WO2015034160A1 - Procédé d'authentification de mot de passe à l'aide de mémoire définie par l'utilisateur - Google Patents

Procédé d'authentification de mot de passe à l'aide de mémoire définie par l'utilisateur Download PDF

Info

Publication number
WO2015034160A1
WO2015034160A1 PCT/KR2014/004536 KR2014004536W WO2015034160A1 WO 2015034160 A1 WO2015034160 A1 WO 2015034160A1 KR 2014004536 W KR2014004536 W KR 2014004536W WO 2015034160 A1 WO2015034160 A1 WO 2015034160A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
user
extracted
authentication
input
Prior art date
Application number
PCT/KR2014/004536
Other languages
English (en)
Korean (ko)
Inventor
김동순
김선영
Original Assignee
Kim Dong Soon
Kim Sun Young
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kim Dong Soon, Kim Sun Young filed Critical Kim Dong Soon
Publication of WO2015034160A1 publication Critical patent/WO2015034160A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications

Definitions

  • the present invention relates to a method for setting a stand-alone OTP (one time password), and relates to an algorithm for generating an OTP using a combination of a set password and a non-set password without a separate terminal.
  • a security card is used as an authentication means to ensure the safety. That is, about 30 security cards are used as one of the user authentication means, and different 4-digit random numbers are provided for each user in the form of a random number.
  • the method is one step higher than this method, and a one-time password generator, an OTP (One Time Password) device, or a hardware security module (HSM) is used. Built-in financial authentication IC devices are used.
  • OTP One Time Password
  • HSM hardware security module
  • the OTP device is a random number generating device that generates a one-time password having a different arrangement every time a password is generated using a programmed and stored OTP generating program.
  • the OTP may be generated in hardware through an OTP device designed to generate an OTP, or may be generated in software through a program module included in a terminal device.
  • the OTP device Since the OTP device generates a password composed of different numbers every time a one-time password is generated, it is possible to generate a myriad of passwords and excellent security.
  • the present invention is to solve the above-mentioned problems of the prior art, some embodiments of the present invention keylogging the number input by the method of enhanced security while using the password input authentication method using the existing PIN as It is intended to provide a security method that cannot be found at a time by methods such as shoulder surfing.
  • Patent Document 1 Domestic application No. 10-2005-0040016 is a preparatory step (S110) SPU reads the source password of the user ID stored in the memory, and the display unit displays the shift transformation value of the matrix in the form of a matrix In step S120, the SPU receives the virtual password through the input unit (S130), and compares the virtual password input through the input unit with the virtual password calculated from the source password obtained in step S110 Disclosed is a method for inputting and interpreting secret information comprising a step (S140) of determining whether virtual passwords match.
  • Patent Document 2 Korean Application No. 10-2010-0108209 is a one-time password authentication method for providing a user with a table for receiving a character stream corresponding to the PIN number owned by the user for the one-time password generation request A process of creating a table, receiving a character stream input by a user with reference to the table and the pin number, converting the received character stream into coordinate values corresponding to the table, and transferring the received character stream to the security server as a one-time password, One-time password authentication including reconstructing the one-time password received by the user into a character stream based on a table presented to the user, comparing the sequence with the sequence of characters to which the PIN number belongs, and authenticating the user if the two sequences match each other.
  • Method and a suitable authentication device It has set forth.
  • Patent Document 3 Korean Application No. 10-2012-0131233 relates to a user authentication method using a plurality of one-time passwords, and more specifically, as a user authentication method using a one-time password, (1) Mobile OTP to a security server A smart device registered as a device receives a password through a mobile OTP application program (2) The smart device decrypts an encrypted seed using the received password (3) The smart device, Generating a plurality of one-time passwords using decrypted seed and time information (4) receiving, by the security server, any one of the generated one-time passwords and login information from a user terminal (5) the security The server extracts the seed registered in the user account using the received login information, Generating a plurality of one-time passwords using the extracted seeds and the time information; and (6) the plurality of one-time passwords generated by the security server by the security server in the step (5).
  • a user authentication method using a plurality of one-time passwords which includes the step of processing user authentication if it matches
  • Patent Document 4 In the above prior art, when an initial password, which is a constituent feature of the present invention, is set, and a set password is required to be input, a part of the set password is randomly selected and excluded, and the excluded password is combined with an unset password. By randomly displaying on the screen and entering a password other than the unmarked password, it is different from the password authentication method based on the memory of the user who can solve the set password.
  • the present invention has been proposed to solve the above problems of the conventionally proposed methods, when setting an initial password and inputting the set password, it is necessary to select a portion of the set password at random except the excluded password It is an object of the present invention to provide an algorithm and an authentication method for generating an OTP capable of solving a set password by inputting a password other than a password which is randomly displayed on the screen in combination with an unset password.
  • a password authentication method based on user memory is a user authentication method using a one-time password, the user sets the first password in the electrical and electronic device having an input unit, a display unit and a determination unit
  • a method of authenticating and storing a password if necessary Randomly extracting a part of the password from among the set passwords; Generating and displaying an imaginary number by combining the extracted password and an imaginary number; Comparing the displayed imaginary password with the initially set password, extracting the set password shown in the displayed imaginary number, and inputting the combined password; And a step of performing authentication process by comparing the input combination password with the setting password.
  • Another method of authenticating a password based on user memory is a user authentication method using a one-time password, in which the user sets and stores an initial password in an electric and electronic device having an input unit, a display unit, and a determination unit.
