JP4739211B2 - Secure authentication service method - Google Patents

Description

  The present invention relates to user authentication, and more particularly, to a technique capable of preventing a user's ID and password from being stolen by extracting information input from a keyboard and a password of a button input type door lock device from being leaked. .

  Currently, various products are already commercialized for personal computer (PC) security programs. These PCs are provided with a function for monitoring whether or not an illegal intrusion for hacking or a hacking program is installed.

  Also, in many Internet sites, the international connection 128-bit SSL (Secure Sockets Layer) is used for Internet banking and card payment so that the security connection option can be checked when logging in to prevent the intrusion of hackers. A service that encrypts IDs and passwords is provided.

  A PC security program can only run on the computer on which it is installed. Therefore, when opening an email on another computer, there is also a risk of hacking.

  Also, the conventional security connection service cannot cope with the keyboard input information hacking program installed directly in the computer.

  Furthermore, the current door lock device that is entered and exited by button input has the disadvantage that passwords are easily exposed to others who accompany it.

  Accordingly, an object of the present invention is to provide an authentication method that enables a secure connection in any computer and also enables a secure door lock.

  As described above, according to the present invention, regardless of whether or not a security program is installed, the security effect of login information is excellent in any computer, and the security as a door lock device is excellent. It has the effect of preventing attempts and has the effect of security against phishing. Furthermore, the present invention has the effect of expanding the password bandwidth even with a small keypad such as a mobile phone, or enabling safe reporting in an emergency.

  The present invention consists of four main stages. Hereinafter, each step will be described.

  FIG. 1 is a main flowchart of the present invention.

1. Authentication stage by text input (S100)
Since this stage is the most common technique for authenticating by inputting an ID and password using a keyboard, detailed description thereof is omitted.

2. Connection position tracking step (S200)
When the connection person passes the authentication stage by inputting text, the user moves to a web page for the authentication stage by inputting coordinates. At this time, a JAVA (registered trademark) applet that performs a connection position tracking function is automatically downloaded to the connection person's computer and reports the connection position of the connection person to the server, and the server records this information.

  A technique for tracking a connection position with a JAVA (registered trademark) applet can be found in Korean Patent Application No. 10-2001-0027537.

3. Authentication step by coordinate input (S400)
When the connection position of the connection person is tracked, an image predetermined for the connection person is randomly changed in order with other images and output to the screen so that the predetermined image is correctly clicked. At this time, the predetermined image may be one or plural. Only when a predetermined image is correctly clicked is processed as having been successfully authenticated. Or you may make it a user click the 2nd password made with the character string with a mouse | mouth.

  At this time, the number of attempts that can be used is appropriately limited (S410) to prevent a person trying to hack from forcibly attempting hacking in a state where his / her connection position is exposed (S420).

  FIG. 2 shows an example of clicking an image.

4). Connection record reporting stage (S330, S500)
When the user is already connected and another connection is attempted, the connection position acquired in the connection position tracking stage is compared with the connection position in the current login state (S310). If they are different, the connection position of the person who is currently trying to connect is immediately reported to the currently logged-in user (S330). The user can notify the connection position so that the hacker can be cleared.

  On the other hand, if the connection is not a duplicate connection, the acquired location information of the connected person is always reported to the user at the next login (S500). In particular, if there is a record that failed to click the image, the highest level alarm is issued to prepare for hacking.

  FIG. 3 shows an example of reporting a previous connection record at the time of login.

  Of the above-mentioned steps, the step of inputting image coordinates is to prevent anyone from easily stealing another person's ID if only the keyboard input information is extracted because the conventional login method depends only on the keyboard. Met. In other words, even if the input information of the keyboard is extracted, if the predetermined image is not clicked correctly, the login fails.

  Further, in the connection position tracking stage, when the user clicks on the image, the connection position is exposed. Therefore, when the user does not know the predetermined image, the user tries to give up trying.

  Furthermore, at the authentication stage by keyboard input, the speed of the mouse click itself becomes slow only by the authentication by the mouse click. As a result, people who are in the vicinity can easily memorize the image at the time of login, so that it is not possible to hack only by memorizing the image. In other words, in general, keyboard input uses a point where it is difficult to easily identify because a plurality of keys are instantaneously pressed. That is, a double security system is provided so that input can be made with a keyboard and a mouse, respectively.

