[go: up one dir, main page]

WO2015105289A1 - Système d'authentification de sécurité d'utilisateur et procédé associé dans un environnement internet - Google Patents

Système d'authentification de sécurité d'utilisateur et procédé associé dans un environnement internet Download PDF

Info

Publication number
WO2015105289A1
WO2015105289A1 PCT/KR2014/012664 KR2014012664W WO2015105289A1 WO 2015105289 A1 WO2015105289 A1 WO 2015105289A1 KR 2014012664 W KR2014012664 W KR 2014012664W WO 2015105289 A1 WO2015105289 A1 WO 2015105289A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
body information
data
member authentication
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2014/012664
Other languages
English (en)
Korean (ko)
Inventor
조준호
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gmarket Inc
Original Assignee
eBay Korea LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by eBay Korea LLC filed Critical eBay Korea LLC
Publication of WO2015105289A1 publication Critical patent/WO2015105289A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • AHUMAN NECESSITIES
    • A41WEARING APPAREL
    • A41DOUTERWEAR; PROTECTIVE GARMENTS; ACCESSORIES
    • A41D7/00Bathing gowns; Swim-suits, drawers, or trunks; Beach suits
    • A41D7/001Non-sinkable swim-suits, drawers or trunks
    • A41D7/003Non-sinkable swim-suits, drawers or trunks provided with inflatable elements
    • AHUMAN NECESSITIES
    • A41WEARING APPAREL
    • A41DOUTERWEAR; PROTECTIVE GARMENTS; ACCESSORIES
    • A41D13/00Professional, industrial or sporting protective garments, e.g. surgeons' gowns or garments protecting against blows or punches
    • A41D13/012Professional, industrial or sporting protective garments, e.g. surgeons' gowns or garments protecting against blows or punches for aquatic activities, e.g. with buoyancy aids
    • A41D13/0125Professional, industrial or sporting protective garments, e.g. surgeons' gowns or garments protecting against blows or punches for aquatic activities, e.g. with buoyancy aids with buoyancy aids
    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63BAPPARATUS FOR PHYSICAL TRAINING, GYMNASTICS, SWIMMING, CLIMBING, OR FENCING; BALL GAMES; TRAINING EQUIPMENT
    • A63B31/00Swimming aids

