WO2014104777A2 - 안전 로그인 시스템과 방법 및 이를 위한 장치 - Google Patents
안전 로그인 시스템과 방법 및 이를 위한 장치 Download PDFInfo
- Publication number
- WO2014104777A2 WO2014104777A2 PCT/KR2013/012249 KR2013012249W WO2014104777A2 WO 2014104777 A2 WO2014104777 A2 WO 2014104777A2 KR 2013012249 W KR2013012249 W KR 2013012249W WO 2014104777 A2 WO2014104777 A2 WO 2014104777A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- communication device
- authentication
- authentication information
- login
- user
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Definitions
- the present invention relates to a login processing technology, and more particularly, to a safe login system and method for logging in a user in conjunction with a plurality of devices and a device therefor.
- a password authentication method is used as a general method for user authentication.
- a user accesses a web server, sets his or her ID and password, and then logs in by inputting an ID and password set in the terminal.
- a technology for authenticating a user by using a touch pattern set by the user has been disclosed.
- Korean Patent Laid-Open No. 10-2009-0013432 discloses a portable terminal for authenticating a user using a pattern and a method of locking and releasing the same.
- this method has a problem in that the user's authentication information, that is, a password and an ID, can be hijacked by another person by shoulder surfing.
- the user's authentication information that is, a password and an ID
- the user's authentication information can be hijacked by another person by shoulder surfing.
- another user takes over an ID and password of a specific user personal data of the user may be continuously exposed to the other person unless the specific user changes the ID and password or performs membership withdrawal.
- the present invention has been proposed to solve the above problems, and provides a safe login system and method for protecting user authentication information from external hacking such as peeping attack and strengthening security of authentication information, and an apparatus therefor. There is this.
- a method for safely logging in a communication device that connects to a web site includes an authentication data providing device configured to provide authentication-related data necessary for logging in to the web site.
- Receiving a request from the client Extracting, by the apparatus for providing authentication data, authentication related data required for login of the web site; Transmitting, by the authentication data providing device, the extracted authentication related data to the communication device; And attempting, by the communication device, login authentication to the web site using the authentication related data.
- a method for securely logging in a communication device accessing a web site comprises: authenticating authentication-related data required for login of the web site from the communication device; Receiving a request; Extracting login authentication information of the communication device necessary for login of the web site; And transmitting the extracted login authentication information to the web site so that login authentication of the communication device is performed at the web site.
- a safety login system may be configured to extract authentication-related data of the second communication device when receiving the authentication-related data required for login of a web site from the second communication device.
- a first communication device for transmitting to the second communication device;
- a second communication device for obtaining login authentication information of the web site based on authentication related data received from the first communication communication device;
- a web server receiving login authentication information acquired by the second communication device and performing login authentication of the second communication device based on the received login information.
- a safety login system including: a second communication device connecting to a web site; A first communication device that receives authentication related data required for login of the web site from the second communication device and extracts login authentication information of the second communication device for the web site; And a web server receiving login authentication information of the second communication device from the first communication device and performing login authentication of the second communication device based on the login authentication information.
- At least one processor for achieving the above object; Memory; And at least one program stored in the memory and configured to be executed by the at least one processor, the authentication data providing apparatus comprising: a data storage module configured to store authentication related data; A data extraction module for extracting authentication-related data of the communication device from the data storage module when receiving authentication-related data required for login of the web site from a communication device interworking with the authentication data providing device and accessing a web site; And an authentication data providing module for transmitting the authentication related data extracted by the data extraction module to the web site or the communication device.
- the first communication device and the second communication device interoperate to provide login authentication information to a web server, thereby protecting the user's authentication information from peeping attacks and enhancing the security of the user's authentication information.
- the first communication device performs a user's personal authentication primarily, and provides authentication-related data to the second communication device according to the result of the user authentication, thereby providing security for the user's authentication information.
- the first communication device performs a user's personal authentication primarily, and provides authentication-related data to the second communication device according to the result of the user authentication, thereby providing security for the user's authentication information.
- the present invention distributes and stores data necessary for login authentication through a plurality of devices, even if a malicious person steals data of a specific device, the login authentication information of the user cannot be obtained completely. There is an advantage of more secure authentication information.
- FIG. 1 is a view showing the configuration of a safety login system according to an embodiment of the present invention.
- FIG. 2 is a flowchart illustrating a method of performing login authentication in a safe login system according to an embodiment of the present invention.
- FIG. 3 is a flowchart illustrating a method of performing login authentication in a safe login system according to another embodiment of the present invention.
- FIG. 4 is a flowchart illustrating a method of performing login authentication in a safe login system according to another embodiment of the present invention.
- FIG. 5 is a flowchart illustrating a method of performing login authentication in a safe login system according to another embodiment of the present invention.
- FIG. 6 is a diagram illustrating a configuration of an authentication data providing apparatus according to an embodiment of the present invention.
- FIG. 7 is a view showing the configuration of a safety login program, according to an embodiment of the present invention.
- FIG. 1 is a view showing the configuration of a safety login system according to an embodiment of the present invention.
- a safety login system includes a first communication device 10, a second communication device 20, a security relay server 30, a web server 40, and authentication information.
- the storage server 50 is included.
- the network 60 includes a mobile communication network, a wired internet network, a short range wireless communication network, and the like, and thus, detailed description thereof will be omitted.
- the web server 40 is a server that provides users with online services such as portal services, financial services, online shopping services, and e-commerce services, and stores login authentication information such as ID / password of each user.
- the web server 40 receives login authentication information of the second communication device 20 from the first communication device 10 or the second communication device 20. Receiving and performing login authentication of the second communication device 20 based on the login authentication information.
- the security relay server 30 stores a table in which one or more user identification information and identification information of the first communication device 10 are mapped. At this time, the security relay server 30 is the identification information of the first communication device 10, the telephone number, IP address, MAC address of the first communication device 10, identification of the safety login application installed in the first communication device 10 Any one of the information may be stored, and as the user identification information, a security login service ID, a user's social security number, an Internet Personal Identification Number (I-PIN), a mobile telephone number, and the like may be stored.
- I-PIN Internet Personal Identification Number
- the security relay server 30 may identify identification information of the first communication device 10 mapped with user identification information of the second communication device 20. And the login notification message is transmitted to the first communication device 10 having the identification information.
- the security relay server 30 may transmit the login notification message in the form of a push message.
- the authentication information storage server 50 classifies and stores the encrypted login authentication information for each user for each user. At this time, the authentication information storage server 50 sets the storage address of the login authentication information, and stores the encrypted login authentication information in the set storage address, respectively. That is, the authentication information storage server 50 sets a unique storage address for each login authentication information, and stores encrypted login authentication information in each of the storage addresses thus set.
- the authentication information storage server 50 receives encrypted login authentication information from a user, the authentication information storage server 50 sets a storage address for the login authentication information and stores the login authentication information in a storage area having the set storage address. .
- the authentication information storage server 50 provides the user with a storage address where the login authentication information is stored, so that the storage address is stored in the user's first communication device 10.
- the second communication device 20 is a device that attempts to log in to the web server 40 and includes an agent 21 for a secure login service.
- the agent 21 monitors whether the second communication device 20 proceeds to log in to a specific site, the agent 21 identifies identification information of a web site that attempts to log in, identification information of a login user, and a second communication device ( A login notification message including the identification information of 20) is generated and transmitted to the security relay server 30.
- the agent 21 may output, in addition to the general login menu, a menu to proceed with the safety login according to the present invention in a web browser or a web page.
- the agent 21 may additionally output a safety login menu under the login menu of the web page.
- the second communication device 20 may store the decryption key and provide the decryption key to the designated first communication device 10.
- the second communication device 20 stores a unique decryption key capable of decrypting the encrypted login authentication information stored in the first communication device 10.
- the second communication device 20 receives encrypted authentication information from the first communication device 10, decrypts the authentication information using a decryption key stored in itself, and then decrypts the decrypted authentication information.
- Login authentication to the web server 40 can be performed by using.
- the second communication device 20 stores the encrypted authentication information for each web site, receives a decryption key from the first communication device 10 capable of decrypting the authentication information, and decrypts the decryption key. Decode the authentication information using the can be provided to the web server 40.