  Hereinafter, various embodiments of the authentication method by coordinate input will be described.

  4 and 5 show another embodiment of the authentication method by coordinate input.

  This method uses key coordinates and key images. This is a method in which the user is authenticated when a predetermined key image is matched with a predetermined key coordinate.

  For example, assume that the user's key coordinates are 4 and 2, and the key image is heart pattern 1. On the server, 4, 2 (heart pattern) is recorded as secondary authentication information in the personal information DB of the user. The server mixes all the patterns randomly and transmits an image table as shown in FIG. 4 to the user terminal. At this time, 2 and 3 which are the positions of the key image 1 of the image table mixed at random are recorded. The user carefully looks at where the heart pattern 1 that is his / her key image shown on the screen is, and then operates the direction keys to be positioned at his / her key coordinates 4 and 2. In FIG. 4, since the heart pattern 1 is at 2 and 3, when the right key is pressed twice and the down key is pressed once, the entire image is shifted in the direction of the direction key, and is at 2, 3. Heart pattern 1 is positioned at 4 and 2 as shown in FIG. At this time, if the enter key is pressed, the authentication is successful. By the operation of the direction key, the server continuously shifts 2 and 3 and compares the coordinates before the enter key is input with the key coordinates. In this method, since a total of 25 whole images are shifted together, it is very difficult to know which image is matched with which coordinate even if another person looks at the screen later. Further, even if the direction key operation information leaks, the next time the key image is transmitted in a different position, the authentication cannot be successful with the same operation. Here, the shifting rule is a system in which an image located at the end of the moving direction is shifted to the first position in the direction as in 1-2-2-4-5-1.

  Also, this method can newly specify the key coordinates each time with the second key image.

  FIG. 6 shows an embodiment in which numbers are shown for each coordinate instead of coordinate notation.

  In this embodiment, assuming that the heart pattern 1 is the first key image and the second key image is the clover pattern 4, the clover pattern of the second key image has the position 14 of the first 14 position. Key coordinates. In other words, the authentication is successful by moving the first key image to the first position where the second key image was located.

  In this method, since the key coordinates also change each time, it is convenient to memorize them by assigning a number 3 from coordinates such as 4, 3. The user who has received the image table as shown in FIG. 6 searches for the heart pattern 1 of his / her first key image, searches for the clover pattern 4 of the second key image and memorizes the position number 14 and then the heart pattern. Operate the direction key so that 1 is located at the 14th position. At this time, the reason for memorizing the position number of the clover pattern is that when the heart pattern is moved, the clover pattern is also shifted together, so that there is a possibility that the position 3 that was initially present may be forgotten. Therefore, it should be considered not to match the second key image but to match position 3 specified by the second key image. To memorize this key image, the user uses the name of the image, for example, “I love clover” (move the heart to the position where the clover was) or “carrot the panda” If you make and use a memorized sentence like moving a carrot to a certain position), it is easy to remember.

  For this method, when the server creates a new image table before transmission, the coordinates of each key image are recorded, and the coordinate movement is calculated by the user's key operation.

  Here, interesting and useful functions such as a booby trap key 5 and a notification key 6 can be further considered.

  The booby trap key and the notification key are all keys determined by the user in advance. In this embodiment, consider a case where the user sets the carrot 5 as a booby trap key and the butterfly 6 as a notification key. The booby trap key is a key that displays a position that should never be passed when moving the key image. That is, if the movement is made in the order of position numbers 12-13-14 in FIG. Therefore, an alarm sounds from the PC speaker and authentication fails. That is, a route such as 12-11-15-14 or a route such as 12-7-8-9-14 must be used while avoiding carrots.

  Also, when this booby trap key is trapped by the booby trap key during the authentication process, an alarm message can be transmitted to the user via SMS or e-mail so that appropriate measures can be taken. For example, a URL that can receive a report is included in the alarm message, and when the report is received, a security guard can be dispatched to the scene to catch a theft offender.

  When the notification key 6 is used as an authentication device in a door lock device or an automatic teller machine of a bank, when the criminal must enter the company or home or withdraw cash, Use it so that you can report without knowing the criminal. If the second key image is tricked with the butterfly 6 of the report key or directly operated, the authentication can be successful and the criminal can be relieved. However, it will be possible to automatically report to the police and security agents. That is, the report key is a function obtained by adding only the report function to the function of the second key image.

