KR101632582B1 - Method and system for user authentication using password included random key - Google Patents

Method and system for user authentication using password included random key Download PDF

Info

Publication number
KR101632582B1
KR101632582B1 KR1020160014649A KR20160014649A KR101632582B1 KR 101632582 B1 KR101632582 B1 KR 101632582B1 KR 1020160014649 A KR1020160014649 A KR 1020160014649A KR 20160014649 A KR20160014649 A KR 20160014649A KR 101632582 B1 KR101632582 B1 KR 101632582B1
Authority
KR
South Korea
Prior art keywords
password
random key
user
memory
input
Prior art date
Application number
KR1020160014649A
Other languages
Korean (ko)
Inventor
이명호
Original Assignee
주식회사 프로젝트사공구
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 프로젝트사공구 filed Critical 주식회사 프로젝트사공구
Priority to KR1020160014649A priority Critical patent/KR101632582B1/en
Application granted granted Critical
Publication of KR101632582B1 publication Critical patent/KR101632582B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The present invention relates to a technique for authenticating a user using a password including a random key.
In the present invention, a password is received from a user and stored, and it is determined that a password matching the original password stored in the memory exists among the random key and the password input in the user authentication step, If it is determined that the random key does not coincide with the random key stored in the memory, the user authentication is successfully performed.

Description

Technical Field [0001] The present invention relates to a method and system for authenticating a user using a password including a random key,

The present invention relates to a technique for authenticating a user using a password including a random key, and more particularly, to a technique for authenticating a user using a random key, such as before, after, A random key for authenticating the user by confirming whether or not there is a password matching the actual password among the passwords including the input random key and whether there is a random key having the same random key value, And a user authentication method and system using a password including a key.

Passwords are the most widely used for user authentication in both offline and online security. A password is a set of characters known only to a user, and a system that authenticates using this is a password system.

Generally, a user authentication technique refers to a technique used to determine whether an access is authorized and legitimate.

The password system to which the user authentication technology is applied is a system in which a variety of user terminals including a notebook computer, a personal computer (PC), a tablet PC, and a smart phone operate from hardware products such as door locks and door locks, It is frequently used for unlocking at the start, and is often used for personal authentication through a user authentication system established at each site on the network. As such, password systems are widely used for authentication on various websites and personal authentication in electronic commerce, various financial settlement on the Internet, automated teller machines (ATMs), financial institutions and public institutions as well as financial services.

Especially, as the development of information communication and the rapid spread of smart phones, the importance of the information stored in the personal terminal has increased as the e-commerce and financial transaction through the smart phone become more common and realized. As a result, user authentication using a password, ensuring safety and security enhancement have become more important.

Among the user authentication techniques of the related art, there is a user authentication technique of a password (password number key) input method, which is the most widely used. The user authentication technology of password input method has the simplicity that the password has to have and the security of the certain level. The result is that the security is weak due to the emphasis on simplicity (eg 4 digits). For this reason, users have been requested to use more digits of password (eg, more than 8 digits), capital letters, special characters, and periodic password replacement. As a result, although the security is enhanced, it causes inconvenience of use, and it has adverse effects such as loss of password and oblivion, input error, input time delay, and the like. As can be seen from this example, passwords have an inseparable relationship between simplicity (originality) and security, and security technologies and new technologies have been developed and presented to overcome them.

In addition, in the case of the authentication technique using the password, there is a problem that the password is exposed by the shoulder surfing which is peeping over the shoulder as well as the surrounding exposure, and there is a trace left on the keypad or the touch screen, (Hereinafter, referred to as a secret camera), and the like.

As a user authentication technique for overcoming this problem, a user authentication technique for drawing a password pattern on a touch screen of a terminal such as a smart phone is used. However, even with this authentication technique, it is not safe from exposure to the surroundings and shoulder surfing, and in particular, a password pattern is left intact on the screen, thereby unintentionally exposing the password to the outside.

