WO2015037828A1 - Security authentication method and device for same - Google Patents
Security authentication method and device for same Download PDFInfo
- Publication number
- WO2015037828A1 WO2015037828A1 PCT/KR2014/006769 KR2014006769W WO2015037828A1 WO 2015037828 A1 WO2015037828 A1 WO 2015037828A1 KR 2014006769 W KR2014006769 W KR 2014006769W WO 2015037828 A1 WO2015037828 A1 WO 2015037828A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- secret
- user
- virtual
- authentication
- entity
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
Definitions
- the present invention relates to a security authentication technology, and more particularly, to a security authentication method for protecting user data from external hacking, and an apparatus therefor.
- a password authentication method is used as a general method for user authentication.
- the password authentication method stores the password initially input from the user, and compares the password input from the user with the previously stored password whenever necessary, and determines that the password authentication is successful.
- a technology for authenticating a user by using a touch pattern set by the user has been disclosed.
- Korean Patent Laid-Open No. 10-2009-0013432 discloses a portable terminal for authenticating a user using a pattern and a method of locking and releasing the same.
- Passwords have a variety of exposure possibilities.
- a third party can watch the user's password entry process and find out the password.
- the hacking program can find out the password by hacking the password input from the user terminal.
- a password authentication method is required to prevent a third party from using a password obtained even if the user's password is exposed to a third party, and a password input method is required to protect the user's password from a sneak attack.
- the present invention has been proposed to solve such a conventional problem, and an object thereof is to provide a security authentication method and apparatus for protecting the authentication data of a user from peeking attacks, hacking by malware, and the like.
- Another object of the present invention is to provide a security authentication method and an apparatus for the same, in which it is impossible for others to see the user's secret data even when the authentication data input screen is exposed to others.
- a method for performing security authentication of a user includes: receiving, by a safety input device, virtual data including an individual virtual code from an authentication server; Outputting, by the safety input device, a plurality of object selection interfaces in which each object is arranged and whose object position is changeable; Setting, by the safety input device, a plurality of entities arranged at the same position in each entity selection interface as a combination set when the position of the entity is determined; Checking, by the safety input device, the virtual code of each entity in the virtual data, and combining the virtual codes of each entity among the set combination sets to generate a plurality of multi-virtual codes classified by combination sets; And transmitting, by the safety input device, the generated plurality of virtual codes to the authentication server as authentication information of the user.
- the interface generation unit for receiving the virtual data including the virtual code for each object, and generates and outputs a plurality of object selection interface that each object is disposed and the object position is changeable; And when the position of the object is determined in the object selection interface, sets a plurality of objects arranged at the same position in each object selection interface as a combination set, checks the virtual code of each object in the virtual data, and then sets the virtual of each object.
- a multi-virtual code generating unit that combines the above-described combination sets and generates a plurality of multi-virtual codes classified by combination sets as security authentication information of a user.
- an authentication apparatus includes: a storage unit which stores a plurality of secret entities set by a user; A virtual data provider for generating virtual codes for each of the plurality of secret and spoofed entities, and transmitting virtual data including the virtual codes of the respective entities to the communication device of the user; And when the plurality of multi-virtual codes generated in the communication device are received from the communication device based on the input signal of the user and the virtual data, whether there is a multi-virtual code matching the authentication code among the plurality of multi-virtual codes. It characterized in that it comprises an authentication unit for authenticating the user by checking.
- the storage unit for storing a plurality of secret objects set by the user;
- An interface generation unit for generating and outputting a plurality of object selection interfaces in which each object is arranged and whose object positions can be changed; And when the position of the object is determined in the object selection interface, sets a plurality of objects arranged at the same position in each object selection interface as a group, and includes all of the plurality of secret objects stored in the storage unit among the set groups. It is characterized by including an authentication unit for authenticating a user by checking whether a group exists.
- a method for performing security authentication of a user includes: generating, by an authentication server, virtual data including an individual virtual code and transmitting the generated virtual data to a safety input device; Outputting, by the safety input device, an object selection interface on which each object is placed and whose position is changeable based on the virtual data; Generating, by the safety input device, at least one piece of authentication information including location information and virtual code of each entity arranged in the entity selection interface when the location of the entity is determined; Transmitting the generated one or more authentication information to the authentication server by the safety input device; And authenticating, by the authentication server, the authentication information and confirming whether the virtual code of each secret entity set by the user has the promised location information.
- an authentication apparatus includes a storage unit for storing a plurality of secret entities set by a user; A virtual data providing unit generating virtual codes for each of the plurality of secret entities and camouflage entities, and transmitting virtual data including the virtual codes of the respective entities to the communication device of the user; And receiving the authentication information including the alignment position and the virtual data of each object from the communication device, and analyzing the authentication information to confirm whether the virtual code of each secret entity has the promised location information to authenticate the user. Characterized in that it comprises an authentication unit.
- a method for performing security authentication of a user includes: selecting, by an authentication server, a plurality of secret entities from an object pool, and transmitting the selected secret entities to a message destination designated by the user; Generating, by the authentication server, virtual data including an individual virtual code and transmitting the generated virtual data to a safety input device; Outputting, by the safety input device, an object selection interface on which each object is placed and whose position is changeable based on the virtual data; Generating, by the safety input device, at least one piece of authentication information including location information and virtual code of each entity arranged in the entity selection interface when the location of the entity is determined; Transmitting the generated one or more authentication information to the authentication server by the safety input device; And authenticating, by the authentication server, the authentication information and confirming whether the virtual code of each selected secret entity has the promised location information.
- an authentication apparatus includes a storage unit for storing an object pool; A secret entity providing unit for selecting a plurality of secret entities from the object pool of the storage unit and transmitting the selected secret entities to a message destination designated by a user; A plurality of camouflage objects are selected from the object pool in the storage unit, and a virtual code for each of the secret entity and the camouflage entity is generated, and the virtual data including the virtual code of each generated object is communicated with the user.
- Virtual data providing unit for transmitting to; And receiving the authentication information including the alignment position and the virtual data of each object from the communication device, and analyzing the authentication information to confirm whether the virtual code of each secret entity has the promised location information to authenticate the user. Characterized in that it comprises an authentication unit.
- the storage unit for storing a plurality of secret objects set by the user;
- An interface generation unit for generating and outputting a plurality of object selection interfaces in which each object is arranged and whose object positions can be changed;
- an authentication unit for authenticating a user by checking a secret entity in each object selection interface and confirming whether each secret object is located at a promised location in the object selection interface.
- the present invention has the advantage of protecting the user's authentication-related secret data from external attacks such as shoulder surfing because the user is authenticated based on the location of the individual or secret entity combined according to the location on the object selection interface.
- the present invention generates object-related data based on a randomly generated one-time virtual URL (uniform resource locator) and one-time virtual code for each authentication, and the one-time authentication information generated based on the object position arranged in the object selection interface By authenticating the user on the basis, there is an effect of preventing the user's main data from being exposed to the communication network.
- a randomly generated one-time virtual URL uniform resource locator
- the present invention provides a virtual URL and virtual code for each object to the user and authenticates the user based on the authentication information generated based on the virtual code and the location of the object. Not only cannot the alignment position of the secret entity be verified by others, but also the reuse of the hacked authentication information is impossible, which makes the user data more secure.
- the present invention has the advantage of further improving the confidentiality of the authentication data of the user because the plurality of multi-virtual codes are converted based on the conversion seed value set by the user.
- the login password is not transmitted to the server, thereby minimizing the exposure of the user password.
- the sorting position of the secret object is randomly changed, and even if the secret object is leaked, the object-specific location information is received through a legitimate device. If not, user authentication can be designed so that enhanced security can be achieved.
- the present invention according to another embodiment provides a one-time secret entity, which is randomly selected at every authentication, to a user-specified device, by requiring the one-time secret entity to be provided so that it is aligned at a promised position on the object selection interface.
- a secret object is leaked, there is an advantage of preventing the secret object from being reused.
- the security authentication method according to the present invention authenticates the user based on the one-time authentication code, there is an effect that can replace the existing one time password (OTP) authentication method or electronic signature.
- the security authentication method according to the present invention can achieve the effect of the digital signature when the authentication time and the authentication fingerprint (that is, the virtual code of the secret entity) are stored after the user is finally authenticated.
- FIG. 1 is a diagram illustrating an authentication system according to an embodiment of the present invention.
- FIG. 2 is a flowchart illustrating a method of registering a user's secret entity in an authentication system according to an embodiment of the present invention.
- FIG. 3 is a diagram illustrating a secret entity selection window according to an embodiment of the present invention.
- FIG. 4 is a flowchart illustrating a method of authenticating a user using multiple virtual codes in an authentication system according to an embodiment of the present invention.
- 5A-5C illustrate various embodiments of an object selection interface in accordance with the present invention.
- FIG. 6 is a diagram illustrating a safety input device according to another embodiment of the present invention.
- FIG. 7 is a flowchart illustrating a method of setting a secret entity in a safe input device according to another embodiment of the present invention.
- FIG. 8 is a flowchart illustrating a method for authenticating a user in a safety input device according to another embodiment of the present invention.
- FIG. 9 is a diagram illustrating an authentication system according to another embodiment of the present invention.
- FIG. 10 is a flowchart illustrating a method of registering a user with a security authentication service in an authentication system according to another embodiment of the present invention.
- FIG. 11 is a flowchart illustrating a method for authenticating a user based on a fixed alignment scheme in an authentication system according to another embodiment of the present invention.
- FIG. 12 is a flowchart illustrating a method for authenticating a user based on a user-specified sorting scheme in an authentication system according to another embodiment of the present invention.
- FIG. 13 is a flowchart illustrating a method of authenticating a user based on a variable alignment scheme in an authentication system according to another embodiment of the present invention.
- FIG. 14A and 14B illustrate various embodiments of an object selection interface in accordance with the present invention.
- 15A and 15B are diagrams illustrating virtual codes recorded in an authentication matrix according to another embodiment of the present invention.
- 16A and 16B are diagrams illustrating images representing location information for each secret entity according to the present invention.
- FIG. 17 is a diagram illustrating an authentication system according to another embodiment of the present invention.
- FIG. 18 is a flowchart illustrating a method of registering a user with a security authentication service in an authentication system according to another embodiment of the present invention.
- 19 is a diagram illustrating a position setting window.
- 20 is a flowchart illustrating a method of authenticating a user in an authentication system according to another embodiment of the present invention.
- FIG. 21 illustrates a safety input device applied in a standalone environment according to another embodiment of the present invention.
- the object is a kind of key information selectable by the user, such as an image, sound, video, text, or number, and is disposed in the object selection interface.
- the secret entity is an entity set for the security authentication service among a plurality of entities.
- a camouflage entity is one that is chosen to minimize the exposure of the secret entity.
- the virtual code is a one-time string corresponding to the object, and is generated separately for each authentication.
- the multi-virtual code is a string in which a plurality of virtual codes are combined.
- the object selection interface is a graphic user interface that arranges a plurality of objects and enables the positional movement of the objects in accordance with a user's operation.
- the object selection interface is arranged with a secret object and a camouflage object.
- the virtual URL (uniform resource locator) is a one-time URL of the entity, and like the authentication code, it is generated separately for each authentication.
- FIG. 1 is a diagram illustrating an authentication system according to an embodiment of the present invention.
- an authentication system includes a safety input device 10 and an authentication server 20.
- the safety input device 10 and the authentication server 20 communicate with each other via the network 100.
- the network 100 includes a mobile communication network and a wired broadband Internet network, which corresponds to well-known conventional techniques in the present invention, and thus detailed description thereof will be omitted.
- the safety input device 10 generates authentication information that is protected from hacking and the like, and transmits the authentication information to the authentication server 20.
- the safety input device 10 generates and displays a plurality of object selection interfaces in which one secret object and a plurality of camouflage objects are arranged and the objects can be moved using virtual data received from the authentication server 20.
- the safety input device 10 when the movement of the object is completed, the safety input device 10 generates a plurality of multi-virtual codes and transmits the plurality of multi-virtual codes to the authentication server 20, thereby transmitting user authentication to the authentication server 20. request.
- the safety input device 10 may be a wired / wireless information communication terminal or an ATM device (cash machine), a door lock, a smart TV, a credit card payment terminal such as a laptop, a desktop computer, a tablet computer, a mobile communication terminal, and other portable terminals. It can be applied to electrical and electronic devices having a processor and a memory such as the same.
- the safety input device 10 includes a service register 11, an interface generator 12, a multi-virtual code generator 13, and a code converter 14.
- the service registration unit 11 performs a function of registering a security authentication service of a user with the authentication server 20.
- the service registration unit 11 requests the authentication server 20 to register the security authentication service of the user after the user connects to the authentication server 20 and succeeds in login authentication based on the ID and password.
- the service registration unit 11 receives a secret object selection window (see FIG. 3) in which a plurality of objects are arranged from the authentication server 20, and outputs them to the screen, and displays the plurality of objects received through the secret object selection window. It can register with the authentication server 20 as a secret entity of the user.
- the service registration unit 11 sets a secret object for each object selection interface in accordance with the order of the received objects, and registers the secret objects of each object selection interface set as the authentication server 20.
- the service registration unit 11 transmits the incoming information (for example, mobile phone number, IP address, etc.) of the message receiving device to the authentication server 20, which receives a plurality of one-time secret objects arbitrarily generated by the authentication server 20. You can register.
- the interface generator 12 generates a plurality of object selection interfaces based on the virtual data received from the authentication server 20, and outputs the generated object selection interfaces on the screen. That is, when the interface generation unit 12 receives the virtual data for each object selection interface from the authentication server 20, the interface generation unit 12 checks the virtual URL and the virtual code included in each object selection interface, and the objects are identified through the respective virtual URLs. Acquired by the selected interface. In addition, the interface generation unit 12 randomly arranges the acquired objects at the object display position of the object selection interface, and outputs a plurality of object selection interfaces (see FIGS. 5A to 5B) in which the objects are arranged on the screen. .
- the number of object selection interfaces may be set in advance and may be set in proportion to the number of secret objects set by the user.
- the object selection interface may be implemented in various forms, such as a circle in the form of a clock combined with a plurality of circles or a grid in a horizontal and vertical rectangular shape.
- a specific object arranged in the object selection interface is moved, a plurality of objects arranged in the same line move together, thereby minimizing exposure of secret objects to neighboring users.
- the interface generator 12 arbitrarily generates object display information such as sound 1 and sound 2, and outputs the sound object display information to the object selection interface instead of outputting the sound. To place.
- the interface generation unit 12 obtains audio corresponding to the sound object through the URL corresponding to the sound object display information and outputs the audio to the speaker.
- the interface generator 12 may not process the object and expose the object to the screen. In this case, the interface generator 12 removes the object corresponding to the position of the touch coordinate or the mouse pointer and outputs the blind to the screen. That is, when the user's touch signal is detected at the blinded object position or the mouse pointer is detected at the blinded object position, the interface generator 12 removes the blind of the object and exposes the object to the screen.
- the interface generator 12 may blindly process the object movement value of the user.
- the interface generation unit 12 substantially moves the object in the object selection interface and displays the moved object on the screen. I never do that.
- the interface generation unit 12 updates internal object alignment data that is not displayed on the screen according to the object movement signal of the user, but does not display graphic information corresponding to the object movement on the object selection interface being displayed on the screen.
- the multi-virtual code generation unit 13 When the multi-virtual code generation unit 13 receives an object movement completion signal from the user, the multi-virtual code generating unit 13 generates a plurality of multi-virtual codes. Specifically, when the object position is determined in each object selection interface, the multi-virtual code generation unit 13 selects the objects arranged in the same position in each object selection interface as a combination set and virtualizes objects belonging to the same combination set. Generates a multi-assembly code for each combination set, in which code is combined according to the object selection interface order
- the code converter 14 converts data or encrypts the data. That is, when the code conversion unit 14 generates the multi-virtual code for each group in the multi-virtual code generation unit 13, the multi-virtual code for each group is converted using a conversion function to which a seed value set by the user is applied. do.
- the seed value is a login password of the user.
- the code conversion unit 14 encrypts the converted multi-virtual code for each group and transmits the encrypted virtual group to the authentication server 20.
- the authentication server 20 is an authentication device for authenticating a user and performs a function of providing a security authentication service to a user.
- the authentication server 20 stores a plurality of secret objects set by the user, and generates virtual data to provide the user's safety input device 10 so that the unique information of the user is not exposed.
- the authentication server 20 receives authentication information including a plurality of multi-virtual codes from the safety input device 10 and authenticates a user based on the plurality of multi-virtual codes.
- the authentication server 20 includes a storage unit 21, a secret entity registration unit 22, a virtual data generation unit 23, a restoration processing unit 24, and an authentication unit 25.
