[go: up one dir, main page]

WO2010085021A1 - Method and apparatus for personal identification using a symbol array - Google Patents

Method and apparatus for personal identification using a symbol array Download PDF

Info

Publication number
WO2010085021A1
WO2010085021A1 PCT/KR2009/000813 KR2009000813W WO2010085021A1 WO 2010085021 A1 WO2010085021 A1 WO 2010085021A1 KR 2009000813 W KR2009000813 W KR 2009000813W WO 2010085021 A1 WO2010085021 A1 WO 2010085021A1
Authority
WO
WIPO (PCT)
Prior art keywords
personal identification
identification number
session key
input
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2009/000813
Other languages
French (fr)
Korean (ko)
Inventor
이문규
김창순
송정은
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
INDUSTRY COLLABORATION FOUNDATION OF INHA UNIVERSITY
Ewha Womans University
Original Assignee
INDUSTRY COLLABORATION FOUNDATION OF INHA UNIVERSITY
Ewha Womans University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by INDUSTRY COLLABORATION FOUNDATION OF INHA UNIVERSITY, Ewha Womans University filed Critical INDUSTRY COLLABORATION FOUNDATION OF INHA UNIVERSITY
Publication of WO2010085021A1 publication Critical patent/WO2010085021A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes

Definitions

  • the present invention relates to a method and apparatus for personal identification using a personal identification number (PIN, password), and indirectly to a personal identification number using a session key determined using a two-dimensional array of personal identification numbers.
  • PIN personal identification number
  • password password
  • PIN personal identification method
  • a personal identification number consists of four digits and there are 10000 cases in the range of 0000 to 9999. Depending on the device, the number of cases may be less than 10,000 since consecutive numbers such as 1111 or numbers associated with personal information may be restricted when used as personal identification numbers.
  • the personal identification number is known, authentication is performed, otherwise authentication is not performed, so there is no uncertainty about authentication.
  • no additional cost is required because authentication is attempted through the terminal depending on memory without the need for additional devices. This means that if you choose a personal identification number method to prove your identity, you do not need to consider additional administrative or maintenance costs.
  • this method has a problem in that the instant the user enters the personal identification number, the attacker can easily find the personal identification number simply by glance over the shoulder.
  • the present invention has been proposed to solve the above problems of the existing method, and in order to identify an individual using a personal identification number (PIN), a session key determined by the personal identification number is not directly inputted. It is an object of the present invention to provide a personal identification method and apparatus with improved safety by allowing a personal identification number to be indirectly entered. In addition, it is another object of the present invention to provide a more secure personal identification method by allowing a session key to be arbitrarily determined by the personal identification number so that various inputs can occur for the same personal identification number.
  • Personal identification device for achieving the above object, comprising an input unit, a storage unit, a calculation unit and a display unit,
  • the display unit displays a screen for setting a session key and a screen for inputting a personal identification number.
  • the screen for setting a session key comprises: a first personal identification number arrangement in which numbers from 0 to 9, which may constitute a personal identification number, are arranged in order to be used as a row number for session key selection; A second personal identification number arrangement in which numbers from 0 to 9, which may constitute a personal identification number, are arranged in order to be used as a column number for session key selection; And an array of arbitrary two-dimensional symbols to be used as session keys,
  • the screen for inputting a personal identification number includes: a personal identification number arrangement in which numbers from 0 to 9 which can constitute a personal identification number are arranged in order; And any symbol arrangement including a symbol determined by the personal identification number to be used as the session key.
  • the input unit comprises: a first symbol moving button for moving a symbol array to the left in the screen for inputting a personal identification number; A second symbol shift button for moving the symbol array to the right; And an input button for completing the input.
  • the step (3) may configure the session key setting screen by arranging the symbols to be used as the session keys with respect to the two-dimensional arrangement of the symbols constituting the personal identification symbol.
  • the present invention by indirectly inputting a personal identification number using a session key arbitrarily determined by the personal identification number, various inputs can be made even for the same personal identification number, thereby preventing an attack by a peek. . That is, according to the method proposed by the present invention, it can be applied to most environments that used the existing personal identification number, but it is not easy to grasp the personal identification number even when recording and analyzing the process of inputting the personal identification number. It is possible to provide a more secure personal identification method and apparatus.
  • FIG. 1 is a view showing the appearance of a personal identification device according to an embodiment of the present invention.
  • FIG. 2 is a block diagram showing a display unit for personal identification according to an embodiment of the present invention.
  • Figure 4 is a flow chart illustrating a personal identification method by a personal identification number in accordance with the present invention.
  • FIG 5 is a diagram illustrating an authentication process when the personal identification number is 1234 according to one embodiment of the present invention.
  • FIG. 1 is a view showing an overview of a personal identification device according to an embodiment of the present invention.
  • the configuration may be divided into an input unit 110, a storage unit 120, an operation unit 130, and a display unit 140.
  • the input unit 110 is a device for inputting a user's ID through a keyboard, a mouse, a touch screen, a keypad, an RFID, a smart card, a biometric (fingerprint, an iris, a voice, a face), and other methods.
  • the user inputs his or her unique ID through the input unit 110, and the input unit 110 transmits the received ID to the operation unit 130. If the user ID is valid, the user's access is received by receiving a personal identification number (PIN) through a personal identification method according to the access authority.
  • PIN personal identification number
  • the storage unit 120 stores a user ID and a personal identification number corresponding to the user ID.
  • the calculation unit 130 searches for the ID received from the input unit 110 in the ID list in the storage unit 120 and determines whether it is a valid user ID. If it is a valid ID, a personal identification number corresponding to the ID is taken, and the personal identification number input through the input unit 110 is compared with the personal identification number in the storage unit 120, and the access is accepted if it matches. If the ID is invalid, the display unit 140 informs the user that the ID is invalid. In addition, it arranges the symbols according to the input value received from the input unit 110 and transmits the symbols to the display unit 140.
  • the display unit 140 displays the number array required for the input of the personal identification number and the symbols to be used as the session key on the screen in a two-dimensional array and provides a user with a guide message such as a usage message or an error message.
  • the input unit 110 and the display unit 140 may be a single integrated device.
  • FIG. 2 is a view showing an overview of the display unit 140 for personal identification according to an embodiment of the present invention.
  • the configuration of the display unit 140 shown in Figure 2 is largely composed of a screen 210 for setting the session key and a screen 260 for inputting a personal identification number.
  • the screen for setting the session key 210 is the number array 220 and the second number of the personal identification number arranged in order of the number of 0 to 9 which can constitute the first number of the personal identification number It consists of a numeric array 240 in which numbers from 0 to 9, which may constitute a number, are arranged in order, and a symbol array 230 in which a symbol to be used as a session key is arbitrarily arranged.
  • Numeric array 220 may be used as the row number and numeric array 240 may be used as the column number.
  • the next button 250 is a button for the user to check the session key according to the personal identification number in the two-dimensional array output to the display unit 140, and then move to a screen for inputting the personal identification number, the input unit 110 Components are included for convenience of explanation. However, since the input unit 110 and the display unit 140 may be implemented as one integrated device, the next button 250 may be included in the display unit 140. After confirming the determined session key, the user presses the next button 250 to move to the personal identification number input screen 260.
  • the personal identification number input screen 260 is a personal identification number array 270 in which numbers from 0 to 9 which can constitute a personal identification number are arranged in order, and an arbitrary symbol array 280 that can constitute a session key. Consists of.
  • FIG. 3 is a view showing an overview of the input unit 110 for personal identification according to an embodiment of the present invention.
  • the first symbol shift button for moving the symbol array 280 to the left by one space on the screen 260 for inputting the personal identification number of the display unit 140 ( 310 and a second symbol movement button 320 to move one space to the right, and an input button 330 for completing the input when the symbol corresponding to the session key is in a desired position.
  • the input unit 110 may use a general keyboard, mouse, touch screen, keypad, RFID, smart card, biometric (fingerprint, iris, voice, face) and other means in addition to the form shown in FIG.
  • FIG. 4 is a flowchart schematically illustrating a method of authenticating whether a user is a correct user using a personal identification number.
  • the operation unit 130 of the personal identification device 100 stores the storage unit 120. It is determined whether the ID entered through the authentication list is in the access authority (S410). If the entered ID is not in the authentication list, the authentication fails and ends. If the entered ID exists in the authentication list, the process proceeds to the next step. In this case, the ID may be actively input by the user and may be automatically input by using an RFID or a smart card.
  • the operation unit 130 brings a personal identification number corresponding to the ID through the storage unit 120 (S420).
  • the calculator 130 arranges the symbols to be displayed on the screen in an arbitrary order (S430), and displays the symbols arranged in the random order on the screen in the form of a two-dimensional array (S440).
  • the user looks at the screen 210 for setting the session key of the display unit 140, for example, the first number of his or her personal identification number as the row number, and the second number of the personal identification number as the column number. Is found in a two-dimensional symbol array arranged in an arbitrary order and used as a session key (S450).
  • the operation unit 130 of the personal identification device 100 arranges the symbols in an arbitrary order and transmits the symbols to the display unit 140.
  • the display 140 displays the symbols arranged in any order on the symbol arrangement 280 of the screen 260 for inputting the personal identification number (S460).
  • the user checks the position of the session key figure determined by the personal identification number in the symbol array 280 arranged in any order, and then moves the symbol 310 of the input unit 110 to be located below the first number of the personal identification number. Move symbol array 280 through 320.
  • the symbol array 280 is rearranged by the operation unit 130, and the user moves the session key symbol to be located immediately below the second number of the personal identification number to identify the personal. Enter a number.
  • the symbol array 280 is rearranged by the operation unit 130, and the user inputs the personal identification number by moving the session key symbol to be located immediately below the third number of the personal identification number.
  • the symbol array 280 is rearranged by the operation unit 130, and finally, the user inputs through the input unit 110 such that the session key symbol is located immediately below the fourth digit of the personal identification number. (S470).
  • This process is applied in the same way even if the personal identification number is not four digits, and can be applied in the same way even if the personal identification number is composed of letters, figures, images and colors other than numbers.
  • the operation unit 130 of the personal identification device 100 compares the personal identification number input through the input unit 110 with the personal identification number obtained from the storage unit 120 and authenticates the user as a valid user if they match. Recognizes as an invalid user and disallows authentication (S480).
  • FIG. 5 is a diagram illustrating an authentication process when the personal identification number is 1234 and the screen for setting the session key is equal to 510.
  • the user finds the symbol ⁇ having the first number of the personal identification number as the row number and the second number 2 as the column number, and uses it as the session key.
  • the screen 520 for inputting the personal identification number is moved through the next button 514.
  • the user presses the symbol array shift button 320 twice to move the cursor two spaces to the right to place ⁇ under the first digit 1 of the personal identification number to obtain a screen such as 530.
  • the operation unit 130 rearranges the symbols arbitrarily and transmits them to the display unit 140, and the display unit 140 shows the newly arranged screen 540.
  • the user checks the location of ⁇ and moves one space to the left to place ⁇ below the second number 2 of the personal identification number (550).
  • the input button 330 is pressed to input the second personal identification number 2.
  • the user can see the display screen 560 randomly arranged again.
  • the user moves ⁇ to the left three spaces to enter the third personal identification number 3 (570).
  • the third personal identification number 3 is input by pressing the input button 330.
  • the user can see the same randomly arranged display screen 580, and if the symbol array having ⁇ positioned below the fourth personal identification number 4 is generated, the user presses the input button 330 without moving the symbol array. Enter the fourth personal identification number 4. If the screen for setting the session key given to the user is 510 and the screen for each digit of the personal identification number is equal to 520, 540, 560, and 580, the user enters the personal identification number. The input used to input is equal to 590.
  • the symbol array 230 may be changed by any means easy for the user to distinguish, such as numbers, letters, shapes, images, and colors, and the personal identification number may be easily identified by the user such as letters, shapes, images, and colors. It can be changed by means.
  • the configuration of the personal identification number can be changed to any number other than four digits.
  • the session key setting by the two-dimensional arrangement may be additionally performed during the input of the personal identification number of the user.
  • the user may be presented with a newly arranged session key setting screen different from the initial session key setting screen 510 to change the session key.
  • the fourth personal identification number can be entered according to the newly set session key.
  • the attacker can easily find the personal identification information by peeping over the shoulder once, but the method proposed by the present invention does not directly input the personal identification number, so the attacker who does not know the session key has a shoulder It's safe because you can't easily identify any personally identifiable information just by peeping over it. It can also be applied to most environments that used the existing personal identification number.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