As another user authentication technique according to the related art, a biometric authentication technique using biometric information (fingerprint, face, iris, cornea, vein, voice, etc.) has been proposed. However, Careful attention is required in user registration and authentication, and it is troublesome to request a password again as an alternative when an input and authentication error occurs. In addition, it is necessary to verify this because it is difficult to popularize and mass-disseminate within a short period of time due to a long period of user's rejection and adaptation due to the application of unfamiliar technology, and it poses another problem in security and safety.

For example, in the case of fingerprint authentication, it is possible to easily steal fingerprints by others when the user is tense or sleeping, authentication errors in the case where foreign substances such as water or paint are present on the user's hand, There is still a need for a number of verification procedures. Particularly, when a large amount of fingerprint collection information is acquired and registered, it is possible that authentication can be performed by another person because the difference from the fingerprint of the other person is small. On the other hand, if the amount of fingerprint information is small, recognition may be difficult.

As a recent user authentication technology according to the prior art, there is a one-time password generator (OTP) applied to Fin-Tech and an authentication method in which numbers are randomly and randomly arranged and input using a virtual keyboard as a password Has been used. This technology is classified as a higher security class than other user authentication technologies because it can prevent keyloggers and is widely used for financial related authentication on Internet and smart phone. However, an arbitrary array of characters has a disadvantage that it is vulnerable to exposure due to input time delay because of deteriorating readability and intuition, and has a security limit that can not fundamentally prevent shoulder surfing. In addition to the surrounding observers and exposures, there is also a problem in that security can not be maintained by the camera.

A problem to be solved by the present invention is to provide a method and system for providing a random password by randomly inputting a random key randomly before, after, or after inputting a password registered in a user's original password in a user authentication step, Random keys, and determines whether or not the user is authenticated by checking whether there is a password among the random keys and the password inputted as described above.

Another problem to be solved by the present invention is to compare whether or not the currently input random key value matches a random key used in a past authentication process stored in the memory, and if the random key value matches, it is determined that the password is hacked, To prevent illegal use.

Another problem to be solved by the present invention is to provide a system and a method for authenticating a user by requesting a real password input other than a random key again when it is judged that a password has been hacked and then comparing the inputted password with an actual password, .

Another problem to be solved by the present invention is to maximize security with an easy and short password only and to provide various functions such as ambient exposure, shoulder surfing, secret camera exposure and key logger, which are inevitably generated at the time of password input, The present invention is to provide a user authentication system that is familiar to users while being safe from hacking and simultaneously satisfying convenience.

According to another aspect of the present invention, there is provided a method of authenticating a user using a password including a random key, the method comprising: receiving a key value to be set as a password from a user in a password setting mode, ; Inputting a random key before or after the password and the password from the user in the user authentication mode ; Separating and extracting the random key and the password from the password including the random key received from the user in the user authentication mode ; And if the password extracted and extracted matches the password stored in the memory and the extracted random key is input from the user in the previous authentication process and it is determined that the extracted random key does not match the random key stored in the memory, And processing the data.

According to another aspect of the present invention, there is provided a user authentication system using a password including a random key, the system comprising: a key input unit for receiving numbers, characters, and special characters related to a password from a user; A memory for storing a key value input from a user for setting a password in a password setting mode; A display unit for displaying information related to the password; When receiving the password from the user in the user authentication mode, receives the random key input before or after the password, or before and after the password, separates and extracts the random key and the password from the password, And a control unit for processing the user authentication successfully if it is found that the extracted random key matches the password stored in the memory and the random key received from the user in the previous authentication process does not match the random key stored in the memory .