- the storage unit 21 stores the user's login ID and login password, and stores the seed value set by the user by mapping the user's login ID with the user's login ID. In addition, the storage unit 21 may map and store the incoming information of the user-selected secret object for each object selection interface or the message reception device of the user with the login ID. In addition, the storage unit 21 stores an object pool in which a plurality of objects are registered. In the object pool, various types of objects such as images, videos, texts, and sounds are registered. In addition, the storage unit 21 stores the one-time authentication code of the user.
- the secret entity registration unit 22 receives a plurality of secret entities from the user, and stores the received secret entity in the storage unit 21 as the secret entity of the user. That is, when the secret object registration unit 22 receives a security authentication service request from the safe input device 10, the secret object registration unit 22 transmits a secret object selection window for setting a plurality of secret objects to the safe input device 10. In addition, the secret object registration unit 22 receives a secret object of each object selection interface selected by the user from the safety input device 10, maps the received secret object for each object selection interface with the user's login ID, and stores the storage unit ( 21).
- the secret entity registration unit 22 may omit the secret entity registration of the user, and receive the incoming information of the message receiving apparatus from the user and store it in the storage unit 21.
- the secret entity registration unit 22 randomly selects a certain number of one-time secret entities every time the security authentication is performed, and the secret entity registers a secret object notification message by the user (eg, a mobile communication terminal). Can also be sent.
- the virtual data generator 23 performs a function of generating virtual data for each object selection interface.
- the virtual data generating unit 23 confirms the secret object of each object selection interface mapped to the user's login ID in the storage unit 21, or checks the secret object arbitrarily selected by the secret object registration unit 22.
- the virtual data generating unit 23 minimizes the exposure of the secret object, and selects a predetermined number of camouflage objects arranged with each secret object for each object selection interface from the object pool of the storage unit 21.
- the virtual data generating unit 23 selects a camouflage object from the objects other than the secret object.
- the virtual data generating unit 23 checks the type of the secret object selected in each object selection interface, and selects a plurality of camouflage objects corresponding to the same type as the type of the secret object for each object selection interface.
- the virtual data generating unit 23 generates a virtual URL of each secret object and each disguised object, and links the generated virtual URL with the corresponding object.
- the virtual data generation unit 23 generates virtual codes for each of the secret entity and the spoofed entity, and then generates virtual data for each object selection interface to which the generated virtual code and the virtual URL are mapped for each object, thereby ensuring safety.
- the virtual data generation unit 23 checks the virtual code for each secret object of the user among the generated virtual code, and stores the multi-virtual code combined with the virtual code according to the object selection interface as a one-time authentication code ( 21).
- the restoration processing unit 24 decrypts the encrypted data and restores the converted data. Specifically, when the restoration processing unit 24 receives the encrypted multiple virtual codes from the safety input device 10, the restoration processing unit 24 decrypts the multiple multiple virtual codes. In addition, the restoration processing unit 24 checks the seed value set by the user in the storage unit 21, and restores the plurality of multi-virtual codes converted using the inverse transform function to which the seed is applied. Preferably, the seed value may be a user's login password, in which case the restoration processing unit 24 confirms the user's login password in the storage unit 21 and converts the login password using an inverse conversion function to which the login password is applied as the seed value. Restore a plurality of processed multi-virtual codes.
- the authentication unit 25 not only performs login authentication based on the ID and password, but also performs security authentication of the user based on the plurality of multi-virtual codes restored by the restoration processing unit 24.
- the authentication unit 25 checks whether or not a virtual code matching the one-time authentication code stored in the storage unit 21 exists among the plurality of restored multi-virtual codes, and successfully processes the security authentication of the user. If it does not exist, the user's security authentication fails.
- the authentication unit 25 deletes the individual URL, the virtual code and the one-time authentication code generated by the virtual data generation unit 23.
- FIG. 2 is a flowchart illustrating a method of registering a user's secret entity in an authentication system according to an embodiment of the present invention.
- the service register 11 connects to the authentication server 20, and then transmits a login request message including the user ID and password to the authentication server 20 (S201).
- the authentication unit 25 of the authentication server 20 extracts the ID and password included in the login request message, and whether the extracted ID and password are stored in the storage unit 21 as authentication information of the same user. By confirming, login authentication of the user is performed (S203). Subsequently, if the user authentication of the user succeeds in login authentication, the authentication unit 25 transmits a login authentication success notification message to the safety input device 10 (S205).
- the service registration unit 11 may receive a security authentication service registration from the user. In this case, the service registration unit 11 transmits a security authentication service request message to the authentication server 20 (S207).
- the secret object registration unit 22 of the authentication server 20 transmits a secret object selection window for setting one or more secret objects among the objects registered in the object pool of the storage unit 21 to the safety input device 10. (S209).
- the service registration unit 11 of the safety input device 10 outputs the secret object selection window received from the authentication server 20 to the screen.
- FIG. 3 is a diagram illustrating a secret entity selection window according to an embodiment of the present invention.
- the secret object registration unit 22 of the authentication server 20 transmits a secret object selection window as shown in FIG. 3 to a safe input device 10 in which a plurality of objects are arranged and a user can select a secret object. do.
- the secret entity registration unit 22 may include direction keys 300a and 300b for changing a plurality of objects arranged in the secret entity selection window in the secret object selection window.
- the secret object registration unit 22 transmits a secret object selection window in which some objects (for example, 25 objects) are listed among the objects registered in the object pool of the storage unit 21 to the safety input device 10,
- some objects for example, 25 objects
- the direction keys 300b and 300b are input from the safety input device 10
- another plurality of objects are extracted from the object pool of the storage unit 21 and transmitted to the safety input device 10 to be displayed on the secret object selection window. You can also change the object.
- the secret object register 22 may include the sound object and audio data of the sound object in the secret object selection window.
- the service register 11 may request the output of the sound object from the user. Acquire audio data and output it to the speaker.
- the audio data corresponding to the sound object has a short playing time such as an effect sound, an animal cry, or the like.
- the service registration unit 11 of the safety input device 10 sequentially receives a plurality of secret objects from the user, among the objects arranged in the secret object selection window (S211). It is preferable that the user sequentially selects a plurality of objects that can be easily stored in the secret object selection window. For example, a user may sequentially select a plurality of animal image objects that constitute the food chain, or select a plurality of objects having a specific meaning to the food chain.
- the service registration unit 11 sets a secret object for each object selection interface in the order of the input secret object. For example, if the service register 11 sequentially selects three secret objects from the user, the service register 11 sets the first selected secret object as the first object selection interface, the second selected secret object, and the third selected secret object. Are set as the second object selection interface and the third object selection interface, respectively. Subsequently, the service registration unit 11 transmits the plurality of secret entities, that is, secret entities for each object selection interface, to the authentication server 20 (S213).
- the secret object registration unit 22 of the authentication server 20 maps the secret object for each object selection interface with the user's login ID and stores it in the storage unit 21 (S215), thereby completing the user's secret object registration.
- the secret entity registration unit 22 receives the incoming information of the message receiving device that receives the secret entity from the safety input device 10 without receiving the secret object registration from the safety input device 10. can do.
- the secret entity registration unit 22 maps the received information of the received message receiving device to the login ID of the user and stores the received information in the storage unit 21.
- FIG. 4 is a flowchart illustrating a method of authenticating a user using multiple virtual codes in an authentication system according to an embodiment of the present invention.
- the service registration unit 11 of the safety input device 10 transmits a security authentication request message including a login ID of the user to the authentication server 20 to perform the enhanced security authentication service of the user. (S401).
- the virtual data generator 23 of the authentication server 20 checks the login ID of the user recorded in the authentication request message, and stores the secret object of each object selection interface mapped with the login ID. It can be confirmed at (S403). That is, the virtual data generator 23 may check the user's secret object mapped with the user's login ID in the storage 21.
- the virtual data generating unit 23 is not stored in the storage unit 21, the secret entity mapped with the user login ID, the incoming information of the message receiving device mapped with the login user ID is stored If stored in the section 21, the secret entity registration unit 22 requests the selection of the secret entity. Then, the secret entity registration unit 22 selects a one-time secret entity for each object selection interface, and transmits a secret object notification message including the selected one-time secret entity to the message receiving apparatus (eg, mobile communication terminal).
- the secret entity registration unit 22 includes a URL for accessing a sound source or a sound source of the sound in the secret entity notification message when the selected one-time secret entity includes a sound.
- the virtual data providing unit 23 confirms the one-time secret object for each object selection interface selected by the secret object registering unit 22.
- the virtual data generating unit 23 selects a predetermined number of camouflage objects arranged in each object selection interface from the object pool of the storage unit 21 (S405). At this time, the virtual data generating unit 23 selects a camouflage entity from among a plurality of entities except the secret entity. Preferably, the virtual data generation unit 23 checks the type of the secret object set in each object selection interface, and selects a predetermined number of disguised objects corresponding to the same type as the type of the secret object for each object selection interface. For example, if the secret object of the first object selection interface is an image, the virtual data generating unit 23 extracts a predetermined number of camouflage objects corresponding to the image from the object pool of the storage unit 21 and the first object.
- the camouflage object for the selection interface Selected as the camouflage object for the selection interface.
- the virtual data generator 23 extracts a predetermined number of camouflage objects corresponding to a sound from the object pool of the storage unit 21 to generate the first object. It is selected as a camouflage object of 3 object selection interface.
- the virtual data generator 23 generates a virtual URL for each object of the object selection interface, that is, a secret object and a forgery, and generates each virtual URL and the corresponding object (that is, a spoof or a secret object). Link (S407).
- the virtual data generating unit 23 generates virtual codes for each of the objects, that is, the secret object and the camouflage object (S409), and generates the virtual data in which the generated virtual code and the virtual URL are mapped to each object. Create a star.
- the virtual data generating unit 23 checks the virtual code for the secret object among the generated virtual codes, and stores the multi-virtual code in which the virtual code is combined in the order of the object selection interface as a one-time authentication code. In operation 21, it is stored in (21).
- the virtual data generation unit 23 transmits the virtual data for each object selection interface to the safety input device 10 (S413).
- the interface generation unit 12 of the authentication server 20 checks the virtual URL and the virtual code of each object in the virtual data for each object selection interface.
- the interface generator 12 obtains objects for each object selection interface through the identified virtual URLs (S415).
- the interface generation unit 12 generates a plurality of object selection interfaces by randomly arranging the acquired objects at the object display position implemented in the object selection interface.
- the interface generation unit 12 outputs the generated plurality of object selection interfaces to the screen (S417).
- the interface generator 12 arbitrarily generates object display information such as sound 1 and sound 2, and outputs the sound object display information to the object selection interface instead of outputting the sound. To place.
- the interface generation unit 12 obtains audio corresponding to the sound object through the URL corresponding to the sound object display information and outputs the audio to the speaker.
- 5A-5C illustrate various embodiments of an object selection interface in accordance with the present invention.
- the interface generator 12 generates a plurality of object selection interfaces in which a plurality of objects are disposed.
- the object selection interfaces 510a, 510b, 520a, 520b, 530a, and 530b are formed in a circle.
- the object selection interfaces 510c, 520c, and 530c are represented in a rectangular shape.
- the object selection interface according to the present invention may be generated by changing to a variety of shapes.
- a plurality of objects of the same type such as a plurality of texts, a plurality of images, a plurality of sounds, and the like, are arranged in each object selection interface. That is, a plurality of objects in the form of text are arranged in the object selection interface 1 (510a, 510b, 510c), and a plurality of objects in the form of images are arranged in the object selection interface 2 (520a, 520b, 520c).
- a plurality of objects in the form of sound may be arranged at 530a, 530b, and 530c.
- the interface generator 12 arbitrarily generates object display information such as sound 1, sound 2, and the like as the object selection interfaces 3 530a, 530b, and 530c of FIG. 5. Instead of outputting sound, sound object display information is placed in object selection interface 3 (530a, 530b, 530c). In this case, when the specific sound object is clicked on the object selection interface 3 (530a, 530b, 530c), the interface generator 12 obtains audio data through a URL corresponding to the sound object and outputs the audio data to the speaker.
- object display information such as sound 1, sound 2, and the like as the object selection interfaces 3 530a, 530b, and 530c of FIG. 5.
- the position of the object arranged in each object selection interface can be changed according to a user's operation. That is, the user may change the objects arranged in each object selection interface through input means such as a mouse, a keyboard, and a touch screen. For example, the user may change the position of each object through manipulation techniques such as object rotation and object drag and drop. Preferably, positional movement between objects located in the same object selection interface is possible.
- the interface generator 12 may not blindly expose the object to the screen.
- the interface generator 12 removes the object corresponding to the position of the touch coordinate or the mouse pointer and outputs the blind to the screen. That is, if the user's touch signal is detected at the blinded object position or the mouse pointer is detected at the blinded object position, the interface generator 12 removes the blind of the object and exposes the object to the screen.
- the interface generator 12 may blindly process the object movement value of the user. That is, when the user inputs an object movement signal through key movement, drag and drop, and touch, the interface generator 12 substantially moves the object in the object selection interface, but does not display the moved object on the screen. You may not. In other words, the interface generator 12 may update entity alignment data internal to the object movement signal of the user, but may not display graphic information indicating the object movement in the object selection interface.
- the user may select a plurality of secret objects that are sequentially set by the user or a plurality of one-time secret objects received through the message receiving device at the same position in each object selection interface. After adjusting the position of objects so that they are arranged in order, enter the object completion menu.
- a user may select a secret object that is sequentially set up by the user or a secret object received through a message receiving apparatus in the first object selection interface 510a, 510b, or the second object selection interface 520a. 520b), the object position may be changed for each interface to be arranged at a position of 0 degrees of azimuth in the order of the third object selection interfaces 530a and 530b, and then an object movement completion menu may be input.
- the user may use the first object selection interface 510c and the second object selection interface 520c on the object selection interface as shown in FIG. 5C. ), The object position may be changed to be located at the left end or the right end in the order of the third object selection interface 530c.
- the multi-virtual code generating unit 13 checks the position of each object whose object position is determined, and selects a plurality of objects arranged at the same position in each object selection interface as a combination set. do. For example, if the object selection interface is the same as that of Fig. 5A or 5B, the multi-virtual code generating unit 13 sets three objects arranged at 0 degrees of azimuth as the first combination set and three objects arranged at 60 degrees of azimuth. Is set as the second combination set, and the objects located at the azimuth angles of 120 degrees, 180 degrees, 240 degrees, and 300 degrees, respectively, are selected as the third combination set, the fourth combination set, the fifth combination set, and the sixth combination set, respectively. .
- the multi-virtual code generation unit 13 selects three objects arranged on the first left side in each object selection interface as the first combination set and references the left side. Next, three objects arranged in the second are selected as the second combination set, and the objects arranged in the remaining positions are selected as separate combination sets based on the position as described above.
- the multi-virtual code generation unit 13 When the selection of the combination set is completed as described above, the multi-virtual code generation unit 13 generates multi-combination codes in which the virtual codes of the objects included in the combination set are combined for each combination set (S419). That is, when the user completes the movement of the object in the object selection interface, the multi-virtual code generation unit 13 selects the objects arranged in the same position in each object selection interface as a combination set, and each object belonging to the same combination set. Generates the multi-combination code combined by the virtual code in the object selection interface order for each combination set.
- the multi-virtual code generation unit 13 may select a plurality of objects (that is, '!', ' ⁇ ' and 'Sound 1') located at 0 degrees of azimuth when the object selection interface has been completed. Selected as the first combination set.
- the multi-virtual code generating unit 11 generates '10xie88txkkxkZZ' as the multi-virtual code of the first combination set.
- the code conversion unit 14 outputs a seed value input window for receiving the seed value set by the user on the screen, and receives the seed value from the user through the seed value input window. Subsequently, the code conversion unit 14 sets the seed value input from the user as the seed of the conversion function, and the multi-virtual for each combination set generated by the multi-virtual code generation unit 13 through the conversion function thus set.
- the code is converted (S421).
- the code conversion unit 14 may receive a user's login password as a seed value from the user and convert the multi-virtual code for each combination set using a conversion function in which the login password is set as the seed value. Subsequently, the code conversion unit 14 encrypts the multi-virtual code for each of the converted combination sets, and transmits the multi-virtual codes for the combination sets thus encrypted to the authentication server 20 (S423 and S425).
- the restoration processing unit 24 of the authentication server 20 decrypts the multi-virtual code for each encrypted combination set received from the safety input device 10 (S427). Subsequently, the restoration processing unit 24 checks the login ID included in the authentication request message in step S401 and extracts the seed value mapped with the login ID from the storage unit 21. The decompression processor 24 sets the extracted seed value as a seed of the inverse transform function, and restores the multi-virtual code for each combination set converted using the inverse transform function in which the seed is set (S429). Meanwhile, when the login password of the user is set as the seed value, the restoration processing unit 24 checks the login password of the user in the storage unit 21 and uses an inverse conversion function in which the login password of the user is set as the seed value. The multi-virtual code for each transformed combination set can be restored.
