은 사용자가 임의의 기기를 사용자인증서버(130)에 온라인 서비스 이용을 위한 등록 기기로 지정하거나 취소하는 절차 또는 임의의 사용자 아이디로 웹서버에 접속을 시도하는 기기가 해당 사용자 아이디에 기지정된 등록 기기인지를 검증하는 절차를 포함한다.The device 110 is connected to the user authentication server 130 through the communication network 120. The user authentication server 130 may be physically used together with a typical web server that provides various online services to the device 110. The user authentication server 130 is connected with the server database 131 and provides a device designation service to the device 110. The server database 131 stores authentication unique values for each registered device that are matched with user identification information (user ID) and designated by the user. When a plurality of registered devices are matched and stored in one user identification information, the server database 131 may also store unique identification names for each registered device. Here, the device designation service refers to a procedure in which a user designates or cancels an arbitrary device as a registered device for using an online service on the user authentication server 130, or a device that attempts to access a web server with an arbitrary user ID. And a procedure for verifying whether the registered device is based on the user ID.
기기(110)는 이 발명에 따른 접속 시도 기기 인증 시스템(140)을 포함한다. 이 접속 시도 기기 인증 시스템(140)은 소프트웨어로 제작되어 기기(110)에 설치되며 기기(110)의 하드웨어 장비를 이용하여 실행된다. 이 소프트웨어는 사용자인증서버(130) 또는 타 소프트웨어 공급서버를 통해 기기(110)에 다운로드되어 설치될 수 있다. 기기(110)가 웹서버를 통해 온라인 서비스(예컨대, 전자금융서비스, 전자입찰, 온라인게임, 온라인판매 등)을 이용하려면 반드시 접속 시도 기기 인증 시스템(140)을 설치하도록 한다.The device 110 includes a connection attempt device authentication system 140 according to the present invention. The connection attempt device authentication system 140 is made of software, installed in the device 110, and executed using hardware equipment of the device 110. This software may be downloaded and installed on the device 110 through the user authentication server 130 or other software supply server. In order to use the online service (eg, electronic banking service, electronic bidding, online games, online sales, etc.) through the web server, the device 110 must install the access attempt device authentication system 140.
접속 시도 기기 인증 시스템(140)은, 정보수집모듈(141)과, 1차인증고유값산출모듈(142)과, 2차인증고유값산출모듈(143)과, 인증제어모듈(144)을 포함한다.The connection attempt device authentication system 140 includes an information collection module 141, a first authentication unique value calculation module 142, a second authentication unique value calculation module 143, and an authentication control module 144. do.
정보수집모듈(141)은, 기기(110)에 설치된 하드웨어 환경 및 소프트웨어 환경 정보를 수집하는데, 여기에는 하드웨어 일련번호, UUID(Universally Unique ID), 하드디스크 시리얼넘버(HDD serial number), 하드디스크 볼륨 시리얼넘버(HDD volumn serial number), 하드디스크 모델 이름(HDD model name), 운영 체제(OS), OS 설치 아이디(ID), USIM(Universal Subscriber Identity Module)카드에 저장된 가입자식별번호(IMSI : Internatioal Mobile Subscriber Identity), 네트워크 세션키, 기기고유번호(IMEI : International Mobile Equipment Identity) 등이 포함된다. 정보수집모듈(141)은 기기의 종류가 모바일폰인지, PC인지, 아니면 태블릿PC에 따라 그리고, 기기에 설치된 운영체제(OS)가 윈도우즈(Windows)인지, 리눅스인지, iOS인지, 안드로이드인지, 아니면 윈도우즈모바일인지에 따라 서로 다른 환경 정보를 수집한다.The information collection module 141 collects hardware environment and software environment information installed in the device 110, which includes a hardware serial number, a universally unique ID (UUID), a hard disk serial number (HDD serial number), and a hard disk volume. Serial number (HDD volumn serial number), HDD model name (HDD model name), operating system (OS), OS installation ID (ID), and subscriber identification number (IMSI: Internatioal Mobile) stored on the Universal Subscriber Identity Module (USIM) card Subscriber Identity, Network Session Key, and International Mobile Equipment Identity (IMEI). The information collection module 141 is a type of device, whether it is a mobile phone, a PC, or a tablet PC, and whether the operating system (OS) installed in the device is Windows, Windows, Linux, iOS, Android, or Windows. Collect different environmental information depending on whether it is mobile.
인증제어모듈(144)은 이 발명에 따른 기기 등록 절차와, 접속 시도 기기 검증 절차를 수행한다. 이 발명의 명세서에서, 등록 기기와 접속 시도 기기가 동일한 기기일지라도, 사용자에 의해 등록 기기로 지정되는 기기 등록 절차에서는 등록 기기로 명명하고, 사용자가 웹서버에 접속하여 온라인 서비스를 이용하고자 하는 접속 시도 기기 검증 절차에서는 접속 시도 기기로 명명한다.The authentication control module 144 performs a device registration procedure and a connection attempt device verification procedure according to the present invention. In the specification of the present invention, even if the registration device and the connection attempt device are the same device, in the device registration procedure designated by the user as the registration device, the user attempts to connect to the web server and use the online service by naming it as the registration device. In the device verification procedure, it is called a connection attempt device.
기기 등록 절차에서, 인증제어모듈(144)은 1차인증고유값산출모듈(142)에서 산출된 등록용 1차인증고유값을 해쉬값으로 변환하여 저장부(111)에 파일로 저장한다. 그러면, 저장부(111)에는 1차인증고유값 파일이 저장되며 그 1차인증고유값 파일 생성시간이 기록된다. 다음, 인증제어모듈(144)은 2차인증고유값산출모듈(143)에서 산출된 등록용 2차인증고유값을 해쉬값으로 변환하여 사용자 식별정보와 함께 통신부(112)를 통해 사용자인증서버(130)에게 전달한다. 이때, 해당 등록 기기를 식별하기 위한 고유식별명을 함께 전송할 수도 있다. 그러면, 사용자인증서버(130)는 서버데이터베이스(131)에 사용자 식별정보와 등록 기기의 등록용 2차인증고유값 및 고유식별명을 연계하여 저장한다. 2차인증고유값산출모듈(143)은 생략 가능하며, 이 경우 1차인증고유값산출모듈(142)에서 산출된 등록용 1차인증고유값을 등록용 2차인증고유값으로 사용할 수 있다.In the device registration procedure, the authentication control module 144 converts the registration primary authentication unique value calculated by the primary authentication unique value calculation module 142 into a hash value and stores it as a file in the storage unit 111. Then, the storage unit 111 stores the first authentication unique value file and records the first authentication unique value file generation time. Next, the authentication control module 144 converts the second authentication unique value for registration calculated by the second authentication unique value calculation module 143 into a hash value and transmits the user authentication server through the communication unit 112 together with the user identification information. 130). In this case, the unique identification name for identifying the registered device may be transmitted together. Then, the user authentication server 130 stores the user identification information, the secondary authentication unique value for registration of the registered device, and the unique identification name in the server database 131. The second authentication unique value calculation module 143 may be omitted. In this case, the first authentication unique value for registration calculated by the first authentication unique value calculation module 142 may be used as the second authentication unique value for registration.