- the second communication device 20 receives the authentication information storage address from the first communication device 10, and the authentication information storage server 50 stores the authentication information stored in the authentication information storage address. Can be received from.
- the second communication device 20 is a desktop computer, a tablet computer, a notebook computer, a mobile communication terminal, and the like, and any communication device capable of connecting to the web server 40 via the network 60 can be adopted without limitation.
- the agent 21 may be mounted on the second communication device 20 when the safety login application or the plug-in is installed, and the second communication device 20 when the safety login script included in the web page is executed. It may be mounted in the).
- the agent 21 may be implemented through another program or command such as another script, web storage, cookie, or the like.
- the first communication device 10 performs a function of providing authentication related data to the second communication device 20 or the web server 40.
- the authentication related data includes at least one of a decryption key, login authentication information (eg, ID and password), and authentication information storage address.
- the first communication device 10 receives a login notification message from the security relay server 30, the first communication device 10 receives the user authentication information (eg, biometric information) from the user, and the user authentication information stored in the received authentication information is stored. If the information matches, the authentication related data is extracted and transmitted to the second communication device 20 or the web server 40.
- the first communication device 10 stores and stores security data recorded with login authentication information of each web site for each communication device identification information, and obtains a decryption key from the second communication device 20.
- the decryption key can be used to decrypt the login authentication information of the web site to which the second communication device 20 is connected and transmit it to the web server 40 or the second communication device 20.
- the first communication device 10 stores the secure data recorded by encrypting the login authentication information of each web site for each communication device identification information, and the web to which the second communication device 20 attempts to connect.
- the login authentication information of the site may be transmitted to the second communication device 20.
- the first communication device 10 may store a decryption key used to decrypt the encrypted login authentication information for each communication device and transmit a specific decryption key to the second communication device 20. .
- the first communication device 10 stores the authentication information storage address for each web site by the communication device identification information and checks the web site that the user of the second communication device 20 attempts to access.
- the second communication device 20 can provide the authentication information storage address where the authentication information of this web site is stored.
- the first communication device 10 is a tablet computer, a notebook computer, a mobile communication terminal, a server, or the like, and is preferably a smartphone. In addition, it is more preferable that the same user hold each of the first communication device 10 and the second communication device 20.
- FIG. 2 is a flowchart illustrating a method of performing login authentication in a safe login system according to an embodiment of the present invention.
- the second communication device 20 connects to a web server 40 that has received a web site address input by a user, and the web server 40 has a login menu for inputting an ID and a password.
- the included web page is transmitted to the second communication device 20 (S201).
- the web server 40 generates an access token and transmits the access token and web site identification information (for example, the site address of the web server) to the second communication device 20 together with the web page.
- the access token is an object in which security information required for the second communication device 20 to log in is recorded, and has unique identification information (eg, security identification information).
- the second communication device 20 outputs the web page received from the web server 40 on the screen.
- the agent 21 of the second communication device 20 may output a safety login menu under the login menu of the web page.
- the agent 21 of the second communication device 20 may display the nickname or ID on the web page together with the safe login menu. Can be.
- the agent 21 of the second communication device 20 monitors whether the safety login menu is clicked, and when the safety login menu is clicked (S203), identification information of the website to be logged in (for example, a website address).
- a login notification message including an access token, user identification information, and identification information of the second communication device 20 that may access the web server 40 is generated and transmitted to the security relay server 30.
- the agent 21 may record any one of a security login service ID, a user's social security number, an Internet personal identification number (I-PIN), a mobile phone number, and the like as the user identification information in the login notification message.
- the agent 21 logs in any one of its own identification information (ie, agent identification information), the IP address of the second communication device 20, the MAC address, etc. as the identification information of the second communication device 20. You can write in the notification message.
- the security relay server 30 checks the user identification information included in the login notification message, and confirms the identification information of the first communication device 10 mapped with the user identification information.
- the security relay server 30 transmits the login notification message to the first communication device 10 having the identified identification information (S207).
- the first communication device 10 extracts user identification information, web site identification information, access token, and identification information of the second communication device 20 from the login notification message received from the security relay server 30.
- the first communication device 10 outputs a notification window for requesting user authentication, and receives user authentication information from the user (S209).
- the first communication device 10 may receive a user authentication password set in advance by the user, and preferably input biometric information such as a user's fingerprint or iris from the user through a camera or biometric information input means. Receive.
- the first communication device 10 authenticates whether the user authentication information which has been input from the user in advance and stored therein is identical with the user authentication information received from the user (S211).
- the first communication device 10 cannot provide data indicating that authentication related data cannot be provided to the second communication device 20 when the user authentication information input from the user does not match with the self authentication information stored therein.
- the message is transmitted (S213).
- the first communication device 10 may output a message requesting re-entry of the personal authentication information on the screen.
- the first communication device 10 requests the decryption key to the second communication device 20 (S215). Then, the second communication device 20 extracts the decryption key held therein and transmits it to the first communication device 10 (S217).
- the first communication device 10 checks the second communication device identification information and the web site identification information included in the login notification message, and the first communication device 10 includes the first communication data among security data classified for each communication device based on the second communication device identification information. 2 Extract the security data dedicated to the communication device. Next, the first communication device 10 extracts encrypted login authentication information (eg, ID and password) mapped to the web site identification information from the login authentication information included in the extracted security data (S219). Subsequently, the first communication device 10 decrypts the extracted login authentication information using the decryption key (S221).
- encrypted login authentication information eg, ID and password
- the first communication device 10 checks the website identification information and the access token extracted from the login notification message, and accesses the extracted login authentication information and the access to the web server 40 which has been granted the website identification information.
- the token is transmitted (S223).
- the web server 40 identifies the second communication device 20 attempting to log in on the basis of the access token received from the first communication device 10, and confirms whether the login authentication information is correct, thereby making 2 Login authentication of the communication device 20 is performed (S225).
- the web server 40 may fail to log in the second communication device 20. On the other hand, if the login authentication is successful, the web server 40 may transmit an authentication success message to the second communication device 20. After that (S227), the second communication device 20 provides the requested online service. Preferably, when the login authentication is successful, the web server 40 notifies the first communication device 10 that the second communication device 20 has successfully logged in.
- the first communication device 10 may transmit the decrypted login authentication information to the second communication device 20 instead of the web server 40.
- the second communication device 20 directly transmits the login authentication information received from the first communication device 10 to the web server 40 to directly perform login authentication.
- each step having the same reference numeral as that of FIG. 2 is applied in the same manner as in FIG. 2, and thus descriptions of steps S201 to S215 having a common reference numeral will be omitted.
- FIG. 3 is a flowchart illustrating a method of performing login authentication in a safe login system according to another embodiment of the present invention.
- the first communication device 10 extracts encrypted login authentication information that is stored in itself (S319).
- the first communication device 10 checks the second communication device identification information and the web site identification information included in the login notification message received in step S207 and classifies the communication device by communication device based on the second communication device identification information.
- the security data for the second communication device is extracted from the secured data.
- the first communication device 10 extracts encrypted login authentication information (eg, ID and password) mapped to the web site identification information from the login authentication information included in the extracted security data.
- the encrypted login authentication information is normally decrypted through a decryption key stored in the second communication device 20.
- the first communication device 10 transmits the extracted encrypted login authentication information to the second communication device 10 (S321).
- the second communication device 20 decrypts the encrypted login authentication information received from the first communication device 10 through a decryption key in its own storage (S323), and decodes the decrypted login authentication information from the web server 40. Request to log in authentication by sending (S325).
- the web server 40 checks whether the login authentication information received from the second communication device 20 is correct, thereby performing login authentication of the second communication device 20 (S327).
- the web server 40 may fail to log in the second communication device 20. On the other hand, if the login authentication is successful, the web server 40 may transmit an authentication success message to the second communication device 20. After that (S329), the second communication device 20 provides the requested online service.
- FIG. 4 is a flowchart illustrating a method of performing login authentication in a safe login system according to another embodiment of the present invention.
- the first communication device 10 stores decryption keys classified for each communication device
- the second communication device 20 stores login authentication information of each encrypted web site.