- the authentication unit 25 checks the virtual code for each combination set restored by the restoration processing unit 24, and among the multi-virtual codes for each combination set, whether the virtual code matching the one-time authentication code stored in step S411 exists. It is authenticated whether or not (S431).
- the authentication unit 25 fails to process the user authentication for the safety input device 10, and inputs the safety input.
- the authentication failure notification message is transmitted to the device 10 (S433).
- the authentication unit 25 successfully processes the user authentication for the safety input device 10, and secures the authentication success notification message After transmitting to the input device 10 (S435), the service requested by the user is provided.
- the authentication unit 25 deletes the individual URL and the virtual code and the one-time authentication code generated by the virtual data generation unit 23.
- the security authentication method using the object selection interface may be applied in a stand alone environment in which network communication is not required.
- FIG. 6 is a diagram illustrating a safety input device according to another embodiment of the present invention.
- the safety input device 30 may include a display unit 31, a storage unit 32, a secret object setting unit 33, an interface generation unit 34, and an authentication unit.
- the unit 35 is included.
- the display unit 31 is a display means based on a liquid crystal display (LCD) technology, a light emitting polymer display (LPD) technology, a light emitting diode (LED) technology, or the like, and outputs various types of information processed by the safety input device 30.
- the display unit 31 displays a plurality of object selection interfaces.
- the display unit 31 may be a touch display. In this case, the display unit 31 receives touch information of the user.
- the storage unit 32 stores secret objects for each object selection interface set by the user.
- the storage unit 32 also stores an object pool in which a plurality of objects are registered.
- the secret object setting unit 33 receives a secret object for each object selection interface from a user and stores the secret object in the storage unit 32. Specifically, the secret object setting unit 33 outputs a secret object selection window for setting one or more secret objects among the plurality of objects registered in the IP pool of the storage unit 32 to the display unit 31, and the secret object is displayed. A plurality of secret objects are sequentially selected by the user through the selection window. In addition, the secret object setting unit 33 sets a secret object for each object selection interface in the order of the input secret object, and stores the secret object of each object selection interface thus set in the storage unit 32.
- the interface generator 34 generates a plurality of object selection interfaces and outputs them to the display unit 31. That is, the interface generator 34 checks the secret object for each object selection interface in the storage unit 32, and then stores a predetermined number of camouflage objects arranged together with the secret object in the object selection interface in the object pool of the storage unit 32. Select by object selection interface. In addition, the interface generator 34 generates a plurality of object selection interfaces on which the secret and camouflage objects are disposed, respectively, and outputs them to the display unit 31.
- the authentication unit 35 sets a plurality of entities arranged in the same position in each entity selection interface, and sets a plurality of entities stored in the storage unit 32 among the set groups.
- the authentication of the user is performed by checking whether a group matching the secret entity exists.
- FIG. 7 is a flowchart illustrating a method of setting a secret entity in a safe input device according to another embodiment of the present invention.
- the safety input device 30 receives a request for setting security authentication from a user (S701). Then, the secret object setting unit 33 of the safety input device 30 outputs to the display unit 31 a secret object selection window in which a plurality of objects registered in the IP pool of the storage unit 32 are arranged (S703). That is, the safety input device 30 outputs the secret object selection window as shown in FIG. 3 to the display unit 31. At this time, when the sound object is included in the secret object selection window, the secret object setting unit 33 extracts the audio of the sound object from the storage unit 32 to the speaker when the sound object is requested from the user. Output
- the secret entity setting unit 33 sequentially receives selection information of a plurality of secret entities from the user through the secret entity selection window (S705). Then, the secret object setting unit 33 sets a secret object for each object selection interface according to the order of the secret object selected by the user, and stores the secret object of each object selection interface thus set in the storage unit 32 ( S707).
- FIG. 8 is a flowchart illustrating a method for authenticating a user in a safety input device according to another embodiment of the present invention.
- the interface generator 34 checks the secret object for each object selection interface stored in the storage 32 (S801). Subsequently, the interface generator 34 selects a predetermined number of camouflage objects arranged in each object selection interface from the object pool of the storage unit 32 (S803). In this case, the interface generator 34 selects a camouflage entity from among a plurality of entities except the secret entity. Preferably, the interface generator 34 checks the type of the secret object set in each object selection interface, and selects a predetermined number of disguised objects corresponding to the same type as the type of the secret object for each object selection interface.
- the interface generator 34 generates a plurality of object selection interfaces on which the plurality of selected camouflage entities and each secret entity are disposed, and outputs the plurality of entity selection interfaces to the display unit 31 (S805). That is, the interface generator 34 generates an object selection interface as shown in FIG. 5A, 5B, or 5C and outputs the same to the display unit 31.
- the interface generating unit 34 arbitrarily generates display information for the sound and places the sound object display information in the object selection interface instead of outputting the sound. In this case, when the specific sound object display information is clicked, the interface generator 34 extracts audio data corresponding to the sound object display information from the storage unit 32 and outputs the audio data to the speaker.
- the interface generator 34 may not blindly expose the object to the screen. In this case, the interface generator 34 removes the object corresponding to the touched coordinates or the position of the mouse pointer and outputs the blind to the screen. That is, if the user's touch signal is detected at the blinded object position or the mouse pointer is detected at the blinded object position, the interface generator 34 removes the blind of the corresponding object and exposes the screen of the object.
- the user inputs an object movement completion menu after adjusting the object positions so that the plurality of secret objects set by the user are sequentially arranged at the same position in each object selection interface.
- the authentication unit 35 receives the object movement completion signal through the object selection interface (S807). Subsequently, the authenticator 35 checks the position of each entity in each entity selection interface, and selects a plurality of entities arranged at the same position into the same group (S809).
- the authentication unit 35 authenticates whether there is a group matching each secret entity for each object selection interface stored in the storage unit 32 among the plurality of groups (S811).
- the authentication unit 35 If there is a group that matches the secret object for each object selection interface stored in the storage unit 32 as a result of the authentication, the authentication unit 35 successfully processes the authentication of the user (S813), and then releases a service (eg, screen lock release). , Unlock folder, unlock document, unlock door, etc.). On the other hand, the authentication unit 35, if there is no group matching the secret object for each object selection interface stored in the storage unit 32, the authentication result of step S813, and fails to authenticate the user (S815).
- a service eg, screen lock release. , Unlock folder, unlock document, unlock door, etc.
- FIG. 9 is a diagram illustrating an authentication system according to another embodiment of the present invention.
- an authentication system includes a safety input device 40 and an authentication server 50.
- the safety input device 40 uses the virtual data received from the authentication server 50 to generate and display an object selection interface in which a plurality of secret objects and a plurality of camouflage objects are randomly arranged and the objects can be moved.
- the safety input device 40 when the alignment of the objects is completed on the object selection interface, the safety input device 40 generates the authentication information recorded with the virtual code and the location information of each object arranged on the object selection interface, and transmits them to the authentication server 50.
- the authentication server 50 may generate an authentication matrix in which the virtual code for each object is arranged according to the location information as the authentication information and transmit the generated authentication matrix to the authentication server 50.
- the safety input device 40 includes a service register 41, a data receiver 42, an interface generator 43, and an authentication information generator 44.
- the service registration unit 41 registers a security authentication service of the user with the authentication server 50.
- the service registration unit 41 requests the authentication server 50 to register the security authentication service of the user after the user accesses the authentication server 50 and succeeds in login authentication based on the ID and password.
- the service registration unit 41 receives a secret object selection window (see FIG. 3) in which a plurality of objects are arranged from the authentication server 50, and outputs them to the screen.
- the object is registered in the authentication server 50 as a secret entity of the user.
- the service registration unit 41 may register the secret object sorting method with the authentication server 50 by setting any one of a fixed sorting method, a custom sorting method, or a variable sorting method based on the user's selection. have.
- the service registration unit 41 When the user of the service registration unit 41 selects a user-specified sorting method among secret object sorting methods, the location information of each secret object inputted from the user is transmitted to the authentication server 50 for each secret object set by the user. The location information is registered in the authentication server 50. In addition, when the user selects the change arrangement method, the service registration unit 41 checks the incoming information (eg, the mobile communication terminal telephone number) of the message receiving device that receives the message in which the location information for each secret entity is recorded. You can register at
- the data receiver 42 receives the virtual data including the individual virtual code and the virtual URL from the authentication server 50.
- the interface generator 43 generates an object selection interface based on the virtual data received by the data receiver 42 and outputs the object selection interface to the screen. That is, the interface generator 43 checks the virtual URL and the virtual code for each object, and acquires the objects through the respective virtual URLs. In addition, the interface generator 43 randomly arranges the acquired objects at the object display position of the object selection interface, and outputs the object selection interface (see FIGS. 7A and 7B) in which the objects are arranged on the screen.
- the authentication information generation unit 44 When the authentication information generation unit 44 receives an object alignment completion signal from the user, the authentication information generator 44 generates an authentication matrix (see FIGS. 14A and 14B) in which virtual codes for each object are arranged according to the position of the object as authentication information of the user, thereby generating an authentication server ( 50) to request user authentication. That is, when the arrangement of the secret object is confirmed in the object selection interface, the authentication information generator 44 checks the position and virtual code of each object in the object selection interface, and the virtual code of each object is arranged according to the position of the object. Create an authentication matrix. In other words, when the user completes the object sorting, the authentication information generating unit 44 generates the authentication information including the virtual code and location information for each object arranged in the object selection interface and transmits the authentication information to the authentication server 50.
- the authentication information generator 44 may convert the generated authentication information, that is, the authentication matrix, and encrypt the authentication information.
- the authentication information generation unit 44 converts the authentication matrix using a conversion function to which a seed value set by the user is applied, encrypts the converted authentication matrix, and transmits the converted authentication matrix to the authentication server 50.
- User authentication can be requested.
- the authentication information generator 44 sets the user's login password as the seed value to convert the authentication matrix.
- the authentication server 50 is an authentication device for authenticating a user and performs a function of providing a security authentication service to a user.
- the authentication server 50 transmits a message recorded with the location information for each secret object to which the secret object should be located on the object selection interface to the device designated by the user. Instruct the secret object to be aligned at the specified position. In this case, the authentication server 50 may transmit the location information for each secret entity in text or image.
- the authentication server 50 receives the authentication matrix from the safety input device 40, the authentication server 50 analyzes the authentication matrix and checks whether the virtual code of the secret entity is arranged at the designated position to authenticate the user.
- the authentication server 50 includes a storage unit 51, a setting information registration unit 52, a virtual data providing unit 53, and an authentication unit 54.
- the storage unit 51 stores the user's login ID and login password, and also sets a plurality of secret objects, seed values, and secret object sorting methods (ie, fixed sorting method, custom sorting method, or variable sorting method) set by the user. Maps to the user's login ID and saves it. In this case, the storage unit 51 sequentially stores each secret entity based on the order in which the secret entity is set by the user. In addition, when the secret object sorting method is a user-specified sorting method, the storage unit 51 additionally stores location information for each secret object set by the user by mapping the login ID of the user.
- secret object sorting method is a user-specified sorting method
- the storage unit 51 additionally stores the incoming information (eg, mobile phone number) of the message receiving apparatus designated by the user by mapping with the login ID of the user.
- the storage unit 51 also stores an object pool in which a plurality of objects are registered.
- the setting information registration unit 52 receives a plurality of secret objects from the user, and stores the received secret objects in the storage unit 51 as a secret object of the user. That is, when receiving the security authentication service request from the safety input device 40, the setting information registration unit 52 transmits a secret object selection window for setting a plurality of secret objects to the safety input device 40. In addition, the setting information registration unit 52 receives a plurality of secret objects sequentially selected by the user from the safety input device 40, and maps the plurality of secret objects with the user's login ID to store in the storage unit 51. . At this time, the setting information registration unit 52 confirms the order of the secret object selected by the user, and stores the secret object in the storage unit 51 in this order.
- the setting information registration unit 52 receives the secret object sorting method of the user from the user, and maps the secret object sorting method with the login ID of the user and stores it in the storage unit 51.
- the setting information registration unit 52 receives location information for each secret object from the user, maps it with the login ID of the user, and stores it in the storage 51. do.
- the setting information registration unit 52 receives incoming information (eg, mobile phone number) of the message receiving device from the user and maps it with the login ID of the user.
- the storage unit 51 stores the result.
- the virtual data provider 53 performs a function of providing data required for the safety login authentication to the safety input device 40.
- the virtual data providing unit 53 checks the plurality of secret objects and secret object sorting methods mapped with the user's login ID in the storage unit 51. Furthermore, the virtual data providing unit 53 minimizes the exposure of the secret object and selects a predetermined number of camouflage objects from the object pool of the storage unit 51, which are arranged together with each secret object. At this time, the virtual data providing unit 53 selects a camouflage entity from the entities other than the secret entity. In addition, the virtual data providing unit 53 generates a virtual URL of each secret object and each disguised object, and links the generated virtual URL with the corresponding object.
- the virtual data providing unit 53 generates virtual code for each of the secret entity and the camouflage entity, and then generates the virtual data in which the generated virtual code and the virtual URL are mapped to each object, thereby providing a safety input device 40. To send). In other words, the virtual data providing unit 53 randomly generates a virtual URL and a virtual code for each object at each authentication.
- the virtual data providing unit 53 randomly generates location information for each secret object to which each secret object should be located on the object selection interface.
- the message recorded with the location information for each secret entity is transmitted to a message receiving device (for example, a mobile communication terminal) designated by the user.
- the virtual data providing unit 53 may transmit a message in which the location information for each secret entity is recorded as text or a message including an image showing the location information for each secret entity to a message receiving device designated by a user.
- the virtual data providing unit 53 may transmit a voice message (ie, ARS voice message) in which the location information for each secret entity is output as voice to the message receiving apparatus.
- the virtual data providing unit 53 forms a call session with the message receiving apparatus designated by the user, and then transmits the voice message indicated by the location information for each secret entity to the message receiving apparatus.
- the authentication unit 54 not only performs login authentication based on the ID and password, but also analyzes the authentication matrix received from the safety input device 40 to determine whether the virtual code corresponding to each secret object is aligned at the promised position. Check and perform user's security authentication. That is, the authentication unit 54 confirms the position where the virtual code of each secret entity generated by the virtual data providing unit 53 is arranged in the authentication matrix, and based on the position of the virtual code thus confirmed, the authentication code is located at the position specified in the authentication matrix. The user is authenticated by checking whether the virtual code of the secret entity is arranged. In addition, when the authentication of the user is completed, the authentication unit 54 deletes the individual URL, the virtual code, and the location information for each object generated by the virtual data provider 53. In addition, if the user authentication is successful, the authentication unit 54 may store the authentication time and the virtual code of the secret entity in the storage unit 51 as an authentication fingerprint.
- the authentication unit 54 when the authentication unit 54 receives the encrypted and converted authentication matrix from the safety input device 40, the authentication unit 54 decrypts the encrypted authentication matrix and stores the seed value set by the user in the decrypted authentication matrix. Confirmed by the unit 51, the authentication matrix is restored using the inverse transform function to which the seed value is applied.
- the seed value may be a user's login password
- the authentication unit 54 confirms the user's login password in the storage unit 51 and generates an authentication matrix by using an inverse conversion function to which the login password is applied as the seed value.
- FIG. 10 is a flowchart illustrating a method of registering a user with a security authentication service in an authentication system according to another embodiment of the present invention.
- the service registration unit 41 of the safety input device 40 connects to the authentication server 50, the service registration unit 41 transmits a login request message including a user ID and a password to the authentication server 50 ( S1001).
- the authentication unit 54 of the authentication server 50 extracts the ID and password included in the login request message, and whether the extracted ID and password are stored in the storage unit 51 as authentication information of the same user. By confirming, login authentication of the user is performed (S1003). Subsequently, the authentication unit 54 of the authentication server 50 transmits a login authentication success notification message to the safety input device 40 when the login authentication of the user succeeds (S1005).
- the service registration unit 41 may receive a security authentication service registration from the user. In this case, the service registration unit 41 transmits a security authentication service request message to the authentication server 50 (S1007).
- the setting information registration unit 52 of the authentication server 50 may include a secret object selection window (see FIG. 3) for setting one or more secret objects among the objects registered in the object pool of the storage unit 51 (see FIG. 3). 40) (S1009).
- the service registration unit 41 of the safety input device 40 outputs the secret object selection window received from the authentication server 50 to the screen.
- the service registration unit 41 of the safety input device 40 sequentially receives a plurality of secret objects from the user, among the objects arranged in the secret object selection window (S1011). It is preferable that the user sequentially selects a plurality of objects that can be easily stored in the secret object selection window.
- the service registration unit 41 sequentially transmits the plurality of secret entities selected by the user through the secret object selection window to the authentication server 50 in the order of selection (S1013).
- the setting information registration unit 52 of the authentication server 50 sequentially receives a plurality of secret objects from the safety input device 40, and maps the plurality of secret objects with the login ID of the user according to the received order. By storing in the storage unit 51 (S1015), the user's secret object registration is completed.