  The booby trap key and the notification key maximize the crime prevention effect by further increasing the risk when attempting to authenticate an unauthorized user to impersonate others.

  Moreover, the method of FIG. 4 may be applied to the method of numbering each position shown in this method. That is, in the method of FIG. 4, memorizing “heart pattern at positions 4 and 2” may be simply memorized as “heart pattern at number 19.”

  7 and 8 show another embodiment of the authentication method by coordinate input. This method is a case where the key images are paired, for example, 21 (7) and 11 (8).

  In the left image table of FIG. 7, 21 is searched, and in the right image table, 11 is searched. After that, drag the right image table with the mouse so that the images of both keys overlap. At this time, if there are 21 and 11 among a plurality of image sets dropped and overlapped, authentication is successful. Even in this case, since the order of the image table is changed randomly every time, even if the operation information of the mouse is known, the authentication cannot be succeeded next time. Also, multiple sets of images overlap at a time, and it is not possible to know which image set is the key image set when viewed from behind. In the case of this method, when creating image tables on the server, if both image tables combine key image pairs, there are too few overlapping image pairs. Therefore, in order to prevent others from easily identifying, the image table when there are too few overlapping image sets is discarded and a new image table is generated.

  The method of FIGS. 4 and 6 described above is a safe method even if other people see the process of matching the key image. To achieve this goal, first, only the user knows the key coordinates (or the second key image arranged in the second image table) that align the key image with the key image. Second, when manipulating the position of the key image, all other images are also manipulated at the same distance in the same direction. Therefore, it is not known which image is being manipulated even if someone else sees it. By presenting the image table in a different arrangement each time, even if the operation value is known, the next operation cannot be authenticated with the same operation value.

  In addition, the same effect can be obtained even if the direction key is operated and all the images do not move at all. In this case, the user may move the pointer to the key coordinates by moving the pointer on the key image in the head and the pointer in the head together by operating the direction key. That is, the pointer moves when the image moves, and the pointer does not move unless the image moves. Therefore, the other person who is watching next does not know which image is being manipulated.

  FIG. 9 shows an embodiment of a no-response screen for direction key operations.

  In the embodiment of FIG. 9, when the passing rule is a two-point passing type starting from the key image, and the key image, the via coordinate image, and the final coordinate image are beer, soccer ball, and television, respectively, the memorization sentence is “beer” "Watch a football broadcast while drinking." In the example shown in FIG. 9, the soccer ball from beer is 1 down, the soccer ball to TV is 2 right and 1 up, so the total operation process is “down key once, enter, right key Two times and one up key, enter.

  The following describes an embodiment of a personalized set in preparation for phishing.

  The explanation for the personalized set will be made assuming the case of FIG.

  The method as shown in FIG. 9 has an advantage that it is easy to realize a personalized set for phishing. That is, the set to be passed is registered so that each individual is different, and a different set is presented for each individual. Therefore, the fake set cannot identify the key image or passing point of others.

  FIG. 10 illustrates a setting screen for producing a personalized set.

  As shown in FIG. 10, when the key image and the passing coordinate image are selected from the image more than 16 required for the set, and the personalized set as shown in FIG. 9 including the selected image is generated, Depending on the fake set, it may be difficult to include all three images of the individual in the set.

  As shown in FIG. 10, if 3 are selected from 36 and the remaining 13 are randomly selected to create a personalized set, 16 images are selected from 36 images. Sometimes, the probability that all three specific images are included is only 7.8%. That is, the probability of passing a fake set and stealing the person's key is 7.8%. If you select from 100 images, the probability is even smaller, down to 0.3%.

  Of course, personalized sets can also be implemented to support unique sets by uploading images created by the user.

  Also, in order to prevent a phishing attack using the same fake personalized set after sneaking a personalized set in advance, it is also possible for individuals to try to see only the personalized set and not pass it. It is more effective to send an alarm message. The alarm message preferably includes a recommendation that the key should be changed because the personalized set may be exposed.

  Next, in order to secretly obtain the personalization set mentioned above, a hacking tool with image capture function is secretly installed on another person's computer, and the obtained personalization set is applied to a phishing website for phishing. This is a method for preventing withdrawal. Although the capture prevention technology can be applied to prevent capture, this method is provided in the case where there is a hacking tool that the capture prevention technology cannot prevent.

