WO2021206289A1 - User authentication method, device and program - Google Patents

User authentication method, device and program Download PDF

Info

Publication number
WO2021206289A1
WO2021206289A1 PCT/KR2021/002325 KR2021002325W WO2021206289A1 WO 2021206289 A1 WO2021206289 A1 WO 2021206289A1 KR 2021002325 W KR2021002325 W KR 2021002325W WO 2021206289 A1 WO2021206289 A1 WO 2021206289A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
authentication
instantaneous
original
biometric information
Prior art date
Application number
PCT/KR2021/002325
Other languages
French (fr)
Korean (ko)
Inventor
오스티븐상근
이진서
Original Assignee
오스티븐상근
이진서
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 오스티븐상근, 이진서 filed Critical 오스티븐상근
Publication of WO2021206289A1 publication Critical patent/WO2021206289A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories

Definitions

  • the present invention relates to a user authentication method, apparatus and program, and more particularly, when authenticating whether a user is a user by biometric information, whether or not the original biometric information of an authentication module is damaged by hash information in an authentication server It relates to a user authentication method, apparatus and program.
  • authentication of the identity of the user may be required prior to the use of information equipment, connection to a server, data processing, and the like.
  • a server such as a shopping mall by using an information device such as a computer, or performing remittance processing in a server such as online banking by using an information device such as a smartphone, for example, a request for logging in or a request to perform remittance processing It needs to be verified whether the user who does this is a pre-registered person.
  • ID/password As a conventional user authentication method, there is a method by ID/password. However, verification of ID/password is only verification of knowledge of stored character data, and this knowledge can be exposed or transmitted to others. The problem is that there is no guarantee.
  • the verification of the pattern is basically only verification of knowledge, and thus has the same problem as the method using the ID/password.
  • vehicle information of the shared vehicle to be shared with the sharing applicant via a designated route, sharing time information to share the shared vehicle with the sharing applicant, and the sharing applicant wireless terminal a second step of receiving a mobile phone number of a third step of inquiring a number management D/B based on vehicle information of a shared vehicle to be shared with the sharing applicant and confirming a vehicle phone number of a designated numbering system assigned to a shared vehicle, not a calling device; a fourth step of mapping the mobile phone number of the sharing applicant wireless terminal, the vehicle phone number assigned to the shared vehicle, and sharing time information to share the shared vehicle, and storing the mapping in a designated storage medium;
  • the sharing start time of the stored sharing time information has not arrived, the call forwarding function of the shared vehicle's vehicle phone number mapped with the shared applicant's wireless terminal is inactivated (or maintained in an inactive state) and the sharing starts a fifth step of processing the
  • Patent Document 1 Patent Registration No. 10-1783555
  • the description of the above patent document specifies a co-owner who is a driver by using the mobile phone number of the applicant's wireless terminal. That is, the mobile phone number of the applicant's wireless terminal serves as an ID.
  • IDs and mobile phone numbers are just 'knowledge' that can be shared with others. As it is a piece of knowledge, there may be cases in which the person actively informs others of his/her ID or mobile phone number, and there may be cases in which the ID or mobile phone number is stolen by others against his/her will.
  • an ID or mobile phone number is an authentication method that is inconvenient to enter into the device by typing or the like. Therefore, in the case of temporary user change due to typing inconvenience, for example, when a temporary user changes, for example, when a factory worker entrusts a conveyor operation to an adjacent worker to go to the bathroom for a while, in the case of a temporary user change, an ID or mobile phone number for changing the user There are cases where typing is not performed, and even when typing is performed, there is a risk of authentication failure due to mistyping.
  • biometric information such as face, iris, and fingerprint for user authentication. Since biometric information does not fall under the verification of knowledge, there is no problem of exposure, transmission, or theft. Since such biometric information is extremely important personal information, strict management is required. In particular, when biometric information is transmitted and received through a network, an accident in which biometric information is leaked may occur due to hijacking of the network signal. Of course, hardware containing biometric information, for example, a server, terminal, module, etc. may be hacked, and biometric information may be stolen. Furthermore, if biometric information registered in a server, terminal, module, etc. can be altered without permission, after altering the biometric information of another person other than the originally registered user, that other person is authenticated by the biometric information, There is also a possibility that manipulation such as a crime that steals the effect of authentication of the originally registered user may occur.
  • the present invention is intended to solve the problems of the technology in the above patent document, and the user is accurately and quickly authenticated by an authentication method in which the person actively informs others or does not take over the person's will. It is to provide a user authentication method, apparatus and program that can do this.
  • biometric information it is an object of the present invention to provide a user authentication method, apparatus, and program that allow authentication to be performed in a state in which biometric information is not transmitted and received through a network.
  • Another object of the present invention is to provide a user authentication method, apparatus, and program that can prevent the occurrence of a crime of stealing the authentication effect of others according to alteration or modification of biometric information.
  • the method of the present invention for achieving the above object is a user authentication method through an information device, wherein an authentication module to be used for user authentication is registered in an authentication server, and the user's original biometric information is registered in the authentication module, an authentication module preparation step in which original hash information generated in a predetermined manner from the original biometric information by an authentication module is registered in the authentication server; a biometric information input step of newly inputting instantaneous biometric information of a current user into the authentication module through a biometric sensor of the authentication module detachably connected to the information device; In a state where both the original biometric information and the instantaneous biometric information are provided in the authentication module and not transmitted to the outside, the original biometric information and the instantaneous biometric information are compared in the authentication module, and the original biometric information a module internal processing step of outputting a predetermined biometric matching signal from the authentication module when the instantaneous biometric information coincides with a predetermined range; an instantaneous hash information generating step of generating instant
  • the match degree determination is performed while the original biometric information and the instantaneous biometric information are loaded into a secure memory readable only within the authentication module.
  • the original biometric information is stored in an encrypted state, and it is preferable to be decrypted and processed immediately before the matching is determined in the processing step inside the module.
  • the instantaneous biometric information is irretrievably completely deleted immediately after the match is determined.
  • a designated position output step of outputting a designated position to be compared of hash information from the authentication server that has received the biometric matching signal is further provided, wherein in the instantaneous hash information generating step, the Instantaneous hash information of the specified position is generated and transmitted, and in the authentication confirmation step, it is preferable that the instantaneous hash information of the specified position and the original hash information are compared.
  • the designated position is determined by a random number.
  • the said designated position is plural.
  • the device of the present invention for achieving the above object is a user authentication device through an information device, with an external authentication server connected, one side is detachably connected to the information device, and the other side is connected to the biosensor. It is connected, the user's original biometric information is registered therein, and the original hash information generated from the original biometric information in a predetermined manner is registered in the authentication server, By receiving the instantaneous biometric information of the current user, both the original biometric information and the instantaneous biometric information are provided inside, and the original biometric information and the instantaneous biometric information are stored inside in a state in which the instantaneous biometric information is not transmitted to the outside.
  • a predetermined biometric coincidence signal is output, while instantaneous hash information is generated from the original biometric information used for comparison, and the authentication an authentication module to be transmitted to the server;
  • the instantaneous hash information is received along with the biometric matching signal from the previously registered authentication module, and both the original hash information and the instantaneous hash information are provided inside
  • the original hash information and the instantaneous hash information are compared, and when they match, a hash match determination is made and an authentication server that outputs a predetermined authentication confirmation signal is included.
  • the program of the present invention for achieving the above object is a program for user authentication, in which an information processing device records a program for executing each step of the method described above in a storage medium readable by an information processing device. recorded program.
  • a user authentication method, apparatus and program that can accurately and quickly authenticate a user by an authentication method in which the person actively informs others or does not take over the person against his/her will.
  • a user authentication method, apparatus, and program are provided so that authentication is performed in a state in which biometric information is not transmitted and received through a network.
  • a user authentication method, apparatus and program capable of preventing the occurrence of a crime of stealing authentication effects of others according to alteration of biometric information.
  • FIG. 1 is a block diagram of an embodiment of an apparatus in which a user authentication method according to the present invention will be implemented.
  • the relationship in which another member is arranged or connected to the front, rear, left, right, and upper and lower sides of a member includes a case in which a separate member is inserted in the middle.
  • a member is said to be 'right', right, left, or top and bottom of another member, it means that there is no separate member in the middle.
  • a part 'includes' other components this means that other components may be further included, rather than excluding other components, unless otherwise stated.
  • the reason that the names of the components are divided into the first, the second, etc. is to classify them in the same relationship, and the order is not necessarily limited thereto.
  • terms such as 'unit', 'means', 'unit', 'member', and 'module' described in the specification mean a unit of a comprehensive configuration that performs at least one function or operation.
  • information processing devices such as terminals and servers described in the specification basically mean hard wiring, which means hardware in which specific functions or operations are implemented, but should not be construed to be limited to specific hardware, and should not be construed as being limited to specific hardware. This does not exclude soft wiring, which consists of software running to cause a specific function or operation to be implemented. That is, the terminal or server may be any device or software installed on any device, such as an app.
  • the method of the present invention is a method for authenticating the user 14 through the information device 10 .
  • This method can be used when authentication of the identity of the user 14 is required prior to the use of the information device 10 , the connection to the server 30 , the execution of data processing 31 , and the like.
  • the server 30 such as a shopping mall, etc.
  • the information device 10 such as a computer
  • the information device 10 such as a smart phone
  • the remittance processing is performed in the server 30, such as online banking (31)
  • it can be used when it is necessary to verify whether the user 14 who requests the login or the request to perform the remittance processing is a previously registered person.
  • the authentication of the user 14 is not limited to the cases exemplified above, and for example, in the case of verifying whether the user 14 is allowed in advance, such as in the military field or aerospace, in-company decision-making, or the entrance door. It is of course interpreted that it can be used for all of them.
  • the method of the present invention the authentication module preparation step (S10) and; Biometric information input step (S20) and; Module internal processing step (S30) and; Instantaneous hash information generation step (S40) and; authentication verification step (S50); It is characterized in that it is included.
  • the authentication module 12 to be used for authentication of the user 14 is registered in the authentication server 20, and the original biometric information of the user 14 is registered in the authentication module 12
  • original hash information generated in a predetermined manner from the original biometric information by the authentication module 12 is registered in the authentication server 20 .
  • the authentication server 20 is a server configured to output a predetermined signal corresponding thereto when receiving a predetermined signal. That is, unlike the conventional server, a high-level computational processing such as image comparison processing is not required. Accordingly, it is possible to increase the processing speed while reducing errors.
  • the authentication server 20 is preferably configured to respond only to signals from the authentication module 12 registered in advance. Accordingly, the authentication module 12 must be registered in the authentication server 20 in advance prior to signal transmission and reception.
  • security verification for example, verification by a public certificate or a private certificate may be performed. Whether or not to register may be determined by a unique identification code of the authentication module 12, for example, a serial number or ID.
  • the original biometric information is biometric information serving as a standard to be used for authentication.
  • the original biometric information may be obtained and input through the biometric sensor 13 connected to the authentication module 12 .
  • the original biometric information may be transmitted and input from another device (not shown) without going through the biosensor 13 .
  • original hash information is generated in a predetermined manner by the authentication module 12 for the original biometric information, and is transmitted to the authentication server 20 for registration. have.
  • This original hash information is data that is stored in advance to be used for verifying whether the original biometric information is hacked when comparing the biometric information later.
  • the hash information may be set, for example, as a hash function value, but is not limited thereto, and may be set, for example, as a predetermined processed value for the hash function value.
  • a hash function value or a processed value thereof is collectively referred to as hash information.
  • the original hash information When the original hash information is transmitted from the authentication module 12 to the authentication server 20, it is transmitted in an encrypted state. If the original hash information is a hash function value, all hash function values may be transmitted, or the server may have all or part of the hash value for biometric information through another method.
  • the authentication server 20 securely stores the original hash information.
  • biometric information input step (S20) the current user is newly added to the authentication module 12 through the biometric sensor 13 of the authentication module 12 detachably connected to the information device 10.
  • step (14) instantaneous biometric information is input.
  • the information device 10 is a unit contributing to the processing of the authentication function according to the present invention in addition to the basic functions such as connection to the processing server 30 and information processing.
  • the processing request unit 11 in the information device 10 performs the processing unit of the processing server 30 . It is connected to (31), determines a method of log-in processing, performs authentication processing through the authentication module 12 and authentication server 20 in the information device 10, and confirms authentication in the authentication server 20 It may be set to wait for the signal to be input to the processing unit 31 .
  • the processing request unit 11 may be included in the information device 10 to be integrally configured. However, it is not limited to this.
  • the processing request unit 11 may be detachably configured to be detachably attached to the information device 10 .
  • the processing performing unit 31 may be included in the processing server 30 to be integrally configured. However, it is not limited to this.
  • the processing performing unit 31 may be detachably configured to be detachably attached to the processing server 30 .
  • the authentication module 12 may be integrally installed and included in the processing request unit 11 or the information device 10 . In this case, with a stable electrical connection, an optimized configuration is possible.
  • the authentication module 12 is preferably configured to be detachably fastened to the processing request unit 11 or the information device 10 .
  • the method of attachment and detachment is possible regardless of wired or wireless, for example, a case in which the authentication module 12 in the form of a USB dongle is physically attached to and detached from the processing request unit 11 or the information device 10 having a terminal of a USB interface.
  • the processing request unit 11 or the information device 10 and the authentication module 12 having a Bluetooth-type wireless means are paired with each other within a reachable range.
  • the authentication module 12 may be configured to be connected to various information devices 10 . Accordingly, it is possible to increase the degree of freedom of connection.
  • the authentication module 12 can be separated from the processing request unit 11 and stored in a safer place, such as a safe.
  • the authentication module 12 may be configured to be formed in plurality.
  • each of the plurality of authentication modules 12 may be for individuals assigned to each user 14 .
  • the authentication module 12 of each user 14 is preferably configured such that the original biometric information of each user 14 is registered. By doing so, each authentication module 12 is thoroughly personalized and used only for authentication of each individual user 14 . And this personal authentication module 12 can be used for various information devices (10).
  • the instantaneous biometric information is biometric information input to be compared with the original biometric information. This is obtained from the biosensor 13 connected to the authentication module 12 .
  • the biosensor 13 may be included in the authentication module 12 as an integral type installed. By doing so, security can be enhanced. However, it is not limited to this.
  • the biosensor 13 may be detachably connected to the authentication module 12 . By doing so, there are advantages in that the newly developed sensor and different types of sensors can be replaced and installed, and the sensor itself can be managed separately.
  • both the original biometric information and the instantaneous biometric information are provided in the authentication module 12 and are not transmitted to the outside;
  • a predetermined biometric matching signal is outputted from the authentication module 12 .
  • the original biometric information and the instantaneous biometric information are configured to determine the degree of matching while being loaded in a secure memory (not shown) readable only within the authentication module 12 .
  • the secure memory is not accessible from the outside of the authentication module 12 . Therefore, a hacking attempt by data access to the authentication module 12 itself is impossible, and security is extremely improved.
  • the original biometric information is stored in an encrypted state, and is decrypted immediately before the matching degree is determined so that the matching degree determination is processed. Accordingly, even if a hacking attempt occurs on the biometric information in the authentication module 12, the security is greatly improved due to the encrypted original biometric information.
  • the instantaneous biometric information is configured to be irretrievably completely deleted immediately after the match is determined.
  • security is extremely improved.
  • a conventional technique for determining the degree of agreement or similarity with respect to a pattern of biometric information may be used.
  • the predetermined range of the degree of matching may be adjusted.
  • the biometric matching signal output as a result of determining the degree of matching is a signal predetermined between the authentication server 20 and the authentication module 12 registered in the authentication server 20 .
  • the biometric signal is transmitted from the authentication module 12 directly to the authentication server 20 or from the authentication module 12 through the processing request unit 11 or the information device 10 to the authentication server 20 . ) is sent to
  • the instantaneous hash information generation step S40 is a step in which instantaneous hash information is generated from the original biometric information used for comparison in the authentication module 12 and transmitted to the authentication server 20 .
  • the authentication module 12 confirms the degree of conformity of biometric information by comparing the original biometric information and instantaneous hash information (when user verification is performed), before or after confirming the degree of conformity through biometric authentication, the authentication module 12 is , calculates instantaneous hash information (eg, hash function value) for the original biometric data used in the comparison conducted this time.
  • This instantaneous hash information is generated in the authentication module 12 and transmitted to the authentication server 20 in the same way as when registering the original biometric information and registering the original hash information in the authentication module preparation step S10 .
  • the original hash information and the instantaneous hash information are both provided in the authentication server 20, and in the authentication server 20 receiving the biometric matching signal, the original This is a step of outputting a predetermined authentication confirmation signal from the authentication server 20 in the case of a hash coincidence as a result of comparing the hash information and the instantaneous hash information.
  • the predetermined authentication confirmation signal is a signal predetermined between the authentication server 20 and the authentication module 12 registered in the authentication server 20, and the authentication server 20 in the process server 30 ) is a predetermined signal to be transmitted. Accordingly, the processing server 30 waits for the input of the authentication confirmation signal, and upon receiving the authentication confirmation signal, performs a predetermined process by the processing performing unit 31 .
  • the user 14 logs in to the shopping mall that is the processing server 30 in the computer that is the information device 10
  • the user 14 engages the processing request unit 11 with the removable authentication module 12
  • Instantaneous biometric information is input by the biometric sensor 13 built into the authentication module 12 .
  • the degree of matching between the original biometric information and the instantaneous biometric information is determined inside the authentication module 12, and if it falls within a predetermined range, a biometric matching signal is output.
  • the authentication server 20 receiving the biometric matching signal outputs an authentication confirmation signal, which is input to the processing server 30 .
  • the processing server 30 performs login processing by the processing execution unit 31 .
  • the processing execution unit 31 of the processing server 30 that has received the processing request of the information device 10 by biometric authentication performs a predetermined processing, it is possible to identify users based on knowledge such as mobile phone numbers and IDs. It avoids the problems, and it is possible to accurately and simply identify the true user.
  • the degree of matching of biometric information is determined only inside the authentication module 12, there is no external leakage of biometric information. And since the match determination result is output only as a predefined signal, there is no external leakage of biometric information.
  • instantaneous biometric information is stored in the secure memory, the original biometric information is stored in an encrypted state, and the instantaneous biometric information is deleted after the match is determined, thereby completely blocking hacking attempts.
  • the authentication module 12 is detachable, plural assigned to each user, and for personal use, it is possible to connect to various information devices 10 with a high degree of freedom.
  • the authentication module 12 since the authentication module 12 generates original hash information for the original biometric information registered in the authentication module 12 and registers it in the authentication server 20, it is possible to determine whether the registered original biometric information is hacked. can be judged. That is, when instantaneous biometric information is subsequently input and compared with the original biometric information as described above, the authentication module 12 newly generates instantaneous hash information of the original biometric information used for the comparison, and the authentication server 20 will be sent to The authentication server 20 compares the previously registered original hash information with the instantaneous hash information transmitted this time, and determines the hash coincidence only when they match. This hash coincidence determination becomes evidence that the original biometric information registered in the authentication module 12 has not been hacked.
  • the authentication server 20 does not receive a hash match determination according to the comparison of hash information, there is an effect that theft can be prevented.
  • the instantaneous hash information generation step (S40) the instantaneous hash information of the specified position is generated and transmitted, and in the authentication confirmation step (S50), the instantaneous hash information of the designated position and the original hash information are compared It is desirable to make it possible.
  • hash information of a position designated in the authentication server is input to the authentication server in this way, whether the authentication module has been hacked can be checked and the integrity of the biometric information can be checked.
  • the designated position is preferably determined by a random number.
  • the authentication server may be provided with a random number generator. By designating a position by a random number, a different position value may be transmitted to the authentication module each time.
  • the said designated position is plural.
  • the plurality of designated positions may be configured such that all or part of them are used for comparison of hash information.
  • the apparatus of the present invention is a user authentication apparatus via the information device (10).
  • the apparatus of the present invention includes an authentication module 12 ;
  • the authentication server 20 is characterized in that it is included.
  • the authentication module 12 with the authentication server 20 connected to the outside, one side is detachably connected to the information device 10, the other side is connected to the biometric sensor 13, inside In a state in which original biometric information of the user 14 is registered and provided, and original hash information generated from the original biometric information in a predetermined manner is registered in the authentication server 20, the biometric sensor 13 is By newly receiving instantaneous biometric information of the current user 14 through the and the instantaneous biometric information are compared, and when the degree of matching between the original biometric information and the instantaneous biometric information is within a predetermined range, a predetermined biometric coincidence signal is output, while instantaneous hash information from the original biometric information used for comparison is a module that is generated and transmitted to the authentication server 20 .
  • the authentication server 20 receives the instantaneous hash information together with the biometric matching signal from the previously registered authentication module 12 in a state in which the original hash information is registered from the authentication module 12, In a state where both the original hash information and the instantaneous hash information are provided inside, the original hash information and the instantaneous hash information are compared, and if they match, a hash match determination is made and a predetermined authentication confirmation signal is output. is the server
  • the program for user authentication of the present invention is a program recorded in a storage medium readable by an information processing device in which a program for causing the information processing device to execute each step of the method is recorded.
  • the present invention can be used in the industry of user authentication methods, devices and programs.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The present invention relates to a user authentication method, device and program which enable a verification of whether or not original biometric data of an authentication module has been damaged, by means of hash information in an authentication server when authenticating the identity of a user by means of the biometric data. The user authentication method by means of an information device of the present invention comprises an authentication module preparing step, a biometric data input step, an intramodular processing step, a hash information generating step and an authentication confirmation step.

