WO2014104507A1 - 안전 로그인 시스템과 방법 및 이를 위한 장치 - Google Patents
안전 로그인 시스템과 방법 및 이를 위한 장치 Download PDFInfo
- Publication number
- WO2014104507A1 WO2014104507A1 PCT/KR2013/005764 KR2013005764W WO2014104507A1 WO 2014104507 A1 WO2014104507 A1 WO 2014104507A1 KR 2013005764 W KR2013005764 W KR 2013005764W WO 2014104507 A1 WO2014104507 A1 WO 2014104507A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- communication device
- authentication
- authentication information
- login
- data
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Definitions
- the present invention relates to a login processing technology, and more particularly, to a safe login system and method for logging in a user in conjunction with a plurality of devices and a device therefor.
- a password authentication method is used as a general method for user authentication.
- a user accesses a web server, sets his or her ID and password, and then logs in by inputting an ID and password set in the terminal.
- a technology for authenticating a user by using a touch pattern set by the user has been disclosed.
- Korean Laid-Open Patent Publication No. 10-2009-0013432 discloses a portable terminal for authenticating a user using a pattern and a method of locking and releasing the same.
- this method has a problem in that the user's authentication information, that is, a password and an ID, can be hijacked by another person by shoulder surfing.
- the user's authentication information that is, a password and an ID
- the user's authentication information can be hijacked by another person by shoulder surfing.
- another user takes over an ID and password of a specific user personal data of the user may be continuously exposed to the other person unless the specific user changes the ID and password or performs membership withdrawal.
- the present invention has been proposed to solve the above problems, and provides a safe login system and method for protecting user authentication information from external hacking such as peeping attack and strengthening security of authentication information, and an apparatus therefor. There is this.
- a method for safe login of a communication device accessing a web site comprising: determining whether an authentication data providing device is located at the same place as the communication device; Acquiring authentication related data of the communication device when the authentication data providing device is located in the same place as the communication device as a result of the determination; And providing, by the authentication data providing device, the obtained authentication related data to the communication device or the web site.
- the acquiring of the authentication related data may include: requesting and receiving a decryption key from the communication device; And extracting encrypted login authentication information and decrypting the extracted login authentication information by using the decryption key.
- the providing of the authentication-related data may include: decrypting the decrypted login authentication information on the web site or; It can be provided to the communication device.
- the method further includes the authentication data providing device verifying an access token of the communication device, and wherein providing the authentication related data includes the access token along with the login authentication information on the website.
- providing the authentication related data includes the access token along with the login authentication information on the website.
- the acquiring of the authentication related data may include extracting encrypted login authentication information, and providing the authentication related data may provide the extracted encrypted login authentication information to the communication device. Decrypting, by the device, the encrypted login authentication information received from the authentication data providing device by using a decryption key in storage; And authenticating, by the communication device, the web site using the decrypted login authentication information.
- the acquiring of the authentication related data may include extracting a decryption key, and providing the authentication related data may provide the extracted decryption key to the communication device.
- the method may further include decrypting the encrypted login authentication information that is being stored and using the decrypted login authentication information to authenticate the web site.
- the obtaining of the authentication related data may include extracting an authentication information storage address, and providing the authentication related data may provide the extracted authentication information storage address to the communication device.
- Receiving the authentication information stored in the authentication information storage address from the authentication information storage server, and using the received authentication information may further comprise the step of performing authentication for the web site.
- the method may further include decrypting, by the communication device, the authentication information storage address received from the authentication data providing device.
- the method further comprises the step of verifying the security level of the web site by the authentication data providing apparatus; and obtaining the authentication related data is located at the same place as the communication device as a result of the determination, Applying the checked security level; And acquiring the authentication related data based on the applied security level.
- the step of obtaining the authentication-related data if the determination result, not located in the same place as the communication device, applying a security level that is stronger than the confirmed security level; And acquiring the authentication related data based on the applied enhanced security level.
- the acquiring the authentication-related data may include obtaining enhanced authentication information if the applied security level exceeds a threshold level, and providing the authentication-related data may include the enhanced authentication information on the web site or the The communication device can be provided.
- the acquiring of the authentication-related data may include acquiring the authentication-related data when the user's personal authentication is performed and authentication is successful when the applied security level exceeds a threshold level.
- the acquiring of the authentication-related data may include outputting a notification window for inquiring to log in to the communication device when the applied security level is a predetermined security level, and inputting an approval signal through the notification window.
- the authentication related data can be obtained.
- the method further comprises: monitoring whether said authentication data providing device is continuously located in the same place as said communication device after providing said authentication related data; And if the authentication data providing device is not located at the same place as the communication device as a result of the monitoring, logging out of the communication device.
- the method may further include transmitting a safety login activation message to the communication device when it is determined that the authentication data providing device is located in the same place as the communication device.
- At least one processor for achieving the above object; Memory; And at least one program stored in the memory and configured to be executed by the at least one processor, wherein the program is a place where a communication device registered with a safety login service and the authentication data providing device are identical to each other.
- a positioning module for determining whether it is located in the;
- An authentication data acquiring module for acquiring authentication related data of a web site to which the communication device is connected, if it is determined in the location module that the communication device and the authentication data providing device are located at the same place;
- an authentication data providing module for providing the obtained authentication related data to the web site or the communication device.
- the second communication device Determining whether the terminal is located at the same place as the second communication device, and if the location is located at the same place, obtaining authentication-related data of a web site to which the second communication device is connected and providing the data to the second communication device or the web server; 1 communication device; And a web server receiving authentication related data from the first communication device or the second communication device and performing login authentication of the second communication device.
- the present invention has an advantage in that the first communication device and the second communication device interoperate to provide login authentication information to the web server, thereby protecting the user's ID and password from peeping attacks and enhancing the security of the user's authentication information. .
- the present invention further enhances the security of the user's authentication information by reinforcing the security level of the login authentication information or selectively providing the login authentication information to the web server based on the location information of the plurality of communication devices. There is this.
- the present invention obtains a decryption key from a specific device and decrypts the encrypted login authentication information, even if the encrypted login authentication information is stolen by another person, the other person cannot decrypt the login authentication information, thereby preventing the user from external hacking. There is an advantage of protecting the authentication information.
- the present invention has an advantage of preventing an illegal user from using a web service by forcibly logging out a successful communication device when a plurality of designated communication devices leave the same place after successful login.
- FIG. 1 is a view showing the configuration of a safety login system according to a first embodiment of the present invention.
- FIG. 2 is a flowchart illustrating a method of performing login authentication in a safe login system according to an embodiment of the present invention.
- FIG. 3 is a diagram illustrating a web page displaying a safety login menu according to an embodiment of the present invention.
- FIG. 4 is a flowchart illustrating a method of performing login authentication in a safe login system according to another embodiment of the present invention.
- FIG. 5 is a flowchart illustrating a method of performing login authentication in a safe login system according to another embodiment of the present invention.
- FIG. 6 is a flowchart illustrating a method of performing login authentication in a safe login system according to another embodiment of the present invention.
- FIG. 7 is a flowchart illustrating a method of forcibly logging out a communication device logged in in a safe login system according to an embodiment of the present invention.
- FIG. 8 is a diagram illustrating a configuration of an authentication data providing apparatus according to an embodiment of the present invention.
- FIG. 9 is a diagram showing the configuration of a safety login program according to an embodiment of the present invention.
- FIG. 10 is a flowchart illustrating a method of providing authentication related data in an authentication data providing apparatus according to an embodiment of the present invention.
- FIG. 11 is a flowchart illustrating a method of forcibly logging out a communication device in an authentication data providing device according to an embodiment of the present invention.
- FIG. 1 is a view showing the configuration of a safety login system according to an embodiment of the present invention.
- the safety login system includes a first communication device 10, a second communication device 20, a security relay server 30, a web server 40, and a location check.
- Server 50 and authentication information storage server 60 is included.
- Each of the first communication device 10, the second communication device 20, the security relay server 30, the web server 40, the positioning server 50, and the authentication information storage server 60 is connected to the network 70.
- the network 70 includes a mobile communication network, a wired Internet network, a short range wireless communication network, and the like. Since the network 70 corresponds to well-known conventional techniques, detailed description thereof will be omitted.
- the web server 40 is a server that provides users with online services such as portal services, financial services, online shopping services, and e-commerce services, and stores user IDs and passwords.
- the web server 40 may store enhanced authentication information such as one time password (OTP) and biometric information for each user.
- OTP one time password
- the web server 40 may send login authentication information (ie, an ID and a password) of the second communication device 20 to the first communication device 10 or the first communication device. 2.
- the login authentication of the second communication device 20 is performed based on the login authentication information received from the communication device 20.
- the web server 40 may receive enhanced authentication information from the first communication device 10 or the second communication device 20 and perform user authentication based on the enhanced authentication information.
- the security relay server 30 stores a table in which one or more user identification information and identification information of the first communication device 10 are mapped. At this time, the security relay server 30 is the identification information of the first communication device 10, the telephone number, IP address, MAC address of the first communication device 10, identification of the safety login application installed in the first communication device 10 Any one of the information may be stored, and as the user identification information, a security login service ID, a user's social security number, an Internet Personal Identification Number (I-PIN), a mobile telephone number, and the like may be stored.
- I-PIN Internet Personal Identification Number
- the security relay server 30 receives a service notification message including user identification information from the second communication device 20, and the user identification information. After confirming the identification information of the first communication device 10 mapped with, the service notification message is transmitted to the first communication device 10 having the identification information.
- the security relay server 30 may identify identification information of the first communication device 10 mapped with user identification information of the second communication device 20. And the login notification message is transmitted to the first communication device 10 having the identification information.
- the security relay server 30 may transmit the service notification message or the login notification message in the form of a push message.
- the location server 50 performs a function of identifying a location where the second communication device 20 or the first communication device 10 is located.
- the positioning server 50 stores the location information mapped with the identification information of the wireless base station, and when receiving the identification information of the wireless base station from the second communication device 20 or the first communication device 10, The location information mapped with the identification information of the base station is identified and transmitted to the second communication device 20 or the first communication device 10.
- the authentication information storage server 60 stores the encrypted login authentication information for each site for each user. At this time, the authentication information storage server 60 specifies the storage address of the login authentication information, and stores the encrypted login authentication information in the specified storage address, respectively. In addition, the authentication information storage server 60 may store enhanced authentication information of each user.
- the second communication device 20 is a device that attempts to log in to the web server 40 and includes an agent 21 for a secure login service.
- the agent 21 transmits a service notification message including the user identification information to the security relay server 30.
- the agent 21 may check the location information of the second communication device 20 and include the location information in the service notification message.
- the agent 21 monitors whether the second communication device 20 proceeds to log in to a specific site, the agent 21 identifies identification information of a web site that attempts to log in, identification information of a login user, and second communication.
- a login notification message including the identification information of the device 20 is generated and transmitted to the security relay server 30.
- the agent 21 outputs a safety login menu displaying a nickname or ID of a safety login service on a web page (see FIG. 3), and generates a login notification message when the safety login menu is input to generate a security relay server ( 30).
- the agent 21 immediately generates a login notification message and transmits it to the secure relay server 30.
- the agent 21 receives the safety log-in menu activation message from the first communication device 10
- the agent 21 activates the deactivated safety log-in menu to allow the user to communicate with the first communication device 10 and the second communication device 20.
- the agent 21 performs a graphic process such as changing the safety login menu processed in a dark color to a bright color, flickering the safety login menu, or outputting an activation graphic symbol on the safety login menu, You can activate the login menu.
- the agent 21 may store the decryption key and provide the decryption key to the designated first communication device 10. Preferably, the agent 21 automatically generates and stores a unique decryption key for the user.
- the decryption key stored in the second communication device 20 is used to decrypt login authentication information classified into security policies of one level and two levels described later.
- the agent 21 receives encrypted authentication information from the first communication device 10, decrypts the authentication information using a decryption key stored in itself, and then uses the decrypted authentication information. Login authentication to the web server 40 can be performed.
- the agent 21 stores encrypted authentication information for each web site, receives a decryption key from the first communication device 10 capable of decrypting the authentication information, and uses the decryption key.
- the authentication information may be decrypted and provided to the web server 40.
- the agent 21 receives the authentication information storage address from the first communication device 10, and receives the authentication information stored in the authentication information storage address from the authentication information storage server 60. Can be.
- the second communication device 20 is a desktop computer, a tablet computer, a notebook computer, a mobile communication terminal, and the like, and any communication device that can be connected to the web server 40 via the network 70 can be adopted without limitation.