The present invention separates one or more random keys made up of a random number and a random number from a password including a random key inputted from a user and a password made up of a predetermined number of digits, matches a password in which the separated password is stored in advance, When the random key is found to be incompatible with the random key stored in the memory by being input and used by the user in the past authentication process, the user authentication can be successfully performed and security and convenience can be improved at the same time . Increasing the password increases the security but reduces the simplicity. Therefore, it is impossible to increase the number of digits of the unlimited password in order to increase the security. However, according to the present invention, a user memorizes and uses only a short password. However, in inputting a password, a random key is input so that a password is not recognized before, after, or after a short password. The random key is a predetermined number of digits, Instead of deliberately remembering randomly random numbers created randomly, the number of improvised random numbers can be freely entered, which greatly improves simplicity and security.

In addition, it is possible to unlock door locks, door locks, personal computers such as notebook computers, tablet PCs and smart phones, or to authenticate Internet users such as computers, smart phones, tablet PCs and notebook computers connected to servers via wired / System can easily authenticate users or simply upgrade software without changing the existing structure or replacing the equipment in systems such as e-commerce, online authentication of financial institution, financial service, automatic teller machine (ATM) and certificate issuer There is an effect that can be done.

Also, users can freely use passwords without forgetting passwords and passwords because they can use the passwords that were used in the past without any difficulty, complexity and length. And the familiar familiar password input method is used. Therefore, it is possible to input the password quickly because it is familiar and familiar, and it is possible to secure the safety even in the case of exposure to the surroundings, shoulder surfing and secret camera exposure. have.

In particular, each time a password is input, a random random random key is entered into the password, so that the password is always hidden in a random combination of random numbers that are randomly generated. Even if the password input operation is exposed to people around, There is no way to know the actual password in the password that contains the random key, nor can it remember the long password that changes every time, which increases both security and convenience, as well as the awkward atmosphere when entering the password.

In addition, since the user authentication can be performed only by a password without inputting a random key, user authentication can be performed by inputting a short password as it is simply and quickly in a safe situation where special security is not required. There is convenience that can be used selectively, which can increase convenience and simplicity.

Also, unlike the authentication method using the OTP or the random virtual keyboard, even if the password is hacked by a hidden camera, shoulder surfing, exposure, or the like, the encrypted random key is compared with the previously input random key, In this case, since the user is authenticated again by requesting the actual password input with the second random key excluded, illegal user authentication by hacking can be prevented and prevented.

FIG. 1A is a block diagram of a user authentication system according to an embodiment of the present invention. FIG. 1A is a block diagram illustrating a user authentication system using a password including a random key according to an exemplary embodiment of the present invention.
FIG. 1B is a block diagram of a user authentication system according to another embodiment of the present invention, in which a user authentication system using a password including a random key according to the present invention is used.
2 is a flowchart illustrating a process of a user authentication method using a password including a random key according to the present invention.
3 shows an example of a pattern in which a random key is used in a password according to the present invention.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. FIG. 1A is an offline user authentication block diagram illustrating an embodiment of a user system using a password including a random key according to the present invention. As shown in FIG. 1A, the user authentication system 100 includes a key input unit 110, 120, a display unit 130, and a memory 140.

FIG. 1B is a block diagram of a user authentication system on-line that shows another embodiment of a user authentication system using a password including a random key according to the present invention. As shown in FIG. 1B, the user authentication system 200 includes a user terminal 210, (220), an authentication server (230), and a database (DB) (240).

1A and 1B, the key input unit 110 and the terminal 210, the control unit 130 and the authentication server 230, the memory 140, and the database 240 are different from each other only in the off- And the user authentication processing method in the control unit 130 and the authentication server 230 are the same. Therefore, the operation of the user authentication system according to the present invention will be described with reference to the block diagram of FIG. 1A.

The key input unit 110 is not particularly limited as a user interface for inputting a password input by the user. As an example of the key input unit 110, a keypad, a mouse, a touch screen capable of inputting a key of a user terminal such as a keypad, a smart phone, a tablet PC, a notebook computer and a computer installed in a safe, ) And a keypad of an automation device such as a civil certificate issuer and a touch screen.