접속 시도 기기 검증 절차에서, 인증제어모듈(144)은 1차인증고유값산출모듈(142)에서 산출된 검증용 1차인증고유값을 해쉬값으로 변환하여 등록 기기 등록절차에서 파일로 저장된 등록용 1차인증고유값과 비교하여 접속 시도 기기가 등록 기기인지 여부를 1차 인증한다. 1차 인증이 통과되면, 인증제어모듈(144)은 2차인증고유값산출모듈(143)에서 산출된 검증용 2차인증고유값을 해쉬값으로 변환하여 사용자 식별정보와 함께 통신부(112)를 통해 사용자인증서버(130)에게 전달한다. 그러면, 사용자인증서버(130)는 수신된 검증용 2차인증고유값과 서버데이터베이스(131)에 저장된 등록용 2차인증고유값을 비교하여 접속 시도 기기가 등록 기기인지 여부를 2차 인증한다. 2차인증고유값산출모듈(143)이 생략된 경우 검증용 1차인증고유값과 검증용 2차인증고유값은 동일하다.In the connection attempt device verification procedure, the authentication control module 144 converts the primary authentication unique value for verification calculated by the primary authentication unique value calculation module 142 into a hash value for registration stored as a file in the registration device registration procedure. The primary authentication is made as to whether the connection attempting device is a registered device compared with the primary authentication unique value. When the first authentication passes, the authentication control module 144 converts the second authentication unique value for verification calculated by the second authentication unique value calculation module 143 into a hash value to convert the communication unit 112 together with the user identification information. Transfer to the user authentication server 130 through. Then, the user authentication server 130 compares the received second authentication unique value for verification with the registration second authentication unique value stored in the server database 131 to secondly authenticate whether or not the connection attempting device is a registered device. When the second authentication unique value calculation module 143 is omitted, the first authentication unique value for verification and the second authentication unique value for verification are the same.
등록 기기와 접속 시도 기기가 동일하고 하드웨어 및 소프트웨어 환경이 변경되지 않은 경우, 등록용 1차인증고유값과 검증용 1차인증고유값이 동일하며 등록용 2차인증고유값과 검증용 2차인증고유값이 동일하기 때문에, 접속 시도 기기는 1차 인증 및 2차 인증에 모두 성공하여 온라인 서비스를 이용할 수 있게 된다. 그러나, 등록 기기와 접속 시도 기기가 다를 경우, 등록용 1차인증고유값(등록 기기에 저장된 인증고유값)과 검증용 1차인증고유값이 동일할 수 없기 때문에 1차 인증을 통과할 수 없게 되고, 설사 1차 인증을 통과하게 되더라도 등록용 2차인증고유값(사용자인증서버에 저장된 인증고유값)과 검증용 2차인증고유값(또는 검증용 1차인증고유값)이 동일하지 않기 때문에 2차 인증을 통과할 수 없게 된다. 접속 시도 기기가 1차 인증 또는 2차 인증에 성공하지 못하면 웹서버의 온라인 서비스를 이용할 수 없게 된다.If the registration device and the connection attempt device are the same and the hardware and software environment has not changed, the first authentication unique value for registration and the first authentication unique value for verification are the same, the second authentication unique value for registration and second verification for verification are the same. Since the eigenvalues are the same, the connection attempting device can succeed in both the first authentication and the second authentication to use the online service. However, if the registration device and the connection attempt device are different, the primary authentication unique value (authentication unique value stored in the registered device) and the verification primary authentication unique value cannot be the same. Even if the first authentication passes, the second authentication unique value for registration (the authentication unique value stored in the user authentication server) and the second authentication unique value for verification (or the first authentication unique value for verification) are not the same. You will not be able to pass Secondary Authentication. If the attempted device does not succeed in the first or second authentication, the web server's online service cannot be used.
인증제어모듈(144)은 등록 기기와 접속 시도 기기의 다양한 하드웨어 환경 및 소프트웨어 환경 정보를 조합하여 인증고유값을 생성하기 때문에, 등록 기기의 하드웨어나 소프트웨어가 변경될 경우(예컨대, 하드디스크 교체, 운영체제 재설치, 파일 변경), 인증제어모듈(144)은 등록 기기와 접속 시도 기기가 동일하지 않는 것으로 판단한다. 이럴 경우, 인증제어모듈(144)은 하드웨어 및 소프트웨어 환경이 변경된 등록 기기를 신규 기기로 인식하고, 사용자로 하여금 신규 기기 등록 절차를 진행하도록 안내한다.Since the authentication control module 144 combines various hardware environment and software environment information of the registration device and the connection attempt device to generate an authentication unique value, when the hardware or software of the registration device is changed (for example, replacing a hard disk or an operating system). Reinstallation, file change), and the authentication control module 144 determines that the registration device and the connection attempt device are not the same. In this case, the authentication control module 144 recognizes the registered device whose hardware and software environment has been changed as a new device, and guides the user to proceed with the new device registration procedure.
1차인증고유값산출모듈(142)은 정보수집모듈(141)에서 수집된 기기(110)의 하드웨어 및 소프트웨어 환경 정보 중, 기기에 설치된 운영체제(OS)에 따라 수집 가능한 정보들을 이용하여 1차인증고유값을 산출하고, 해쉬값으로 변환하여 파일로 생성한다.The first authentication unique value calculation module 142 performs first authentication using information that can be collected according to an operating system (OS) installed in the device among hardware and software environment information of the device 110 collected by the information collection module 141. Calculate the eigenvalues, convert them to hash values, and create them as files.
여기서, 1차인증고유값은 기기의 종류 및 기기에 설치된 운영체제의 종류에 따라 각기 다른 기기 식별 정보들을 조합하여 생성된다.Here, the first authentication unique value is generated by combining different device identification information according to the type of device and the type of operating system installed in the device.
제1실시예로서, 기기가 컴퓨터이고, 기기에 설치된 운영체제가 윈도우즈 운영체제(Windows OS)이면, 1차인증고유값산출모듈(142)은 OS 설치 아이디와 하드디스크 시리얼넘버와 파일 생성 시간 및 사용자 식별정보 등을 조합하여 1차인증고유값을 생성한다. 여기서, OS 설치 아이디라 함은 윈도우즈 OS 설치시 제품 ID와 하드웨어 식별자 정보를 기반으로 생성되는 고유 설치 아이디를 의미한다.As a first embodiment, if the device is a computer and the operating system installed in the device is a Windows operating system (Windows OS), the primary authentication unique value calculation module 142 may identify the OS installation ID, hard disk serial number, file creation time, and user identification. The first authentication unique value is generated by combining information and the like. Here, the OS installation ID means a unique installation ID generated based on the product ID and hardware identifier information when installing the Windows OS.