- the agent 21 may be mounted on the second communication device 20 when the safety login application or the plug-in is installed, and the second communication device 20 when the safety login script included in the web page is executed. It may be mounted in the).
- the agent 21 may be implemented through another program or command such as another script, web storage, cookie, or the like.
- the first communication device 10 performs a function of providing authentication related data to the second communication device 20 or the web server 40.
- the authentication related data includes at least one of a decryption key, login authentication information (ie, ID and password), enhanced authentication information, and authentication information storage address.
- the first communication device 10 performs a function of applying a security level based on the location information of the second communication device 20. To this end, the first communication device 10 may store a security policy table in which web site identification information and a security level are mapped, and store location information of the second communication device 20.
- the first communication device 10 receives a service notification message notifying the start of the safety login service of the second communication device 20 from the security relay server 30, the first communication device 10 and the location information of the second communication device 20 are stored. It compares its own location information and determines whether it is located in the same place as the second communication device 20. If it is determined that the first communication device 10 is located in the same place as the second communication device 20, the first communication device 10 transmits a safety login activation message to the second communication device 20.
- the first communication device 10 when the first communication device 10 receives the login notification message from the security relay server 30, the first communication device 10 extracts the website identification information from the login notification message and sets a security level corresponding to the website identification information. Check in the table. Also, based on the determination result, the first communication device 10 applies the checked security level as it is or applies the enhanced security level as the login security level of the user. On the other hand, when it is determined that the first communication device 10 is not located in the same place as the second communication device 20 as a result of the determination, the authentication-related data is sent to the web server 40 or the second communication device 20. Without providing the message, a message indicating that login is impossible to the second communication device 20 may be transmitted.
- the first communication device 10 stores and stores security data recorded with login authentication information of each web site for each communication device identification information, and obtains a decryption key from the second communication device 20.
- the decryption key can be used to decrypt the login authentication information of the web site to which the second communication device 20 is connected and transmit it to the web server 40 or the second communication device 20.
- the first communication device 10 stores and stores the security data in which login authentication information of each web site is recorded for each communication device identification, and encrypts the web to which the second communication device 20 attempts to access.
- the authentication information of the site may be transmitted to the second communication device 20.
- the first communication device 10 may store a decryption key for each communication device and transmit a decryption key used to decrypt the encrypted authentication information to the second communication device 20.
- the first communication device 10 stores the authentication information storage address for each web site by the communication device identification information and checks the web site that the user of the second communication device 20 attempts to access.
- the second communication device 20 can provide the authentication information storage address where the authentication information of this web site is stored.
- the first communication device 10 may transmit the enhanced authentication information to the web server 40 or the second communication device 10.
- the first communication device 10 is a tablet computer, a notebook computer, a mobile communication terminal, a server, or the like, and is preferably a smartphone.
- FIG. 2 is a flowchart illustrating a method of performing login authentication in a safe login system according to an embodiment of the present invention.
- the second communication device 20 connects to a web server 40 that has received a web site address input by a user, and the web server 40 has a login menu for inputting an ID and a password.
- the included web page is transmitted to the second communication device 20 (S201).
- the web server 40 generates an access token and transmits the access token and web site identification information (for example, the site address of the web server) to the second communication device 20 together with the web page.
- the access token is an object in which security information required for the second communication device 20 to log in is recorded, and has unique identification information (eg, security identification information).
- the second communication device 20 outputs the web page received from the web server 40 on the screen.
- the agent 21 of the second communication device 20 outputs a deactivated safety login menu under the login menu of the web page.
- the agent 21 may deactivate the safety login menu by controlling the safety login menu to be output to a web page in a dark color or a translucent color.
- the agent 21 of the second communication device 20 may display the nickname or ID on the web page together with the safe login menu. Can be.
- FIG. 3 is a diagram illustrating a web page displaying a safety login menu according to an embodiment of the present invention.
- the agent 21 may display the safety login menu 32 according to the present invention on the web page in addition to the login menu 31 provided in the web page itself.
- the agent 21 may check the ID or nickname of the user used in the safety login service in the cookie and display the same in a predetermined area of the safety login menu 32. have.
- the user's safety login service nickname 'Nick' is displayed on the web page together with the safety login menu 32, and the safety login menu 32 is processed in dark colors (ie, deactivated).
- the agent 21 may include the secure login menu 32 in the menu tree of the web browser in the form of a toolbar.
- the agent 21 of the second communication device 20 confirms that the second communication device 20 starts reading the web page, notifies the start of the safety login service, and the user of the second communication device 20.
- the service notification message including the identification information and the second communication device identification information is transmitted to the security relay server 30 (S203).
- the agent 21 may record any one of a security login service ID, a user's social security number, an Internet personal identification number (I-PIN), a mobile phone number, and the like as the user identification information in the service notification message.
- the agent 21 services any one of its own identification information (ie, agent identification information), an IP address of the second communication device 20, a MAC address, etc. as the identification information of the second communication device 20. You can write in the notification message.
- the agent 21 may check the location information of the second communication device 20 and include the location information in the service notification message. For example, the agent 21 acquires the GPS coordinates using a GPS receiver mounted on the second communication device 20, and informs the service of the GPS coordinates or administrative address information corresponding to the GPS coordinates as location information. Can be included in the message.
- the agent 21 may be a small wireless base station (for example, an access) that can be connected through the short range wireless communication module. Point), the identification information of the small wireless base station is transmitted to the positioning server 50, and receives the location information from the positioning server 50, and includes this location information in the service notification message You can.
- the agent checks whether the second communication device 20 is a mobile communication terminal or a fixed terminal, and acquires location information in the service notification message when the mobile communication terminal is a mobile communication capable terminal.
- the security relay server 30 confirms the user identification information included in the service notification message, and confirms the identification information of the first communication device 10 mapped with the user identification information.
- the security relay server 30 transmits the service notification message to the first communication device 10 having the identified identification information (S205).
- the first communication device 10 checks the location information of the second communication device 20 connected to the web server 40 and checks its own location information (S207). At this time, the first communication device 10 extracts the second communication device identification information from the service notification message, and checks the location information mapped with the identification information from the stored data to determine the location information of the second communication device 20. You can check. In addition, when the first communication device 10 includes the location information of the second communication device 20 in the service notification message, the first communication device 10 extracts the location information from the service notification message. You can check the location information. In addition, the first communication device 10 may acquire GPS coordinates by using the on-board GPS receiver and determine its position based on the GPS coordinates.
- the first communication device 10 recognizes a small wireless base station (eg, an access point) capable of short-range wireless communication through a short-range wireless communication function, and transmits identification information of the small wireless base station to the positioning server 50. By receiving the location information from the positioning server 50, it is possible to confirm its own location information.
- a small wireless base station eg, an access point
- the first communication device 10 compares the location information of the second communication device 20 with its own location information, and determines whether it is located at the same place as the second communication device 20 (S209). . At this time, the first communication device 10 checks whether it is located in the same administrative area as the second communication device 20 or whether the distance between the second communication device 20 and itself is within a critical distance (for example, 100 m). As a result, it is possible to determine whether or not it is located at the same place as the second communication device 20. In addition, when the second communication device 20 and the first communication device 10 respectively connect to the small wireless base station, the second communication device 20 checks whether the connected small wireless base station is the same, and thus the second communication device 20 and the second communication device 20. It can be determined whether or not located in the same place.
- a critical distance for example, 100 m
- the first communication device 10 transmits a safety login activation message to the second communication device 20 (S211).
- the second communication device 20 is recognized based on the identification information of the second communication device included in the service notification message, and the safety login activation message is transmitted to the second communication device 20.
- the agent 21 of the second communication device 20 activates the deactivated safety login menu so that the user recognizes that the first communication device 10 and the second communication device 20 are located at the same place.
- the agent 21 performs a graphic process such as changing the safety login menu processed in a dark color to a bright color, flickering the safety login menu, or outputting an activation graphic symbol on the safety login menu, You can activate the login menu.
- the agent 21 of the second communication device 20 monitors whether the safety login menu is clicked, and when the safety login menu is clicked, the agent 21 accesses the identification information of the website to be logged in and the web server 40.
- a login notification message including an access token, user identification information, and identification information of the second communication device 20 may be generated and transmitted to the security relay server 30 (S213 and S215).
- the security relay server 30 checks the user identification information included in the login notification message, and confirms the identification information of the first communication device 10 mapped with the user identification information.
- the security relay server 30 transmits the login notification message to the first communication device 10 having the identified identification information (S217).
- the first communication device 10 extracts user identification information, web site identification information, access token, and identification information of the second communication device 20 from the login notification message received from the security relay server 30. Subsequently, the first communication device 10 checks the security level mapped with the extracted web site identification information in the security policy table (S219).
- the first communication device 10 checks again the position determination result performed in step S209, and applies the checked security level or enhanced security level based on the position determination result (S221). That is, when it is determined that the first communication device 10 is located in the same place as the second communication device 20 as a result of the location determination, the first communication device 10 applies the checked security level as it is. On the other hand, if it is determined that the first communication device 10 is not located at the same place as the second communication device 20, the first communication device 10 does not apply the checked security level as it is, and applies a security level that strengthens the checked security level. do. In this case, when the security level checked in step S219 is the highest level (that is, the third level), the first communication device 10 may apply the three levels of security level as they are.
- the first communication device 10 obtains login authentication information (that is, an ID and a password) which is one of authentication-related data based on the applied security level (S223).
- the security level is the first level of the minimum level
- the first communication device 10 obtains a decryption key used in the security level by requesting and receiving a decryption key from the second communication device 20.
- the first communication device 10 checks the security data dedicated to the second communication device among the security data classified for each communication device based on the identification information of the second communication device, and among the login authentication information included in the security data thus checked.
- the encrypted login authentication information that is, ID and password
- the first communication device 10 obtains login authentication information by decrypting the extracted login authentication information using the decryption key.
- the first communication device 10 notifies that the second communication device 20 is attempting to log in to a web site, and outputs a notification window for inquiring whether the login has been approved. Only when receiving an approval signal from the user through the request, and after receiving a decryption key to the second communication device 20, using the decryption key using the decryption key from the secure data dedicated to the second communication device website identification information Extracts and decrypts encrypted login authentication information mapped to.
- the first communication device 10 receives the authentication information by receiving the biometric information (for example, fingerprint information, iris information, etc.) or enhanced authentication information such as OTP if the security level is the highest level of three levels. Acquire. At this time, the first communication device 10 obtains a decryption key from the second communication device 20 as if the security level is advanced at the first level, and decrypts the login authentication information of the web site using the decryption key. In addition, both of the decrypted login authentication information and the enhanced login authentication information input from the user can be obtained.
- biometric information for example, fingerprint information, iris information, etc.
- OTP enhanced authentication information
- the first communication device 10 when the security level is 3 levels, the first communication device 10 outputs an input window for inputting personal authentication information, and through this input window, password, biometric information (eg, fingerprint information, iris information, etc.). , User identification information such as social security number can be input from the user.
- the first communication device 10 receives the enhanced authentication information from the user or receives the decryption key from the second communication device 20 when the user authentication information input from the user matches the user authentication information stored in the self. It is possible to decrypt the login authentication information of the web site, or to receive the enhanced authentication information and decrypt the login authentication information. That is, when the security level is three levels, the first communication device 10 proceeds with user authentication and acquires authentication related data when the authentication is successful.
- the first communication device 10 checks the website identification information and the access token extracted from the login notification message, and the obtained login authentication information and reinforcement to the web server 40 granted with the website identification information. At least one of the authentication information is transmitted (S225). At this time, the first communication device 10 transmits the access token to the web server 40 together with the corresponding authentication information.
- the web server 40 identifies the second communication device 20 attempting to log in on the basis of the access token received from the first communication device 10, and confirms whether the authentication information is correct, thereby making the second communication possible.
- Login authentication of the device 20 is performed (S227).
- the web server 40 performs login authentication of the second communication device 20 by checking whether the ID and password are correct.
- the authentication information includes enhanced authentication information such as biometric information of the user, OTP, etc.
- the web server 40 checks whether the enhanced authentication information of the user, which is stored in the authentication information, is consistent with the authentication information. Login authentication of the second communication device 20 is additionally performed.
- the web server 40 uses the user of the second communication device 20 based on the ID and password included in the login authentication information. First authentication and second authentication of the user of the second communication device 20 based on the enhanced authentication information.
- the web server 40 may fail to log in the second communication device 20. On the other hand, if the login authentication is successful, the web server 40 may transmit an authentication success message to the second communication device 20. After that (S229), the second communication device 20 provides the requested online service. Preferably, when the login authentication is successful, the web server 40 notifies the first communication device 10 that the second communication device 20 has successfully logged in.