- the first communication device 10 extracts a decryption key corresponding to the second communication device identification information included in the login notification message from among the decryption keys classified for each communication device. (S419). Subsequently, the first communication device 10 transmits the extracted decryption key to the second communication device 20 (S421).
- the second communication device 20 extracts encrypted login authentication information mapped to the currently accessed web site identification information from the encrypted site-specific login authentication information that is stored in itself (S423). Subsequently, the second communication device 20 decrypts the extracted login authentication information using the decryption key received from the first communication device 10 (S425). Next, the second communication device 20 transmits the decrypted login authentication information to the web server 40 to request login authentication (S427).
- the web server 40 checks whether the login authentication information received from the second communication device 20 is correct, thereby performing login authentication of the second communication device 20 (S429). Next, when the login authentication fails, the web server 40 may fail to log in the second communication device 20. On the other hand, if the login authentication is successful, the web server 40 may transmit an authentication success message to the second communication device 20. After (S431), the second communication device 20 provides the requested online service.
- FIG. 5 is a flowchart illustrating a method of performing login authentication in a safe login system according to another embodiment of the present invention.
- the first communication device 10 stores the encrypted authentication information storage address for each website for each communication device identification information.
- the first communication device 10 is dedicated to the second communication device attempting to log in based on the second communication device identification information included in the login notification message received in step S207.
- the first communication device 10 extracts an encrypted authentication information storage address mapped to the site identification information included in the login notification message from the storage address data dedicated to the second communication device.
- the encrypted authentication information storage address is normally decrypted through a decryption key held in the second communication device 20.
- the first communication device 10 transmits the extracted encrypted authentication information storage address to the second communication device 20 (S521).
- the second communication device 20 extracts the decryption key stored in itself and decrypts the encrypted authentication information storage address received from the first communication device 10 using the decryption key.
- the second communication device 20 transmits an authentication information request message in which the storage address is recorded to the authentication information storage server 50 (S523).
- the authentication information storage server 50 checks the authentication information storage address in the authentication information request message, extracts the encrypted login authentication information stored in the storage address and transmits it to the second communication device 20 (S525). ). That is, the authentication information storage server 50 extracts the login authentication information having the checked authentication information storage address from the plurality of stored login authentication information and transmits it to the second communication device 20.
- the encrypted login authentication information is normally decrypted through a decryption key held by the second communication device 20.
- the second communication device 20 decrypts the encrypted authentication information received from the authentication information storage server 50 using a decryption key stored therein (S527).
- the second communication device 20 transmits the decrypted login authentication information to the web server 40 to request login authentication (S529).
- the web server 40 checks whether the login authentication information received from the second communication device 20 is correct, thereby performing login authentication of the second communication device 20 (S531). Next, when the login authentication fails, the web server 40 may fail to log in the second communication device 20. On the other hand, if the login authentication is successful, the web server 40 may transmit an authentication success message to the second communication device 20. After that (S533), the second communication device 20 provides the requested online service.
- the second communication device 20 may force logout of the second communication device 20.
- the first communication device 10 receives the logout operation signal for the second communication device 20 from the user after the second communication device 20 successfully logs in, and then the second communication device 20. Sends a logout request message to the web server 40.
- the first communication device 10 includes the access token extracted from the login notification message in the logout request message.
- the web server 40 identifies the second communication device 20 that has successfully logged in on the basis of the access token included in the logout request message, and forcibly logs out the second communication device 20.
- the web server 40 transmits a message indicating that the logout has been processed to the second communication device 20 and notifies the first communication device 10 that the second communication device 20 has been logged out. .
- FIG. 6 is a diagram illustrating a configuration of an authentication data providing apparatus according to an embodiment of the present invention.
- the apparatus 100 for providing authentication data illustrated in FIG. 6 performs an operation of the first communication device 10 described with reference to FIGS. 1 to 5.
- the authentication data providing apparatus 100 may include a memory 110, a memory controller 121, one or more processors (CPUs) 122, and a peripheral interface 123. , Input / output (I / O) subsystem 130, display device 141, input device 142, camera 143, communication circuit 150, and GPS receiver 160. These components communicate via one or more communication buses or signal lines.
- the various components shown in FIG. 6 may be implemented in hardware, software or a combination of both hardware and software, including one or more signal processing and / or application specific integrated circuits.
- the memory 110 may include fast random access memory, and may also include one or more magnetic disk storage devices, nonvolatile memory such as flash memory devices, or other nonvolatile semiconductor memory devices.
- memory 110 is a storage device located remote from one or more processors 122, such as communication circuitry 150, the Internet, an intranet, a local area network (LAN), and a wide area network (WLAN). It may further comprise a network attached storage device accessed through a communication network, such as a storage area network (SAN), or any suitable combination thereof. Access to the memory 110 by other components of the authentication data providing apparatus 100 such as the processor 122 and the peripheral interface 123 may be controlled by the memory controller 121.
- the peripheral interface 123 connects the input / output peripheral device with the processor 122 and the memory 110.
- the one or more processors 122 execute a set of instructions stored in various software programs and / or memories 110 to perform various functions and process data for the authentication data providing apparatus 100.
- peripheral interface 123, processor 122, and memory controller 121 may be implemented on a single chip, such as chip 120. In some other embodiments, they may be implemented in separate chips.
- I / O subsystem 130 provides an interface between the input and output peripherals of authentication data providing device 100, such as display device 141, input device 142, camera 143, and peripheral interface 123. .
- the display device 141 may use a liquid crystal display (LCD) technology or a light emitting polymer display (LPD) technology.
- the display device 141 may be a capacitive, resistive, or infrared touch display.
- the touch display provides an output interface and an input interface between the device and the user.
- the touch display presents visual output to the user.
- the visual output may include text, graphics, video, and combinations thereof. Some or all of the visual output may correspond to user interface objects.
- the touch display forms a touch sensitive surface that accepts user input.
- the input device 142 is an input means such as a keypad or a keyboard, and receives an input signal of a user.
- the camera 143 has a lens to capture the surrounding image through the lens.
- the camera 143 may take a picture of the user's biometric information, such as a user's fingerprint or iris.
- the processor 122 is a processor configured to perform an operation associated with the authentication data providing apparatus 100 and to perform instructions, for example, using the instructions retrieved from the memory 110, and a component of the authentication data providing apparatus 100.
- the reception and manipulation of the input and output data of the liver can be controlled.
- the communication circuit 150 transmits and receives wireless electromagnetic waves through an antenna or transmits and receives data through a wired cable.
- the communication circuit 150 converts an electrical signal into an electromagnetic wave and vice versa and can communicate with the communication network, another mobile gateway device, and the communication device through the electromagnetic wave.
- Communications circuit 150 includes, but is not limited to, for example, an antenna system, an RF transceiver, one or more amplifiers, tuners, one or more oscillators, digital signal processors, CODEC chipsets, subscriber identity module (SIM) cards, memory, and the like. It may include, but is not limited to, known circuitry for performing this function.
- the communication circuit 150 communicates with other devices by means of the Internet, intranet and network and / or mobile communication networks, the wireless LAN and / or metropolitan area network (MAN), and near field communication, called the World Wide Web (WWW). Can communicate.
- Wireless communications include Global System for Mobile Communication (GSM), Enhanced Data GSM Environment (EDGE), wideband code division multiple access (WCDMA), code division multiple access (CDMA), time division multiple access (TDMA), and voice over Internet Protocol, Wi-MAX, Long Term Evolution (LTE), Bluetooth, Zigbee, Near Field Communication (NFC), or other communication protocols that are not yet developed at the time of filing this application. Any of a plurality of communication standards, protocols and techniques can be used, including but not limited to other suitable communication protocols.
- the GPS (Global Positioning System) receiver 160 receives satellite signals from a plurality of satellites.
- the GPS receiver 160 may be a C / A code pseudo range receiver, a C / A code carrier receiver, a P code receiver, a Y code receiver, or the like.
- Operating system 111 may be, for example, a built-in operating system such as Darwin, RTXC, LINUX, UNIX, OS X, WINDOWS, VxWorks, Tizen, IOS or Android, and may be a general system task (e.g., For example, various software components and / or devices that control and manage memory management, storage device control, power management, and the like, and facilitate communication between various hardware and software components.
