WO2017065577A1 - Procédé et système d'authentification d'utilisateur utilisant un clavier variable et une reconnaissance de visage - Google Patents

Procédé et système d'authentification d'utilisateur utilisant un clavier variable et une reconnaissance de visage Download PDF

Info

Publication number
WO2017065577A1
WO2017065577A1 PCT/KR2016/011594 KR2016011594W WO2017065577A1 WO 2017065577 A1 WO2017065577 A1 WO 2017065577A1 KR 2016011594 W KR2016011594 W KR 2016011594W WO 2017065577 A1 WO2017065577 A1 WO 2017065577A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
information
encryption key
face recognition
password
Prior art date
Application number
PCT/KR2016/011594
Other languages
English (en)
Korean (ko)
Inventor
박경양
Original Assignee
주식회사 하렉스인포텍
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 하렉스인포텍 filed Critical 주식회사 하렉스인포텍
Publication of WO2017065577A1 publication Critical patent/WO2017065577A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a method and a system for authenticating a user, and more particularly, a password is input through a variable keypad in a mobile terminal, a face recognition information is input together with a camera, and transmitted to a server. It relates to a user authentication method and system.
  • a method for supplementing the problem of using a fixed keypad is an authentication method using a variable keypad.
  • the variable keypad method since the input button arrangement of the keypad is changed every time the user connects, even if a third party finds out a location such as a password that the user inputs on the keypad, it is difficult to find out the password using this.
  • the present invention has been made in the technical background as described above, when transmitting a password from the mobile terminal to the authentication server to transmit the location information and the face recognition information of the variable keypad together with a system that can prevent unauthorized use Its purpose is to provide a method.
  • a password and face recognition information mixed authentication server generates a variable keypad including an encryption key, and generates a variable so that each position of the encryption key is variable at every generation.
  • Characterized in that it comprises an authentication performing unit for receiving the identity by using it.
  • a personal authentication mobile terminal including a display unit for displaying a variable keypad including an encryption key and a position of each of the encryption keys to be changed at every generation; A camera unit for face recognition of a user; And receiving the information of the variable keypad from the identity authentication server, and transmitting the position information of the encryption key and the input sequence of the encryption key and the face recognition information obtained through the camera unit to the identity authentication server. It includes a control unit.
  • a password and face recognition information mixed identity authentication method comprising: generating a variable keypad including an encryption key, wherein the positions of each of the encryption keys are varied at every generation; Transmitting the generated variable keypad to a mobile terminal; Receiving location information of the encryption key and face recognition information of the user obtained through the camera of the portable terminal according to the order input by the user from the portable terminal; And performing identity authentication based on the received location information of the encryption key and the face recognition information.
  • the location information of the keypad is transmitted instead of the password itself, the password cannot be found by hacking, and the face recognition information is transmitted together. It can be effected.
  • FIG. 1 is a view showing an authentication system consisting of a mobile terminal and an authentication server according to an embodiment of the present invention.
  • FIG. 2 is a flow chart of a user authentication method according to an embodiment of the present invention.
  • FIG. 3 is a view of the generation of a variable keypad that changes every time the creation according to an embodiment of the present invention.
  • Figure 4 is a view showing the coordinates on the X-Y plane of the variable keypad according to an embodiment of the present invention.
  • FIG. 5 is a flowchart illustrating a procedure for extracting a password from an encryption key and performing authentication according to an embodiment of the present invention.
  • FIG. 6 is a view illustrating a display unit of a mobile terminal displaying a variable keypad and a face recognition unit according to an exemplary embodiment of the present invention.
  • FIG. 7 is a diagram for performing authentication using an identifier of a variable pad according to another embodiment of the present invention.
  • FIG. 1 is a block diagram showing a password and facial recognition information mixed identity authentication system according to an embodiment of the present invention.
  • the password and face recognition information mixed identity authentication system includes a mobile terminal 100 and an identity authentication server 200.
  • the identity authentication server 200 includes a variable keypad generator 210, an authentication performer 220, and an authentication information storage 230.
  • the variable keypad generating unit 210 generates a variable keypad including an encryption key.
  • the variable keypad generating unit 210 generates a variable keypad so that the positions of the respective numeric and character keys constituting the encryption key are variable at every variable keypad generation.
  • the authentication performing unit 220 transmits the batch information of each encryption key, which is the information of the generated variable keypad, to the remote mobile terminal 100, the mobile terminal 100 authenticates the password and the face recognition information by using the same. Receive information.
