WO2013112012A1 - Method for operating image password - Google Patents

Method for operating image password Download PDF

Info

Publication number
WO2013112012A1
WO2013112012A1 PCT/KR2013/000646 KR2013000646W WO2013112012A1 WO 2013112012 A1 WO2013112012 A1 WO 2013112012A1 KR 2013000646 W KR2013000646 W KR 2013000646W WO 2013112012 A1 WO2013112012 A1 WO 2013112012A1
Authority
WO
WIPO (PCT)
Prior art keywords
probability
image
present
password
mode
Prior art date
Application number
PCT/KR2013/000646
Other languages
French (fr)
Korean (ko)
Inventor
황재엽
양기호
Original Assignee
주식회사 로웸
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 로웸 filed Critical 주식회사 로웸
Publication of WO2013112012A1 publication Critical patent/WO2013112012A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/02Input arrangements using manually operated switches, e.g. using keyboards or dials

Definitions

  • the present invention relates to an image password.
  • Image passwords that are prevented from being peeped usually have weaknesses in terms of their random pass probability, otherwise they can only be limited to images that can be presented on one screen, and the number of images to be selected for one authentication. There is only a limited amount of weaknesses in probability anyway.
  • the present invention seeks to make the probability of passing even more difficult when random input is attempted to increase the security of such peeking-protected image passwords.
  • the password applied to the present invention uses a password which is difficult for an attacker to know even if it is sneak like the ones cited in the background technology of the invention, and in the normal mode, which is a condition for switching from the normal mode to the defense mode.
  • the number of consecutive failures is set in advance by the user in advance or beforehand, and when the number of consecutive failures is changed to the defense mode, the defense mode is maintained until two successive times are reached.
  • image passwords that are prevented from being peeped are also very effective in terms of probability.
  • 1 is an example of an image password in which peeking is prevented.
  • 1 is an example of an image password in which peeking is prevented.
  • the actual secret icon and the pressing icon is different, so that the peeker does not know which icon to select. This is because only you know which direction of the icon you are actually pressing is the actual secret icon.
  • the probability of selecting the first secret icon out of 25 according to the rule is 25. It is one-half, and the probability of selecting the second secret icon is one of the 24 icons except the first icon, so it is one-fourth.
  • the probability of selecting the third secret icon in the same way is the one-third and the fourth secret icon.
  • the probability of picking out is 1/22.
  • the final probability in this case is 1 / 12,144 times 25.
  • each image has a characteristic that it is very difficult to try the total number of cases sequentially because the images are not set in any order like numbers.
  • the attacker does not try to count all the cases, but simply presses randomly every time without any rules.
  • the present invention applies this principle.
  • the image password according to the present invention fails continuously in the normal mode, the image password is switched to the defense mode from when the number of failures exceeds a predetermined number of times.
  • the predetermined number of consecutive failures is set by the user in the option menu in advance or by default.
  • the system switches to the defense mode providing the fourth time.
  • the user is guided to pass one more time as in the example of the drawing.
  • the system does not inform the user of the result of the last successful attempt. You can tell them to keep trying again until they succeed two times in a row.
  • image passwords that are prevented from being peeped are also very effective in terms of probability.

Abstract

The present invention relates to an image password. Image passwords which have been prevented from unauthorized viewing have the attribute of becoming weak in terms of the probability of being able to arbitrarily bypass them. Even when such is not the case, an image presented on one screen is inevitably limited. Also, the number of images to be selected in a single authentication is inevitably limited, resulting in becoming weak in terms of probability. In the present invention, in order to raise the security of image passwords which have been prevented from unauthorized viewing, the present invention allows the bypassing probability to be very low and difficult to do when an arbitrary input is attempted. The present invention uses a password which is difficult for an attacker to know, even when unauthorized viewing has occurred as cited in the background of the invention. The number of continuous failures in normal mode, which is a condition by which the normal mode is changed to defense mode, is predetermined by the user or preset by default. When normal mode is changed to defense mode at the time when the number of failures exceeds the number of continuous failures, defense mode is maintained until the number of continuous successes becomes two. The present invention has the effect of allowing the image passwords which have been prevented from unauthorized viewing to be very strong in terms of probability.

Description

이미지 패스워드 운용 방법How to use image password
본 발명은 이미지 패스워드에 관한 것이다.The present invention relates to an image password.
[문헌 1] 대한민국특허출원 10-2004-0068356 "안전인증 방법"[Document 1] Republic of Korea Patent Application 10-2004-0068356 "Safety Certification Method"
[문헌 2] 대한민국특허출원 10-2011-0009541 "비밀번호 키의 이동값을 이용하는 비밀번호 안전 입력 시스템 및 그 비밀번호 안전 입력 방법"[Patent 2] Republic of Korea Patent Application 10-2011-0009541 "Password safe input system and the password safe input method using a password key shift value"
훔쳐보기가 방지된 이미지 패스워드들은 일반적으로 그 무작위통과확률면에서 약하게 되는 속성이 있고, 그렇지 않다 하더라도 한 화면에서 제시할 수 있는 이미지는 한정될 수밖에 없고 또한, 한 번의 인증에 선택하게 할 이미지의 수도 한정적일 수밖에 없어 어쨌든 확률면에서 약하게 되는 약점이 있다.Image passwords that are prevented from being peeped usually have weaknesses in terms of their random pass probability, otherwise they can only be limited to images that can be presented on one screen, and the number of images to be selected for one authentication. There is only a limited amount of weaknesses in probability anyway.
본 발명은 이러한 훔쳐보기가 방지된 이미지 패스워드들의 안전도를 높이기 위하여 무작위로 입력을 시도했을 때 그 통과할 확률을 훨씬 더 어렵도록 하고자 한다.The present invention seeks to make the probability of passing even more difficult when random input is attempted to increase the security of such peeking-protected image passwords.
본 발명에 적용되는 패스워드는 발명의 배경이 되는 기술에 인용되어 있는 것들과 같이 훔쳐보기를 해도 공격자가 그것을 알기 어려운 방식인 패스워드를 사용하고, 정상모드에서 방어모드로 전환되는 조건인 정상모드에서의 연속실패회수는 사용자가 미리 정하거나 그 전부터 미리 디폴트로 설정되어 있고, 상기 연속실패회수를 초과하는 때부터 방어모드로 전환되면, 연속성공회수가 2회가 될 때까지 방어모드가 계속 유지되도록 한다.The password applied to the present invention uses a password which is difficult for an attacker to know even if it is sneak like the ones cited in the background technology of the invention, and in the normal mode, which is a condition for switching from the normal mode to the defense mode. The number of consecutive failures is set in advance by the user in advance or beforehand, and when the number of consecutive failures is changed to the defense mode, the defense mode is maintained until two successive times are reached.
본 발명을 이용하면 훔쳐보기가 방지된 이미지 패스워드들도 확률면에서 대단히 강하게 되는 효과가 있다.By using the present invention, image passwords that are prevented from being peeped are also very effective in terms of probability.
도 1은 훔쳐보기가 방지된 이미지 패스워드의 예이다.1 is an example of an image password in which peeking is prevented.
도 2는 본 발명에 의해 방어모드가 작동된 예이다.2 is an example in which the defense mode is operated according to the present invention.
도 1은 훔쳐보기가 방지된 이미지 패스워드의 예이다.1 is an example of an image password in which peeking is prevented.
이것은 발명의 배경이 되는 기술의 문헌 2의 방식에 의한 것이다.This is based on the method of Document 2 of the technology which is the background of the invention.
도면에 보이는 바와 같이, 실제 비밀아이콘과 누르는 아이콘이 다르게 되어 있어, 훔쳐보는 사람은 어떤 아이콘을 선택하는지 알 수 없도록 되어 있다. 실제 누르는 아이콘의 어느 방향으로 떨어져 있는 아이콘이 실제 비밀아이콘인지는 본인만이 알기 때문이다.As shown in the figure, the actual secret icon and the pressing icon is different, so that the peeker does not know which icon to select. This is because only you know which direction of the icon you are actually pressing is the actual secret icon.
문헌 2의 방식은 선택해야 할 아이콘들을 누를 때 의도적으로 그와 떨어진 아이콘을 누르되, 첫번째 아이콘을 입력할 때 결정된 그 비밀아이콘과의 상대위치를 계속 유지하면서 누르는 방식이다. 예를 들어, 도면과 같이, 왼쪽으로 한 칸 떨어진 아이콘을 눌렀다면 나머지 비밀아이콘들도 모두 왼쪽으로 한 칸 떨어진 아이콘을 누르면 되는 것이다. 물론 아이콘들은 같은 방향으로 계속 로테이션되는 것으로 하여, 비밀아이콘이 맨 왼쪽에 있는 경우에는 맨 오른쪽 아이콘을 누르면 된다.In the method of Document 2, when the icons to be selected are pressed, they are intentionally pressed away from the icon, but are pressed while maintaining the relative position with the secret icon determined when the first icon is input. For example, as shown in the figure, if you press an icon one space to the left, all the remaining secret icons will be pressed an icon one space to the left. Of course, the icons will continue to rotate in the same direction, so if the secret icon is on the far left, press the rightmost icon.
이런 패스워드 방식에서 그것을 무작위로 입력하여 통과될 확률을 계산해보기로 하자. 만약 도면의 예처럼 25개의 아이콘 중에 비밀아이콘이 4개가 설정된 경우라고 한다면, 자신이 정한 규칙(어느 방향으로 얼만큼 떨어뜨려 입력할지의 규칙)에 맞게 첫번째 비밀아이콘을 25개 중에서 골라낼 확률은 25분의 1이고, 두번째 비밀아이콘을 골라낼 확률은 첫번째 아이콘을 제외한 24개의 아이콘 중에서 고르는 것이므로 24분의 1이고, 같은 방법으로 3번째 비밀아이콘을 골라낼 확률은 23분의 1, 4번째 비밀아이콘을 골라낼 확률은 22분의 1인데, 이 방식은 실제 비밀아이콘을 선택하지 않아도 그 상대좌표값이 동일한 조합은 모두 25쌍이 존재하게 되므로 그 25쌍이 모두 옳은 입력을 한 것으로 처리되는 방식이다. 따라서, 이 경우의 최종 확률은 25를 곱한 12,144분의 1이다.In this password method, let's enter it randomly and calculate the probability of passing. If four secret icons are set among 25 icons as shown in the example in the figure, the probability of selecting the first secret icon out of 25 according to the rule (the direction of how far down to enter) is 25. It is one-half, and the probability of selecting the second secret icon is one of the 24 icons except the first icon, so it is one-fourth. The probability of selecting the third secret icon in the same way is the one-third and the fourth secret icon. The probability of picking out is 1/22. In this method, since 25 pairs of all the combinations of the same relative coordinate values exist even if a real secret icon is not selected, all 25 pairs are treated as correct inputs. Therefore, the final probability in this case is 1 / 12,144 times 25.
그런데 이 12,144분의 1이라는 확률은 가장 약한 비밀번호 방식인 숫자 4자리 비밀번호의 확률 10,000분의 1과 거의 같은 정도밖에 아닌 것이다.However, this probability of 12,144 is only about the same as that of the 10,000th probability of the weakest password, a four-digit password.
그런데 이런 숫자비밀번호는 2번 연속으로 입력하라고 해도 같은 숫자를 계속 두 번씩 입력해보면 되므로 총 경우의 수를 모두 끝내는 시간만 딱 두 배로 더 들 뿐 그 확률이 강력해진 것은 아닌 것이다.By the way, even if you enter the same number twice, even if you enter the same number twice, so it only takes twice as much time to finish the total number of cases, the probability is not stronger.
그런데, 이런 훔쳐보기가 방지된 이미지 패스워드의 경우는 각 이미지들이 숫자처럼 어떤 순번이 정해진 것도 아니고, 매번 셔플을 하기 때문에 공격자가 순차적으로 총 경우의 수를 모두 해보기가 매우 어렵다는 특성이 있다. 따라서, 이런 패스워드의 경우에는 공격자가 모든 경우의 수를 해보는 게 아니라, 그냥 매번 아무런 규칙 없이 무작위로 눌러보게 되는 수밖에 없는 것이다.However, in the case of the image password which is prevented from being peeped, each image has a characteristic that it is very difficult to try the total number of cases sequentially because the images are not set in any order like numbers. Thus, in such a case, the attacker does not try to count all the cases, but simply presses randomly every time without any rules.
그런데, 그러다 우연히 맞았다고 해도, 이 공격자는 자신이 어떤 비밀아이콘을 선택해서 맞았는지 알 수가 없다. 심지어 방금 누른 그 아이콘들을 그대로 다시 누른다 해도 이미 다시 셔플되어 제시된 아이콘세트에서는 그 결과가 다를 수밖에 없는 것이다. 따라서, 두 번 연속으로 맞혀야 하는 규칙이라면 공격자로서는 한 번 우연히 맞추었다고 하더라도 두 번째 역시 똑같은 확률로 맞출 수밖에 없는 것이다.However, even if it was accidentally hit, the attacker would not know which secret icon he chose. Even if you press the icon you just pressed again, the result is different in the icon set already shuffled. Thus, if the rule is to be hit twice in a row, the attacker will have to hit the same probability twice, even if he happens to hit it once.
이런 규칙 하에 앞서 확률계산을 했던 그 패스워드를 두 번 연속 통과할 확률을 다시 계산해 보면, 12,144분의 1에 다시 12,144분의 1을 곱한 확률, 즉, 147,476,736분의 1, 거의 1억 5천만 분의 1이라는 아주 강력한 확률이 나오는 것이다.If we recalculate the probability of passing two consecutive consecutive passwords under this rule, the probability of multiplying 12,144 by 12/144 is equal to 147,476,736 / 1, or nearly 150 million A very strong probability of 1 comes out.
본 발명은 바로 이런 원리를 적용한 것이다.The present invention applies this principle.
도 2는 본 발명에 의해 방어모드가 작동된 예이다.2 is an example in which the defense mode is operated according to the present invention.
본 발명에 의한 이미지 패스워드는, 정상모드에서 연속하여 실패를 하는 경우, 그 실패회수가 미리 정하여진 회수를 초과하는 때로부터 방어모드로 전환된다. 미리 정하여진 연속실패회수는 사용자가 옵션메뉴에서 미리 정하거나 그 전부터 디폴트로 정해져 있게 된다.When the image password according to the present invention fails continuously in the normal mode, the image password is switched to the defense mode from when the number of failures exceeds a predetermined number of times. The predetermined number of consecutive failures is set by the user in the option menu in advance or by default.
예를 들어, 그 회수를 3회로 정했다고 하면, 공격자가 연속하여 3회를 실패하면 시스템은 4회째를 제공하면서 방어모드로 전환된다.For example, if the number of times is set as three times, if the attacker fails three times in a row, the system switches to the defense mode providing the fourth time.
방어모드로 전환되면 시스템은 사용자(공격자)에게 지금부터 방어모드라는 것을 적절한 방법으로 알려주는 것이 바람직하다. 예를 들어, '3회 연속하여 실패했으므로 지금부터 연속하여 2회를 성공해야 합니다.'라는 문구를 화면에 표시하여 안내할 수 있다.Once in the defensive mode, it is desirable for the system to inform the user (the attacker) that the defensive mode is from now on. For example, you can display the message "You have failed three times in a row and have to succeed two times in a row."
이후, 사용자가 한 번 더 시도를 마치면 도면의 예처럼 한 번 더 통과하라는 안내를 한다. 이때, 시스템은 이 직전에 마친 시도의 결과가 성공인지 실패인지 그 결과를 사용자에게 알려주지 않는 것이 바람직하다. 2번 연속 성공할 때까지 계속 한 번 더 시도하라는 안내를 내주면 되는 것이다.Thereafter, when the user completes one more attempt, the user is guided to pass one more time as in the example of the drawing. At this time, it is preferable that the system does not inform the user of the result of the last successful attempt. You can tell them to keep trying again until they succeed two times in a row.
사용자가 2번 연속 성공시키면 방어모드를 해제하고 잠금을 해제하면 된다.If the user succeeds two times in succession, the defense mode is released and the lock is released.
본 발명을 이용하면 훔쳐보기가 방지된 이미지 패스워드들도 확률면에서 대단히 강하게 되는 효과가 있다.By using the present invention, image passwords that are prevented from being peeped are also very effective in terms of probability.
있음has exist

Claims (2)

  1. 이미지 패스워드를 운용하는 방법에 있어서,In the method of operating an image password,
    상기 이미지 패스워드의 입력수단은, 매번 달라지는 배열을 갖고, 사용자의 설정값을 모르는 타인은 사용자가 입력하는 값이 어떤 값인지 육안으로는 확인할 수 없는 종류의 패스워드입력수단으로 되어 있고,The input means of the image password has a different arrangement every time, and the other person who does not know the user's setting value is a kind of password input means which the user cannot visually check what value the user inputs.
    정해진 회수 이상을 실패하는 경우 방어모드로 전환되는 것을 특징으로 하는 이미지 패스워드 운용 방법.The method of operating the image password, characterized in that to switch to the defense mode if a predetermined number of times fails.
  2. 제 1항에 있어서,The method of claim 1,
    상기 방어모드는 2번 이상 연속 통과해야 하는 것을 특징으로 하는 이미지 패스워드 운용 방법.Image defense method characterized in that the defense mode must pass two or more times in succession.
PCT/KR2013/000646 2012-01-25 2013-01-25 Method for operating image password WO2013112012A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020120007131A KR20130086406A (en) 2012-01-25 2012-01-25 Method for operation of image password
KR10-2012-0007131 2012-01-25

Publications (1)

Publication Number Publication Date
WO2013112012A1 true WO2013112012A1 (en) 2013-08-01

Family

ID=48873688

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2013/000646 WO2013112012A1 (en) 2012-01-25 2013-01-25 Method for operating image password

Country Status (2)

Country Link
KR (1) KR20130086406A (en)
WO (1) WO2013112012A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100594443B1 (en) * 2004-06-17 2006-06-30 엘지전자 주식회사 Password inputting method with safety
KR20080011363A (en) * 2007-10-23 2008-02-04 (주)민인포 User authentication method of having used graphic otp and user authentication system using the same
KR100985862B1 (en) * 2010-05-26 2010-10-08 주식회사 라일락 Security method using image
EP2254071A1 (en) * 2009-05-20 2010-11-24 Thomson Licensing Semantic graphical password system
EP2386974A1 (en) * 2010-05-11 2011-11-16 Thomson Licensing A method and a device for generating a secret value

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100594443B1 (en) * 2004-06-17 2006-06-30 엘지전자 주식회사 Password inputting method with safety
KR20080011363A (en) * 2007-10-23 2008-02-04 (주)민인포 User authentication method of having used graphic otp and user authentication system using the same
EP2254071A1 (en) * 2009-05-20 2010-11-24 Thomson Licensing Semantic graphical password system
EP2386974A1 (en) * 2010-05-11 2011-11-16 Thomson Licensing A method and a device for generating a secret value
KR100985862B1 (en) * 2010-05-26 2010-10-08 주식회사 라일락 Security method using image

Also Published As

Publication number Publication date
KR20130086406A (en) 2013-08-02

Similar Documents

Publication Publication Date Title
CN104620249B (en) Password validation system and the method for password authentication verified using continuous cipher
US8375428B2 (en) Password input system using alphanumeric matrices and password input method using the same
Kwon et al. Analysis and improvement of a pin-entry method resilient to shoulder-surfing and recording attacks
US20120110663A1 (en) Apparatus and method for inputting user password
US8301897B2 (en) Challenge-based authentication protocol
US20090300732A1 (en) Method and apparatus of otp based on challenge/response
JP2005535990A (en) Method and system for processing passwords entered by cell matching
US20110004769A1 (en) Password input system using an alphanumeric matrix and password input method using the same
EP2667319B1 (en) Computer implemented security system and method
Wakabayashi et al. Personal authentication method against shoulder-surfing attacks for smartphone
WO2013112012A1 (en) Method for operating image password
Kita et al. Proposal and its evaluation of a shoulder-surfing attack resistant authentication method: Secret tap with double shift
KR101228809B1 (en) Method and device for inputting password and recording medium for the same
CN104966014B (en) The encryption method and encryption device of terminal, the decryption method of terminal and decryption device
KR102000279B1 (en) Method and apparatus for authentication using circulation secure keypad and overlapping image
Ali et al. Developing and evaluating a gestural and tactile mobile interface to support user authentication
Schroeder et al. Embedded counterfactuals and World War I as an unavoidable war
Al-Husainy et al. A smooth textual password authentication scheme against shoulder surfing attack
Kasat et al. Study and analysis of shoulder-surfing methods
JP5103568B2 (en) Personal authentication device
Anand et al. Security analysis and implementation of 3-level security system using image based authentication
Hirakawa et al. A new numerical password authentication method
Joy et al. Secure authentication
KR101969838B1 (en) Method and apparatus for authenication using dial virtual keypad
Lee et al. Secure and fast PIN-entry method for 3D display

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13740606

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13740606

Country of ref document: EP

Kind code of ref document: A1