Description

유저 인증방법, 장치 및 프로그램 User authentication method, device and program
본 발명은, 유저 인증방법, 장치 및 프로그램에 관한 것으로서, 보다 상세히는, 생체정보에 의해 유저의 본인여부를 인증할 때, 인증모듈의 원본 생체정보의 훼손여부를 인증서버에서 해시정보에 의해 검증하도록 한, 유저 인증방법, 장치 및 프로그램에 관한 것이다.The present invention relates to a user authentication method, apparatus and program, and more particularly, when authenticating whether a user is a user by biometric information, whether or not the original biometric information of an authentication module is damaged by hash information in an authentication server It relates to a user authentication method, apparatus and program.
일반적으로, 정보기기의 이용이나 서버의 접속, 데이터처리의 수행 등에 앞서서, 유저의 본인여부의 인증이 요구되는 경우가 있다. 예컨대 컴퓨터 등 정보기기에 의해 예컨대 쇼핑몰 등 서버에 로그인하는 경우, 또는 예컨대 스마트폰 등 정보기기에 의해 예컨대 온라인뱅킹 등 서버에서 송금처리를 수행하는 경우 등에 있어서, 그 로그인의 요청이나 송금처리의 수행 요청을 하는 유저가 미리 등록된 본인인지 검증될 필요가 있다.In general, authentication of the identity of the user may be required prior to the use of information equipment, connection to a server, data processing, and the like. For example, when logging in to a server such as a shopping mall by using an information device such as a computer, or performing remittance processing in a server such as online banking by using an information device such as a smartphone, for example, a request for logging in or a request to perform remittance processing It needs to be verified whether the user who does this is a pre-registered person.
종래의 유저의 본인인증 방식으로는 아이디/패스워드에 의한 방식이 있다. 그러나, 아이디/패스워드의 검증은, 기억하고 있는 문자 데이터라는 지식의 검증에 불과하고, 이러한 지식은 타인에게 노출이나 전달될 수 있는 것이어서, 그 본인여부의 인증을 하는 요청자가 반드시 원래의 정당한 본인이라는 보장이 없다는 문제가 있다.As a conventional user authentication method, there is a method by ID/password. However, verification of ID/password is only verification of knowledge of stored character data, and this knowledge can be exposed or transmitted to others. The problem is that there is no guarantee.
또한, 유저의 본인인증에는 패턴에 의한 방식, PIN에 의한 방식, 비밀번호에 의한 방식도 있다. 그러나, 패턴의 검증도, 기본적으로는 지식의 검증에 불과하여, 상기 아이디/패스워드에 의한 방식과 동일한 문제가 있다.In addition, there are a pattern-based method, a PIN-based method, and a password-based method for user authentication. However, the verification of the pattern is basically only verification of knowledge, and thus has the same problem as the method using the ID/password.
종래에 하기 특허문헌에 의하면, '다수의 사용자들에게 지정된 공유 차량을 일정 시간 동안 운행할 수 있는 운행 권리를 공유하는 차량 공유 서비스를 제공하는 응용서버와 연동하는 운영서버를 통해 실행되는 방법에 있어서, 다수의 사용자들에게 일정 시간 동안 운행 권리를 공유 가능한 N(N≥1)개의 공유 차량에 대한 N개의 차량정보와 상기 N개의 각 공유 차량에 각기 고유 할당된 N개의 차량용전화번호를 일대일 매핑하여 지정된 번호관리D/B에 저장하는 제1 단계; 임의의 공유 신청자 무선단말의 앱을 통해 차량 공유 서비스 신청 시, 지정된 경로를 경유하여 공유 신청자에게 공유될 공유 차량의 차량정보와 상기 공유 신청자에게 공유 차량을 공유할 공유시간정보와 상기 공유 신청자 무선단말의 이동전화번호를 수신하는 제2 단계; 상기 공유 신청자에게 공유될 공유 차량의 차량정보를 근거로 번호관리D/B를 조회하여 통화기기가 아닌 공유 차량에 할당된 지정된 번호체계의 차량용전화번호를 확인하는 제3 단계; 상기 공유 신청자 무선단말의 이동전화번호와 상기 공유 차량에 할당된 차량용전화번호 및 상기 공유 차량을 공유할 공유시간정보를 매핑하여 지정된 저장매체에 저장하는 제4 단계; 상기 저장된 공유시간정보의 공유 개시시간이 도래하지 않은 경우 상기 공유 신청자 무선단말의 이동전화번호와 매핑 저장된 공유 차량의 차량용전화번호의 착신전환 기능을 비활성 처리(또는 비활성 상태를 유지)하고 상기 공유 개시시간이 도래한 경우 상기 차량용전화번호로의 호 연결 요청을 상기 이동전화번호로 착신 전환되도록 처리하는 제5 단계; 상기 저장된 공유시간정보를 근거로 상기 공유 차량의 공유를 종료하는 공유 종료시간이 경과하는지 확인하는 제6 단계; 및 상기 공유 차량의 공유 종료시간이 경과한 경우, 상기 공유 차량에 할당된 차량용전화번호의 착신전환 기능을 비활성화(또는 해제) 처리하는 제7 단계;를 포함하는 공유 차량의 현재 운전자 연결 방법'이 개시되어 있다.In the prior art, according to the following patent document, 'in a method executed through an operation server that interworks with an application server that provides a vehicle sharing service that shares a driving right to drive a shared vehicle designated to a plurality of users for a certain period of time, , by one-to-one mapping of N vehicle information for N (N ≥ 1) shared vehicles that can share driving rights for a certain period of time to multiple users and N vehicle phone numbers uniquely assigned to each of the N shared vehicles. A first step of storing the designated number management D / B; When applying for a car sharing service through the app of any sharing applicant wireless terminal, vehicle information of the shared vehicle to be shared with the sharing applicant via a designated route, sharing time information to share the shared vehicle with the sharing applicant, and the sharing applicant wireless terminal a second step of receiving a mobile phone number of a third step of inquiring a number management D/B based on vehicle information of a shared vehicle to be shared with the sharing applicant and confirming a vehicle phone number of a designated numbering system assigned to a shared vehicle, not a calling device; a fourth step of mapping the mobile phone number of the sharing applicant wireless terminal, the vehicle phone number assigned to the shared vehicle, and sharing time information to share the shared vehicle, and storing the mapping in a designated storage medium; When the sharing start time of the stored sharing time information has not arrived, the call forwarding function of the shared vehicle's vehicle phone number mapped with the shared applicant's wireless terminal is inactivated (or maintained in an inactive state) and the sharing starts a fifth step of processing the call connection request to the vehicle phone number to be forwarded to the mobile phone number when the time arrives; a sixth step of checking whether a sharing end time for terminating sharing of the shared vehicle has elapsed based on the stored sharing time information; and a seventh step of inactivating (or releasing) the call forwarding function of the vehicle phone number assigned to the shared vehicle when the sharing end time of the shared vehicle has elapsed; has been disclosed.
[선행기술문헌][Prior art literature]
[특허문헌][Patent Literature]
(특허문헌 1) 등록특허 제10-1783555호 공보(Patent Document 1) Patent Registration No. 10-1783555
상기 특허문헌의 기술은, 신청자 무선단말의 이동전화번호를 이용하여, 운전자인 공유자를 특정하고 있다. 즉, 신청자 무선단말의 이동전화번호가 아이디 역할을 하는 것이다.The description of the above patent document specifies a co-owner who is a driver by using the mobile phone number of the applicant's wireless terminal. That is, the mobile phone number of the applicant's wireless terminal serves as an ID.
그런데, 아이디나 이동전화번호는, 타인에게 알려줄 수 있는 '지식'에 불과하다. 하나의 지식이므로, 아이디나 이동전화번호를 본인이 타인에게 적극적으로 알려주는 경우도 있을 수 있고, 아이디나 이동전화번호가 본인의 의사에 반하여 타인에게 탈취되는 경우가 있다.However, IDs and mobile phone numbers are just 'knowledge' that can be shared with others. As it is a piece of knowledge, there may be cases in which the person actively informs others of his/her ID or mobile phone number, and there may be cases in which the ID or mobile phone number is stolen by others against his/her will.
이때, 그 지식을 취득한 타인이 서비스 신청을 하게 되면, 신청 명의 유저(본인)와 실제 이용 유저(타인)가 상이하게 될 우려가 있다. 이로 인해, 유저별 실적이 잘못 산정될 수 있고, 나아가서, 범죄에 악용될 우려도 있다.At this time, when another person who has acquired the knowledge applies for the service, there is a fear that the user (the person) in the name of the application and the user who actually uses the knowledge (the other person) may be different. For this reason, the performance for each user may be erroneously calculated, and furthermore, there is a risk of being misused for crime.
게다가, 아이디나 이동전화번호는, 타이핑 등에 의해 기기에 입력해야 하는 불편함이 따르는 인증방식이다. 따라서, 타이핑 불편 때문에 예컨대 잠시 임시로 유저가 바뀌는 경우, 예컨대 공장 근로자가 잠시 화장실 다녀오기 위해 옆 근로자에게 컨베이어 작업을 맡기는 경우와 같이, 임시 유저 변경의 경우에는, 유저 변경을 위한 아이디나 이동전화번호 타이핑을 하지 않는 경우가 발생하고 있고, 게다가 타이핑을 하는 경우에도 미스 타이핑에 의한 인증 실패의 우려가 있다.In addition, an ID or mobile phone number is an authentication method that is inconvenient to enter into the device by typing or the like. Therefore, in the case of temporary user change due to typing inconvenience, for example, when a temporary user changes, for example, when a factory worker entrusts a conveyor operation to an adjacent worker to go to the bathroom for a while, in the case of a temporary user change, an ID or mobile phone number for changing the user There are cases where typing is not performed, and even when typing is performed, there is a risk of authentication failure due to mistyping.
한편, 유저의 본인인증에는 얼굴, 홍채, 지문 등의 생체정보에 의한 방식도 존재한다. 생체정보는 지식의 검증에 해당되지 않으므로, 노출이나 전달, 도용의 문제가 발생되지는 않는다. 이러한 생체정보는 극히 중요한 개인정보에 해당되므로, 엄밀한 관리가 필요하다. 특히, 생체정보가 네트워크를 통해 송수신되도록 구성된 경우에는, 그 네트워크 신호의 하이재킹 등에 의해 생체정보가 누출되는 사고가 발생될 수 있다. 물론, 생체정보가 들어있는 하드웨어, 예컨대 서버나 단말, 모듈 등이 해킹되어, 생체정보가 탈취당하는 경우도 발생될 수 있다. 나아가서는, 서버나 단말, 모듈 등에 등록되어 있는 생체정보가 무단 개변조 가능한 경우에는, 원래 등록된 유저 이외의 타인의 생체정보로 개변조 시킨 후에, 그 타인이 생체정보에 의해 인증을 받음으로써, 원래 등록된 유저의 인증에 의한 효과를 탈취하는 범죄 등의 조작이 발생될 우려도 있다.On the other hand, there is also a method using biometric information such as face, iris, and fingerprint for user authentication. Since biometric information does not fall under the verification of knowledge, there is no problem of exposure, transmission, or theft. Since such biometric information is extremely important personal information, strict management is required. In particular, when biometric information is transmitted and received through a network, an accident in which biometric information is leaked may occur due to hijacking of the network signal. Of course, hardware containing biometric information, for example, a server, terminal, module, etc. may be hacked, and biometric information may be stolen. Furthermore, if biometric information registered in a server, terminal, module, etc. can be altered without permission, after altering the biometric information of another person other than the originally registered user, that other person is authenticated by the biometric information, There is also a possibility that manipulation such as a crime that steals the effect of authentication of the originally registered user may occur.
본 발명은, 상기 특허문헌의 기술의 문제점을 해소하기 위한 것으로서, 본인이 타인에게 적극적으로 알려주거나, 본인의 의사에 반하여 타인에게 탈취되지 않는 형태의 인증방식에 의해, 유저를 정확하고 신속하게 인증할 수 있는, 유저 인증방법, 장치 및 프로그램을 제공하고자 하는 것이다.The present invention is intended to solve the problems of the technology in the above patent document, and the user is accurately and quickly authenticated by an authentication method in which the person actively informs others or does not take over the person's will. It is to provide a user authentication method, apparatus and program that can do this.
또한, 생체정보를 이용한 유저 인증의 경우에, 네트워크를 통해 생체정보가 송수신되지 않은 상태에서 인증이 이루어지도록 하는, 유저 인증방법, 장치 및 프로그램을 제공하고자 하는 것이다.In addition, in the case of user authentication using biometric information, it is an object of the present invention to provide a user authentication method, apparatus, and program that allow authentication to be performed in a state in which biometric information is not transmitted and received through a network.
또한, 생체정보의 개변조에 따른 타인의 인증효과 탈취 범죄의 발생을 방지할 수 있는, 유저 인증방법, 장치 및 프로그램을 제공하고자 하는 것이다.Another object of the present invention is to provide a user authentication method, apparatus, and program that can prevent the occurrence of a crime of stealing the authentication effect of others according to alteration or modification of biometric information.