Definitions

  • the present invention relates to a user security authentication system and method thereof in an Internet environment, and more particularly, when a user logs in to any web service provider system, the user's body information (eg, fingerprint, iris, etc.).
  • the user's body information eg, fingerprint, iris, etc.
  • the present invention relates to a user security authentication system and method thereof in an Internet environment.
  • the Internet is composed of computers that are separated from each other and can communicate with each other based on the Transmission Control Protocol / Internet Protocol (TCP / IP). Can be shared with each other.
  • TCP / IP Transmission Control Protocol / Internet Protocol
  • the Internet provided services such as electronic mail, gopher, telnet, and File Transfer Protocol (FTP), but it was not widely spread due to limited services based on text.
  • FTP File Transfer Protocol
  • the web may provide various types of information (eg, text, images, video, audio, etc.) based on a communication protocol called HTTP (HyperText Transfer Protocol) and a language called HyperText Markup Language (HTML).
  • HTTP HyperText Transfer Protocol
  • HTML HyperText Markup Language
  • the web initially provided a hypertext for simply connecting text information by a hyperlink technique that enables direct movement from one information to another. It implements hypermedia that directly connects images, videos, and voices according to the demand for.
  • any web service provider system operates a certain user identification (member ID and password) and authentication mechanism for user management and security reasons. Therefore, each user is given certain identification information for use of any web service provider system, and a separate authentication procedure for the identification information is performed every time.
  • the user identification may be given readability in a form for remembering itself, which may lead to the exposure of personal information depending on the situation.
  • Patent Document 1 Domestic Patent Publication No. 10-2007-0107395
  • the object of the present invention is to provide a user with a user's body information (eg, fingerprint, iris, etc.) when the user log-in to any web service provider system (Login)
  • a user's body information eg, fingerprint, iris, etc.
  • Login web service provider system
  • An object of the present invention is to provide a user security authentication system and a method thereof.
  • a user terminal is mounted a web browser; Connected to the user terminal through the Internet to transmit a web page in response to the access of the user terminal, and in response to a web service request, transmits the member authentication means to the web page of the user terminal, encrypted member from the user terminal
  • a web server providing a web service to the user terminal in response to receiving authentication data
  • a member authentication information DB in which member information of users registered as members in order to receive a web service provided by the web server and member authentication data for authenticating a member are stored; And receiving encrypted member authentication data from the user terminal through the web server, decrypting it, and comparing and analyzing the decrypted member authentication data and member authentication data stored in the member authentication information DB to determine whether the user is authenticated.
  • It includes a member authentication server to determine, wherein the member authentication means is made of a body information recognition module for receiving the user's specific body information, the member authentication data transmitted from the user terminal is a member login with the user's specific body information It is to provide a user security authentication system in the Internet environment, characterized in that the combination of the validity key corresponding to the current time information of the city consisting of newly encrypted data each time.
  • the body information recognition module is preferably made by calling the body information recognition means pre-installed in the user terminal to receive the user's body information through the user's fingerprint or iris recognition.
  • the member authentication means may be further provided with a password input module to receive a password registered during the initial membership registration with the body information recognition module.
  • the member authentication data transmitted from the user terminal is composed of non-toxic encrypted digital code data arranged by randomly combining the order of the valid body key and the specific body information data of the user converted into a specific character string. Can be.
  • the member authentication server receives the encrypted member authentication data from the user terminal, decrypts the user's specific body information data and the valid key, and then separates the user's specific body information data and the member. If the user's authentication data is stored in the authentication information DB and the same is compared with the specific body information data of the registered user at the time of initial membership registration, check whether the separated validity key is included within a predetermined time range, and whether the user's membership authentication is performed. You can judge.
  • the member authentication server receives the encrypted member authentication data from the user terminal and decrypts it. After separating the user's specific body information data, validity key and password, the user's specific body information data and password and the user's specific body information registered during the initial membership registration in the member authentication data stored in the member authentication information DB If the data and the password are the same, it is possible to determine whether the user is authenticated by checking whether the separated validity key is included within a predetermined time range.
  • the member authentication server may reject the member authentication of the user.
  • the user terminal when accessing the web server and logging in as a member, calls a dedicated app for recognizing the user's body information from the plug-in built in the web browser, receives the user's specific body information, and delivers the user's specific body information to the web browser.
  • the encrypted member authentication data may be transmitted to the web server by combining the validity key together with the specific body information of the user transmitted through the web browser.
  • the validity key may include digital code data that encrypts time information including a current date (year / month / day) and a time (hour / minute / second) when a user logs in.
  • the user terminal is made of a smart phone that performs a shopping mall related application service, and may be configured to be connected to the web server through the shopping mall related application service.
  • a method of performing user security authentication using a system including a web server and a member authentication server connected to a user terminal on which a web browser is mounted and an Internet to provide a web service.