  • the authentication performing unit 220 generates a plurality of variable keypads in advance in addition to a method of generating a variable keypad whenever necessary, and assigns an identifier to each variable keypad in advance so that the authentication keypad 220 is shared with the mobile terminal 100.
  • a method of transmitting only an identifier to the mobile terminal 100 may be used.
  • the authentication performing unit 220 receives the location information and the face recognition information of the encryption key in the order input by the user from the mobile terminal 100 and performs authentication based on this.
  • the authentication performing unit 220 the position information of the encryption key according to the order input by the user from the mobile terminal 100, such as a smart phone, that is, as shown in Figure 4 (a) 4, 3, 1, If 2 is input, the identification coordinates of the corresponding encryption key (0.5, 2.5), (3.5, 3.5), (1.5, 3.5), (2.5, 3.5) and face recognition information are received and authentication is performed based on this. .
  • the authentication performing unit 220 stores the location information and the input order of each encryption key corresponding to the password every time the variable keypad is generated, and the location information and the face recognition information of the encryption key according to the order input by the user from the mobile terminal 100.
  • the authentication is performed by comparing the received encryption key with location information and face recognition information.
  • the location information of the corresponding encryption key is (0.5, 2.5), (3.5, 3.5), (1.5, 3.5) according to FIG. , (2.5, 3.5) and the input order is same as above.
  • the authentication performing unit 220 receives the location information, the input order and the face recognition information of the encryption key for the password according to the order inputted by the user from the mobile terminal 100, and is pre-stored in the authentication information storage unit 230.
  • the authentication is performed by comparing the authentication information including the location information, the input order, and the face recognition information of the encryption key.
  • the authentication performing unit 220 compares the feature of the face image received from the terminal device 100 with the feature of the face image stored in the authentication information storage unit 230, calculates the score by calculating statistics, and calculates the score. If it is equal to or greater than the preset threshold (eg, 80%), the same face is determined.
  • the preset threshold eg, 80%
  • Face recognition technology is a technology that recognizes the user's face displayed on the camera, analyzes the features of the face, makes it a database, and distinguishes the user. Compared with biometrics using iris, fingerprint, and vein, the recognition rate is lower, but it is a simple and no recognition method.
  • the face is detected from the input image, and the eye, nose, and mouth positions are aligned with the standard image, and the facial features are matrixed and stored in a database.
  • the positions of eyes, nose, and mouth which are elements of the face, are referred to and aligned with the positions, sizes, and directions of the faces stored in the database.
  • the authentication information storage unit 230 stores passwords, face recognition information, and the like of users who use the mobile terminal.
  • variable keypad generation unit 210 stores authentication information including encryption keys, location information of the encryption keys, and face recognition information of the variable keypads.
  • the mobile terminal 100 includes a display unit 120 including a variable keypad 110, a controller 130, and a camera unit 140.
  • the mobile terminal 100 includes not only a mobile phone but also a smartphone, a mobile phone, a tablet PC, a laptop, a mobile credit card payment terminal, a bank ATM, a pharmacy, a kiosk installed in a government office, and the like.
  • the variable keypad 110 has a variable position of each encryption key at every generation.
  • the variable keypad 110 is generated by the variable keypad generation unit 210 of the identity authentication server 200, and the variable keypad 110 of the mobile terminal 100 is the variable keypad 110 received from the identity authentication server 200. ) Is to display.
  • the display unit 120 displays the face of the user acquired by the variable keypad 110 and the camera unit 140.
  • the encryption key included in the variable keypad changes in position every time it is generated.
  • FIG. 6 illustrates a state in which the variable keypad 110 and the input unit for face recognition are displayed on the display unit 120.
  • 6 (a) shows a state before a user recognizes a password and a face
  • FIG. 6 (b) shows a state after a user recognizes a password and a face.
  • the password entered is asterisk (*) for security.
  • the control unit 130 receives the information of the variable keypad from the identity authentication server 200, and transmits the encryption key position information, the input sequence of the encryption key, and the face recognition information received from the user to the identity authentication server 200.
  • the mobile terminal 100 includes a camera unit 140 for face recognition, and the camera unit 140 captures a direction toward the user. This is to use a face of a user who inputs authentication information in addition to the input of the variable keypad 110 as the authentication information.
  • the camera unit 140 receives a command of the controller 130 while the user inputs the variable keypad 110 to photograph the face of the user.
  • the user terminal 100 follows the guidelines of the contour of the face displayed on the display unit 120. ) To adjust the position of the face to meet the guidelines.