상기 과제를 달성하기 위한 본 발명의 방법은, 정보기기를 통한 유저 인증방법으로서, 유저 인증에 이용될 인증모듈이 인증서버에 등록되고, 상기 인증모듈에 유저의 원본 생체정보가 등록됨과 함께, 상기 인증모듈에 의해 상기 원본 생체정보로부터 미리 정해진 방식으로 생성된 원본 해시정보가 상기 인증서버에 등록되는 인증모듈 준비단계와; 상기 정보기기에 착탈 가능하게 연결되어 있는 상기 인증모듈의 생체센서를 통해, 상기 인증모듈에 신규로 현재의 유저의 순시 생체정보가 입력되는 생체정보 입력단계와; 상기 원본 생체정보와 상기 순시 생체정보가 모두 상기 인증모듈에 구비되어 있고, 또한 외부로 전송되지 않은 상태에서, 상기 인증모듈 내에서 상기 원본 생체정보와 상기 순시 생체정보가 비교되어, 상기 원본 생체정보와 상기 순시 생체정보의 일치도가 소정 범위 내에 속하면, 상기 인증모듈로부터 소정의 생체일치신호가 출력되는 모듈내부 처리단계와; 상기 인증모듈 내에서, 비교에 사용된 상기 원본 생체정보로부터 순시 해시정보가 생성되어, 상기 인증서버에 전송되는 순시 해시정보 생성단계와; 상기 원본 해시정보와 상기 순시 해시정보가 모두 상기 인증서버에 구비되어 있는 상태에서, 상기 생체일치신호를 입력받은 상기 인증서버 내에서 상기 원본 해시정보와 상기 순시 해시정보의 비교 결과 일치되는 해시일치의 경우에, 상기 인증서버로부터 소정의 인증확인신호가 출력되는 인증확인 단계;가 포함되어 이루어짐을 특징으로 한다.The method of the present invention for achieving the above object is a user authentication method through an information device, wherein an authentication module to be used for user authentication is registered in an authentication server, and the user's original biometric information is registered in the authentication module, an authentication module preparation step in which original hash information generated in a predetermined manner from the original biometric information by an authentication module is registered in the authentication server; a biometric information input step of newly inputting instantaneous biometric information of a current user into the authentication module through a biometric sensor of the authentication module detachably connected to the information device; In a state where both the original biometric information and the instantaneous biometric information are provided in the authentication module and not transmitted to the outside, the original biometric information and the instantaneous biometric information are compared in the authentication module, and the original biometric information a module internal processing step of outputting a predetermined biometric matching signal from the authentication module when the instantaneous biometric information coincides with a predetermined range; an instantaneous hash information generating step of generating instantaneous hash information from the original biometric information used for comparison in the authentication module and transmitting it to the authentication server; In a state in which both the original hash information and the instantaneous hash information are provided in the authentication server, the comparison result of the original hash information and the instantaneous hash information in the authentication server that received the biometric matching signal matches the hash coincidence in this case, an authentication confirmation step of outputting a predetermined authentication confirmation signal from the authentication server; It is characterized in that it is included.
여기서, 상기 모듈내부 처리단계에 있어서, 상기 원본 생체정보 및 상기 순시 생체정보는, 상기 인증모듈 내부에서만 읽기 가능한 시큐어 메모리에 로딩된 상태에서, 상기 일치도 판단이 수행됨이 바람직하다.Here, in the module internal processing step, it is preferable that the match degree determination is performed while the original biometric information and the instantaneous biometric information are loaded into a secure memory readable only within the authentication module.
그리고, 상기 원본 생체정보는, 암호화된 상태로 저장되어 있다가, 상기 모듈내부 처리단계에 있어서의 상기 일치도 판단 직전에 복호화되어 처리됨이 바람직하다.In addition, the original biometric information is stored in an encrypted state, and it is preferable to be decrypted and processed immediately before the matching is determined in the processing step inside the module.
그리고, 상기 순시 생체정보는, 상기 일치도 판단 직후에 복구 불가능하게 완전삭제됨이 바람직하다.And, it is preferable that the instantaneous biometric information is irretrievably completely deleted immediately after the match is determined.
그리고, 상기 순시 해시정보 생성단계 이전에, 상기 생체일치신호를 받은 상기 인증서버에서 해시정보의 비교될 지정 포지션이 출력되는 지정 포지션 출력단계;가 더 구비되고, 상기 순시 해시정보 생성단계에서는, 상기 지정 포지션의 순시 해시정보가 생성 및 전송되며, 상기 인증확인 단계에서는, 상기 지정 포지션의 순시 해시정보와 원본 해시정보가 비교되도록 이루어짐이 바람직하다. And, before the instantaneous hash information generating step, a designated position output step of outputting a designated position to be compared of hash information from the authentication server that has received the biometric matching signal is further provided, wherein in the instantaneous hash information generating step, the Instantaneous hash information of the specified position is generated and transmitted, and in the authentication confirmation step, it is preferable that the instantaneous hash information of the specified position and the original hash information are compared.
그리고, 상기 지정 포지션은, 난수에 의해 결정됨이 바람직하다.And, it is preferable that the designated position is determined by a random number.
그리고, 상기 지정 포지션은, 복수개임이 바람직하다.And, it is preferable that the said designated position is plural.
한편, 상기 과제를 달성하기 위한 본 발명의 장치는, 정보기기를 통한 유저 인증장치로서, 외부에 인증서버가 연결됨과 함께, 일측은 상기 정보기기에 착탈 가능하게 연결되어 있고, 타측은 생체센서에 연결되어 있으며, 내부에 유저의 원본 생체정보가 등록되어 구비되어 있고, 상기 원본 생체정보로부터 미리 정해진 방식으로 생성한 원본 해시정보를 상기 인증서버에 등록해 놓은 상태에서, 상기 생체센서를 통해 신규로 현재의 유저의 순시 생체정보를 입력받음으로써, 상기 원본 생체정보와 상기 순시 생체정보가 모두 내부에 구비되어 있고, 외부로 전송되지 않도록 하는 상태에서, 내부에서 상기 원본 생체정보와 상기 순시 생체정보가 비교되도록 하여, 상기 원본 생체정보와 상기 순시 생체정보의 일치도가 소정 범위 내에 속하면, 소정의 생체일치신호가 출력되는 한편, 비교에 사용된 상기 원본 생체정보로부터 순시 해시정보가 생성되어, 상기 인증서버에 전송되도록 하는 인증모듈과; 상기 인증모듈로부터 상기 원본 해시정보를 등록받은 상태에서, 미리 등록되어 있는 상기 인증모듈로부터 상기 생체일치신호와 함께 상기 순시 해시정보를 받아서, 상기 원본 해시정보와 상기 순시 해시정보가 모두 내부에 구비되어 있는 상태에서, 상기 원본 해시정보와 상기 순시 해시정보가 비교되어, 일치하는 경우에 해시일치 판정이 이루어짐과 함께 소정의 인증확인신호가 출력되는 인증서버;가 포함되어 이루어짐을 특징으로 하는 한다.On the other hand, the device of the present invention for achieving the above object is a user authentication device through an information device, with an external authentication server connected, one side is detachably connected to the information device, and the other side is connected to the biosensor. It is connected, the user's original biometric information is registered therein, and the original hash information generated from the original biometric information in a predetermined manner is registered in the authentication server, By receiving the instantaneous biometric information of the current user, both the original biometric information and the instantaneous biometric information are provided inside, and the original biometric information and the instantaneous biometric information are stored inside in a state in which the instantaneous biometric information is not transmitted to the outside. When the degree of coincidence between the original biometric information and the instantaneous biometric information falls within a predetermined range, a predetermined biometric coincidence signal is output, while instantaneous hash information is generated from the original biometric information used for comparison, and the authentication an authentication module to be transmitted to the server; In a state in which the original hash information is registered from the authentication module, the instantaneous hash information is received along with the biometric matching signal from the previously registered authentication module, and both the original hash information and the instantaneous hash information are provided inside In the present state, the original hash information and the instantaneous hash information are compared, and when they match, a hash match determination is made and an authentication server that outputs a predetermined authentication confirmation signal is included.
한편, 상기 과제를 달성하기 위한 본 발명의 프로그램은, 유저 인증을 위한 프로그램으로서, 정보처리기기에 상기에 기재된 방법의 각 단계를 실행시키기 위한 프로그램을 기록한, 정보처리기기로 읽을 수 있는 저장매체에 기록된 프로그램이다.On the other hand, the program of the present invention for achieving the above object is a program for user authentication, in which an information processing device records a program for executing each step of the method described above in a storage medium readable by an information processing device. recorded program.
본 발명에 의하면, 본인이 타인에게 적극적으로 알려주거나, 본인의 의사에 반하여 타인에게 탈취되지 않는 형태의 인증방식에 의해, 유저를 정확하고 신속하게 인증할 수 있는, 유저 인증방법, 장치 및 프로그램이 제공된다.According to the present invention, there is provided a user authentication method, apparatus and program that can accurately and quickly authenticate a user by an authentication method in which the person actively informs others or does not take over the person against his/her will. is provided
또한, 생체정보를 이용한 유저 인증의 경우에, 네트워크를 통해 생체정보가 송수신되지 않은 상태에서 인증이 이루어지도록 하는, 유저 인증방법, 장치 및 프프로그램이 제공된다.In addition, in the case of user authentication using biometric information, a user authentication method, apparatus, and program are provided so that authentication is performed in a state in which biometric information is not transmitted and received through a network.
또한, 생체정보의 개변조에 따른 타인의 인증효과 탈취 범죄의 발생을 방지할 수 있는, 유저 인증방법, 장치 및 프로그램이 제공된다.In addition, there is provided a user authentication method, apparatus and program capable of preventing the occurrence of a crime of stealing authentication effects of others according to alteration of biometric information.
도 1은, 본 발명에 의한 유저 인증방법이 구현될 장치의 일실시예의 블럭도이다.1 is a block diagram of an embodiment of an apparatus in which a user authentication method according to the present invention will be implemented.
도 2는, 동 방법의 플로챠트이다.2 is a flowchart of the same method.
이하, 첨부도면을 참조하면서 본 발명에 따른 공유대상에 대한 유저별 이용실적의 검지방법, 장치 및 프로그램에 대해 상세히 설명한다. 다만, 동일구성에 의해 동일기능을 가지는 부재에 대해서는, 도면이 달라지더라도 동일부호를 유지함으로써, 그 상세한 설명을 생략하는 경우가 있다.Hereinafter, with reference to the accompanying drawings, a method, apparatus, and program for detecting usage performance for each user for a shared object according to the present invention will be described in detail. However, for members having the same function due to the same configuration, the same reference numerals are maintained even if the drawings are different, and thus detailed description thereof may be omitted.
또한, 어떤 부재의 전후, 좌우, 상하에 다른 부재가 배치되거나 연결되는 관계는, 그 중간에 별도 부재가 삽입되는 경우를 포함한다. 반대로, 어떤 부재가 다른 부재의 '바로' 전후, 좌우, 상하에 있다고 할 때에는, 중간에 별도 부재가 없는 것을 뜻한다. 그리고 어떤 부분이 다른 구성요소를 '포함'한다고 할 때, 이는 특별히 반대되는 기재가 없는 한, 다른 구성요소를 제외하는 것이 아니라, 다른 구성요소를 더 포함할 수 있는 것을 의미한다.In addition, the relationship in which another member is arranged or connected to the front, rear, left, right, and upper and lower sides of a member includes a case in which a separate member is inserted in the middle. Conversely, when a member is said to be 'right', right, left, or top and bottom of another member, it means that there is no separate member in the middle. And when a part 'includes' other components, this means that other components may be further included, rather than excluding other components, unless otherwise stated.