- the setting information register 52 transmits a secret object sorting method selection window to the safety input device 40 requesting selection of one of a fixed sorting method, a user-specified sorting method, and a variable sorting method as the secret object sorting method. (S1017).
- the service registration unit 41 of the safety input device 40 outputs the secret object selection window on the screen, and receives any one of a fixed sorting method, a user-specified sorting method, and a variable sorting method from the user.
- the service register 41 receives location information about each secret entity set by the user from the user.
- the service registration unit 41 receives from the user incoming information (eg, a mobile communication terminal telephone number, an IP address, etc.) of the message receiving apparatus in which location information for each secret entity is received.
- the safety input device 40 transmits the secret entity sorting method selected by the user to the authentication server 50 (S1019).
- the safety input device 40 when the user selects a user-specified sorting method, the safety input device 40 additionally transmits location information of each secret user of the user to the authentication server 50, and receives a message when the user selects the variable sorting method. Incoming information of the device is additionally transmitted to the authentication server 50.
- the setting information registration unit 52 of the authentication server 50 maps the secret entity sorting method received from the safety input device 40 with the login ID of the user and stores it in the storage unit 51 (S1021).
- the setting information registration unit 52 when the user sets the user-specified sorting method as a secret object sorting method, when the location information of each secret object is received from the safety input device 40, the location information for each secret object is recalled; Mapping with the user's login ID is stored in the storage unit 51 in addition.
- the setting information registration unit 52 receives the incoming information of the message receiving apparatus when the incoming information of the message receiving apparatus is received from the safety input device 40 as the user sets the change arrangement method as the secret entity sorting scheme. Mapping with the user's login ID is stored in the storage unit 51 in addition.
- FIG. 11 is a flowchart illustrating a method for authenticating a user based on a fixed alignment scheme in an authentication system according to another embodiment of the present invention.
- a user sets a fixed sort method as a secret entity sort method and registers it with the authentication server 50.
- the safety input device 40 transmits a security authentication request message including the login ID of the user to the authentication server 50 (S1101).
- the virtual data providing unit 53 of the authentication server 50 checks the login ID of the user recorded in the authentication request message, and stores the plurality of secret objects and secret object sorting methods mapped with the login ID. 51) (S1103). That is, the virtual data providing unit 53 confirms the plurality of secret objects sequentially set by the user in the storage unit 51, and confirms the sorting method of the secret objects set by the user in the storage unit 51. In the description with reference to FIG. 11, the virtual data providing unit 53 confirms in the storage unit 51 that the secret entity sorting method set by the user is a fixed sorting method.
- the virtual data providing unit 53 selects a predetermined number of camouflage objects arranged in the object selection interface from the object pool of the storage unit 51 (S1105). At this time, the virtual data providing unit 53 selects a camouflage entity from among a plurality of entities except the secret entity.
- the virtual data provider 53 generates a virtual URL for each of the secret object and the spoofed object, and links each of the generated virtual URLs and the corresponding object (that is, the spoofed object or secret object) (S1107). Accordingly, the safety input device 40 may access the virtual URL and obtain each entity linked with each URL.
- the virtual data providing unit 53 randomly generates one-time virtual code for each of the entities, namely, the secret entity and the disguised entity (S1109).
- the virtual data provider 53 transmits the virtual data mapped to the virtual URL and the virtual code for each object to the safety input device 40 (S1111).
- the interface generator 43 of the safety input device 40 checks the virtual URL and the virtual code from the received virtual data.
- the interface generator 43 accesses each of the checked virtual URLs to obtain each entity (S1113).
- the interface generation unit 43 completes generation of the object selection interface by randomly arranging the acquired objects at the object display position implemented in the object selection interface.
- the interface generation unit 43 outputs the generated plurality of object selection interfaces to the screen (S1115).
- FIG. 14A and 14B illustrate various embodiments of an object selection interface in accordance with the present invention.
- the interface generator 43 generates an object selection interface in which a plurality of objects are arranged.
- FIG. 14A illustrates that each entity is arranged in a grid-like entity selection interface
- FIG. 14B illustrates a circle-type entity selection interface in which three circles are combined.
- the object selection interface according to the present invention may be generated by being modified in various shapes.
- the position of the object arranged in each object selection interface can be changed according to a user's operation. That is, the user may change the position of the object disposed on the object selection interface through input means such as a mouse, a keyboard, and a touch screen.
- input means such as a mouse, a keyboard, and a touch screen.
- a particular object is moved in the object selection interface
- a plurality of objects arranged in the same line as the object move together to minimize the exposure of the secret object to the surrounding users.
- FIG. 14A when an entity having the reference numeral 1401a moves to the right column, other entities located in the third row also move by the right column.
- the object having the reference numeral 1401b disposed in the outermost circle in FIG. 14B moves clockwise, other entities disposed in the outermost circle also rotate clockwise.
- the object selection interface When the object selection interface is output to the safety input device 40 in this way, the user moves one or more objects so that the secret object is located at the promised position according to the fixed alignment method. That is, the user moves the objects in the object selection interface so that their secret objects are arranged in succession, and then enters the sorting complete menu.
- the user may change the position of one or more objects such that the secret objects are sequentially arranged in a row or column. have. That is, in the object selection interface of FIG. 14A, the user moves the object 1402a to the coordinate of (3,3) so that the other secret object is aligned after the coordinate of 1401a disposed at the XY coordinate (2,3), and (4 You can move the 1403a object at the coordinates of (3).
- the object selection interface of FIG. 14A the user moves the object 1402a to the coordinate of (3,3) so that the other secret object is aligned after the coordinate of 1401a disposed at the XY coordinate (2,3), and (4 You can move the 1403a object at the coordinates of (3).
- the user may change the position of the objects such that the secret objects 1401b, 1402b, and 1403b are located at the same azimuth angle. have. That is, the user may change the position of the object such that the secret entities 1401b, 1402b, and 1403b set by the user in the object selection interface of FIG. 14B are disposed in a straight line indicating the same number.
- the user sorts the secret object at the promised position and then enters the object sorting complete menu into the safety input device 40.
- the authentication information generation unit 44 of the safety input device 40 generates an authentication matrix in which the virtual code for each object is arranged according to the location information (S1117).
- the safety input device 40 identifies each object arranged in the aligned object selection interface, and generates an authentication matrix in which virtual codes corresponding to the object are arranged according to the position of each object.
- 15A and 15B are diagrams illustrating virtual codes recorded in an authentication matrix according to another embodiment of the present invention.
- the authentication information generating unit 44 checks an object disposed at XY coordinates in the interface of FIG. 14A, and virtual codes corresponding to the object are arranged according to location information. Generate the generated authentication matrix.
- the objects 1401a, 1402a, and 1403a correspond to the virtual codes "S2C3", "S35C", and "S4C2" in FIG. 15A, respectively. That is, when the user arranges secret objects consecutively at (2,3) (3,3) and (4,3) coordinates, the virtual code for the secret object is consecutive in the third row as shown in FIG. Is written on.
- the objects 1401b, 1402b, and 1403b correspond to the virtual codes "S9C1", “S2C2", and “S5C3" of FIG. 15B, respectively. That is, when the user arranges each secret object 1401b, 1402b, and 1403b in the azimuth direction at 5 o'clock in the object selection interface of FIG. 14B, the virtual code for the secret object as shown in FIG. Is recorded.
- the authentication information generation unit 44 transmits the generated authentication matrix to the authentication server 50 (S1119).
- the authentication information generation unit 44 may receive a seed value from the user and convert each virtual code recorded in the authentication matrix using a conversion function to which the seed value is applied.
- the authentication information generation unit 44 receives the login password of the user as the seed value, and converts the virtual code recorded in the authentication matrix using a conversion function to which the login password is applied as the seed value.
- the authentication unit 54 of the authentication server 50 analyzes the authentication matrix received from the safety input device 40 to perform user authentication. Specifically, the authentication unit 54 checks the virtual code for each secret entity generated by the virtual data providing unit 53, and checks whether the virtual code of the secret object is arranged in succession in the authentication matrix. Authenticate (S1121). That is, as the user of the safety input device 40 sets the fixed sorting method by the secret object sorting method, the authenticator 54 determines whether virtual code for each secret object is arranged in a row or row of the authentication matrix. By confirming, the user is authenticated.
- the authentication unit 54 extracts the seed value of the user from the storage unit 51, and uses the inverse transform function to which the extracted seed value is applied to each of the converted authentication matrix. You can restore the virtual code. If the seed value is the user's login password, the authentication unit 54 extracts the user's login password from the storage unit 51 and applies the extracted login password as the seed value of the inverse transform function.
- the authenticator 54 fails to process the user authentication for the safety input device 40, and returns to the safety input device 40.
- the authentication failure notification message is transmitted (S1123).
- the authentication unit 54 successfully processes the user authentication for the safety input device 40, the authentication success notification After transmitting the message to the safety input device (40) (S1125), the user requested service is provided. Meanwhile, when the authentication of the user is completed, the authenticator 54 deletes the virtual URL and the virtual code for each object generated by the virtual data provider 53.
- FIG. 12 is a flowchart illustrating a method for authenticating a user based on a user-specified sorting scheme in an authentication system according to another embodiment of the present invention.
- the safety input device 40 transmits a security authentication request message including a user's login ID to the authentication server 50 (S1201).
- the virtual data providing unit 53 of the authentication server 50 checks the login ID of the user recorded in the authentication request message, and stores the plurality of secret objects and secret object sorting methods mapped with the login ID. 51) (S1203).
- the virtual data providing unit 53 confirms that the secret object sorting method set by the user is a user-specified sorting method in the storage unit 51, and stores the location information for each secret object set by the user. It is explained by checking at 51.
- the virtual data providing unit 53 selects a predetermined number of disguised objects from the object pool of the storage unit 51 (S1205).
- the virtual data provider 53 generates a virtual URL for each of the secret object and the spoofed object, and links each generated virtual URL with the corresponding object of the corresponding object (S1207).
- the virtual data providing unit 53 generates a virtual code for each object (S1209), and transmits the virtual data mapped to each object by the virtual URL and the virtual code to the safety input device 40 (S1211).
- the interface generation unit 43 of the safety input device 40 obtains an object through a virtual URL included in the virtual data (S1213), randomly arranges the acquired objects in the object selection interface, and then the objects The arranged object selection interface is output to the screen (S1215).
- the user moves each secret object on the object selection interface to the location of the secret object set by the user. That is, the user registers the location information for each secret object to which each secret object should be located with the authentication server 50 in advance, and moves each secret object on the object selection interface while recognizing the location information for each secret object thus registered. After that, enter the sorting complete menu.
- the user is an individual of 1401a, 1402a, and 1403a, respectively, a secret entity set by the user, and the secret object location information of 1401a, 1402a, and 1403a is respectively (2,2), (3,4), If (4,3), the user moves the secret entity of 1401a to the coordinates of (2,2), moves the secret entity of 1402a to (3,4), and also moves the secret entity of 1403a, and then sorts the entity. You can enter the completion menu.
- FIG. 14A the user is an individual of 1401a, 1402a, and 1403a, respectively, a secret entity set by the user, and the secret object location information of 1401a, 1402a, and 1403a is respectively (2,2), (3,4), If (4,3), the user moves the secret entity of 1401a to the coordinates of (2,2), moves the secret entity of 1402a to (3,4), and also moves the secret entity of 1403a, and then sorts the entity. You can enter the completion menu.
- FIG. 14A the secret
- the authentication information generation unit 44 of the safety input device 40 generates an authentication matrix in which the virtual code for each object is arranged according to the location information (S1217). That is, the safety input device 40 identifies each object arranged in the aligned object selection interface, and generates an authentication matrix as shown in FIG. 15 in which virtual codes corresponding to the object are arranged according to the position of each object. Next, the authentication information generation unit 44 transmits the generated authentication matrix to the authentication server 50 (S1219).
- the authentication unit 54 of the authentication server 50 checks the virtual code for each secret object generated by the virtual data providing unit 53, and confirms the location information for each secret object set by the user (S1221). .
- the authenticator 54 confirms each virtual code representing the secret object in the authentication matrix based on the identified secret code for each secret entity, and checks the location of each checked virtual code and each secret entity set by the user. The user is authenticated by checking whether the location information matches each secret object (S1223). That is, the authenticator 54 authenticates whether or not the virtual code representing the secret entity in the authentication matrix is arranged at the position set by the user.
- step S1225 an authentication failure notification message is transmitted.
- the authentication unit 54 successfully processes the user authentication for the safety input device 40, and sends an authentication success notification message. After transmitting to the safety input device (40) (S1227), it provides a service requested by the user. When the authentication of the user is completed, the authenticator 54 deletes the virtual URL and the virtual code for each object generated by the virtual data provider 53.
- FIG. 13 is a flowchart illustrating a method of authenticating a user based on a variable alignment scheme in an authentication system according to another embodiment of the present invention.
- the user sets the variable sorting method to the secret object sorting method and registers it with the authentication server 50.
- the safety input device 40 transmits a security authentication request message including a login ID of the user to the authentication server 50 to perform the enhanced security authentication service of the user (S1301).
- the virtual data providing unit 53 of the authentication server 50 checks the login ID of the user recorded in the authentication request message, and stores the plurality of secret objects and secret object sorting methods mapped with the login ID. 51) (S1303).
- the storage unit 51 confirms that the virtual data providing unit 53 is a variable sorting method set by the user, and the receiving information of the message receiving device designated by the user as the message destination. For example, a mobile communication telephone number, an IP address, etc.) is described in the confirmation of the storage unit 51.
- the virtual data providing unit 53 arbitrarily generates location information for each secret entity to which each of the checked secret entities should be located on the object selection interface (S1305). ).
- the virtual data providing unit 53 records the generated secret entity-specific location information in a message, and sends the message to a message receiving apparatus set by the user as a message receiving destination (S1307). That is, the virtual data providing unit 53 confirms the incoming information of the message receiving apparatus designated by the user as the message destination, and sends the message in which the incoming information is set as a destination and the location information for each secret object generated is recorded.
- the virtual data providing unit 53 may transmit a message in which the location information for each secret entity is recorded as text or a message including an image representing the location information for each secret entity to a message receiving device designated by a user.
- the virtual data providing unit 53 may transmit a voice message (ie, ARS voice message) in which the location information for each secret entity is output as voice to the message receiving apparatus.
- the virtual data providing unit 53 forms a call session with the message receiving apparatus designated by the user, and then transmits the voice message indicated by the location information for each secret entity to the message receiving apparatus. Accordingly, the user may recognize, through the message received through the message receiving apparatus, that each secret entity set by the user should be located on the object selection interface.
- the virtual data providing unit 53 has three secret objects set by the user and the object selection interface has a lattice form as shown in Fig. 14A.
- the message recorded with the text "322444" indicating the coordinates may be transmitted to the message receiving apparatus.
- "322444" indicates that the coordinate of the first secret entity is (3,2), the coordinate of the second secret entity is (2,4), and the coordinate of the third secret entity is (4,4).
- the object selection interface is in the form of a circle combining three circles (see FIG. 14B)
- the text "113520" indicating the hour and minute is recorded as location information for each secret object.
- the received message may be transmitted to the safety input device 40.
- "113520" indicates the azimuth coordinate when the first secret entity is located at 11 o'clock
- the second secret entity represents the azimuth coordinate when the minute hand is located at 35 minutes
- the third secret entity is The azimuth coordinate when the second hand is positioned at 20 seconds is shown.
- 16A and 16B are diagrams illustrating images representing location information for each secret entity according to the present invention.
- the virtual data providing unit 53 may generate an image in which location information for each secret entity is displayed, and transmit a message including the image to a message receiving device designated by a user.
- FIG. 16A shows location information of each secret entity in a grid-like object selection interface in the form of an image. That is, according to FIG. 16A, the first secret entity set by the user is at (3,2) coordinates, the second secret entity is at (2,4) coordinates, and the third secret entity is at (4,4), respectively. It must be located.
- FIG. 16B illustrates the location information where each secret entity should be located in the form of an image in the circle selection object in which three circles are combined. That is, according to FIG.
- the first secret entity set by the user should be located at the azimuth coordinate when the hour hand is at 11 o'clock, and the second secret entity is located at the azimuth coordinate when the minute hand is at 35 minutes.
- the third secret entity should be located in the azimuth coordinates when the second hand is at 20 seconds.
- the virtual data providing unit 53 selects a predetermined number of camouflage objects arranged in the object selection interface from the object pool of the storage unit 51 (S1309).
- the virtual data provider 53 generates a virtual URL for each of the secret object and the spoofed object, and links each of the generated virtual URLs and the corresponding object (that is, the spoofed object or secret object) (S1311).
- the virtual data providing unit 53 generates a virtual code for each of the objects, that is, the secret object and the camouflage object (S1313), and stores the virtual data in which the virtual URL and the virtual code are mapped according to the object. (S1315).