  • What is claimed is: 1. A method for authenticating a set password; Randomly extracting a part of the password from the set password to separate the extracted number from the extracted number; Generating and displaying an imaginary number by combining the extracted password and an imaginary number; Comparing the displayed imaginary number with the initially set password, extracting a password that does not appear in the displayed imaginary number, and inputting the combined password; And a step of authenticating and comparing the input combination password with the non-extracted password.
  • the first password is characterized by two or more combinations of ASCII code characters including ten digits and symbols from 0 to 9, and the sequence of numbers inputted by the generated imaginary number and the combination password is randomly written or Characterized by the input, the number of the first input password is 4-8 digits, the imaginary number combined with the extracted password is characterized in that 4-8 digits.
  • the authentication method is applied mobile device and computer complementary system, digital door lock, password input system, ATM (ATM), Internet banking, mobile banking, bank account password, card payment system, card password, Internet games, Internet password, etc. And an input unit, a display unit, and a determination unit.
  • ATM ATM
  • Internet banking mobile banking, bank account password, card payment system, card password, Internet games, Internet password, etc.
  • an input unit a display unit, and a determination unit.
  • the password authentication method based on the user memory proposed in the present invention by setting only a portion of the set password at random every time on the screen, not part of the password, to prevent the whole password is exposed at once, each time a new combination of Since the password is generated, it is possible to dramatically lower the probability of exposing the password of the mobile and the terminal, and the randomly generated password also has an effect that can be easily solved only by the memory of the setter without a separate authentication procedure or a separate design.
  • FIG. 1 is a schematic diagram showing a password authentication method based on user memory of the present invention.
  • FIG. 2 is a flowchart showing an authentication method of the present invention.
  • FIG. 3 illustrates an example of five set passwords, a number displayed on a screen, and an input password according to an embodiment.
  • FIG. 4 illustrates an example of six set passwords, a number displayed on a screen, and an input password according to an embodiment of the present invention.
  • FIG. 5 is another schematic diagram showing the password authentication method based on the user memory of the present invention.
  • FIG. 6 is a flow chart showing another password authentication method of the present invention.
  • FIG. 7 illustrates an example of seven set passwords, a number displayed on a screen, and an input password according to another embodiment of the present invention.
  • a method for authenticating a set password when a user sets and stores an initial password includes: extracting a portion of the password randomly from the set password; Generating and displaying an imaginary number by combining the extracted password and an imaginary number; Comparing the displayed imaginary password with the initially set password, extracting the set password shown in the displayed imaginary number, and inputting the combined password; The authentication process is performed by comparing the input combination password with the setting password.
  • FIG. 2 is a flow chart illustrating an authentication method of the present invention, the authentication method first set the initial password in a mobile device, etc. in the same manner as a general password setting method, and after setting the password, authentication through a device such as a mobile or bank terminal When proceeding to the required procedure proceeds to the password is generated and enter the password based on the user memory described with the embodiment as follows.
  • the set password may be stored in the personal information data column, and may be stored in the password storage memory.
  • Randomly excluded passwords can be stored in random access memory (RAM) and used for lookup.
  • the user checks the display number except the imaginary number among the numbers displayed on the screen and inputs them in order or randomly in the input window.
  • the entered password is compared with the stored memory value to determine whether the entered character is included in the stored password and authenticate.
  • an authentication password is generated by combining a password input by a user and a password that is randomly excluded, and the authentication may be completed when the generated authentication password matches the first stored memory value password.
  • FIG. 3 shows an example of the set five passwords and numbers and input passwords displayed on the screen, according to an embodiment of the present invention
  • Figure 4 is a set of six passwords and numbers and input passwords displayed on the screen according to an embodiment of the present invention An example is shown.
  • FIG. 3 is an example of setting five passwords as one embodiment of the present invention and not displaying two random numbers including one or more passwords on the screen. Can be changed and numbers displayed on the screen can also be displayed in order or randomly.
  • the four numbers on the screen are entered in the same order as the previously stored password, except for hidden numbers among the stored password numbers on the screen. In this case, even though the number entered first through hacking is known to the outside. As the number of cases varies, the probability of leaking information is more than ten times less.
  • FIG. 4 illustrates an example of six set passwords, a number displayed on a screen, and an input password according to an embodiment of the present invention.
  • six passwords are set as one embodiment of the present invention, and two or more passwords are randomly hidden.
  • four of the eight numbers displayed on the screen are entered in the order of the stored password.
  • Hidden numbers are randomly changed according to the input time, and even if exposed once by hacking, the next input password is changed by random conversion to protect personal information.
  • the first password inputted above is one or more digits combining ASCII code characters including 10 numbers and symbols from 0-9, and the order of the numbers inputted by the generated imaginary number and the combination password is randomly marked or entered. It may consist of. The order of numbers inputted by the generated imaginary number and the combination password is written or entered randomly. The number of the first input password is 4-8 digits, and the imaginary number combined with the extracted password may be 4-8 digits. have.
  • the number of cases is limited to 10 unit digits, and the number of cases can be increased because it is expanded to alphabets, special characters, and numbers.
  • the randomly extracted password may include an OTP generation module as a mobile OTP application program. That is, the OTP generation module may generate a password selected from a set password through a random number generation algorithm, and the smart device may act as a mobile OTP device through the OTP generation module.