그리고 구성의 명칭을 제1, 제2 등으로 구분한 것은, 그 구성이 동일한 관계로 이를 구분하기 위한 것으로, 반드시 그 순서에 한정되는 것은 아니다. 또한, 명세서에 기재된 '유닛', '수단', '부', '부재', '모듈' 등의 용어는, 적어도 하나의 기능이나 동작을 하는 포괄적인 구성의 단위를 의미한다. 그리고 명세서에 기재된 단말, 서버 등의 정보처리기기는, 특정한 기능이나 동작이 구현된 하드웨어를 의미하는 하드 와이어링을 기본적으로 의미하지만, 특정한 하드웨어에 한정되도록 해석되어서는 안되고, 일반 범용 하드웨어 상에 그 특정한 기능이나 동작이 구현되도록 하기 위해 구동되는 소프트웨어로 이루어지는 소프트 와이어링을 배제하는 것이 아니다. 즉, 단말 또는 서버는, 어떤 장치가 될 수도 있고, 앱과 같이, 어떤 기기에 설치되는 소프트웨어가 될 수도 있다.In addition, the reason that the names of the components are divided into the first, the second, etc. is to classify them in the same relationship, and the order is not necessarily limited thereto. In addition, terms such as 'unit', 'means', 'unit', 'member', and 'module' described in the specification mean a unit of a comprehensive configuration that performs at least one function or operation. And information processing devices such as terminals and servers described in the specification basically mean hard wiring, which means hardware in which specific functions or operations are implemented, but should not be construed to be limited to specific hardware, and should not be construed as being limited to specific hardware. This does not exclude soft wiring, which consists of software running to cause a specific function or operation to be implemented. That is, the terminal or server may be any device or software installed on any device, such as an app.
그리고 도면에 나타난 각 구성의 크기 및 두께는, 설명의 편의를 위해 임의로 나타내었으므로, 본 발명이 반드시 도면에 도시된 바에 한정되지 않으며, 층 및 영역 등의 여러 부분 및 영역을 명확하게 표현하기 위해 두께 등은 과장하여 확대 또는 축소하여 나타낸 경우가 있다.And since the size and thickness of each component shown in the drawings are arbitrarily indicated for convenience of explanation, the present invention is not necessarily limited to the bar shown in the drawings, and in order to clearly express various parts and regions such as layers and regions In some cases, the thickness and the like are exaggerated and enlarged or reduced.
<기본구성 - 방법><Basic configuration - method>
본 발명의 방법은, 정보기기(10)를 통한 유저(14) 인증방법이다. 이 방법은, 정보기기(10)의 이용이나 서버(30)의 접속, 데이터처리의 수행(31) 등에 앞서서, 유저(14)의 본인여부의 인증이 요구되는 경우에 이용될 수 있다. 예컨대 컴퓨터 등 정보기기(10)에 의해 예컨대 쇼핑몰 등 서버(30)에 로그인하는 경우, 또는 예컨대 스마트폰 등 정보기기(10)에 의해 예컨대 온라인뱅킹 등 서버(30)에서 송금처리를 수행(31)하는 경우 등에 있어서, 그 로그인의 요청이나 송금처리의 수행 요청을 하는 유저(14)가 미리 등록된 본인인지 검증될 필요가 있을 때 이용될 수 있다. 다만, 유저(14)의 인증은, 상기 예시된 경우들에 한하지 않고, 예컨대 군사분야나 우주 항공, 회사내 의사결정, 현관출입문 등, 미리 허용된 유저(14)인지의 여부를 검증하는 경우에 모두 이용될 수 있다고 해석됨은 당연하다.The method of the present invention is a method for authenticating the user 14 through the information device 10 . This method can be used when authentication of the identity of the user 14 is required prior to the use of the information device 10 , the connection to the server 30 , the execution of data processing 31 , and the like. For example, when logging in to the server 30, such as a shopping mall, etc. by the information device 10 such as a computer, or by the information device 10 such as a smart phone, for example, the remittance processing is performed in the server 30, such as online banking (31) In such a case, it can be used when it is necessary to verify whether the user 14 who requests the login or the request to perform the remittance processing is a previously registered person. However, the authentication of the user 14 is not limited to the cases exemplified above, and for example, in the case of verifying whether the user 14 is allowed in advance, such as in the military field or aerospace, in-company decision-making, or the entrance door. It is of course interpreted that it can be used for all of them.
본 발명의 방법은, 인증모듈 준비단계(S10)와; 생체정보 입력단계(S20)와; 모듈내부 처리단계(S30)와; 순시 해시정보 생성단계(S40)와; 인증확인 단계(S50);가 포함되어 이루어짐을 특징으로 한다.The method of the present invention, the authentication module preparation step (S10) and; Biometric information input step (S20) and; Module internal processing step (S30) and; Instantaneous hash information generation step (S40) and; authentication verification step (S50); It is characterized in that it is included.
상기 인증모듈 준비단계(S10)는, 유저(14) 인증에 이용될 인증모듈(12)이 인증서버(20)에 등록되고, 상기 인증모듈(12)에 유저(14)의 원본 생체정보가 등록됨과 함께, 상기 인증모듈(12)에 의해 상기 원본 생체정보로부터 미리 정해진 방식으로 생성된 원본 해시정보가 상기 인증서버(20)에 등록되는 단계이다.In the authentication module preparation step (S10) , the authentication module 12 to be used for authentication of the user 14 is registered in the authentication server 20, and the original biometric information of the user 14 is registered in the authentication module 12 In addition, original hash information generated in a predetermined manner from the original biometric information by the authentication module 12 is registered in the authentication server 20 .
상기 인증서버(20)는, 소정의 신호를 입력받으면, 그에 대응되는 소정의 신호를 출력하도록 구성되어 있는 서버이다. 즉, 종래의 일반적인 서버와 달리, 이미지 비교처리 등의 고도의 연산처리가 필요 없다. 따라서, 에러의 감소와 함께 처리속도의 증가가 가능하다. The authentication server 20 is a server configured to output a predetermined signal corresponding thereto when receiving a predetermined signal. That is, unlike the conventional server, a high-level computational processing such as image comparison processing is not required. Accordingly, it is possible to increase the processing speed while reducing errors.
상기 인증서버(20)는, 미리 등록되어 있는 인증모듈(12)로부터의 신호에만 응답하도록 구성됨이 바람직하다. 따라서, 상기 인증모듈(12)은, 신호의 송수신에 앞서서 미리 상기 인증서버(20)에 등록되어 있어야 한다. 상기 인증모듈(12)을 상기 인증서버(20)에 등록할 때는, 보안검증, 예컨대 공인인증서나 사설인증서에 의한 검증을 거치도록 할 수도 있다. 등록 여부는, 인증모듈(12)의 고유식별부호, 예컨대 시리얼넘버나 ID 등에 의해 판별될 수도 있다.The authentication server 20 is preferably configured to respond only to signals from the authentication module 12 registered in advance. Accordingly, the authentication module 12 must be registered in the authentication server 20 in advance prior to signal transmission and reception. When the authentication module 12 is registered with the authentication server 20, security verification, for example, verification by a public certificate or a private certificate may be performed. Whether or not to register may be determined by a unique identification code of the authentication module 12, for example, a serial number or ID.
상기 원본 생체정보는, 인증에 사용될 기준이 되는 생체정보이다. 상기 원본 생체정보는, 상기 인증모듈(12)에 연결된 생체센서(13)을 통해 획득되어 입력될 수 있다. 다만, 이에 한하지 않는다. 예컨대, 상기 원본 생체정보는, 생체센서(13)를 통하지 않고 다른 기기(미도시)로부터 전송되어 입력될 수 있다.The original biometric information is biometric information serving as a standard to be used for authentication. The original biometric information may be obtained and input through the biometric sensor 13 connected to the authentication module 12 . However, it is not limited to this. For example, the original biometric information may be transmitted and input from another device (not shown) without going through the biosensor 13 .
한편, 상기 원본 생체정보의 해킹여부 확인을 위해, 상기 원본 생체정보에 대해 상기 인증모듈(12)에 의해 미리 정해진 방식으로 원본 해시정보가 생성되어 상기 인증서버(20)에 전송되어 등록되도록 구성되어 있다. 이 원본 해시정보는, 나중에 생체정보 비교시에 원본 생체정보의 해킹여부 검증을 위해 사용되기 위해 미리 저장해 두는 데이터이다. 여기서, 해시정보는, 예컨대 해시함수값으로 설정될 수 있지만, 이에 한하는 것은 아니고, 예컨대 해시함수값에 대한 소정 가공값으로 설정되어도 좋다. 이하, 해시함수값이나 그 가공값을 통칭하여 해시정보라 한다.On the other hand, in order to check whether the original biometric information is hacked, original hash information is generated in a predetermined manner by the authentication module 12 for the original biometric information, and is transmitted to the authentication server 20 for registration. have. This original hash information is data that is stored in advance to be used for verifying whether the original biometric information is hacked when comparing the biometric information later. Here, the hash information may be set, for example, as a hash function value, but is not limited thereto, and may be set, for example, as a predetermined processed value for the hash function value. Hereinafter, a hash function value or a processed value thereof is collectively referred to as hash information.
상기 원본 해시정보는, 상기 인증모듈(12)에서 상기 인증서버(20)로 전송될 때, 암호화된 상태로 전송된다. 원본 해시정보가 해시함수값인 경우, 모든 해시함수값을 전송할 수도 있고, 다른 방법을 통해 서버가 생체정보에 대한 해시값을 전부 혹은 일부를 가질 수 있도록 처리한다. 인증서버(20)는, 상기 원본 해시정보를 안전하게 저장한다.When the original hash information is transmitted from the authentication module 12 to the authentication server 20, it is transmitted in an encrypted state. If the original hash information is a hash function value, all hash function values may be transmitted, or the server may have all or part of the hash value for biometric information through another method. The authentication server 20 securely stores the original hash information.
상기 생체정보 입력단계(S20)는, 상기 정보기기(10)에 착탈 가능하게 연결되어 있는 상기 인증모듈(12)의 생체센서(13)를 통해, 상기 인증모듈(12)에 신규로 현재의 유저(14)의 순시 생체정보가 입력되는 단계이다.In the biometric information input step (S20) , the current user is newly added to the authentication module 12 through the biometric sensor 13 of the authentication module 12 detachably connected to the information device 10. In step (14), instantaneous biometric information is input.
상기 정보기기(10)는, 처리서버(30)에 대한 접속 및 정보처리 등의 기본기능 이외에, 본 발명에 의한 인증기능의 처리에 기여하는 유닛이다. 상기 정보기기(10)에서 상기 처리서버(30)에 로그인 등의 처리요청을 하는 경우를 예로 들면, 상기 정보기기(10) 내의 처리요청부(11)에서 상기 처리서버(30)의 처리수행부(31)에 연결되어, 로그인 처리의 방식을 결정하고, 상기 정보기기(10)에서 상기 인증모듈(12)과 인증서버(20)을 통해 인증처리를 해서, 상기 인증서버(20)에서 인증확인 신호가 상기 처리수행부(31)에 입력되는 것을 기다리도록 설정될 수 있다. The information device 10 is a unit contributing to the processing of the authentication function according to the present invention in addition to the basic functions such as connection to the processing server 30 and information processing. For example, when the information device 10 makes a processing request such as logging in to the processing server 30 , the processing request unit 11 in the information device 10 performs the processing unit of the processing server 30 . It is connected to (31), determines a method of log-in processing, performs authentication processing through the authentication module 12 and authentication server 20 in the information device 10, and confirms authentication in the authentication server 20 It may be set to wait for the signal to be input to the processing unit 31 .
상기 처리요청부(11)는, 상기 정보기기(10)에 포함되어 일체형으로 구성될 수 있다. 하지만, 이에 한하지 않는다. 상기 처리요청부(11)는, 상기 정보기기(10)에 착탈 가능하게 착탈식으로 구성되어도 좋다. 마찬가지로, 상기 처리수행부(31)는, 상기 처리서버(30)에 포함되어 일체형으로 구성될 수 있다. 하지만, 이에 한하지 않는다. 상기 처리수행부(31)는, 상기 처리서버(30)에 착탈 가능하게 착탈식으로 구성되어도 좋다.The processing request unit 11 may be included in the information device 10 to be integrally configured. However, it is not limited to this. The processing request unit 11 may be detachably configured to be detachably attached to the information device 10 . Similarly, the processing performing unit 31 may be included in the processing server 30 to be integrally configured. However, it is not limited to this. The processing performing unit 31 may be detachably configured to be detachably attached to the processing server 30 .
상기 인증모듈(12)은, 상기 처리요청부(11)나 정보기기(10)에 포함되어 설치된 일체형으로 이루어질 수 있다. 이 경우에, 안정적 전기접속과 함께, 최적화된 구성이 가능하다.The authentication module 12 may be integrally installed and included in the processing request unit 11 or the information device 10 . In this case, with a stable electrical connection, an optimized configuration is possible.