- the interface generator 43 of the safety input device 40 checks the virtual URL and the virtual code of each object in the received virtual data, and then accesses each virtual URL to obtain each object (S1317). Subsequently, the interface generating unit 43 generates an object selection interface by randomly arranging the acquired objects at the object display position implemented in the object selection interface and outputs the object selection interface to the screen (S1319).
- the user moves each secret object to the designated location based on the location information for each secret object recorded in the message received from the authentication server 50. That is, the user checks the location information for each secret object received from the authentication server 50 through the message receiving device, moves each secret object on the object selection interface while recognizing the confirmed location information for each secret object, Enter the Sort Completed menu.
- the objects 1401a, 1402a, and 1403a are respectively secret entities set by the user, and the secret object location information of 1401a, 1402a, and 1403a received from the authentication server 50 is (3,2), respectively.
- the secret object location information of 1401a, 1402a, and 1403a received from the authentication server 50 is (3,2), respectively.
- (2,4), (4,4) the user moves the secret entity of 1401a to the coordinates of (3,2)
- the secret entity of 1402a moves (2,4)
- the secret entity of 1403a After moving to (4,4), you can enter the object alignment complete menu.
- the objects 1401b, 1402b, and 1403b are the secret objects set by the user, respectively, and the secret object location information received from the authentication server 50 is the text " 113520 " indicating 11:35:20 seconds or Fig. 16B.
- the user moves the secret object of 1401b to 11 o'clock, moves the secret object of 1402b to 7 o'clock, moves the secret object of 1403b to 4 o'clock, and then closes the object alignment completion menu. Enter it.
- the authentication information generation unit 44 of the safety input device 40 generates an authentication matrix in which the virtual code for each object is arranged according to the location information (S1321). That is, the authentication information generating unit 44 identifies each object arranged in the aligned object selection interface, and generates an authentication matrix as shown in FIG. 15 in which virtual codes corresponding to the object are arranged according to the position of each object. .
- the authentication information generation unit 44 transmits the generated authentication matrix to the authentication server 50 (S1323).
- the authentication unit 54 of the authentication server 50 confirms the virtual code for each secret object generated by the virtual data provider 53, and each of the secrets arbitrarily generated by the virtual data provider 53.
- Check the location information of the object (S1325).
- the authentication unit 54 authenticates the user by checking whether the virtual code of the corresponding secret entity is correctly arranged in the authentication matrix corresponding to the position of each randomly generated secret entity, for each secret entity (S1327). That is, the authenticator 54 confirms each virtual code representing the secret entity in the authentication matrix based on the identified secret code for each secret entity, and randomly generates the locations of the verified virtual codes and the virtual data provider 53. The user is authenticated by checking whether or not the location information of each secret object matches.
- the authenticator 54 fails to process the user authentication for the safety input device 40, and notifies the safety input device 40 of the authentication failure.
- the message is transmitted (S1329).
- the authentication unit 54 successfully processes the user authentication for the safety input device 40, and sends an authentication success notification message. After transmitting to the safety input device 40 (S1331), the service requested by the user is provided. When the authentication of the user is completed, the authenticator 54 deletes the virtual URL, virtual code, and location information for each object generated by the virtual data provider 53.
- the authentication system may randomly generate a one-time secret entity every time authentication without authenticating a secret entity from the user, and authenticate the user by using the one-time secret entity randomly generated. have.
- FIG. 17 is a diagram illustrating an authentication system according to another embodiment of the present invention.
- an authentication system includes a safety input device 60 and an authentication server 70.
- the safety input device 60 uses the virtual data received from the authentication server 70 to generate and display an object selection interface in which a plurality of secret objects and a plurality of camouflage objects are randomly arranged and the objects can be moved. In addition, when the alignment of the objects is completed on the object selection interface, the safety input device 60 generates the authentication information recorded with the virtual code and the location information of each object arranged on the object selection interface, and transmits them to the authentication server 70. Thus, user authentication is requested to the authentication server 70.
- the safety input device 60 includes a service register 61, a data receiver 42, an interface generator 43, and an authentication information generator 44.
- the service registration unit 61 registers a security authentication service of the user with the authentication server 70.
- the service registration unit 61 requests the authentication server 70 to register the security authentication service of the user after the user accesses the authentication server 70 and succeeds in login authentication based on the ID and password.
- the service registration unit 61 receives a location setting window (see FIG. 19) from which the object image has been removed from the authentication server 70, and receives the location information from which the secret object should be located from the user through this location setting window, and authenticates the user. Register with the server 70.
- the service registration unit 61 sequentially receives a plurality of location information from which the secret entity should be located from the user and registers them with the authentication server 70.
- the authentication server 70 is an authentication device for authenticating a user and performs a function of providing a security authentication service to a user.
- the authentication server 70 includes a storage unit 71, a setting information registration unit 72, a virtual data providing unit 73, an authentication unit 74, and a secret entity providing unit 75.
- the storage unit 71 stores the user's login ID and login password, and stores the location information and the seed value at which each secret object is to be mapped with the user's login ID. In addition, the storage unit 71 additionally stores the incoming call information (eg, mobile phone number) of the message receiving apparatus designated by the user with the login ID of the user. The storage unit 71 also stores an object pool in which a plurality of objects are registered.
- the setting information registration unit 72 receives, from the user, location information where each secret object should be located from the user, and stores the received location information of each secret object in the storage unit 71. Specifically, when the setting information registration unit 72 receives a security authentication service request from the safety input device 60, the setting information registration unit 72 transmits a location setting window for setting the location information of the secret entity to the safety input device 60. In addition, the setting information registration unit 72 receives the location information of each secret object sequentially selected by the user from the safety input device 60, and maps the received location information of each secret object to the user's login ID, the storage unit ( 71).
- the setting information registration unit 72 confirms the order of the location information set by the user, and stores the location information of the secret entity in the storage unit 71 according to this order.
- the setting information registration unit 72 receives incoming information (eg, a mobile communication terminal telephone number) of the message receiving device from the user and maps it to the login ID of the user and stores it in the storage unit 71.
- the secret entity providing unit 75 performs a function of providing a secret entity to the safety input device 60. Specifically, the secret entity providing unit 75 sequentially selects a predetermined number of one-time secret entities from the object pool of the storage unit 71 and checks the incoming information of the user's message receiving device stored in the storage unit 71. And sending a secret entity notification message including the selected one-time secret entity to the message receiving device having the incoming information. At this time, the secret entity providing unit 75 separately displays the order (for example, 1,2,3, etc.) on each one-time secret entity, or in order from left to right, so that the user can recognize the order of the selected one-time secret entity.
- the secret entity providing unit 75 selects a new one-time secret entity from the object pool of the storage unit 71 whenever the secure input device 60 attempts to authenticate.
- the virtual data providing unit 73 performs a function of providing data required for safety login authentication to the safety input device 60.
- the virtual data providing unit 73 selects a predetermined number of camouflage objects from the object pool of the storage 71.
- the virtual data providing unit 73 selects a camouflage object from the objects other than the one-time secret object selected by the secret object providing unit 75.
- the virtual data providing unit 73 generates a selected one-time secret object, a virtual URL of each disguised object, and links the generated virtual URL with the corresponding object.
- the virtual data providing unit 73 generates a virtual code for each of the one-time secret object, the camouflage object, and generates virtual data in which the generated virtual code and the virtual URL are mapped to each object, and generates a safety input device ( 60).
- the authentication unit 74 not only performs login authentication based on the ID and password, but also analyzes the authentication matrix received from the safety input device 60 to determine whether the virtual code corresponding to each secret object is aligned at the promised position. Check and perform user's security authentication. Specifically, the authentication unit 74 checks the virtual code of each one-time secret object generated by the virtual data providing unit 73 in the authentication matrix, and stores the location information of each secret object sequentially set by the user. ). In addition, the authentication unit 74 confirms each virtual code representing the one-time secret object in the authentication matrix based on the confirmed one-time secret object-specific virtual code, and the location of each confirmed virtual code and each secret entity set by the user. The user is authenticated by checking for each secret entity whether the location information of. That is, the authenticator 74 authenticates whether the virtual code representing the one-time secret entity in the authentication matrix is correctly positioned at the position set by the user.
- the authentication unit 74 deletes the virtual URL for each object generated by the virtual data providing unit 73, the virtual code, and the location information for each object.
- the authenticator 44 may separately store the virtual code of the authentication time and the secret entity in the storage 71 as an authentication fingerprint.
- the authentication unit 74 when the authentication unit 74 receives the encrypted and converted authentication matrix from the safety input device 60, the authentication unit 74 decrypts the encrypted authentication matrix and stores the seed value set by the user in the decrypted authentication matrix. Confirmed by the block 71, the authentication matrix is restored using the inverse transform function to which the seed value is applied.
- the seed value may be a user's login password, and the authentication unit 74 confirms the user's login password in the storage unit 71 and generates an authentication matrix using an inverse transform function to which the login password is applied as the seed value.
- FIG. 18 is a flowchart illustrating a method of registering a user with a security authentication service in an authentication system according to another embodiment of the present invention.
- the service registration unit 61 of the safety input device 60 connects to the authentication server 70
- the service registration unit 61 transmits a login request message including a user ID and a password to the authentication server 70 ( S1801).
- the authentication unit 74 of the authentication server 70 extracts the ID and password included in the login request message, and whether the extracted ID and password are stored in the storage unit 71 as authentication information of the same user. By confirming, the user's login authentication is performed (S1803). Subsequently, the authentication unit 74 of the authentication server 70 transmits a login authentication success notification message to the safety input device 60 when the login authentication of the user succeeds (S1805).
- the service registration unit 61 may receive a security authentication service registration from the user. In this case, the service registration unit 61 transmits a security authentication service request message to the authentication server 70 (S1807).
- the setting information registration unit 72 of the authentication server 70 transmits a location setting window for setting the location information of the secret entity to the safety input device 60 (S1809).
- the service registration unit 61 of the safety input device 60 outputs the position setting window received from the authentication server 70 to the screen.
- FIG. 19 is a diagram illustrating a location setting window
- the setting information registration unit 72 may transmit a location setting window as shown in FIG. 19 in a grid form to designate location information without displaying an object to the safety input device 60.
- the setting information registration unit 72 may transmit to the safety input device 60 a position setting window in the form of a circle from which the object is removed in FIG. 14B. That is, the setting information registration unit 72 transmits the position setting window in which the object is removed from the object selection interface provided to the user, to the safety input device 60.
- the service registration unit 61 of the safety input device 60 receives sequentially selected location information from which the secret object should be located from the user through the location setting window (S1811). Subsequently, the service registration unit 61 transmits a plurality of location information sequentially input through the location setting window to the authentication server 70 in the selected order (S1813).
- the setting information registration unit 72 of the authentication server 70 sequentially receives a plurality of location information from the safety input device 60, and the location information of each secret object in accordance with the received order and the login ID of the user The data is mapped and stored in the storage unit 71 (S1815).
- the setting information registration unit 72 requests the safety input device 60 for incoming information (eg, a mobile phone number, an IP address, etc.) of the message receiving device in which the secret object notification message is received (S1817).
- the safety input device 60 transmits the incoming information of the message receiving device received from the user to the authentication server 70 (S1819). Then, the setting information registration unit 72 of the authentication server 70 maps the incoming information of the message receiving device received from the safety input device 60 with the login ID and stores it in the storage unit 71 (S1821).
- 20 is a flowchart illustrating a method of authenticating a user in an authentication system according to another embodiment of the present invention.
- the safety input device 60 transmits a security authentication request message including a user's login ID to the authentication server 70 (S2001). Then, the secret entity providing unit 75 of the authentication server 70 selects a certain number of one-time secret entities from the object pool of the storage unit 71 (S2003), and the user's message receiving device stored in the storage unit 71. Check incoming call information.
- the secret entity providing unit 75 sends a secret entity notification message including the selected one-time secret entity to the message receiving device having the incoming information (S2005).
- the secret entity providing unit 75 separately displays the order (for example, 1,2,3, etc.) on each one-time secret entity, or allows the user to recognize the order of the selected one-time secret entity, or from left to right. You can arrange the one-time secrets in a line so that the order is meaningful.
- the one-time secret entity is preferably included in the secret entity notification message in the form of an image.
- the virtual data providing unit 73 selects a predetermined number of camouflage objects from the object pool of the storage unit 71 (S2007). At this time, the virtual data providing unit 73 selects a camouflage object from the objects other than the one-time secret object selected by the secret object providing unit 75.
- the virtual data providing unit 73 generates a virtual URL for each of the selected one-time secret object and the spoofed object, and links each of the generated virtual URLs and the corresponding object (that is, the spoofed object or secret object) ( S2009).
- the virtual data providing unit 73 randomly generates one-time virtual code for each of the individual, that is, one-time secret and camouflage entities (S2011).
- the virtual data provider 73 transmits the virtual data mapped to the virtual URL and the virtual code for each object to the safety input device 60 (S2013).
- the interface generator 43 of the safety input device 60 checks the virtual URL and the virtual code from the received virtual data.
- the interface generator 43 accesses each of the checked virtual URLs to obtain each entity (S2015).
- the interface generation unit 43 completes generation of the object selection interface by randomly arranging the acquired objects at the object display position implemented in the object selection interface.
- the interface generation unit 43 outputs the generated plurality of object selection interfaces to the screen (S2017).
- the user checks the number of one-time secret objects and the order of each one-time secret object through the secret object notification message received through the message receiving device, and checks the confirmed information. Move each one-time secret entity to the specified location on the basis. That is, the user checks the setting order of the one-time secret object and the one-time secret object currently set through the message receiving device, and the position where the one-time secret object is assigned among the objects shown in the object selection interface, that is, each preset position After moving each secret object such that the one-time secret objects are arranged in correspondence with the position and order of the secret objects, enter the sorting completed menu.
- the secret object providing unit 75 transmits a secret object notification message arranged from left to right in the order of the selected one-time secret object 1401a, 1402a, 1403b to the user, and the user receives the designated secret message.
- the authentication information generation unit 44 of the safety input device 60 When the user completes the object movement on the object selection interface, the authentication information generation unit 44 of the safety input device 60 generates an authentication matrix in which virtual codes for each object are arranged according to the location information (S2019). Next, the authentication information generation unit 44 transmits the generated authentication matrix to the authentication server 70 (S2021).
- the authentication unit 74 of the authentication server 70 confirms the one-time secret object selected by the secret object providing unit 75 and the order of the one-time secret object, and confirms the virtual code of each one-time secret object (S2023). .
- the authentication unit 74 checks the location information of each secret entity set by the user in the storage unit 71 (S2025). That is, the authentication unit 74 confirms the location information of each secret entity mapped with the user's login ID in the storage unit 71.
- the authenticator 74 confirms each virtual code representing the one-time secret object in the authentication matrix based on the confirmed one-time secret object-specific virtual code, and the location of each confirmed virtual code and each secret entity set by the user.
- the user is authenticated by checking whether the location information of each of them matches by secret object (S2027). That is, the authenticator 74 authenticates whether the virtual code representing the one-time secret entity in the authentication matrix is sequentially located at the position set by the user.
- step S2029 an authentication failure notification message is transmitted.
- the authentication unit 74 successfully processes the user authentication for the safety input device 60, and sends an authentication success notification message. After transmitting to the safety input device 60 (S2031), the service requested by the user is provided. When the authentication of the user is completed, the authenticator 74 deletes the virtual URL and the virtual code for each object generated by the virtual data provider 73.
- the authenticator 74 may authenticate the user by checking the virtual code representing the secret entity in the authentication matrix and returning whether the virtual code of each secret entity is arranged in the authentication matrix in succession. That is, the authentication unit 74 may authenticate the user by checking whether the virtual code of each secret entity is arranged in the authentication matrix successively, similarly to the fixed alignment method according to the embodiment of the present invention. In this case, the setting information registration unit 72 does not ask the user for the positional information of each secret entity, and the storage unit 71 does not store the positional information of each secret entity.
- the safety input device 40, 60 transmits one authentication matrix to the authentication server 50, 70, and the authentication server 50, 70 transmits one authentication matrix to a predetermined position.
- the safety input device 40 or 60 generates an authentication matrix in proportion to the number of secret objects to the authentication server 50 or 70.
- the authentication servers 50 and 70 may analyze each authentication matrix to authenticate a user.
- the authentication information generator 44 of the safety input device (40, 60) is by object
- the virtual code creates the first authentication matrix arranged according to the location information.
- the authentication information generator 44 of the safety input device 40 or 60 displays the virtual code for each object. Create a second authentication matrix arranged according to the location information.
- the authentication information generator 44 transmits a plurality of authentication matrices generated according to the alignment of each secret entity to the authentication servers 50 and 70 to request user authentication.
