WO2019039865A1 - 인증 단말, 인증 장치 및 이들을 이용한 인증 방법 및 시스템 - Google Patents
인증 단말, 인증 장치 및 이들을 이용한 인증 방법 및 시스템 Download PDFInfo
- Publication number
- WO2019039865A1 WO2019039865A1 PCT/KR2018/009667 KR2018009667W WO2019039865A1 WO 2019039865 A1 WO2019039865 A1 WO 2019039865A1 KR 2018009667 W KR2018009667 W KR 2018009667W WO 2019039865 A1 WO2019039865 A1 WO 2019039865A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication
- code
- terminal
- generates
- transaction server
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/12—Fingerprints or palmprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/02—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail using automatic reactions or user delegation, e.g. automatic replies or chatbot-generated messages
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the present invention relates to an authentication terminal, an authentication apparatus, and an authentication method and system using the same, and more particularly, to an apparatus and a method for authenticating a user and transferring information between a user terminal, .
- the user authentication method in the financial transaction service determines that the user is a person who can know and input the ID and the password, and provides the Internet financial service.
- the reliability of this method is rather low, financial transactions such as transfer are limited.
- a user In order to use a financial transaction service such as a transfer, a user needs to obtain an authorized certificate, which can be called a resident registration card of the Internet, through a KFTC, register a certificate on a financial transaction site, authenticate the user by inputting a password, .
- an authorized certificate which can be called a resident registration card of the Internet
- the above-described conventional authentication procedure is a method of confirming the identity of the user by inputting the authorized certificate password, and the certificate can be copied from the medium containing the authorized certificate, so that there is a high possibility of being hacked if only the password is exposed.
- the financial institution inputs the password of the passbook on the screen of transfer on the screen of transfer, and the additional authentication, for example, authentication of the security card or input of one time password (OTP)
- OTP one time password
- an OTP device is expected to be accidentally lost, and authentication related information such as a user's portable storage device or an authorized certificate stored in a computer hard disk is highly likely to be hacked.
- the authentication is performed using an elliptic curve cryptosystem to solve the above problems.
- the elliptic curve cryptosystem is one of the public key cryptosystems based on the elliptic curve theory, and uses a shorter key than RSA (Rivest Shamir Adleman) or Elgamal But it offers the same level of safety.
- elliptic curve cryptosystem is mainly used in the environment where the amount of transmission and the amount of computation are restricted like a radio environment.
- cryptography is designed mainly on the basis of elliptic curve discrete logarithm problems.
- the cryptosystem using the elliptic curve cryptosystem (ECC) algorithm proceeds in the order of encrypting and encrypting the public key combined with the random number to the secret key that can not be guessed by the attacker.
- ECC elliptic curve cryptosystem
- Elliptic curve Diffie-Hellman (ECDH) algorithm is a key distribution scheme based on an elliptic curve cryptosystem.
- the present invention has been conceived to solve the problems described above, and it is an object of the present invention to provide a method and apparatus for preventing personal information or authentication related information from being hacked by utilizing an Elliptic Curve Diffie-Hellman (ECDH) algorithm based on an elliptic curve cryptography
- ECDH Elliptic Curve Diffie-Hellman
- Another object of the present invention is to provide an authentication terminal, an authentication device, and an authentication method and an authentication system using the same, which can secure stability more than a transaction server even when personal information is exposed in the authentication server.
- IOT Internet of Things
- An authentication system includes a user terminal for transmitting user information and requesting a transaction; A transaction server for receiving the transaction request, generating a verification code, and requesting authentication of the user; An authentication terminal that generates a modified authentication code based on the authentication code, generates an altered verification code based on the verification code, and transmits the modified verification code to the transaction server; And an authentication engine for receiving the modified authentication code to confirm the legitimacy of the authentication terminal, and generating the verification code and transmitting the verification code to the authentication terminal, wherein the transaction server comprises: Determines whether or not the authentication code generated by the transaction server matches with the transaction code, and authenticates the transaction.
- the user terminal transmits a message including the transaction type and the telephone number for the user to the transaction server.
- the transaction server selects a random number, generates a public key using the random number, generates an authentication code using the user information, and transmits the generated public key and the authentication code to the authentication terminal.
- the authentication terminal generates an authentication code using the user information, and determines whether the authentication code matches the authentication code received from the transaction server.
- the authentication terminal selects a random number, generates a public key using the random number, generates an authentication code using user information, biometric information, and activity, and transmits the generated public key and the authentication code to the authentication To the engine.
- the authentication engine generates an authentication code using user information, biometric information, and activity, and determines whether the authentication code matches the authentication code received from the authentication terminal.
- the authentication engine stores a normal fingerprint and an emergency fingerprint.
- the authentication engine selects a random number, generates a public key using the selected random number, generates a shared secret key using the random number and the public key received from the authentication terminal, Generates a verification code using the user information, and transmits the generated shared key and the verification code to the authentication terminal.
- the authentication terminal generates a shared secret key using the shared key received from the authentication engine, and generates a verification result using the result of the operation of the generated shared secret key and the verification code received from the authentication engine, Determine if the codes match.
- the authentication terminal generates a shared secret key using the random number generated by the authentication terminal and the public key received from the transaction server,
- the transaction server generates a shared secret key using the random number generated by the transaction server and the public key received from the authentication terminal and calculates the generated shared secret key and the modified verification code received from the authentication terminal And judges whether or not the generated verification code is identical using the result and the user information.
- An authentication method includes: a step in which a user terminal transmits a user information and requests a transaction; The transaction server receiving the transaction request and generating the authentication code; The authentication terminal verifying the legitimacy of the transaction server and generating a modified authentication code based on the authentication code;
- the authentication engine verifying the legality of the authentication terminal, generating the verification code based on the modified authentication code, and transmitting the verification code to the authentication terminal;
- the authentication terminal generates a modified verification code based on the verification code and transmits the generated verification code to the transaction server; And authenticating the transaction by determining whether the transaction server compares the result of the operation of the modified verification code with the authentication code generated by the transaction server.