- a built-in operating system such as Darwin, RTXC, LINUX, UNIX, OS X, WINDOWS, VxWorks, Tizen, IOS or Android
- general system task e.g., For example, various software components and / or devices that control and manage memory management, storage device control, power management, and the like, and facilitate communication between various hardware and software components.
- Graphics module 112 includes various well-known software components for presenting and displaying graphics on display device 141.
- graphics includes all objects that can be displayed to the user, including, without limitation, text, web pages, icons, digital images, videos, animations, and the like.
- the safety login program 113 obtains authentication related data and provides the authentication related data to the web server 40 or the second communication device 20.
- the safety login program 113 is mounted in the memory 110 when a safety login application is installed.
- FIG. 7 is a view showing the configuration of a safety login program, according to an embodiment of the present invention.
- the safety login program 113 may include a data storage module 71, a user authentication module 72, an authentication data extraction module 73, and an authentication data providing module ( 74).
- the data storage module 71 stores user authentication information.
- the data storage module 71 may store user's password or user's biometric information as personal authentication information.
- the data storage module 71 may store security data in which login authentication information (that is, an ID and a password) of each web site are classified and stored according to communication device identification information.
- the login authentication information is encrypted and stored in the data storage module 71 and normally decrypted based on the decryption key stored in the second communication device 20.
- the data storage module 71 may store one or more decryption keys by dividing the identification information by communication device identification information.
- the data storage module 71 may classify and store security address data in which authentication information storage addresses for respective web sites are recorded for each communication device identification information.
- the user authentication module 72 checks whether the user authentication information input from the user and the user authentication information stored in the data storage module 71 are correct and performs a function of authenticating the user. That is, when the identity authentication module 72 receives the login notification message from the security relay server 30 through the communication circuit 150, the identity authentication module 72 outputs a notification window for requesting input of identity authentication information to the display device 141. In addition, when the user authentication module 72 inputs user authentication information from the user, the user authentication module 72 checks whether the user authentication information and the user authentication information stored in the data storage module 71 match. The user authentication module 72 may receive a password for user authentication from the user through the input device 142, in this case, whether the password received from the user and the password stored in the data storage module 71 match.
- the user authentication module 72 may receive the biometric information of the user through the camera 143 or other biometric information input means (not shown), in this case the biometric information and data storage module received from the user The user may be authenticated by checking whether the biometric information stored at 71 matches a threshold value (for example, 70% or more).
- a threshold value for example, 70% or more
- the authentication data extraction module 73 extracts authentication related data from the data storage module 71 when the user authentication is successful in the user authentication module 72.
- the authentication data extraction module 73 checks, in the data storage module 71, the security data dedicated to the second communication device among the plurality of security data based on the communication device identification information included in the login notification message, and among the security data. Encrypted login authentication information (ie, ID and password) mapped to the website identification information may be extracted as authentication related data.
- the authentication data extraction module 73 uses the decryption key corresponding to the identification information of the second communication device 20 as authentication related data based on the second communication device identification information included in the login notification message. It can be extracted from the data storage module 71.
- the authentication data extraction module 73 checks the storage address data dedicated to the second communication device in the data storage module 71 based on the second communication device identification information included in the login notification message.
- the storage address data the authentication information storage address mapped to the web site identification information may be extracted as authentication-related data.
- the authentication data providing module 74 performs a function of providing the authentication related data extracted by the authentication data extraction module 73 to the web server 40 or the second communication device 20.
- the authentication data providing module 74 requests and receives a decryption key from the second communication device 20 using the communication circuit 150, and uses the decryption key to extract the authentication data extraction module 73. After decrypting the encrypted login authentication information extracted at, the decrypted login authentication information is transmitted to the web server 40 or the second communication device 20.
- the authentication data providing module 74 transmits the encrypted login authentication information extracted by the authentication data extracting module 73 to the second communication device 20 using the communication circuit 150, thereby providing a second message. The encrypted login authentication information is decrypted through a decryption key held by the communication device 20.
- the authentication data providing module 74 transmits the decryption key extracted by the authentication data extraction module 73 to the second communication device 20 through the communication circuit 150, thereby providing a second communication device ( The encrypted login authentication information stored at 20) is decrypted through the transmitted decryption key.
- the authentication data providing module 74 transmits the encrypted authentication information storage address extracted by the authentication data extracting module 73 to the second communication device 20, so that the second communication device 20 transmits the above.
- the login authentication information stored in the authentication information storage address is received from the authentication information storage server 50.
- the first communication device 10 and the second communication device 20 interoperate to provide login authentication information to the web server 40, thereby protecting the user ID and password from a sneak attack.
- the first communication device 10 performs the user's identity primarily, and provides authentication-related data to the second communication device 20 according to the result of the authentication, thereby authenticating the user. Make your information more secure.
- the present invention distributes and stores authentication-related data required for login authentication through a plurality of devices, even if a malicious person steals data of a specific device, the login authentication information of the user cannot be obtained completely. To further protect the user's authentication information.
- the method of the present invention as described above may be implemented as a program and stored in a recording medium (CD-ROM, RAM, ROM, floppy disk, hard disk, magneto-optical disk, etc.) in a computer-readable form. Since this process can be easily implemented by those skilled in the art will not be described in more detail.
- a recording medium CD-ROM, RAM, ROM, floppy disk, hard disk, magneto-optical disk, etc.
Abstract
Description
Claims (29)
- 웹 사이트로 접속하는 통신 장치의 안전 로그인을 진행하는 방법으로서,인증 데이터 제공 장치가, 상기 웹 사이트의 로그인에 필요한 인증 관련 데이터를 상기 통신 장치로부터 요청받는 단계;상기 인증 데이터 제공 장치가, 상기 웹 사이트의 로그인에 필요한 인증 관련 데이터를 추출하는 단계;상기 인증 데이터 제공 장치가, 상기 추출한 인증 관련 데이터를 상기 통신 장치로 전송하는 단계; 및상기 통신 장치가, 상기 인증 관련 데이터를 이용하여 상기 웹 사이트로 로그인 인증을 시도하는 단계;를 포함하는 안전 로그인 방법.
- 제 1 항에 있어서,상기 인증 관련 데이터를 추출하는 단계는, 상기 인증 관련 데이터로서 암호화된 로그인 인증정보를 추출하고,상기 인증 관련 데이터를 전송하는 단계는, 상기 추출한 암호화된 로그인 인증정보를 상기 통신 장치로 전송하고,상기 로그인 인증을 시도하는 단계는,상기 통신 장치가, 상기 인증 데이터 제공 장치로부터 수신한 암호화된 로그인 인증정보를 보관중인 복호키를 이용하여 복호화하고, 이렇게 복호화된 로그인 인증정보를 이용하여 상기 웹 사이트로 로그인 인증을 시도하는 것을 특징으로 하는 안전 로그인 방법.
- 제 1 항에 있어서,상기 인증 관련 데이터를 추출하는 단계는, 상기 인증 관련 데이터로서 복호키를 추출하고,상기 인증 관련 데이터를 전송하는 단계는, 상기 추출한 복호키를 상기 통신 장치로 전송하고,상기 로그인 인증을 시도하는 단계는,상기 통신 장치가, 상기 인증 데이터 제공 장치로부터 수신한 복호키를 이용하여 저장중인 암호화된 로그인 인증정보를 복호화하고, 이렇게 복호화된 로그인 인증정보를 이용하여 상기 웹 사이트로 로그인 인증을 시도하는 것을 특징으로 하는 안전 로그인 방법.
- 제 1 항에 있어서,상기 인증 관련 데이터를 추출하는 단계는, 상기 인증 관련 데이터로서 인증정보 보관주소를 추출하고,상기 인증 관련 데이터를 전송하는 단계는, 상기 추출한 인증정보 보관주소를 상기 통신 장치로 전송하고,상기 로그인 인증을 시도하는 단계는,상기 통신 장치가, 상기 인증정보 보관주소에 보관된 인증정보를 인증정보 보관 서버로부터 수신하고, 이 수신한 인증정보를 이용하여 상기 웹 사이트로 로그인 인증을 시도하는 것을 특징으로 하는 안전 로그인 방법.