- the entity selection interface is adapted to move a particular entity, not only the particular entity but all other entities on the interface. It moves along with the distance to protect the user's secret object from peeping attacks. For example, in FIG. 14A, when an entity having the reference numeral 1401a moves to the right column, all other entities are moved to the right column. As another example, if the object having the reference numeral 1401b disposed in the outermost circle in FIG. 14B rotates clockwise two spaces, the objects disposed in the other two circles as well as the other object disposed in the outermost circle Rotate two degrees clockwise.
- the authentication units 54 and 74 of the authentication servers 50 and 70 receive a plurality of authentication matrices from the safety input devices 40 and 60, they authenticate the user by analyzing the plurality of authentication matrices. Specifically, the authentication unit 54, 74 is recorded in the first authentication matrix, if a plurality of authentication matrices are received from the safety input device (40, 60), and the secret object sorting method is a user-specified sort or a variable sort method. In the per-object virtual code, check whether the virtual code of the first secret object is arranged at the specified position. Likewise, in the per-object virtual code recorded in the second authentication matrix, the virtual code of the second secret object is arranged at the specified position. Check whether there is. When the virtual codes of the corresponding secret entity are correctly arranged in each of the plurality of authentication matrices, the authentication units 54 and 74 process authentication success for the user.
- the authenticator 54, 74 checks the position of the virtual code of the first secret entity in the first authentication matrix, and in the second authentication matrix. Check the location of the virtual code of the second secret entity. That is, the authentication unit 54, 74 confirms the position where the virtual code of the secret entity is arranged in the corresponding sequence in each authentication matrix.
- the authenticators 54 and 74 may authenticate the user by checking whether the virtual code of the secret entity identified in each authentication matrix has a subsequent position based on the row or column. For example, when the user sets three secret entities, the authentication server 50, 70 receives three sequential authentication matrices from the safety input devices 40, 60, and authenticates the authentication server 20, 50.
- the authenticators 54 and 74 authenticate the user by checking whether the positions of the first to third virtual codes identified above have consecutive positions based on rows or columns.
- the safety input devices 10 and 40 generate the authentication matrix in the form of a matrix as authentication information of the user and transmit the generated authentication matrix to the authentication server 20 and 50.
- the present invention is not limited thereto. As long as the data includes the location information of the individual and the virtual code, it is clear that the data can be adopted as the authentication information of the present invention.
- FIG. 21 illustrates a safety input device applied in a standalone environment according to another embodiment of the present invention.
- the safety input device 80 includes a display unit 81, a storage unit 82, a secret information setting unit 83, an interface generation unit 84, and an authentication unit. Part 85 is included.
- the display unit 81 is a display means based on a liquid crystal display (LCD) technology, a light emitting polymer display (LPD) technology, a light emitting diode (LED) technology, and the like, and outputs various information processed by the safety input device 80.
- the display unit 81 displays the object selection interface.
- the display unit 81 may be a touch display. In this case, the display unit 81 receives the touch information of the user.
- the storage unit 82 stores a plurality of secret objects and secret object sorting methods (ie, fixed sorting or user-specified sorting methods) set by the user. In this case, when the user sets a user-specified sorting method, the storage 82 additionally stores location information of each secret entity. In addition, the storage unit 82 stores an object pool in which a plurality of objects are registered.
- secret object sorting methods ie, fixed sorting or user-specified sorting methods
- the secret information setting unit 83 receives a secret object for each object selection interface from the user and stores the secret object for each object selection interface in the storage unit 82, and receives an object sorting method from the user and stores the secret object in the storage unit 82.
- the secret information setting unit 83 outputs a secret object selection window for setting one or more secret objects among the plurality of objects registered in the object pool of the storage unit 82 to the display unit 81, and displays the secret object.
- a plurality of secret objects are sequentially selected by the user through the selection window.
- the secret information setting unit 83 stores the secret object in the storage unit 82 in the order of the received secret object.
- the interface generator 84 generates a plurality of object selection interfaces and outputs them to the display unit 81. That is, the interface generation unit 84 checks the secret object for each object selection interface in the storage unit 82, and then stores a predetermined number of camouflage objects arranged together with the secret object in the object selection interface in the object pool of the storage unit 82. Select by object selection interface. In addition, the interface generator 84 generates a plurality of object selection interfaces on which the secret and camouflage objects are disposed, and outputs the plurality of object selection interfaces to the display unit 81.
- the authentication unit 85 performs a function of authenticating the user by checking the position of the aligned object in the object selection interface. Specifically, after the object selection interface is output to the display unit 81 by the interface generation unit 84, when the user aligns the objects and inputs the alignment completion signal, the storage unit 82 sets the secret object alignment set by the user. Check whether the method is a fixed sort method or a custom sort method, and check a large number of user-specified secret objects. If the user's secret object sorting method is stored in the storage unit 82 in a fixed sorting manner, the authentication unit 85 displays a secret object set by the user (ie, a secret object stored in the storage unit) in the sorted object selection interface. User authentication is performed by checking whether they are arranged consecutively. That is, if the secret object sorting method set by the user is a fixed sorting method, the authentication unit 85 checks whether each secret object is sorted consecutively in the same row, column or azimuth, and if the user sorts consecutively Successful authentication.
- the authentication unit 85 checks the location information of each secret object set by the user in the storage unit 82.
- the authentication unit 85 recognizes the positions of each secret object in the sorted object selection interface based on the plurality of secret objects stored in the storage 82, and the positions of each secret object thus recognized are stored in the storage 82.
- the user is authenticated by checking whether or not it matches the location information of the stored secret object. If the location of each secret object arranged in the object selection interface and the location of each secret object stored in the storage 82 are exactly the same, the authentication unit 85 successively authenticates the user.
- the method of the present invention as described above may be implemented as a program and stored in a recording medium (CD-ROM, RAM, ROM, floppy disk, hard disk, magneto-optical disk, etc.) in a computer-readable form. Since this process can be easily implemented by those skilled in the art will not be described in more detail.
- a recording medium CD-ROM, RAM, ROM, floppy disk, hard disk, magneto-optical disk, etc.
Abstract
Description
Claims (47)
- 사용자의 보안 인증을 수행하는 방법으로서,A method of performing secure authentication of a user,안전 입력 장치가 인증 서버로부터 개체별 가상코드가 포함된 가상 데이터를 수신하는 단계;Receiving, by the safety input device, virtual data including the individual virtual code from the authentication server;상기 안전 입력 장치가 각 개체가 배치되고 개체 위치가 변경 가능한 복수의 개체 선택 인터페이스를 출력하는 단계;Outputting, by the safety input device, a plurality of object selection interfaces in which each object is arranged and whose object position is changeable;상기 안전 입력 장치가 개체의 위치가 확정되면, 각 개체 선택 인터페이스에서 동일한 위치에 배치된 복수의 개체를 조합 세트로서 설정하는 단계;Setting, by the safety input device, a plurality of entities arranged at the same position in each entity selection interface as a combination set when the position of the entity is determined;상기 안전 입력 장치가 각 개체의 가상코드를 상기 가상 데이터에서 확인하고, 각 개체의 가상코드를 상기 설정한 조합 세트끼리 조합하여, 조합 세트별로 구분되는 복수의 멀티 가상코드를 생성하는 단계; 및Checking, by the safety input device, the virtual code of each entity in the virtual data, and combining the virtual codes of each entity among the set combination sets to generate a plurality of multi-virtual codes classified by combination sets; And상기 안전 입력 장치가 상기 생성한 복수의 멀티 가상코드를 사용자의 인증정보로서 상기 인증 서버로 전송하는 단계;를 포함하는 보안 인증 방법.And transmitting, by the safety input device, the generated multi-virtual code to the authentication server as authentication information of a user.
- 제 1 항에 있어서,The method of claim 1,상기 인증 서버로 전송하는 단계 이후에,After the step of transmitting to the authentication server,상기 인증 서버가 복수의 멀티 가상코드 중에서, 저장한 인증코드와 일치하는 멀티 가상코드가 존재하는지 여부를 확인하여 상기 사용자를 인증하는 단계;를 더 포함하는 것을 특징으로 하는 보안 인증 방법.And authenticating, by the authentication server, whether the multi virtual code matching the stored authentication code exists among a plurality of multi virtual codes, thereby authenticating the user.
- 제 2 항에 있어서,The method of claim 2,상기 가상 데이터를 수신하는 단계 이전에,Prior to receiving the virtual data,상기 인증 서버가 복수의 비밀 개체 및 위장 개체에 대한 가상코드를 생성하는 단계; 및Generating, by the authentication server, virtual codes for a plurality of secret entities and spoofs; And상기 인증 서버가 상기 생성한 복수의 비밀 개체가 조합된 멀티 가상코드를 상기 인증코드로서 저장하는 단계;를 포함하는 것을 특징으로 하는 보안 인증 방법.And storing, by the authentication server, multiple virtual codes in which the plurality of secret entities are generated as the authentication code.
- 제 3 항에 있어서,The method of claim 3, wherein상기 가상코드를 생성하는 단계는,Generating the virtual code,상기 인증 서버가 상기 비밀 개체 및 상기 위장 개체 각각에 대한 가상 URL을 생성하는 단계;를 더 포함하고, Generating, by the authentication server, a virtual URL for each of the secret entity and the spoof entity;상기 가상 데이터를 수신하는 단계는,Receiving the virtual data,상기 안전 입력 장치가 개체별 가상 URL과 가상코드가 포함된 상기 가상 데이터를 상기 인증 서버로부터 수신하는 것을 특징으로 하는 보안 인증 방법.And the secure input device receives the virtual data including the virtual URL and the virtual code for each object from the authentication server.
- 제 4 항에 있어서,The method of claim 4, wherein상기 개체 선택 인터페이스를 출력하는 단계는,The outputting of the object selection interface may include:상기 안전 입력 장치가 상기 가상 데이터에서 개체 선택 인터페이스별 가상 URL을 확인하고, 이 가상 URL을 통해서 개체 선택 인터페이스별 개체를 획득하는 단계; 및Checking, by the safety input device, a virtual URL for each object selection interface in the virtual data, and obtaining an object for each object selection interface through the virtual URL; And상기 획득한 개체를 해당 인터페이스에 각각 배치하는 단계;를 포함하는 것을 특징으로 하는 보안 인증 방법.And arranging the acquired objects on the corresponding interfaces, respectively.
- 제 2 항에 있어서,The method of claim 2,상기 인증 서버로 전송하는 단계는, The step of transmitting to the authentication server,상기 안전 입력 장치가 상기 사용자가 설정한 시드값을 변환함수의 시드로 설정하고, 상기 변환함수를 이용하여 상기 복수의 멀티 가상코드를 변환하여 상기 인증 서버로 전송하고,The safety input device sets a seed value set by the user as a seed of a conversion function, converts the plurality of multi-virtual codes using the conversion function, and transmits the multi-virtual code to the authentication server.상기 사용자를 인증하는 단계는, Authenticating the user includes:상기 인증 서버가 상기 사용자의 시드값을 추출하고, 이 시드값을 역변환 함수의 시드로서 설정하여 상기 변환된 복수의 멀티 가상코드를 복원하고, 상기 복원된 복수의 멀티 가상코드 중에서 상기 저장한 인증코드와 일치하는 멀티 가상코드가 존재하는지 여부를 확인하는 것을 특징으로 하는 보안 인증 방법.The authentication server extracts the seed value of the user, sets the seed value as a seed of an inverse transform function to restore the converted plurality of virtual codes, and stores the stored authentication code among the restored plurality of virtual codes. Security authentication method, characterized in that for checking whether there exists a multi-virtual code matching.
- 제 6 항에 있어서,The method of claim 6,상기 사용자가 설정한 시드값은 상기 사용자의 로그인 패스워드인 것을 특징으로 하는 보안 인증 방법.And a seed value set by the user is a login password of the user.
- 제 1 항에 있어서,The method of claim 1,상기 개체 선택 인터페이스를 출력하는 단계는, The outputting of the object selection interface may include:상기 안전 입력 장치가 사운드에 해당하는 개체의 표시정보를 생성하여 개체 선택 인터페이스에 배치하고, 상기 개체의 표시정보가 클릭되면 상기 사운드를 재생하는 것을 특징으로 하는 보안 인증 방법.And generating, by the safety input device, display information of an object corresponding to a sound and placing the information on an object selection interface, and playing the sound when the display information of the object is clicked.
- 개체별 가상코드가 포함된 가상 데이터를 수신하여, 각각의 개체가 배치되고 개체 위치가 변경 가능한 복수의 개체 선택 인터페이스를 생성하여 출력하는 인터페이스 생성부; 및An interface generation unit for receiving virtual data including the virtual code for each object, and generating and outputting a plurality of object selection interfaces in which each object is arranged and whose object position is changeable; And상기 개체 선택 인터페이스에서 개체의 위치가 확정되면, 각 개체 선택 인터페이스에서 동일한 위치에 배치된 복수의 개체를 조합 세트로서 설정하고, 각 개체의 가상코드를 상기 가상 데이터에서 확인한 후, 각 개체의 가상코드를 상기 설정한 조합 세트끼리 조합하여, 조합 세트별로 구분되는 복수의 멀티 가상코드를 사용자의 보안 인증정보로서 생성하는 멀티 가상코드 생성부;를 포함하는 안전 입력 장치.When the position of the object is determined in the object selection interface, a plurality of objects arranged at the same position in each object selection interface are set as a combination set, the virtual code of each object is checked in the virtual data, and then the virtual code of each object. And a multi-virtual code generating unit for generating a plurality of multi-virtual codes classified for each combination set as security authentication information of the user by combining the set combinations.
- 제 9 항에 있어서,The method of claim 9,상기 인터페이스 생성부는,The interface generator,상기 가상 데이터에서 개체별 가상 URL을 확인하고, 이 가상 URL을 통해서 각 개체 선택 인터페이스별 개체를 획득하고, 상기 획득한 각 개체를 해당 개체 선택 인터페이스에 각각 배치하는 것을 특징으로 하는 안전 입력 장치.And checking the virtual URL for each object in the virtual data, acquiring an object for each object selection interface through the virtual URL, and placing each of the acquired objects in a corresponding object selection interface.
- 제 10 항에 있어서,The method of claim 10,상기 인터페이스 생성부는,The interface generator,가상 URL이 사운드 개체의 URL인 경우, 사운드 개체의 표시정보를 생성하여 개체 선택 인터페이스에 배치하고, 상기 사운드 개체의 표시정보가 클릭되면 해당 URL을 통해 사운드를 획득하여 재생하는 것을 특징으로 하는 안전 입력 장치.When the virtual URL is a URL of a sound object, the display device generates and displays display information of the sound object in the object selection interface, and when the display information of the sound object is clicked, the safety input of acquiring and playing the sound through the corresponding URL. Device.
- 제 9 항에 있어서,The method of claim 9,상기 사용자로부터 입력받은 시드값을 변환함수의 시드로 설정하고, 상기 변환함수를 이용하여 복수의 멀티 가상코드를 변환하여 인증 서버로 전송하는 코드 변환부;를 더 포함하는 것을 특징으로 하는 안전 입력 장치.And a code conversion unit configured to set the seed value received from the user as a seed of a conversion function, and convert a plurality of multi-virtual codes using the conversion function to transmit to the authentication server. .
- 제 12 항에 있어서,The method of claim 12,상기 코드 변환부는,The code conversion unit,상기 시드값으로서 사용자의 로그인 패스워드를 입력받는 것을 특징으로 하는 안전 입력 장치.And a login password of the user as the seed value.
- 제 9 항에 있어서,The method of claim 9,상기 사용자로부터 개체 선택 인터페이스별 비밀 개체를 설정받아, 상기 설정받은 개체 선택 인터페이스별 비밀 개체를 인증 서버로 등록하는 서비스 등록부;를 더 포함하는 것을 특징으로 하는 안전 입력 장치.And a service register configured to receive a secret object for each object selection interface from the user, and register the set secret object for each object selection interface as an authentication server.
- 사용자가 설정한 복수의 비밀 개체를 저장하는 저장부;A storage unit which stores a plurality of secret objects set by a user;상기 복수의 비밀 개체, 위장 개체 각각에 대한 가상코드를 생성하고, 이렇게 생성한 각 개체의 가상코드가 포함된 가상 데이터를 상기 사용자의 통신 장치로 전송하는 가상 데이터 제공부; 및A virtual data provider for generating virtual codes for each of the plurality of secret and spoofed entities, and transmitting virtual data including the virtual codes of the respective entities to the communication device of the user; And상기 사용자의 입력신호와 상기 가상 데이터를 토대로 상기 통신 장치에서 생성된 복수의 멀티 가상코드를 상기 통신 장치로부터 수신하면, 상기 복수의 멀티 가상코드 중에서 인증코드와 일치하는 멀티 가상코드가 존재하는지 여부를 확인하여 상기 사용자를 인증하는 인증부;를 포함하는 인증 장치.When receiving a plurality of multi-virtual codes generated in the communication device from the communication device based on the input signal of the user and the virtual data, whether or not there is a multi-virtual code that matches the authentication code among the plurality of multi-virtual code. Authentication unit for confirming and authenticating the user.