  • Requesting a web service to the web server through the user terminal (b) transmitting member authentication means to a web page of a corresponding user terminal in response to the web service request in step (a) through the web server; (c) transmitting the encrypted member authentication data to the web server using the member authentication means transmitted in the step (b) through the user terminal; (d) receive the encrypted member authentication data transmitted in step (c) through the member authentication server and decrypt it, and compare the decrypted member authentication data with the member authentication data previously stored in a separate member authentication information DB.
  • the member The authentication means is composed of a body information recognition module for receiving the user's specific body information, in step (c), the member authentication data transmitted from the user terminal is the current time information at the time of member login with the user's specific body information
  • the body information recognition module is preferably made by calling the body information recognition means pre-installed in the user terminal to receive the user's body information through the user's fingerprint or iris recognition.
  • the member authentication means may be further provided with a password input module to receive a password registered during the initial membership registration with the body information recognition module.
  • the member authentication data transmitted from the user terminal is a non-toxic, arranged by randomly combining the order of the valid body and the specific body information data of the user converted into a specific character string It may consist of encrypted digital code data.
  • the member authentication server receives encrypted member authentication data from the user terminal and decrypts it to separate the user's specific body information data and the valid key, and then specify the separated user's
  • the physical information data and the member authentication data stored in the member authentication information DB are compared with the specific body information data of the user registered at the time of initial membership registration, it is checked whether the separated validity key is included within a predetermined time range. It is possible to determine whether the user is authenticated.
  • the member authentication server is encrypted member authentication from the user terminal After receiving and decrypting the data to separate the user's specific body information data, validity key and password, and registered at the first membership registration from the member's specific body information data and password and the member authentication data stored in the member authentication information DB
  • the member authentication server is encrypted member authentication from the user terminal After receiving and decrypting the data to separate the user's specific body information data, validity key and password, and registered at the first membership registration from the member's specific body information data and password and the member authentication data stored in the member authentication information DB
  • the member authentication server may reject the member authentication of the user.
  • the user terminal accesses the web server and calls a dedicated app for recognizing the user's body information in a plug-in built in the web browser to log in a member to input specific body information of the user.
  • the encrypted member authentication data can be transmitted to the web server by combining the validity key with the specific body information of the user through the web browser.
  • the validity key may include digital code data that encrypts time information including a current date (year / month / day) and a time (hour / minute / second) when a user logs in.
  • the user terminal is made of a smartphone that performs a shopping mall-related application service, it may be made to be connected to the web server through the shopping mall-related application service.
  • a third aspect of the present invention is to provide a recording medium on which a program for executing the user security authentication method in the above-described Internet environment is recorded.
  • the user security authentication method in the Internet environment using the Internet according to the present invention can be implemented in a computer-readable code on a computer-readable recording medium.
  • Computer-readable recording media include all types of recording devices that store data that can be read by a computer system.
  • a computer-readable recording medium may be a ROM, a RAM, a CD-ROM, a magnetic tape, a hard disk, a floppy disk, a removable storage device, a nonvolatile memory (Flash memory).
  • Flash memory nonvolatile memory
  • the user's body information eg, fingerprint, iris, etc.
  • Login any web service provider system
  • FIG. 1 is an overall block diagram illustrating a user security authentication system in an Internet environment according to an embodiment of the present invention.
  • FIG. 2 is a flowchart illustrating a user security authentication method in an internet environment according to an embodiment of the present invention.
  • 3 and 4 are diagrams illustrating various methods of member login for accessing a web service provider system applied to an embodiment of the present invention.
  • FIG. 5 is a diagram conceptually illustrating a process of encrypting member authentication data transmitted from a user terminal applied to an embodiment of the present invention.
  • first, second, etc. are used to describe various elements, components and / or sections, these elements, components and / or sections are of course not limited by these terms. These terms are only used to distinguish one element, component or section from another element, component or section. Therefore, the first device, the first component, or the first section mentioned below may be a second device, a second component, or a second section within the technical spirit of the present invention.
  • FIG. 1 is an overall block diagram illustrating a user security authentication system in an Internet environment according to an embodiment of the present invention.
  • a user security authentication system in an internet environment includes at least one user terminal 100-1 to 100 -N, a web server 200, and a member authentication information DB. 300, and a member authentication server 400.
  • the user terminals 100-1 to 100 -N are connected to the web server 200 through the Internet 10, and web such as various Hyper Text Markup Language (HTML) documents provided by the web server 200.
  • web such as various Hyper Text Markup Language (HTML) documents provided by the web server 200.
  • HTML Hyper Text Markup Language
  • a conventional web browser is provided to take a page and display it on a screen.
  • the user terminals 100-1 to 100 -N are connected to the Internet 10 to access a plurality of websites, for example, the web server 200, search for web pages transmitted therefrom, or view the corresponding web pages. It includes a web browser that can process the information provided by the web page or send the document.