- 제 4 항에 있어서,상기 통신 장치가, 상기 인증 데이터 제공 장치로부터 수신한 상기 인증정보 보관주소를 보관중인 복호키를 이용하여 복호화하는 단계;를 더 포함하는 것을 특징으로 하는 안전 로그인 방법.
- 제 1 항에 있어서,상기 인증 데이터 제공 장치가, 사용자로부터 본인인증 정보를 입력받아 사용자의 본인인증을 수행하는 단계;를 더 포함하고,상기 인증 관련 데이터를 전송하는 단계는,상기 사용자의 본인인증에 성공한 경우에 상기 인증 관련 데이터를 상기 통신 장치로 전송하는 것을 특징으로 하는 안전 로그인 방법.
- 제 6 항에 있어서,상기 사용자의 본인인증을 수행하는 단계는,상기 사용자의 생체정보를 입력받고, 이 입력받은 생체정보와 자체 저장중인 생채정보가 임계값 이상으로 일치하는 여부를 확인하는 것을 특징으로 하는 안전 로그인 방법.
- 인증 데이터 제공 장치에서 웹 사이트로 접속하는 통신 장치의 안전 로그인을 진행하는 방법으로서,상기 웹 사이트의 로그인에 필요한 인증 관련 데이터를 상기 통신 장치로부터 요청받는 단계;상기 웹 사이트의 로그인에 필요한 상기 통신 장치의 로그인 인증정보를 추출하는 단계; 및상기 웹 사이트에서 상기 통신 장치의 로그인 인증이 수행되도록 상기 추출한 로그인 인증정보를 상기 웹 사이트로 전송하는 단계;를 포함하는 안전 로그인 방법.
- 제 8 항에 있어서,상기 웹 사이트를 통해 부여받은 상기 통신 장치의 액세스 토큰을 확인하는 단계;를 더 포함하고,상기 웹 사이트로 전송하는 단계는,상기 확인한 액세스 토큰을 상기 로그인 인증정보와 함께 상기 웹 사이트로 전송하는 것을 특징으로 하는 안전 로그인 방법.
- 제 8 항에 있어서,상기 로그인 인증정보를 추출하는 단계는,상기 통신 장치로 복호키를 요청하여 수신하는 단계; 및암호화된 로그인 인증정보를 추출하고, 상기 복호키를 이용하여 상기 추출한 로그인 인증정보를 복호화하는 단계;를 포함하고,상기 웹 사이트로 전송하는 단계는,상기 복호화한 로그인 인증정보를 상기 웹 사이트로 전송하는 것을 특징으로 하는 안전 로그인 방법.
- 제 8 항에 있어서,사용자로부터 본인인증 정보를 입력받아 사용자의 본인인증을 수행하는 단계;를 더 포함하고,상기 웹 사이트로 전송하는 단계는,상기 사용자의 본인인증에 성공한 경우에 상기 로그인 인증정보를 상기 웹 사이트로 전송하는 것을 특징으로 하는 안전 로그인 방법.
- 웹 사이트의 로그인에 필요한 인증 관련 데이터를 상기 제2통신 장치로부터 요청받으면, 상기 제2통신 장치의 인증 관련 데이터를 추출하여 상기 제2통신 장치로 전송하는 제1통신 장치;상기 제1통신 통신 장치로부터 수신한 인증 관련 데이터를 토대로, 상기 웹 사이트의 로그인 인증정보를 획득하는 제2통신 장치; 및상기 제2통신 장치에서 획득한 로그인 인증정보를 수신하고, 상기 수신한 로그인 정보에 근거하여 상기 제2통신 장치의 로그인 인증을 수행하는 웹 서버;를 포함하는 안전 로그인 시스템.
- 제 12 항에 있어서,상기 제1통신 장치는, 상기 인증 관련 데이터로서 암호화된 로그인 인증정보를 추출하여 상기 제2통신 장치로 제공하고,상기 제2통신 장치는, 상기 제1통신 장치로부터 수신한 암호화된 로그인 인증정보를 보관중인 복호키로 복호화하여 상기 로그인 인증정보를 획득하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 12 항에 있어서,제1통신 장치는, 상기 인증 관련 데이터로서 복호키를 추출하고 상기 추출한 복호키를 상기 제2통신 장치로 제공하고,상기 제2통신 장치는, 제1통신 장치로부터 수신한 복호키를 이용하여 자체 저장중인 암호화된 로그인 인증정보를 복호화하여 상기 로그인 인증정보를 획득하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 12 항에 있어서,상기 제1통신 장치는, 상기 인증 관련 데이터로서 인증정보가 보관된 인증정보 보관주소를 추출하여 상기 제2통신 장치로 전송하고,상기 제2통신 장치는, 상기 인증정보 보관주소에 보관된 로그인 인증정보를 인증정보 보관 서버로부터 수신하여 상기 로그인 인증정보를 획득하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 15 항에 있어서,상기 제2통신 장치는,상기 제1통신 장치로부터 수신한 상기 인증정보 보관주소를 보관중인 복호키를 이용하여 복호화한 후에, 이 복호화한 인증정보 보관주소에 보관된 인증정보를 상기 인증정보 보관 서버로부터 수신하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 12 항에 있어서,제1통신 장치는,사용자로부터 본인인증 정보를 입력받아 사용자의 본인인증을 수행한 후, 상기 사용자의 본인인증에 성공한 경우에 상기 인증 관련 데이터를 상기 제2통신 장치로 전송하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 17 항에 있어서,상기 제1통신 장치는,상기 사용자의 생체정보를 입력받고, 이 입력받은 생체정보와 자체 저장중인 생채정보가 임계값 이상으로 일치하는 여부를 확인하여 상기 사용자의 본인인증을 수행하는 것을 특징으로 하는 안전 로그인 시스템.
- 웹 사이트로 접속하는 제2통신 장치;상기 웹 사이트의 로그인에 필요한 인증 관련 데이터를 상기 제2통신 장치로부터 요청받아, 상기 웹 사이트에 대한 상기 제2통신 장치의 로그인 인증정보를 추출하는 제1통신 장치; 및상기 제1통신 장치로부터 상기 제2통신 장치의 로그인 인증정보를 수신하여, 이 로그인 인증정보를 토대로 상기 제2통신 장치의 로그인 인증을 수행하는 웹 서버;를 포함하는 안전 로그인 시스템.
- 제 19 항에 있어서,상기 제1통신 장치는,상기 통신 장치의 액세스 토큰을 확인하고, 상기 액세스 토큰을 상기 로그인 인증정보와 함께 상기 웹 서버로 제공하고,상기 웹 서버는,상기 액세스 토큰을 토대로 상기 제2통신 장치를 식별하여 로그인 인증을 수행하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 19 항에 있어서,제1통신 장치는,상기 제2통신 장치로 복호키를 요청하여 수신한 후, 암호화된 로그인 인증정보를 추출하고, 상기 복호키를 이용하여 상기 추출한 로그인 인증정보를 복호화하여 상기 웹 서버로 전송하는 것을 특징으로 하는 안전 로그인 시스템.
- 제 19 항에 있어서,사용자로부터 본인인증 정보를 입력받아 사용자의 본인인증을 수행하여, 상기 사용자의 본인인증에 성공한 경우에 상기 로그인 인증정보를 상기 웹 서버로 전송하는 것을 특징으로 하는 안전 로그인 시스템.
- 하나 이상의 프로세서;메모리; 및상기 메모리에 저장되어 있으며 상기 하나 이상의 프로세서에 의하여 실행되도록 구성되는 하나 이상의 프로그램을 포함하는 인증 데이터 제공 장치에 있어서,상기 프로그램은,인증 관련 데이터를 저장하는 데이터 저장 모듈;상기 인증 데이터 제공 장치와 연동하며 웹 사이트로 접속하는 통신 장치로부터 상기 웹 사이트의 로그인에 필요한 인증 관련 데이터를 요청받으면, 상기 데이터 저장 모듈에서 상기 통신 장치의 인증 관련 데이터를 추출하는 데이터 추출 모듈; 및상기 데이터 추출 모듈에서 추출한 인증 관련 데이터를 상기 웹 사이트 또는 상기 통신 장치로 전송하는 인증 데이터 제공 모듈;을 포함하는 인증 데이터 제공 장치.