- the first communication device 10 may transmit only the enhanced authentication information except the login authentication information to the web server 40.
- the web server 40 authenticates the second communication device 20 based on the enhanced authentication information.
- the first communication device 10 may transmit one or more of the decrypted login authentication information and the reinforced authentication information to the second communication device 20.
- the second communication device 20 transmits authentication information received from the first communication device 10 to the web server 40 to perform login authentication.
- each step having the same reference numeral as that of FIG. 2 is applied in the same manner as in FIG. 2, and thus descriptions of steps S201 to S221 having a common reference numeral will be omitted.
- FIG. 4 is a flowchart illustrating a method of performing login authentication in a safe login system according to another embodiment of the present invention.
- the first communication device 10 obtains login authentication information of the user based on the security level (S423). Specifically, when the security level is the first level of the minimum level, the first communication device 10 checks the security data dedicated to the second communication device among the security data classified for each communication device based on the second communication device identification information. The encrypted login authentication information mapped to the web site identification information is extracted from the login authentication information included in the security data thus identified. In addition, when the security level is 2 levels, the first communication device 10 notifies that the second communication device 20 is attempting to log in to a web site, and outputs a notification window for inquiring whether the login has been approved. Only when an authorization signal is input from the user through the user, the encrypted login authentication information mapped to the web site is extracted from the security data dedicated to the second communication device.
- the first communication device 10 receives the enhanced login authentication information, such as biometric information, OTP, etc. from the user, thereby obtaining enhanced authentication information.
- the first communication device 10 may additionally extract encrypted login authentication information mapped to the web site from the security data dedicated to the second communication device as the security level is advanced at the first level.
- the first communication device 10 when the security level is 3 levels, the first communication device 10 outputs an input window for inputting personal authentication information, and through this input window, password, biometric information (eg, fingerprint information, iris information, etc.). , User identification information such as social security number can be input from the user.
- the first communication device 10 receives the enhanced authentication information from the user or extracts the encrypted login authentication information when the user authentication information input from the user and the user authentication information stored in the self match, or both ( That is, both enhanced authentication information and encrypted login authentication information may be obtained. That is, when the security level is three levels, the first communication device 10 proceeds with user authentication and acquires authentication related data when the authentication is successful.
- the first communication device 10 transmits one or more of the obtained encrypted login authentication information and enhanced authentication information to the second communication device 20 (S425).
- the first communication device 10 encrypts the enhanced authentication information by using a predetermined encryption key so that the first communication device 10 can decrypt normally through the decryption key stored in the second communication device 20. To the device 20.
- the second communication device 20 decrypts the encrypted login authentication information received from the first communication device 10 through a decryption key in its own storage (S427), and decodes the decrypted login authentication information from the web server 40.
- step S429 a request is made for login authentication.
- the second communication device 20 receives the enhanced authentication information from the first communication device 10
- the second communication device 20 decrypts the enhanced authentication information by using the decryption key stored in the self, and the decrypted enhanced authentication. Information is additionally sent to the web server 40.
- the web server 40 checks whether the authentication information received from the second communication device 20 is correct, thereby performing login authentication of the second communication device 20 (S431). At this time, when the ID and password are recorded in the authentication information, the web server 40 performs login authentication of the second communication device 20 by checking whether the ID and password are correct. In addition, when the authentication information includes enhanced authentication information such as biometric information and OTP in the authentication information, the web server 40 checks whether the enhanced authentication information of the user who is storing the authentication information matches the second authentication information. Login authentication of the communication device 20 may be additionally performed.
- the web server 40 may fail to log in the second communication device 20. On the other hand, if the login authentication is successful, the web server 40 may transmit an authentication success message to the second communication device 20. Thereafter, in operation S433, the second communication device 20 provides the requested online service.
- the first communication device 10 may transmit only the enhanced authentication information except the login authentication information to the second communication device 20.
- the second communication device 20 decrypts the enhanced authentication information and transmits the enhanced authentication information to the web server 40 instead of the login authentication information to perform authentication for the web service.
- FIG. 5 is a flowchart illustrating a method of performing login authentication in a safe login system according to another embodiment of the present invention.
- the first communication device 10 stores decryption keys classified for each communication device
- the second communication device 20 stores login authentication information of each encrypted web site.
- the first communication device 10 when the security level is applied, performs a process of extracting a decryption key, which is one of authentication related data, based on the applied security level (S523).
- the security level is the first level of the minimum level
- the first communication device 10 extracts a decryption key corresponding to the second communication device identification information included in the login notification message from among the decryption keys classified for each user.
- the security level is 2 levels
- the first communication device 10 notifies that the second communication device 20 is attempting to log in to a web site, and outputs a notification window for inquiring whether the login has been approved. Only when the authorization signal is input from the user through, the decryption key corresponding to the identification information of the second communication device is extracted.
- the first communication device 10 extracts a decryption key corresponding to the second communication device identification information, and further strengthens authentication information such as biometric information and OTP from the user. By receiving the input, the enhanced authentication information is obtained (S525).
- the security level is 3 levels
- the first communication device 10 outputs an input window for inputting personal authentication information, receives user authentication information of the user through the input window, and authenticates the user. After authenticating whether the information is correct, authentication-related data may optionally be obtained. That is, if the security level is 3 levels, the first communication device 10 authenticates whether the user authentication information input from the user is correct.
- the first communication device 10 receives the reinforced authentication information from the user or extracts a decryption key. (I.e., enhanced authentication information and decryption keys) may be obtained.
- a decryption key I.e., enhanced authentication information and decryption keys
- the first communication device 10 applies the security level to three levels and additionally obtains enhanced authentication information.
- the first communication device 10 transmits the extracted decryption key and enhanced authentication information to the second communication device 20 (S527).
- the first communication device 10 encrypts the enhanced authentication information by using a predetermined encryption key so that the first communication device 10 can decrypt normally through the decryption key stored in the second communication device 20. To the device 20.
- the second communication device 20 extracts encrypted login authentication information mapped to the currently accessed web site identification information from the encrypted site-specific login authentication information that is stored in itself (S529). Subsequently, the second communication device 20 decrypts the extracted login authentication information using the decryption key received from the first communication device 10 (S531). In addition, the second communication device 20 decrypts the enhanced authentication information received from the first communication device 10 using the decryption key stored in the second communication device 20.
- the second communication device 20 transmits the decrypted login authentication information and the reinforced authentication information to the web server 40 to request login authentication (S533).
- the web server 40 checks whether both the login authentication information and the enhanced authentication information received from the second communication device 20 are correct, thereby performing login authentication on the second communication device 20 (S535). ). Next, when the login authentication fails, the web server 40 may fail to log in the second communication device 20. On the other hand, if the login authentication is successful, the web server 40 may transmit an authentication success message to the second communication device 20. After that (S537), the second communication device 20 provides the requested online service.
- the first communication device 10 applies the security level to the first level or the second level
- only the decryption key without the enhanced authentication information is transmitted to the second communication device 20
- the second communication device ( 20) decrypts the login authentication information extracted in step S529 using the decryption key and transmits it to the web server 40. That is, when the security level is applied to the first level or the second level in the first communication device 10, the second communication device 20 transmits only the login authentication information except the enhanced authentication information to the web server 40.
- the web server 40 performs login authentication of the second communication device 20 based on the login authentication information.
- the first communication device 10 may transmit only the enhanced authentication information to the second communication device 20.
- the second communication device 20 decrypts the enhanced authentication information and transmits the enhanced authentication information to the web server 40 instead of the login authentication information. Then, the web server 40 performs login authentication of the second communication device 20 based on the enhanced authentication information.
- FIG. 6 is a flowchart illustrating a method of performing login authentication in a safe login system according to another embodiment of the present invention.
- the first communication device 10 classifies and stores the encrypted authentication information storage address for each web site for each communication device identification information.
- the first communication device 10 when the security level is applied, the first communication device 10 performs a process of extracting an authentication information storage address, which is one of authentication related data, based on the applied security level (S623). Specifically, when the first communication device 10 has a security level of 1 level which is the minimum level, the first communication device 10 checks the storage address data dedicated to the second communication device that attempts to log in on the basis of the second communication device identification information included in the login notification message. From the storage address data, the encrypted authentication information storage address mapped to the site identification information included in the login notification message is extracted.
- the first communication device 10 notifies that the second communication device 20 is attempting to log in to a web site, and outputs a notification window for inquiring whether the login has been approved. Only when the authorization signal is input from the user through the user, the encrypted authentication information storage address mapped to the web site identification information is extracted from the storage address data dedicated to the second communication device.
- the first communication device 10 if the security level is the third level of the highest level, and extracts the encrypted authentication information storage address mapped to the site identification information from the storage address data dedicated to the second communication device, and from the user By receiving enhanced login authentication information such as biometric information and OTP, the enhanced authentication information is obtained (S625).
- the first communication device 10 when the security level is 3 levels, the first communication device 10 outputs an input window for inputting personal authentication information, receives user authentication information of the user through the input window, and authenticates the user. After authenticating whether the information is correct, authentication-related data may optionally be obtained. That is, when the security level is 3 levels, the first communication device 10 authenticates whether the personal authentication information input from the user is correct. If the authentication is successful, the first communication device 10 receives the enhanced authentication information from the user or extracts the storage of the authentication information. Both can be obtained (ie, enhanced authentication information and authentication information storage address). In the description with reference to FIG. 6, it is described that the first communication device 10 applies the security level to three levels and additionally obtains enhanced authentication information.
- the first communication device 10 transmits the extracted encrypted authentication information storage address and enhanced authentication information to the second communication device 20 (S627).
- the first communication device 10 encrypts the enhanced authentication information by using a predetermined encryption key so that the first communication device 10 can be normally decrypted through the decryption key stored in the second communication device 20. 20 can be sent.
- the second communication device 20 decrypts the encrypted authentication information storage address by using the decryption key stored in itself.
- the second communication device 20 transmits an authentication information request message in which the storage address is recorded to the authentication information storage server 60 (S629).
- the authentication information storage server 60 checks the authentication information storage address in the authentication information request message, extracts the encrypted authentication information stored in the storage address, and transmits it to the second communication device 20 (S631).
- the second communication device 20 decrypts the encrypted authentication information using a decryption key stored therein, and decrypts the enhanced authentication information received from the first communication device 10 (S633).
- the second communication device 20 transmits the decrypted login authentication information and the reinforced authentication information to the web server 40 to request login authentication (S635).
- the web server 40 checks whether both the login authentication information and the enhanced authentication information received from the second communication device 20 are correct, thereby performing login authentication on the second communication device 20 (S637). ). Next, when the login authentication fails, the web server 40 may fail to log in the second communication device 20. On the other hand, if the login authentication is successful, the web server 40 may transmit an authentication success message to the second communication device 20. After that (S639), the second communication device 20 provides the requested online service.
- the first communication device 10 applies the security level as the first level or the second level
- only the authentication information storage address is transmitted to the second communication device 20, and the second communication device 20 transmits the authentication.
- the login authentication information is received from the authentication information storage server 60 based on the information storage address, and the login authentication information is decrypted to perform login authentication to the web server 40. That is, when the security level is applied to the first level or the second level, the second communication device 20 performs login authentication using only the login authentication information without the enhanced authentication information.
- the first communication device 10 may transmit only the enhanced authentication information to the second communication device 20.
- the second communication device 20 decrypts the enhanced authentication information and transmits the enhanced authentication information to the web server 40 instead of the login authentication information. Then, the web server 40 performs login authentication of the second communication device 20 based on the enhanced authentication information.
- the first communication device 10 may extract the storage address of the enhanced authentication information and transmit the extracted storage address to the second communication device 20.
- the second communication device 20 transmits the authentication information request message in which the storage address of the enhanced authentication information is recorded to the authentication information storage server 60, and the authentication information storage server 60 records the storage address.
- the extracted enhanced authentication information is extracted and transmitted to the second communication device 20.
- the second communication device 20 decrypts the received enhanced authentication information and then performs login authentication with the web server 40.
- any data related to authentication may be transmitted to the second communication device 20 without providing the web server 40 or the first communication device 10.
- the first communication device 10 checks the site identification information included in the safety login notification message and sets the security level mapped with the site identification information. Apply as is.
- the first communication device 10 proceeds with a process of acquiring authentication-related data according to the applied security level, and thus obtains authentication-related data (that is, login authentication information, decryption key, authentication information storage address, enhanced authentication). Information) to the second communication device 20 or the web server 40. On the other hand, if it is determined that the first communication device 10 is not located at the same place as the second communication device 20, it is not possible to log in to the second communication device 20 without providing authentication related data. Send a message.