- the user terminal transmits a message including the transaction type and the telephone number for the user to the transaction server.
- the transaction server selects a random number, generates a public key using the random number, generates an authentication code using the user information, and transmits the generated public key and the authentication code to the authentication terminal.
- the authentication terminal generates an authentication code using the user information, and determines whether the authentication code matches the authentication code received from the transaction server.
- the authentication terminal selects a random number, generates a public key using the random number, generates an authentication code using user information, biometric information, and activity, and transmits the generated public key and the authentication code to the authentication To the engine.
- the authentication engine stores a normal fingerprint and an emergency fingerprint.
- the authentication engine generates an authentication code using user information, biometric information, and activity, and determines whether the authentication code matches the authentication code received from the authentication terminal.
- the authentication engine selects a random number, generates a public key using the selected random number, generates a shared secret key using the random number and the public key received from the authentication terminal, Generates a verification code using the user information, and transmits the generated shared key and the verification code to the authentication terminal.
- the authentication terminal generates a shared secret key using the shared key received from the authentication engine, and generates a verification result using the result of the operation of the generated shared secret key and the verification code received from the authentication engine, Determine if the codes match.
- the authentication terminal generates a shared secret key using the random number generated by the authentication terminal and the public key received from the transaction server,
- the transaction server generates a shared secret key using the random number generated by the transaction server and the public key received from the authentication terminal and calculates the generated shared secret key and the modified verification code received from the authentication terminal It is determined whether the generated authentication code is identical using the result and user information.
- the authentication method according to at least some embodiments of the present invention is fast because it does not have an electronic signature encryption process, and can be used by anyone because it replaces a password by one-touch fingerprinting.
- the authentication method according to at least some embodiments is safe to leak because private information or authentication-related information is stored only in the authentication terminal. Also, the authentication procedure is performed transparently without the input of the individual. In addition, since fingerprint or biometric information is used, it is 100% guaranteed.
- the authentication method has a low risk of personal information disclosure or hacking because personal information or authentication-related information is stored only in the authentication terminal.
- the authentication method ensures that stability of the authentication method is ensured because the possibility of exposing customer information is lower than that of a conventional transaction server.
- the authentication method allows the authentication terminal to react immediately to the authentication request by asynchronously receiving the verification code from the authentication engine, and the user verification process is fast.
- Fig. 1 is a conceptual diagram schematically showing the overall configuration of an authentication system according to an embodiment of the present invention.
- FIG. 2 is a block diagram schematically illustrating a configuration of an authentication terminal according to an embodiment of the present invention.
- 3 to 4 are block diagrams schematically showing the configuration of an authentication engine according to an embodiment of the present invention.
- FIG. 5 is a flowchart of an authentication procedure according to an embodiment of the present invention.
- FIG. 6 is a diagram illustrating a message delivery process according to the authentication of FIG.
- FIG. 7 is a diagram illustrating an example of performing an authentication method according to an embodiment of the present invention.
- FIG. 8 is a diagram illustrating electronic voting for performing an authentication method according to an embodiment of the present invention.
- FIG. 9 is a diagram illustrating a cryptographic currency transaction procedure for performing an authentication method according to an embodiment of the present invention.
- Fig. 1 is a conceptual diagram schematically showing the overall configuration of an authentication system according to an embodiment of the present invention.
- an authentication system 100 includes an authentication terminal 110, a first authentication engine 120, and a transaction server 130.
- the authentication system 100 may further include a user terminal 140 and a second authentication engine 150.
- the user terminal 140 is connected to the transaction server 130 to perform a financial transaction, and is connected to a personal computer (PC), a smart phone, a tab, a pad or the transaction server 130 wirelessly or by wire, And includes all possible types of terminals.
- PC personal computer
- smart phone a tab, a pad or the transaction server 130 wirelessly or by wire
- the user terminal 140 accesses the transaction server 130 and requests a transaction using an application installed in the user terminal 140 or a web page provided by the transaction server 130.
- the transaction server 130 receives a connection request from the user terminal 140 and provides a screen for the user terminal 140 to perform the transaction to the user terminal 140.
- the user terminal 140 can perform transaction such as transaction history, loan inquiry, transfer, loan repayment, etc. using an application installed in the user terminal 140 or a web page provided by the transaction server 130.
- the transaction server 130 must have an authentication application installed to perform the authentication method according to an embodiment of the present invention.
- the transaction server 130 in which the authentication application is installed can perform the authentication procedure through the data communication with the authentication terminal 110 and the second authentication engine 150.
- the transaction server 130 having the authentication application installed receives a transaction request from the user terminal 140, the transaction server 130 transmits the transaction request to the authentication terminal 110 owned by the user other than the user terminal 140 accessing the transaction server 130 User authentication can be requested.
- the user recognizes his / her fingerprint information through the authentication terminal 110 and can authenticate a transaction requester connected to the transaction server.
- the authentication terminal 110 is installed with a separate application for user authentication.
- the authentication terminal 110 is paired with the user terminal 140 to enable Bluetooth communication.
- the authentication terminal 110 may be the same device as the user terminal 140. In this case, the authentication terminal 110 connects with the transaction server 130 in addition to the function of the authentication terminal 110 to perform a financial transaction.
- the authentication terminal 110 requests authentication from the transaction server 130 in response to a request for a verification code from the first authentication engine 120.
- the first authentication engine 120 may be installed in a Smart Watch worn by the user.
- the second authentication engine 150 may also be installed in the server or in the cloud.
- One of the first authentication engine 120 and the second authentication engine 150 transmits the verification code to the authentication terminal 110 and the authentication terminal 110 that has received the verification code modifies the verification code, To the transaction server (130).