  • the Internet 10 is a TCP / IP protocol and a number of services existing in the upper layer, that is, Hyper Text Transfer Protocol (HTTP), Telnet, File Transfer Protocol (FTP), Domain Name System (DNS), Simple Mail (SMTP). It refers to a global open computer network structure that provides a transfer protocol (SNMP), a simple network management protocol (SNMP), a network file service (NFS), a network information service (NIS), and the like, and user terminals 100-1 to 100-N. It provides an environment that allows any user of to be connected to the web server 200 to be described later. Meanwhile, the Internet 10 may be a wired or wireless internet, or may be a core network integrated with a wired public network, a wireless mobile communication network, or a portable internet.
  • HTTP Hyper Text Transfer Protocol
  • Telnet Telnet
  • FTP File Transfer Protocol
  • DNS Domain Name System
  • SMTP Simple Mail
  • SNMP simple network management protocol
  • NFS network file service
  • NIS network information service
  • the Internet 10 may be a wire
  • the user terminals 100-1 to 100 -N are, for example, a computer such as a desktop PC (Personal Computer, PC), a notebook PC, but are not limited thereto.
  • the web server 200 may be connected through the Internet 10. It may be any kind of wired / wireless communication device capable of accessing various web services by accessing the service.
  • the user terminals 100-1 to 100 -N may be a cellular phone, a PCS phone (PCS phone), or a synchronous / asynchronous IMT- that communicates through a wireless Internet or a portable Internet.
  • a mobile terminal such as 2000 (International Mobile Telecommunication-2000), in addition to a Palm Personal Computer (PDA), a Personal Digital Assistant (PDA), a Smart Phone, a WAP phone (WAP phone) phone, mobile play-station, PDA phone or any DMB (Digital Multimedia Broadcasting) phone with a communication function, such as a tablet PC, iPad (iPad), etc. All have a user interface for connecting to the web server 200 Wired and wireless home appliances / communication devices may mean comprehensively.
  • the smart phones are various applications desired by the user, unlike ordinary mobile phones (also known as feature phones).
  • Such a smart phone may be implemented as a smart phone equipped with various open operating systems, and the open operating systems may include, for example, Nokia, Symbian, Nokia, RIM, Blackberry, Apple, iPhone, Microsoft's Windows Mobile, Google's Android, and Samsung's Sea.
  • the open operating systems may include, for example, Nokia, Symbian, Nokia, RIM, Blackberry, Apple, iPhone, Microsoft's Windows Mobile, Google's Android, and Samsung's Sea.
  • the smartphone uses an open operating system, a user may arbitrarily install and manage various application programs, unlike a mobile phone having a closed operating system.
  • the smart phone basically includes a controller, a memory unit, a screen output unit, a key input unit, a sound output unit, a sound input unit, a camera unit, a wireless network communication module, a short range wireless communication module, and a battery for power supply.
  • the controller is a generic term for a functional configuration that controls the operation of the smartphone, and includes at least one processor and an execution memory, and is connected to each functional component provided in the smartphone through a bus.
  • the controller controls the operation of the smartphone by loading at least one program code included in the smartphone through the processor into the execution memory and transferring the result to the at least one function component through the bus. .
  • the memory unit is a generic term for a nonvolatile memory included in a smartphone, and stores and maintains at least one program code executed through the controller and at least one data set used by the program code.
  • the memory unit basically stores a system program code and a system data set corresponding to an operating system of a smartphone, a communication program code and a communication data set for processing a wireless communication connection of the smartphone, and at least one application program code and an application data set.
  • Program code and data sets for implementing the present invention are also stored in the memory unit.
  • the screen output unit includes a screen output device (for example, a liquid crystal display (LCD) device) and an output module for driving the screen output unit.
  • the screen output unit is connected to the control unit by a bus to output a calculation result corresponding to a screen output among various calculation results of the control unit. Output to the screen output device.
  • the key input unit includes a key input device (or a touch screen device interlocking with the screen output unit) having at least one key button and an input module for driving the key input device, and is connected to the control unit by a bus to perform various operations of the control unit.
  • Input a command to command or input data required for the operation of the controller.
  • the sound output unit includes a speaker for outputting a sound signal and a sound module for driving the speaker, and is connected to the control unit by a bus to output a calculation result corresponding to a sound output among various calculation results of the control unit through the speaker. .
  • the sound module decodes sound data to be output through the speaker and converts the sound data into a sound signal.
  • the sound input unit includes a microphone for receiving a sound signal and a sound module for driving the microphone, and transmits sound data input through the microphone to the controller.
  • the sound module encodes and encodes a sound signal input through the microphone.
  • the camera unit includes an optical unit, a charge coupled device (CCD), and a camera module for driving the same, and acquires bitmap data input to the CCD through the optical unit.
  • the bitmap data may include both image data and video data of a still image.
  • the wireless network communication module is a general term for a communication configuration for connecting wireless communication, and includes at least one antenna, an RF module, a baseband module, and a signal processing module for transmitting and receiving radio frequency signals of a specific frequency band. Connected to a bus and transmits a calculation result corresponding to wireless communication among various calculation results of the controller through wireless communication, or receives and transmits data to the controller through wireless communication, and connects and registers the wireless communication. Maintain procedures of communication, handoff.
  • the wireless network communication module includes a mobile communication configuration for performing at least one connection, location registration, call processing, call connection, data communication, and handoff to a mobile communication network according to the CDMA / WCDMA standard.
  • the wireless network communication module may further include a portable Internet communication configuration for performing at least one connection, location registration, data communication, and handoff to the portable Internet according to the IEEE 802.16 standard. It is apparent that the present invention is not limited by the wireless communication configuration provided by the communication module.
  • the short range wireless communication module is configured as a short range wireless communication module for connecting a communication session using a radio frequency signal as a communication medium within a predetermined distance, preferably, ISO 180000 series RFID communication, Bluetooth communication, Wi-Fi communication, public It may include at least one of wireless communication.