한편, 제2실시예로서, 기기가 컴퓨터이고, 기기에 설치된 운영체제가 리눅스 운영체제(Linux OS)이면, 1차인증고유값산출모듈(142)은 UUID와 하드디스크 모델 이름(HDD model name)과 생성 시간 및 사용자 식별정보 등을 조합하여 1차인증고유값을 생성한다. 여기서, 리눅스 운영체제에서 하드디스크 모델 이름을 조합하여 1차인증고유값을 생성하는 이유는, 리눅스 운영체제에서는 일반 사용자 권한으로는 하드디스크 시리얼넘버 정보에 접근할 수 없기 때문이다. 마지막으로 기기에 설치된 운영체제가 맥 운영체제(Mac OS)이면, 하드웨어 일련번호와 하드디스크 시리얼넘버와 생성 시간 및 사용자 식별정보 등을 조합하여 1차인증고유값을 생성한다.On the other hand, as a second embodiment, if the device is a computer, the operating system installed in the device is a Linux operating system (Linux OS), the first authentication unique value calculation module 142 generates a UUID and HDD model name (HDD model name) The first authentication unique value is generated by combining time and user identification information. Here, the reason why the Linux operating system generates the first authentication unique value by combining the hard disk model names is that the Linux operating system cannot access the hard disk serial number information with general user authority. Finally, if the operating system installed in the device is a Mac operating system (Mac OS), the first authentication unique value is generated by combining the hardware serial number, the hard disk serial number, the creation time, and the user identification information.
제3실시예로서, 기기가 모바일폰일 때 1차인증고유값을 생성하는 방법을 설명한다. 통상적으로 모바일폰은 이동통신사에 가입하여야 사용 가능한데, 해당 이동통신사가 서비스하는 통신 규약 기술(W-CDMA 또는 GSM)에 따라 모바일폰에는 USIM(Universal Subscriber Identity Module)카드 또는 SIM(Subscriber Identity Module)카드가 장착된다. 이 USIM카드 또는 SIM카드에는 가입자식별번호(IMSI), 네트워크정보, 인증정보 등과 같은 중요 정보와 함께 텍스트메시지, 이메일, 폰북 등과 같은 개인부가컨텐츠가 저장된다.As a third embodiment, a method of generating a primary authentication unique value when the device is a mobile phone will be described. In general, a mobile phone can be used by subscribing to a mobile carrier, and according to a communication protocol technology (W-CDMA or GSM) serviced by the mobile carrier, the mobile phone has a Universal Subscriber Identity Module (USIM) card or a Subscriber Identity Module (SIM) card. Is fitted. The USIM card or SIM card stores personal additional contents such as text messages, e-mails, phone books, etc. along with important information such as subscriber identification number (IMSI), network information, authentication information, and the like.
기기가 모바일폰이고 OS가 안드로이드이면, 1차인증고유값산출모듈(142)은 가입자식별번호(IMSI), 기기고유번호(IMEI), 모델번호, 펌웨어버전, 기저대역버전, 커널버전, 빌드번호 등을 조합하여 1차인증고유값을 생성한다. 기기가 모바일폰이고 OS가 iOS이면 가입자식별번호(IMSI), 기기고유번호(IMEI), iOS버전, ICCID(Integrated Circuit Card IDentifier) 등을 조합하여 1차인증고유값을 생성한다. 기기가 모바일폰이고 OS가 윈도우즈모바일이면, 가입자식별번호(IMSI), 기기고유번호(IMEI) 등을 조합하여 1차인증고유값을 생성한다. 물론, 2차인증고유값산출모듈(143)도 상술한 바와 같이 기기로부터 하드웨어 정보 및/또는 소프트웨어 정보를 추출하여 2차인증고유값을 생성할 수도 있다.If the device is a mobile phone and the OS is Android, the first authentication unique value calculation module 142 is a subscriber identification number (IMSI), device unique number (IMEI), model number, firmware version, baseband version, kernel version, build number And the like to generate the first authentication unique value. If the device is a mobile phone and the OS is iOS, the first authentication unique value is generated by combining the subscriber identification number (IMSI), the device unique number (IMEI), the iOS version, and the integrated circuit card IDentifier (ICCID). If the device is a mobile phone and the OS is Windows Mobile, a first authentication unique value is generated by combining the subscriber identification number (IMSI), the device unique number (IMEI), and the like. Of course, the second authentication unique value calculation module 143 may also generate the second authentication unique value by extracting hardware information and / or software information from the device as described above.
기기 등록시, 1차인증고유값산출모듈(142)은 저장부에 등록용 1차인증고유값 파일이 기록되는 시간(생성 시간)을 기반으로 등록용 1차인증고유값을 산출하고 해쉬값으로 변환하여 파일로 저장하는데, 이때 저장부에는 해당 등록용 1차인증고유값 파일의 생성 시간이 기록된다. 이 후, 접근 시도 기기 검증시, 1차인증고유값산출모듈(142)은 저장부에 기록된 파일 생성 시간 정보를 기반으로 검증용 1차인증고유값을 산출하고 등록용 1차인증고유값과 비교한다. 이로 인해, 등록용 1차인증고유값 파일이 접근 시도 기기에 복사되어 사용되는 것을 방지할 수 있다. 즉, 등록 기기에 저장된 등록용 1차인증고유값 파일을 접근 시도 기기에 복사하게 되면, 그 등록용 1차인증고유값 산출시 이용된 생성 시간 정보와 접근 시도 기기의 저장부에 기록되는 생성 시간 정보가 달라지기 때문에, 접근 시도 기기 검증시 등록용 1차인증고유값과 검증용 1차인증고유값이 동일하지 않게 된다.Upon registration of the device, the primary authentication unique value calculation module 142 calculates the primary authentication unique value for registration based on the time (creation time) at which the primary authentication unique value file for registration is recorded in the storage and converts it into a hash value. In this case, the generation time of the primary authentication unique value file for registration is recorded. Subsequently, when verifying the access attempt device, the first authentication unique value calculation module 142 calculates a first authentication unique value for verification based on the file generation time information recorded in the storage unit and registers the first authentication unique value for registration. Compare. As a result, it is possible to prevent the primary authentication unique value file for registration from being copied and used in the access attempt device. That is, when the primary authentication unique value file for registration stored in the registration device is copied to the access attempt device, the generation time information used when calculating the primary authentication unique value for registration and the generation time recorded in the storage unit of the access attempt device Since the information is different, the primary authentication unique value for registration and the primary authentication unique value for verification are not the same when the access attempt device is verified.
2차인증고유값산출모듈(143)은 정보수집모듈(141)에서 수집된 기기(110)의 하드웨어 환경 정보 중 기기 고유의 하드웨어 정보를 기반으로 2차인증고유값을 산출한다. 물론, 상술한 바와 같이 2차인증고유값산출모듈(143)은 생략 가능하며, 1차인증고유값산출모듈에서 생성된 1차인증고유값을 이용하여 2차인증(기기와 사용자인증서버간 통신을 통한 인증)을 수행할 수도 있다.The second authentication unique value calculation module 143 calculates the second authentication unique value based on hardware-specific hardware information of the hardware environment information of the device 110 collected by the information collection module 141. Of course, as described above, the second authentication unique value calculation module 143 may be omitted, and second authentication (communication between the device and the user authentication server using the first authentication unique value generated by the first authentication unique value calculation module) may be omitted. Can also be performed through authentication).