- 제 15 항에 있어서,The method of claim 15,상기 인증부는,The authentication unit,상기 생성한 가상코드 중에서 복수의 비밀 개체의 가상코드가 조합된 멀티 가상코드를 상기 인증코드로서 설정하여 상기 사용자를 인증하는 것을 특징으로 하는 인증 장치.And authenticating the user by setting a multi-virtual code in which virtual codes of a plurality of secret entities are combined as the authentication code among the generated virtual codes.
- 제 15 항에 있어서,The method of claim 15,상기 가상 데이터 제공부는,The virtual data providing unit,상기 비밀 개체, 상기 위장 개체 각각에 대한 가상 URL을 생성하고, 상기 생성한 각 개체의 가상 URL이 더 포함된 가상 데이터를 상기 사용자의 통신 장치로 전송하는 것을 특징으로 하는 인증 장치.And generating a virtual URL for each of the secret entity and the spoofed entity, and transmitting virtual data including the virtual URL of each generated entity to the communication device of the user.
- 제 15 항에 있어서,The method of claim 15,상기 사용자가 설정한 시드값을 추출하고, 이 시드값을 역변환함수의 시드로서 설정하여 복수의 멀티 가상코드를 복원하는 복원 처리부;를 더 포함하고, Extracting a seed value set by the user, and setting the seed value as a seed of an inverse transform function to restore a plurality of multi-virtual codes;상기 인증부는, The authentication unit,상기 복원된 복수의 멀티 가상코드 중에서 상기 인증코드와 일치하는 멀티 가상코드가 존재하는지 여부를 확인하는 것을 특징으로 하는 인증 장치.And verifying whether there is a multi-virtual code that matches the authentication code among the plurality of restored multi-virtual codes.
- 제 15 항에 있어서,The method of claim 15,상기 사용자로부터 복수의 비밀 개체를 설정받아 상기 저장부에 저장하거나, 상기 복수의 비밀 개체를 선정하여 이 선정한 복수의 비밀 개체가 포함된 메시지를 상기 사용자가 지정한 메시지 수신장치로 전송하는 비밀 개체 등록부;를 더 포함하는 것을 특징으로 하는 인증 장치.A secret entity registration unit configured to receive a plurality of secret entities from the user and store the plurality of secret entities in the storage unit, or select the plurality of secret entities and transmit a message including the selected plurality of secret entities to the message receiving apparatus designated by the user; Authentication device further comprising.
- 사용자가 설정한 복수의 비밀 개체를 저장하는 저장부;A storage unit which stores a plurality of secret objects set by a user;각 개체가 배치되며 개체 위치가 변경 가능한 복수의 개체 선택 인터페이스를 생성하여 출력하는 인터페이스 생성부; 및An interface generation unit for generating and outputting a plurality of object selection interfaces in which each object is arranged and whose object positions can be changed; And상기 개체 선택 인터페이스에서 개체의 위치가 확정되면, 각 개체 선택 인터페이스에서 동일한 위치에 배치된 복수의 개체를 그룹으로 설정하고, 이렇게 설정한 그룹 중에서 상기 저장부에 저장된 복수의 비밀 개체를 모두 포함하는 그룹이 존재하는지 여부를 확인하여 사용자를 인증하는 인증부;를 포함하는 안전 입력 장치.When the position of the object is determined in the object selection interface, a plurality of objects arranged at the same position in each object selection interface are set as a group, and among the set groups, a group including all of the plurality of secret objects stored in the storage unit. The safety input device comprising a; authentication unit for authenticating the user by checking whether there is.
- 인증 시스템에서 사용자의 보안 인증을 수행하는 방법으로서,A method of performing secure authentication of a user in an authentication system.인증 서버가 개체별 가상코드가 포함된 가상 데이터를 생성하여 안전 입력 장치로 전송하는 단계;Generating, by the authentication server, the virtual data including the virtual code for each object and transmitting the generated virtual data to the safety input device;상기 안전 입력 장치가 상기 가상 데이터를 토대로, 각 개체가 배치되고 개체의 위치가 변경 가능한 개체 선택 인터페이스를 출력하는 단계;Outputting, by the safety input device, an object selection interface on which each object is placed and whose position is changeable based on the virtual data;상기 안전 입력 장치가 개체의 위치가 확정되면, 상기 개체 선택 인터페이스에 배치된 각 개체의 위치정보와 가상코드가 포함된 하나 이상의 인증정보를 생성하는 단계;Generating, by the safety input device, at least one piece of authentication information including location information and virtual code of each entity arranged in the entity selection interface when the location of the entity is determined;상기 안전 입력 장치가 상기 생성한 하나 이상의 인증정보를 상기 인증 서버로 전송하는 단계; 및Transmitting the generated one or more authentication information to the authentication server by the safety input device; And상기 인증 서버가 상기 인증정보를 분석하여, 사용자가 설정한 각 비밀 개체의 가상코드가 약속된 위치정보를 가지고 있는지 여부를 확인하여 상기 사용자를 인증하는 단계;를 포함하는 보안 인증 방법.And analyzing, by the authentication server, the authentication information, and confirming whether the virtual code of each secret entity set by the user has the promised location information, and authenticating the user.
- 제 21 항에 있어서,The method of claim 21,상기 인증하는 단계는,The authenticating step,상기 인증 서버가 상기 사용자가 설정한 비밀 개체 정렬 방식이 고정 정렬 방식이면, 상기 인증정보에서 상기 사용자가 설정한 각 비밀 개체의 가상코드가 연이은 위치정보를 가지는지 여부를 확인하여 상기 사용자를 인증하는 것을 특징으로 하는 보안 인증 방법.If the secret server sorting scheme set by the user is a fixed sorting scheme, the authentication server authenticates the user by checking whether the virtual code of each secret entity set by the user has consecutive location information in the authentication information. Security authentication method characterized in that.
- 제 21 항에 있어서,The method of claim 21,상기 인증하는 단계는,The authenticating step,상기 인증 서버가 상기 사용자가 설정한 비밀 개체 정렬 방식이 사용자 지정 정렬 방식이면, 상기 사용자가 설정한 각 비밀 개체의 위치정보를 확인하는 단계; 및Checking, by the authentication server, location information of each secret entity set by the user if the secret entity sorting scheme set by the user is a user-specified sorting scheme; And상기 인증 서버가 상기 인증정보에서 각 비밀 개체를 나타내는 가상코드와 이 가상코드의 위치정보를 확인하고, 이렇게 확인한 각 가상코드의 위치정보와 상기 사용자가 설정한 각 비밀 개체의 위치정보가 일치하는지 여부를 비밀 개체별로 확인하여 상기 사용자를 인증하는 단계;를 포함하는 것을 특징으로 하는 보안 인증 방법.The authentication server checks the virtual code representing each secret entity and the location information of the virtual code in the authentication information, and whether the location information of each virtual code thus confirmed and the location information of each secret entity set by the user match. And authenticating the user by checking the secret for each secret entity.
- 제 21 항에 있어서,The method of claim 21,상기 인증하는 단계 이전에,Before the authenticating step,상기 인증 서버가 상기 사용자가 설정한 비밀 개체 정렬 방식을 확인하여 상기 사용자의 비밀 개체 정렬 방식이 변동 정렬 방식이면, 사용자가 설정한 메시지 수신처를 확인하는 단계; 및Checking, by the authentication server, the secret entity sorting scheme set by the user, and confirming a message destination set by the user if the secret entity sorting scheme of the user is a variable sorting scheme; And상기 인증 서버가 상기 사용자가 설정한 각 비밀 개체가 상기 개체 선택 인터페이스에서 위치해야 되는 비밀 개체별 위치정보를 생성하여, 이 생성한 위치정보를 상기 확인한 메시지 수신처로 발송하는 단계;를 더 포함하고, Generating, by the authentication server, location information for each secret entity that each secret entity set by the user should be located in the object selection interface, and sending the generated location information to the checked message destination;상기 인증하는 단계는,The authenticating step,상기 인증 서버가 상기 인증정보에서 각 비밀 개체를 나타내는 가상코드와 이 가상코드의 위치정보를 확인하고, 이렇게 확인한 각 가상코드의 위치정보와 상기 생성한 비밀 개체별 위치정보가 일치하는 여부를 비밀 개체별로 확인하여 상기 사용자를 인증하는 것을 특징으로 하는 보안 인증 방법.The authentication server checks the virtual code representing each secret object and the location information of the virtual code in the authentication information, and whether the location information of each checked virtual code and the generated location information for each secret object are identical. Security authentication method characterized in that for authenticating the user by checking.
- 제 24 항에 있어서,The method of claim 24,상기 발송하는 단계는,The sending step,상기 인증 서버가 상기 비밀 개체별 위치정보로서 각 비밀 개체가 위치해야 되는 정보가 표시된 이미지를 생성하여, 상기 확인한 메시지 수신처로 발송하는 것을 특징으로 하는 보안 인증 방법.And the authentication server generates an image indicating information on which each secret entity should be located as location information for each secret entity, and sends the image to the confirmed message destination.
- 제 21 항에 있어서,The method of claim 21,상기 가상 데이터를 생성하여 안전 입력 장치로 전송하는 단계는,Generating the virtual data and transmitting it to a safety input device,상기 인증 서버가 상기 사용자가 설정한 다수의 비밀 개체를 확인하는 단계; 및Verifying, by the authentication server, a plurality of secret entities set by the user; And상기 인증 서버가 복수의 위장 개체를 선정하고, 상기 비밀 개체, 상기 위장 개체 각각에 대한 가상코드를 생성하는 단계;를 포함하는 것을 특징으로 하는 보안 인증 방법.And selecting, by the authentication server, a plurality of camouflage entities, and generating virtual codes for each of the secret entity and the camouflage entity.
- 제 26 항에 있어서,The method of claim 26,상기 가상 데이터를 생성하여 안전 입력 장치로 전송하는 단계는,Generating the virtual data and transmitting it to a safety input device,상기 인증 서버가 상기 비밀 개체, 상기 위장 개체 각각에 대한 가상 URL을 생성하여, 이 개체별 URL을 상기 가상 데이터에 포함시켜 상기 안전 입력 장치로 전송하고,The authentication server generates a virtual URL for each of the secret entity and the spoofed entity, includes the URL for each entity in the virtual data, and sends the virtual URL to the secure input device;상기 개체 선택 인터페이스를 출력하는 단계는,The outputting of the object selection interface may include:상기 안전 입력 장치가 상기 가상 데이터에서 개체별 가상 URL을 확인하고, 이 가상 URL에 접근하여 각 개체를 획득하여 상기 개체 선택 인터페이스에 배치하여 출력하는 것을 특징으로 하는 보안 인증 방법.And the security input device checks the virtual URL for each object in the virtual data, accesses the virtual URL, obtains each object, and arranges and outputs each object in the object selection interface.
- 제 21 항에 있어서,The method of claim 21,상기 인증정보를 생성하는 단계는,Generating the authentication information,상기 안전 입력 장치가, 상기 사용자의 비밀 개체 개수에 비례하여 상기 인증정보를 생성하고, The security input device generates the authentication information in proportion to the number of secret entities of the user,상기 사용자를 인증하는 단계는,Authenticating the user includes:인증정보가 생성된 순서 및 상기 사용자가 설정한 비밀 개체의 순서를 확인하고, 상기 비밀 개체의 설정 순서와 동일 생성 순서를 가지는 인증정보에서 해당 비밀 개체의 가상코드를 확인하여, 이 확인한 각 가상코드가 약속된 위치정보를 가지고 있는지 여부를 확인하는 것을 특징으로 하는 보안 인증 방법.Check the order in which the authentication information is generated and the order of the secret object set by the user, and check the virtual code of the secret object in the authentication information having the same creation order as that of the secret object. The security authentication method, characterized in that whether to have the promised location information.
- 사용자가 설정한 다수의 비밀 개체를 저장하는 저장부;A storage unit which stores a plurality of secret objects set by a user;상기 다수의 비밀 개체, 위장 개체 각각에 대한 가상코드를 생성하고, 이렇게 생성한 각 개체의 가상코드가 포함된 가상 데이터를 상기 사용자의 통신 장치로 전송하는 가상 데이터 제공부; 및A virtual data providing unit generating virtual codes for each of the plurality of secret entities and camouflage entities, and transmitting virtual data including the virtual codes of the respective entities to the communication device of the user; And각 개체별 정렬 위치와 가상 데이터가 포함된 인증정보를 상기 통신 장치로부터 수신하고, 이 인증정보를 분석하여 각 비밀 개체의 가상코드가 약속된 위치정보를 가지고 있는지 여부를 확인하여 상기 사용자를 인증하는 인증부;를 포함하는 인증 장치.Receiving the authentication information including the alignment position and virtual data of each object from the communication device, and analyzing the authentication information to determine whether the virtual code of each secret object has the promised location information to authenticate the user Authentication unit including; authentication unit.
- 제 29 항에 있어서,The method of claim 29,상기 인증부는,The authentication unit,상기 사용자가 설정한 비밀 개체 정렬 방식이 고정 정렬 방식이면, 상기 인증정보에서 상기 사용자가 설정한 각 비밀 개체의 가상코드가 연이은 위치정보를 가지는지 여부를 확인하여 사용자를 인증하는 것을 특징으로 하는 인증 장치.When the secret entity sorting method set by the user is a fixed sorting method, the authentication information is verified by checking whether the virtual code of each secret entity set by the user has consecutive location information in the authentication information. Device.
- 제 29 항에 있어서,The method of claim 29,상기 인증부는,The authentication unit,상기 사용자가 설정한 비밀 개체 정렬 방식이 사용자 지정 정렬 방식이면, 상기 사용자가 설정한 각 비밀 개체의 위치정보를 상기 저장부에서 확인하고, 상기 인증정보에서 각 비밀 개체를 나타내는 가상코드와 이 가상코드의 위치정보를 확인하여 이렇게 확인한 각 가상코드의 위치정보와 상기 저장부에서 확인한 각 비밀 개체의 위치의 위치정보가 일치하는지 여부를 비밀 개체별로 확인하여 상기 사용자를 인증하는 것을 특징으로 하는 인증 장치.If the secret object sorting method set by the user is a user-specified sorting method, the storage unit checks the location information of each secret object set by the user, and the virtual code indicating each secret object in the authentication information and the virtual code. And confirming the location information of each virtual code to confirm whether the location information of each virtual code and the location information of each secret object checked in the storage unit are matched for each secret object to authenticate the user.
- 제 29 항에 있어서,The method of claim 29,상기 가상 데이터 제공부는, The virtual data providing unit,상기 사용자가 설정한 비밀 개체 정렬 방식이 변동 정렬 방식이면, 사용자가 설정한 메시지 수신처를 상기 저장부에서 확인하고, 각 비밀 개체가 상기 개체 선택 인터페이스에서 위치해야 되는 비밀 개체별 위치정보를 생성하여, 이 생성한 위치정보를 상기 확인한 메시지 수신처로 발송하고,If the secret entity sorting method set by the user is a variable sorting method, the message receiving destination set by the user is checked in the storage unit, and the location information for each secret entity that each secret entity should be located in the object selection interface is generated. Sends the generated location information to the message confirmation destination,상기 인증부는,The authentication unit,상기 인증정보에서 각 비밀 개체를 나타내는 가상코드와 이 가상코드의 위치정보를 확인하여 이렇게 확인한 각 가상코드의 위치정보와 상기 가상 데이터 제공부에서 생성한 비밀 개체별 위치정보가 일치하는 여부를 비밀 개체별로 확인하여 상기 사용자를 인증하는 것을 특징으로 하는 인증 장치.The virtual object representing each secret object in the authentication information and the location information of the virtual code is checked to determine whether the location information of each virtual code confirmed in this way and the location information for each secret object generated by the virtual data provider are identical. Authentication device, characterized in that for authenticating the user by checking.
- 제 32 항에 있어서,The method of claim 32,상기 가상 데이터 제공부는,The virtual data providing unit,상기 비밀 개체별 위치정보로서 각 비밀 개체가 위치해야 되는 정보가 표시된 생성하여 상기 확인한 메시지 수신처로 발송하는 것을 특징으로 하는 인증 장치.And generating information on which each secret entity should be located as location information for each secret entity, and sending the information to the checked message destination.
- 제 29 항에 있어서,The method of claim 29,상기 가상 데이터 제공부는,The virtual data providing unit,상기 인증 서버가 상기 비밀 개체, 상기 위장 개체 각각에 대한 가상 URL을 생성하여, 이 개체별 URL을 상기 가상 데이터에 포함시켜 상기 통신 장치로 전송하는 것을 특징으로 하는 인증 장치.And the authentication server generates a virtual URL for each of the secret entity and the camouflage entity, and includes the URL for each entity in the virtual data and transmits the URL to the communication device.