- An authentication system may include at least one of a first authentication engine 120 and a second authentication engine 150, , And if the first authentication engine 120 is lost or the first authentication engine 150 is not available, the second engine 150 backed up to the server or the cloud may be used as an authentication engine.
- the transaction server 130 verifies whether the user who requested the transaction is the user himself / herself using the modified verification code, and then performs the transaction requested by the user.
- the transaction server 130 If there is no first authentication engine 120 and an authentication terminal 110 owned by the user, the transaction server 130 requests the second authentication engine 150 directly for a verification code, And send the verification code to the transaction server 130.
- Authentication used in this specification refers to a process from the transaction server 130 through the authentication terminal 110 to the authentication engines 125 and 150 before confirming the legitimacy of the user and the terminal. ) To the transaction server 130 via the authentication terminal 110 and checking the legitimacy of the user and the terminal.
- the authentication information and the verification information in each process may be modified on a process-by-process basis, but may include the same information.
- FIG. 2 is a block diagram schematically illustrating the configuration of an authentication terminal 110 according to an embodiment of the present invention.
- FIGS. 3 to 4 illustrate a configuration of an authentication engine 120, 150 according to an embodiment of the present invention.
- an authentication terminal 110 includes an input unit 111, a fingerprint scanning unit 112, a storage unit 113, a communication unit 114, a screen display unit 115 And a control unit 116.
- the first authentication engine 120 includes a control unit 126, a storage unit 123, a screen display unit 125, and a communication unit 124.
- the second authentication engine 150 includes a control unit 156, a storage unit 153, a screen display unit 155, and a communication unit 154.
- the authentication terminal 110 recognizes the fingerprint information of the user and authenticates the user.
- the fingerprint image of the protrusion shape of the user is scanned and stored. Then, the fingerprint image of the user is scanned at every authentication, However, in the conventional fingerprint recognition method, only the fingerprint image is compared. Therefore, when the fingerprint of the user is duplicated and used, an error of recognizing the user as a fingerprint Occurs.
- the present invention utilizes the fact that the sweat glands are formed in the form of fingerprint protrusions, and the sweat pores are moving with minute breathe for discharging sweat from the sweat glands.
- the human body is always breathed through the skin, so if one third of the body is burned, it will die.
- the cause of death is suffocation.
- the body should breathe not only through the nose and mouth, but also through the skin.
- the present invention in order to determine whether or not the fingerprint is replicated, not only the method of comparing the fingerprint image in the authentication process but also the activity of the process of breathing the sweat glands of the fingerprint- By extracting it with electric signal, it distinguishes whether it is copy fingerprint or biometric fingerprint. Therefore, the present invention can distinguish authentication by self-authentication and authentication by simple duplication of fingerprint.
- the user can register normal fingerprints used in normal transactions and emergency fingerprints used in emergency situations in at least one of the first authentication engine 120 and the second authentication engine 150.
- a normal fingerprint can be registered as a thumb fingerprint and an index fingerprint can be registered as an emergency fingerprint used in an emergency situation.
- the converted fingerprint data is input from the fingerprint scanning unit 112 to the control unit 116 and then stored in the storage unit 113 by the control unit 116 so that the user's fingerprint is registered.
- the fingerprint data is encrypted and stored in the storage units 123 and 153 of the authentication engines 120 and 150 simultaneously. .
- an algorithm suitable for the capacity or performance of the authentication terminal 110 to be used can be selected as the encryption algorithm used for encrypting the fingerprint data.
- the fingerprint data can be transmitted through a secure communication channel using TLS, SSL or DTLS.
- the fingerprint scanning unit 112 When a user performs a financial transaction, if a user touches the bottom surface of a finger having a fingerprint to the fingerprint scanning unit 112, the user's fingerprint is scanned by the fingerprint scanning unit 112 and is converted into corresponding fingerprint data The fingerprint data converted by the fingerprint scanning unit 112 is input to the control unit 116.
- control unit 116 compares the fingerprint data inputted from the fingerprint scanning unit 112 with the fingerprint data stored in the storage unit 113 to determine whether the user is a registered user, The fingerprint authentication is canceled and a message indicating that the fingerprint authentication has been canceled is displayed on the screen display unit 115.
- the decrypted fingerprint data stored in the storage unit 113 is decrypted in a secure space And is deleted at the same time when the authentication process is terminated.
- the controller 116 stores the fingerprint authentication signal indicating that the fingerprint is authenticated, time data indicating the current time, authenticated fingerprint data, and the like And outputs the encrypted data to the communication unit 114 and displays a message on the screen display unit 115 indicating that the fingerprint has been authenticated.
- the previously authenticated fingerprint data is invalidated and re-authenticated before the authentication terminal 110 can be used. 110) may be solved.
- the receiver may process all data transmitted from the authentication terminal 110 .
- FIG. 5 is a flow chart illustrating an authentication process according to an embodiment of the present invention
- FIG. 6 is a diagram illustrating a message delivery process according to the authentication of FIG.
- n d random number
- Q d public key
- K s d shared secret key
- Subscript d represents the destination, and s represents the source.
- p represents phone
- e represents engine
- b represents bank
- c represents pc.
- the information required for authentication is transmitted through the public key and the authentication code.
- the user terminal can be any one of a user's computer (PC), a smart phone, and a tablet PC.
- PC user's computer
- smart phone smart phone
- tablet PC tablet PC
- the user terminal may be the same device as the authentication terminal. In this case, the user terminal simultaneously performs the function of the authentication terminal.
- the transaction server may include a bank's server.
- a message including user information such as a transaction type and a telephone number or a terminal information is transmitted.
- the format of the message is as follows.
- the transaction server performs an AND operation between a bit string of the current time and a time interval in which a specific part is set to zero.
- the time interval means 1 minute. If the AND operation is performed on the current time and time interval (sec. Ms) becomes 0, the value obtained by ANDing the current time and the time interval for 1 minute is always the same value.