도 2와 도 3은 이 발명에 따른 접속 시도 기기 인증 방법을 도시한 동작 흐름도이다.2 and 3 are flowcharts illustrating a method for authenticating a connection attempt device according to the present invention.
접속 시도 기기 인증 시스템(140)은, 사용자로부터 현 기기에 대한 기기 등록이 요청되면(S201), 기기의 종류 및 운영체제 종류를 파악하고(S202), 기기 종류 및 운영체제별로 수집 가능한 하드웨어 및/또는 소프트웨어 환경을 수집한다(S203). 여기서, 운영체제별로 수집 가능한 하드웨어 및/또는 소프트웨어 환경은 미리 설정해 놓을 수도 있다.When a device registration system 140 requests a device registration for a current device from a user (S201), the connection attempt device authentication system 140 identifies a device type and an operating system type (S202), and collects hardware and / or software for each device type and operating system. Collect the environment (S203). Here, the hardware and / or software environment that can be collected for each operating system may be set in advance.
그리고, 수집된 하드웨어 및/또는 소프트웨어 환경 정보와, 생성 시간 정보 및 사용자 식별정보를 조합하여 등록용 1차인증고유값을 산출하고(S204), 그 등록용 1차인증고유값을 해쉬값으로 변환하며, 등록용 1차인증고유값 파일을 저장부에 저장한다(S205). 이때, 저장부에는 등록용 1차인증고유값 파일의 생성 시간이 기록된다. 여기서, 등록용 1차인증고유값을 산출하는데 조합되는 생성 시간 정보라 함은 등록용 1차인증고유값 파일의 생성 시간을 의미하는 바, 파일이 저장부에 기록되는 시간과 동일하도록 한다.Then, the collected first authentication unique value for registration is calculated by combining the collected hardware and / or software environment information, generation time information, and user identification information (S204), and the first authentication unique value for registration is converted into a hash value. In addition, the primary authentication unique value file for registration is stored in the storage unit (S205). At this time, the storage unit records the generation time of the primary authentication unique value file for registration. Here, the generation time information combined to calculate the primary authentication unique value for registration means the generation time of the primary authentication unique value file for registration, so that the file is equal to the time recorded in the storage unit.
다음, 접속 시도 기기 인증 시스템(140)은 미리 설정해 놓은 하드웨어 및/또는 소프트웨어 환경 정보로부터 등록용 2차인증고유값을 산출하고(S206), 산출된 등록용 2차인증고유값을 사용자인증서버에게 전송한다(S207). 여기서, 단계 S206을 생략하고, 단계 S204에서 산출된 등록용 1차인증고유값을 단계 S207에서 등록용 2차인증고유값으로 설정하여 사용자인증서버에게 전송할 수도 있다. 이렇게 하여 사용자인증서버에 등록 기기의 2차인증고유값(1차인증고유값과 동일할 수도 있고, 다를 수도 있음)이 등록된다.Next, the connection attempt device authentication system 140 calculates a second authentication unique value for registration from preset hardware and / or software environment information (S206), and calculates the calculated second authentication unique value for the user authentication server. It transmits (S207). Here, step S206 may be omitted, and the registration primary authentication unique value calculated in step S204 may be set as the registration secondary authentication unique value in step S207 and transmitted to the user authentication server. In this way, the second authentication unique value (which may be the same as or different from the first authentication unique value) of the registered device is registered in the user authentication server.
다음, 사용자가 임의의 기기(이하, 접속 시도 기기)를 이용하여 온라인 서비스에 접근하고자 접속 시도 기기 검증이 요청되면(S208), 접속 시도 기기 인증 시스템(140)은 접속 시도 기기의 기기 종류 및 운영체제를 파악하고(S209), 기기 종류 및 운영체제별 수집 가능한 하드웨어 및/또는 소프트웨어 환경을 수집한다(S210). 그리고, 수집된 하드웨어 및/또는 소프트웨어 환경 정보와, 저장부에 기록된 등록용 1차 인증고유값 파일의 생성 시간 정보와, 사용자 식별정보를 조합하여 검증용 1차인증고유값을 산출하고(S211), 검증용 1차인증고유값을 저장부에 저장된 등록용 1차인증고유값과 비교한다(S212).Next, when the user is requested to verify the access attempt device to access the online service by using any device (hereinafter, referred to as access attempt device) (S208), the access attempt device authentication system 140 determines the device type and operating system of the access attempt device. (S209), collect hardware and / or software environment that can be collected for each device type and operating system (S210). Then, the first authentication unique value for verification is calculated by combining the collected hardware and / or software environment information, the generation time information of the registration first authentication unique value file recorded in the storage unit, and the user identification information (S211). ), And compares the primary authentication unique value for verification with the primary authentication unique value for registration stored in the storage unit (S212).
검증용 1차인증고유값과 등록용 1차인증고유값이 동일하면(S213), 검증용 2차인증고유값을 산출하고(S214), 검증용 2차인증고유값을 사용자인증서버에게 전송한다(S215). 단계 S214를 생략하고, 단계 S211에서 산출된 검증용 1차인증고유값을 단계 S215에서 검증용 2차인증고유값으로 설정하여 사용자인증서버에게 전송할 수도 있다. 한편, 단계 S213에서 검증용 1차인증고유값과 등록용 1차인증고유값이 동일하지 않으면(S213), 접속 시도 기기의 온라인 서비스를 차단하고(S216), 현재 접속 시도 기기를 신규 기기로 인식하며 신규 기기에 대한 기기 등록을 안내한다(S217).If the primary authentication unique value for verification and the primary authentication unique value for registration are the same (S213), the secondary authentication unique value for verification is calculated (S214), and the secondary authentication unique value for verification is transmitted to the user authentication server. (S215). The step S214 may be omitted, and the verification first authentication unique value calculated in step S211 may be set as the verification second authentication unique value in step S215 and transmitted to the user authentication server. On the other hand, if the primary authentication unique value for verification and the primary authentication unique value for registration are not the same in step S213 (S213), the online service of the connection attempting device is blocked (S216), and the current connection attempting device is recognized as a new device. And the device registration for the new device guides (S217).
단계 S215 후 사용자인증서버로부터 2차인증이 성공하면(S218), 이 접속 시도 기기는 1차인증 및 2차인증을 모두 성공한 것이기 때문에 이 접속 시도 기기에 온라인 서비스를 제공한다(S219). 그러나, 사용자인증서버로부터의 2차인증이 실패하면(S218), 접속 시도 기기의 온라인 서비스를 차단하고(S216), 현재 접속 시도 기기를 신규 기기로 인식하며 인식된 신규 기기에 대한 기기 등록을 안내한다(S217).After the step S215, if the second authentication is successful from the user authentication server (S218), since the first and second authentications are successful, the access attempting device provides an online service to the access attempting device (S219). However, if the second authentication from the user authentication server fails (S218), the online service of the attempted device is blocked (S216), the current attempted device is recognized as a new device, and the device registration for the recognized new device is guided. (S217).