- authentication-related data that is, login authentication information, decryption key, authentication information storage address, enhanced authentication. Information
- FIG. 7 is a flowchart illustrating a method of forcibly logging out a communication device logged in in a safe login system according to an embodiment of the present invention.
- the first communication device 10 continuously monitors its location information (S701). That is, when the first communication device 10 is notified of the login success of the second communication device 20 from the web server 40, the first communication device 10 continuously monitors its location information.
- the second communication device 20 is a communication terminal capable of mobile communication
- the first communication device 10 continuously receives location information from the second communication device 20 and thereby the second communication device 20. The location information of can also be monitored.
- the first communication device 10 determines whether it is continuously located at the same place as the second communication device 20 based on the monitored location information (S703), and if it is determined that the same place is the same, step S701. Rerun. At this time, the first communication device 10 checks whether it is located in the same administrative area as the second communication device 20 or whether its distance with the second communication device 20 is within a critical distance (for example, 100 m). The second communication device 20 may determine whether it is located at the same place as the second communication device 20.
- the first communication device 10 transmits a logout request message to the web server 40 (S705).
- the first communication device 10 includes the access token extracted from the login notification message in the logout request message.
- the web server 40 identifies the second communication device 20 which has successfully logged in on the basis of the access token included in the logout request message, and forcibly logs out the second communication device 20 ( S707). Subsequently, the web server 40 transmits a message indicating that the user has logged out to the second communication device 20 (S709), and notifies the first communication device 10 that the second communication device 20 has been logged out. .
- FIG. 8 is a diagram illustrating a configuration of an authentication data providing apparatus according to an embodiment of the present invention.
- the apparatus 100 for providing authentication data illustrated in FIG. 8 performs an operation of the first communication device 10 described with reference to FIGS. 1 to 7.
- the apparatus 100 for providing authentication data may include a memory 110, a memory controller 121, one or more processors 122, and a peripheral interface 123. , Input / output (I / O) subsystem 130, display device 141, input device 142, communication circuitry 150, and GPS receiver 160. These components communicate via one or more communication buses or signal lines.
- the various components shown in FIG. 8 may be implemented in hardware, software or a combination of both hardware and software, including one or more signal processing and / or application specific integrated circuits.
- the memory 110 may include fast random access memory, and may also include one or more magnetic disk storage devices, nonvolatile memory such as flash memory devices, or other nonvolatile semiconductor memory devices.
- memory 110 is a storage device located remote from one or more processors 122, such as communication circuitry 150, the Internet, an intranet, a local area network (LAN), and a wide area network (WLAN). It may further comprise a network attached storage device accessed through a communication network, such as a storage area network (SAN), or any suitable combination thereof. Access to the memory 110 by other components of the authentication data providing apparatus 100 such as the processor 122 and the peripheral interface 123 may be controlled by the memory controller 121.
- the peripheral interface 123 connects the input / output peripheral device with the processor 122 and the memory 110.
- the one or more processors 122 execute a set of instructions stored in various software programs and / or memories 110 to perform various functions and process data for the authentication data providing apparatus 100.
- peripheral interface 123, processor 122, and memory controller 121 may be implemented on a single chip, such as chip 120. In some other embodiments, they may be implemented in separate chips.
- the I / O subsystem 130 provides an interface between the input / output peripheral of the authentication data providing device 100, such as the display device 141, the input device 142, and the peripheral interface 123.
- the display device 141 may use a liquid crystal display (LCD) technology or a light emitting polymer display (LPD) technology.
- the display device 141 may be a capacitive, resistive, or infrared touch display.
- the touch display provides an output interface and an input interface between the device and the user.
- the touch display presents visual output to the user.
- the visual output may include text, graphics, video, and combinations thereof. Some or all of the visual output may correspond to user interface objects.
- the touch display forms a touch sensitive surface that accepts user input.
- the input device 142 is an input means such as a keypad or a keyboard, and receives an input signal of a user.
- the processor 122 is a processor configured to perform an operation associated with the authentication data providing apparatus 100 and to perform instructions, for example, using the instructions retrieved from the memory 110, and a component of the authentication data providing apparatus 100.
- the reception and manipulation of the input and output data of the liver can be controlled.
- the communication circuit 150 transmits and receives wireless electromagnetic waves through an antenna or transmits and receives data through a wired cable.
- the communication circuit 150 converts an electrical signal into an electromagnetic wave and vice versa and can communicate with the communication network, another mobile gateway device, and the communication device through the electromagnetic wave.
- Communications circuit 150 includes, but is not limited to, for example, an antenna system, an RF transceiver, one or more amplifiers, tuners, one or more oscillators, digital signal processors, CODEC chipsets, subscriber identity module (SIM) cards, memory, and the like. It may include, but is not limited to, known circuitry for performing this function.
- the communication circuit 150 communicates with other devices by means of the Internet, intranet and network and / or mobile communication networks, the wireless LAN and / or metropolitan area network (MAN), and near field communication, called the World Wide Web (WWW). Can communicate.
- Wireless communications include Global System for Mobile Communication (GSM), Enhanced Data GSM Environment (EDGE), wideband code division multiple access (WCDMA), code division multiple access (CDMA), time division multiple access (TDMA), and voice over Internet Protocol, Wi-MAX, Long Term Evolution (LTE), Bluetooth, Zigbee, Near Field Communication (NFC), or other communication protocols that are not yet developed at the time of filing this application. Any of a plurality of communication standards, protocols and techniques can be used, including but not limited to other suitable communication protocols.
- the GPS (Global Positioning System) receiver 160 receives satellite signals from a plurality of satellites.
- the GPS receiver 160 may be a C / A code pseudo range receiver, a C / A code carrier receiver, a P code receiver, a Y code receiver, or the like.
- Operating system 111 may be, for example, a built-in operating system such as Darwin, RTXC, LINUX, UNIX, OS X, WINDOWS, VxWorks, Tizen, IOS or Android, and may be a general system task (e.g., For example, various software components and / or devices that control and manage memory management, storage device control, power management, and the like, and facilitate communication between various hardware and software components.
- a built-in operating system such as Darwin, RTXC, LINUX, UNIX, OS X, WINDOWS, VxWorks, Tizen, IOS or Android
- general system task e.g., For example, various software components and / or devices that control and manage memory management, storage device control, power management, and the like, and facilitate communication between various hardware and software components.
- Graphics module 112 includes various well-known software components for presenting and displaying graphics on display device 141.
- graphics includes all objects that can be displayed to the user, including, without limitation, text, web pages, icons, digital images, videos, animations, and the like.
- the safety login program 113 obtains authentication related data and provides the authentication related data to the web server 40 or the second communication device 20.
- the safety login program 113 is mounted in the memory 110 when a safety login application is installed.
- FIG. 9 is a diagram showing the configuration of a safety login program according to an embodiment of the present invention.
- the safety login program 113 is a data storage module 91, security policy application module 92, positioning module 93, authentication data acquisition module ( 94) and authentication data providing module 95.
- the data storage module 91 stores a security policy table in which security levels of respective web sites are recorded, that is, a security policy table in which web site identification information and security levels are mapped.
- the data storage module 91 may classify and store security data recorded with login authentication information (ie, ID and password) of each web site for each communication device identification information.
- the login authentication information is encrypted and stored in the data storage module 91 and is normally decrypted based on the decryption key stored in the second communication device 20.
- the data storage module 91 may store one or more decryption keys separately for each communication device identification.
- the data storage module 91 may classify and store the security address data in which the authentication information storage address for each website is recorded for each communication device identification information.
- the data storage module 91 may store location information for each second communication device 20, and may store user authentication information such as a password, biometric information, and a social security number.
- the security policy application module 92 secures the login authentication information of the second communication device 20 provided to the web server 40. Determining and applying levels. Specifically, when the security policy application module 92 receives the login notification message from the security relay server 30 through the communication circuit 150, the second communication device identification information, the website identification information, and the access token in the login notification message. The security level mapped to the web site identification information is checked in the security policy table.
- the security policy application module 92 confirms the location of the authentication data providing device 100 and the second communication device 20 through the location checking module 93, and if the location of the two devices is the same place, the security identified above The level may be applied as it is, and if the location where the authentication data providing device 100 and the second communication device 20 are located is not the same place, a security level that is stronger than the checked security level may be applied as the security level of the login authentication information. .
- the positioning module 93 performs a function of determining whether the authentication data providing apparatus 100 and the second communication device 20 are located at the same place. At this time, the positioning module 93 determines whether the second communication device 20 and the authentication data providing device 100 are located in the same administrative area, or that the distance between the authentication data providing device 100 and the second communication device 20 is different. By checking whether the distance is within the threshold distance (eg, 100 m), it may be determined whether the authentication data providing apparatus 100 and the second communication device 20 are located at the same place. In addition, the positioning module 93 confirms whether short-range wireless communication (eg, Bluetooth communication) is possible with the second communication device 20 through the communication circuit 150, thereby verifying authentication data with the second communication device 20. It may be determined whether the providing apparatus 100 is located at the same place.
- short-range wireless communication eg, Bluetooth communication
- the positioning module 93 extracts the second communication device identification information from the service notification message received from the security relay server 30, and stores the location information mapped with the second communication device identification information in the data storage module 91.
- the location information of the second communication device 20 can be confirmed by checking.
- the location checking module 93 extracts the location information from the service notification message, thereby generating the first message. 2
- Position information of the communication device 20 can be confirmed.
- the positioning module 93 may acquire GPS coordinates using the GPS receiver 160, and determine the position of the authentication data providing apparatus 100 based on the GPS coordinates.
- the positioning module 93 recognizes the small wireless base station capable of short-range wireless communication through the communication circuit 150, and after transmitting the identification information of the small wireless base station to the positioning server 50, the positioning server By receiving the location information mapped with the identification information of the small wireless base station from the 50, the location information of the authentication data providing apparatus 100 may be grasped.
- the positioning module 93 transmits a safety login activation message to the second communication device 20 when it is determined that the location determination result is located in the same place as the second communication device 20.
- the location checking module 93 continuously monitors the positions of the second communication device 20 and the authentication data providing device 100.
- the authentication server 100 transmits a logout request message to the web server 40.
- the authentication data acquisition module 94 checks the security level applied by the security policy application module 92 and then proceeds with the process of acquiring authentication-related data according to this security level.
- the authentication data acquiring module 94 confirms, in the data storage module 91, the security data dedicated to the second communication device among the plurality of security data based on the communication device identification information included in the login notification message, By extracting encrypted login authentication information (that is, an ID and a password) mapped to the site identification information, authentication related data may be obtained. In this case, the authentication data acquisition module 94 may decrypt the extracted encrypted login authentication information by using the decryption key received from the second communication device 20.
- the authentication data acquisition module 94 may store a decryption key corresponding to the identification information of the second communication device 20 based on the second communication device identification information included in the login notification message. By extracting at 91, authentication related data can be obtained.
- the authentication data acquisition module 94 checks the storage address data dedicated to the second communication device in the data storage module 91 based on the second communication device identification information included in the login notification message. By extracting the encrypted authentication information storage address mapped to the web site identification information from the storage address data, authentication-related data may be obtained.
- the authentication data acquisition module 94 proceeds with the process of acquiring authentication related data based on the security level applied by the security policy application module 92. That is, if the security level applied by the security policy application module 92 is one level, the authentication data acquisition module 94 immediately acquires authentication related data (that is, login authentication information, decryption key, or authentication information storage address). If the security level applied by the security policy application module 92 is 2 levels, the authentication data acquisition module 94 notifies that the second communication device 20 is attempting to log in to a website and asks for permission to log in. Is output to the display device 141, and only when an approval signal is input from the user, the process of acquiring authentication related data is performed.
- the security level applied by the security policy application module 92 is one level
- the authentication data acquisition module 94 immediately acquires authentication related data (that is, login authentication information, decryption key, or authentication information storage address). If the security level applied by the security policy application module 92 is 2 levels, the authentication data acquisition module 94 notifies that the second communication device
- the authentication data acquisition module 94 outputs an input window for requesting input of the enhanced authentication information to the display device 141 and the input window. Reinforced authentication information such as biometric information or OTP received through the acquisition as authentication-related data.
- the authentication data acquisition module 94 outputs an authentication input window to the display device 141 for inputting user authentication information. If the personal authentication information input through the authentication input window is correct, the procedure of acquiring authentication data is performed. If the personal authentication information is not correct, the acquisition of authentication data is stopped. That is, when the security level is three levels, the authentication data acquisition module 94 may proceed with user authentication and obtain authentication related data if the authentication is successful.