  • the short range wireless communication module may be integrated with the wireless network communication module.
  • the body information recognition means for example, made of hardware or software, etc.
  • specific body information eg, fingerprint or iris
  • the camera unit eg , Apps, ActiveX programs, internal / external frameworks, etc.
  • the smartphone configured as described above refers to a terminal capable of wireless communication, and any device may be applied as long as the terminal is capable of transmitting and receiving data through a network including the Internet. That is, the smartphone may include at least one notebook PC, a tablet PC, and other portable and portable terminals having a short message transmission function and a network connection function.
  • the shopping mall-related applications eg, auction app
  • App Store App Store
  • the program can be downloaded to perform a shopping mall related application service.
  • a shopping relay service such as a product or various services may be used by accessing a web server 200 of an online shopping mall system through a shopping mall related application service installed in the smart phone. That is, the seller may register various sales products or services that he or she wishes to sell through the web server 200, and the buyer may easily purchase various sales products or services registered through the web server 200 online. .
  • user terminals 100-1 to 100 -N are pre-installed through, for example, a shopping mall-related application service as shown in FIG.
  • User security authentication may be configured by a web method of calling body information recognition means (eg, an app, an ActiveX program, an internal / external framework, etc.).
  • the user terminal (100-1 to 100-N) is connected to the web server 200 when the member (Log-in) as shown in Figure 4 to be described later, plug-in (plug in) built in the web browser Calls a dedicated app (App) for recognizing the user's body information and receives the user's specific body information (eg, fingerprint or iris, etc.) and transmits it to the web browser, and the user's specific information is transmitted through the web browser. It is preferable to transmit the encrypted unique member authentication data to the web server 200 by combining the validity key corresponding to the current time information at the time of member login with the body information.
  • a dedicated app App for recognizing the user's body information and receives the user's specific body information (eg, fingerprint or iris, etc.) and transmits it to the web browser, and the user's specific information is transmitted through the web browser.
  • the web server 200 connects the user terminals 100-1 to 100 -N with an operation server (not shown) provided in an arbitrary web service provider system through the Internet 10, and provides a predetermined web. It performs a function of providing various web services of an operation server provided in an arbitrary web service provider system through a page. On the other hand, the web server 200 may perform the same function of the operation server provided in any web service provider system.
  • the web server 200 is connected to the user terminal (100-1 to 100-N) and the Internet 10 to transmit a web page in response to the access of the user terminal (100-1 to 100-N), Sending the member authentication means to the web page of the user terminal (100-1 to 100-N) in response to the web service request, in response to receiving encrypted member authentication data from the user terminal (100-1 to 100-N) Performs a function of providing a web service to the user terminals (100-1 to 100-N).
  • the member authentication means is composed of a body information recognition module for receiving the user's specific body information, as shown in Figures 3 and 4 to be described later, the body information recognition module recognizes the user's fingerprint or iris It is made by calling the body information recognition means (e.g., app, active X program, internal / external framework, etc.) pre-installed in the user terminal (100-1 to 100-N) to receive the user's body information through desirable.
  • the body information recognition means e.g., app, active X program, internal / external framework, etc.
  • the member authentication means may be further provided with a password input module (not shown) to receive a predetermined password registered during the initial membership registration with the body information recognition module.
  • Member authentication information DB (300) stores the member information of the users registered as members in order to receive the web service provided by the web server 200 and the member authentication data for authenticating the membership into a database (DB) for each member and Perform management functions.
  • the member authentication information DB 300 preferably stores a validity key corresponding to time information including a date (year / month / day) and a time (hour / minute / second) as a database (DB). .
  • the member authentication information DB 300 is, for example, a relational database management system (RDBMS) such as Oracle, Infomix, Sybase, DB2, Gemston, Orion,
  • RDBMS relational database management system
  • ODDBMS object oriented database management system
  • O2 can be implemented for the purposes of the present invention, and has suitable fields to achieve its function.
  • the member authentication server 400 is connected to each other through the web server 200 and the wired / wireless communication means, and is encrypted and transmitted from the user terminal (100-1 to 100-N) through the web server 200 It receives the member authentication data, decrypts it, and compares and decrypts the decrypted member authentication data with member authentication data stored in the member authentication information DB 300 to determine whether the user is authenticated.
  • the unique member authentication data transmitted from the user terminals (100-1 to 100-N) is composed of newly encrypted data each time by combining the specific key information of the user and the validity key corresponding to the current time information at the time of member login. .
  • the unique member authentication data transmitted from the user terminals (100-1 to 100-N) is the non-toxic user's specific body information data converted into a specific character string as shown in FIG. It is preferably made of non-toxic encrypted digital code data arranged by randomly combining the order of validity keys corresponding to the visual information.
  • the validity key is preferably made of digital code data that encrypts time information including a current date (year / month / day) and a time (hour / minute / second) when a user logs in.
  • the member authentication server 400 receives encrypted member authentication data from the user terminals 100-1 to 100 -N, decrypts it, separates the user's specific body information data and the validity key, and then separates the user.
  • the specific body information data of the member authentication data stored in the member authentication information DB (300) is the same by comparing the specific body information data of the user registered during the initial membership registration, the separated validity key is a predetermined time (recent 5) Minutes) to determine whether the user is authenticated.