Claims (24)

  1. 사용자인증서버와 접속된 기기에 설치되는 접속 시도 기기 인증 시스템에 있어서,In the connection attempt device authentication system installed in the device connected to the user authentication server,
    상기 기기에 설치된 하드웨어 환경과 소프트웨어 환경 중 적어도 둘 이상의 환경 정보를 수집하는 정보수집모듈과,An information collection module for collecting at least two environmental information of a hardware environment and a software environment installed in the device;
    사용자의 기기 등록 요청시 상기 기기에 대한 기기 등록 절차를 수행하고, 사용자가 온라인 서비스 요청시 상기 기기에 대한 접속 시도 기기 검증 절차를 수행하는 인증제어모듈과,An authentication control module that performs a device registration procedure for the device when a user requests a device registration, and performs a device verification procedure for an attempt to access the device when the user requests an online service;
    상기 기기의 종류 및 상기 기기에 설치된 운영체제의 종류에 따라 상기 정보수집모듈에서 수집된 적어도 둘 이상의 환경 정보를 조합하여 1차인증고유값을 산출하고 상기 인증제어모듈에게 제공하는 1차인증고유값산출모듈을 포함하고,A first authentication unique value is calculated by combining at least two or more environmental information collected by the information collecting module according to the type of the device and the type of operating system installed in the device, and providing the authentication control module with the first authentication unique value. Contains modules,
    상기 인증제어모듈은 상기 기기 등록 절차시 상기 1차인증고유값산출모듈로부터 입력되는 등록용 1차인증고유값을 상기 기기의 저장부에 저장하고 상기 사용자인증서버에게 전송하여 저장되도록 하며, 상기 접속 시도 기기 검증 절차시 상기 1차인증고유값산출모듈로부터 입력되는 검증용 1차인증고유값을 상기 등록용 1차인증고유값과 비교하여 검증하고 상기 사용자인증서버에게 전송하여 검증되도록 하는 것을 특징으로 하는 접속 시도 기기 인증 시스템.The authentication control module stores the first authentication unique value for registration input from the first authentication unique value calculation module during the device registration procedure in a storage unit of the device and transmits the stored to the user authentication server. In the trial device verification procedure, the primary authentication unique value for verification inputted from the primary authentication unique value calculation module is compared with the primary authentication unique value for registration, and then verified and transmitted to the user authentication server. Connection attempt device authentication system.
  2. 제 1 항에 있어서, 상기 정보수집모듈에서 수집된 적어도 둘 이상의 환경 정보를 조합하여 2차인증고유값을 산출하고 상기 인증제어모듈에게 제공하는 2차인증고유값산출모듈을 더 포함하고,The method of claim 1, further comprising a second authentication unique value calculation module for calculating a second authentication unique value by combining at least two or more environmental information collected by the information collection module and providing it to the authentication control module,
    상기 인증제어모듈은 상기 기기 등록 절차시 상기 등록용 1차인증고유값 대신 상기 2차인증고유값산출모듈로부터 입력되는 등록용 2차인증고유값을 상기 사용자인증서버에게 전송하여 저장되도록 하며, 상기 접속 시도 기기 검증 절차시 상기 검증용 1차인증고유값 대신 상기 2차인증고유값산출모듈로부터 입력되는 검증용 2차인증고유값을 상기 사용자인증서버에게 전송하여 검증되도록 하는 것을 특징으로 하는 접속 시도 기기 인증 시스템.The authentication control module transmits the second authentication unique value for registration input from the second authentication unique value calculation module to the user authentication server instead of the first authentication unique value for registration in the device registration procedure, and stores the stored information. Attempt to connect to the user authentication server to verify the second authentication unique value input from the second authentication unique value calculation module instead of the first authentication unique value for verification to the user authentication server during the device verification procedure Device authentication system.
  3. 제 1 항에 있어서, 상기 1차인증고유값산출모듈은 상기 등록용 1차인증고유값이 상기 저장부에 파일로 생성되는 생성 시간을 더 조합하여 상기 등록용 1차인증고유값을 산출하고 상기 저장부에 상기 생성 시간을 기록하며, 상기 저장부에 기록된 상기 생성 시간을 더 조합하여 상기 검증용 1차인증고유값을 산출하는 것을 특징으로 하는 접속 시도 기기 인증 시스템.The method of claim 1, wherein the first authentication unique value calculation module further combines a generation time in which the first authentication unique value for registration is generated as a file in the storage unit, and calculates the first authentication unique value for registration. Recording the generation time in a storage unit, and further combining the generation time recorded in the storage unit to calculate the verification first authentication unique value.
  4. 제 2 항에 있어서, 상기 인증제어모듈은 상기 등록용 2차인증고유값 및 검증용 2차인증고유값과 함께 고유식별명을 더 전송하는 것을 특징으로 하는 접속 시도 기기 인증 시스템.The system of claim 2, wherein the authentication control module further transmits a unique identification name together with the registration second authentication unique value and the verification second authentication unique value.
  5. 제 1 항에 있어서, 상기 1차인증고유값산출모듈은 상기 기기가 컴퓨터이고 상기 기기에 설치된 운영체제가 윈도우즈 운영체제(Windows OS)이면, OS 설치 아이디를 포함하는 환경 정보를 조합하여 1차인증고유값을 산출하는 것을 특징으로 하는 접속 시도 기기 인증 시스템.The method of claim 1, wherein the first authentication unique value calculation module is a first authentication unique value by combining environment information including an OS installation ID if the device is a computer and the operating system installed in the device is a Windows operating system. The attempted device authentication system, characterized in that for calculating.
  6. 제 1 항에 있어서, 상기 1차인증고유값산출모듈은 상기 기기가 컴퓨터이고 상기 기기에 설치된 운영체제가 리눅스 운영체제(Linux OS)이면, 하드디스크 모델 이름(HDD model name)을 포함하는 환경 정보를 조합하여 1차인증고유값을 산출하는 것을 특징으로 하는 접속 시도 기기 인증 시스템.The method of claim 1, wherein the first authentication unique value calculating module is configured to combine environmental information including a hard disk model name if the device is a computer and the operating system installed in the device is a Linux operating system. And attempting to calculate a primary authentication unique value.
  7. 제 1 항에 있어서, 상기 1차인증고유값산출모듈은 상기 기기가 컴퓨터이고 상기 기기에 설치된 운영체제가 맥 운영체제(Mac OS)이면, 하드웨어 일련번호를 포함하는 환경 정보를 조합하여 1차인증고유값을 산출하는 것을 특징으로 하는 접속 시도 기기 인증 시스템.The method of claim 1, wherein the first authentication unique value calculation module is a first authentication unique value by combining environmental information including a hardware serial number if the device is a computer and the operating system installed in the device is a Mac OS. The attempted device authentication system, characterized in that for calculating.
  8. 제 1 항에 있어서, 상기 1차인증고유값산출모듈은 상기 기기가 모바일폰이면, 가입자식별번호(IMSI), 기기고유번호(IMEI)를 포함하는 환경 정보를 조합하여 1차인증고유값을 산출하는 것을 특징으로 하는 접속 시도 기기 인증 시스템.The method of claim 1, wherein the first authentication unique value calculation module calculates a first authentication unique value by combining environmental information including a subscriber identification number (IMSI) and a device unique number (IMEI) when the device is a mobile phone. Connection attempt device authentication system, characterized in that.
  9. 사용자인증서버와 접속된 기기에 설치되는 접속 시도 기기 인증 시스템의 접속 시도 기기 인증 방법에 있어서,In the connection attempt device authentication method of the connection attempt device authentication system installed in the device connected to the user authentication server,
    상기 기기에 대한 접속 시도 기기 검증이 요청되면, 상기 접속 시도 기기 인증 시스템이 상기 접속 시도 기기의 기기 종류 및 운영체제를 파악하는 제1단계와,A first step of identifying, by the access attempted device authentication system, a device type and an operating system of the access attempted device, when the verification of the attempted access device to the device is requested;
    상기 접속 시도 기기 인증 시스템이 상기 접속 시도 기기의 기기 종류 및 운영체제별로 수집 가능한 하드웨어와 소프트웨어 환경 정보 중 적어도 둘 이상의 환경 정보를 수집하는 제2단계와,A second step of collecting, by the connection attempt device authentication system, at least two or more pieces of environment information among hardware and software environment information that can be collected for each device type and operating system of the connection attempt device;