The present invention relates to a method and to an apparatus for personal identification using a personal identification number (PIN), and more particularly to a method and to an apparatus for personal identification which enable a user to indirectly input the personal identification number thereof using a session key determined by the two-dimensional array of the personal identification number. The apparatus for personal identification according to the present invention comprises an input unit, a storage unit, a calculation unit, and a display unit, and is characterized in that the personal identification number is indirectly inputted using a one-time session key determined by the combination of a portion of the personal identification number instead of being directly inputted. Further, the method for personal identification according to the characteristics of the present invention comprises the steps of: (1) receiving a user ID inputted via the input unit; (2) searching the storage unit for the received user ID, and searching for the personal identification symbol corresponding to the relevant user ID; (3) displaying a session key set screen on which symbols to be used as a session key, from among symbols of the personal identification symbol, are arbitrarily arranged to enable the user to recognize the session key determined by the personal identification number; (4) displaying a personal identification number input screen on which symbols to be used as a session key, from among symbols of the personal identification symbol, are arbitrarily arranged to enable the user to input a personal identification number using the session key recognized in the previous step; (5) recognizing the location of the symbol corresponding to the session key whenever a user input is performed via the input button to take the personal identification symbol as an input, in accordance with the user input performed via a symbol-moving button and the input button; and (6) authenticating the user ID if the inputted personal identification symbol matches the stored personal identification symbol corresponding to the user ID. The method and apparatus for personal identification according to the present invention enable a user to indirectly input a personal identification number using the session key determined by the personal identification number whenever personal identification is required, thereby enabling the user to input the personal identification number thereof through a variety of input modes, and improving the security of personal identification.

Description

[규칙 제26조에 의한 보정 24.11.2009] 기호 배열을 이용한 개인 식별 방법 및 장치[Revision 24.11.2009 by Rule 26] Personal identification method and apparatus using symbol array

본 발명은 개인 식별 번호(Personal Identification Number, PIN, 비밀번호)를 이용한 개인 식별 방법 및 장치에 관한 것으로서, 특히 개인 식별 번호의 2차원 배열을 이용하여 결정되는 세션 키를 이용하여 개인 식별 번호를 간접적으로 입력하도록 한 개인 식별 방법 및 장치에 관한 것이다.The present invention relates to a method and apparatus for personal identification using a personal identification number (PIN, password), and indirectly to a personal identification number using a session key determined using a two-dimensional array of personal identification numbers. A personal identification method and apparatus for inputting.