  • the controller 130 transmits the photographed face image to the identity verification server 200, and the identity verification server 200 may perform additional authentication using face recognition information together with other authentication information.
  • the face image photographed by the camera unit 140 may be transmitted to the authentication server 200 as it is and used for analysis for face recognition, or only information necessary for face recognition in the mobile terminal 100 without transmitting the entire face image. It is also possible to extract and send only this information.
  • the controller 130 extracts feature information for face recognition from the photographed face image.
  • the camera unit 140 photographs a face
  • the illuminance is controlled by the flash of the mobile terminal 100
  • the human eye responds to this, and the pupil is widened or narrowed. By checking this, it is possible to distinguish whether the face taken by the camera is actually a human face. It is possible to prevent the manipulation of the authentication information using the face photo of the can enhance the security.
  • FIG. 2 is a flowchart illustrating a procedure of a password and face recognition information mixed identity authentication method according to an embodiment of the present invention.
  • variable keypad including an encryption key is generated.
  • Each position of the encryption key may be changed at every generation (S110).
  • the generated variable keypad is transmitted to the mobile terminal 100 together with the generated information (S120), and the user inputs a password on the variable keypad and recognizes a face in the camera.
  • the identity authentication server 200 receives the location information and the face recognition information of the encryption key in the order input by the user from the mobile terminal 100 (S130) and performs identity verification based on this (S140).
  • the user does not enter all four-digit passwords, but only a portion of the password, such as 43 in the front two, 12 in the second 12, 41 in the first and third.
  • the location of the password is (0.5, 2.5), (3.5, 3.5) in FIG. 4 (a), and the location and input order of the password, face recognition information, etc. Based on your identity verification.
  • the amount of data to be authenticated is relatively small compared to the location information of the entire encryption key, thereby improving the operation speed, and the total number of encryption keys to be input. It is relatively small compared to the above, and thus user convenience can be improved.
  • Figure 3 shows that the position of the encryption key is variable every time in the variable keypad including the encryption key according to an embodiment of the present invention
  • Figure 3 (a) is a state when the first variable keypad is generated
  • 3 (b) indicates that the location of the encryption key has changed when it is next generated.
  • FIG. 5 is a flowchart illustrating a method of extracting a password from a location of an encryption key and performing a user authentication according to an embodiment of the present invention.
  • the password is stored in the authentication server in advance, and when the location information of the password is received from the mobile terminal, the password is extracted from the location information and the input order of the received password, and the extracted password is compared with the password stored in the authentication storage. It is to perform authentication.
  • the authentication performing unit receives the position of the encryption key according to the order input by the member from the mobile terminal and extracts the password input by the member (S510).
  • the authentication performing unit compares the extracted password and the received face recognition information with the password and face recognition information stored in the authentication information storage unit (S520).
  • FIG. 7 is a diagram illustrating performing primary authentication through an identifier corresponding to a variable keypad according to one embodiment of the present invention.
  • FIG. 7 (a) is a diagram illustrating an identifier assigned to each variable keypad stored in an authentication server.
  • 7 (b) shows an identifier assigned to the variable keypad stored in the portable terminal.
  • the authentication execution unit generates a plurality of variable keypads and generates an index corresponding thereto. That is, when the variable keypad is generated in the authentication server, index 1, 2 and 3, which are identifiers corresponding to the variable keypads 1, 2 and 3, are generated, and the generated variable keypad and the identifier are previously provided to the mobile terminal.
  • the authentication server When the authentication server receives the authentication request, the authentication server selects one of the stored identifiers and provides the same to the portable terminal.
  • the portable terminal receives the identifier and selects a variable keypad corresponding to the identifier to display on the screen.
  • the authentication server performs the second authentication by comparing the location information, the input order, and the face recognition information of the encryption key received from the mobile terminal with the location information, the input order, and the face recognition information stored in advance.
  • variable keypad layout structure since the variable keypad layout structure is not transmitted from the authentication server to the mobile terminal, the variable keypad layout structure cannot be found by hacking of the transmission packet, thereby improving security.
  • the user has the advantage of proceeding financial transactions in a more secure environment, the user can rest assured that the financial transaction using the mobile terminal and mobile communication network Can be.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Collating Specific Patterns (AREA)