  • the mobile OTP application program can further enhance the security of the smart device by further including an input security solution or a smart security solution, It can cope with security of login information, malicious code and virus.
  • a security server can be placed to secure the password.
  • the security server may be a server that performs a secure login or financial transaction by authenticating a user using the input password.
  • the security server allows the connection of smart devices and user terminals through a network including the Internet, an intranet, a wired / wireless communication network, a mobile communication network, and the like, and transmits and receives various signals and data.
  • the security server registers the initial password in the user account, and generates a password for display using a combination of the number extracted from the password and an imaginary number when entering the login information, and responds to the password for the user by comparing the user with the password entered. Authentication can be performed.
  • the entire password is prevented from being exposed at once.
  • the generated password is extracted each time a new combination of passwords, and the extracted password is generated as a display password combined with a certain number of imaginary numbers selected, it can significantly lower the probability of exposing the password of the mobile and the terminal.
  • FIG. 5 is another schematic diagram showing the password authentication method based on the user memory of the present invention.
  • a step of separating and extracting the extracted number and the unextracted number by randomly extracting a part of the password from a set password by a user setting and storing an initial password and setting a password if necessary; Generating and displaying an imaginary number by combining the extracted password and an imaginary number; Comparing the displayed imaginary number with the initially set password, extracting a password that does not appear in the displayed imaginary number, and inputting the combined password;
  • the authentication process is performed by comparing the input combination password with the extracted password.
  • the authentication method is first set the initial password in a mobile device, etc. in the same manner as a general password setting method, and after setting the password, authentication through a device such as a mobile or bank terminal When proceeding to the required procedure proceeds to the password is generated and enter the password based on the user memory described with the embodiment as follows.
  • the set password may be stored in the personal information data column, and may be stored in the password storage memory.
  • Randomly excluded passwords can be stored in random access memory (RAM) and used for lookup.
  • the user inputs a password which is not displayed by comparing the password entered for the first time with the remaining password except the imaginary number among the display numbers displayed on the screen in order or randomly.
  • the password entered is randomly excluded.
  • the password is stored in RAM [random access memory] and compared to the stored memory value for inquiry to determine whether it is matched or authenticated by the extracted password or combination with the extracted password.
  • the authentication can be completed when the generated authentication password matches the generated memory password and the password that was originally stored.
  • FIG. 7 illustrates an example of set seven passwords and numbers and input passwords displayed on a screen, according to an exemplary embodiment.
  • authenticating by this procedure for example, specify a password with five numbers, hide two numbers including one password number and a random number, and display only the remaining eight numbers on the screen.
  • Keylogging or Shoulder Surfing multiply the number of cases where the password was previously exposed only once, but the number 2 of the two hidden numbers is not known and the part 5 is unknown. If you do this, you will get a total of 10 or more cases, and the combination of randomly hidden numbers can be 10 times more complementary than the existing password setting.
  • the system for implementing a password authentication method based on the user memory of the present invention is a mobile device and computer complementary system, digital door lock, password input system, ATM, Internet banking, mobile banking, bank account password, It is applicable to electric and electronic products such as card payment system, card password, internet game, and internet password.
  • a system for implementing a password authentication method based on user memory can be utilized in the above various types of devices, but the following describes an example of a condition including a smart device, a security server, and a user terminal.
  • a user may want to use various online services using various user terminals such as a computer, a laptop, a netbook, a PDA, a tablet PC, and at this time, a password may be required to use the online service safely.
  • Each one-time password is generated, and user authentication may be processed when the one-time password input from the smart device or the user terminal matches any one of the one-time password generated.
  • the smart device may be a terminal of a user registered as a mobile OTP device in a security server, and may install and execute a mobile OTP application program.
  • Smart devices refer to products that are not limited in function and that can be changed or extended in many ways through application programs, and may be smartphones, smart notes, tablet PCs, and smart cameras.
  • the smart device of the present invention is not limited to the types of terminals as listed.
  • the terminal is pre-registered as a mobile OTP device in a security server, and can store and decrypt an encrypted seed, and execute a mobile OTP application program. If it is possible to generate a plurality of one-time password, it can act as a smart device regardless of the specific terminal form.
  • the smart device of the present invention may serve as a mobile OTP device for generating a password by installing a mobile OTP application program, and the smart device may be registered in advance in a security server in order to use the mobile OTP device.
  • the encrypted password can be received from the security server and stored, and used for generating a one-time password.
  • a password can be conveniently and safely used without a separate device such as a PC.
  • the present invention randomly displays only a portion of the password generated only by the set password and the number combination on the screen every time, and does not mark a portion, thereby preventing the entire password from being exposed at once, and creating a new combination of passwords each time. It is possible to lower the probability of the password is exposed, and randomly generated passwords can also be applied to various electrical and electronic algorithms that can be easily authenticated based on the user's memory without a separate authentication procedure or a separate authentication device. There is industrial potential.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Telephone Function (AREA)