- the authentication data providing module 95 performs a function of providing the authentication related data obtained by the authentication data obtaining module 94 to the web server 40 or the second communication device 20.
- the authentication data providing module 95 checks the website identification information and the access token in the login notification message, and receives the web server identification information. The authentication related data and the access token are transmitted together.
- FIG. 10 is a flowchart illustrating a method of providing authentication related data in an authentication data providing apparatus according to an embodiment of the present invention.
- the communication circuit 150 attempts to log in to the web server 40 by the second communication device 20.
- a login notification message indicating that there is a message is received from the security relay server 30 (S1001).
- the security policy application module 92 extracts the second communication device identification information, the website identification information and the access token from the login notification message, and stores the security level mapped with the website identification information in the data storage module 91. By checking in the security policy table, the security level of the web site to which the second communication device 20 is connected is checked (S1003). Next, the security policy application module 92 requests whether the authentication data providing apparatus 100 and the second communication device 20 are located at the same place.
- the positioning module 93 confirms the location information of the authentication data providing device 100 and the second communication device 20, and compares the two location information to provide the authentication data with the second communication device 20. It is determined whether the device 100 is located at the same place (S1005). At this time, the positioning module 93 determines whether the second communication device 20 and the authentication data providing device 100 are located in the same administrative area, or that the distance between the second communication device 20 and the authentication data providing device 100 is different. By checking whether the second communication device 20 and the authentication data providing device 100 are located at the same place, it may be determined whether the distance is within a threshold distance (eg, 100 m).
- a threshold distance eg, 100 m
- the positioning module 93 confirms whether short-range wireless communication (eg, Bluetooth communication) is possible with the second communication device 20 through the communication circuit 150, thereby verifying authentication data with the second communication device 20. It may be determined whether the providing apparatus 100 is located at the same place.
- short-range wireless communication eg, Bluetooth communication
- the positioning module 93 extracts the second communication device identification information from the service notification message received from the security relay server 30, and checks the location information mapped with the identification information in the data storage module 91.
- the location information of the second communication device 20 may be confirmed in advance.
- the location information module 93 includes the location information of the second communication device 20 in the service notification message, the location information is extracted from the service notification message to thereby locate the location of the second communication device 20. You can check the information in advance.
- the positioning module 93 may acquire GPS coordinates using the GPS receiver 160, and determine the position of the authentication data providing apparatus 100 based on the GPS coordinates.
- the positioning module 93 recognizes the small wireless base station capable of short-range wireless communication through the communication circuit 150, and after transmitting the identification information of the small wireless base station to the positioning server 50, the positioning server The location information of the authentication data providing apparatus 100 may be grasped by receiving the location information mapped to the identification information of the access point from 50.
- the security policy application module 92 When the security policy application module 92 receives the determination result from the positioning module 93, the security policy application module 92 checks the determination result to determine whether the authentication data providing device 100 and the second communication device 20 are located at the same place. Check (S1007).
- the security policy application module 92 uses the site security level checked in step S1003 as the security level for login authentication information. It is applied as is (S1009).
- the security policy application module 92 applies the security level of step S1003 as it is or provides authentication related data when the security level checked in step S1003 is the highest level (that is, when there is no security level to be strengthened anymore). A message indicating that login is impossible to the second communication device 20 using the communication circuit 150 may be transmitted without proceeding any further process.
- the security policy application module 92 does not proceed with the process of providing authentication related data any more.
- a message indicating that login is impossible to the second communication device 20 may be transmitted using the communication circuit 150.
- the authentication data acquisition module 94 checks the security level applied by the security policy application module 92 (S1013).
- the authentication data acquisition module 94 proceeds with a process of acquiring authentication-related data, storing encrypted login authentication information, decrypted login authentication information, decryption key, and authentication information. Acquire any one of the address, enhanced authentication information (S1017).
- the authentication data acquisition module 94 may receive a decryption key from the second communication device 20, and may obtain authentication-related data by decrypting login authentication information of a web site encrypted using the decryption key.
- the authentication data acquisition module 94 extracts the second communication device identification information from the login notification message and requests a decryption key to the second communication device 20 having the identification information through the communication circuit 150. And receive, to obtain a decryption key.
- the authentication data acquiring module 94 confirms, in the data storage module 91, the security data dedicated to the second communication device among the security data classified for each communication device based on the second communication device identification information.
- the authentication data acquisition module 94 extracts encrypted login authentication information (ie, ID and password) mapped to the web site identification information from the login authentication information included in the security data dedicated to the second communication device.
- the login authentication information may be decrypted using the decryption key to obtain login authentication information, thereby obtaining authentication related data.
- the authentication data acquisition module 94 confirms the security data dedicated to the second communication device in the data storage module 91 among the security data classified for each communication device based on the second communication device identification information, and thus confirms the security data.
- Authentication-related data may be obtained by extracting encrypted login authentication information (ie, ID and password) mapped to the web site identification information from the login authentication information included in.
- the authentication data acquisition module 94 may obtain authentication-related data by extracting a decryption key corresponding to the second communication device identification information from the data storage module 91.
- the authentication data acquisition module 94 checks the storage address data mapped to the second communication device identification information in the data storage module 94 and is included in the login notification message among the checked storage address data. By extracting the encrypted authentication information storage address mapped to the website identification information, authentication-related data can be obtained.
- the authentication data acquisition module 94 notifies that the second communication device 20 is attempting to log in to the web site and requests a response to the login approval.
- the notification window is output to the display device 141 (S1021).
- the authentication data acquisition module 94 may output a notification window to the display device 141 such as "Attempting to connect to www. ⁇ .com from a remote location. Do you want to approve login?" have.
- the authentication data acquisition module 94 acquires authentication-related data (that is, decrypted login authentication information, encrypted login authentication information, decryption key or authentication information storage address) only when receiving an approval signal from the user (S1023). (S1025).
- the authentication data acquisition module 94 outputs an authentication input window to the display device 141 to induce the user to authenticate himself (S1026). For example, the authentication data acquisition module 94 attempts to connect to www. ⁇ .com from a remote location. Please enter a password to allow login authorization. 141). Next, when the authentication data acquisition module 94 matches the user authentication information received through the authentication input window and the user authentication information stored in the data storage module 91, authentication related data (ie The decrypted login authentication information, the encrypted login authentication information, the decryption key or the authentication information storage address) are obtained (S1027).
- authentication related data ie The decrypted login authentication information, the encrypted login authentication information, the decryption key or the authentication information storage address
- the authentication data acquisition module 94 outputs an input window for requesting the input of the enhanced authentication information to the display apparatus 141 (S1029), and the enhanced authentication of biometric information, OTP, etc. from the user through the input window.
- the authentication-related data is additionally obtained by receiving the information (S1031).
- the authentication data acquisition module 94 may encrypt the enhanced authentication information by a predetermined encryption algorithm.
- the authentication data acquisition module 94 has three levels of security, and if the user's own authentication is successful, authentication-related data except for the enhanced authentication information, that is, decrypted login authentication information, encrypted login authentication information, and decryption key. At least one of the authentication information storage addresses may be obtained, or only enhanced authentication information may be obtained.
- the authentication data providing module 95 provides the obtained authentication related data to the web server 40 or the second communication device 20 to which the web site identification information has been given using the communication circuit 150. (S1033).
- the authentication data providing module 95 transmits authentication related data to the web server 40
- the authentication authentication of the second communication device 20 may be performed by transmitting the access token extracted from the login notification message. 40).
- the authentication data acquisition module 95 may only acquire enhanced authentication information as authentication-related data.
- the authentication data providing module 95 provides the enhanced authentication information excluding the login authentication information, the decryption key, the authentication information storage address, and the like to the web server 40 or the second communication device 20.
- FIG. 11 is a flowchart illustrating a method of forcibly logging out a second communication device in an authentication data providing device according to an embodiment of the present invention.
- the location determining module 93 provides the authentication data providing device 100 using the GPS receiver 160. ) Continuously monitors the location information (S1101). That is, when the location module 93 is notified of the login success of the second communication device 20 from the web server 40, the location module 93 continuously monitors the location information of the authentication data providing device 100.
- the authentication data providing apparatus 100 may continuously receive location information from the second communication device 20 and thereby receive the second communication device 20. Monitor location information.
- the positioning module 93 determines whether the authentication data providing device 100 and the second communication device 20 are continuously located at the same place based on the monitored position information (S1103). At this time, the positioning module 93 determines whether the second communication device 20 and the authentication data providing device 100 are located in the same administrative area, or that the distance between the second communication device 20 and the authentication data providing device 100 is different. By checking whether the threshold distance (eg, 100 m) is exceeded, it may be determined whether the second communication device 20 and the authentication data providing device 100 are located at the same place. In addition, the positioning module 93 confirms whether short-range wireless communication (eg, Bluetooth communication) is possible with the second communication device 20 through the communication circuit 150, thereby verifying authentication data with the second communication device 20. It may be determined whether the providing apparatus 100 is continuously located at the same place.
- short-range wireless communication eg, Bluetooth communication
- the location checking module 93 proceeds to step S1101 again. If it is determined that the location of the second communication device 20 and the authentication data providing device 100 are the same place, the location checking module 93 proceeds to step S1101 again. On the other hand, if it is determined that the positioning module 93 is not located at the same place as the second communication device 20, the location module 93 checks the access token in the login notification message received from the security relay server 30 (S1105). The positioning module 93 transmits a logout request message including the access token to the web server 40 so that the second communication device 20 logged into the web server 40 is forcibly logged out. (S1107).
- the method of the present invention as described above may be implemented as a program and stored in a recording medium (CD-ROM, RAM, ROM, floppy disk, hard disk, magneto-optical disk, etc.) in a computer-readable form. Since this process can be easily implemented by those skilled in the art will not be described in more detail.
- a recording medium CD-ROM, RAM, ROM, floppy disk, hard disk, magneto-optical disk, etc.
Abstract
Description
Claims (41)
- 웹 사이트로 접속하는 통신 장치의 안전 로그인을 진행하는 방법으로서,인증 데이터 제공 장치가, 상기 통신 장치와 동일한 장소에 위치하고 있는지 여부를 판별하는 단계;상기 인증 데이터 제공 장치가, 상기 판별 결과 상기 통신 장치와 동일한 장소에 위치하면, 상기 통신 장치의 인증 관련 데이터를 획득하는 단계; 및상기 인증 데이터 제공 장치가, 상기 통신 장치 또는 상기 웹 사이트로 상기 획득한 인증 관련 데이터를 제공하는 단계;를 포함하는 안전 로그인 방법.
- 제 1 항에 있어서,상기 인증 관련 데이터를 획득하는 단계는,상기 통신 장치로 복호키를 요청하여 수신하는 단계; 및암호화된 로그인 인증정보를 추출하고, 상기 복호키를 이용하여 상기 추출한 로그인 인증정보를 복호화하는 단계;를 포함하고,상기 인증 관련 데이터를 제공하는 단계는,상기 복호화한 로그인 인증정보를 상기 웹 사이트 또는 상기 통신 장치로 제공하는 것을 특징으로 하는 안전 로그인 방법.
- 제 2 항에 있어서,상기 인증 데이터 제공 장치가, 상기 통신 장치의 액세스 토큰을 확인하는 단계;를 더 포함하고,상기 인증 관련 데이터를 제공하는 단계는,상기 액세스 토큰을 상기 로그인 인증정보와 함께 상기 웹 사이트로 제공하는 것을 특징으로 하는 안전 로그인 방법.
- 제 1 항에 있어서,상기 인증 관련 데이터를 획득하는 단계는, 암호화된 로그인 인증정보를 추출하고,상기 인증 관련 데이터를 제공하는 단계는, 상기 추출한 암호화된 로그인 인증정보를 상기 통신 장치로 제공하고,상기 통신 장치가, 상기 인증 데이터 제공 장치로부터 수신한 암호화된 로그인 인증정보를 보관중인 복호키를 이용하여 복호화하는 단계; 및상기 통신 장치가, 상기 복호화한 로그인 인증정보를 이용하여 상기 웹 사이트에 대한 인증을 진행하는 단계;를 더 포함하는 것을 특징으로 하는 안전 로그인 방법.
- 제 1 항에 있어서,상기 인증 관련 데이터를 획득하는 단계는, 복호키를 추출하고,상기 인증 관련 데이터를 제공하는 단계는, 상기 추출한 복호키를 상기 통신 장치로 제공하고,상기 통신 장치가, 상기 복호키를 이용하여 저장중인 암호화된 로그인 인증정보를 복호화하고, 이렇게 복호화된 로그인 인증정보를 이용하여 상기 웹 사이트에 대한 인증을 진행하는 단계;를 더 포함하는 것을 특징으로 하는 안전 로그인 방법.