하지만, 상기 인증모듈(12)은, 상기 처리요청부(11)나 정보기기(10)에 착탈 가능하게 체결 가능한 착탈식으로 이루어지도록 구성됨이 바람직하다. 착탈의 방식은 유무선을 막론하고 가능하며, 예컨대 USB 인터페이스의 단자를 가지는 처리요청부(11)나 정보기기(10)에 USB 동글 형태의 인증모듈(12)이 물리적으로 착탈되는 경우를 들 수 있고, 다른 예로서 블루투스 방식의 무선수단을 가지는 처리요청부(11)나 정보기기(10)와 인증모듈(12)이 접속가능 범위 내에서 서로 페어링되는 경우를 들 수 있다. 이런 착탈식의 경우에, 상기 인증모듈(12)은 여러 정보기기(10)에 접속될 수 있게 구성될 수 있다. 따라서, 접속의 자유도 증가가 가능하다. 이와 함께, 미사용 시간에는 상기 인증모듈(12)을 상기 처리요청부(11)에서 분리하여 금고 등 보다 안전한 장소에 보관할 수 있다.However, the authentication module 12 is preferably configured to be detachably fastened to the processing request unit 11 or the information device 10 . The method of attachment and detachment is possible regardless of wired or wireless, for example, a case in which the authentication module 12 in the form of a USB dongle is physically attached to and detached from the processing request unit 11 or the information device 10 having a terminal of a USB interface. , as another example, a case in which the processing request unit 11 or the information device 10 and the authentication module 12 having a Bluetooth-type wireless means are paired with each other within a reachable range. In this detachable case, the authentication module 12 may be configured to be connected to various information devices 10 . Accordingly, it is possible to increase the degree of freedom of connection. In addition, during non-use time, the authentication module 12 can be separated from the processing request unit 11 and stored in a safer place, such as a safe.
특히, 상기 인증모듈(12)은, 복수로 이루어지도록 구성될 수 있다. 이 경우, 상기 복수의 인증모듈(12)의 각각은, 각 유저(14)에게 배정되어 있는 개인용이 될 수 있다. 이 경우, 각 유저(14)의 인증모듈(12)에는, 각 유저(14)의 원본 생체정보가 등록되어 있도록 구성됨이 바람직하다. 이렇게 함으로써, 각 인증모듈(12)은, 철저히 개인화되어, 각 개인 유저(14)의 인증을 위해서만 사용되는 것이 된다. 그리고 이러한 개인용 인증모듈(12)은, 여러 정보기기(10)에 대해 사용될 수 있다.In particular, the authentication module 12 may be configured to be formed in plurality. In this case, each of the plurality of authentication modules 12 may be for individuals assigned to each user 14 . In this case, the authentication module 12 of each user 14 is preferably configured such that the original biometric information of each user 14 is registered. By doing so, each authentication module 12 is thoroughly personalized and used only for authentication of each individual user 14 . And this personal authentication module 12 can be used for various information devices (10).
순시 생체정보는, 상기 원본 생체정보와 비교되기 위해 입력되는 생체정보이다. 이는, 상기 인증모듈(12)에 연결되어 있는 생체센서(13)로부터 취득된다. 상기 생체센서(13)는, 상기 인증모듈(12)에 포함되어 설치된 일체형으로 이루어질 수 있다. 이렇게 함으로써, 보안이 강화될 수 있다. 하지만, 이에 한하는 것이 아니다. 상기 생체센서(13)는, 상기 인증모듈(12)에 착탈 가능하게 접속되는 착탈식으로 이루어질 수 있다. 이렇게 함으로써, 신규 개발된 센서, 상이한 종류의 센서의 교체 장착이 가능하고, 센서 자체의 분리 관리가 가능하다는 장점이 있다.The instantaneous biometric information is biometric information input to be compared with the original biometric information. This is obtained from the biosensor 13 connected to the authentication module 12 . The biosensor 13 may be included in the authentication module 12 as an integral type installed. By doing so, security can be enhanced. However, it is not limited to this. The biosensor 13 may be detachably connected to the authentication module 12 . By doing so, there are advantages in that the newly developed sensor and different types of sensors can be replaced and installed, and the sensor itself can be managed separately.
상기 모듈내부 처리단계(S30)는, 상기 원본 생체정보와 상기 순시 생체정보가 모두 상기 인증모듈(12)에 구비되어 있고, 또한 외부로 전송되지 않은 상태에서, 상기 인증모듈(12) 내에서 상기 원본 생체정보와 상기 순시 생체정보가 비교되어, 상기 원본 생체정보와 상기 순시 생체정보의 일치도가 소정 범위 내에 속하면, 상기 인증모듈(12)로부터 소정의 생체일치신호가 출력되는 단계이다.In the module internal processing step (S30) , both the original biometric information and the instantaneous biometric information are provided in the authentication module 12 and are not transmitted to the outside; When the original biometric information and the instantaneous biometric information are compared and the degree of matching between the original biometric information and the instantaneous biometric information is within a predetermined range, a predetermined biometric matching signal is outputted from the authentication module 12 .
여기서, 상기 원본 생체정보 및 상기 순시 생체정보는, 상기 인증모듈(12) 내부에서만 읽기 가능한 시큐어 메모리(미도시)에 로딩된 상태에서, 일치도 판단이 수행되도록 구성됨이 바람직하다. 상기 시큐어 메모리에 대해서는, 상기 인증모듈(12) 외부로부터의 엑세스가 불가능하다. 따라서, 인증모듈(12)에 대한 데이터 엑세스에 의한 해킹시도 자체가 불가능하여, 보안이 극히 제고된다.Here, it is preferable that the original biometric information and the instantaneous biometric information are configured to determine the degree of matching while being loaded in a secure memory (not shown) readable only within the authentication module 12 . The secure memory is not accessible from the outside of the authentication module 12 . Therefore, a hacking attempt by data access to the authentication module 12 itself is impossible, and security is extremely improved.
또한, 상기 원본 생체정보는, 암호화된 상태로 저장되어 있다가, 상기 일치도 판단 직전에 복호화되어, 일치도 판단 등이 처리되도록 구성됨이 바람직하다. 이로써, 설령 인증모듈(12) 내의 생체정보에 대해 해킹시도가 발생되더라도, 암호화된 상태의 원본 생체정보로 인해, 보안이 극히 제고된다.In addition, it is preferable that the original biometric information is stored in an encrypted state, and is decrypted immediately before the matching degree is determined so that the matching degree determination is processed. Accordingly, even if a hacking attempt occurs on the biometric information in the authentication module 12, the security is greatly improved due to the encrypted original biometric information.
그리고 상기 순시 생체정보는, 상기 일치도 판단 직후에 복구 불가능하게 완전삭제되도록 구성됨이 바람직하다. 이로써, 설령 인증모듈(12) 내에서 일치도 판단에 사용된 생체정보에 대해 해킹시도가 발생되더라도, 이미 복구 불가능하게 완전삭제된 상태이므로, 보안이 극히 제고된다.It is preferable that the instantaneous biometric information is configured to be irretrievably completely deleted immediately after the match is determined. As a result, even if a hacking attempt occurs on the biometric information used for determining the degree of matching in the authentication module 12, since it is already in a state of being irretrievably completely deleted, security is extremely improved.
상기 일치도의 판단은, 생체정보의 패턴에 대한 일치도 내지 유사도의 판단에 관한 종래의 기술을 이용할 수 있다. 보안성과 속도의 균형을 위해, 상기 일치도의 소정 범위는 조정될 수 있다.For the determination of the degree of matching, a conventional technique for determining the degree of agreement or similarity with respect to a pattern of biometric information may be used. To balance security and speed, the predetermined range of the degree of matching may be adjusted.
상기 일치도 판단 결과 출력되는 상기 생체일치신호는, 상기 인증서버(20)와 상기 인증서버(20)에 등록된 상기 인증모듈(12) 사이에서 미리 정해놓은 신호이다. 상기 생체일치신호는, 상기 인증모듈(12)로부터 직접 상기 인증서버(20)로, 또는 상기 인증모듈(12)에서 상기 처리요청부(11)나 정보기기(10)를 거쳐서 상기 인증서버(20)로 전송된다.The biometric matching signal output as a result of determining the degree of matching is a signal predetermined between the authentication server 20 and the authentication module 12 registered in the authentication server 20 . The biometric signal is transmitted from the authentication module 12 directly to the authentication server 20 or from the authentication module 12 through the processing request unit 11 or the information device 10 to the authentication server 20 . ) is sent to
상기 순시 해시정보 생성단계(S40)는, 상기 인증모듈(12) 내에서, 비교에 사용된 상기 원본 생체정보로부터 순시 해시정보가 생성되어, 상기 인증서버(20)에 전송되는 단계이다.The instantaneous hash information generation step S40 is a step in which instantaneous hash information is generated from the original biometric information used for comparison in the authentication module 12 and transmitted to the authentication server 20 .
인증모듈(12)에서 원본 생체정보와 순시 해시정보의 비교에 의해 생체정보의 일치도를 확인하게 되는 경우 (유저 검증 실시시), 생체인증을 통한 일치도의 확인 전 또는 후에, 인증모듈(12)은, 이번에 실시된 비교에서 사용된 원본 생체정보 데이터에 대한 순시 해시정보(예컨대 해시함수값)를 계산한다. 이 순시 해시정보는, 인증모듈 준비단계(S10)에서의 원본 생체정보 등록 및 원본 해시정보 등록시와 같은 방법으로, 인증모듈(12)에서 생성되어 인증서버(20)에 전송된다.When the authentication module 12 confirms the degree of conformity of biometric information by comparing the original biometric information and instantaneous hash information (when user verification is performed), before or after confirming the degree of conformity through biometric authentication, the authentication module 12 is , calculates instantaneous hash information (eg, hash function value) for the original biometric data used in the comparison conducted this time. This instantaneous hash information is generated in the authentication module 12 and transmitted to the authentication server 20 in the same way as when registering the original biometric information and registering the original hash information in the authentication module preparation step S10 .
상기 인증확인 단계(S50)는, 상기 원본 해시정보와 상기 순시 해시정보가 모두 상기 인증서버(20)에 구비되어 있는 상태에서, 상기 생체일치신호를 입력받은 상기 인증서버(20) 내에서 상기 원본 해시정보와 상기 순시 해시정보의 비교 결과 일치되는 해시일치의 경우에, 상기 인증서버(20)로부터 소정의 인증확인신호가 출력되는 단계이다.In the authentication verification step (S50) , the original hash information and the instantaneous hash information are both provided in the authentication server 20, and in the authentication server 20 receiving the biometric matching signal, the original This is a step of outputting a predetermined authentication confirmation signal from the authentication server 20 in the case of a hash coincidence as a result of comparing the hash information and the instantaneous hash information.
인증서버(20)에 저장되어 있는 원본 해시정보와 이번 생체정보의 비교시에 생성되어 전송된 순시 해시정보가 비교됨으로써, 인증모듈(12)에 등록 저장되어 있는 원본 생체정보가 위변조 되지 않았음을 확인할 수 있다.By comparing the instantaneous hash information generated and transmitted when the original hash information stored in the authentication server 20 and this biometric information is compared, it is confirmed that the original biometric information registered and stored in the authentication module 12 has not been forged or altered. can be checked
상기 소정의 인증확인신호는, 상기 인증서버(20)와 상기 인증서버(20)에 등록된 상기 인증모듈(12) 사이에서 미리 정해놓은 신호로서, 상기 인증서버(20)에서 상기 처리서버(30)로 전송하도록 미리 정해져 있는 신호이다. 따라서, 상기 처리서버(30)는, 상기 인증확인신호의 입력을 대기하고 있다가, 상기 인증확인신호를 입력받으면, 처리수행부(31)에 의해 미리 정해진 처리를 수행한다.The predetermined authentication confirmation signal is a signal predetermined between the authentication server 20 and the authentication module 12 registered in the authentication server 20, and the authentication server 20 in the process server 30 ) is a predetermined signal to be transmitted. Accordingly, the processing server 30 waits for the input of the authentication confirmation signal, and upon receiving the authentication confirmation signal, performs a predetermined process by the processing performing unit 31 .
<효과><Effect>
예컨대, 정보기기(10)인 컴퓨터에서 유저(14)가 처리서버(30)인 쇼핑몰에 로그인하는 경우에, 유저(14)가 처리요청부(11)에 착탈식 인증모듈(12)을 체결하고, 상기 인증모듈(12)에 내장된 생체센서(13)에 의해 순시 생체정보를 입력한다. 그러면 상기 인증모듈(12) 내부에서 원본 생체정보와 순시 생체정보 사이의 일치도가 판단되어, 소정 범위 내에 속하면, 생체일치신호가 출력된다. 이 생체일치신호를 입력받은 상기 인증서버(20)는, 인증확인신호를 출력하고, 이는 상기 처리서버(30)에 입력된다. 상기 처리서버(30)는, 처리수행부(31)에 의해 로그인 처리를 수행한다.For example, when the user 14 logs in to the shopping mall that is the processing server 30 in the computer that is the information device 10, the user 14 engages the processing request unit 11 with the removable authentication module 12, Instantaneous biometric information is input by the biometric sensor 13 built into the authentication module 12 . Then, the degree of matching between the original biometric information and the instantaneous biometric information is determined inside the authentication module 12, and if it falls within a predetermined range, a biometric matching signal is output. The authentication server 20 receiving the biometric matching signal outputs an authentication confirmation signal, which is input to the processing server 30 . The processing server 30 performs login processing by the processing execution unit 31 .