    상기 접속 시도 기기 인증 시스템이 상기 접속 시도 기기로부터 적어도 둘 이상의 환경 정보를 조합하여 검증용 1차인증고유값을 산출하는 제3단계와,A third step of the connection attempt device authentication system combining at least two or more environmental information from the connection attempt device to calculate a primary authentication unique value for verification;
    상기 접속 시도 기기 인증 시스템이 상기 검증용 1차 인증고유값과 상기 접속 시도 기기의 저장부에 저장된 등록용 1차인증고유값을 비교하는 제4단계와,A fourth step of the connection attempt device authentication system comparing the primary authentication unique value for verification and the registration primary authentication unique value stored in a storage unit of the connection attempt device;
    상기 제4단계의 비교결과 상기 검증용 1차인증고유값과 상기 등록용 1차인증고유값이 동일하면, 상기 접속 시도 기기 인증 시스템이 검증용 1차인증고유값을 상기 사용자인증서버에게 전송하는 제5단계와,If the verification first authentication unique value and the registration first authentication unique value are the same as the result of the comparison in the fourth step, the connection attempting device authentication system transmits the verification first authentication unique value to the user authentication server. The fifth step,
    상기 접속 시도 기기 인증 시스템이 상기 제5단계 후 상기 사용자인증서버로부터의 인증이 성공되면 상기 접속 시도 기기에 온라인 서비스가 제공되도록 하는 제6단계와,A sixth step of allowing the connection attempting device authentication system to provide an online service to the connection attempting device if authentication from the user authentication server is successful after the fifth step;
    상기 접속 시도 기기 인증 시스템이 상기 제4단계의 비교결과 상기 검증용 1차인증고유값과 상기 등록용 1차인증고유값이 동일하지 않거나, 상기 제5단계 후 상기 사용자인증서버로부터의 인증이 실패되면, 상기 접속 시도 기기에 온라인 서비스가 차단되도록 하는 제7단계를 포함한 것을 특징으로 하는 접속 시도 기기 인증 방법.When the connection attempt device authentication system compares the fourth step with the verification first authentication unique value and the registration first authentication unique value, the authentication from the user authentication server fails after the fifth step. And a seventh step of blocking an online service to the access attempting device.
  10. 제 9 항에 있어서, 상기 제5단계는, 상기 제4단계의 비교결과 상기 검증용 1차인증고유값과 상기 등록용 1차인증고유값이 동일하면, 상기 접속 시도 기기 인증 시스템이 검증용 2차인증고유값을 산출하고, 상기 검증용 1차인증고유값 대신 상기 검증용 2차인증고유값을 상기 사용자인증서버에게 전송하는 것을 특징으로 하는 접속 시도 기기 인증 방법.10. The method of claim 9, wherein in the fifth step, if the verification primary authentication unique value and the registration primary authentication unique value are the same as the result of the comparison in the fourth step, the connection attempting device authentication system performs verification 2. Calculating a difference authentication unique value and transmitting the verification second authentication unique value to the user authentication server instead of the verification first authentication unique value.
  11. 제 9 항에 있어서, 상기 제7단계는 상기 접속 시도 기기 인증 시스템이 상기 접속 시도 기기에 대한 기기 등록을 안내하는 것을 특징으로 하는 접속 시도 기기 인증 방법.10. The method of claim 9, wherein in the seventh step, the connection attempt device authentication system guides device registration for the connection attempt device.
  12. 제 9 항에 있어서, 상기 제1단계 전 상기 기기에 대한 등록 기기 등록이 요청되면, 상기 접속 시도 기기 인증 시스템이 상기 등록 기기의 기기 종류 및 운영체제를 파악하는 제8단계와,The method of claim 9, further comprising: an eighth step of, when the registration device registration request for the device is requested before the first step, the connection attempt device authentication system to identify a device type and an operating system of the registered device;
    상기 접속 시도 기기 인증 시스템이 상기 등록 기기의 운영체제별로 수집 가능한 하드웨어와 소프트웨어 환경 정보 중 적어도 둘 이상의 환경 정보를 수집하는 제9단계와,A ninth step of the access attempting device authentication system collecting at least two or more pieces of environment information among hardware and software environment information that can be collected for each operating system of the registered device;
    상기 접속 시도 기기 인증 시스템이 상기 등록 기기의 기기 종류 및 운영체제에 따라 수집된 적어도 둘 이상의 환경 정보를 조합하여 상기 등록용 1차인증고유값을 산출하는 제10단계와,A tenth step in which the connection attempt device authentication system combines at least two or more pieces of environmental information collected according to a device type and an operating system of the registered device to calculate the first authentication unique value for registration;
    상기 접속 시도 기기 인증 시스템이 상기 등록용 1차 인증고유값을 상기 저장부에 저장하는 제11단계와,An eleventh step of storing, by the connection attempting device authentication system, the first authentication unique value for registration in the storage unit;
    상기 접속 시도 기기 인증 시스템이 상기 등록용 1차인증고유값을 상기 사용자인증서버에게 전송하는 제12단계를 더 포함한 것을 특징으로 하는 접속 시도 기기 인증 방법.And a twelfth step of the connection attempt device authentication system transmitting the registration first authentication unique value to the user authentication server.
  13. 제 12 항에 있어서, 상기 제12단계는, 상기 접속 시도 기기 인증 시스템이 등록용 2차인증고유값을 산출하여 상기 등록용 1차인증고유값 대신 상기 등록용 2차인증고유값을 상기 사용자인증서버에게 전송하는 것을 특징으로 하는 접속 시도 기기 인증 방법.13. The method of claim 12, wherein in the twelfth step, the connection attempting device authentication system calculates a second authentication unique value for registration and replaces the second authentication unique value for registration instead of the first authentication unique value for registration. And a connection attempt device authentication method, characterized in that it is transmitted to a server.
  14. 제 12 항에 있어서, 상기 제10단계는 상기 등록용 1차인증고유값이 상기 저장부에 파일로 생성되는 생성 시간을 더 조합하여 상기 등록용 1차인증고유값을 산출하고 상기 제11단계는 상기 저장부에 상기 생성 시간을 기록하며, 상기 제3단계는 상기 저장부에 기록된 상기 생성 시간을 더 조합하여 상기 검증용 1차인증고유값을 산출하는 것을 특징으로 하는 접속 시도 기기 인증 방법.The method of claim 12, wherein the tenth step further calculates the first authentication unique value for registration by further combining a generation time at which the first authentication unique value for registration is generated as a file in the storage unit. And recording the generation time in the storage unit, and in the third step, further combining the generation time recorded in the storage unit to calculate the primary authentication unique value for verification.
  15. 제 12 항 또는 제 13 항에 있어서, 상기 제5단계와 상기 제12단계는, 상기 사용자인증서버에게 상기 기기의 고유식별명을 더 전송하는 것을 특징으로 하는 접속 시도 기기 인증 방법.The method of claim 12 or 13, wherein the fifth step and the twelfth step further transmit a unique identification name of the device to the user authentication server.
  16. 제 12 항에 있어서, 상기 제3단계와 제10단계는 상기 기기가 컴퓨터이고 상기 기기에 설치된 운영체제가 윈도우즈 운영체제(Windows OS)이면, OS 설치 아이디를 포함하는 환경 정보를 조합하여 1차인증고유값을 산출하는 것을 특징으로 하는 접속 시도 기기 인증 방법.The method of claim 12, wherein the third step and the tenth step are performed when the device is a computer and the operating system installed in the device is a Windows operating system. And attempting to authenticate the connection attempt device.
  17. 제 12 항에 있어서, 상기 제3단계와 제10단계는 상기 기기가 컴퓨터이고 상기 기기에 설치된 운영체제가 리눅스 운영체제(Linux OS)이면, 하드디스크 모델 이름(HDD model name)을 포함하는 환경 정보를 조합하여 1차인증고유값을 산출하는 것을 특징으로 하는 접속 시도 기기 인증 방법.13. The method of claim 12, wherein the third and tenth steps are combined with environment information including a hard disk model name if the device is a computer and the operating system installed in the device is a Linux operating system. And attempting to calculate a primary authentication unique value.
  18. 제 12 항에 있어서, 상기 제3단계와 제10단계는 상기 기기가 컴퓨터이고 상기 기기에 설치된 운영체제가 맥 운영체제(Mac OS)이면, 하드웨어 일련번호를 포함하는 환경 정보를 조합하여 1차인증고유값을 산출하는 것을 특징으로 하는 접속 시도 기기 인증 방법.13. The method of claim 12, wherein the third step and the tenth step are performed by combining environmental information including a hardware serial number if the device is a computer and the operating system installed in the device is a Mac OS. And attempting to authenticate the connection attempt device.