- 제 1 항에 있어서,상기 인증 관련 데이터를 획득하는 단계는, 인증정보 보관주소를 추출하고,상기 인증 관련 데이터를 제공하는 단계는, 상기 추출한 인증정보 보관주소를 상기 통신 장치로 제공하고,상기 통신 장치가, 상기 인증정보 보관주소에 보관된 인증정보를 인증정보 보관 서버로부터 수신하고, 이 수신한 인증정보를 이용하여 상기 웹 사이트에 대한 인증을 진행하는 단계;를 더 포함하는 것을 특징으로 하는 안전 로그인 방법.
- 제 6 항에 있어서,상기 통신 장치가, 상기 인증 데이터 제공 장치로부터 수신한 상기 인증정보 보관주소를 복호화하는 단계;를 더 포함하는 것을 특징으로 하는 안전 로그인 방법.
- 제 1 항에 있어서,상기 인증 데이터 제공 장치가, 상기 웹 사이트의 보안레벨을 확인하는 단계;를 더 포함하고,상기 인증 관련 데이터를 획득하는 단계는,상기 판별 결과 상기 통신 장치와 동일한 장소에 위치하면, 상기 확인한 보안레벨을 적용하는 단계; 및상기 적용한 보안 레벨에 근거하여 상기 인증 관련 데이터를 획득하는 단계;를 포함하는 것을 특징으로 하는 안전 로그인 방법.
- 제 8 항에 있어서,상기 인증 관련 데이터를 획득하는 단계는,상기 판별 결과, 상기 통신 장치와 동일한 장소에 위치하지 않으면, 상기 확인한 보안레벨 보다 강화된 보안레벨을 적용하는 단계; 및상기 적용한 강화된 보안레벨에 근거하여 상기 인증 관련 데이터를 획득하는 단계;를 포함하는 것을 특징으로 하는 안전 로그인 방법.
- 제 9 항에 있어서,상기 인증 관련 데이터를 획득하는 단계는,상기 적용한 보안레벨이 임계레벨을 초과하면, 강화된 인증정보를 획득하고,상기 인증 관련 데이터를 제공하는 단계는,상기 강화된 인증정보를 상기 웹 사이트 또는 상기 통신 장치로 제공하는 것을 특징으로 하는 안전 로그인 방법.
- 제 9 항에 있어서,상기 인증 관련 데이터를 획득하는 단계는,상기 적용한 보안레벨이 임계레벨을 초과하면, 사용자의 본인 인증을 수행하고 인증에 성공한 경우에, 상기 인증 관련 데이터를 획득하는 것을 특징으로 하는 안전 로그인 방법.
- 제 9 항에 있어서,상기 인증 관련 데이터를 획득하는 단계는,상기 적용한 보안레벨이 사전에 설정된 특정 보안레벨인 경우에, 상기 통신 장치의 로그인 허용을 문의하는 알림 창을 출력하고, 상기 알림 창을 통해 승인 신호가 입력된 경우에 상기 인증 관련 데이터를 획득하는 것을 특징으로 하는 안전 로그인 방법.
- 제 1 항에 있어서,상기 인증 관련 데이터를 제공하는 단계 이후에,상기 인증 데이터 제공 장치가, 상기 통신 장치와 동일한 장소에 계속적으로 위치하고 있는지 여부를 모니터링하는 단계; 및상기 인증 데이터 제공 장치가, 상기 모니터링 결과 상기 통신 장치와 동일한 장소에 위치하지 않으면, 상기 통신 장치의 로그아웃을 진행하는 단계;를 더 포함하는 것을 특징으로 하는 안전 로그인 방법.
- 제 1 항에 있어서,상기 인증 데이터 제공 장치가, 상기 판별 결과 상기 통신 장치와 동일한 장소에 위치하고 있고 있는 것으로 확인되면, 상기 통신 장치로 안전 로그인 활성화 메시지를 전송하는 단계;를 더 포함하는 것을 특징으로 하는 안전 로그인 방법.
- 하나 이상의 프로세서;메모리; 및상기 메모리에 저장되어 있으며 상기 하나 이상의 프로세서에 의하여 실행되도록 구성되는 하나 이상의 프로그램을 포함하는 인증 데이터 제공 장치에 있어서,상기 프로그램은,안전 로그인 서비스에 등록된 통신 장치와 상기 인증 데이터 제공 장치가 동일한 장소에 위치하고 있는 여부를 판별하는 위치확인 모듈;상기 위치확인 모듈에서 상기 통신 장치와 상기 인증 데이터 제공 장치가 동일한 장소에 위치하는 것으로 판별되면, 상기 통신 장치가 접속하는 웹 사이트의 인증 관련 데이터를 획득하는 인증 데이터 획득 모듈; 및상기 획득한 인증 관련 데이터를 상기 웹 사이트 또는 상기 통신 장치로 제공하는 인증 데이터 제공 모듈;을 포함하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 15 항에 있어서,암호화된 로그인 인증정보를 저장하는 데이터 저장 모듈;을 더 포함하고,상기 인증 데이터 획득 모듈은,상기 통신 장치로 복호키를 요청하고 수신한 후, 상기 데이터 저장 모듈에 저장된 암호화된 로그인 인증정보를 추출하고, 상기 복호키를 이용하여 상기 추출한 로그인 인증정보를 복호화하고,상기 인증 데이터 제공 모듈은,상기 복호화한 로그인 인증정보를 상기 웹 사이트 또는 상기 통신 장치로 제공하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 재 16 항에 있어서,상기 인증 데이터 제공 모듈은,상기 통신 장치의 액세스 토큰을 확인하고, 이 액세스 토큰을 상기 로그인 인증정보와 함께 상기 웹 사이트로 제공하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 15 항에 있어서,암호화된 로그인 인증정보를 저장하는 데이터 저장 모듈;을 더 포함하고,상기 인증 데이터 획득 모듈은, 상기 데이터 저장 모듈에 저장된 암호화된 로그인 인증정보를 추출하고,상기 인증 데이터 제공 모듈은, 상기 추출한 암호화된 로그인 인증정보를 상기 통신 장치로 제공하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 15 항에 있어서,통신 장치에서 보관하는 암호화된 로그인 인증정보를 복호화할 수 있는 복호키를 저장하는 데이터 저장 모듈;을 더 포함하고,상기 인증 데이터 획득 모듈은, 상기 데이터 저장 모듈에서 복호키를 추출하고,상기 인증 데이터 제공 모듈은, 상기 추출한 복호키를 상기 통신 장치로 제공하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 15 항에 있어서,로그인 인증정보가 보관되는 인증정보 보관주소를 저장하는 데이터 저장 모듈;을 더 포함하고,상기 인증 데이터 획득 모듈은, 상기 데이터 저장 모듈에서 상기 웹 사이트의 인증정보 보관주소를 추출하고,상기 인증 데이터 제공 모듈은, 상기 추출한 인증정보 보관주소를 상기 통신 장치로 제공하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 15 항에 있어서,상기 웹 사이트의 보안레벨을 확인하고, 상기 위치확인 모듈에서 상기 통신 장치와 상기 인증 데이터 제공 장치가 동일한 장소에 위치한 것으로 판별되면 상기 확인한 보안레벨을 적용하는 보안정책 적용 모듈;을 더 포함하고,상기 인증 데이터 획득 모듈은,상기 보안정책 적용 모듈에서 적용한 보안레벨에 근거하여 상기 인증 관련 데이터를 획득하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 21 항에 있어서,상기 보안정책 적용 모듈은,상기 통신 장치와 상기 인증 데이터 제공 장치가 동일한 장소에 위치하지 않으면, 상기 확인한 보안레벨 보다 강화된 보안레벨을 적용하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 22 항에 있어서,상기 인증 데이터 획득 모듈은, 상기 보안정책 적용 모듈에서 적용한 보안레벨이 임계레벨을 초과하면 강화된 인증정보를 획득하고,상기 인증 데이터 제공 모듈은, 상기 강화된 인증정보를 상기 웹 사이트 또는 상기 통신 장치로 제공하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 22 항에 있어서,상기 인증 데이터 획득 모듈은,상기 보안정책 적용 모듈에서 적용한 보안레벨이 임계레벨을 초과하면, 사용자의 본인 인증을 수행하고 인증에 성공한 경우에, 상기 인증 관련 데이터를 획득하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 22 항에 있어서,상기 인증 데이터 획득 모듈은,상기 보안정책 적용 모듈에서 적용한 보안레벨이 사전에 설정된 특정 보안레벨인 경우에, 상기 통신 장치의 로그인 허용을 문의하는 알림 창을 출력하고, 상기 알림 창을 통해 승인 신호가 입력된 경우에 상기 인증 관련 데이터를 획득하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 15 항에 있어서,상기 위치확인 모듈은,상기 통신 장치가 상기 웹 사이트로 로그인 성공하면, 상기 통신 장치와 상기 인증 데이터 제공 장치가 동일한 장소에 계속적으로 위치하고 있는지 여부를 모니터링하여, 상기 통신 장치와 상기 인증 데이터 제공 장치가 동일한 장소에 위치하지 않은 경우에 상기 통신 장치의 로그아웃을 진행하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 15 항에 있어서,상기 위치확인 모듈은,상기 통신 장치와 상기 인증 데이터 제공 장치가 동일한 장소에 위치하는 것으로 판별되면 상기 통신 장치로 안전 로그인 활성화 메시지를 전송하여 상기 통신 장치의 안전 로그인 메뉴를 활성화시키는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제2통신 장치;상기 제2통신 장치와 동일한 장소에 위치하고 있는지 여부를 판별하여 동일한 장소에 위치하면, 상기 제2통신 장치가 접속하는 웹 사이트의 인증 관련 데이터를 획득하여 상기 제2통신 장치 또는 웹 서버로 제공하는 제1통신 장치; 및상기 제1통신 장치 또는 제2통신 장치로부터 인증 관련 데이터를 수신하여, 상기 제2통신 장치의 로그인 인증을 수행하는 웹 서버;를 포함하는 안전 로그인 시스템.