- 제 23 항에 있어서,상기 데이터 저장 모듈은, 암호화된 로그인 인증정보를 저장하고,상기 인증 데이터 추출 모듈은, 상기 통신 장치로 복호키를 요청하고 수신한 후, 상기 데이터 저장 모듈에 저장된 암호화된 로그인 인증정보를 추출하고, 상기 복호키를 이용하여 상기 추출한 암호화된 로그인 인증정보를 복호화하고,상기 인증 데이터 제공 모듈은, 상기 복호화한 로그인 인증정보를 상기 웹 사이트 또는 상기 통신 장치로 전송하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 24 항에 있어서,상기 인증 데이터 제공 모듈은,상기 통신 장치의 액세스 토큰을 확인하고, 이 액세스 토큰을 상기 로그인 인증정보와 함께 상기 웹 사이트로 전송하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 23 항에 있어서,상기 데이터 저장 모듈은, 암호화된 로그인 인증정보를 저장하고,상기 인증 데이터 추출 모듈은, 상기 데이터 저장 모듈에 저장된 암호화된 로그인 인증정보를 추출하고,상기 인증 데이터 제공 모듈은, 상기 추출한 암호화된 로그인 인증정보를 상기 통신 장치로 전송하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 23 항에 있어서,상기 데이터 저장 모듈은, 상기 통신 장치에서 보관하는 암호화된 로그인 인증정보를 복호화할 수 있는 복호키를 저장하고,상기 인증 데이터 추출 모듈은, 상기 데이터 저장 모듈에서 복호키를 추출하고,상기 인증 데이터 제공 모듈은, 상기 추출한 복호키를 상기 통신 장치로 전송하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 23 항에 있어서,상기 데이터 저장 모듈은, 상기 웹 사이트의 로그인 인증정보가 보관되는 인증정보 보관주소를 저장하고,상기 인증 데이터 추출 모듈은, 상기 데이터 저장 모듈에서 상기 인증정보 보관주소를 추출하고,상기 인증 데이터 제공 모듈은, 상기 추출한 인증정보 보관주소를 상기 통신 장치로 전송하는 것을 특징으로 하는 인증 데이터 제공 장치.
- 제 23 항에 있어서,사용자로부터 본인인증 정보를 입력받아 사용자의 본인인증을 수행하는 본인 인증 모듈;을 더 포함하고,상기 인증 데이터 제공 모듈은, 상기 사용자의 본인인증에 성공한 경우에 상기 인증 관련 데이터를 상기 통신 장치 또는 상기 웹 사이트로 전송하는 것을 특징으로 하는 인증 데이터 제공 장치.
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
BR112015015549A BR112015015549A2 (pt) | 2012-12-27 | 2013-12-27 | sistema e método para logon seguro e aparelho para os mesmos |
JP2015550318A JP2016511855A (ja) | 2012-12-27 | 2013-12-27 | 安全ログインシステム及び方法、そのための装置 |
US14/655,840 US9876785B2 (en) | 2012-12-27 | 2013-12-27 | System and method for safe login, and apparatus therefor |
MX2015008417A MX2015008417A (es) | 2012-12-27 | 2013-12-27 | Sistema y metodo para inicio de sesion seguro y aparato para el mismo. |
EP13866750.6A EP2940616A4 (en) | 2012-12-27 | 2013-12-27 | SECURE SESSION OPENING SYSTEM AND METHOD, AND CORRESPONDING APPARATUS |
CN201380073882.8A CN105229655B (zh) | 2012-12-27 | 2013-12-27 | 用于安全登录的系统、方法及其设备 |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2012-0155630 | 2012-12-27 | ||
KR20120155630 | 2012-12-27 | ||
KR1020130137982A KR20140085295A (ko) | 2012-12-27 | 2013-11-14 | 안전 로그인 시스템과 방법 및 이를 위한 장치 |
KR10-2013-0137982 | 2013-11-14 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2014104777A2 true WO2014104777A2 (ko) | 2014-07-03 |
WO2014104777A3 WO2014104777A3 (ko) | 2014-07-31 |
Family
ID=51734992
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2013/005764 WO2014104507A1 (ko) | 2012-12-27 | 2013-06-28 | 안전 로그인 시스템과 방법 및 이를 위한 장치 |
PCT/KR2013/012249 WO2014104777A2 (ko) | 2012-12-27 | 2013-12-27 | 안전 로그인 시스템과 방법 및 이를 위한 장치 |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2013/005764 WO2014104507A1 (ko) | 2012-12-27 | 2013-06-28 | 안전 로그인 시스템과 방법 및 이를 위한 장치 |
Country Status (8)
Country | Link |
---|---|
US (2) | US9882896B2 (ko) |
EP (2) | EP2940617A4 (ko) |
JP (2) | JP6055932B2 (ko) |
KR (2) | KR101416541B1 (ko) |
CN (2) | CN105027131B (ko) |
BR (2) | BR112015015514A2 (ko) |
MX (2) | MX2015008418A (ko) |
WO (2) | WO2014104507A1 (ko) |
Families Citing this family (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10148726B1 (en) * | 2014-01-24 | 2018-12-04 | Jpmorgan Chase Bank, N.A. | Initiating operating system commands based on browser cookies |
CN105490987A (zh) * | 2014-09-18 | 2016-04-13 | 江苏威盾网络科技有限公司 | 一种网络综合身份认证方法 |
CN105516054B (zh) * | 2014-09-22 | 2019-01-18 | 阿里巴巴集团控股有限公司 | 一种用户身份验证的方法及装置 |
JP2016178354A (ja) * | 2015-03-18 | 2016-10-06 | 株式会社リコー | 画像処理システム、画像処理装置、認証方法及びプログラム |
JP6655921B2 (ja) * | 2015-09-11 | 2020-03-04 | キヤノン株式会社 | 通信システムとその制御方法、画像形成装置とその制御方法、及びプログラム |
WO2017111483A1 (ko) * | 2015-12-23 | 2017-06-29 | 주식회사 케이티 | 생체 정보 기반 인증 장치, 이와 연동하는 제어 서버 및 어플리케이션 서버, 그리고 이들의 동작 방법 |
KR101792862B1 (ko) * | 2015-12-23 | 2017-11-20 | 주식회사 케이티 | 생체 정보 기반 인증 장치, 이와 연동하는 제어 서버, 그리고 이들의 생체 정보 기반 로그인 방법 |
KR101966379B1 (ko) * | 2015-12-23 | 2019-08-13 | 주식회사 케이티 | 생체 정보 기반 인증 장치, 이와 연동하는 제어 서버 및 어플리케이션 서버, 그리고 이들의 동작 방법 |
KR102351491B1 (ko) * | 2015-12-29 | 2022-01-17 | 주식회사 마크애니 | 사용자 모바일 단말을 이용한 보안 관리 시스템 및 그 방법 |
CN105471913B (zh) * | 2015-12-31 | 2018-07-13 | 广州多益网络股份有限公司 | 一种通过共享区域信息的客户端登录方法及系统 |
CN108885654B (zh) * | 2016-04-05 | 2020-10-23 | 华为技术有限公司 | 一种进入目标应用的方法和终端 |
KR102580301B1 (ko) * | 2016-04-21 | 2023-09-20 | 삼성전자주식회사 | 보안 로그인 서비스를 수행하는 전자 장치 및 방법 |
CN107358129A (zh) * | 2016-05-09 | 2017-11-17 | 恩智浦美国有限公司 | 安全的数据存储设备和方法 |
KR102544488B1 (ko) * | 2016-10-27 | 2023-06-19 | 삼성전자주식회사 | 인증을 수행하기 위한 전자 장치 및 방법 |
CN107248984B (zh) * | 2017-06-06 | 2020-06-05 | 北京京东尚科信息技术有限公司 | 数据交换系统、方法和装置 |
JP2019040359A (ja) * | 2017-08-24 | 2019-03-14 | キヤノン株式会社 | 通信システム、中継サーバ、情報処理装置と画像形成装置、及びそれらを制御する制御方法と、プログラム |
CN107580001B (zh) * | 2017-10-20 | 2021-04-13 | 珠海市魅族科技有限公司 | 应用登录及鉴权信息设置方法、装置、计算机装置及存储介质 |
SE1751451A1 (en) | 2017-11-24 | 2019-05-25 | Fingerprint Cards Ab | Biometric template handling |
CN108256309B (zh) * | 2018-01-10 | 2020-01-03 | 飞天诚信科技股份有限公司 | 硬件登录windows10以上系统的实现方法及装置 |
KR102111160B1 (ko) * | 2018-02-23 | 2020-05-14 | 로움아이티 주식회사 | 로그인 서비스 시스템 및 이를 이용한 로그인 서비스 제공 방법 |
US11076018B1 (en) * | 2018-09-04 | 2021-07-27 | Amazon Technologies, Inc. | Account association for voice-enabled devices |