Abstract

La présente invention se rapporte à un mot de passe à usage unique indépendant (OTP), et à un algorithme pour générer ce dernier seulement avec une combinaison d'un mot de passe prédéfini et de nombres sans terminal séparé, qui : affiche de manière aléatoire uniquement une partie du mot de passe prédéfini sur un écran à chaque fois et n'affiche pas la partie restante de celui-ci, empêchant ainsi la totalité du mot de passe d'être exposée à un moment; génère le mot de passe ayant une nouvelle combinaison à chaque fois, réduisant ainsi la probabilité que les mots de passe de dispositifs mobiles et de terminaux soient exposés; et permet également au mot de passe généré de manière aléatoire d'être facilement résolu uniquement avec une mémoire d'un utilisateur qui définit le mot de passe, sans procédé d'authentification séparé ni dispositif distinct.
PCT/KR2014/004536 2013-09-03 2014-05-21 Procédé d'authentification de mot de passe à l'aide de mémoire définie par l'utilisateur WO2015034160A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2013-0105271 2013-09-03
KR1020130105271A KR101392537B1 (ko) 2013-09-03 2013-09-03 사용자 설정 기억을 이용한 비밀번호 인증 방법

Publications (1)

Publication Number Publication Date
WO2015034160A1 true WO2015034160A1 (fr) 2015-03-12