컴퓨터와 KIOSK 단말기, 은행 단말기(ATM), 모바일 단말기 등을 사용하는 데 있어 사용자의 신원을 증명하기 위해서 전통적인 방법으로 사용되는 것 중 개인 식별 번호(PIN)에 의한 개인 식별 방법이 있다. 사용자가 지정한 개인 식별 번호를 컴퓨터에 저장하고 저장되어 있는 개인 식별 번호와 사용자가 입력한 개인 식별 번호의 값이 일치하는지를 확인하여 올바른 사용자인지 식별하는 방법이다.In using a computer, a KIOSK terminal, a bank terminal (ATM), a mobile terminal, and the like, there is a personal identification method (PIN) among the conventional methods used to prove a user's identity. It is a method to identify the correct user by storing the personal identification number specified by the user on the computer and checking whether the stored personal identification number matches the value of the personal identification number entered by the user.

일반적으로 개인 식별 번호는 4자리로 구성되어 있으며, 0000~9999 범위로 10000가지 경우의 수가 존재한다. 장치에 따라 1111과 같은 연속된 숫자나 개인 정보와 연관된 숫자는 개인 식별 번호로 사용할 때 제한받을 수 있기 때문에, 경우의 수가 10000가지 미만일 수도 있다. 개인 식별 번호를 이용하여 개인을 식별할 경우 개인 식별 번호를 알고 있으면 인증이 이루어지고, 그렇지 않을 경우 인증이 이루어지지 않으므로 인증에 대한 불확실성이 없다. 또한 추가적인 장치의 필요 없이 기억력에 의존하여 단말기를 통해 인증을 시도하기 때문에 별도의 비용이 요구되지 않는다. 이는 사용자의 신원을 증명하기 위해 개인 식별 번호 방법을 선택할 경우 추가적인 관리나 유지보수 비용을 고려할 필요가 없음을 의미한다.Generally, a personal identification number consists of four digits and there are 10000 cases in the range of 0000 to 9999. Depending on the device, the number of cases may be less than 10,000 since consecutive numbers such as 1111 or numbers associated with personal information may be restricted when used as personal identification numbers. In the case of identifying an individual using the personal identification number, if the personal identification number is known, authentication is performed, otherwise authentication is not performed, so there is no uncertainty about authentication. In addition, no additional cost is required because authentication is attempted through the terminal depending on memory without the need for additional devices. This means that if you choose a personal identification number method to prove your identity, you do not need to consider additional administrative or maintenance costs.

그러나 이러한 방식은 사용자가 개인 식별 번호를 입력하는 순간 공격자가 어깨너머로 슬쩍 엿보는 것만으로도 손쉽게 개인 식별 번호를 알아낼 수 있다는 문제점이 있다.However, this method has a problem in that the instant the user enters the personal identification number, the attacker can easily find the personal identification number simply by glance over the shoulder.

본 발명은 기존 방법의 상기와 같은 문제점을 해결하기 위해 제안된 것으로서, 개인 식별 번호(PIN)를 이용하여 개인을 식별하기 위해서 개인 식별 번호를 직접 입력하지 않고 개인 식별 번호에 의해 결정되는 세션 키를 이용하여 개인 식별 번호를 간접적으로 입력하도록 함으로써, 안전성이 향상된 개인 식별 방법 및 장치를 제공하는 것을 그 목적으로 한다. 또한, 개인 식별 번호에 의해 세션 키가 임의로 결정될 수 있도록 함으로써, 동일한 개인 식별 번호에 대해서 다양한 입력이 발생할 수 있도록 하여 더욱 안전한 개인 식별 방법을 제공하는 것을 또 다른 목적으로 한다.The present invention has been proposed to solve the above problems of the existing method, and in order to identify an individual using a personal identification number (PIN), a session key determined by the personal identification number is not directly inputted. It is an object of the present invention to provide a personal identification method and apparatus with improved safety by allowing a personal identification number to be indirectly entered. In addition, it is another object of the present invention to provide a more secure personal identification method by allowing a session key to be arbitrarily determined by the personal identification number so that various inputs can occur for the same personal identification number.

상기한 목적을 달성하기 위한 본 발명의 특징에 따른 개인 식별 장치는, 입력부, 저장부, 연산부 및 디스플레이부를 포함하여 구성되는 개인 식별 장치로서,Personal identification device according to a feature of the present invention for achieving the above object, comprising an input unit, a storage unit, a calculation unit and a display unit,

개인 식별 번호(Personal Identification Number, PIN, 비밀번호)를 직접적으로 입력하지 않고, 개인 식별 번호 중 일부의 조합을 이용하여 결정되는 일회성의 세션 키를 이용하여 간접적으로 개인 식별 번호를 입력하는 것을 그 구성상의 특징으로 한다.Instead of directly entering a Personal Identification Number (PIN), it is indirect to enter the Personal Identification Number using a one-time session key determined using a combination of some of the Personal Identification Numbers. It features.

바람직하게는, 상기 디스플레이부는, 세션 키 설정을 위한 화면과 개인 식별 번호 입력을 위한 화면을 표시하며,Preferably, the display unit displays a screen for setting a session key and a screen for inputting a personal identification number.

세션 키 설정을 위한 상기 화면은, 개인 식별 번호를 구성할 수 있는 0 내지 9의 숫자가 순서대로 배열되어 세션 키 선택을 위한 행 번호로 사용될 제1 개인 식별 번호 배열; 개인 식별 번호를 구성할 수 있는 0 내지 9의 숫자가 순서대로 배열되어 세션 키 선택을 위한 열 번호로 사용될 제2 개인 식별 번호 배열; 및 세션 키로 사용될 임의의 2차원 기호 배열을 포함하며,The screen for setting a session key comprises: a first personal identification number arrangement in which numbers from 0 to 9, which may constitute a personal identification number, are arranged in order to be used as a row number for session key selection; A second personal identification number arrangement in which numbers from 0 to 9, which may constitute a personal identification number, are arranged in order to be used as a column number for session key selection; And an array of arbitrary two-dimensional symbols to be used as session keys,

개인 식별 번호 입력을 위한 상기 화면은, 개인 식별 번호를 구성할 수 있는 0 내지 9의 숫자가 순서대로 배열된 개인 식별 번호 배열; 및 개인 식별 번호에 의해 결정되어 세션 키로 사용될 기호를 포함하는 임의의 기호 배열을 포함할 수 있다.The screen for inputting a personal identification number includes: a personal identification number arrangement in which numbers from 0 to 9 which can constitute a personal identification number are arranged in order; And any symbol arrangement including a symbol determined by the personal identification number to be used as the session key.

더욱 바람직하게는, 상기 입력부는, 개인 식별 번호 입력을 위한 상기 화면에서 기호 배열을 좌측으로 이동시키는 제1 기호 이동 버튼; 기호 배열을 우측으로 이동시키는 제2 기호 이동 버튼; 및 입력을 완료하기 위한 입력 버튼을 포함할 수 있다.More preferably, the input unit comprises: a first symbol moving button for moving a symbol array to the left in the screen for inputting a personal identification number; A second symbol shift button for moving the symbol array to the right; And an input button for completing the input.