JP2022059099A (ja) * | 2019-02-25 | 2022-04-13 | ソニーグループ株式会社 | 情報処理装置、情報処理方法、及び、プログラム |
CN110012466A (zh) * | 2019-04-12 | 2019-07-12 | 国网河北省电力有限公司邢台供电分公司 | 锁定本地基站的方法、装置及终端设备 |
CN112187561B (zh) * | 2020-08-19 | 2022-05-27 | 深圳市广和通无线股份有限公司 | 通信模块测试方法、装置、计算机设备和存储介质 |
US11689537B2 (en) | 2020-10-21 | 2023-06-27 | Okta, Inc. | Providing flexible service access using identity provider |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20090013432A (ko) | 2007-08-01 | 2009-02-05 | 삼성전자주식회사 | 터치 스크린을 갖는 휴대 단말기 및 그의 잠금 및 해제방법 |
Family Cites Families (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3627384B2 (ja) * | 1996-01-17 | 2005-03-09 | 富士ゼロックス株式会社 | ソフトウェアの保護機能付き情報処理装置及びソフトウェアの保護機能付き情報処理方法 |
US6092192A (en) * | 1998-01-16 | 2000-07-18 | International Business Machines Corporation | Apparatus and methods for providing repetitive enrollment in a plurality of biometric recognition systems based on an initial enrollment |
FI980427A (fi) | 1998-02-25 | 1999-08-26 | Ericsson Telefon Ab L M | Menetelmä, järjestely ja laite todentamiseen |
US6219639B1 (en) * | 1998-04-28 | 2001-04-17 | International Business Machines Corporation | Method and apparatus for recognizing identity of individuals employing synchronized biometrics |
AU4831500A (en) * | 1999-05-10 | 2000-11-21 | Andrew L. Di Rienzo | Authentication |
KR20010000232A (ko) | 2000-08-28 | 2001-01-05 | 김종철 | 아이디 통합관리 시스템 및 그 시스템을 이용한 원클릭접속방법 |
KR100353731B1 (ko) | 2000-11-01 | 2002-09-28 | (주)니트 젠 | 일회성 지문템플릿을 이용한 사용자 인증시스템 및 방법 |
JP2002157226A (ja) | 2000-11-16 | 2002-05-31 | Nec Corp | パスワード集中管理システム |
JP2002318788A (ja) | 2001-04-20 | 2002-10-31 | Matsushita Electric Works Ltd | ネットワーク端末 |
JP2003108525A (ja) | 2001-09-28 | 2003-04-11 | K Frontier Inc | 通信端末、ダイアルアップ認証方法およびプログラム |
KR20030042789A (ko) | 2001-11-24 | 2003-06-02 | 박세현 | 로밍 사용자 인증을 위한 트러스트 모델 |
JP2003345988A (ja) * | 2002-05-24 | 2003-12-05 | Aioi Insurance Co Ltd | 保険契約支援システム |
JP2004151863A (ja) | 2002-10-29 | 2004-05-27 | Sony Corp | 自動ログインシステム、自動ログイン方法、自動ログインプログラム、及び記憶媒体 |
MXPA06003297A (es) | 2003-09-25 | 2006-06-08 | Solmaze Co Ltd | Metodo de servicio de certificacion segura. |
KR20050030541A (ko) | 2003-09-25 | 2005-03-30 | 황재엽 | 안전인증 방법 |
US8333317B2 (en) | 2003-09-30 | 2012-12-18 | Broadcom Corporation | System and method for authenticating the proximity of a wireless token to a computing device |
CN1558580B (zh) * | 2004-02-03 | 2010-04-28 | 胡祥义 | 一种基于密码技术的网络数据安全防护方法 |
KR20050112146A (ko) | 2004-05-24 | 2005-11-29 | 정민규 | 웹서비스를 이용하여 인증서 및 개인비밀정보를 안전하게보관하고 전달하는 방법 |
KR100625081B1 (ko) * | 2004-07-08 | 2006-10-20 | (주)솔메이즈 | 안전인증 방법 |
KR100710586B1 (ko) | 2004-11-16 | 2007-04-24 | 주식회사 이루온 | 웹 하드를 이용한 공인 인증서 서비스 제공 방법 및 시스템 |
JP2006165741A (ja) | 2004-12-03 | 2006-06-22 | Matsushita Electric Ind Co Ltd | 車載情報端末装置、情報サーバ装置および車載情報端末装置の認証システム |
WO2006136752A2 (fr) | 2005-06-23 | 2006-12-28 | France Telecom | Systeme de gestion de donnees d ' authentification reçues par sms pour un acces a un service |
US20070043950A1 (en) | 2005-08-16 | 2007-02-22 | Sony Corporation | Target apparatus, certification device, and certification method |
JP2007052513A (ja) | 2005-08-16 | 2007-03-01 | Sony Corp | 対象装置、認証デバイスおよび認証方法 |
JP2007094548A (ja) * | 2005-09-27 | 2007-04-12 | Softbank Telecom Corp | アクセス制御システム |
US8171531B2 (en) | 2005-11-16 | 2012-05-01 | Broadcom Corporation | Universal authentication token |
JP2007148471A (ja) | 2005-11-24 | 2007-06-14 | Hitachi Ltd | サービス通知システム |
KR100670832B1 (ko) * | 2005-12-12 | 2007-01-19 | 한국전자통신연구원 | 에이전트를 이용한 사용자 개인정보 송수신 방법 및 장치 |
JP4791929B2 (ja) | 2006-09-29 | 2011-10-12 | 株式会社日立製作所 | 情報配信システム、情報配信方法、コンテンツ配信管理装置、コンテンツ配信管理方法およびプログラム |
JP2008146551A (ja) | 2006-12-13 | 2008-06-26 | Dainippon Printing Co Ltd | パスワード情報管理システム、端末、プログラム |
US8527757B2 (en) | 2007-06-22 | 2013-09-03 | Gemalto Sa | Method of preventing web browser extensions from hijacking user information |
EP2281386A4 (en) * | 2008-05-14 | 2013-05-08 | Finsphere Corp | SYSTEMS AND METHOD FOR AUTHENTICATING A USER OF A COMPUTER APPLICATION, NETWORK OR DEVICE WITH A WIRELESS DEVICE |
KR100996910B1 (ko) * | 2008-07-09 | 2010-11-29 | 고려대학교 산학협력단 | 위치 기반 정보 보호 시스템 및 그 방법 |
US20100024017A1 (en) * | 2008-07-22 | 2010-01-28 | Bank Of America Corporation | Location-Based Authentication of Online Transactions Using Mobile Device |
JP5531485B2 (ja) | 2009-07-29 | 2014-06-25 | ソニー株式会社 | 情報処理装置、情報提供サーバ、プログラム、通信システム及びログイン情報提供サーバ |
US8744486B2 (en) * | 2009-09-25 | 2014-06-03 | International Business Machines Corporation | Location restricted content delivery over a network |
JP2011175394A (ja) * | 2010-02-24 | 2011-09-08 | Fujifilm Corp | シングル・サインオン・システムを構成するウェブ・サーバならびにその動作制御方法およびその動作制御プログラム |
JP5521764B2 (ja) | 2010-05-19 | 2014-06-18 | 株式会社リコー | 情報処理装置、認証システム、認証方法、認証プログラム及び記録媒体 |
KR101169659B1 (ko) | 2010-07-27 | 2012-08-09 | 주식회사 안랩 | 휴대 단말을 이용한 인증 서비스 장치 및 방법, 그 시스템과 인증 서비스 방법을 실행하기 위한 프로그램이 기록된 기록매체 |
KR20120049466A (ko) | 2010-11-09 | 2012-05-17 | 김정언 | 쿠키정보를 이용한 c/s 프로그램의 pki 로그인 서비스 시스템 및 그 방법 |
KR101136145B1 (ko) * | 2010-11-24 | 2012-04-17 | 와플스토어 주식회사 | 위치 기반 서비스를 이용한 휴대용 단말기의 체크인 시스템 및 이를 이용한 체크인 방법 |