Family

ID=50893375

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2014/004536 WO2015034160A1 (fr) 2013-09-03 2014-05-21 Procédé d'authentification de mot de passe à l'aide de mémoire définie par l'utilisateur

Country Status (2)

Country Link
KR (1) KR101392537B1 (fr)
WO (1) WO2015034160A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016032050A1 (fr) * 2014-08-26 2016-03-03 주식회사 드림켓 Dispositif et procédé de définition et de saisie de mot de passe utilisateur
KR102437312B1 (ko) * 2015-07-21 2022-08-26 주식회사 하나은행 금융 서비스 제공 시스템 및 그의 인증 방법
KR102347812B1 (ko) * 2020-04-22 2022-01-06 에스케이매직 주식회사 전기 제품 및 전기 제품의 제어 방법
KR20230138766A (ko) 2022-03-24 2023-10-05 김용성 비밀번호 입력 힌트 표시 및 제어 방법

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007156601A (ja) * 2005-12-01 2007-06-21 Fujitsu Ltd 暗証番号認証方法および装置
KR20080109580A (ko) * 2007-06-12 2008-12-17 (주)솔메이즈 서버 인증 시스템 및 방법
KR20100020559A (ko) * 2008-08-13 2010-02-23 인영식 비밀번호 유출방지를 위한 비밀번호 입력장치 및 그 제어방법

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007156601A (ja) * 2005-12-01 2007-06-21 Fujitsu Ltd 暗証番号認証方法および装置
KR20080109580A (ko) * 2007-06-12 2008-12-17 (주)솔메이즈 서버 인증 시스템 및 방법
KR20100020559A (ko) * 2008-08-13 2010-02-23 인영식 비밀번호 유출방지를 위한 비밀번호 입력장치 및 그 제어방법

Also Published As

Publication number Publication date
KR101392537B1 (ko) 2014-05-07

Similar Documents

Publication Publication Date Title
US10572648B2 (en) Fraud resistant passcode entry system
US20190260747A1 (en) Securing a transaction performed from a non-secure terminal
JP5764203B2 (ja) パスワードキーの移動値を利用するパスワード安全入力システム及びそのパスワード安全入力方法
WO2020204444A2 (fr) Procédé de sécurité par clé secrète consistant en la distribution et le stockage de clé dans un noeud de chaîne de blocs et/ou un dispositif personnel renfermant une application portefeuille installée
US9684780B2 (en) Dynamic interactive identity authentication method and system
US20210271745A1 (en) Authentication Methods and Systems
US20070174628A1 (en) User authentication
WO2011118871A1 (fr) Procédé d'authentification et système utilisant un terminal mobile
WO2017057899A1 (fr) Système d'authentification intégré pour authentification grâce à des nombres aléatoires à usage unique
WO2015161565A1 (fr) Dispositif de vérification de mot de passe et procédé de vérification de mot de passe
JP2002536762A (ja) コンピュータ環境でアクセスコードを安全に入力するための方法および装置
US20160127134A1 (en) User authentication system and method
US8661532B2 (en) Method and apparatus for authenticating password
WO2015034160A1 (fr) Procédé d'authentification de mot de passe à l'aide de mémoire définie par l'utilisateur
WO2011136464A1 (fr) Système de saisie sécurisée de mot de passe utilisant une valeur de décalage d'une touche de mot de passe et son procédé de saisie sécurisée de mot de passe
US11727371B2 (en) Security key input system and method using one-time keypad
KR101272349B1 (ko) 복수의 일회용 비밀번호를 이용한 사용자 인증 방법
Guerar et al. Color wheel pin: Usable and resilient ATM authentication
CN107563180A (zh) 一种图形解锁方法、设备及存储介质
CN104021322A (zh) 一种电子签名方法、电子签名设备及电子签名客户端
CN108021813A (zh) 用于保护从非安全终端执行的交易的方法
KR20090013616A (ko) 서버 인증 코드를 이용한 서버 인증 시스템 및 방법
KR20100108490A (ko) 합성 이미지 기반 인증 프로토콜
CN101057444B (zh) 基于随机部分数字化路径识别的鉴别系统和方法
CN108022095A (zh) 用于将机密数据安全地发送到终端的用户的方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14841958

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14841958

Country of ref document: EP

Kind code of ref document: A1