상기한 목적을 달성하기 위한 본 발명의 또 다른 특징에 따른 개인 식별 방법은,Personal identification method according to another aspect of the present invention for achieving the above object,

(1) 입력부를 통해 사용자의 ID를 입력받는 단계;(1) receiving an ID of a user through an input unit;

(2) 입력받은 상기 사용자 ID가 저장부에 저장되어 있는지 검색하고, 해당 ID에 대응하는 개인 식별 기호를 검색하는 단계;(2) searching whether the received user ID is stored in a storage unit, and searching for a personal identification symbol corresponding to the ID;

(3) 사용자가 개인 식별 번호에 의해 결정되는 세션 키를 파악할 수 있도록, 개인 식별 기호를 구성하는 기호들에 대하여 세션 키로 사용될 기호들을 임의로 배열한 세션 키 설정 화면을 디스플레이하는 단계;(3) displaying a session key setting screen arbitrarily arranging symbols to be used as the session key with respect to symbols constituting the personal identification symbol so that a user can grasp the session key determined by the personal identification number;

(4) 사용자가 파악된 세션 키를 이용하여 개인 식별 번호를 입력할 수 있도록, 개인 식별 기호를 구성하는 기호들에 대하여 세션 키로 사용될 기호들을 임의로 배열한 개인 식별 번호 입력 화면을 디스플레이하는 단계;(4) displaying a personal identification number input screen arbitrarily arranging the symbols to be used as the session key with respect to the symbols constituting the personal identification symbol so that the user can input the personal identification number using the identified session key;

(5) 기호 이동 버튼과 입력 버튼에 의한 사용자의 입력에 따라, 사용자의 입력 버튼이 입력될 때마다 세션 키에 해당하는 기호의 위치를 파악하여 개인 식별 기호를 입력받는 단계; 및(5) receiving a personal identification symbol by identifying a position of a symbol corresponding to a session key whenever a user input button is input, according to a user input by a symbol moving button and an input button; And

(6) 입력된 개인 식별 기호와 해당 ID에 대응하는 저장된 개인 식별 기호가 일치할 경우, 인증하는 단계를 포함하는 것을 그 구성상의 특징으로 한다.(6) When the input personal identification symbol and the stored personal identification symbol corresponding to the corresponding ID are matched, authentication is included.

바람직하게는, 상기 단계 (3)은, 개인 식별 기호를 구성하는 기호들의 2차원 배열에 대하여, 세션 키로 사용될 기호들을 임의로 배열하여 세션 키 설정 화면을 구성할 수 있다.Preferably, the step (3) may configure the session key setting screen by arranging the symbols to be used as the session keys with respect to the two-dimensional arrangement of the symbols constituting the personal identification symbol.

본 발명에 따르면, 개인 식별 번호에 의해 임의로 결정되는 세션 키를 이용하여 개인 식별 번호를 간접적으로 입력하게 함으로써, 동일한 개인 식별 번호에 대해서도 다양한 입력이 가능하게 하여 엿보기에 의한 공격을 방지할 수 있다. 즉, 본 발명에서 제안하는 방법에 따르면, 기존의 개인 식별 번호를 사용하던 대부분의 환경에 응용이 가능하면서도, 개인 식별 번호를 입력하는 과정을 녹화하여 분석하더라도 개인 식별 번호를 파악하기가 용이하지 않으므로 더욱 안전한 개인 식별 방법 및 장치를 제공할 수 있다.According to the present invention, by indirectly inputting a personal identification number using a session key arbitrarily determined by the personal identification number, various inputs can be made even for the same personal identification number, thereby preventing an attack by a peek. . That is, according to the method proposed by the present invention, it can be applied to most environments that used the existing personal identification number, but it is not easy to grasp the personal identification number even when recording and analyzing the process of inputting the personal identification number. It is possible to provide a more secure personal identification method and apparatus.

도 1은 본 발명의 일실시예에 따른 개인 식별 장치의 모습을 도시한 도면.1 is a view showing the appearance of a personal identification device according to an embodiment of the present invention.

도 2는 본 발명의 일실시예에 따른 개인 식별을 위한 디스플레이부를 도시한 구성도. 2 is a block diagram showing a display unit for personal identification according to an embodiment of the present invention.

도 3은 본 발명의 일실시예에 따른 개인 식별을 위한 입력부를 도시한 구성도.3 is a block diagram showing an input unit for personal identification according to an embodiment of the present invention.

도 4는 본 발명에 따른 개인 식별 번호에 의한 개인 식별 방법을 나타낸 순서도.Figure 4 is a flow chart illustrating a personal identification method by a personal identification number in accordance with the present invention.

도 5는 본 발명에 따른 일실시예로 개인 식별 번호가 1234일 경우 인증 과정을 도시한 도면.5 is a diagram illustrating an authentication process when the personal identification number is 1234 according to one embodiment of the present invention.

<도면의 주요 부분에 대한 부호의 설명><Explanation of symbols for the main parts of the drawings>

100: 개인 식별 장치100: personal identification device

110: 입력부110: input unit

120: 저장부120: storage unit

130: 연산부130: calculation unit

140: 디스플레이부140: display unit

210: 세션 키 설정을 위한 화면210: screen for setting a session key

220: 개인 식별 번호 첫 번째 숫자를 위한 숫자 배열220: Number array for first number of personal identification numbers

230: 임의로 배열된 2차원 기호 배열230: Arbitrarily arranged two-dimensional symbol array

240: 개인 식별 번호 두 번째 숫자를 위한 숫자 배열240: array of numbers for second number

260: 개인 식별 번호 입력을 위한 화면260: screen for entering a personal identification number

270: 개인 식별 번호 배열 270: array of personal identification numbers

280: 기호 배열280: symbol array

310: 제1 기호 이동 버튼(좌측)310: First Sign Shift Button (Left)

320: 제2 기호 이동 버튼(우측)320: second symbol movement button (right)

330: 입력 버튼330: enter button

590: 개인 식별 번호 1234를 입력하기 위한 사용자 입력590: User input to enter personal identification number 1234

이하 첨부 도면들 및 첨부 도면들에 기재된 내용들을 참조하여 본 발명의 바람직한 실시예를 상세하게 설명하지만, 본 발명이 실시예들에 의해 제한되거나 한정되는 것은 아니다.Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings and the contents described in the accompanying drawings, but the present invention is not limited or limited to the embodiments.

도 1은 본 발명의 일실시예에 따른 개인 식별 장치의 개괄적인 모습을 도시한 도면이다. 도 1에 도시된 개인 식별 장치에서 구성을 살펴보면 입력부(110), 저장부(120), 연산부(130), 디스플레이부(140)로 나눠볼 수 있다.1 is a view showing an overview of a personal identification device according to an embodiment of the present invention. In the personal identification device illustrated in FIG. 1, the configuration may be divided into an input unit 110, a storage unit 120, an operation unit 130, and a display unit 140.

입력부(110)는 키보드, 마우스, 터치스크린, 키패드, RFID, 스마트 카드, 바이오 인식(지문, 홍채, 음성, 안면) 및 기타 방법을 통해 사용자의 ID를 입력하기 위한 장치이다. 사용자는 입력부(110)를 통해 자신의 고유 ID를 입력하고, 입력부(110)는 입력받은 ID를 연산부(130)로 전송한다. 입력받은 사용자의 ID가 유효할 경우 접근 권한에 따라 개인 식별 방법을 통해 개인 식별 번호(PIN)를 입력받아 사용자의 접근을 수용하게 된다. 저장부(120)에서는 사용자의 ID와 이에 대응하는 개인 식별 번호를 저장하고 있다. 연산부(130)에서는 입력부(110)로부터 전송받은 ID를 저장부(120)에 있는 ID 목록에서 검색하여 유효한 사용자 ID인지 판단한다. 유효한 ID일 경우 이에 대응하는 개인 식별 번호를 가져오고, 입력부(110)를 통해 입력된 개인 식별 번호와 저장부(120)에 있는 개인 식별 번호를 비교하여 일치할 경우 접근을 수용한다. 유효하지 않은 ID일 경우 디스플레이부(140)에 유효하지 않은 ID임을 알려준다. 또한 입력부(110)로부터 받은 입력 값에 따라 기호를 배열하여 디스플레이부(140)로 전송해준다. 디스플레이부(140)는 개인 식별 번호 입력에 필요한 번호 배열과 세션 키로 사용될 기호들을 2차원 형태의 배열로 화면에 표시하고 사용자에게 사용법이나 오류 메시지 등의 안내 메시지를 제공한다. 입력부(110)와 디스플레이부(140)는 통합된 하나의 장치일 수 있다.The input unit 110 is a device for inputting a user's ID through a keyboard, a mouse, a touch screen, a keypad, an RFID, a smart card, a biometric (fingerprint, an iris, a voice, a face), and other methods. The user inputs his or her unique ID through the input unit 110, and the input unit 110 transmits the received ID to the operation unit 130. If the user ID is valid, the user's access is received by receiving a personal identification number (PIN) through a personal identification method according to the access authority. The storage unit 120 stores a user ID and a personal identification number corresponding to the user ID. The calculation unit 130 searches for the ID received from the input unit 110 in the ID list in the storage unit 120 and determines whether it is a valid user ID. If it is a valid ID, a personal identification number corresponding to the ID is taken, and the personal identification number input through the input unit 110 is compared with the personal identification number in the storage unit 120, and the access is accepted if it matches. If the ID is invalid, the display unit 140 informs the user that the ID is invalid. In addition, it arranges the symbols according to the input value received from the input unit 110 and transmits the symbols to the display unit 140. The display unit 140 displays the number array required for the input of the personal identification number and the symbols to be used as the session key on the screen in a two-dimensional array and provides a user with a guide message such as a usage message or an error message. The input unit 110 and the display unit 140 may be a single integrated device.

도 2는 본 발명의 일실시예에 따른 개인 식별을 위한 디스플레이부(140)의 개괄적인 모습을 도시한 도면이다. 도 2에 도시된 디스플레이부(140)의 구성을 살펴보면 크게 세션 키 설정을 위한 화면(210)과 개인 식별 번호 입력을 위한 화면(260)으로 구성되어 있다. 각각의 화면 구성을 살펴보면 세션 키 설정을 위한 화면(210)은 개인 식별 번호의 첫 번째 번호를 구성할 수 있는 0 내지 9의 숫자가 순서대로 배열된 숫자 배열(220)과 개인 식별 번호의 두 번째 번호를 구성할 수 있는 0 내지 9의 숫자가 순서대로 배열된 숫자 배열(240), 세션 키로 사용될 기호가 임의로 배열되어 있는 기호 배열(230)로 구성되어 있다. 숫자 배열(220)은 행 번호로 사용하고 숫자 배열(240)은 열 번호로 사용될 수 있다. 다음 버튼(250)은 사용자가 디스플레이부(140)에 출력된 2차원 배열에서 개인 식별 번호에 따른 세션 키를 확인한 후 개인 식별 번호를 입력하기 위한 화면으로 이동하기 위한 버튼으로서, 입력부(110)의 구성요소지만 설명의 편의를 위해 포함시켰다. 하지만 실제로 입력부(110)와 디스플레이부(140)는 통합된 하나의 장치로 구현될 수도 있으므로, 디스플레이부(140)에 다음 버튼(250)이 포함될 수도 있다. 사용자는 결정된 세션 키가 무엇인지 확인한 후 다음 버튼(250)을 눌러 개인 식별 번호 입력 화면(260)으로 이동한다. 개인 식별 번호 입력 화면(260)은 개인 식별 번호를 구성할 수 있는 0 내지 9의 숫자가 순서대로 배열된 개인 식별 번호 배열(270)과 세션 키를 구성할 수 있는 임의의 기호 배열(280)로 구성되어 있다.2 is a view showing an overview of the display unit 140 for personal identification according to an embodiment of the present invention. Looking at the configuration of the display unit 140 shown in Figure 2 is largely composed of a screen 210 for setting the session key and a screen 260 for inputting a personal identification number. Looking at each screen configuration, the screen for setting the session key 210 is the number array 220 and the second number of the personal identification number arranged in order of the number of 0 to 9 which can constitute the first number of the personal identification number It consists of a numeric array 240 in which numbers from 0 to 9, which may constitute a number, are arranged in order, and a symbol array 230 in which a symbol to be used as a session key is arbitrarily arranged. Numeric array 220 may be used as the row number and numeric array 240 may be used as the column number. The next button 250 is a button for the user to check the session key according to the personal identification number in the two-dimensional array output to the display unit 140, and then move to a screen for inputting the personal identification number, the input unit 110 Components are included for convenience of explanation. However, since the input unit 110 and the display unit 140 may be implemented as one integrated device, the next button 250 may be included in the display unit 140. After confirming the determined session key, the user presses the next button 250 to move to the personal identification number input screen 260. The personal identification number input screen 260 is a personal identification number array 270 in which numbers from 0 to 9 which can constitute a personal identification number are arranged in order, and an arbitrary symbol array 280 that can constitute a session key. Consists of.

도 3은 본 발명의 일실시예에 따른 개인 식별을 위한 입력부(110)의 개괄적인 모습을 도시한 도면이다. 도 3에 도시된 입력부(110)의 구성을 살펴보면, 디스플레이부(140)의 개인 식별 번호의 입력을 위한 화면(260)에서 기호 배열(280)을 좌측으로 한 칸씩 이동시키는 제1 기호 이동 버튼(310)과 우측으로 한 칸씩 이동시키는 제2 기호 이동 버튼(320), 세션 키에 해당하는 기호가 원하는 위치에 있는 경우 입력을 완료하기 위한 입력 버튼(330)으로 구성되어 있다. 입력부(110)로는 도 3에 제시된 형태 이외에 일반적인 키보드, 마우스, 터치스크린, 키패드, RFID, 스마트 카드, 바이오 인식(지문, 홍채, 음성, 안면) 및 기타 수단을 이용될 수 있다.3 is a view showing an overview of the input unit 110 for personal identification according to an embodiment of the present invention. Referring to the configuration of the input unit 110 shown in FIG. 3, the first symbol shift button for moving the symbol array 280 to the left by one space on the screen 260 for inputting the personal identification number of the display unit 140 ( 310 and a second symbol movement button 320 to move one space to the right, and an input button 330 for completing the input when the symbol corresponding to the session key is in a desired position. The input unit 110 may use a general keyboard, mouse, touch screen, keypad, RFID, smart card, biometric (fingerprint, iris, voice, face) and other means in addition to the form shown in FIG.

도 4는 개인 식별 번호를 이용하여 올바른 사용자인지 인증하는 방법을 개괄적으로 도시한 순서도이다. 도 4에 도시된 순서도에 의한 인증 방법을 살펴보면, 먼저 사용자가 개인 식별 장치(100)의 입력부(110)를 통해 ID를 입력하면 개인 식별 장치(100)의 연산부(130)는 저장부(120)를 통해 입력된 ID가 인증 리스트에 있는지 확인하여 접근 권한이 있는지 여부를 판단한다(S410). 입력된 ID가 인증 리스트에 없는 경우 인증이 실패되어 종료하고 입력된 ID가 인증 리스트에 존재하는 경우 다음 단계로 넘어간다. 이때, ID는 사용자에 의해 능동적으로 입력될 수 있고, RFID나 스마트 카드 등을 이용하여 자동으로 입력될 수 있다. ID가 인증되면, 연산부(130)는 저장부(120)를 통해 ID에 대응되는 개인 식별 번호를 가져온다(S420). 연산부(130)는 화면에 표시될 기호들을 임의의 순서로 배열하고(S430), 디스플레이부(140)를 통해 임의의 순서로 배열된 기호들을 2차원 배열의 형태로 화면에 표시한다(S440). 사용자는 디스플레이부(140)의 세션 키 설정을 위한 화면(210)을 보고, 예를 들어 자신의 개인 식별 번호의 첫 번째 숫자를 행 번호로, 개인 식별 번호의 두 번째 숫자를 열 번호로 하는 기호를 임의의 순서로 배열된 2차원 기호 배열에서 찾아 세션 키로 사용한다(S450). 사용자가 입력부(110)의 다음 버튼(250)을 누르면 개인 식별 장치(100)의 연산부(130)는 임의의 순서로 기호를 배열하여 디스플레이부(140)에 전달한다. 디스플레이부(140)는 임의의 순서로 배열된 기호를 개인 식별 번호 입력을 위한 화면(260)의 기호 배열(280)에 표시한다(S460).4 is a flowchart schematically illustrating a method of authenticating whether a user is a correct user using a personal identification number. Referring to the authentication method according to the flowchart shown in FIG. 4, first, when a user inputs an ID through the input unit 110 of the personal identification device 100, the operation unit 130 of the personal identification device 100 stores the storage unit 120. It is determined whether the ID entered through the authentication list is in the access authority (S410). If the entered ID is not in the authentication list, the authentication fails and ends. If the entered ID exists in the authentication list, the process proceeds to the next step. In this case, the ID may be actively input by the user and may be automatically input by using an RFID or a smart card. If the ID is authenticated, the operation unit 130 brings a personal identification number corresponding to the ID through the storage unit 120 (S420). The calculator 130 arranges the symbols to be displayed on the screen in an arbitrary order (S430), and displays the symbols arranged in the random order on the screen in the form of a two-dimensional array (S440). The user looks at the screen 210 for setting the session key of the display unit 140, for example, the first number of his or her personal identification number as the row number, and the second number of the personal identification number as the column number. Is found in a two-dimensional symbol array arranged in an arbitrary order and used as a session key (S450). When the user presses the next button 250 of the input unit 110, the operation unit 130 of the personal identification device 100 arranges the symbols in an arbitrary order and transmits the symbols to the display unit 140. The display 140 displays the symbols arranged in any order on the symbol arrangement 280 of the screen 260 for inputting the personal identification number (S460).

사용자는 임의의 순서로 배열된 기호 배열(280)에서 개인 식별 번호에 의해 결정된 세션 키 도형의 위치를 확인한 후 개인 식별 번호의 첫 번째 숫자 아래에 위치하도록 입력부(110)의 기호 이동 버튼(310)(320)을 통해 기호 배열(280)을 움직인다. 세션 키를 통해 첫 번째 개인 식별 번호를 입력하면 연산부(130)에 의해 기호 배열(280)은 재배열되고, 사용자는 개인 식별 번호의 두 번째 숫자 바로 아래에 세션 키 기호가 위치하도록 이동시켜 개인 식별 번호를 입력한다. 마찬가지로 개인 식별 번호가 입력되면 연산부(130)에 의해 기호 배열(280)은 재배열되고 사용자는 개인 식별 번호의 세 번째 숫자 바로 아래에 세션 키 기호가 위치하도록 이동시켜 개인 식별 번호를 입력한다. 개인 식별 번호가 입력되면 연산부(130)에 의해 기호 배열(280)은 재배열되고 마지막으로 사용자는 개인 식별 번호의 네 번째 자리 숫자의 바로 아래에 세션 키 기호가 위치하도록 입력부(110)를 통해 입력한다(S470).The user checks the position of the session key figure determined by the personal identification number in the symbol array 280 arranged in any order, and then moves the symbol 310 of the input unit 110 to be located below the first number of the personal identification number. Move symbol array 280 through 320. When the first personal identification number is input through the session key, the symbol array 280 is rearranged by the operation unit 130, and the user moves the session key symbol to be located immediately below the second number of the personal identification number to identify the personal. Enter a number. Similarly, when the personal identification number is input, the symbol array 280 is rearranged by the operation unit 130, and the user inputs the personal identification number by moving the session key symbol to be located immediately below the third number of the personal identification number. When the personal identification number is input, the symbol array 280 is rearranged by the operation unit 130, and finally, the user inputs through the input unit 110 such that the session key symbol is located immediately below the fourth digit of the personal identification number. (S470).

이러한 과정은 개인 식별 번호가 4자리가 아닌 경우에도 같은 방법으로 적용되며, 개인 식별 번호가 숫자가 아닌 문자, 도형, 이미지, 색깔로 구성되어도 역시 같은 방법으로 적용 가능하다.This process is applied in the same way even if the personal identification number is not four digits, and can be applied in the same way even if the personal identification number is composed of letters, figures, images and colors other than numbers.

개인 식별 장치(100)의 연산부(130)는 입력부(110)를 통해 입력된 개인 식별 번호와 저장부(120)로부터 얻은 개인 식별 번호를 비교하여 일치하면 사용자를 유효한 사용자로 인증하고, 불일치하면 사용자를 유효하지 않은 사용자로 인식하여 인증을 불허한다(S480).The operation unit 130 of the personal identification device 100 compares the personal identification number input through the input unit 110 with the personal identification number obtained from the storage unit 120 and authenticates the user as a valid user if they match. Recognizes as an invalid user and disallows authentication (S480).

도 5는 개인 식별 번호가 1234이고 세션 키 설정을 위한 화면이 (510)과 같을 경우 인증 과정을 도시한 도면이다. 사용자는 임의로 배열된 2차원 기호 배열(512)에서 개인 식별 번호의 첫 번째 숫자인 1을 행 번호로, 두 번째 숫자인 2를 열 번호로 하는 기호 ♥를 찾아 세션 키로 사용한다. 개인 식별 번호에 따른 세션 키 기호를 확인한 후, 다음 버튼(514)을 통해 개인 식별 번호 입력을 위한 화면(520)으로 이동한다. 우선 사용자는 개인 식별 번호의 첫 번째 숫자 1의 아래에 ♥가 위치하도록 우측으로 두 칸 이동시키기 위해 기호 배열 이동 버튼(320)을 두 번 눌러 (530)과 같은 화면을 얻는다. 사용자가 입력 버튼(330)을 누르면 연산부(130)는 기호를 임의로 재배열하여 디스플레이부(140)에 전달하고 디스플레이부(140)는 새롭게 배열된 화면(540)을 보여준다. 새롭게 배열된 화면(540)에서 사용자는 ♥의 위치를 확인하고 개인 식별 번호의 두 번째 숫자 2의 아래에 ♥가 위치하도록 왼쪽으로 한 칸 이동시킨다(550). 그리고 입력 버튼(330)을 눌러 두 번째 개인 식별 번호 2를 입력한다. 두 번째 개인 식별 번호를 입력하면 사용자는 다시 임의로 배열된 디스플레이 화면(560)을 볼 수 있다. 사용자는 세 번째 개인 식별 번호 3을 입력하기 위해 ♥를 좌로 세 칸 이동시킨다(570). 그리고 입력 버튼(330)을 눌러 세 번째 개인 식별 번호 3을 입력한다. 그러면 사용자는 동일하게 임의로 배열된 디스플레이 화면(580)을 볼 수 있고, 네 번째 개인 식별 번호 4의 아래에 ♥가 위치된 기호 배열이 생성되었을 경우 기호 배열의 이동 없이 입력 버튼(330)을 눌러 네 번째 개인 식별 번호 4를 입력한다. 사용자에게 주어진 세션 키 설정을 위한 화면이 (510)이고, 개인 식별 번호의 각 자릿수를 위한 화면이 각각 (520), (540), (560), (580)과 같다면 사용자가 개인 식별 번호를 입력하기 위해 사용되는 입력은 (590)과 같다.5 is a diagram illustrating an authentication process when the personal identification number is 1234 and the screen for setting the session key is equal to 510. In the randomly arranged two-dimensional symbol array 512, the user finds the symbol ♥ having the first number of the personal identification number as the row number and the second number 2 as the column number, and uses it as the session key. After confirming the session key symbol according to the personal identification number, the screen 520 for inputting the personal identification number is moved through the next button 514. First, the user presses the symbol array shift button 320 twice to move the cursor two spaces to the right to place ♥ under the first digit 1 of the personal identification number to obtain a screen such as 530. When the user presses the input button 330, the operation unit 130 rearranges the symbols arbitrarily and transmits them to the display unit 140, and the display unit 140 shows the newly arranged screen 540. In the newly arranged screen 540, the user checks the location of ♥ and moves one space to the left to place ♥ below the second number 2 of the personal identification number (550). Then, the input button 330 is pressed to input the second personal identification number 2. By entering the second personal identification number, the user can see the display screen 560 randomly arranged again. The user moves ♥ to the left three spaces to enter the third personal identification number 3 (570). The third personal identification number 3 is input by pressing the input button 330. Then, the user can see the same randomly arranged display screen 580, and if the symbol array having ♥ positioned below the fourth personal identification number 4 is generated, the user presses the input button 330 without moving the symbol array. Enter the fourth personal identification number 4. If the screen for setting the session key given to the user is 510 and the screen for each digit of the personal identification number is equal to 520, 540, 560, and 580, the user enters the personal identification number. The input used to input is equal to 590.

기호 배열(230)은 숫자나 문자, 도형, 이미지, 색깔 등 사용자가 구분하기 쉬운 모든 수단으로 변경이 가능하며, 개인 식별 번호도 숫자가 아닌 문자, 도형, 이미지, 색깔 등 사용자가 구분하기 쉬운 모든 수단으로 변경이 가능하다. 개인 식별 번호의 구성은 4자리 이외에 다른 개수로도 변경이 가능하다.The symbol array 230 may be changed by any means easy for the user to distinguish, such as numbers, letters, shapes, images, and colors, and the personal identification number may be easily identified by the user such as letters, shapes, images, and colors. It can be changed by means. The configuration of the personal identification number can be changed to any number other than four digits.

또한 본 발명의 일실시예에 따르면 2차원 배열에 의한 세션 키 설정은 사용자의 개인 식별 번호 입력 중에도 추가로 할 수 있다. 예를 들어, 도 5에서 두 번째 개인 식별 번호 입력(550)이 완료된 후 초기의 세션 키 설정 화면(510)과 다른 새롭게 배열된 세션 키 설정 화면을 사용자에게 보여주어 세션 키를 변경하고 세 번째 및 네 번째 개인 식별 번호는 새로 설정된 세션 키에 맞추어 입력하도록 할 수 있다.In addition, according to an embodiment of the present invention, the session key setting by the two-dimensional arrangement may be additionally performed during the input of the personal identification number of the user. For example, in FIG. 5, after the second personal identification number input 550 is completed, the user may be presented with a newly arranged session key setting screen different from the initial session key setting screen 510 to change the session key. The fourth personal identification number can be entered according to the newly set session key.

기존의 개인 식별 번호 입력 방식은 공격자가 한번 어깨너머로 엿보는 것만으로 손쉽게 개인 식별 정보를 알아낼 수 있으나, 본 발명에서 제안하는 방법은 개인 식별 번호를 직접적으로 입력하는 것이 아니므로 세션 키를 모르는 공격자는 어깨너머로 엿보는 것만으로 개인 식별 정보를 쉽게 알아낼 수 없으므로 안전하다. 또한 기존의 개인 식별 번호를 사용하던 대부분의 환경에 응용이 가능하다.In the conventional personal identification number input method, the attacker can easily find the personal identification information by peeping over the shoulder once, but the method proposed by the present invention does not directly input the personal identification number, so the attacker who does not know the session key has a shoulder It's safe because you can't easily identify any personally identifiable information just by peeping over it. It can also be applied to most environments that used the existing personal identification number.

이상과 같이 본 발명은 비록 한정된 실시예와 도면에 의해 설명되었으나, 본 발명은 상기의 실시예에 한정되는 것은 아니며, 본 발명이 속하는 분야에서 통상의 지식을 가진 자라면 이러한 기재로부터 다양한 수정 및 변형이 가능하다. 그러므로, 본 발명의 범위는 설명된 실시예에 국한되어 정해져서는 아니 되며, 후술하는 특허청구범위뿐 아니라 이 특허청구범위와 균등한 것들에 의해 정해져야 한다.As described above, although the present invention has been described with reference to limited embodiments and drawings, the present invention is not limited to the above embodiments, and those skilled in the art to which the present invention pertains various modifications and variations from such descriptions. This is possible. Therefore, the scope of the present invention should not be limited to the described embodiments, but should be determined not only by the claims below but also by the equivalents of the claims.

Claims (5)

입력부, 저장부, 연산부 및 디스플레이부를 포함하여 구성되는 개인 식별 장치에 있어서,In the personal identification device comprising an input unit, a storage unit, a calculation unit and a display unit, 개인 식별 번호(Personal Identification Number, PIN, 비밀번호)를 직접적으로 입력하지 않고, 개인 식별 번호 중 일부의 조합을 이용하여 결정되는 일회성의 세션 키를 이용하여 간접적으로 개인 식별 번호를 입력하는 것을 특징으로 하는 개인 식별 장치.Rather than directly entering a personal identification number (PIN, password), the personal identification number is indirectly entered using a one-time session key determined using a combination of some of the personal identification numbers. Personal identification device. 제1항에 있어서,The method of claim 1, 상기 디스플레이부는, 세션 키 설정을 위한 화면과 개인 식별 번호 입력을 위한 화면을 표시하며,The display unit displays a screen for setting a session key and a screen for inputting a personal identification number. 세션 키 설정을 위한 상기 화면은, 개인 식별 번호를 구성할 수 있는 0 내지 9의 숫자가 순서대로 배열되어 세션 키 선택을 위한 행 번호로 사용될 제1 개인 식별 번호 배열; 개인 식별 번호를 구성할 수 있는 0 내지 9의 숫자가 순서대로 배열되어 세션 키 선택을 위한 열 번호로 사용될 제2 개인 식별 번호 배열; 및 세션 키로 사용될 임의의 2차원 기호 배열을 포함하며,The screen for setting a session key comprises: a first personal identification number arrangement in which numbers from 0 to 9, which may constitute a personal identification number, are arranged in order to be used as a row number for session key selection; A second personal identification number arrangement in which numbers from 0 to 9, which may constitute a personal identification number, are arranged in order to be used as a column number for session key selection; And an array of arbitrary two-dimensional symbols to be used as session keys, 개인 식별 번호 입력을 위한 상기 화면은, 개인 식별 번호를 구성할 수 있는 0 내지 9의 숫자가 순서대로 배열된 개인 식별 번호 배열; 및 개인 식별 번호에 의해 결정되어 세션 키로 사용될 기호를 포함하는 임의의 기호 배열을 포함하는 것을 특징으로 하는 개인 식별 장치.The screen for inputting a personal identification number includes: a personal identification number arrangement in which numbers from 0 to 9 which can constitute a personal identification number are arranged in order; And any symbol arrangement comprising a symbol determined by the personal identification number to be used as the session key. 제2항에 있어서,The method of claim 2, 상기 입력부는, 개인 식별 번호 입력을 위한 상기 화면에서 기호 배열을 좌측으로 이동시키는 제1 기호 이동 버튼; 기호 배열을 우측으로 이동시키는 제2 기호 이동 버튼; 및 입력을 완료하기 위한 입력 버튼을 포함하는 것을 특징으로 하는 개인 식별 장치.The input unit may include: a first symbol moving button for moving a symbol array to the left in the screen for inputting a personal identification number; A second symbol shift button for moving the symbol array to the right; And an input button for completing the input. (1) 입력부를 통해 사용자의 ID를 입력받는 단계;(1) receiving an ID of a user through an input unit; (2) 입력받은 상기 사용자 ID가 저장부에 저장되어 있는지 검색하고, 해당 ID에 대응하는 개인 식별 기호를 검색하는 단계;(2) searching whether the received user ID is stored in a storage unit, and searching for a personal identification symbol corresponding to the ID; (3) 사용자가 개인 식별 번호에 의해 결정되는 세션 키를 파악할 수 있도록, 개인 식별 기호를 구성하는 기호들에 대하여 세션 키로 사용될 기호들을 임의로 배열한 세션 키 설정 화면을 디스플레이하는 단계;(3) displaying a session key setting screen arbitrarily arranging symbols to be used as the session key with respect to symbols constituting the personal identification symbol so that a user can grasp the session key determined by the personal identification number; (4) 사용자가 파악된 세션 키를 이용하여 개인 식별 번호를 입력할 수 있도록, 개인 식별 기호를 구성하는 기호들에 대하여 세션 키로 사용될 기호들을 임의로 배열한 개인 식별 번호 입력 화면을 디스플레이하는 단계;(4) displaying a personal identification number input screen arbitrarily arranging the symbols to be used as the session key with respect to the symbols constituting the personal identification symbol so that the user can input the personal identification number using the identified session key; (5) 기호 이동 버튼과 입력 버튼에 의한 사용자의 입력에 따라, 사용자의 입력 버튼이 입력될 때마다 세션 키에 해당하는 기호의 위치를 파악하여 개인 식별 기호를 입력받는 단계; 및(5) receiving a personal identification symbol by identifying a position of a symbol corresponding to a session key whenever a user input button is input, according to a user input by a symbol moving button and an input button; And (6) 입력된 개인 식별 기호와 해당 ID에 대응하는 저장된 개인 식별 기호가 일치할 경우, 인증하는 단계(6) if the entered personal identification symbol and the stored personal identification symbol corresponding to the ID match, authenticating 를 포함하는 것을 특징으로 하는 개인 식별 방법.Personal identification method comprising a. 제8항에 있어서, 상기 단계 (3)은,The method of claim 8, wherein step (3) comprises 개인 식별 기호를 구성하는 기호들의 2차원 배열에 대하여, 세션 키로 사용될 기호들을 임의로 배열하여 세션 키 설정 화면을 구성하는 것을 특징으로 하는 개인 식별 방법.A personal identification method comprising: a two-dimensional array of symbols constituting a personal identification symbol, randomly arranging symbols to be used as a session key to configure a session key setting screen.
PCT/KR2009/000813 2009-01-23 2009-02-20 Method and apparatus for personal identification using a symbol array Ceased WO2010085021A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR20090005975 2009-01-23
KR10-2009-0005975 2009-01-23

Publications (1)

Publication Number Publication Date
WO2010085021A1 true WO2010085021A1 (en) 2010-07-29

Family

ID=42356062

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2009/000813 Ceased WO2010085021A1 (en) 2009-01-23 2009-02-20 Method and apparatus for personal identification using a symbol array

Country Status (1)

Country Link
WO (1) WO2010085021A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040056273A (en) * 2002-12-23 2004-06-30 신화식 ATM and Lock Having Random Numeric Keypad for Inputting Password and Method of Inputting Password Using the Same
KR20050074434A (en) * 2002-08-09 2005-07-18 박승배 Method and system for processing password inputted by the matching of cells
KR100536072B1 (en) * 2005-02-28 2005-12-14 주식회사 소리나무미디어 System for inputting secret information and method of interpreting secret information

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050074434A (en) * 2002-08-09 2005-07-18 박승배 Method and system for processing password inputted by the matching of cells
KR20040056273A (en) * 2002-12-23 2004-06-30 신화식 ATM and Lock Having Random Numeric Keypad for Inputting Password and Method of Inputting Password Using the Same
KR100536072B1 (en) * 2005-02-28 2005-12-14 주식회사 소리나무미디어 System for inputting secret information and method of interpreting secret information

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JONG-WONG PARK, SANG-HA LEE, BYUNG-RYUL LIM: "Virtual Key Input System for Secure Two-Factor Authentication", THE 16TH JOINT CONFERENCE ON COMMUNICATIONS & INFORMATION, 2006, SECTION 3. VIRTUAL KEY INPUT SYSTEM, 2006 *

Similar Documents

Publication Publication Date Title
KR100960517B1 (en) Graphic OTP authentication method and authentication system using same
CN100361115C (en) Method and system for processing passwords entered via cell matching
KR101132368B1 (en) System for safely inputting password using shift value of password input and method thereof
KR101425171B1 (en) Apparatus and method for input user password
US20120120013A1 (en) Method for encoded input and control by fingerprint
JP6050760B2 (en) INPUT INFORMATION AUTHENTICATION DEVICE, SERVER DEVICE, INPUT INFORMATION AUTHENTICATION SYSTEM, AND DEVICE PROGRAM
US20130291096A1 (en) Fraud resistant passcode entry system
US20150235190A1 (en) Method and system for secure entry of identification data for the authentication of a transaction being performed by means of a self-service terminal
WO2011136464A1 (en) Password security input system using shift value of password key and password security input method thereof
Revathy et al. Advanced safe PIN-Entry against human shoulder-surfing
WO2015034160A1 (en) Password authentication method using user-set memory
Chabbi et al. A new security solution enhancing the dynamic array pin protocol
KR101051037B1 (en) User authentication method
WO2010085021A1 (en) Method and apparatus for personal identification using a symbol array
JP5705169B2 (en) INPUT INFORMATION AUTHENTICATION DEVICE, SERVER DEVICE, INPUT INFORMATION AUTHENTICATION SYSTEM, AND DEVICE PROGRAM
WO2017209364A1 (en) Card payment processing system using biometric information and processing method thereof
JP3790996B1 (en) PIN code input device and program
WO2010085020A1 (en) Method and apparatus for secure personal identification
KR101063523B1 (en) User authentication method using a user authentication password consisting of two or more characters
WO2011013991A2 (en) Password-processing method and system for performing the method
KR101155532B1 (en) Method for processing security number and system using the same
KR20080011362A (en) How to prevent hacking of graphic OTP
KR20050022576A (en) Password input method for preventing password from being exposing
WO2017030210A1 (en) User authentication method using graphic otp
JP2013127662A (en) Input information authentication device, server, input information authentication system, and program for the device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09838908

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09838908

Country of ref document: EP

Kind code of ref document: A1