Abstract

La présente invention concerne un système d'authentification pour des transactions financières. Un serveur d'authentification d'utilisateur à informations de reconnaissance faciale et mot de passe combinés, selon un mode de réalisation de la présente invention, est caractérisé en ce qu'il comprend : une unité de génération de clavier variable pour générer un clavier variable comprenant une touche de chiffrement de telle sorte que l'emplacement de chaque touche de chiffrement varie à chaque fois qu'un clavier variable est généré; une unité de stockage d'informations d'authentification pour stocker des informations d'authentification d'un utilisateur de terminal mobile; et une unité de réalisation d'authentification pour fournir, à un terminal mobile à distance, des informations de clavier variable généré, et pour recevoir, à partir du terminal mobile, des informations d'emplacement de la touche de chiffrement en fonction d'un ordre qui est entré par un utilisateur et des informations de reconnaissance faciale de l'utilisateur obtenues à l'aide d'une caméra du terminal mobile de façon à réaliser une authentification d'utilisateur à l'aide de cette dernière.
PCT/KR2016/011594 2015-10-14 2016-10-14 Procédé et système d'authentification d'utilisateur utilisant un clavier variable et une reconnaissance de visage WO2017065577A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2015-0143456 2015-10-14
KR1020150143456A KR101837152B1 (ko) 2015-10-14 2015-10-14 가변 키패드와 얼굴인식을 이용한 본인 인증 방법 및 시스템

Publications (1)

Publication Number Publication Date
WO2017065577A1 true WO2017065577A1 (fr) 2017-04-20

Family

ID=58518187

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2016/011594 WO2017065577A1 (fr) 2015-10-14 2016-10-14 Procédé et système d'authentification d'utilisateur utilisant un clavier variable et une reconnaissance de visage

Country Status (2)

Country Link
KR (1) KR101837152B1 (fr)
WO (1) WO2017065577A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112233299A (zh) * 2019-06-27 2021-01-15 西安光启未来技术研究院 一种人像动态权限认证方法及系统

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20220156336A (ko) * 2021-05-18 2022-11-25 삼성전자주식회사 이미지 센서 및 동적 비전 센서를 포함하는 전자 장치 및 그 동작 방법

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110051003A (ko) * 2009-11-09 2011-05-17 여호룡 일회용 가상인증번호와 디스플레이 스마트카드를 이용한 통합인증 시스템 및 그 방법
KR20110054291A (ko) * 2009-11-17 2011-05-25 엘지전자 주식회사 사용자 인증 방법 및 그를 이용한 화상 통신 장치 및 디스플레이 장치
KR101087698B1 (ko) * 2011-07-25 2011-11-30 주식회사 그린정보기술 스마트폰의 보안 인증 방법
KR20140083448A (ko) * 2012-12-26 2014-07-04 주식회사 이랜텍 얼굴 인식 잠금기능을 갖는 스마트폰
KR101514706B1 (ko) * 2014-06-26 2015-04-23 주식회사 하렉스인포텍 가변 키패드와 생체 인식을 이용한 본인 인증 방법 및 시스템