The control unit 120 displays the password input through the key input unit 110 on the display unit 130 and compares the password and the random key stored in advance in the memory 140 with the user authentication method It carries out authentication.

The display unit 130 displays characters to be informed to the user under the control of the controller 120, and may include a liquid crystal display (LCD), a screen of the terminal, a monitor, and the like.

The memory 140 stores the password previously input by the user through the key input unit 110 and the previously used random key.

2 is a flowchart illustrating a process of a user authentication method using a password including a random key according to the present invention.

FIG. 3 shows an example of a pattern in which a random key is used in a password originally used by the present invention.

Hereinafter, a user authentication method using a password including a random key according to the present invention will be described with reference to FIGS. 1 to 3. FIG.

If the user does not perform the password setting mode previously and requests the password setting for the first time or requests the password change, the controller 120 executes the password setting mode (S1).

Next, the controller 120 receives the key value of the password set by the user and stores the key value in the memory 140 (S2).

The password used in the present invention is composed of a password PW having a predetermined number of digits to be set by the user and one or more random keys RK for concealing the password. The random key is randomly and randomly input by the user before, after, or after inputting the password registered as the original password by the user. The password and the random key may be numbers, letters, and special characters (symbols).

3 (a) to 3 (d) illustrate a pattern generated by a random key (RK) input by a user together with a password input by the user in the user authentication step. (A) shows an example of a pattern composed of a 4-digit random key (RK) and a 4-digit password located next to the random key (RK). (b) shows an example of a pattern composed of a 4-digit password and an 8-digit random key (RK) positioned next to the password. (c) includes a 3-digit first random key (RK1), a 4-digit password next to the first random key (RK1), and a 5-digit second random key (RK2). ≪ / RTI > (d) includes a four-digit first password PW1, a five-digit random key RK located after the password PW1, and a three-digit number And an example of a pattern composed of the second password PW2.

The number of digits contained in the above-described password is not particularly limited. However, it is preferable that the number constituting the password is 4 digits or more, which is the minimum unit of the password configuration, but the number constituting the random key can be freely randomly used from 1 to n. In other words, the actual password that the user should remember is short and easy to use in combination of four numbers, but the number (the number of digits) of random keys added before, after, or after the password can be arbitrarily randomly generated and added freely by the user . However, as shown in FIGS. 3 (b), 3 (c), and 3 (d), the number of the entire password including the random key is preferably 10 or more digits in order to improve security. In the case of (b) and (c), except for the 8 random keys used, only four key values of the actual password that the user should memorize. For reference, according to George A. Miller's "The Magic Number Seven, plus or minus Two," published in 1956, the general number of numbers a person can memorize is reported to be less than 7 digits . In view of this, the passwords shown in FIGS. 3 (b) and 3 (c) are passwords that satisfy both convenience and security. Because the number of passwords including the random key is all 12 digits, the security is very good, and among the 12 digits, the user can remember only the four-digit number '2016' corresponding to the actual password. have.

Hereinafter, the password including the random key input by the user will be described as an example in which the password is the same pattern as shown in FIG. 3 (c).

In the user authentication mode, the control unit 120 receives a password PW from the user through the key input unit 110, a first random key RK1 previously input of the password, and a second random key RK1 input after the password RK2 (S3).

At this time, the user does not always input the password including the random key RK as described above. For example, when a user is judged to be in a secure situation requiring no security, in which the current situation does not require a password and a random key (RK) to be used together, only a simple real password can be inputted quickly and easily.

The controller 120 extracts the actual password except for the first random key RK1 and the second random key RK2 among the passwords including the random key input in the pattern as described above. For this purpose, a finite-state automaton based search algorithm such as search, Brute Force algorithm, Knuth-Morris-Pratt algorithm, Rabin-Karp string algorithm, pattern matching algorithm and pattern recognition algorithm can be used (S4).

If the user inputs only the password without inputting the random key RK, the random key RK is not detected in the password extracting step S4 and only the password is detected.