  FIG. 12 shows an example of a user profile table for the authentication service according to the present invention. In this example, main computer information 14 is recorded for each user.

  FIG. 13 shows an example of an interface for registration of the main computer according to the present invention.

  When the personalized set according to the present invention is executed online, it is recognized by specific specific information 14 in the user's computer, such as a MAC (MAC) address of a LAN card, or the user's computer is recognized by using a cookie. it can. When a computer that is not recorded in the user profile recognizes, an alarm message is sent to the contact 15 designated by the user, and an interface for registration of the main computer as shown in FIG. Guide as much as you can.

  The alarm message can be used to prepare for hacking of personal information by alarming that there has been an authentication attempt on a computer not registered by the user.

  In addition, the interface for registering the main computer provides an interface so that the user can register the computer currently used by the user with the main computer. At this time, the registered computer is recognized as the user's main computer and handled separately from a third-party computer that is not registered.

  A user's main computer and a third-party computer can be handled separately because a key for successful authentication is set differently. For example, the key 12 used in the main computer and the key 13 used in the third-party computer are set completely different from each other, or all the keys are passed through the third-party computer, and a part of the main computer is used. Can only pass through. That is, since only the main computer key 12 flows out even if phishing occurs in the main computer, an attacker who has to input the third-party computer key 13 is difficult to steal.

  In addition, the above-described method for confirming a different key for each computer to be used is effective not only for authentication by coordinate input according to the present invention but also for preventing theft by a third party computer in authentication by inputting existing text. There is. In other words, if the password is 8 characters, if all 3 characters are confirmed on the third party computer and only 4 characters are confirmed on the main computer, even if the password leaks, the third party computer steals Can be prevented.

  When the present invention is applied to the security connection service, it goes without saying that even if the connection position tracking step is omitted, hacking is sufficiently prevented. It can also be seen that the security effect is sufficient without going through the double authentication stage.

  Next, a system that can be applied to a device such as a mobile phone, a door lock, or a safe and can achieve a great improvement effect will be described.

  Cell phones, door locks, safes, etc. do not have to confirm who is among many people like services on the Internet or banks, so there is no need to check ID / PW separately.

  Therefore, it is not necessary to proceed through the first and second authentication steps described above. Moreover, the keyboard in such a device is a Compaq keyboard that is not a pool keyboard, such as a computer keyboard. Although this keyboard is easy to input numbers, it is very inconvenient to input characters. For this reason, in such a device, the password usually consists of numbers only. Therefore, the password bandwidth is naturally too narrow. Moreover, since numbers have no special meaning, they will search for numbers that are easy to memorize. In the end, passwords related to your personal information are used, which has the disadvantage of being easy to guess.

  FIG. 11 shows a built-in embodiment applied to a mobile phone.

  As shown in FIG. 11, first, a text password is input, and without confirming it, an image table for coordinate authentication is immediately presented to complete the coordinate input. After that, confirming the text password and coordinates at a time and deciding whether to pass or not, even if only 4 characters are used for the numeric password, the number in that case is 10,000, and 2 points in the 16 image tables If it is a rule of passage, the number 210 in that case is multiplied by not simply adding, but the total number becomes 2.1 million. This means that it takes 1 hour to know one numeric password, but it takes 7 months a day to take 1 month.

  For this purpose, programming may be performed so that text input and coordinate input are continuously input without a procedure for confirming them in the middle, and processing is performed only when the two types coincide with each other.

  The built-in type described above is very useful also in the case of a door lock. This is not only a simple increase in password bandwidth, but also a numeric password can be used with the IDs of access members. In other words, since all members use only one key in the existing number key, there is a troublesomeness such as notifying all members of a new password. Therefore, it is often used for a long time without changing. In the present invention, when keys corresponding to the number of members are registered, each member can manage his / her keys individually. In addition, since the bandwidth becomes wide enough for a plurality of members to use separately, it can be safely used as a normal office door lock. In addition, there is an advantage that the entry and exit records can be managed for each member.

  Further, when applied to door locks using advanced technologies such as electronic chips and biometric recognition, the security level does not drop to the security level of the number key provided by the auxiliary key.