- the transaction server hash the ⁇ telephone number, im, time> bit string and generates the transaction server_authentication code, which means the authentication code of the transaction server.
- im is a symbol indicating the IMEI
- IMEI International Mobile Equipment Identity
- the IMEI may be received from the user terminal.
- the transaction server uses the random number to be used as the private key to be kept and the public key is calculated from the private key.
- a random number is generated through a random number generator (RNG), a pseudo random number generator (PRNG) or a true random number generator, and is used as a private key.
- An elliptic curve Cryptography (ECC) algorithm is used to calculate the public key.
- the size of the key generated by the elliptic curve encryption algorithm should be at least 160 bits.
- the generated private key should be stored in a secure area.
- the transaction server sends a message including (public key, transaction server_authentication code) to request authentication and transaction for the user.
- the authentication terminal checks the legality of the transaction server.
- the authentication terminal sets the current time by performing an AND operation with the time interval, compares the authentication terminal_authentication code stored in advance in the authentication terminal with the transaction server_authentication code received from the transaction server and the authentication terminal_authentication code, The server is judged to be legitimate.
- the authentication terminal also generates a modified authentication code based on the authentication code received from the transaction server.
- the authentication terminal hashes the at least one of the biometric information and the bioactivity extracted by the biometric means of the authentication terminal and the received authentication terminal authentication code (au p ) by ⁇ hash> (im, biometric information, time) Generated authentication code.
- the biometric information may include at least one selected from the group consisting of fingerprints, irises, physiological substances emitted from the human body (for example, sweat, saliva, urine, etc.), and human activity indicators.
- the authentication terminal selects a random number to be kept by the private key, and calculates a public key therefrom.
- a random number is generated through a random number generator (RNG), a pseudo random number generator (PRNG) or a true random number generator, and is used as a private key.
- An elliptic curve Cryptography (ECC) algorithm is used to calculate the public key.
- the size of the key generated by the elliptic curve encryption algorithm should be at least 160 bits.
- the generated private key should be stored in a secure area.
- the authentication terminal sends the modified authentication code (public key, biometric information, authentication terminal_authentication code) to the authentication engine and requests the verification code.
- modified authentication code public key, biometric information, authentication terminal_authentication code
- the authentication engine checks the authenticity of the authentication terminal.
- the authentication engine sets the current time by performing an AND operation with a time interval, and extracts the biometric information included in the modified authentication code received from the authentication terminal.
- the authentication engine compares the stored biometric information and activity information with the biometric information received from the authentication terminal and determines that the authentication terminal is legitimate if they match.
- the authentication engine may set the current time by performing an AND operation with a time interval to determine the legitimacy of the authentication terminal, and may calculate the authentication engine_authentication code using the biometric information already stored in the authentication engine . Then, the authentication engine compares the calculated authentication engine_authentication code with the modified authentication terminal_authentication code received from the authentication terminal, and judges that the authentication terminal is legitimate if the authentication terminal_authentication code matches.
- the authentication engine creates a verification code for transmission to the authentication terminal based on the modified authentication code.
- the authentication engine selects a random number as a private key and generates a public key using the private key.
- the shared secret key is calculated by multiplying the public key from the authentication terminal by the private key generated by the authentication engine. This secret key must be the same in the authentication terminal and the authentication engine.
- the authentication engine generates a verification code by XORing the result of hashing ⁇ telephone number, im, time, authentication engine ID> and the shared secret key.
- the authentication terminal generates a shared secret key by multiplying the public key of the authentication engine with its own private key, and generates a modified verification code by XORing the verification code received by the authentication engine with the shared secret key.
- the authentication terminal generates its own verification code and judges that the authentication engine is legal if the result of XORing the shared secret key and the verification code received from the authentication engine is the same as the verification code generated using the information stored in itself.
- the authentication terminal generates the modified verification code.
- the shared secret key is calculated by multiplying the public key of the transaction server with the private key of the authentication terminal.
- the authentication terminal XORs the result of hashing ⁇ telephone number, im, time, authentication engine ID> and the shared secret key, and generates a modified verification code for transmitting the XOR to the transaction server.
- the authentication terminal sends the (public key, modified verification code) to the transaction server.
- the transaction server calculates a shared secret key by multiplying the public key received from the authentication terminal with the private key of the transaction server, calculates a result of XORing the shared secret key and the modified verification code transmitted from the authentication terminal, And compares the hash result with ⁇ telephone number, im, time, authentication engine ID > The transaction server notifies the transaction processing when the comparison result matches.
- the present invention is based on the safety of the elliptic curve Diffie Hellman, and random numbers can not be determined by the public key alone.
- the authentication method of the present invention can share the same secret key with the public key exchange of both sides, and the hacker can not find any random number with the public key alone.
- FIG. 7 is a diagram illustrating an example of performing an authentication method according to an embodiment of the present invention, and the numbers described in this example are arbitrarily described in order to facilitate understanding of the present invention.
- step 701 the user requests a connection to the server through his / her computer (PC).
- the server sends a page for inputting the mobile phone number to the user, and the user inputs the mobile phone number.
- step 702 the server receiving the cell phone number transmits the randomly generated number 9 and requests the cellular phone to authenticate the user.
- step 703 when the user presses the approval button, the number 9 received from the cellular phone is transmitted to the authentication engine to request verification from the authentication engine.
- the authentication engine that requested the verification generates random code 12345.
- the verification code 111105 is generated by multiplying the random code 9 received from the server with 12345 generated by the authentication engine.
- step 704 the authentication engine transmits a verification code 111105 generated in the mobile phone.
- step 705 the cellular phone adds the number of each digit of the verification code received from the authentication engine to generate the modified verification code 9 and transmits 9 to the server.
- step 706 the server determines whether the received version validation code 9 matches the random number 9 sent from the server.