If it is determined that the extracted password does not coincide with the password stored in the memory 140, the control unit 120 performs error processing because it is an incorrect password, (S5, S6).

If the user inputs only the password without inputting the random key RK as described above, the control unit 120 also checks whether or not the extracted password matches the password stored in the memory 140, If it is determined that the password is invalid, it is an invalid password and error processing is performed, and the fact is displayed on the display unit 130.

If it is determined that the extracted password is identical to the password stored in the memory 140, the control unit 120 determines whether the first random key RK1 and the second random key RK2 are extracted, (S7, S8). If it is determined that the random keys do not coincide with each other, the user authentication is successfully performed (S7, S8) .

The reason for confirming whether or not the first random key RK1 and the second random key RK2 currently extracted and extracted are identical to the random keys stored in the memory 140 by the user in the previous authentication process When the user previously used the password is exposed to an illegal user by exposure, shoulder surfing, secretly camera or other means, the illegal user can input the first random key (RK1), the password (PW) 2 random key (RK2) as a single password, and inputs '325 2016 11234' as it is. In consideration of this, at least one of numbers (or letters, special characters) constituting the first random key RK1 and the second random key RK2 must be different from the previous one.

The first random key RK1 and the second random key RK2 currently extracted and extracted may be inputted by the user in the past authentication process and checked to see whether they match the corresponding random keys stored in the memory 140 as an example However, the present invention is not limited thereto. For example, when the user inputs the first random key RK1 and the second random key RK2, which are currently separated and extracted, immediately before the authentication process, the user inputs the random key RK1 and the second random key RK2 to the random keys stored in the memory 140, , It is possible to enhance the security against illegal leakage (hacking) of the password.

If it is determined that the first random key RK1 and the second random key RK2 are identical to the corresponding random key stored in the memory 140, The input password is input by the illegal user, or it is determined that the input is made by the user's mistake, and the re-input of the password including the random key is requested (for example, three times). At this time, if all the re-input fails, a second password input is requested (S9).

The secondary password means only the password PW excluding the random keys among the first random key RK1 and the password PW and the second random key RK2, Quot; 2016 ", which is a four-digit number. On the other hand, in the case of an illegal user, the first random key RK1 and the password PW, the second random key RK2, and the second random key RK2 are used because the total number of the password including the random key is known but only the actual password contained therein is known. Will be entered. Otherwise, it is inevitable to arbitrarily select and input the password key value among the entire 12-digit numbers.

The control unit 120 compares the inputted secondary password with the password stored in the memory 140. If it is determined that the password matches the password stored in the memory 140, the control unit 120 processes the user authentication success, S12).

At this time, if the inputted secondary password does not match the password stored in the memory 140, the controller 120 determines that the password is illegally leaked and requests the user to change the password through the display unit 130 Therefore, it is possible to predict and inform illegal hacking so that prevention and security can be strengthened.

However, if the input secondary password does not coincide with the password stored in the memory 140, it may be a hack, or it may be due to a user's mistake. Therefore, a predetermined number of times (for example, three times) If the input second password is not identical to the password stored in the memory 140, the control unit 120 determines that the previously input password is illegally leaked (hacked) It is preferable to request the user to change the password through the display unit 130. In addition,

Although the preferred embodiments of the present invention have been described in detail above, it should be understood that the scope of the present invention is not limited thereto. These embodiments are also within the scope of the present invention.