- 제 28 항에 있어서,상기 제1통신 장치는,상기 제2통신 장치로 복호키를 요청하여 수신한 후, 암호화된 로그인 인증정보를 추출하고, 상기 복호키를 이용하여 상기 추출한 로그인 인증정보를 복호화하고,상기 웹 서버는,상기 제1통신 장치로부터 제공받은 상기 로그인 인증정보에 근거하여 상기 제2통신 장치의 로그인 인증을 수행하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 29 항에 있어서,상기 제1통신 장치는,상기 통신 장치의 액세스 토큰을 확인하고, 상기 액세스 토큰을 상기 로그인 인증정보와 함께 상기 웹 서버로 제공하고,상기 웹 서버는,상기 액세스 토큰을 토대로 상기 제2통신 장치를 식별하여 로그인 인증을 수행하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 28 항에 있어서,상기 제1통신 장치는,암호화된 로그인 인증정보를 추출하여 상기 제2통신 장치로 제공하고,상기 제2통신 장치는,상기 제1통신 장치로부터 수신한 암호화된 상기 로그인 인증정보를 보관중인 복호키로 복호화하고, 상기 복호화한 로그인 인증정보를 상기 웹 서버로 전송하여 로그인 인증을 진행하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 28 항에 있어서,제1통신 장치는, 복호키를 추출하고 상기 추출한 복호키를 상기 제2통신 장치로 제공하고,상기 제2통신 장치는, 제1통신 장치로부터 수신한 복호키를 이용하여 자체 저장중인 암호화된 로그인 인증정보를 복호화하고, 이렇게 복호화된 로그인 인증정보를 이용하여 상기 웹 서버로 전송하고,상기 웹 서버는, 상기 제2통신 장치로부터 수신한 로그인 인증정보에 근거하여 상기 제2통신 장치의 로그인 인증을 수행하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 28 항에 있어서,상기 제1통신 장치는, 인증정보가 보관된 인증정보 보관주소를 추출하여 상기 제2통신 장치로 전송하고,상기 제2통신 장치는, 상기 인증정보 보관주소에 보관된 인증정보를 인증정보 보관 서버로부터 수신하고,상기 웹 서버는, 상기 제2통신 장치로부터 상기 인증정보에 수신하여 상기 제2통신 장치의 로그인 인증을 수행하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 33 항에 있어서,상기 제2통신 장치는,상기 제1통신 장치로부터 수신한 상기 인증정보 보관주소를 복호화한 후에, 이 복호화한 인증정보 보관주소에 보관된 인증정보를 상기 인증정보 보관 서버로부터 수신하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 28 항에 있어서,상기 제1통신 장치는,상기 웹 사이트의 보안레벨을 확인하고, 상기 제2통신 장치와 동일한 장소에 위치한 경우, 상기 확인한 보안레벨을 적용하여 이렇게 적용한 보안 레벨에 근거하여 상기 인증 관련 데이터를 획득하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 35 항에 있어서,상기 제1통신 장치는,상기 제2통신 장치와 동일한 장소에 위치하고 있지 않으면, 상기 확인한 보안레벨 보다 강화된 보안레벨을 적용하고, 이렇게 적용한 강화된 보안레벨에 근거하여 상기 인증 관련 데이터를 획득하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 36 항에 있어서,상기 제1통신 장치는,상기 적용한 보안레벨이 임계레벨을 초과하면, 강화된 인증정보를 획득하여 상기 웹 서버 또는 상기 제2통신 장치로 제공하고,상기 웹 서버는, 제1통신 장치 또는 제2통신 장치로부터 수신한 강화된 인증정보에 근거하여 상기 제2통신 장치의 로그인 인증을 수행하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 36 항에 있어서,상기 제1통신 장치는,상기 적용한 보안레벨이 임계레벨을 초과하면, 사용자의 본인 인증을 수행하고 인증에 성공한 경우에, 상기 인증 관련 데이터를 획득하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 36 항에 있어서,상기 제1통신 장치는,상기 적용한 보안레벨이 사전에 설정된 특정 보안레벨인 경우에, 상기 제2통신 장치의 로그인 허용을 문의하는 알림 창을 출력하고, 상기 알림 창을 통해 승인 신호가 입력된 경우에 상기 인증 관련 데이터를 획득하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 28 항에 있어서,상기 제1통신 장치는,상기 제2통신 장치가 로그인에 성공하면, 상기 제2통신 장치와 동일한 장소에 계속적으로 위치하고 있는지 여부를 모니터링하여, 상기 제2통신 장치와 동일한 장소에 위치하지 않은 경우에 상기 제2통신 장치의 로그아웃을 진행하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 28 항에 있어서,상기 제1통신 장치는,상기 제2통신 장치와 동일한 장소에 위치하는 것으로 판별되면 상기 제2통신 장치로 안전 로그인 활성화 메시지를 전송하고,제2통신 장치는,상기 안전 로그인 활성화 메시지의 수신에 따라, 안전 로그인 메뉴를 활성화하는 것을 특징으로 하는 안전 로그인 시스템.
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
BR112015015514A BR112015015514A2 (pt) | 2012-12-27 | 2013-06-28 | sistema e método para logon seguro e aparelho para o mesmo |
US14/655,868 US9882896B2 (en) | 2012-12-27 | 2013-06-28 | System and method for secure login, and apparatus for same |
MX2015008418A MX2015008418A (es) | 2012-12-27 | 2013-06-28 | Sistema y metodo para inicio de sesion seguro y aparato para el mismo. |
EP13868348.7A EP2940617A4 (en) | 2012-12-27 | 2013-06-28 | SYSTEM AND METHOD FOR SAFE REGISTRATION AND DEVICE THEREFOR |
CN201380073968.0A CN105027131B (zh) | 2012-12-27 | 2013-06-28 | 用于安全登录的系统、方法及其设备 |
JP2015551051A JP6055932B2 (ja) | 2012-12-27 | 2013-06-28 | 安全ログインシステム及び方法、そのための装置 |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR20120155630 | 2012-12-27 | ||
KR10-2012-0155630 | 2012-12-27 | ||
KR10-2013-0074461 | 2013-06-27 | ||
KR1020130074461A KR101416541B1 (ko) | 2012-12-27 | 2013-06-27 | 안전 로그인 시스템과 방법 및 이를 위한 장치 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014104507A1 true WO2014104507A1 (ko) | 2014-07-03 |
Family
ID=51734992
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2013/005764 WO2014104507A1 (ko) | 2012-12-27 | 2013-06-28 | 안전 로그인 시스템과 방법 및 이를 위한 장치 |
PCT/KR2013/012249 WO2014104777A2 (ko) | 2012-12-27 | 2013-12-27 | 안전 로그인 시스템과 방법 및 이를 위한 장치 |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2013/012249 WO2014104777A2 (ko) | 2012-12-27 | 2013-12-27 | 안전 로그인 시스템과 방법 및 이를 위한 장치 |
Country Status (8)
Country | Link |
---|---|
US (2) | US9882896B2 (ko) |
EP (2) | EP2940617A4 (ko) |
JP (2) | JP6055932B2 (ko) |
KR (2) | KR101416541B1 (ko) |
CN (2) | CN105027131B (ko) |
BR (2) | BR112015015514A2 (ko) |
MX (2) | MX2015008418A (ko) |
WO (2) | WO2014104507A1 (ko) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105490987A (zh) * | 2014-09-18 | 2016-04-13 | 江苏威盾网络科技有限公司 | 一种网络综合身份认证方法 |
CN108702292A (zh) * | 2015-12-23 | 2018-10-23 | 株式会社 Kt | 基于生物计量信息的认证装置、控制服务器和应用服务器及其操作方法 |
CN109889474A (zh) * | 2014-09-22 | 2019-06-14 | 阿里巴巴集团控股有限公司 | 一种用户身份验证的方法及装置 |
US11076018B1 (en) * | 2018-09-04 | 2021-07-27 | Amazon Technologies, Inc. | Account association for voice-enabled devices |
Families Citing this family (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10148726B1 (en) * | 2014-01-24 | 2018-12-04 | Jpmorgan Chase Bank, N.A. | Initiating operating system commands based on browser cookies |
JP2016178354A (ja) * | 2015-03-18 | 2016-10-06 | 株式会社リコー | 画像処理システム、画像処理装置、認証方法及びプログラム |
JP6655921B2 (ja) * | 2015-09-11 | 2020-03-04 | キヤノン株式会社 | 通信システムとその制御方法、画像形成装置とその制御方法、及びプログラム |
WO2017111483A1 (ko) * | 2015-12-23 | 2017-06-29 | 주식회사 케이티 | 생체 정보 기반 인증 장치, 이와 연동하는 제어 서버 및 어플리케이션 서버, 그리고 이들의 동작 방법 |
KR101792862B1 (ko) | 2015-12-23 | 2017-11-20 | 주식회사 케이티 | 생체 정보 기반 인증 장치, 이와 연동하는 제어 서버, 그리고 이들의 생체 정보 기반 로그인 방법 |
KR102351491B1 (ko) * | 2015-12-29 | 2022-01-17 | 주식회사 마크애니 | 사용자 모바일 단말을 이용한 보안 관리 시스템 및 그 방법 |
CN105471913B (zh) * | 2015-12-31 | 2018-07-13 | 广州多益网络股份有限公司 | 一种通过共享区域信息的客户端登录方法及系统 |
US10977352B2 (en) * | 2016-04-05 | 2021-04-13 | Huawei Technologies Co., Ltd. | Method for accessing target application, and terminal |
KR102580301B1 (ko) * | 2016-04-21 | 2023-09-20 | 삼성전자주식회사 | 보안 로그인 서비스를 수행하는 전자 장치 및 방법 |
CN107358129A (zh) * | 2016-05-09 | 2017-11-17 | 恩智浦美国有限公司 | 安全的数据存储设备和方法 |
KR102544488B1 (ko) * | 2016-10-27 | 2023-06-19 | 삼성전자주식회사 | 인증을 수행하기 위한 전자 장치 및 방법 |
CN107248984B (zh) * | 2017-06-06 | 2020-06-05 | 北京京东尚科信息技术有限公司 | 数据交换系统、方法和装置 |
JP2019040359A (ja) * | 2017-08-24 | 2019-03-14 | キヤノン株式会社 | 通信システム、中継サーバ、情報処理装置と画像形成装置、及びそれらを制御する制御方法と、プログラム |
CN107580001B (zh) * | 2017-10-20 | 2021-04-13 | 珠海市魅族科技有限公司 | 应用登录及鉴权信息设置方法、装置、计算机装置及存储介质 |
SE1751451A1 (en) | 2017-11-24 | 2019-05-25 | Fingerprint Cards Ab | Biometric template handling |
CN108256309B (zh) * | 2018-01-10 | 2020-01-03 | 飞天诚信科技股份有限公司 | 硬件登录windows10以上系统的实现方法及装置 |
KR102111160B1 (ko) * | 2018-02-23 | 2020-05-14 | 로움아이티 주식회사 | 로그인 서비스 시스템 및 이를 이용한 로그인 서비스 제공 방법 |
JP2022059099A (ja) * | 2019-02-25 | 2022-04-13 | ソニーグループ株式会社 | 情報処理装置、情報処理方法、及び、プログラム |
CN110012466A (zh) * | 2019-04-12 | 2019-07-12 | 国网河北省电力有限公司邢台供电分公司 | 锁定本地基站的方法、装置及终端设备 |
CN112187561B (zh) * | 2020-08-19 | 2022-05-27 | 深圳市广和通无线股份有限公司 | 通信模块测试方法、装置、计算机设备和存储介质 |
US11689537B2 (en) | 2020-10-21 | 2023-06-27 | Okta, Inc. | Providing flexible service access using identity provider |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20010041363A (ko) * | 1998-02-25 | 2001-05-15 | 에를링 블로메, 타게 뢰브그렌 | 통신망을 통해서 인증하는 방법 및 장치 |
KR20050030880A (ko) * | 2004-10-13 | 2005-03-31 | (주)솔메이즈 | 안전인증 방법 |
JP2007094548A (ja) * | 2005-09-27 | 2007-04-12 | Softbank Telecom Corp | アクセス制御システム |
KR20090013432A (ko) | 2007-08-01 | 2009-02-05 | 삼성전자주식회사 | 터치 스크린을 갖는 휴대 단말기 및 그의 잠금 및 해제방법 |
KR20100006309A (ko) * | 2008-07-09 | 2010-01-19 | 고려대학교 산학협력단 | 위치 기반 정보 보호 시스템 및 그 방법 |
KR20120010899A (ko) * | 2010-07-27 | 2012-02-06 | 주식회사 안철수연구소 | 휴대 단말을 이용한 인증 서비스 장치 및 방법, 그 시스템과 인증 서비스 방법을 실행하기 위한 프로그램이 기록된 기록매체 |
Family Cites Families (38)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3627384B2 (ja) * | 1996-01-17 | 2005-03-09 | 富士ゼロックス株式会社 | ソフトウェアの保護機能付き情報処理装置及びソフトウェアの保護機能付き情報処理方法 |
US6092192A (en) * | 1998-01-16 | 2000-07-18 | International Business Machines Corporation | Apparatus and methods for providing repetitive enrollment in a plurality of biometric recognition systems based on an initial enrollment |
US6219639B1 (en) * | 1998-04-28 | 2001-04-17 | International Business Machines Corporation | Method and apparatus for recognizing identity of individuals employing synchronized biometrics |
WO2000069111A2 (en) * | 1999-05-10 | 2000-11-16 | Rienzo Andrew L Di | Authentication |
KR20010000232A (ko) | 2000-08-28 | 2001-01-05 | 김종철 | 아이디 통합관리 시스템 및 그 시스템을 이용한 원클릭접속방법 |
KR100353731B1 (ko) | 2000-11-01 | 2002-09-28 | (주)니트 젠 | 일회성 지문템플릿을 이용한 사용자 인증시스템 및 방법 |
JP2002157226A (ja) | 2000-11-16 | 2002-05-31 | Nec Corp | パスワード集中管理システム |
JP2002318788A (ja) | 2001-04-20 | 2002-10-31 | Matsushita Electric Works Ltd | ネットワーク端末 |
JP2003108525A (ja) | 2001-09-28 | 2003-04-11 | K Frontier Inc | 通信端末、ダイアルアップ認証方法およびプログラム |