- the server verifies the connection process to the user's PC because the received variant verification code 9 matches the random number 9 sent from the server.
- the login authentication procedure for performing the authentication method according to the embodiment of the present invention does not need to store the personal information in the server since the membership registration procedure is not needed and there is no risk of leakage of personal information.
- FIG. 8 is a diagram illustrating electronic voting for performing an authentication method according to an embodiment of the present invention.
- step 801 the voter requests an access by requesting electronic voting to the NEC through his or her computer (PC) or mobile phone.
- PC computer
- step 802 the NEC server receives the connection request and transmits a random number 9 for identification and an electronic voting list to the voter's cellular phone to request authentication.
- step 803 the mobile phone sends a random number and an electronic voting result to the authentication engine to request verification when the voter electronically polls one of the candidates of the electronic voting list and then presses the approval button.
- step 804 the authentication engine generates a random code 12345, multiplies the random number 9 received from the NEC's server with 12345 generated by the authentication engine, and transmits the result to the cellular phone along with the electronic voting result.
- step 805 the mobile phone adds the number of each digit of 111105 received from the authentication engine to generate the modified verification code 9, and transmits it to the nenity server together with the electronic voting result.
- step 806 the NEC server compares the random number 9 sent by the NEC's server with the modified verification code received from the mobile phone, and judges whether or not the electronic voting is performed and stores the electronic voting result.
- Electronic voting for performing the authentication method according to an exemplary embodiment of the present invention is managed by the e-government server and can be expected to increase the turnout rate.
- the electronic voting for performing the authentication method according to the embodiment of the present invention can reduce the election cost and the bill counting cost since the result of the election is immediately displayed after the end of the voting.
- FIG. 9 is a diagram illustrating a cryptographic currency transaction procedure for performing an authentication method according to an embodiment of the present invention.
- a user's authentication engine generates a random code and requests a transfer to a user's mobile phone.
- the user's mobile phone If the user inputs the amount of money to be transferred to the user's mobile phone in step 902, the user's mobile phone generates a random number 9. The user's mobile phone transmits the generated random number 9 to the other mobile phone.
- step 903 the other party checks the amount to be transferred and presses the approval button.
- the other mobile phone transmits the received random number and the transfer amount information to the other authentication engine and requests verification.
- step 904 the counterpart authentication engine generates a random code 12345.
- the counterpart authentication engine transmits the result of multiplying the received random number 9 by 12345 generated by the authentication engine and the amount information to be transferred to the counterpart mobile phone.
- step 905 the other party's mobile phone adds the respective digits of 111105 received from the authentication engine to generate a modified verification code and transmits it to the user's mobile phone.
- step 906 the random number 9 transmitted first is compared with the received deformation verification code 9, and the received electronic money is stored in the user's authentication engine.
- the cryptographic transaction procedure for performing the authentication method according to an embodiment of the present invention is a private block chain technique in a 1: 1 transfer scheme, and a trader automatically generates and uses a random code, so there is no risk of information leakage and hacking is impossible.
- the encryption process is omitted, there is no possibility of overloading and tampering, and credit card merchant fees do not occur.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Software Systems (AREA)
- Finance (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Multimedia (AREA)
- Human Computer Interaction (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Technology Law (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims (22)
- 사용자 정보를 송신하여 거래를 요청하는 사용자 단말;상기 거래 요청을 수신하고, 인증 코드를 생성하여 상기 사용자에 대한 인증을 요청하는 거래 서버;상기 인증 코드를 기반으로 변형된 인증코드를 생성하고, 검증코드를 기반으로 변형된 검증코드를 생성하여 상기 거래서버로 송신하는 인증 단말;상기 변형된 인증 코드를 수신하여 상기 인증 단말의 적법성을 확인하고, 상기 검증 코드를 생성하여 상기 인증 단말로 송신하는 인증 엔진;을 포함하고,상기 거래서버는 상기 변형된 검증 코드를 연산한 결과와 상기 거래서버가 생성한 인증 코드의 일치 여부를 판단하여 상기 거래를 인증하는 인증 시스템.
- 제 1 항에 있어서,상기 사용자 단말은 거래 종류와 상기 사용자에 대한 전화번호를 포함하는 메시지를 상기 거래 서버로 송신하는 인증 시스템.
- 제 2 항에 있어서,상기 거래 서버는 무작위수를 선택하고, 상기 무작위수를 이용하여 공개키를 생성하고, 사용자 정보를 이용하여 인증코드를 생성하고, 상기 생성된 공개키와 상기 인증코드를 상기 인증 단말로 송신하는 인증 시스템.
- 제 3 항에 있어서,상기 인증 단말은 사용자 정보를 이용하여 인증코드를 생성하고, 상기 거래서버로부터 수신한 인증 코드와 일치하는지 판단하는 인증 시스템.
- 제 4 항에 있어서,상기 인증 단말은 무작위수를 선택하고, 상기 무작위수를 이용하여 공개키를 생성하고, 사용자정보, 생체정보 및 활성도를 이용하여 인증코드를 생성하고, 상기 생성된 공개키와 상기 인증코드를 상기 인증 엔진으로 송신하는 인증 시스템.
- 제 5 항에 있어서,상기 인증 엔진은 사용자 정보, 생체정보 및 활성도를 이용하여 인증코드를 생성하고, 상기 인증 단말로부터 수신한 인증 코드와 일치하는지 판단하는 인증 시스템.
- 제 1 항에 있어서,상기 인증 엔진은 정상 지문과 비상 지문을 저장하는 인증 시스템.
- 제 6 항에 있어서,상기 인증 엔진은 무작위수를 선택하고, 상기 선택된 무작위수를 이용하여 공개키를 생성하고, 상기 무작위수와 상기 인증 단말로부터 수신한 공개키를 이용하여 공유 비밀키를 생성하고, 상기 공유 비밀키와 사용자 정보를 이용하여 검증 코드를 생성하고, 상기 생성된 공유키와 상기 검증 코드를 상기 인증 단말로 전송하는 인증 시스템.