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110051003A (ko) * 2009-11-09 2011-05-17 여호룡 일회용 가상인증번호와 디스플레이 스마트카드를 이용한 통합인증 시스템 및 그 방법
KR20110054291A (ko) * 2009-11-17 2011-05-25 엘지전자 주식회사 사용자 인증 방법 및 그를 이용한 화상 통신 장치 및 디스플레이 장치
KR101087698B1 (ko) * 2011-07-25 2011-11-30 주식회사 그린정보기술 스마트폰의 보안 인증 방법
KR20140083448A (ko) * 2012-12-26 2014-07-04 주식회사 이랜텍 얼굴 인식 잠금기능을 갖는 스마트폰
KR101514706B1 (ko) * 2014-06-26 2015-04-23 주식회사 하렉스인포텍 가변 키패드와 생체 인식을 이용한 본인 인증 방법 및 시스템

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112233299A (zh) * 2019-06-27 2021-01-15 西安光启未来技术研究院 一种人像动态权限认证方法及系统

Also Published As

Publication number Publication date
KR101837152B1 (ko) 2018-03-09
KR20170043855A (ko) 2017-04-24

Similar Documents

Publication Publication Date Title
WO2017065576A1 (fr) Procédé et système d'authentification d'utilisateur faisant appel à un clavier variable
WO2015199501A1 (fr) Procédé et système d'authentification d'utilisateur utilisant un clavier variable et une identification biométrique
WO2011118871A1 (fr) Procédé d'authentification et système utilisant un terminal mobile
WO2014051316A1 (fr) Système et procédé de paiement par carte de crédit utilisant des informations d'iris
WO2013100697A1 (fr) Procédé, appareil et support d'enregistrement lisible par ordinateur pour authentifier un utilisateur
CN104298910B (zh) 便携式电子装置及互动式人脸登入方法
CN108806041A (zh) 楼宇门禁控制方法、云服务器及计算机可读存储介质
WO2017043717A1 (fr) Procédé d'authentification biométrique d'un utilisateur
EP3157193A1 (fr) Procédé de partage à distance, et terminal vtm, dispositif sur le côté réseau, et système
WO2017052277A1 (fr) Procédé et système d'authentification d'identité utilisant un pavé numérique variable
JP2012138011A (ja) 情報処理システム、情報処理方法及びプログラム
US20240114111A1 (en) Secure video visitation system
WO2014112695A1 (fr) Système pour sécuriser un dispositif électronique grâce à une authentification à deux facteurs et procédé pour sécuriser un dispositif électronique l'utilisant
CN106293075A (zh) 一种基于可穿戴设备的控制系统及控制方法
WO2017065577A1 (fr) Procédé et système d'authentification d'utilisateur utilisant un clavier variable et une reconnaissance de visage
WO2022114290A1 (fr) Système d'authentification personnelle sans contact et procédé associé
WO2016200084A1 (fr) Dispositif usb de reconnaissance d'iris au moyen d'une fonction otp et son procédé de commande
US12019719B2 (en) Method and electronic device for authenticating a user
WO2017209364A1 (fr) Système de traitement de paiement par carte utilisant des informations biométriques et procédé de traitement associé
WO2017078358A1 (fr) Système et procédé de communication de sécurité utilisant la biométrie
US20160103989A1 (en) Device authentication
WO2015053438A1 (fr) Procédé et appareil de génération de mot de passe utilisant un ensemble d'intervalles de confiance sur la base d'informations biométriques
WO2017052276A1 (fr) Système et procédé permettant de fournir un service de guichet automatique bancaire au moyen d'un terminal mobile
CN113570763A (zh) 一种通行管控方法、装置、机器可读介质及设备
WO2016122222A1 (fr) Système d'authentification d'identité de transaction financière en ligne à l'aide d'une carte réelle et procédé associé

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16855794

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16855794

Country of ref document: EP

Kind code of ref document: A1