It is a main flowchart of the present invention. Here is an example of clicking an image. An example of reporting past connection records at login is shown. 3 shows another embodiment of an authentication method by coordinate input. Another embodiment of the authentication method by coordinate input is shown. The embodiment which displayed the number for every coordinate instead of the coordinate notation is shown. 3 shows another embodiment of an authentication method by coordinate input. Another embodiment of the authentication method by coordinate input is shown. The embodiment regarding the screen which does not respond to direction key operation is shown. An example of a setting screen for producing a personalized set is shown. A built-in embodiment applied to a mobile phone is shown. 4 shows an example of a user profile table for an authentication service according to the present invention. 2 shows an example of an interface for registration of a main computer according to the present invention.

Explanation of symbols

1, 2, 3 ... Heart pattern 4 ... Cloaver pattern 5 ... Booby trap key 5
6 ... Report key 14 ... Main computer information 15 ... Contact information

Claims (12)

In an online user authentication method for a specific server through a terminal selected from a mobile phone, a personal computer (PC), or a bank cash drawer,
The server
a) Generate an image table in which two or more key images including a first key image and a second key image set in advance for each user and other images are randomly mixed, and output the screen through the user terminal. Stage to be done;
b) from the terminal, when the first key image is designated the moving route Before moving to the position of the second key image, the step of approving the authentication for the user; wherein,
Neither the first image nor the second image is specified on the screen,
The user authentication method according to claim 1, wherein the image table is different from the image table output at the time of previous authentication access.   2. The user security authentication method according to claim 1, further comprising a log-in process (inputting a user ID and a password by text input) through the terminal before the step a). Prior to step a),
Connected to the server, a program of a function for tracking the online connection position of the terminal from the server to the terminal is automatically installed and executed, and connection position information of the terminal is transmitted and recorded in the server The method of claim 1, further comprising a tracking step. Before step c) or after step c) and before step a),
Connected to the server, a program of a function for tracking the online connection position of the terminal from the server to the terminal is automatically installed and executed, and connection position information of the terminal is transmitted and recorded in the server The method of claim 2, further comprising a tracking step. In the image table, one or more specific images are set as a booby trap key,
The server or locking device, wherein b) of the previous SL movement path of the first key image Before moving to the position of the second key image in step, and specify a dynamic path moves you through the booby trap key In this case, after the authentication is rejected, the alarm message is operated so as to be transmitted by SMS (short message service) or e-mail to a device set in advance. Security authentication method for users as described in. In the image table, one or more specific images are set as a declaration key,
The server or the locking device, in step b), in place of the previous SL movement path Before moving the first key image at a position of the second key image, a moving path including the one of the return key The security of the user according to any one of claims 1 to 4, wherein the user security is automatically reported to a security agent or a police station through a security system after performing an approval process for authentication. Authentication method. The server
Before the step a), the user can compose and register a personalized image table produced by the user individually selecting the first and second key images and other images constituting the image table. 5. The user security authentication method according to claim 1, wherein the user security authentication method is used. The server
Obtaining IP information of terminals connected before step b);
The operation according to any one of claims 1 to 7, wherein when the movement route is not effectively designated in the step b), the operation is performed so as to notify the user of an alarm message including the IP information. User security authentication method. In the user authentication method of the lock device selected from the door lock and safe,
The locking device is
a) generating and outputting on the screen an image table in which two or more key images including a first key image and a second key image set in advance and other images are randomly mixed;
through b) an input device, when the specified moving path Before moving to the position of the first key image and the second key image, the step of releasing the lock to accept the authentication of the user; wherein,
Neither the first image nor the second image is specified on the screen,
The user authentication method according to claim 1, wherein the image table is different from the image table output at the time of previous authentication access.   10. The user security authentication method according to claim 9, further comprising a log-in process (input of a user ID and a password by text input) through the lock device before the step a). In the image table, one or more specific images are set as booby trap keys,
The locking device, the b) of the previous SL movement path of the first key image Before moving to the position of the second key image in step, if you specify move path you through the booby trap key 11. The user security authentication method according to claim 9 or 10, wherein, after the authentication is rejected, the alarm message is operated to be transmitted by SMS or e-mail to a preset device. In the image table, one or more specific images are set as a declaration key,
The locking device, in step b), in place of the previous SL movement path Before moving the first key image at a position of the second key image, specifying a movement path including one of said return key 11. The user security authentication method according to claim 9 or 10, wherein after the approval process for authentication is performed, the user is automatically reported to a security contractor or a police station through a security system.

Images