100: user authentication system 110: key input unit
120: control unit 130: display unit
140: Memory

Claims (14)

(a) receiving a key value to be set as a password from a user in a password setting mode, and storing the key value in a memory ;
(b) receiving the password including a random key from a user in a user authentication mode, wherein the random key is input before or after the password, before or after the password ;
(c) separating and extracting the random key and the password from the password including the random key received from the user in the user authentication mode ;
(d) if the password extracted and extracted matches the password stored in the memory, and if it is determined that the extracted random key is input from the user in the previous authentication process and does not match the random key stored in the memory, Processing with success; And
(e) if it is determined that the random key extracted and extracted is identical to a random key stored in the memory and input by a user in a previous authentication process, a second password is input to the user, Comparing the password stored in the memory with the password stored in the memory, and processing the user authentication success or error processing according to whether the password matches the password stored in the memory.
delete The method according to claim 1, wherein the password pattern including the random key includes
A random key composed of a plurality of digits, and a pattern including a password consisting of four or more digits,
A pattern including a first random key composed of a plurality of digits, a password composed of four or more digits, and a second random key composed of a plurality of digits,
And a pattern including a first password composed of three or more digits, a random key composed of a plurality of digits, and a second password composed of three or more digits. User authentication method used.
The method according to claim 1, wherein the password includes at least one of a 4-digit number, a character, a special character, and a symbol.
The method according to claim 1, wherein the random key includes at least one of digits, letters, special characters, and symbols of one or more digits.
2. The method of claim 1, wherein the random key in step (b) comprises one or more random digits, and the digits, letters, or special characters used for each digit are randomly input. A user authentication method using a password including a key.
The method according to claim 1, wherein the user authentication method further comprises selectively processing a password including a random key or using only a password without using a random key according to a user's intention A user authentication method using a password including a random key.
The method of claim 1, wherein the step (c) is performed using a character string search algorithm, a pattern matching algorithm, and a pattern recognition algorithm. 2. The method of claim 1, wherein step (d)
Further comprising the step of requesting the user to change the password when the number of times that the password does not match the password stored in the memory is greater than or equal to a predetermined number of times.
2. The method of claim 1, wherein step (d)
Further comprising the step of comparing the random key with random keys stored in the memory in a plurality of authentication processes including the immediately preceding authentication process and performing an error process if the random keys match with each other. Authentication method.
The method according to claim 1,
A door lock of an entrance door, a safe door lock and a user authentication and unlocking of a smart phone, a tablet PC, a notebook computer, a personal terminal or a computer,
It may be applied to online web site personal authentication or electronic commerce, including computer or smart phone,
The present invention is applicable to an automation apparatus of any one of an online financial settlement, a financial service, an automatic teller machine (ATM) and a complaint document issuer,
And a user authentication in a financial institution and a public institution. The user authentication method using a password including a random key.
A key input unit for receiving numbers, characters, and special characters associated with a password from a user;
A memory for storing a key value input from a user for setting a password in a password setting mode;
A display unit for displaying information related to the password;
When receiving the password from the user in the user authentication mode, receives the random key input before or after the password, or before and after the password, separates and extracts the random key and the password from the password, And a control unit for processing the user authentication successfully if it is determined that the extracted random key matches the password stored in the memory and the random key received from the user in the previous authentication process does not match the random key stored in the memory,
If the extracted random key is found to match the random key stored in the memory and input by the user in the previous authentication process, the control unit requests the user to input the second password, Wherein the password is compared with the password stored in the memory, and the user authentication is successfully processed or error-processed according to whether the password is matched or not.
A terminal connected to the network for receiving numbers, characters, and special characters related to a password from a user;
An authentication server connected to a database storing a key value input from a user for setting a password in a password setting mode;
A display unit for displaying information related to the password;
When receiving the password from the user in the user authentication mode, receives the random key input before or after the password, or before and after the password, separates and extracts the random key and the password from the password, And a controller for processing the user authentication success if it is determined that the extracted random key matches the password stored in the memory and the random key received from the user in the previous authentication process does not match the random key stored in the memory,
If the extracted random key is found to match the random key stored in the memory and input by the user in the previous authentication process, the control unit requests the user to input the second password, and stores the inputted second password in the memory The user authentication is successfully performed or the error process is performed according to whether or not the password is stored in the user authentication system.
delete
KR1020160014649A 2016-02-05 2016-02-05 Method and system for user authentication using password included random key KR101632582B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020160014649A KR101632582B1 (en) 2016-02-05 2016-02-05 Method and system for user authentication using password included random key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020160014649A KR101632582B1 (en) 2016-02-05 2016-02-05 Method and system for user authentication using password included random key