  19. 제 12 항에 있어서, 상기 제3단계와 제10단계는 상기 기기가 모바일폰이면, 가입자식별번호(IMSI), 기기고유번호(IMEI)를 포함하는 환경 정보를 조합하여 1차인증고유값을 산출하는 것을 특징으로 하는 접속 시도 기기 인증 방법.The method of claim 12, wherein the third step and the tenth step, when the device is a mobile phone, calculates a first authentication unique value by combining environmental information including a subscriber identification number (IMSI) and a device unique number (IMEI). Connection attempt device authentication method characterized in that.
  20. 사용자인증서버와 접속된 기기에 접속 시도 기기 인증 방법을 실행하기 위한 컴퓨터로 읽을 수 있는 기록매체에 있어서,In a computer-readable recording medium for executing a device authentication method connected to a device connected to a user authentication server,
    상기 접속 시도 기기 인증 방법은, 상기 기기에 대한 접속 시도 기기 검증이 요청되면, 상기 접속 시도 기기 인증 시스템이 상기 접속 시도 기기의 기기 종류 및 운영체제를 파악하는 제1단계와,The connection attempt device authentication method may include: a first step of identifying, by the connection attempt device authentication system, a device type and an operating system of the connection attempt device when a request for verification of a connection attempt device for the device is requested;
    상기 접속 시도 기기 인증 시스템이 상기 접속 시도 기기의 기기 종류 및 운영체제별로 수집 가능한 하드웨어와 소프트웨어 환경 정보 중 적어도 둘 이상의 환경 정보를 수집하는 제2단계와,A second step of collecting, by the connection attempt device authentication system, at least two or more pieces of environment information among hardware and software environment information that can be collected for each device type and operating system of the connection attempt device;
    상기 접속 시도 기기 인증 시스템이 상기 접속 시도 기기로부터 적어도 둘 이상의 환경 정보를 조합하여 검증용 1차인증고유값을 산출하는 제3단계와,A third step of the connection attempt device authentication system combining at least two or more environmental information from the connection attempt device to calculate a primary authentication unique value for verification;
    상기 접속 시도 기기 인증 시스템이 상기 검증용 1차 인증고유값과 상기 접속 시도 기기의 저장부에 저장된 등록용 1차인증고유값을 비교하는 제4단계와,A fourth step of the connection attempt device authentication system comparing the primary authentication unique value for verification and the registration primary authentication unique value stored in a storage unit of the connection attempt device;
    상기 제4단계의 비교결과 상기 검증용 1차인증고유값과 상기 등록용 1차인증고유값이 동일하면, 상기 접속 시도 기기 인증 시스템이 검증용 1차인증고유값을 상기 사용자인증서버에게 전송하는 제5단계와,If the verification first authentication unique value and the registration first authentication unique value are the same as the result of the comparison in the fourth step, the connection attempting device authentication system transmits the verification first authentication unique value to the user authentication server. The fifth step,
    상기 접속 시도 기기 인증 시스템이 상기 제5단계 후 상기 사용자인증서버로부터의 인증이 성공되면 상기 접속 시도 기기에 온라인 서비스가 제공되도록 하는 제6단계와,A sixth step of allowing the connection attempting device authentication system to provide an online service to the connection attempting device if authentication from the user authentication server is successful after the fifth step;
    상기 접속 시도 기기 인증 시스템이 상기 제4단계의 비교결과 상기 검증용 1차인증고유값과 상기 등록용 1차인증고유값이 동일하지 않거나, 상기 제5단계 후 상기 사용자인증서버로부터의 인증이 실패되면, 상기 접속 시도 기기에 온라인 서비스가 차단되도록 하는 제7단계를 포함한 것을 특징으로 하는 컴퓨터로 읽을 수 있는 기록매체.When the connection attempt device authentication system compares the fourth step with the verification first authentication unique value and the registration first authentication unique value, the authentication from the user authentication server fails after the fifth step. And a seventh step of blocking the on-line service to the access attempting device.
  21. 제 20 항에 있어서, 상기 제1단계 전 상기 기기에 대한 등록 기기 등록이 요청되면, 상기 접속 시도 기기 인증 시스템이 상기 등록 기기의 기기 종류 및 운영체제를 파악하는 제8단계와,The method of claim 20, further comprising: an eighth step of, when the registration device registration request for the device is requested before the first step, the connection attempt device authentication system to identify a device type and an operating system of the registered device;
    상기 접속 시도 기기 인증 시스템이 상기 등록 기기의 운영체제별로 수집 가능한 하드웨어와 소프트웨어 환경 정보 중 적어도 둘 이상의 환경 정보를 수집하는 제9단계와,A ninth step of the access attempting device authentication system collecting at least two or more pieces of environment information among hardware and software environment information that can be collected for each operating system of the registered device;
    상기 접속 시도 기기 인증 시스템이 상기 등록 기기의 기기 종류 및 운영체제에 따라 수집된 적어도 둘 이상의 환경 정보를 조합하여 상기 등록용 1차인증고유값을 산출하는 제10단계와,A tenth step in which the connection attempt device authentication system combines at least two or more pieces of environmental information collected according to a device type and an operating system of the registered device to calculate the first authentication unique value for registration;
    상기 접속 시도 기기 인증 시스템이 상기 등록용 1차 인증고유값을 상기 저장부에 저장하는 제11단계와,An eleventh step of storing, by the connection attempting device authentication system, the first authentication unique value for registration in the storage unit;
    상기 접속 시도 기기 인증 시스템이 상기 등록용 1차인증고유값을 상기 사용자인증서버에게 전송하는 제12단계를 더 포함한 것을 특징으로 하는 컴퓨터로 읽을 수 있는 기록매체.And a twelfth step of transmitting, by the access attempting device authentication system, the unique primary authentication unique value for registration to the user authentication server.
  22. 제 21 항에 있어서, 상기 제10단계는 상기 등록용 1차인증고유값이 상기 저장부에 파일로 생성되는 생성 시간을 더 조합하여 상기 등록용 1차인증고유값을 산출하고 상기 제11단계는 상기 저장부에 상기 생성 시간을 기록하며, 상기 제3단계는 상기 저장부에 기록된 상기 생성 시간을 더 조합하여 상기 검증용 1차인증고유값을 산출하는 것을 특징으로 하는 컴퓨터로 읽을 수 있는 기록매체.The method of claim 21, wherein the tenth step further calculates the first authentication unique value for registration by further combining a generation time at which the first authentication unique value for registration is generated as a file in the storage unit. The generation time is recorded in the storage unit, and the third step further combines the generation time recorded in the storage unit to calculate the primary authentication unique value for verification. media.
  23. 제 20 항에 있어서, 상기 제5단계는, 상기 제4단계의 비교결과 상기 검증용 1차인증고유값과 상기 등록용 1차인증고유값이 동일하면, 상기 접속 시도 기기 인증 시스템이 검증용 2차인증고유값을 산출하고, 상기 검증용 1차인증고유값 대신 상기 검증용 2차인증고유값을 상기 사용자인증서버에게 전송하는 것을 특징으로 하는 컴퓨터로 읽을 수 있는 기록매체.21. The method of claim 20, wherein in the fifth step, if the verification first authentication unique value and the registration first authentication unique value are the same as the result of the comparison in the fourth step, the connection attempting device authentication system performs verification 2. And calculating a second authentication unique value and transmitting the second authentication unique value for verification to the user authentication server instead of the first authentication unique value for verification.
  24. 제 21 항에 있어서, 상기 제12단계는, 상기 접속 시도 기기 인증 시스템이 등록용 2차인증고유값을 산출하여 상기 등록용 1차인증고유값 대신 상기 등록용 2차인증고유값을 상기 사용자인증서버에게 전송하는 것을 특징으로 하는 컴퓨터로 읽을 수 있는 기록매체.22. The method of claim 21, wherein in the twelfth step, the connection attempting device authentication system calculates a second authentication unique value for registration so that the second authentication unique value for registration is used instead of the first authentication unique value for registration. Computer-readable recording medium, characterized in that for transmitting to the server.
PCT/KR2012/004388 2011-06-07 2012-06-04 Authentication system and method for device attempting connection WO2012169752A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020137028306A KR101583698B1 (en) 2011-06-07 2012-06-04 Authentication system and method for device attempting connection