JP5602058B2 (ja) | 2011-02-28 | 2014-10-08 | 京セラドキュメントソリューションズ株式会社 | モバイルプリンティングシステム |
CN102664876A (zh) * | 2012-04-10 | 2012-09-12 | 星云融创(北京)科技有限公司 | 网络安全检测方法及系统 |
-
2013
- 2013-06-27 KR KR1020130074461A patent/KR101416541B1/ko active IP Right Grant
- 2013-06-28 MX MX2015008418A patent/MX2015008418A/es unknown
- 2013-06-28 EP EP13868348.7A patent/EP2940617A4/en not_active Withdrawn
- 2013-06-28 CN CN201380073968.0A patent/CN105027131B/zh active Active
- 2013-06-28 BR BR112015015514A patent/BR112015015514A2/pt not_active IP Right Cessation
- 2013-06-28 JP JP2015551051A patent/JP6055932B2/ja active Active
- 2013-06-28 WO PCT/KR2013/005764 patent/WO2014104507A1/ko active Application Filing
- 2013-06-28 US US14/655,868 patent/US9882896B2/en active Active
- 2013-11-14 KR KR1020130137982A patent/KR20140085295A/ko not_active Application Discontinuation
- 2013-12-27 US US14/655,840 patent/US9876785B2/en active Active
- 2013-12-27 WO PCT/KR2013/012249 patent/WO2014104777A2/ko active Application Filing
- 2013-12-27 JP JP2015550318A patent/JP2016511855A/ja active Pending
- 2013-12-27 MX MX2015008417A patent/MX2015008417A/es unknown
- 2013-12-27 BR BR112015015549A patent/BR112015015549A2/pt not_active IP Right Cessation
- 2013-12-27 EP EP13866750.6A patent/EP2940616A4/en not_active Withdrawn
- 2013-12-27 CN CN201380073882.8A patent/CN105229655B/zh active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20090013432A (ko) | 2007-08-01 | 2009-02-05 | 삼성전자주식회사 | 터치 스크린을 갖는 휴대 단말기 및 그의 잠금 및 해제방법 |
Non-Patent Citations (1)
Title |
---|
See also references of EP2940616A4 |
Also Published As
Publication number | Publication date |
---|---|
JP2016508270A (ja) | 2016-03-17 |
MX2015008417A (es) | 2015-12-15 |
JP2016511855A (ja) | 2016-04-21 |
JP6055932B2 (ja) | 2016-12-27 |
US20150350178A1 (en) | 2015-12-03 |
BR112015015549A2 (pt) | 2017-07-11 |
EP2940616A2 (en) | 2015-11-04 |
CN105229655B (zh) | 2018-05-08 |
MX2015008418A (es) | 2015-12-15 |
US9876785B2 (en) | 2018-01-23 |
WO2014104507A1 (ko) | 2014-07-03 |
US9882896B2 (en) | 2018-01-30 |
KR20140085295A (ko) | 2014-07-07 |
US20150341348A1 (en) | 2015-11-26 |
CN105027131B (zh) | 2018-07-17 |
EP2940617A1 (en) | 2015-11-04 |
CN105229655A (zh) | 2016-01-06 |
KR20140085280A (ko) | 2014-07-07 |
KR101416541B1 (ko) | 2014-07-09 |
WO2014104777A3 (ko) | 2014-07-31 |
CN105027131A (zh) | 2015-11-04 |
EP2940617A4 (en) | 2016-08-24 |
EP2940616A4 (en) | 2016-11-16 |
BR112015015514A2 (pt) | 2017-07-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2014104777A2 (ko) | 안전 로그인 시스템과 방법 및 이를 위한 장치 | |
WO2018101727A1 (ko) | 인증프로세스의 단계분할과 생체인증을 접목한 개인정보침해 방어 방법 및 시스템 | |
WO2018012747A1 (ko) | 앱 위변조 탐지 가능한 2채널 인증 대행 시스템 및 그 방법 | |
WO2015093734A1 (ko) | 빠른 응답 코드를 이용한 인증 시스템 및 방법 | |
WO2016129929A1 (ko) | 온라인 웹사이트의 회원 로그인을 위한 보안인증 시스템 및 그 방법 | |
WO2013141632A1 (ko) | 인증 방법 및 그 시스템 | |
WO2017111383A1 (ko) | 생체 정보 기반 인증 장치, 이와 연동하는 제어 서버, 그리고 이들의 생체 정보 기반 로그인 방법 | |
WO2017057899A1 (ko) | 일회용 난수를 이용하여 인증하는 통합 인증 시스템 | |
WO2015147547A1 (en) | Method and apparatus for supporting login through user terminal | |
WO2014104539A1 (ko) | 패스코드 관리 방법 및 장치 | |
WO2016064041A1 (ko) | 해쉬값을 이용하여 응용 프로그램의 위변조 여부를 탐지하는 사용자 단말기 및 그것을 이용한 위변조 탐지 방법 | |
WO2018169150A1 (ko) | 잠금화면 기반의 사용자 인증 시스템 및 방법 | |
WO2016085062A1 (ko) | 엔에프씨 인증카드를 이용한 인증방법 | |
WO2018139858A1 (en) | Apparatus and method for secure personal information retrieval | |
WO2015105289A1 (ko) | 인터넷 환경에서의 사용자 보안 인증 시스템 및 그 방법 | |
WO2016064127A1 (ko) | 모바일 교차 인증 시스템 및 방법 | |
WO2012074275A2 (ko) | 인터넷 보안을 위한 본인인증 장치, 그 방법 및 이를 기록한 기록매체 | |
WO2018151392A1 (ko) | 메신저서비스를 이용한 스마트 로그인 방법 및 그 장치 | |
WO2016064040A1 (ko) | 서명정보를 이용하여 응용 프로그램의 위변조 여부를 탐지하는 사용자 단말기 및 그것을 이용한 위변조 탐지 방법 | |
WO2016200107A1 (ko) | 사용자 단말을 이용한 사용자 부인방지 대금결제 시스템 및 그 방법 | |
US20170366536A1 (en) | Credential Translation | |
WO2018186606A1 (ko) | 생체 인증을 위한 로컬 웹 서버 기능을 구비하는 단말기 및 이를 이용한 사용자 인증 시스템 및 방법 | |
WO2014014295A1 (ko) | 태깅을 통한 카드결제용 디지털 시스템, 결제측 시스템 및 그 제공방법 | |
WO2015026183A1 (ko) | Sw 토큰을 이용한 오프라인 로그인 방법 및 이를 적용한 모바일 기기 | |
WO2014010875A1 (ko) | 페어장치와 연동되는 애플리케이션 실행 및 결제방법, 이를 위한 디지털 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201380073882.8 Country of ref document: CN |
|
ENP | Entry into the national phase |
Ref document number: 2015550318 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14655840 Country of ref document: US Ref document number: MX/A/2015/008417 Country of ref document: MX |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112015015549 Country of ref document: BR |
|
WWE | Wipo information: entry into national phase |
Ref document number: IDP00201504516 Country of ref document: ID |
|
REEP | Request for entry into the european phase |
Ref document number: 2013866750 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2013866750 Country of ref document: EP |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13866750 Country of ref document: EP Kind code of ref document: A2 |
|
ENP | Entry into the national phase |
Ref document number: 112015015549 Country of ref document: BR Kind code of ref document: A2 Effective date: 20150626 |