  • the separated validity key is included within the predetermined time range, the user authentication of the corresponding user is accepted. If the separated validity key is not included within the preset time period, the user authentication of the corresponding user is rejected. . As a result, specific body information data of a user who may be previously generated, stored, and stolen out of the predetermined predetermined time range may be rejected.
  • the member authentication server 400 receives encrypted member authentication data from the user terminals 100-1 to 100 -N, decrypts the user's specific body information data, validity key, and password, and then separates the user.
  • the specific body information data and password of the user and the authentication information stored in the member authentication information DB (300) is the same by comparing the specific body information data and password of the user registered during the initial membership, the separated validity key is a predetermined schedule It may be determined whether the user is authenticated by checking whether it is included in the time range.
  • the separated validity key is included within the predetermined time range, the user authentication of the corresponding user is accepted. If the separated validity key is not included within the preset time period, the user authentication of the corresponding user is rejected. .
  • FIG. 2 is a flowchart illustrating a user security authentication method in an Internet environment according to an embodiment of the present invention
  • FIGS. 3 and 4 are members for accessing a web service provider system applied to an embodiment of the present invention
  • 5 is a diagram illustrating various methods of login
  • FIG. 5 is a diagram conceptually illustrating a process of encrypting member authentication data transmitted from a user terminal applied to an embodiment of the present invention.
  • the user is any web service provider system through the user terminal (100-1 to 100-N)
  • the user accesses a predetermined web page provided by the web server 200 and registers as a member.
  • the user's specific body information for example, fingerprint or iris
  • the body information recognition module of the member authentication means provided by the web server 200 To be stored in the member authentication information DB (300).
  • the body information recognition module is a body information recognition means (for example, app, active pre-installed in the user terminal (100-1 to 100-N) to receive the user's body information through the user's fingerprint or iris recognition) X program, internal / external framework, etc.) is preferable.
  • a body information recognition means for example, app, active pre-installed in the user terminal (100-1 to 100-N) to receive the user's body information through the user's fingerprint or iris recognition) X program, internal / external framework, etc.
  • the registered password can be stored in the member authentication information DB (300), the date (year / month / day) and time in the member authentication information DB (300)
  • the validity key corresponding to the time information including (hour / minute / second) is stored in advance in a database.
  • the member authentication means is transmitted to the web pages of the corresponding user terminals 100-1 to 100 -N (S200).
  • the member authentication means is preferably made of a body information recognition module for receiving the user's specific body information, as shown in FIG.
  • the encrypted member authentication data is transmitted to the web server 200 by using the member authentication means transmitted in step S200 through the user terminals 100-1 to 100 -N (S300).
  • the member authentication data transmitted from the user terminals (100-1 to 100-N) is preferably composed of newly encrypted data each time by combining the specific key information of the user and the validity key corresponding to the current time information at the time of member login. Do.
  • the validity key is preferably made of digital code data obtained by encrypting time information including a current date (year / month / day) and a time (hour / minute / second) when a user logs in.
  • the member authentication server 400 receives the encrypted member authentication data transmitted in step S300 and decrypts it, and the member authentication data previously stored in the member authentication information DB 300 separate from the decrypted member authentication data. Comparative analysis is performed to determine whether the user is authenticated (S400).
  • the member authentication server 400 receives encrypted member authentication data from the user terminals 100-1 to 100 -N, decrypts it, separates the user's specific body information data and the validity key, and then separates the user.
  • the specific body information data of the member authentication data stored in the member authentication information DB (300) is the same by comparing the specific body information data of the user registered during the initial membership registration, the separated validity key is a predetermined time (recent 5) Minutes) to determine whether the user is authenticated.
  • the separated validity key is included within the predetermined time range, the user authentication of the corresponding user is accepted. If the separated validity key is not included within the preset time period, the user authentication of the corresponding user is rejected. .
  • the member authentication server 400 is the user terminal 100-1.
  • 100-N receives encrypted member authentication data and decrypts it to separate the user's specific body information data, validity key and password, and then separates the user's specific body information data and password and member authentication information DB (In the member authentication data stored in 300), if the same physical information data and password of the registered user are compared in the initial membership registration, the user is authenticated by checking whether the separated validity key is included within a predetermined time range. Can be determined.
  • the separated validity key is included within the predetermined time range, the user authentication of the corresponding user is accepted. If the separated validity key is not included within the preset time period, the user authentication of the corresponding user is rejected. .
  • the web server 200 corresponds to the corresponding member authentication data. It provides a web service to the user terminal (100-1 to 100-N) (S500).
  • the user security authentication method in the Internet environment can also be implemented as computer-readable code on a computer-readable recording medium.
  • the computer-readable recording medium includes all kinds of recording devices in which data that can be read by a computer system is stored.
  • the computer-readable recording medium may be a ROM, a RAM, a CD-ROM, a magnetic tape, a hard disk, a floppy disk, a removable storage device, a nonvolatile memory (Flash memory).
  • Flash memory nonvolatile memory
  • the computer readable recording medium can also be distributed over computer systems connected over a computer network so that the computer readable code is stored and executed in a distributed fashion.

Landscapes

  • Engineering & Computer Science (AREA)
  • Textile Engineering (AREA)
  • Computer Security & Cryptography (AREA)
  • General Health & Medical Sciences (AREA)
  • Physical Education & Sports Medicine (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Oceanography (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

La présente invention concerne un système d'authentification de sécurité d'utilisateur et un procédé associé dans un environnement Internet. Le système génère de nouveau des données chiffrées d'authentification de membre unique à chaque fois par combinaison d'une clé de validation correspondant à des informations de temps courantes conjointement avec des informations biométriques (par exemple, des empreintes digitales, un iris, etc.) d'un utilisateur lorsque l'utilisateur se connecte, en tant que membre, à un système de fournisseur de services Internet quelconque, de telle sorte que la présente invention a un effet d'amélioration simple de la sécurité ainsi que d'augmentation de la complexité d'un mot de passe dans une étape d'accès aléatoire à un système de fournisseur de services Internet quelconque.
PCT/KR2014/012664 2014-01-09 2014-12-22 Système d'authentification de sécurité d'utilisateur et procédé associé dans un environnement internet Ceased WO2015105289A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020140002960A KR101633965B1 (ko) 2014-01-09 2014-01-09 인터넷 환경에서의 사용자 보안 인증 시스템 및 그 방법
KR10-2014-0002960 2014-01-09

Publications (1)

Publication Number Publication Date
WO2015105289A1 true WO2015105289A1 (fr) 2015-07-16

Family

ID=53524085

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2014/012664 Ceased WO2015105289A1 (fr) 2014-01-09 2014-12-22 Système d'authentification de sécurité d'utilisateur et procédé associé dans un environnement internet

Country Status (2)

Country Link
KR (1) KR101633965B1 (fr)
WO (1) WO2015105289A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107341387A (zh) * 2016-04-28 2017-11-10 Sk 普兰尼特有限公司 用于安全增强的电子图章系统及其控制方法

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101792862B1 (ko) 2015-12-23 2017-11-20 주식회사 케이티 생체 정보 기반 인증 장치, 이와 연동하는 제어 서버, 그리고 이들의 생체 정보 기반 로그인 방법
CN107168960B (zh) 2016-03-07 2021-06-25 创新先进技术有限公司 一种业务执行方法及装置
KR101664407B1 (ko) * 2016-05-03 2016-10-10 송혜선 네트워크를 통한 개인별 온라인 기록 관리 시스템 및 이를 이용한 개인별 온라인 기록 관리 방법
CN110062929A (zh) * 2016-12-14 2019-07-26 华为技术有限公司 一种显示数据的方法、装置和终端
KR101906484B1 (ko) * 2017-03-07 2018-10-10 주식회사 케이비금융지주 어플리케이션 보안 방법 및 이를 수행하기 위한 시스템
KR102751020B1 (ko) * 2024-07-16 2025-01-06 페이프로토콜 주식회사 오프라인 가맹점에 구비된 포스 단말기와 연동하여 가상자산을 이용한 상품 구매를 지원하는 결제 서비스 서버 및 그 동작 방법

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09313464A (ja) * 1996-05-28 1997-12-09 Nec Shizuoka Ltd 指紋認証システム
KR20020084329A (ko) * 2001-04-27 2002-11-07 주식회사 카오즈모스 사이버 대학의 출결관리 시스템 및 방법
KR100420557B1 (ko) * 2001-04-30 2004-03-02 주식회사 디젠트 지문정보를 이용한 전자상거래 사용자 인증방법
KR20120043320A (ko) * 2010-10-26 2012-05-04 이승진 지문인식 저장매체를 이용한 웹사이트 로그인 방법

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070107395A (ko) 2006-05-03 2007-11-07 주식회사컬처앤파트너스 회원 인증을 통한 서비스 제공 시스템 및 서비스 제공 방법

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09313464A (ja) * 1996-05-28 1997-12-09 Nec Shizuoka Ltd 指紋認証システム
KR20020084329A (ko) * 2001-04-27 2002-11-07 주식회사 카오즈모스 사이버 대학의 출결관리 시스템 및 방법
KR100420557B1 (ko) * 2001-04-30 2004-03-02 주식회사 디젠트 지문정보를 이용한 전자상거래 사용자 인증방법
KR20120043320A (ko) * 2010-10-26 2012-05-04 이승진 지문인식 저장매체를 이용한 웹사이트 로그인 방법

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107341387A (zh) * 2016-04-28 2017-11-10 Sk 普兰尼特有限公司 用于安全增强的电子图章系统及其控制方法
CN107341387B (zh) * 2016-04-28 2022-11-18 Sk 普兰尼特有限公司 用于安全增强的电子图章系统及其控制方法

Also Published As

Publication number Publication date
KR101633965B1 (ko) 2016-06-27
KR20150083334A (ko) 2015-07-17

Similar Documents

Publication Publication Date Title
WO2016129929A1 (fr) Système d'authentification de sécurité pour la connexion d'un membre d'un site web en ligne, et procédé associé
WO2015105289A1 (fr) Système d'authentification de sécurité d'utilisateur et procédé associé dans un environnement internet
US10412061B2 (en) Method and system for encrypted communications
WO2014104777A2 (fr) Système et procédé d'ouverture de session sécurisée, et appareil correspondant
CN110611905A (zh) 信息共享方法、终端设备、存储介质及计算机程序产品
WO2016200107A1 (fr) Système de paiement sans rejet d'utilisateur et procédé utilisant un terminal d'utilisateur
WO2015147547A1 (fr) Procédé et appareil permettant la prise en charge de l'ouverture de session au moyen d'un terminal d'utilisateur
WO2019164339A1 (fr) Dispositif électronique et procédé de partage de données d'écran
WO2014040439A1 (fr) Système de réseau sans fil et dispositif électronique portable
WO2013141632A1 (fr) Procédé d'authentification et système correspondant
WO2013055113A1 (fr) Dispositif, système et procédé de paiement mobile utilisant les achats à domicile
WO2016013767A1 (fr) Procédé pour assurer un service de communications entre terminaux mobiles en utilisant un dispositif sans fil en champ proche
WO2016064041A1 (fr) Terminal d'utilisateur utilisant une valeur de hachage pour détecter si un programme d'application a été altéré et procédé de détection d'altération utilisant le terminal d'utilisateur
WO2016085062A1 (fr) Procédé d'authentification par carte d'authentification nfc
CN109472903A (zh) 一种蓝牙门禁控制方法及其装置
WO2016021823A1 (fr) Procédé d'authentification d'utilisateur à l'aide d'un numéro de téléphone et d'un appareil nfc ou d'une balise
WO2023116545A1 (fr) Procédé d'interconnexion de dispositif, et appareils, dispositifs terminaux et support de stockage lisible par ordinateur
WO2012053875A2 (fr) Appareil et système pour transmettre et recevoir des données via des informations d'empreinte digitale
CN107317680B (zh) 安全账号的标记方法、系统及计算机可读存储介质
WO2018169150A1 (fr) Système et procédé d'authentification d'utilisateur à base d'écran verrouillé
WO2016085079A1 (fr) Appareil et procédé d'assistance au paiement facile pour terminal mobile
WO2018151392A1 (fr) Procédé intelligent d'ouverture de session faisant appel à un service de messagerie et appareil associé
WO2018117660A1 (fr) Procédé de reconnaissance de parole à sécurité améliorée et dispositif associé
WO2016064040A1 (fr) Terminal utilisateur utilisant des informations de signature pour détecter si programme d'application a été altéré et procédé de détection de fraude à l'aide du terminal utilisateur
WO2015102279A1 (fr) Système d'authentification de sécurité pour utilisateurs dans un environnement internet et procédé associé

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14878130

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14878130

Country of ref document: EP

Kind code of ref document: A1