이처럼, 생체인증에 의해 정보기기(10)의 처리요청을 받은 처리서버(30)의 처리수행부(31)가 소정의 처리를 수행하게 되므로, 이동전화번호나 아이디 등의 지식에 의한 유저 감별의 문제점들을 회피하고, 정확하고 간편하게 진정한 유저의 감별이 가능하게 된다. 특히, 인증모듈(12) 내부에서만 생체정보의 일치도가 판단되므로, 생체정보의 외부유출이 전혀 없다. 그리고 일치도 판단 결과는 미리 정의된 신호로만 출력되므로, 생체정보의 외부유출이 전혀 없다. In this way, since the processing execution unit 31 of the processing server 30 that has received the processing request of the information device 10 by biometric authentication performs a predetermined processing, it is possible to identify users based on knowledge such as mobile phone numbers and IDs. It avoids the problems, and it is possible to accurately and simply identify the true user. In particular, since the degree of matching of biometric information is determined only inside the authentication module 12, there is no external leakage of biometric information. And since the match determination result is output only as a predefined signal, there is no external leakage of biometric information.
나아가서, 순시 생체정보가 시큐어 메모리에 저장되고, 원본 생체정보가 암호화된 상태로 저장되며, 순시 생체정보가 일치도 판단 이후에 삭제되는 등의 구성에 의해, 해킹시도가 완전히 차단된다.Furthermore, instantaneous biometric information is stored in the secure memory, the original biometric information is stored in an encrypted state, and the instantaneous biometric information is deleted after the match is determined, thereby completely blocking hacking attempts.
또한, 인증모듈(12)이 착탈식이고, 유저마다 배정된 복수이며, 개인용인 경우에는, 자유도 높은 다양한 정보기기(10)에 접속이 가능하다.In addition, when the authentication module 12 is detachable, plural assigned to each user, and for personal use, it is possible to connect to various information devices 10 with a high degree of freedom.
게다가, 인증모듈(12)에 등록된 원본 생체정보에 대해 인증모듈(12)이 원본 해시정보를 생성해서 인증서버(20)에 등록해 두는 구성을 취하고 있으므로, 등록된 원본 생체정보의 해킹 여부를 판정할 수 있다. 즉, 상기와 같이 차후에 순시 생체정보가 입력되어 원본 생체정보와 비교된 경우에, 인증모듈(12)은 그 비교에 사용된 원본 생체정보의 순시 해시정보를 신규로 생성해서, 인증서버(20)에 보내게 된다. 인증서버(20)는, 미리 등록되어 있던 원본 해시정보와 이번에 전송받은 순시 해시정보를 비교해서, 일치하는 경우에만 해시일치 판정을 하게 된다. 이 해시일치 판정은, 인증모듈(12)에 등록되어 있는 원본 생체정보가 해킹되지 않았다는 증거가 된다. 따라서, 해커가 인증모듈(12)의 원래 유저의 원본 생체정보를 타인의 생체정보로 바꿔치기 한 경우라 하더라도, 그 타인의 순시 생체정보가 입력되어 비교되는 결과의 생체일치신호는, 본 발명에 의하면, 해시정보의 비교에 따라 인증서버(20)에서 해시일치 판정을 받지 못하게 되므로, 도용을 방지할 수 있게 되는 효과가 있다.In addition, since the authentication module 12 generates original hash information for the original biometric information registered in the authentication module 12 and registers it in the authentication server 20, it is possible to determine whether the registered original biometric information is hacked. can be judged. That is, when instantaneous biometric information is subsequently input and compared with the original biometric information as described above, the authentication module 12 newly generates instantaneous hash information of the original biometric information used for the comparison, and the authentication server 20 will be sent to The authentication server 20 compares the previously registered original hash information with the instantaneous hash information transmitted this time, and determines the hash coincidence only when they match. This hash coincidence determination becomes evidence that the original biometric information registered in the authentication module 12 has not been hacked. Therefore, even if the hacker replaces the original user's original biometric information of the authentication module 12 with the biometric information of another person, the instantaneous biometric information of the other person is input and the biometric matching signal of the comparison result is in accordance with the present invention. According to this, since the authentication server 20 does not receive a hash match determination according to the comparison of hash information, there is an effect that theft can be prevented.
<해시정보의 지정 포지션><Designated position of hash information>
한편, 순시 생체정보의 비교시마다 일괄해서 순시 해시정보 전체를 인증서버에 보내는 것이 안전하지 않다고 생각되는 경우도 있을 수 있다. 이러한 경우를 고려해서, 순시 해시정보를 인증서버의 요청시에만 전송하거나, 인증서버가 지정한 부분(포지션)만 전송하도록 하는 구성으로 하는 것도 생각될 수 있다. 이렇게 함으로써, 서버에 의한 보안확인의 리드가 이루어질 수 있다.On the other hand, there may be cases in which it is considered unsafe to send the entire instantaneous hash information to the authentication server at once every time instantaneous biometric information is compared. Considering this case, it may be considered to transmit the instantaneous hash information only upon request of the authentication server, or to transmit only a portion (position) designated by the authentication server. By doing so, the read of the security check by the server can be made.
이를 위해, 상기 순시 해시정보 생성단계(S40) 이전에, 상기 생체일치신호를 받은 상기 인증서버(20)에서 해시정보의 비교될 지정 포지션이 출력되는 지정 포지션 출력단계;가 더 구비됨이 바람직하다. 이런 상황에서, 상기 순시 해시정보 생성단계(S40)에서는, 상기 지정 포지션의 순시 해시정보가 생성 및 전송되며, 상기 인증확인 단계(S50)에서는, 상기 지정 포지션의 순시 해시정보와 원본 해시정보가 비교되도록 이루어짐이 바람직하다. To this end, before the instantaneous hash information generation step (S40), a specified position output step of outputting a specified position to be compared of hash information in the authentication server 20 that has received the biometric matching signal; . In this situation, in the instantaneous hash information generation step (S40), the instantaneous hash information of the specified position is generated and transmitted, and in the authentication confirmation step (S50), the instantaneous hash information of the designated position and the original hash information are compared It is desirable to make it possible.
이렇게 인증서버에서 지정된 포지션의 해시정보가 인증서버에 입력되므로, 인증모듈의 해킹 여부가 확인될 수 있고, 생체정보의 무결성이 체크될 수 있다.Since hash information of a position designated in the authentication server is input to the authentication server in this way, whether the authentication module has been hacked can be checked and the integrity of the biometric information can be checked.
여기서, 상기 지정 포지션은, 난수에 의해 결정됨이 바람직하다. 인증서버에는 난수발생기가 구비될 수 있다. 난수에 의한 포지션 지정에 의해, 매번 다른 포지션 값이 인증모듈에 전송되게 될 수 있다.Here, the designated position is preferably determined by a random number. The authentication server may be provided with a random number generator. By designating a position by a random number, a different position value may be transmitted to the authentication module each time.
그리고 여기서, 상기 지정 포지션은, 복수개임이 바람직하다. 이러한 복수개의 지정 포지션은, 전부 또는 일부가 해시정보의 비교에 사용되도록 구성되어도 좋다. And here, it is preferable that the said designated position is plural. The plurality of designated positions may be configured such that all or part of them are used for comparison of hash information.
<장치><device>
본 발명의 장치는, 정보기기(10)를 통한 유저 인증장치이다. 본 발명의 장치는, 인증모듈(12)과; 인증서버(20);가 포함되어 이루어짐을 특징으로 한다.The apparatus of the present invention is a user authentication apparatus via the information device (10). The apparatus of the present invention includes an authentication module 12 ; The authentication server 20 ; is characterized in that it is included.
상기 인증모듈(12)은, 외부에 인증서버(20)가 연결됨과 함께, 일측은 상기 정보기기(10)에 착탈 가능하게 연결되어 있고, 타측은 생체센서(13)에 연결되어 있으며, 내부에 유저(14)의 원본 생체정보가 등록되어 구비되어 있고, 상기 원본 생체정보로부터 미리 정해진 방식으로 생성한 원본 해시정보를 상기 인증서버(20)에 등록해 놓은 상태에서, 상기 생체센서(13)를 통해 신규로 현재의 유저(14)의 순시 생체정보를 입력받음으로써, 상기 원본 생체정보와 상기 순시 생체정보가 모두 내부에 구비되어 있고, 외부로 전송되지 않도록 하는 상태에서, 내부에서 상기 원본 생체정보와 상기 순시 생체정보가 비교되도록 하여, 상기 원본 생체정보와 상기 순시 생체정보의 일치도가 소정 범위 내에 속하면, 소정의 생체일치신호가 출력되는 한편, 비교에 사용된 상기 원본 생체정보로부터 순시 해시정보가 생성되어, 상기 인증서버(20)에 전송되도록 하는 모듈이다.The authentication module 12 , with the authentication server 20 connected to the outside, one side is detachably connected to the information device 10, the other side is connected to the biometric sensor 13, inside In a state in which original biometric information of the user 14 is registered and provided, and original hash information generated from the original biometric information in a predetermined manner is registered in the authentication server 20, the biometric sensor 13 is By newly receiving instantaneous biometric information of the current user 14 through the and the instantaneous biometric information are compared, and when the degree of matching between the original biometric information and the instantaneous biometric information is within a predetermined range, a predetermined biometric coincidence signal is output, while instantaneous hash information from the original biometric information used for comparison is a module that is generated and transmitted to the authentication server 20 .
상기 인증서버(20)는, 상기 인증모듈(12)로부터 상기 원본 해시정보를 등록받은 상태에서, 미리 등록되어 있는 상기 인증모듈(12)로부터 상기 생체일치신호와 함께 상기 순시 해시정보를 받아서, 상기 원본 해시정보와 상기 순시 해시정보가 모두 내부에 구비되어 있는 상태에서, 상기 원본 해시정보와 상기 순시 해시정보가 비교되어, 일치하는 경우에 해시일치 판정이 이루어짐과 함께 소정의 인증확인신호가 출력되는 서버이다.The authentication server 20 receives the instantaneous hash information together with the biometric matching signal from the previously registered authentication module 12 in a state in which the original hash information is registered from the authentication module 12, In a state where both the original hash information and the instantaneous hash information are provided inside, the original hash information and the instantaneous hash information are compared, and if they match, a hash match determination is made and a predetermined authentication confirmation signal is output. is the server
<프로그램><Program>
본 발명의 유저 인증을 위한 프로그램은, 정보처리기기에 상기 방법의 각 단계를 실행시키기 위한 프로그램을 기록한, 정보처리기기로 읽을 수 있는 저장매체에 기록된 프로그램이다.The program for user authentication of the present invention is a program recorded in a storage medium readable by an information processing device in which a program for causing the information processing device to execute each step of the method is recorded.
이상 본 발명의 바람직한 실시예에 대해 설명했지만, 본 발명은, 상기 개시되는 실시예들에 한정되는 것이 아니라, 특허청구범위와 발명의 상세한 설명 및 첨부 도면의 범위 안에서 서로 다른 다양한 형태로 변형하여 구현 실시될 수 있고, 균등한 타 실시예가 가능하며, 이 또한 본 발명의 범위에 속하는 것은 당해 분야에서 통상적 지식을 가진 자에게 당연하며, 단지 실시예들은, 본 발명의 개시가 완전하도록 하고, 본 발명이 속하는 기술분야에서 통상의 지식을 가진 자에게 발명의 범주를 완전하게 알려주기 위해 제공되는 것이며, 본 발명은, 청구항의 범주에 의해 정의될 뿐이다.Although the preferred embodiments of the present invention have been described above, the present invention is not limited to the embodiments disclosed above, but is implemented with various modifications within the scope of the claims, the detailed description of the invention, and the accompanying drawings. It is natural for those of ordinary skill in the art that other embodiments that can be implemented and equivalent are possible, which also fall within the scope of the present invention, and only the embodiments are provided so that the disclosure of the present invention is complete, and the present invention It is provided to fully inform those of ordinary skill in the art to which the scope of the invention belongs, and the present invention is only defined by the scope of the claims.
본 발명은, 유저 인증방법, 장치 및 프로그램의 산업에 이용될 수 있다.The present invention can be used in the industry of user authentication methods, devices and programs.
[부호의 설명][Explanation of code]
10: 정보기기10: information equipment
11: 처리요청부11: Processing request department
12: 인증모듈12: authentication module
13: 생체센서13: biosensor
14: 유저14: user
20: 인증서버20: authentication server
30: 처리서버30: processing server
31: 처리수행부31: processing unit