- 제 8 항에 있어서,상기 인증 단말은 상기 인증 엔진으로부터 수신한 공유키를 이용하여 공유 비밀키를 생성하고, 상기 생성된 공유 비밀키와 상기 인증 엔진으로부터 수신한 검증 코드를 연산한 결과와 사용자정보를 이용하여 생성한 검증 코드가 일치하는지 판단하는 인증 시스템.
- 제 9 항에 있어서,상기 인증 단말은 상기 인증 단말이 생성한 무작위수와 상기 거래서버로부터 수신한 공개키를 이용하여 공유 비밀키를 생성하고,상기 생성한 공유 비밀키를 이용하여 변형 검증 코드를 생성하고, 상기 인증 단말이 생성한 공유키와 상기 변형 검증 코드를 상기 거래서버로 송신하는 인증 시스템.
- 제 10 항에 있어서,상기 거래 서버는 상기 거래서버가 생성한 무작위수와 상기 인증단말로부터 수신한 공개키를 이용하여 공유 비밀키를 생성하고, 상기 생성된 공유 비밀키와 상기 인증 단말로부터 수신한 변형 검증 코드를 연산한 결과와 사용자 정보를 이용하여 생성한 검증 코드가 일치하는지 판단하는 인증 시스템.
- 사용자 단말이 사용자 정보를 송신하여 거래를 요청하는 단계;거래서버가 상기 거래 요청을 수신하고, 상기 인증코드를 생성하는 단계;인증 단말이 상기 거래서버의 적법성을 확인하고 상기 인증 코드를 기반으로 변형된 인증코드를 생성하는 단계;인증 엔진이 상기 인증 단말의 적법성을 확인하고 상기 변형된 인증코드를 기반으로 상기 검증 코드를 생성하여 상기 인증 단말로 송신하는 단계;상기 인증 단말이 상기 검증 코드를 기반으로 변형된 검증코드를 생성하여 상기 거래서버로 송신하는 단계;상기 거래서버가 상기 변형된 검증 코드를 연산한 결과와 상기 거래서버가 생성한 인증 코드의 일치 여부를 판단하여 상기 거래를 인증하는 단계;를 포함하는 인증 방법.
- 제 12 항에 있어서,상기 사용자 단말은 거래 종류와 상기 사용자에 대한 전화번호를 포함하는 메시지를 상기 거래 서버로 송신하는 인증 방법.
- 제 13 항에 있어서,상기 거래 서버는 무작위수를 선택하고, 상기 무작위수를 이용하여 공개키를 생성하고, 사용자 정보를 이용하여 인증코드를 생성하고, 상기 생성된 공개키와 상기 인증코드를 상기 인증 단말로 송신하는 인증 방법.
- 제 14 항에 있어서,상기 인증 단말은 사용자 정보를 이용하여 변형된 인증코드를 생성하고, 상기 거래서버로부터 수신한 인증 코드와 일치하는지 판단하는 인증 방법.
- 제 15 항에 있어서,상기 인증 단말은 무작위수를 선택하고, 상기 무작위수를 이용하여 공개키를 생성하고, 사용자정보, 생체정보 및 활성도를 이용하여 인증코드를 생성하고, 상기 생성된 공개키와 상기 인증코드를 상기 인증 엔진으로 송신하는 인증 방법.
- 제 12 항에 있어서,상기 인증 엔진은 정상 지문과 비상 지문을 저장하는 인증 방법.
- 제 16 항에 있어서,상기 인증 엔진은 사용자 정보를 이용하여 인증코드를 생성하고, 상기 인증 단말로부터 수신한 인증 코드와 일치하는지 판단하는 인증 방법.
- 제 18 항에 있어서,상기 인증 엔진은 무작위수를 선택하고, 상기 선택된 무작위수를 이용하여 공개키를 생성하고, 상기 무작위수와 상기 인증 단말로부터 수신한 공개키를 이용하여 공유 비밀키를 생성하고, 상기 공유 비밀키와 사용자 정보를 이용하여 검증 코드를 생성하고, 상기 생성된 공유키와 상기 검증 코드를 상기 인증 단말로 전송하는 인증 방법.
- 제 19 항에 있어서,상기 인증 단말은 상기 인증 엔진으로부터 수신한 공유키를 이용하여 공유 비밀키를 생성하고, 상기 생성된 공유 비밀키와 상기 인증 엔진으로부터 수신한 검증 코드를 연산한 결과와 사용자정보를 이용하여 생성한 검증 코드가 일치하는지 판단하는 인증 방법.
- 제 20 항에 있어서,상기 인증단말은 상기 인증 단말이 생성한 무작위수와 상기 거래서버로부터 수신한 공개키를 이용하여 공유 비밀키를 생성하고,상기 생성한 공유 비밀키를 이용하여 변형 검증 코드를 생성하고, 상기 인증 단말이 생성한 공유키와 상기 변형 검증 코드를 상기 거래서버로 송신하는 인증 방법.
- 제 21 항에 있어서,상기 거래 서버는 상기 거래서버가 생성한 무작위수와 상기 인증단말로부터 수신한 공개키를 이용하여 공유 비밀키를 생성하고, 상기 생성된 공유 비밀키와 상기 인증 단말로부터 수신한 변형 검증 코드를 연산한 결과와 사용자 정보를 이용하여 생성한 검증 코드가 일치하는지 판단하는 인증 방법.