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR20110054433 2011-06-07
KR10-2011-0054433 2011-06-07

Publications (2)

Publication Number Publication Date
WO2012169752A2 true WO2012169752A2 (en) 2012-12-13
WO2012169752A3 WO2012169752A3 (en) 2013-03-28

Family

ID=47296568

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2012/004388 WO2012169752A2 (en) 2011-06-07 2012-06-04 Authentication system and method for device attempting connection

Country Status (2)

Country Link
KR (1) KR101583698B1 (en)
WO (1) WO2012169752A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113839973A (en) * 2020-06-23 2021-12-24 炬芯科技股份有限公司 Communication connection method, device, equipment and storage medium

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160114437A (en) * 2015-03-24 2016-10-05 아주대학교산학협력단 System for performing authentication using mac address and method thereof
KR101618692B1 (en) * 2016-01-06 2016-05-09 주식회사 센스톤 User authentication method for security enhancement
KR101746102B1 (en) * 2016-04-28 2017-06-13 주식회사 센스톤 User authentication method for integrity and security enhancement

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004505383A (en) * 2000-08-01 2004-02-19 ヒアユーアー コミュニケーションズ,インコーポレイテッド System for distributed network authentication and access control
KR20060003319A (en) * 2003-04-21 2006-01-10 소니 가부시끼 가이샤 Device authentication system
JP2006099415A (en) * 2004-09-29 2006-04-13 Sanyo Electric Co Ltd Content distribution system, content distribution method, equipment authentication server and method for controlling equipment authentication server
JP3767561B2 (en) * 2002-09-02 2006-04-19 ソニー株式会社 Device authentication device, device authentication method, information processing device, information processing method, and computer program

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090022493A (en) * 2007-08-30 2009-03-04 박동국 Device authenticating apparatus, method and computer readable record-medium on which program for executing method thereof
KR100899638B1 (en) 2008-12-12 2009-05-27 (주)이바이언 Method for providing service using device identity information, system thereof and computer-readable medium recoded the program for executing the method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004505383A (en) * 2000-08-01 2004-02-19 ヒアユーアー コミュニケーションズ,インコーポレイテッド System for distributed network authentication and access control
JP3767561B2 (en) * 2002-09-02 2006-04-19 ソニー株式会社 Device authentication device, device authentication method, information processing device, information processing method, and computer program
KR20060003319A (en) * 2003-04-21 2006-01-10 소니 가부시끼 가이샤 Device authentication system
JP2006099415A (en) * 2004-09-29 2006-04-13 Sanyo Electric Co Ltd Content distribution system, content distribution method, equipment authentication server and method for controlling equipment authentication server

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113839973A (en) * 2020-06-23 2021-12-24 炬芯科技股份有限公司 Communication connection method, device, equipment and storage medium
CN113839973B (en) * 2020-06-23 2024-04-12 炬芯科技股份有限公司 Communication connection method, device, equipment and storage medium

Also Published As

Publication number Publication date
KR101583698B1 (en) 2016-01-08
KR20140043071A (en) 2014-04-08
WO2012169752A3 (en) 2013-03-28

Similar Documents

Publication Publication Date Title
WO2011062364A2 (en) User authentication system, user authentication apparatus, smart card, and user authentication method for ubiquitous authentication management
CN100568212C (en) Shielding system and partition method
WO2013176491A1 (en) Method for authenticating web service user
WO2012144849A2 (en) Access authentication method for multiple devices and platforms
CN107113613B (en) Server, mobile terminal, network real-name authentication system and method
WO2017057899A1 (en) Integrated authentication system for authentication using single-use random numbers
WO2019177298A1 (en) Method and apparatus for managing user authentication in a blockchain network
WO2015069018A1 (en) System for secure login, and method and apparatus for same
WO2009037700A2 (en) Remote computer access authentication using a mobile device
WO2018216988A1 (en) Security authentication system and security authentication method for creating security key by combining authentication factors of multiple users
WO2017217808A1 (en) Mobile authentication method and system therefor
WO2021137396A1 (en) Zero-knowledge proof-based certificate service method using blockchain network, certification support server using same, and user terminal using same
WO2018026109A1 (en) Method, server and computer-readable recording medium for deciding on gate access permission by means of network
WO2018169150A1 (en) Locked screen-based user authentication system and method
WO2018128237A1 (en) Identity authentication system and user equipment utilizing user usage pattern analysis
WO2012169752A2 (en) Authentication system and method for device attempting connection
WO2022045419A1 (en) Blockchain-network-based driver license authentication service method using decentralized id, and user terminal for performing driver license authentication service
WO2018040760A1 (en) Server, terminal, and verification method for authorization code thereof
WO2017086757A1 (en) Method and device for controlling security of target device using secure tunnel
CN111586021A (en) Remote office business authorization method, terminal and system
WO2014061897A1 (en) Method for implementing login confirmation and authorization service using mobile user terminal
WO2012074275A2 (en) User authentication apparatus for internet security, user authentication method for internet security, and recorded medium recording same
US9461991B2 (en) Virtual smartcard authentication
WO2010068057A1 (en) Apparatus for managing identity data and method thereof
WO2021206289A1 (en) User authentication method, device and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12796042

Country of ref document: EP

Kind code of ref document: A2

ENP Entry into the national phase in:

Ref document number: 20137028306

Country of ref document: KR

Kind code of ref document: A

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12796042

Country of ref document: EP

Kind code of ref document: A2