Publications (1)

Publication Number Publication Date
KR101632582B1 true KR101632582B1 (en) 2016-07-01

Family

ID=56500615

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160014649A KR101632582B1 (en) 2016-02-05 2016-02-05 Method and system for user authentication using password included random key

Country Status (1)

Country Link
KR (1) KR101632582B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018052248A1 (en) * 2016-09-13 2018-03-22 이재용 Personal unmanned storage box and mail/parcel delivery management system using same

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007329916A (en) * 2006-06-06 2007-12-20 Toshiba Corp User authentication system of document processing apparatus, and method therefor
KR20110134080A (en) * 2010-06-08 2011-12-14 노틸러스효성 주식회사 A pinpad capable of self-detecting the illegal detachment and the method of maintaining the pinpad security using the same
KR101228090B1 (en) * 2012-07-31 2013-02-01 세종대학교산학협력단 System and method for inputing password
KR101451639B1 (en) * 2014-02-18 2014-10-16 주식회사 시큐브 Identification and theft prevention system using one times random key, and method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007329916A (en) * 2006-06-06 2007-12-20 Toshiba Corp User authentication system of document processing apparatus, and method therefor
KR20110134080A (en) * 2010-06-08 2011-12-14 노틸러스효성 주식회사 A pinpad capable of self-detecting the illegal detachment and the method of maintaining the pinpad security using the same
KR101228090B1 (en) * 2012-07-31 2013-02-01 세종대학교산학협력단 System and method for inputing password
KR101451639B1 (en) * 2014-02-18 2014-10-16 주식회사 시큐브 Identification and theft prevention system using one times random key, and method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018052248A1 (en) * 2016-09-13 2018-03-22 이재용 Personal unmanned storage box and mail/parcel delivery management system using same
KR101875282B1 (en) * 2016-09-13 2018-07-05 이재용 Personal parcel storage box and system for managing parcel using the same

Similar Documents

Publication Publication Date Title
KR101769119B1 (en) Password Authentication System Based on Junk Data Coincidence and User Authentication Method thereof
US8041954B2 (en) Method and system for providing a secure login solution using one-time passwords
AU2007268223B2 (en) Graphical image authentication and security system
US8079082B2 (en) Verification of software application authenticity
US9390249B2 (en) System and method for improving security of user account access
US9800574B2 (en) Method and apparatus for providing client-side score-based authentication
EP3304394B1 (en) Authentication methods and systems
Khan et al. Comparative study of authentication techniques
US20140053254A1 (en) Graphical authentication system and method for anti-shoulder surfing attack
TW201544983A (en) Data communication method and system, client terminal and server
KR101392537B1 (en) User memory method using plural one time password
KR101600474B1 (en) Authentication method by salted password
KR101632582B1 (en) Method and system for user authentication using password included random key
CA2611549C (en) Method and system for providing a secure login solution using one-time passwords
CN108701183B (en) User authentication method and system using whether junk data are consistent
US20160021102A1 (en) Method and device for authenticating persons
KR20170101145A (en) Password Authentication System Using Random Key and User Authentication Method thereof
Rao et al. Improved session based password security system
KR101845173B1 (en) The system for authenticating financial transaction using a random sequence, and method thereof
WO2008084435A1 (en) Security arrangement
Park et al. One touch logon: Replacing multiple passwords with single fingerprint recognition
KR20190006919A (en) Virtual Keyboard System to prevent hacking using Typography and User Authentication method using the same
KR101222199B1 (en) Apparatus for verifying encryption and method for verifying encryption
AU2020383932A1 (en) Improved systems and methods for secure data input and authentication
KR20230138766A (en) How to display and control password entry hints

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant