WO2014021668A1 - 패스워드의 사용자 장기 기억을 이용하는 분실 패스워드 처리 시스템 및 분실 패스워드 처리 방법 - Google Patents
패스워드의 사용자 장기 기억을 이용하는 분실 패스워드 처리 시스템 및 분실 패스워드 처리 방법 Download PDFInfo
- Publication number
- WO2014021668A1 WO2014021668A1 PCT/KR2013/006964 KR2013006964W WO2014021668A1 WO 2014021668 A1 WO2014021668 A1 WO 2014021668A1 KR 2013006964 W KR2013006964 W KR 2013006964W WO 2014021668 A1 WO2014021668 A1 WO 2014021668A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- password
- long
- lost
- term storage
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/40—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2131—Lost password, e.g. recovery of lost or forgotten passwords
Definitions
- the present invention relates to lost password processing, and more particularly, to a lost password processing system and a lost password processing method for providing a process of releasing a lost password depending on whether the user has stored the password for a long time.
- the user terminal uses a password method as one of methods for authenticating a legitimate user.
- a user whose password authentication succeeds in the user terminal can operate the user terminal, and the user whose authentication has failed is restricted in the operation of the user terminal.
- the user receives the user's identity confirmation using the user terminal or another terminal according to the guidance of the user terminal, and if it is confirmed that the user is provided with a preset password or sets a new password in the user terminal.
- the failure of the password input by the user in succession means that the user has forgotten the password without remembering the password.
- the set password is stored in short-term memory and then converted into long-term memory over time. While the password is stored in short-term memory, the user is not likely to forget the password and is more likely to be lost. In the long-term memory, it is relatively less likely to be lost.
- the third party succeeds in verifying the user's identity on behalf of the user by using the personal information of the user, and then easily authenticates the primary password.
- the present invention has been created under the recognition of the prior art as described above, and a lost password processing system for judging whether a user who has lost a password has a long-term memory of the password, and differently providing a process for releasing the lost password according to the determination result;
- An object of the present invention is to provide a lost password processing method.
- the long-term storage condition registration unit for receiving a long-term storage condition is determined whether the user has stored the password long-term;
- a long-term storage condition determination unit that judges whether or not the long-term storage condition of the user is present at every authentication processing of the password; After it is determined that the lost password is generated due to the authentication failure of the password, if it is determined that the user is not in the long-term memory, the authentication process is performed by the registered user identity verification method when setting the password.
- a user identification unit that authenticates the user by a verification method that has an enhanced authentication process than the verification method;
- a user terminal including a lost state canceling unit for releasing a lost password generation state in the user terminal when the user identity verification is successful.
- the long-term storage condition includes at least one of a reference success time in which a time elapsed since the password is set and a reference success count in which authentication success is counted since the password is set.
- the user terminal the success time collecting unit for counting the elapsed time since the password is set; And a success count collecting unit for counting the number of successful authentications since the password is set.
- the user terminal further includes a long-term storage switching unit that informs the user that the condition is satisfied every time the set password satisfies the long-term storage condition for the first time, and agrees that the satisfaction of the condition is registered.
- the long term memory switching unit initializes counting information included in the long term memory condition when the consent is rejected by the user.
- the user terminal if it is determined that the long-term storage condition is not satisfied, the user terminal skips the process of the user identity and outputs a new password setting screen.
- the user terminal if it is determined that the long-term storage condition is satisfied, the user terminal cannot provide the processing of the user identification and instead outputs a guide requesting the user to visit the authentication center on the screen. do.
- the user terminal may include a password mode for requesting a password input; A user identification mode for requesting user identification if the long term storage condition is unsatisfactory after the occurrence of the lost password is determined in the password mode; And if the long-term storage condition is satisfied, the mode state is switched to the lock mode which disallows user operation.
- the user terminal is registered with the user information of at least one second user to confirm whether the first user who has lost the password in preparation for a lost password is generated every time the password is set;
- the apparatus further includes an identity verification user unit, wherein the user identity verification unit authenticates the response in which the first user is the identity of the second user.
- the lost password processing system may be configured to receive an event of generating a lost password from the user terminal, connect an automatic answering call between a first user and a second user, and identify the first user by the connected call.
- the apparatus further includes a call connection server that receives an input response and authenticates the transmitted response.
- the call connection server requests a second response from the second user during the connection of the call, and receives a response from the second user that the second user has received from the first user.
- the call connection server connects an answering call with the first user to n (n> 1) second users and responds from the second users. If all n responses are successful, it is determined that the user identification is successful.
- the lost password processing method using the user long-term storage of the password in which the user terminal releases the state of the lost password, (a) the user long-term password A long-term memory condition registering step of registering a long-term memory condition judged to be stored; (b) a long-term storage condition determination step of determining the long-term storage condition at every authentication processing of the password inputted from the user; (c) If the password is not authenticated and a lost password is generated, and it is determined that the user is not in the long-term memory of the user, authentication is performed by a user identification method registered at the time of setting the password. A user identification step of authenticating a user identification method having an enhanced authentication process than a verification method; And (d) if the user identification is successful, the user terminal performs a lost state release step of releasing the generation state of the lost password.
- the second user uses the call of the first user and the second user by the second user.
- a third party's password theft is suspected, and each of the first user is identified on the telephone through a plurality of second users. To provide an extended user identification service.
- FIG. 1 is a schematic illustration of a service provided by a lost password processing system according to an embodiment of the present invention.
- FIGS. 2 and 3 are schematic internal structural diagrams of a user terminal according to an embodiment of the present invention.
- FIG. 4 is a schematic illustration of a user identification service provided by a call connection server according to an embodiment of the present invention.
- FIG. 5 is a schematic flowchart of an authentication process provided by a lost password processing method according to an embodiment of the present invention.
- FIG. 6 is a schematic flowchart of a process of processing the determination and release processing of a lost password in FIG. 5.
- FIG. 7 is a schematic flowchart of an enhanced identity verification service that processes the user identity stage in FIG. 6.
- FIG. 1 is a schematic illustration of a service provided by the lost password processing system 1 according to an embodiment of the present invention.
- the lost password processing system 1 receives a user's password and authenticates the input password. Here, if the user does not remember the password and enters a valid password into the system 1, the password becomes a lost password.
- the system 1 determines whether the user has stored the password for a long time since setting the password. The user remembers the password for a short time after setting the password, and then remembers it for a long time. Of course, in the long-term memory state, the user is relatively less likely to lose a password than the short-term memory state.
- the system 1 may provide a user identification service to the user, and if the user is confirmed by the service, the password may be released.
- the system 1 is in a short-term memory state because the user has lost the password even though it is very unlikely that the user has forgotten the password.
- identity verification services that are more difficult to authenticate than users. That is, the identity verification service in the long-term memory state should be a stronger identity verification service than the identity verification service in the short-term memory state.
- the identity verification service in the short-term memory state may be applied to a variety of identity verification means may be omitted. If it is omitted, in the short-term storage state, the loss of password occurs and the system 1 can guide the user to set the password.
- the lost password processing system 1 provides an enhanced identity verification means as one of various identity verification means of the identity verification service.
- the enhanced identity verification means corresponds to the enhanced identity verification service.
- the system 1 provides the identity verification service to the user who has forgotten the password. Will be confirmed.
- the identity verification service where the acquaintance of the user confirms the user is a stronger identity verification service than the known identity verification service in which the user authenticates himself.
- the identity verification service should be provided to the user in the long-term memory.
- the enhanced identity verification service provided to the user who remembers the password for a long time is referred to as an 'expanded identity verification service'.
- FIGS. 2 and 3 are schematic internal structural diagrams of a user terminal 2 according to an embodiment of the present invention.
- the lost password processing system 1 may include a user terminal 2.
- the user terminal corresponds to a computer terminal (eg, a desktop, a laptop), a smart terminal, a mobile terminal, and the like, and there is no particular limitation as long as the user terminal has a password setting, an input, and an authentication function.
- the user terminal 2 determines whether the user memorizes the password for a long time, performs the identity verification process according to the determination result, and if the identity verification is successful, the user terminal 2 provides a service for releasing the lost password. to provide.
- the user terminal 2 is a long-term storage condition registration unit 21 receives a condition for determining whether the user has a long-term storage password, the user satisfies the long-term storage conditions If the long-term storage condition determination unit 22 for determining whether the user, the user identification unit 23 that provides the service of the user identification in accordance with the long-term memory determination result of the user in the state that the lost password is generated And a lost state release unit 24 for releasing the lost state of the password.
- the long term storage condition register 21 registers the long term storage condition by setting of the service manager. Then, whenever the user sets a password, the set long term storage condition is informed to the user, and the long term storage condition is equally applied to all the users who set the password. Alternatively, the long term storage condition register 21 may register the long term storage condition from the user every time the user sets a password. If the user memorizes the password for a long time, the user and password satisfy the long term storage condition. And if the user does not remember the password long term (e.g. short term memory), the user and password are dissatisfied with the long term storage condition.
- the password long term e.g. short term memory
- the long-term storage condition includes at least one of the reference success time and the reference success number set by the administrator.
- the reference success time e.g., 2400 hours, 1 month, etc.
- the reference number of successes e.g, 100 times
- the reference number of successes is the number of successful authentications of the password accumulated until the user memorizes the password for a long time.
- the long-term storage condition determination unit 22 judges whether the long-term storage condition is satisfied whenever the authentication process is attempted by the user's password input.
- the long-term storage condition determination unit 22 determines that the user is satisfied with the long-term storage condition if the user successfully authenticates the password and the elapsed time of the successful authentication exceeds the reference success time. Similarly, the long-term storage condition determination unit 22 determines that the user is satisfied with the long-term storage condition if the user successfully authenticates the password and the number of successful authentications of the password exceeds the reference success number.
- the user identity verification unit 23 confirms that the user is correct by using the identity verification means set by the user according to the result of the determination of the user's long-term storage condition occurs.
- the user identity verification unit 23 may support various authentication processes, such as password authentication, question answer authentication, or authentication number SMS authentication, which is different from the lost password, and there is no particular limitation.
- the user can set in advance the identity verification means of the user in preparation for the generation of the lost password through the long term storage condition registration unit 21. Then, the user identity verification unit 23 can check the identity verification means set by the user to confirm whether or not the user.
- the processing of the user identification unit 23 is omitted.
- the user identification unit 23 may omit or provide a user identification service using the administrator default setting instead of the user setting.
- the lost state release unit 24 releases the lost state of the password when the user is identified as the user.
- the lost state release unit 24 may guide a user to set a new password by outputting a new password setting screen on the screen of the terminal 2. When the setting of the new password is completed, the lost state of the password is released. Alternatively, the lost state canceling unit 24 may output the lost password on the screen.
- the user terminal 2 may further include a success time collecting unit 221, a success count collecting unit 222, a long-term memory switching unit 223, and an identity verification user unit 211. Can be.
- the success time collecting unit 221 counts the time elapsed since the password is set as success time whenever authentication success occurs for the user's password. The success time counted in real time is compared with the reference success time to determine whether the user is satisfied with the long term memory condition.
- the success number collecting unit 221 counts the number of times the authentication is successful since the password is set whenever the authentication success occurs for the user's password as the number of successes. The number of successes counted in real time is compared with the reference number of successes to determine whether the user is satisfied with the long term memory condition.
- the user terminal 2 may be considered to restart the counting by initializing the success time or success times collected in real time. . Then, the user terminal 2 may determine that the user does not yet have enough time to memorize the password to provide sufficient time through the initialization.
- the long-term storage switching unit 223 When the long-term storage condition is satisfied after the predetermined password is set, the long-term storage switching unit 223 outputs the fact that the long-term storage condition is satisfied on the screen of the user terminal 2, and the password is sent to the user in a state of long-term storage. You can ask for consent to switch to The long term memory switching unit 223 may be omitted as an optional component. If it is omitted, the user is satisfied with the long-term storage condition and at the same time the satisfaction information of the condition is stored in the DB and the user is switched to the long-term storage state. In view of security of the user, the long-term memory switcher 223 may be omitted. However, in the user's convenience, the long-term memory switcher 223 is exceptionally difficult to release from the lost state in the long-term memory state. Providing may be considered.
- the user may hesitate to accept the consent because the procedure of user identification becomes difficult when the password is lost, and may reject the consent.
- a user who is not concerned about losing a password chooses to confirm the agreement.
- the long-term storage switching unit 223 registers the long-term storage state in the DB for the current password.
- the user terminal 2 can inquire whether the long-term storage state from the DB, there is no need to count the success time or the number of successes, It is not necessary to perform the judgment processing of the long term memory condition.
- the long-term memory switcher 223 may initialize the success time or the number of successes counted in real time to the user who rejected the consent for the convenience of the user. By the initialization, the short-term memory state of the user is extended.
- the identity verification user unit 211 is an enhanced identity verification means, and prepares the user information of at least one second user who will confirm the identity of the first user who has forgotten the password in case a lost password is generated every time the password is set. 1 Registered by user and saved in DB.
- the user identity verification unit 23 may use the information of the second user as a user identity verification means to confirm the response that the first user is answered by the second user.
- the user identification unit 23 automatically connects the call with the second user to the first user who has forgotten the password, and information on whether the first user is identified by the second user during the connection of the call. You can register. The second user directly confirms the voice of the first user through a call with the first user, and then responds with identity verification information that the first user is correct.
- the user identity verification unit 23 mediates a phone call, so that the telephone call information of the second user and the first user and the response of the second user. It is preferred to store the information as historical information. The stored history information is evidence that the second user has listened to the voice of the first user and confirmed his or her identity. As a matter of course, it is obvious that the security of the password is strengthened because the second user confirms the first user by checking whether the first user is the identity of the first user, rather than receiving the personal information of the first user. have.
- the user identity verification unit 23 may provide a more extended identity verification service in parallel with the visit guide of the AS center, if the user's password is lost, the user's long-term memory.
- the user identity verification unit 23 may perform authentication processing for a plurality of second users, respectively. Assuming that n (n> 1) second users are registered in the DB by the first user, n authentication results are collected by mediating a telephone call to each second user. Of course, the user authentication process succeeds only when all n authentication results are successful. Since n second users confirm the identity of the first user n times, it is natural that authentication of identity verification is further strengthened. Moreover, it is obvious that it is more convenient for a user to authenticate online using n second users than directly visiting the AS center for the release of the lost password in the state of long-term memory.
- FIG. 4 is a schematic illustration of a user identification service provided by the call connection server 3 according to an embodiment of the present invention.
- the call connection server 3 handles ARS call mediation and authentication between the first user and the second user in the authentication using the second user.
- the call connection server 3 receives event occurrence information including the telephone numbers of the first user and the second user from the user terminal 2. Receive.
- the second user may be randomly selected among the plurality of users or selected by the first user.
- the call connection server 3 mediates the connection of the ARS call between the first user and the second user.
- the call connection server 3 sends out a guide voice so that the question about the first user is answered through the second user.
- the first user may transmit a response to the second user by voice
- the second user may receive a response by the first user's voice and answer the received response to confirm that the first user is himself. .
- the call connection server 3 transmits the result of the identity verification to the user terminal 2.
- the user terminal 2 releases the lost state of the password if the result of the received identity verification process is successful.
- the call connection server 3 may transmit an SMS to the first user or the second user, and receive a voice input from the second user who is connected to the call using the transmitted authentication code.
- the second user may check the voice of the first user during a call with the first user and may respond with a valid authentication code if the first user is correct.
- the second user after SMS sending the authentication code to the first user, the second user naturally receives a response of the second user by inducing a conversation to receive the authentication code from the first user during the call.
- the call connection server 3 may receive a button input response or a voice response from the second user, and there is no particular limitation.
- the authentication code may be replaced with other information as long as the second user receives a response from the first user in a conversation during a call and can answer the delivered response.
- the lost password processing method using the user long-term storage of the password according to an embodiment of the present invention can be preferably realized through the construction of the lost password processing system 1 described above.
- FIG. 5 is a schematic flowchart of an authentication process provided by a lost password processing method according to an embodiment of the present invention.
- the user terminal 2 stores the long-term storage condition registered from the administrator in the DB (S201).
- the user terminal 2 receives at least one of the reference success time and the reference success number registered by the administrator so that the user can determine whether the user remembers the password for a long time.
- the user terminal 2 receives a user identification means for confirming whether the user is the user when a lost password is generated.
- the identity verification means such as password, question / answer method, certificate method, OTP method. If the user registers the phone number information of the second user according to the second user authentication method, whether or not the user is the user is confirmed by the second user, so that the user terminal 2 provides an enhanced identity authentication service. It is possible.
- the user terminal 2 After the long term storage condition is registered, when a password input event occurs in the user terminal 2 (S202), the user terminal 2 compares the input password with a previously stored password and determines that authentication is successful. The authentication process is performed (S203).
- the user terminal 2 If the user's password authentication is successful (S204), the user terminal 2 counts the success time or the number of successes of the password that have passed so far as password success information (S205). As the authentication of the password succeeds, the user terminal 2 provides a corresponding service. If the user's password authentication fails (S204), the lost password determination and release process described later with reference to Fig. 6 is executed (S206).
- the user terminal 2 compares the success information counted in real time with the reference information registered in the DB, and if the success information exceeds the reference information, whether the user is satisfied with the long term storage condition for the first time. It is determined (S207).
- the user terminal 2 may obtain the agreement by outputting the fact that the long-term storage condition of the user is satisfied (S208).
- the user terminal 2 initializes the information of the real time counted success time or the number of successes to extend the user's short-term memory state.
- FIG. 6 is a schematic flowchart of a process of processing a determination and release processing step S206 of a lost password in FIG. 5.
- the user terminal 2 determines whether the password for which authentication has failed is a lost password (S211). If authentication of the password has failed in succession more than a predetermined number of times, the user terminal 2 determines that the user has forgotten the password. If the password is not lost, the user attempts to re-enter the password through step S202.
- the user terminal 2 determines whether the user who has lost the password satisfies the long-term storage condition (S212). If it is determined that the user does not remember the password for a long time (short-term memory), the user terminal 2 provides a user identification service to confirm whether the user is the user (S213).
- the user terminal 2 confirms the identity of the user by inquiring about the identity verification means set by the user. If the inquired identity verification means confirms the identity of the first user who has forgotten the password by the second user, the user terminal 2 provides the enhanced identity verification service to the user.
- the user terminal 2 releases the lost state of the password (S216).
- the user terminal 2 outputs the lost password or the temporary temporary password on the screen to support the user to succeed in the authentication of the password.
- FIG. 7 is a schematic flowchart of an enhanced identity verification service that processes the user identity verification step S213 in FIG. 6.
- the present invention provides an enhanced identity verification service for verifying that a first user is the identity of a user through a second user for identity verification.
- the call connection server 3 receives event information for which a lost password of a short-term storage state is generated from the user terminal 2 and receives a request for connection of an ARS call (S221).
- the event information includes phone number information of the first user who has forgotten the password and the second user designated by the first user.
- the call connection server 3 connects the ARS call between the first user and the second user (S222).
- the call connection server 3 may send an authentication code via SMS to request input of the authentication code or to request input of a response to a question regarding the first user. Thereafter, the call connection server 3 receives a response to the requested question from the second user (S224).
- the call connection server 3 when the call connection server 3 asks the first user a question and then requests a response from the second user, the first user can transmit a response to the second user by voice during the call, so that a conversation is naturally induced.
- the question and answer may be preset by the first user (eg, favorite color or number, nickname, school name, etc.).
- the information may be some information (eg, city or ward where you live, the first digit or the last digit of the phone number, etc.) of the first user's address or phone number.
- the call connection server (3) said, "If the first user is correct, the second user presses 1, and the second user presses 2 if the first user is correct. You can also output the guidance voice "". The second user then has a natural conversation with the first user and can identify that the first user is right.
- the call connection server 3 compares the received response with the response stored in the DB and determines that the identity verification is successful. The call connection server 3 then responds to the user terminal 2 with the result of the identity verification process.
- the user terminal 2 may exclude the user identification service using online and guide the user to visit the AS center to perform the user identification service offline.
- Offline authentication which requires a visit to an after-sales service, is one of the strongest means of identity authentication as face-to-face authentication of employees and customers.
- the present invention can provide a more extended identity authentication service to the first user by using the identity of the first user by the second user.
- the call connection server 3 may request identity verification of the first user by mediating the ARS call connection to two or more or all second users among the plurality of second users designated by the first user. Since two or more second users confirm that they are correct for the first user, the authentication confirmation of the second user is highly reliable. Therefore, since the first user is identified based on high reliability, even if the third user knows the personal information of the first user, it is impossible to deceive all the plurality of second users. Voice verification of the first user by two second users over the telephone call is reliable for the authentication processing result of the identity verification to replace the visit authentication of the AS center. It is therefore more convenient for a first user who is difficult to visit an AS center to use multiple second user authentications as an alternative.
- the term " ⁇ part" is not used to mean a hardware division of the lost password processing system 1. Therefore, a plurality of components may be integrated into one component, or one component may be divided into a plurality of components.
- the component may mean a hardware component, but may also mean a component of software. Therefore, it is to be understood that the present invention is not particularly limited by the term "part”.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims (24)
- 사용자가 패스워드를 장기 기억하고 있는지가 판단되는 장기 기억 조건을 등록받는 장기 기억 조건 등록부;상기 패스워드의 인증 처리시마다, 사용자의 상기 장기 기억 조건의 여부를 판단하는 장기 기억 조건 판단부;상기 패스워드의 인증 실패로 인해 분실 패스워드의 발생이 판단된 후, 사용자의 장기 기억이 아닌 것으로 판단되면 패스워드 설정시 등록된 사용자 본인 확인 방식으로 인증 처리하고, 사용자의 장기 기억으로 판단되면 등록된 상기 본인 확인 방식보다 인증 절차가 더 강화된 사용자 본인 확인 방식으로 인증 처리하는 사용자 본인 확인부; 및상기 사용자 본인 확인이 성공되면, 상기 사용자 단말에서 분실 패스워드의 발생 상태를 해제 처리하는 분실 상태 해제부를 포함하는 사용자 단말을 포함하는 것을 특징으로 하는 분실 패스워드 처리 시스템.
- 제 1항에 있어서,상기 장기 기억 조건은,패스워드가 설정된 이후부터 경과되는 시간이 카운팅되는 기준 성공 시간 및 패스워드가 설정된 이후부터 인증 성공이 카운팅되는 기준 성공 횟수 중에서 적어도 하나를 포함하는 것을 특징으로 하는 분실 패스워드 처리 시스템.
- 제 1항 또는 제 2항에 있어서,상기 사용자 단말은,패스워드가 설정된 이후부터 경과된 시간을 카운팅하는 성공 시간 수집부; 및패스워드가 설정된 이후부터 인증 성공된 인증 성공 횟수를 카운팅하는 성공 횟수 수집부를 더 포함하는 것을 특징으로 하는 분실 패스워드 처리 시스템.
- 제 1항에 있어서,상기 사용자 단말은,설정된 패스워드가 상기 장기 기억 조건을 최초로 만족할 때마다, 조건이 만족된 사실을 사용자에게 안내하고, 조건의 만족이 등록되는 것에 대해 동의를 받는 장기 기억 전환부를 더 포함하는 것을 특징으로 하는 분실 패스워드 처리 시스템.
- 제 4항에 있어서,상기 장기 기억 전환부는,상기 동의를 사용자로부터 거부당하는 경우, 상기 장기 기억 조건에 포함된 카운팅 정보를 초기화하는 것을 특징으로 하는 분실 패스워드 처리 시스템.
- 제 1항에 있어서,상기 사용자 단말은,상기 장기 기억 조건이 만족되지 않은 것으로 판단되면, 상기 사용자 본인 확인의 처리를 생략하고 신규 패스워드의 설정 화면을 출력하는 것을 특징으로 하는 분실 패스워드 처리 시스템.
- 제 1항에 있어서,상기 사용자 단말은,상기 장기 기억 조건이 만족되는 것으로 판단되면, 상기 사용자 본인 확인의 처리를 제공할 수 없고 대신에 사용자의 인증 센터 방문을 요구하는 안내문을 화면에 출력하는 것을 특징으로 하는 분실 패스워드 처리 시스템.
- 제 1항에 있어서,상기 사용자 단말은,패스워드 입력을 요구하는 패스워드 모드;상기 패스워드 모드에서 분실 패스워드의 발생이 판단된 후, 장기 기억 조건이 불만족이면 사용자 본인 확인을 요구하는 사용자 본인 확인 모드; 및 장기 기억 조건이 만족이면 사용자 조작을 불허하는 잠금 모드로 모드 상태를 전환하는 것을 특징으로 하는 분실 패스워드 처리 시스템.
- 제 1항에 있어서,상기 사용자 단말은,패스워드 설정시마다 분실 패스워드가 발생되는 것을 대비하여 패스워드를 분실한 제 1사용자의 본인 여부를 확인해줄 적어도 한 명의 제 2사용자의 사용자 정보를 등록받는 본인 확인 사용자부를 더 포함하고,상기 사용자 본인 확인부는 제 2사용자에 의해 제 1사용자가 본인인지 여부가 응답된 답변을 인증 처리하는 것을 특징으로 하는 분실 패스워드 처리 시스템.
- 제 9항에 있어서,상기 사용자 단말로부터 분실 패스워드의 발생 이벤트를 전송받고, 제 1사용자와 제 2사용자의 자동 응답 통화를 연결하고, 연결된 통화에 의해 제 1사용자를 확인한 제 2사용자로부터 입력된 응답을 전송받고, 전송된 응답을 인증 처리하는 통화 연결 서버를 더 포함하는 것을 특징으로 하는 분실 패스워드 처리 시스템.
- 제 10항에 있어서,상기 통화 연결 서버는,통화의 연결 중에 제 2사용자에게 소정의 응답을 요구하고, 제 2사용자가 제 1사용자로부터 전해들은 응답을 제 2사용자로부터 응답받는 것을 특징으로 하는 분실 패스워드 처리 시스템.
- 제 10항에 있어서,상기 통화 연결 서버는,상기 장기 기억 조건이 만족되는 것으로 판단되면, n(n>1)명의 제 2사용자들을 대상으로 제 1사용자와 자동 응답 통화를 연결하고, 제 2사용자들로부터 응답된 n개의 응답이 모두 성공되는 경우, 상기 사용자 본인 확인이 성공된 것으로 판단하는 것을 특징으로 하는 분실 패스워드 처리 시스템.
- 사용자 단말이 분실된 패스워드의 상태를 해제하는 분실 패스워드 처리 방법에 있어서,(a)사용자가 패스워드를 장기 기억하고 있는지가 판단되는 장기 기억 조건을 등록받는 장기 기억 조건 등록 단계;(b)사용자로부터 입력받은 패스워드의 인증 처리시마다, 상기 장기 기억 조건을 판단하는 장기 기억 조건 판단 단계;(c)상기 패스워드가 인증 실패되어 분실 패스워드가 발생된 후, 사용자의 장기 기억이 아닌 것으로 판단되면 패스워드 설정시 등록된 사용자 본인 확인 방식으로 인증 처리하고, 사용자의 장기 기억으로 판단되면 등록된 상기 본인 확인 방식보다 인증 절차가 더 강화된 사용자 본인 확인 방식으로 인증 처리하는 사용자 본인 확인 단계; 및(d)상기 사용자 본인 확인이 성공되면, 상기 사용자 단말에서 분실 패스워드의 발생 상태를 해제 처리하는 분실 상태 해제 단계를 실행하는 것을 특징으로 하는 분실 패스워드 처리 방법.
- 제 13항에 있어서,상기 단계(a)는,상기 사용자 단말이, 패스워드가 설정된 이후부터 시간이 카운팅되는 기준 성공 시간 및 패스워드가 설정된 이후부터 인증 성공이 카운팅되는 기준 성공 횟수 중에서 적어도 하나를 상기 장기 기억 조건으로 등록받는 단계인 것을 특징으로 하는 분실 패스워드 처리 방법.
- 제 14항에 있어서,상기 단계(b) 이전에, 상기 사용자 단말은 패스워드 인증을 처리할 때마다,패스워드가 설정된 이후부터 경과된 시간을 카운팅하는 단계; 및패스워드가 설정된 이후부터 인증 성공된 인증 성공 횟수를 카운팅하는 단계를 더 실행하는 것을 특징으로 하는 분실 패스워드 처리 방법.
- 제 15항에 있어서,상기 단계(a) 이후에,상기 사용자 단말은, 설정된 패스워드가 상기 장기 기억 조건을 최초로 만족할 때마다, 조건이 만족된 사실을 사용자에게 안내하고, 조건의 만족이 등록되는 것에 대해 동의를 받는 단계를 더 실행하는 것을 특징으로 하는 분실 패스워드 처리 방법.
- 제 16항에 있어서,상기 사용자 단말은,상기 동의를 사용자로부터 거부당하는 경우, 상기 장기 기억 조건에 포함된 카운팅 정보를 초기화하는 단계를 더 실행하는 것을 특징으로 하는 분실 패스워드 처리 방법.
- 제 13항에 있어서,상기 단계(b)는,상기 사용자 단말이 패스워드가 설정된 이후부터 카운팅된 시간이 기준 성공 시간을 초과했는지의 제 1조건 및 패스워드가 설정된 이후부터 패스워드의 인증 성공이 카운팅되는 성공 횟수가 기준 성공 횟수를 초과했는지의 제 2조건 중에서 적어도 하나의 조건을 상기 장기 기억 조건으로 판단하고, 초과된 경우 상기 장기 기억 조건의 만족으로 판단하는 단계인 것을 특징으로 하는 분실 패스워드 처리 방법.
- 제 13항에 있어서,상기 단계(c)는,상기 사용자 단말이 사용자가 상기 장기 기억 조건에 만족되지 않은 것으로 판단하면, 등록된 상기 사용자 본인 확인 방식에 의해 상기 사용자 본인 확인의 처리를 생략하고 신규 패스워드의 설정 화면을 출력하는 것을 특징으로 하는 분실 패스워드 처리 방법.
- 제 13항 또는 제 19항에 있어서,상기 단계(c)는,상기 사용자 단말이 사용자가 상기 장기 기억 조건이 만족되는 것으로 판단하면, 상기 사용자 본인 확인의 처리를 제공하는 대신에 사용자의 인증 센터 방문을 요구하는 안내문을 화면에 출력하는 단계를 실행하는 것을 특징으로 하는 분실 패스워드 처리 방법.
- 제 13항에 있어서,상기 단계(a)는,상기 사용자 단말이 패스워드 설정시마다 분실 패스워드가 발생되는 것을 대비하여 패스워드를 분실한 제 1사용자의 본인 여부를 확인해줄 적어도 한 명의 제 2사용자의 사용자 정보를 등록받는 단계를 더 포함하고,상기 단계(c)는,상기 사용자 단말이 제 2사용자에 의해 제 1사용자가 본인인지 여부가 응답된 답변을 인증 처리하는 단계인 것을 특징으로 하는 분실 패스워드 처리 방법.
- 제 21항에 있어서,상기 단계(c)는, 통화 연결 서버가 실행하는 단계로서,상기 사용자 단말로부터 분실 패스워드의 발생 이벤트를 전송받는 단계;제 1사용자와 제 2사용자의 자동 응답 통화를 연결하는 단계;연결된 통화에 의해 제 1사용자를 확인한 제 2사용자로부터 입력된 응답을 전송받는 단계; 및전송된 응답을 인증 처리하고 처리 결과를 상기 사용자 단말로 전송하는 단계를 포함하는 것을 특징으로 하는 분실 패스워드 처리 방법.
- 제 22항에 있어서,상기 통화 연결 서버는,통화의 연결 중에 제 2사용자에게 소정의 응답을 요구하고, 제 2사용자가 제 1사용자로부터 전해들은 응답을 제 2사용자로부터 응답받는 단계를 실행하는 것을 특징으로 하는 분실 패스워드 처리 방법.