Claims (9)

  1. 정보기기를 통한 유저 인증방법으로서, As a user authentication method through an information device,
    유저 인증에 이용될 인증모듈이 인증서버에 등록되고, 상기 인증모듈에 유저의 원본 생체정보가 등록됨과 함께, 상기 인증모듈에 의해 상기 원본 생체정보로부터 미리 정해진 방식으로 생성된 원본 해시정보가 상기 인증서버에 등록되는 인증모듈 준비단계와; An authentication module to be used for user authentication is registered in the authentication server, and the user's original biometric information is registered in the authentication module, and the original hash information generated by the authentication module from the original biometric information in a predetermined manner is authenticated. an authentication module preparation step to be registered in the server;
    상기 정보기기에 착탈 가능하게 연결되어 있는 상기 인증모듈의 생체센서를 통해, 상기 인증모듈에 신규로 현재의 유저의 순시 생체정보가 입력되는 생체정보 입력단계와; a biometric information input step of newly inputting instantaneous biometric information of a current user into the authentication module through a biometric sensor of the authentication module detachably connected to the information device;
    상기 원본 생체정보와 상기 순시 생체정보가 모두 상기 인증모듈에 구비되어 있고, 또한 외부로 전송되지 않은 상태에서, 상기 인증모듈 내에서 상기 원본 생체정보와 상기 순시 생체정보가 비교되어, 상기 원본 생체정보와 상기 순시 생체정보의 일치도가 소정 범위 내에 속하면, 상기 인증모듈로부터 소정의 생체일치신호가 출력되는 모듈내부 처리단계와; In a state where both the original biometric information and the instantaneous biometric information are provided in the authentication module and not transmitted to the outside, the original biometric information and the instantaneous biometric information are compared in the authentication module, and the original biometric information a module internal processing step of outputting a predetermined biometric matching signal from the authentication module when the instantaneous biometric information coincides with a predetermined range;
    상기 인증모듈 내에서, 비교에 사용된 상기 원본 생체정보로부터 순시 해시정보가 생성되어, 상기 인증서버에 전송되는 순시 해시정보 생성단계와; an instantaneous hash information generating step of generating instantaneous hash information from the original biometric information used for comparison in the authentication module and transmitting it to the authentication server;
    상기 원본 해시정보와 상기 순시 해시정보가 모두 상기 인증서버에 구비되어 있는 상태에서, 상기 생체일치신호를 입력받은 상기 인증서버 내에서 상기 원본 해시정보와 상기 순시 해시정보의 비교 결과 일치되는 해시일치의 경우에, 상기 인증서버로부터 소정의 인증확인신호가 출력되는 인증확인 단계; In a state in which both the original hash information and the instantaneous hash information are provided in the authentication server, the comparison result of the original hash information and the instantaneous hash information in the authentication server that received the biometric coincidence signal matches the hash match in this case, an authentication confirmation step of outputting a predetermined authentication confirmation signal from the authentication server;
    가 포함되어 이루어짐을 특징으로 하는 유저 인증방법.User authentication method, characterized in that it is included.
  2. 청구항 1에 있어서, The method according to claim 1,
    상기 모듈내부 처리단계에 있어서, 상기 원본 생체정보 및 상기 순시 생체정보는, 상기 인증모듈 내부에서만 읽기 가능한 시큐어 메모리에 로딩된 상태에서, 상기 일치도 판단이 수행됨In the module internal processing step, the match degree determination is performed while the original biometric information and the instantaneous biometric information are loaded in a secure memory readable only within the authentication module
    을 특징으로 하는 유저 인증방법.User authentication method characterized in that.
  3. 청구항 1 또는 청구항 2에 있어서, The method according to claim 1 or 2,
    상기 원본 생체정보는, 암호화된 상태로 저장되어 있다가, 상기 모듈내부 처리단계에 있어서의 상기 일치도 판단 직전에 복호화되어 처리됨The original biometric information is stored in an encrypted state, and is decrypted and processed just before the match is determined in the module internal processing step
    을 특징으로 하는 유저 인증방법.User authentication method characterized in that.
  4. 청구항 1 또는 청구항 2에 있어서, The method according to claim 1 or 2,
    상기 순시 생체정보는, 상기 일치도 판단 직후에 복구 불가능하게 완전삭제 The instantaneous biometric information is irretrievably deleted immediately after the match is determined.
    을 특징으로 하는 유저 인증방법.User authentication method characterized in that.
  5. 청구항 1 또는 청구항 2에 있어서, The method according to claim 1 or 2,
    상기 순시 해시정보 생성단계 이전에, 상기 생체일치신호를 받은 상기 인증서버에서 해시정보의 비교될 지정 포지션이 출력되는 지정 포지션 출력단계;가 더 구비되고, Prior to the instantaneous hash information generating step, a designated position output step of outputting a designated position to be compared of hash information from the authentication server that has received the biometric matching signal; is further provided,
    상기 순시 해시정보 생성단계에서는, 상기 지정 포지션의 순시 해시정보가 생성 및 전송되며, In the instantaneous hash information generation step, instantaneous hash information of the specified position is generated and transmitted,
    상기 인증확인 단계에서는, 상기 지정 포지션의 순시 해시정보와 원본 해시정보가 비교되도록 이루어짐In the authentication verification step, the instantaneous hash information of the designated position and the original hash information are compared
    을 특징으로 하는 유저 인증방법.User authentication method characterized in that.
  6. 청구항 5에 있어서, 6. The method of claim 5,
    상기 지정 포지션은, 난수에 의해 결정됨The designated position is determined by a random number
    을 특징으로 하는 유저 인증방법.User authentication method characterized in that.
  7. 청구항 5에 있어서, 6. The method of claim 5,
    상기 지정 포지션은, 복수개임The designated positions are plural.
    을 특징으로 하는 유저 인증방법.User authentication method characterized in that.
  8. 정보기기를 통한 유저 인증장치로서, As a user authentication device through an information device,
    외부에 인증서버가 연결됨과 함께, 일측은 상기 정보기기에 착탈 가능하게 연결되어 있고, 타측은 생체센서에 연결되어 있으며, 내부에 유저의 원본 생체정보가 등록되어 구비되어 있고, 상기 원본 생체정보로부터 미리 정해진 방식으로 생성한 원본 해시정보를 상기 인증서버에 등록해 놓은 상태에서, 상기 생체센서를 통해 신규로 현재의 유저의 순시 생체정보를 입력받음으로써, 상기 원본 생체정보와 상기 순시 생체정보가 모두 내부에 구비되어 있고, 외부로 전송되지 않도록 하는 상태에서, 내부에서 상기 원본 생체정보와 상기 순시 생체정보가 비교되도록 하여, 상기 원본 생체정보와 상기 순시 생체정보의 일치도가 소정 범위 내에 속하면, 소정의 생체일치신호가 출력되는 한편, 비교에 사용된 상기 원본 생체정보로부터 순시 해시정보가 생성되어, 상기 인증서버에 전송되도록 하는 인증모듈과; With the authentication server connected to the outside, one side is detachably connected to the information device, the other side is connected to the biosensor, and the user's original biometric information is registered therein, and from the original biometric information In a state in which the original hash information generated by a predetermined method is registered in the authentication server, the instantaneous biometric information of the current user is newly inputted through the biosensor, so that both the original biometric information and the instantaneous biometric information are The original biometric information and the instantaneous biometric information are compared inside in a state in which the original biometric information and the instantaneous biometric information are not transmitted to the outside. an authentication module for outputting a biometric matching signal of , while generating instantaneous hash information from the original biometric information used for comparison and transmitting it to the authentication server;
    상기 인증모듈로부터 상기 원본 해시정보를 등록받은 상태에서, 미리 등록되어 있는 상기 인증모듈로부터 상기 생체일치신호와 함께 상기 순시 해시정보를 받아서, 상기 원본 해시정보와 상기 순시 해시정보가 모두 내부에 구비되어 있는 상태에서, 상기 원본 해시정보와 상기 순시 해시정보가 비교되어, 일치하는 경우에 해시일치 판정이 이루어짐과 함께 소정의 인증확인신호가 출력되는 인증서버;In a state in which the original hash information is registered from the authentication module, the instantaneous hash information is received along with the biometric matching signal from the previously registered authentication module, and both the original hash information and the instantaneous hash information are provided inside an authentication server in which the original hash information and the instantaneous hash information are compared, and if they match, a hash match determination is made and a predetermined authentication confirmation signal is output;
    가 포함되어 이루어짐을 특징으로 하는 유저 인증장치.A user authentication device, characterized in that it is included.
  9. 유저 인증을 위한 프로그램으로서, As a program for user authentication,
    정보처리기기에 청구항 1 또는 청구항 2에 기재된 방법의 각 단계를 실행시키기 위한 프로그램을 기록한, 정보처리기기로 읽을 수 있는 저장매체에 기록된 프로그램.A program recorded in an information processing device readable storage medium in which a program for executing each step of the method according to claim 1 or 2 is recorded in an information processing device.
PCT/KR2021/002325 2020-04-08 2021-02-24 User authentication method, device and program WO2021206289A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020200042672A KR102199138B1 (en) 2020-04-08 2020-04-08 Method, apparatus and program for user authentication
KR10-2020-0042672 2020-04-08