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201880053982.7A CN110998574B (zh) | 2017-08-23 | 2018-08-22 | 认证终端、认证设备及使用这些的认证方法及系统 |
JP2020510122A JP7139414B2 (ja) | 2017-08-23 | 2018-08-22 | 認証端末、認証装置、並びにこれを用いた認証方法及びシステム |
US16/641,000 US11290279B2 (en) | 2017-08-23 | 2018-08-22 | Authentication terminal, authentication device and authentication method and system using authentication terminal and authentication device |
EP18847991.9A EP3674936A4 (en) | 2017-08-23 | 2018-08-22 | AUTHENTICATION TERMINAL, AUTHENTICATION DEVICE AND AUTHENTICATION METHOD AND SYSTEM USING AN AUTHENTICATION TERMINAL AND AN AUTHENTICATION DEVICE |
KR1020207003265A KR102321260B1 (ko) | 2017-08-23 | 2018-08-22 | 인증 단말, 인증 장치 및 이들을 이용한 인증 방법 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2017-0106614 | 2017-08-23 | ||
KR20170106614 | 2017-08-23 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019039865A1 true WO2019039865A1 (ko) | 2019-02-28 |
Family
ID=65439061
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2018/009667 WO2019039865A1 (ko) | 2017-08-23 | 2018-08-22 | 인증 단말, 인증 장치 및 이들을 이용한 인증 방법 및 시스템 |
Country Status (6)
Country | Link |
---|---|
US (1) | US11290279B2 (ko) |
EP (1) | EP3674936A4 (ko) |
JP (1) | JP7139414B2 (ko) |
KR (1) | KR102321260B1 (ko) |
CN (1) | CN110998574B (ko) |
WO (1) | WO2019039865A1 (ko) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11849047B2 (en) | 2018-10-09 | 2023-12-19 | International Business Machines Corporation | Certifying authenticity of data modifications |
US11374762B2 (en) * | 2018-10-09 | 2022-06-28 | International Business Machines Corporation | Certifying authenticity of data modifications |
RU2715300C1 (ru) * | 2019-03-12 | 2020-02-26 | Алексей Федорович Хорошев | Способ создания данных соответствия объекта и информации о нем |
KR102120051B1 (ko) * | 2019-11-11 | 2020-06-17 | 석인수 | 수치화된 표면지문을 포함한 제품의 물리적 특징정보 및 블록체인을 활용한 원본 인증 시스템 및 방법 |
EP3860077A1 (en) * | 2020-01-31 | 2021-08-04 | Nagravision SA | Secured communication between a device and a remote server |
KR102387140B1 (ko) * | 2020-05-13 | 2022-04-15 | 윤태식 | 안전운전 인센티브 시스템 및 안전운전 검증 방법 |
KR102196347B1 (ko) * | 2020-09-21 | 2020-12-29 | 주식회사 온비즈스타 | 전자 결제 시스템 및 그 동작 방법 |
WO2023148853A1 (ja) * | 2022-02-02 | 2023-08-10 | 日本電信電話株式会社 | アクセスコントロール用システム、通信システム、アクセスコントロール方法、及びプログラム |
CN114900342B (zh) * | 2022-04-25 | 2024-04-12 | 矩阵时光数字科技有限公司 | 一种基于密钥分发系统的分发机认证方法 |
CN118054901B (zh) * | 2024-02-23 | 2024-08-20 | 应急管理部大数据中心 | 基于密钥标识快速传递的网络通信方法及存储装置 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070192841A1 (en) * | 2006-02-15 | 2007-08-16 | Samsung Electronics Co., Ltd. | Mutual authentication apparatus and method |
KR101595099B1 (ko) * | 2015-04-20 | 2016-02-17 | 주식회사 기가코리아 | 보안코드 서비스 제공 방법 |
KR20160042286A (ko) * | 2014-10-08 | 2016-04-19 | 주식회사 케이지이니시스 | 인증코드 변형을 이용한 인증 처리 방법 |
KR20160142032A (ko) * | 2015-06-02 | 2016-12-12 | 남기원 | 서브인증을 통한 맞춤형 금융처리 시스템 및 그 방법 |
KR20170067239A (ko) * | 2015-12-08 | 2017-06-16 | 코리아크레딧뷰로 (주) | 본인 확인 서비스 제공 방법 |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4419984B2 (ja) | 2006-04-28 | 2010-02-24 | ソニー株式会社 | 認証デバイス、および認証処理方法 |
JP2008009600A (ja) | 2006-06-28 | 2008-01-17 | Hitachi Ltd | 生体認証システム、処理装置、生体認証方法および生体認証プログラム |
EP2105873A1 (en) * | 2008-03-11 | 2009-09-30 | Imunant S.r.l. | System and method for performing a transaction |
KR20110002968A (ko) | 2009-07-03 | 2011-01-11 | 주식회사 퍼스트포켓 | 생체 인증을 이용한 금융 거래 서비스 제공 방법 및 시스템과 그를 위한 휴대용 저장 장치 |
KR101172872B1 (ko) | 2010-09-06 | 2012-08-10 | 브이피 주식회사 | 인증 번호를 활용한 안전 결제 방법 및 시스템 |
US20140156531A1 (en) * | 2010-12-14 | 2014-06-05 | Salt Technology Inc. | System and Method for Authenticating Transactions Through a Mobile Device |
KR101573848B1 (ko) * | 2012-07-31 | 2015-12-02 | 주식회사 케이티 | 결제 서비스 제공 방법 및 그 시스템 |
US20160125416A1 (en) * | 2013-05-08 | 2016-05-05 | Acuity Systems, Inc. | Authentication system |