- 제 29 항에 있어서,The method of claim 29,상기 인증부는,The authentication unit,상기 통신 장치로부터 상기 비밀 개체의 개수에 비례한 복수의 인증정보를 수신하고, 상기 복수의 인증정보가 생성된 순서 및 상기 사용자가 설정한 비밀 개체의 순서를 확인하여, 상기 비밀 개체의 설정 순서와 동일 생성 순서를 가지는 인증정보에서 해당 비밀 개체의 가상코드를 확인하고, 이 확인한 각 가상코드가 약속된 위치정보를 가지고 있는지 여부를 확인하는 것을 특징으로 하는 인증 장치.Receiving a plurality of pieces of authentication information proportional to the number of the secret entities from the communication device, checking the order of generating the plurality of pieces of authentication information and the order of the secret objects set by the user, And verifying the virtual code of the corresponding secret object in the authentication information having the same generation order, and checking whether each checked virtual code has the promised location information.
- 인증 시스템에서 사용자의 보안 인증을 수행하는 방법으로서,A method of performing secure authentication of a user in an authentication system.인증 서버가 개체 풀에서 다수의 비밀 개체를 선정하고, 이 선정한 비밀 개체를 사용자가 지정한 메시지 수신처로 전송하는 단계;Selecting, by the authentication server, a plurality of secret objects from the object pool, and transmitting the selected secret objects to a message destination designated by the user;상기 인증 서버가 개체별 가상코드가 포함된 가상 데이터를 생성하여 안전 입력 장치로 전송하는 단계;Generating, by the authentication server, virtual data including an individual virtual code and transmitting the generated virtual data to a safety input device;상기 안전 입력 장치가 상기 가상 데이터를 토대로, 각 개체가 배치되고 개체의 위치가 변경 가능한 개체 선택 인터페이스를 출력하는 단계;Outputting, by the safety input device, an object selection interface on which each object is placed and whose position is changeable based on the virtual data;상기 안전 입력 장치가 개체의 위치가 확정되면, 상기 개체 선택 인터페이스에 배치된 각 개체의 위치정보와 가상코드가 포함된 하나 이상의 인증정보를 생성하는 단계;Generating, by the safety input device, at least one piece of authentication information including location information and virtual code of each entity arranged in the entity selection interface when the location of the entity is determined;상기 안전 입력 장치가 상기 생성한 하나 이상의 인증정보를 상기 인증 서버로 전송하는 단계; 및Transmitting the generated one or more authentication information to the authentication server by the safety input device; And상기 인증 서버가 상기 인증정보를 분석하여, 상기 선정한 각 비밀 개체의 가상코드가 약속된 위치정보를 가지고 있는지 여부를 확인하여 상기 사용자를 인증하는 단계;를 포함하는 보안 인증 방법.And analyzing, by the authentication server, the authentication information, and confirming whether the virtual code of each selected secret entity has the promised location information to authenticate the user.
- 제 36 항에 있어서,The method of claim 36,상기 인증하는 단계는,The authenticating step,상기 인증 서버가 상기 사용자가 설정한 각 비밀 개체의 위치정보를 확인하는 단계; 및Confirming, by the authentication server, location information of each secret entity set by the user; And상기 인증 서버가 상기 인증정보에서 각 비밀 개체를 나타내는 가상코드와 이 가상코드의 위치정보를 확인하고, 이렇게 확인한 각 가상코드의 위치정보와 상기 사용자가 설정한 각 비밀 개체의 위치정보가 일치하는지 여부를 비밀 개체별로 확인하여 상기 사용자를 인증하는 단계;를 포함하는 것을 특징으로 하는 보안 인증 방법.The authentication server checks the virtual code representing each secret entity and the location information of the virtual code in the authentication information, and whether the location information of each virtual code thus confirmed and the location information of each secret entity set by the user match. And authenticating the user by checking the secret for each secret entity.
- 제 36 항에 있어서,The method of claim 36,상기 인증하는 단계는,The authenticating step,상기 선정한 각 비밀 개체의 가상코드가 연이은 위치정보를 가지는지 여부를 확인하여 상기 사용자를 인증하는 것을 특징으로 하는 보안 인증 방법.And authenticating the user by checking whether the virtual code of each selected secret entity has consecutive location information.
- 제 36 항에 있어서,The method of claim 36,상기 가상 데이터를 생성하여 안전 입력 장치로 전송하는 단계는,Generating the virtual data and transmitting it to a safety input device,상기 인증 서버가 상기 인증 서버가 복수의 위장 개체를 선정하는 하는 단계; 및The authentication server selecting, by the authentication server, a plurality of disguised entities; And상기 인증 서버가 상기 비밀 개체, 상기 위장 개체 각각에 대한 가상코드를 생성하는 단계;를 포함하는 것을 특징으로 하는 보안 인증 방법.And generating, by the authentication server, virtual code for each of the secret entity and the spoof entity.
- 제 39 항에 있어서,The method of claim 39,상기 가상 데이터를 생성하여 안전 입력 장치로 전송하는 단계는,Generating the virtual data and transmitting it to a safety input device,상기 인증 서버가 상기 비밀 개체, 상기 위장 개체 각각에 대한 가상 URL을 생성하여, 이 개체별 URL을 상기 가상 데이터에 포함시켜 상기 안전 입력 장치로 전송하고,The authentication server generates a virtual URL for each of the secret entity and the spoofed entity, includes the URL for each entity in the virtual data, and sends the virtual URL to the secure input device;상기 개체 선택 인터페이스를 출력하는 단계는,The outputting of the object selection interface may include:상기 안전 입력 장치가 상기 가상 데이터에서 개체별 가상 URL을 확인하고, 이 가상 URL에 접근하여 각 개체를 획득하여 상기 개체 선택 인터페이스에 배치하여 출력하는 것을 특징으로 하는 보안 인증 방법.And the security input device checks the virtual URL for each object in the virtual data, accesses the virtual URL, obtains each object, and arranges and outputs each object in the object selection interface.
- 개체 풀을 저장하는 저장부;A storage unit storing an object pool;상기 저장부의 개체 풀에서 다수의 비밀 개체를 선정하고, 이렇게 선정한 비밀 개체를 사용자가 지정한 메시지 수신처로 전송하는 비밀 개체 제공부;A secret entity providing unit for selecting a plurality of secret entities from the object pool of the storage unit and transmitting the selected secret entities to a message destination designated by a user;다수의 위장 개체를 상기 저장부에 개체 풀에서 선정하고, 상기 비밀 개체, 상기 위장 개체 각각에 대한 가상코드를 생성하여, 이렇게 생성한 각 개체의 가상코드가 포함된 가상 데이터를 상기 사용자의 통신 장치로 전송하는 가상 데이터 제공부; 및A plurality of camouflage objects are selected from the object pool in the storage unit, and a virtual code for each of the secret entity and the camouflage entity is generated, and the virtual data including the virtual code of each generated object is communicated with the user. Virtual data providing unit for transmitting to; And각 개체별 정렬 위치와 가상 데이터가 포함된 인증정보를 상기 통신 장치로부터 수신하고, 이 인증정보를 분석하여 각 비밀 개체의 가상코드가 약속된 위치정보를 가지고 있는지 여부를 확인하여 상기 사용자를 인증하는 인증부;를 포함하는 인증 장치.Receiving the authentication information including the alignment position and virtual data of each object from the communication device, and analyzing the authentication information to determine whether the virtual code of each secret object has the promised location information to authenticate the user Authentication unit including; authentication unit.
- 제 41 항에 있어서,42. The method of claim 41 wherein상기 인증부는,The authentication unit,상기 사용자가 설정한 각 비밀 개체의 위치정보를 상기 저장부에서 확인하고, 상기 인증정보에서 각 비밀 개체를 나타내는 가상코드와 이 가상코드의 위치정보를 확인하고, 이렇게 확인한 각 가상코드의 위치정보와 상기 저장부에서 확인한 각 비밀 개체의 위치정보가 일치하는지 여부를 비밀 개체별로 확인하여 상기 사용자를 인증하는 것을 특징으로 하는 인증 장치.The storage unit checks the location information of each secret entity set by the user in the storage unit, and checks the virtual code representing each secret entity and the location information of the virtual code in the authentication information. And authenticating the user by checking whether the location information of each secret entity identified by the storage unit is matched for each secret entity.
- 제 41 항에 있어서,42. The method of claim 41 wherein상기 인증부는,The authentication unit,상기 선정한 각 비밀 개체의 가상코드가 연이은 위치정보를 가지는지 여부를 확인하여 상기 사용자를 인증하는 것을 특징으로 하는 인증 장치.And authenticating the user by checking whether the virtual code of each selected secret entity has consecutive location information.
- 제 41 항에 있어서,42. The method of claim 41 wherein상기 가상 데이터 제공부는,The virtual data providing unit,상기 비밀 개체, 상기 위장 개체 각각에 대한 가상 URL을 생성하여, 이 개체별 URL을 상기 가상 데이터에 포함시켜 상기 통신 장치로 전송하는 것을 특징으로 하는 인증 장치.And generating a virtual URL for each of the secret entity and the spoofed entity, and including the URL for each entity in the virtual data and transmitting the same to the communication device.
- 사용자가 설정한 다수의 비밀 개체를 저장하는 저장부;A storage unit which stores a plurality of secret objects set by a user;각 개체가 배치되며 개체 위치가 변경 가능한 복수의 개체 선택 인터페이스를 생성하여 출력하는 인터페이스 생성부; 및An interface generation unit for generating and outputting a plurality of object selection interfaces in which each object is arranged and whose object positions can be changed; And상기 개체 선택 인터페이스에서 개체의 위치가 확정되면, 각 개체 선택 인터페이스에서 비밀 개체를 확인하고, 각 비밀 개체가 약속된 위치에 위치하고 있는지 여부를 확인하여 사용자를 인증하는 인증부;를 포함하는 안전 입력 장치.When the location of the object is determined in the object selection interface, the authentication unit for identifying a secret object in each object selection interface, and whether or not each secret object is located in the promised position to authenticate the user; a safety input device comprising a .
- 제 45 항에 있어서,The method of claim 45,상기 인증부는,The authentication unit,상기 사용자가 설정한 비밀 개체 정렬 방식이 고정 정렬 방식이면, 상기 개체 선택 인터페이스에서 확인한 비밀 개체가 연이어서 위치하고 있는지 여부를 확인하여 상기 사용자를 인증하는 것을 특징으로 하는 안전 입력 장치.And if the secret entity alignment scheme set by the user is a fixed alignment scheme, verifying whether the secret entity identified in the entity selection interface is located in succession to authenticate the user.
- 제 45 항에 있어서,The method of claim 45,상기 인증부는,The authentication unit,상기 사용자가 설정한 비밀 개체 정렬 방식이 사용자 지정 정렬 방식이면, 상기 사용자가 설정한 각 비밀 개체의 위치정보를 상기 저장부에서 확인하고, 상기 개체 선택 인터페이스에서 확인한 각 비밀 개체의 위치와 상기 저장부에서 확인한 비밀 개체의 위치정보가 일치하는지 여부를 비밀 개체별로 확인하여 상기 사용자를 인증하는 것을 특징으로 하는 안전 입력 장치.If the secret object sorting method set by the user is a user-specified sorting method, the location information of each secret object set by the user is checked in the storage unit, and the location and location of each secret object checked in the object selection interface are determined. The safety input device, characterized in that for authenticating the user by checking whether the location information of the secret object identified in the secret object for each match.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2015555944A JP2016507110A (en) | 2013-09-12 | 2014-07-24 | Security authentication method and apparatus |
US14/424,822 US20160253510A1 (en) | 2013-09-12 | 2014-07-24 | Method for security authentication and apparatus therefor |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2013-0109897 | 2013-09-12 | ||
KR1020130109897A KR101525154B1 (en) | 2013-09-12 | 2013-09-12 | Security authentication method and apparatus therefor |
KR10-2013-0139284 | 2013-11-15 | ||
KR20130139284 | 2013-11-15 | ||
KR10-2014-0071632 | 2014-06-12 | ||
KR1020140071632A KR20150056442A (en) | 2013-11-15 | 2014-06-12 | Security authentication method and apparatus therefor |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015037828A1 true WO2015037828A1 (en) | 2015-03-19 |
Family
ID=52665894
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2014/006769 WO2015037828A1 (en) | 2013-09-12 | 2014-07-24 | Security authentication method and device for same |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2015037828A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10377918B2 (en) | 2017-09-27 | 2019-08-13 | Corning Incorporated | Fiber coating with fast cure speed |
CN112199657A (en) * | 2020-09-21 | 2021-01-08 | 暨南大学 | Identity authentication method and VR device based on virtual reality environment |
US11429707B1 (en) * | 2016-10-25 | 2022-08-30 | Wells Fargo Bank, N.A. | Virtual and augmented reality signatures |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20020009783A (en) * | 2000-07-27 | 2002-02-02 | 이종우 | Method For Security In Internet Server Based Upon Membership Operating System And Server Systems Regarding It |
KR20130015566A (en) * | 2011-08-04 | 2013-02-14 | 김경숙 | Apparatus for security certification using key pad being figure or graphics and method for the same |
KR20130055877A (en) * | 2011-11-21 | 2013-05-29 | (주)네오위즈게임즈 | Method, server, terminal and recording medium for serving authentication process |
-
2014
- 2014-07-24 WO PCT/KR2014/006769 patent/WO2015037828A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20020009783A (en) * | 2000-07-27 | 2002-02-02 | 이종우 | Method For Security In Internet Server Based Upon Membership Operating System And Server Systems Regarding It |
KR20130015566A (en) * | 2011-08-04 | 2013-02-14 | 김경숙 | Apparatus for security certification using key pad being figure or graphics and method for the same |
KR20130055877A (en) * | 2011-11-21 | 2013-05-29 | (주)네오위즈게임즈 | Method, server, terminal and recording medium for serving authentication process |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11429707B1 (en) * | 2016-10-25 | 2022-08-30 | Wells Fargo Bank, N.A. | Virtual and augmented reality signatures |
US11580209B1 (en) | 2016-10-25 | 2023-02-14 | Wells Fargo Bank, N.A. | Virtual and augmented reality signatures |
US10377918B2 (en) | 2017-09-27 | 2019-08-13 | Corning Incorporated | Fiber coating with fast cure speed |
CN112199657A (en) * | 2020-09-21 | 2021-01-08 | 暨南大学 | Identity authentication method and VR device based on virtual reality environment |
CN112199657B (en) * | 2020-09-21 | 2023-01-24 | 暨南大学 | Identity authentication method and VR device based on virtual reality environment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020235782A1 (en) | Method for authenticating personal identify in distributed environment | |
WO2011149214A2 (en) | Three-factor user authentication method for generating otp using iris information and secure mutual authentication system using otp authentication module of wireless communication terminal | |
WO2011079753A1 (en) | Authentication method, authentication trade system and authentication apparatus | |
WO2018008800A1 (en) | Accredited certificate authentication system based on blockchain, and accredited certificate authentication method based on blockchain, using same | |
EP3241129A1 (en) | User terminal, service providing apparatus, driving method of user terminal, driving method of service providing apparatus, and encryption indexing-based search system | |
WO2021025482A1 (en) | Electronic device and method for generating attestation certificate based on fused key | |
WO2016101745A1 (en) | Activating mobile terminal token method | |
WO2013162296A1 (en) | Passcode operating system, passcode apparatus, and super-passcode generating method | |
WO2010124565A1 (en) | Method, device and system for signature | |
WO2017099342A1 (en) | Method, apparatus, and system for providing temporary account information | |
WO2021075867A1 (en) | Method for storing and recovering key for blockchain-based system, and device therefor | |
WO2018034491A1 (en) | A primary device, an accessory device, and methods for processing operations on the primary device and the accessory device | |
WO2016126052A2 (en) | Authentication method and system | |
WO2021040205A1 (en) | Electronic device and method for transferring control command to target device by electronic device | |
CN107113177A (en) | Data cube computation, transmission, reception, the method and system of interaction, and memory, aircraft | |
WO2020101325A1 (en) | Encryption system and method employing permutation group-based encryption technology | |
WO2015037828A1 (en) | Security authentication method and device for same | |
JP2016507110A (en) | Security authentication method and apparatus | |
WO2023171887A1 (en) | Apparatus and method for activating invisible sealing-type nft image transaction | |
WO2019198846A9 (en) | Method and device for acquiring probability information of gacha system, and computer program | |
WO2017188497A1 (en) | User authentication method having strengthened integrity and security | |
WO2020105892A1 (en) | Method by which device shares digital key | |
WO2015084022A1 (en) | Contents security method and electronic apparatus for providing contents security function | |
WO2018110775A1 (en) | Electronic device authentication managing apparatus | |
WO2011037318A2 (en) | Method for using rights to contents |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 14424822 Country of ref document: US |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14843612 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2015555944 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14843612 Country of ref document: EP Kind code of ref document: A1 |