- 제 22항에 있어서,상기 통화 연결 서버는,상기 장기 기억 조건이 만족되는 것으로 판단되면, n(n>1)명의 제 2사용자들을 대상으로 제 1사용자와 자동 응답 통화를 연결하고, 제 2사용자들로부터 응답된 n개의 응답이 모두 성공되는 경우, 상기 사용자 본인 확인이 성공된 것으로 판단하는 단계를 더 실행하는 것을 특징으로 하는 분실 패스워드 처리 방법.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201380051631.XA CN104685856B (zh) | 2012-08-01 | 2013-08-01 | 用于使用用户密码长期记忆来处理遗失密码的系统和方法 |
US14/418,830 US9684782B2 (en) | 2012-08-01 | 2013-08-01 | System for processing lost password using password long-term memory of user, and method for processing lost password |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2012-0084624 | 2012-08-01 | ||
KR20120084624 | 2012-08-01 | ||
KR10-2012-0105590 | 2012-09-24 | ||
KR20120105590 | 2012-09-24 | ||
KR10-2013-0090892 | 2013-07-31 | ||
KR1020130090892A KR101416538B1 (ko) | 2012-08-01 | 2013-07-31 | 패스워드의 사용자 장기 기억을 이용하는 분실 패스워드 처리 시스템 및 분실 패스워드 처리 방법 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014021668A1 true WO2014021668A1 (ko) | 2014-02-06 |
Family
ID=50028270
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2013/006964 WO2014021668A1 (ko) | 2012-08-01 | 2013-08-01 | 패스워드의 사용자 장기 기억을 이용하는 분실 패스워드 처리 시스템 및 분실 패스워드 처리 방법 |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2014021668A1 (ko) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20050006971A (ko) * | 2003-07-10 | 2005-01-17 | 엘지전자 주식회사 | 이동 통신 단말기의 사용자 인증 방법 |
KR20060058604A (ko) * | 2004-11-25 | 2006-05-30 | 주식회사 팬택 | 잠금 해제를 위한 비밀번호 생성 기능을 가지는무선통신단말기 및 그 방법 |
KR100756336B1 (ko) * | 2006-09-21 | 2007-09-06 | 삼성전자주식회사 | 이동 통신 단말기의 비밀 번호 알림 방법 및 장치 |
KR20120088982A (ko) * | 2011-02-01 | 2012-08-09 | 주식회사 에스원 | 비밀번호 관리 시스템 및 그 관리 방법 |
-
2013
- 2013-08-01 WO PCT/KR2013/006964 patent/WO2014021668A1/ko active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20050006971A (ko) * | 2003-07-10 | 2005-01-17 | 엘지전자 주식회사 | 이동 통신 단말기의 사용자 인증 방법 |
KR20060058604A (ko) * | 2004-11-25 | 2006-05-30 | 주식회사 팬택 | 잠금 해제를 위한 비밀번호 생성 기능을 가지는무선통신단말기 및 그 방법 |
KR100756336B1 (ko) * | 2006-09-21 | 2007-09-06 | 삼성전자주식회사 | 이동 통신 단말기의 비밀 번호 알림 방법 및 장치 |
KR20120088982A (ko) * | 2011-02-01 | 2012-08-09 | 주식회사 에스원 | 비밀번호 관리 시스템 및 그 관리 방법 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP2768876B2 (ja) | 通話への課金に用いられる預金口座にアクセスする方法 | |
CN100461686C (zh) | 生物统计学验证的vlan的系统及方法 | |
JPH07131526A (ja) | 中央防護制御システム | |
WO2017217808A1 (ko) | 모바일 인증방법 및 그 시스템 | |
WO2022045419A1 (ko) | 블록체인 네트워크 기반의 분산 아이디를 이용한 운전 면허증 인증 서비스 방법 및 운전 면허증 인증 서비스를 수행하는 사용자 단말 | |
WO2021145555A1 (ko) | 블록 체인을 기반으로 한 다중 노드 인증 방법 및 이를 위한 장치 | |
RU2642483C2 (ru) | Способ и устройство для доступа к конференции | |
CN103166962B (zh) | 基于绑定号码鉴权机制实现sip终端安全拨打的方法 | |
JP2011077835A (ja) | インターホンシステム | |
KR101416538B1 (ko) | 패스워드의 사용자 장기 기억을 이용하는 분실 패스워드 처리 시스템 및 분실 패스워드 처리 방법 | |
JP2002229951A (ja) | 本人認証システム | |
WO2012026793A2 (ko) | 바이오 정보를 이용한 부인방지 본인확인 검증 시스템 및 방법 | |
JP2007247346A (ja) | 電子錠システム、方法、プログラム、電子錠、サーバ及び携帯電話機 | |
WO2021206289A1 (ko) | 유저 인증방법, 장치 및 프로그램 | |
US20080282331A1 (en) | User Provisioning With Multi-Factor Authentication | |
JP5536511B2 (ja) | 携帯電話機を用いた本人認証のための認証装置、認証システム、認証プログラム及び認証方法 | |
WO2017078358A1 (ko) | 생체 인식을 통한 보안 통신 시스템 및 방법 | |
JP2010119048A (ja) | 接続制御装置、及び、接続制御方法 | |
WO2014021668A1 (ko) | 패스워드의 사용자 장기 기억을 이용하는 분실 패스워드 처리 시스템 및 분실 패스워드 처리 방법 | |
WO2017115965A1 (ko) | 복수 단말에서 자필서명을 이용한 본인 확인 시스템 및 방법 | |
WO2017197766A1 (zh) | 通话方法和装置 | |
WO2015026183A1 (ko) | Sw 토큰을 이용한 오프라인 로그인 방법 및 이를 적용한 모바일 기기 | |
WO2021071295A1 (ko) | 동일성 인증 시스템 및 그 방법 | |
JP3230653U (ja) | 生体認証に連動するvpn接続制御装置 | |
KR101071023B1 (ko) | 휴대폰을 이용한 본인 인증 처리 장치 및 그 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13825542 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14418830 Country of ref document: US |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: OTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 16.07.2015) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13825542 Country of ref document: EP Kind code of ref document: A1 |