KR20150135717A (ko) | 2014-05-23 | 2015-12-03 | 중앙대학교 산학협력단 | 모바일 멀티홉 네트워크에서 비밀키를 공유하는 장치 및 방법 |
CN106797311B (zh) * | 2014-08-29 | 2020-07-14 | 维萨国际服务协会 | 用于安全密码生成的系统、方法和存储介质 |
CN105959287A (zh) * | 2016-05-20 | 2016-09-21 | 中国银联股份有限公司 | 一种基于生物特征的安全认证方法及装置 |
-
2018
- 2018-08-22 EP EP18847991.9A patent/EP3674936A4/en active Pending
- 2018-08-22 JP JP2020510122A patent/JP7139414B2/ja active Active
- 2018-08-22 CN CN201880053982.7A patent/CN110998574B/zh active Active
- 2018-08-22 KR KR1020207003265A patent/KR102321260B1/ko active IP Right Grant
- 2018-08-22 WO PCT/KR2018/009667 patent/WO2019039865A1/ko unknown
- 2018-08-22 US US16/641,000 patent/US11290279B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070192841A1 (en) * | 2006-02-15 | 2007-08-16 | Samsung Electronics Co., Ltd. | Mutual authentication apparatus and method |
KR20160042286A (ko) * | 2014-10-08 | 2016-04-19 | 주식회사 케이지이니시스 | 인증코드 변형을 이용한 인증 처리 방법 |
KR101595099B1 (ko) * | 2015-04-20 | 2016-02-17 | 주식회사 기가코리아 | 보안코드 서비스 제공 방법 |
KR20160142032A (ko) * | 2015-06-02 | 2016-12-12 | 남기원 | 서브인증을 통한 맞춤형 금융처리 시스템 및 그 방법 |
KR20170067239A (ko) * | 2015-12-08 | 2017-06-16 | 코리아크레딧뷰로 (주) | 본인 확인 서비스 제공 방법 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3674936A4 * |
Also Published As
Publication number | Publication date |
---|---|
KR20200023469A (ko) | 2020-03-04 |
US20200382307A1 (en) | 2020-12-03 |
EP3674936A4 (en) | 2021-04-21 |
CN110998574A (zh) | 2020-04-10 |
JP7139414B2 (ja) | 2022-09-20 |
JP2020533835A (ja) | 2020-11-19 |
KR102321260B1 (ko) | 2021-11-03 |
EP3674936A1 (en) | 2020-07-01 |
US11290279B2 (en) | 2022-03-29 |
CN110998574B (zh) | 2024-01-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2019039865A1 (ko) | 인증 단말, 인증 장치 및 이들을 이용한 인증 방법 및 시스템 | |
WO2020091278A1 (ko) | 사용증명방식 블록체인 기반의 일회용 개인키를 이용한 개인정보 제공 시스템 및 방법 | |
WO2021071157A1 (en) | Electronic device and method for managing blockchain address using the same | |
WO2018030707A1 (ko) | 인증 시스템 및 방법과 이를 수행하기 위한 사용자 단말, 인증 서버 및 서비스 서버 | |
WO2021010766A1 (ko) | 블록 체인을 이용한 전자 인증 장치 및 그 방법 | |
WO2021075867A1 (ko) | 블록체인 기반 시스템을 위한 키의 저장 및 복구 방법과 그 장치 | |
WO2019093573A1 (ko) | 생체정보 기반의 전자서명 인증 시스템 및 그의 전자서명 인증 방법 | |
WO2018194379A1 (ko) | 블록체인 및 이와 연동되는 머클 트리 구조 기반의 토큰 아이디를 이용하여 카드 사용을 승인하는 방법 및 이를 이용한 서버 | |
WO2018008800A1 (ko) | 블록체인을 기반으로 하는 공인인증서 인증시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 인증방법 | |
WO2017171165A1 (ko) | 블록체인을 기반으로 하는 공인인증서 발급시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 발급방법 | |
WO2015093734A1 (ko) | 빠른 응답 코드를 이용한 인증 시스템 및 방법 | |
KR102514429B1 (ko) | 생체인식 데이터 템플레이트의 업데이트 | |
WO2017119548A1 (ko) | 보안성이 강화된 사용자 인증방법 | |
WO2022102930A1 (ko) | 브라우저 기반 보안 pin 인증을 이용한 did 시스템 및 그것의 제어방법 | |
WO2021071116A1 (ko) | 브라우저의 웹스토리지를 이용한 간편인증 방법 및 시스템 | |
WO2020050424A1 (ko) | 블록체인 기반의 모바일 단말 및 IoT 기기 간의 다중 보안 인증 시스템 및 방법 | |
WO2020189926A1 (ko) | 블록체인 네트워크를 이용하여 사용자의 아이덴티티를 관리하는 방법 및 서버, 그리고, 블록체인 네트워크 기반의 사용자 아이덴티티를 이용하여 사용자를 인증하는 방법 및 단말 | |
WO2020189927A1 (ko) | 블록체인 네트워크를 이용하여 사용자의 아이덴티티를 관리하는 방법 및 서버, 그리고, 블록체인 네트워크 기반의 사용자 아이덴티티를 이용하여 사용자를 인증하는 방법 및 단말 | |
WO2017105072A1 (ko) | 생체 정보 기반 인증 장치 그리고 이의 동작 방법 | |
WO2020091525A1 (ko) | 생체 인증을 이용한 결제 방법 및 그 전자 장치 | |
WO2015126037A1 (ko) | 일회용 랜덤키를 이용한 본인 확인 및 도용 방지 시스템 및 방법 | |
WO2020032351A1 (ko) | 익명 디지털 아이덴티티 수립 방법 | |
WO2022196851A1 (ko) | 백신 접종의 인증 및 접종 후 사후 관리를 제공하기 위한 방법 및 그 시스템 | |
WO2020235733A1 (ko) | 유저 바이오 데이터를 이용한 유저 인증 및 서명 장치와 방법 | |
WO2020141782A1 (ko) | 블록체인 네트워크를 이용하여 사용자의 아이덴티티를 관리하는 방법 및 서버, 그리고, 블록체인 네트워크 기반의 사용자 아이덴티티를 이용하여 사용자를 인증하는 방법 및 단말 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18847991 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 20207003265 Country of ref document: KR Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2020510122 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2018847991 Country of ref document: EP Effective date: 20200323 |