KR20030042789A (ko) | 2001-11-24 | 2003-06-02 | 박세현 | 로밍 사용자 인증을 위한 트러스트 모델 |
JP2003345988A (ja) * | 2002-05-24 | 2003-12-05 | Aioi Insurance Co Ltd | 保険契約支援システム |
JP2004151863A (ja) | 2002-10-29 | 2004-05-27 | Sony Corp | 自動ログインシステム、自動ログイン方法、自動ログインプログラム、及び記憶媒体 |
KR20050030541A (ko) | 2003-09-25 | 2005-03-30 | 황재엽 | 안전인증 방법 |
US20080060052A1 (en) * | 2003-09-25 | 2008-03-06 | Jay-Yeob Hwang | Method Of Safe Certification Service |
EP1536306A1 (en) | 2003-09-30 | 2005-06-01 | Broadcom Corporation | Proximity authentication system |
CN1558580B (zh) * | 2004-02-03 | 2010-04-28 | 胡祥义 | 一种基于密码技术的网络数据安全防护方法 |
KR20050112146A (ko) | 2004-05-24 | 2005-11-29 | 정민규 | 웹서비스를 이용하여 인증서 및 개인비밀정보를 안전하게보관하고 전달하는 방법 |
KR100710586B1 (ko) | 2004-11-16 | 2007-04-24 | 주식회사 이루온 | 웹 하드를 이용한 공인 인증서 서비스 제공 방법 및 시스템 |
JP2006165741A (ja) | 2004-12-03 | 2006-06-22 | Matsushita Electric Ind Co Ltd | 車載情報端末装置、情報サーバ装置および車載情報端末装置の認証システム |
EP1905189B1 (fr) | 2005-06-23 | 2020-01-15 | Orange | Système de gestion de données d'authentification reçues par sms pour un accès à un service |
JP2007052513A (ja) * | 2005-08-16 | 2007-03-01 | Sony Corp | 対象装置、認証デバイスおよび認証方法 |
US20070043950A1 (en) | 2005-08-16 | 2007-02-22 | Sony Corporation | Target apparatus, certification device, and certification method |
US8171531B2 (en) | 2005-11-16 | 2012-05-01 | Broadcom Corporation | Universal authentication token |
JP2007148471A (ja) | 2005-11-24 | 2007-06-14 | Hitachi Ltd | サービス通知システム |
KR100670832B1 (ko) * | 2005-12-12 | 2007-01-19 | 한국전자통신연구원 | 에이전트를 이용한 사용자 개인정보 송수신 방법 및 장치 |
JP4791929B2 (ja) * | 2006-09-29 | 2011-10-12 | 株式会社日立製作所 | 情報配信システム、情報配信方法、コンテンツ配信管理装置、コンテンツ配信管理方法およびプログラム |
JP2008146551A (ja) | 2006-12-13 | 2008-06-26 | Dainippon Printing Co Ltd | パスワード情報管理システム、端末、プログラム |
US8527757B2 (en) | 2007-06-22 | 2013-09-03 | Gemalto Sa | Method of preventing web browser extensions from hijacking user information |
EP2281386A4 (en) * | 2008-05-14 | 2013-05-08 | Finsphere Corp | SYSTEMS AND METHOD FOR AUTHENTICATING A USER OF A COMPUTER APPLICATION, NETWORK OR DEVICE WITH A WIRELESS DEVICE |
US20100024017A1 (en) * | 2008-07-22 | 2010-01-28 | Bank Of America Corporation | Location-Based Authentication of Online Transactions Using Mobile Device |
JP5531485B2 (ja) | 2009-07-29 | 2014-06-25 | ソニー株式会社 | 情報処理装置、情報提供サーバ、プログラム、通信システム及びログイン情報提供サーバ |
US8744486B2 (en) * | 2009-09-25 | 2014-06-03 | International Business Machines Corporation | Location restricted content delivery over a network |
JP2011175394A (ja) * | 2010-02-24 | 2011-09-08 | Fujifilm Corp | シングル・サインオン・システムを構成するウェブ・サーバならびにその動作制御方法およびその動作制御プログラム |
JP5521764B2 (ja) | 2010-05-19 | 2014-06-18 | 株式会社リコー | 情報処理装置、認証システム、認証方法、認証プログラム及び記録媒体 |
KR20120049466A (ko) | 2010-11-09 | 2012-05-17 | 김정언 | 쿠키정보를 이용한 c/s 프로그램의 pki 로그인 서비스 시스템 및 그 방법 |
KR101136145B1 (ko) * | 2010-11-24 | 2012-04-17 | 와플스토어 주식회사 | 위치 기반 서비스를 이용한 휴대용 단말기의 체크인 시스템 및 이를 이용한 체크인 방법 |
JP5602058B2 (ja) | 2011-02-28 | 2014-10-08 | 京セラドキュメントソリューションズ株式会社 | モバイルプリンティングシステム |
CN102664876A (zh) | 2012-04-10 | 2012-09-12 | 星云融创(北京)科技有限公司 | 网络安全检测方法及系统 |
-
2013
- 2013-06-27 KR KR1020130074461A patent/KR101416541B1/ko active IP Right Grant
- 2013-06-28 MX MX2015008418A patent/MX2015008418A/es unknown
- 2013-06-28 JP JP2015551051A patent/JP6055932B2/ja active Active
- 2013-06-28 EP EP13868348.7A patent/EP2940617A4/en not_active Withdrawn
- 2013-06-28 CN CN201380073968.0A patent/CN105027131B/zh active Active
- 2013-06-28 BR BR112015015514A patent/BR112015015514A2/pt not_active IP Right Cessation
- 2013-06-28 WO PCT/KR2013/005764 patent/WO2014104507A1/ko active Application Filing
- 2013-06-28 US US14/655,868 patent/US9882896B2/en active Active
- 2013-11-14 KR KR1020130137982A patent/KR20140085295A/ko not_active Application Discontinuation
- 2013-12-27 WO PCT/KR2013/012249 patent/WO2014104777A2/ko active Application Filing
- 2013-12-27 MX MX2015008417A patent/MX2015008417A/es unknown
- 2013-12-27 US US14/655,840 patent/US9876785B2/en active Active
- 2013-12-27 EP EP13866750.6A patent/EP2940616A4/en not_active Withdrawn
- 2013-12-27 BR BR112015015549A patent/BR112015015549A2/pt not_active IP Right Cessation
- 2013-12-27 JP JP2015550318A patent/JP2016511855A/ja active Pending
- 2013-12-27 CN CN201380073882.8A patent/CN105229655B/zh active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20010041363A (ko) * | 1998-02-25 | 2001-05-15 | 에를링 블로메, 타게 뢰브그렌 | 통신망을 통해서 인증하는 방법 및 장치 |
KR20050030880A (ko) * | 2004-10-13 | 2005-03-31 | (주)솔메이즈 | 안전인증 방법 |
JP2007094548A (ja) * | 2005-09-27 | 2007-04-12 | Softbank Telecom Corp | アクセス制御システム |
KR20090013432A (ko) | 2007-08-01 | 2009-02-05 | 삼성전자주식회사 | 터치 스크린을 갖는 휴대 단말기 및 그의 잠금 및 해제방법 |
KR20100006309A (ko) * | 2008-07-09 | 2010-01-19 | 고려대학교 산학협력단 | 위치 기반 정보 보호 시스템 및 그 방법 |
KR20120010899A (ko) * | 2010-07-27 | 2012-02-06 | 주식회사 안철수연구소 | 휴대 단말을 이용한 인증 서비스 장치 및 방법, 그 시스템과 인증 서비스 방법을 실행하기 위한 프로그램이 기록된 기록매체 |
Non-Patent Citations (1)
Title |
---|
See also references of EP2940617A4 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105490987A (zh) * | 2014-09-18 | 2016-04-13 | 江苏威盾网络科技有限公司 | 一种网络综合身份认证方法 |
CN109889474A (zh) * | 2014-09-22 | 2019-06-14 | 阿里巴巴集团控股有限公司 | 一种用户身份验证的方法及装置 |
CN108702292A (zh) * | 2015-12-23 | 2018-10-23 | 株式会社 Kt | 基于生物计量信息的认证装置、控制服务器和应用服务器及其操作方法 |
US11076018B1 (en) * | 2018-09-04 | 2021-07-27 | Amazon Technologies, Inc. | Account association for voice-enabled devices |
Also Published As
Publication number | Publication date |
---|---|
CN105229655B (zh) | 2018-05-08 |
JP2016511855A (ja) | 2016-04-21 |
MX2015008417A (es) | 2015-12-15 |
WO2014104777A3 (ko) | 2014-07-31 |
EP2940616A4 (en) | 2016-11-16 |
EP2940617A4 (en) | 2016-08-24 |
MX2015008418A (es) | 2015-12-15 |
BR112015015549A2 (pt) | 2017-07-11 |
JP2016508270A (ja) | 2016-03-17 |
KR101416541B1 (ko) | 2014-07-09 |
WO2014104777A2 (ko) | 2014-07-03 |
EP2940616A2 (en) | 2015-11-04 |
US20150350178A1 (en) | 2015-12-03 |
KR20140085280A (ko) | 2014-07-07 |
US20150341348A1 (en) | 2015-11-26 |
US9882896B2 (en) | 2018-01-30 |
US9876785B2 (en) | 2018-01-23 |
BR112015015514A2 (pt) | 2017-07-11 |
EP2940617A1 (en) | 2015-11-04 |
CN105229655A (zh) | 2016-01-06 |
JP6055932B2 (ja) | 2016-12-27 |
KR20140085295A (ko) | 2014-07-07 |
CN105027131B (zh) | 2018-07-17 |
CN105027131A (zh) | 2015-11-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2014104507A1 (ko) | 안전 로그인 시스템과 방법 및 이를 위한 장치 | |
WO2015093734A1 (ko) | 빠른 응답 코드를 이용한 인증 시스템 및 방법 | |
WO2013162296A1 (ko) | 패스코드 운영 시스템과 패스코드 장치 및 슈퍼 패스코드 생성 방법 | |
WO2022102930A1 (ko) | 브라우저 기반 보안 pin 인증을 이용한 did 시스템 및 그것의 제어방법 | |
WO2015126037A1 (ko) | 일회용 랜덤키를 이용한 본인 확인 및 도용 방지 시스템 및 방법 | |
WO2014073886A1 (en) | Electronic device and method for controlling payment function of input means | |
WO2017119548A1 (ko) | 보안성이 강화된 사용자 인증방법 | |
WO2017188610A1 (ko) | 인증 방법 및 시스템 | |
WO2015041401A1 (ko) | 근거리 무선 통신 기능을 가지는 이동통신단말기를 이용한 일회용 패스워드 무선 인증 시스템 및 방법 | |
WO2012108661A2 (ko) | 네트워크 통신망에서의 쌍방향 가입자 보안 인증 시스템과 방법 및 이 방법을 기록한 기록매체 | |
WO2014104539A1 (ko) | 패스코드 관리 방법 및 장치 | |
WO2013191325A1 (ko) | 트러스티드 플랫폼 기반의 개방형 아이디 인증 방법, 이를 위한 장치 및 시스템 | |
WO2021080316A1 (ko) | 권한 정보에 기초한 인증서를 사용하여 액세스 컨트롤하는 방법 및 장치 | |
WO2020122368A1 (ko) | 보안단말기를 이용한 저장장치의 데이터 보안 관리 시스템 및 방법 | |
WO2016021823A1 (ko) | Nfc 장치와 비콘 중에서 어느 하나와 전화번호를 이용한 사용자 인증 방법 | |
WO2017111483A1 (ko) | 생체 정보 기반 인증 장치, 이와 연동하는 제어 서버 및 어플리케이션 서버, 그리고 이들의 동작 방법 | |
WO2015026083A1 (ko) | 휴대폰 본인인증 도용방지와 스미싱 방지를 위한 문자메시지 보안시스템 및 방법 | |
WO2018151392A1 (ko) | 메신저서비스를 이용한 스마트 로그인 방법 및 그 장치 | |
WO2013009120A2 (ko) | 이동통신단말기, 어플리케이션 인증 장치 및 방법 | |
US20200004972A1 (en) | System and device for data protection and method thereof | |
WO2022146026A1 (ko) | 보안 데이터 처리 방법 및 이를 지원하는 전자 장치 | |
CN111316684A (zh) | Wifi共享方法、移动终端及计算机可读存储介质 | |
WO2014010875A1 (ko) | 페어장치와 연동되는 애플리케이션 실행 및 결제방법, 이를 위한 디지털 시스템 | |
WO2018094808A1 (zh) | 一种入网切换的方法及装置 | |
WO2021172876A1 (ko) | 가상인증코드 기반의 절차 승인 장치 및 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201380073968.0 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13868348 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2015551051 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14655868 Country of ref document: US Ref document number: MX/A/2015/008418 Country of ref document: MX |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112015015514 Country of ref document: BR |
|
WWE | Wipo information: entry into national phase |
Ref document number: IDP00201504515 Country of ref document: ID |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2013868348 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 112015015514 Country of ref document: BR Kind code of ref document: A2 Effective date: 20150626 |