Publications (1)

Publication Number Publication Date
WO2021206289A1 true WO2021206289A1 (en) 2021-10-14

Family

ID=74128834

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2021/002325 WO2021206289A1 (en) 2020-04-08 2021-02-24 User authentication method, device and program

Country Status (2)

Country Link
KR (1) KR102199138B1 (en)
WO (1) WO2021206289A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023167568A1 (en) * 2022-03-04 2023-09-07 주식회사 센스톤 Server and method for providing service for prevention of sim swapping based on authentication code

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102199138B1 (en) * 2020-04-08 2021-01-06 스티븐 상근 오 Method, apparatus and program for user authentication

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2018156520A (en) * 2017-03-21 2018-10-04 富士通株式会社 Biometric authentication apparatus, organism authentication method, and organism authentication program
KR101990340B1 (en) * 2017-11-30 2019-06-18 안웅진 Notebook for authenticaion using fingerprint recongnition and method of operating the same
KR101992252B1 (en) * 2017-08-03 2019-06-25 주식회사 쓰리이 System and method for providing information on user's transaction
KR102076610B1 (en) * 2019-04-25 2020-02-12 스티븐 상근 오 Helping party's authentication method and apparatus for managing party for human rights of management object
JP6653029B1 (en) * 2019-01-15 2020-02-26 レノボ・シンガポール・プライベート・リミテッド Information processing system, information processing apparatus, and information processing method
KR102199138B1 (en) * 2020-04-08 2021-01-06 스티븐 상근 오 Method, apparatus and program for user authentication

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101783555B1 (en) 2016-09-26 2017-10-10 (주)에이티솔루션즈 Method for Calling a Current Driver of Sharing Car

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2018156520A (en) * 2017-03-21 2018-10-04 富士通株式会社 Biometric authentication apparatus, organism authentication method, and organism authentication program
KR101992252B1 (en) * 2017-08-03 2019-06-25 주식회사 쓰리이 System and method for providing information on user's transaction
KR101990340B1 (en) * 2017-11-30 2019-06-18 안웅진 Notebook for authenticaion using fingerprint recongnition and method of operating the same
JP6653029B1 (en) * 2019-01-15 2020-02-26 レノボ・シンガポール・プライベート・リミテッド Information processing system, information processing apparatus, and information processing method
KR102076610B1 (en) * 2019-04-25 2020-02-12 스티븐 상근 오 Helping party's authentication method and apparatus for managing party for human rights of management object
KR102199138B1 (en) * 2020-04-08 2021-01-06 스티븐 상근 오 Method, apparatus and program for user authentication

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023167568A1 (en) * 2022-03-04 2023-09-07 주식회사 센스톤 Server and method for providing service for prevention of sim swapping based on authentication code

Also Published As

Publication number Publication date
KR102199138B1 (en) 2021-01-06

Similar Documents

Publication Publication Date Title
WO2018124857A1 (en) Blockchain database-based method and terminal for authenticating user non-face-to-face by utilizing mobile id, and server utilizing method and terminal
WO2017111383A1 (en) Biometric data-based authentication device, control server linked to same, and biometric data-based login method for same
US10929524B2 (en) Method and system for verifying an access request
WO2018030707A1 (en) Authentication system and method, and user equipment, authentication server, and service server for performing same method
WO2018101727A1 (en) Personal information infringement prevention method and system, in which biometric authentication and phase division of authentication process are combined
WO2018062761A1 (en) Method for initializing device having enhanced security function and method for updating firmware of device
WO2021206289A1 (en) User authentication method, device and program
WO2017057899A1 (en) Integrated authentication system for authentication using single-use random numbers
WO2018124856A1 (en) Method and terminal for authenticating user by utilizing mobile id by means of blockchain database, and server utilizing method and terminal
WO2020138525A1 (en) Method for distributed authentication of device in internet-of-things blockchain environment, and system for distributed authentication of device using same
WO2018151480A1 (en) Authentication management method and system
WO2022045419A1 (en) Blockchain-network-based driver license authentication service method using decentralized id, and user terminal for performing driver license authentication service
WO2013100419A1 (en) System and method for controlling applet access
WO2017217808A1 (en) Mobile authentication method and system therefor
WO2018026109A1 (en) Method, server and computer-readable recording medium for deciding on gate access permission by means of network
WO2017086757A1 (en) Method and device for controlling security of target device using secure tunnel
WO2011136464A1 (en) Password security input system using shift value of password key and password security input method thereof
WO2012026793A2 (en) System and method for verifying user identity for non-repudiation using bio-information
WO2020032351A1 (en) Method for establishing anonymous digital identity
US9461991B2 (en) Virtual smartcard authentication
WO2017115965A1 (en) User identification system and method using autograph in plurality of terminals
WO2018004042A1 (en) Mutual verification system and method for executing same
WO2012169752A2 (en) Authentication system and method for device attempting connection
WO2022035021A1 (en) Method, device, and program for login using biometric information
WO2019112215A1 (en) Misconduct determination system and misconduct determination method in v2x communication environment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21784112

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21784112

Country of ref document: EP

Kind code of ref document: A1