KR101634785B1 - Apparatus and method for preventing MITM attack - Google Patents

Apparatus and method for preventing MITM attack Download PDF

Info

Publication number
KR101634785B1
KR101634785B1 KR1020140055316A KR20140055316A KR101634785B1 KR 101634785 B1 KR101634785 B1 KR 101634785B1 KR 1020140055316 A KR1020140055316 A KR 1020140055316A KR 20140055316 A KR20140055316 A KR 20140055316A KR 101634785 B1 KR101634785 B1 KR 101634785B1
Authority
KR
South Korea
Prior art keywords
screen
security
unit
client
server
Prior art date
Application number
KR1020140055316A
Other languages
Korean (ko)
Other versions
KR20150128252A (en
Inventor
맹영재
박응기
박현동
서정택
Original Assignee
한국전자통신연구원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국전자통신연구원 filed Critical 한국전자통신연구원
Priority to KR1020140055316A priority Critical patent/KR101634785B1/en
Priority to PCT/KR2014/007619 priority patent/WO2015170801A1/en
Publication of KR20150128252A publication Critical patent/KR20150128252A/en
Application granted granted Critical
Publication of KR101634785B1 publication Critical patent/KR101634785B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

MITM attack prevention device and method are presented. The proposed device is a MITM attack prevention device included in a screen connected to a server through a client. The MITM attack prevention device includes a key storage unit for storing a key shared with a server, a decryption unit for decrypting data inputted through a client based on a key, An encryption unit for encrypting and outputting input data requiring security from the user based on the key, a decryption unit for decrypting the decrypted input data in the decryption unit, And a control unit controlling the screen security display unit to display the result of the decryption and the encryption according to the decryption in the decryption unit, when the decryption in the decryption unit is abnormal.

Description

[0001] Apparatus and method for preventing MITM attack [0002]

The present invention relates to an apparatus and method for preventing an MITM attack, and more particularly, to an apparatus and method for effectively preventing a man in the middle attack by extending a client in a server / client model to a screen level .

On-line user authentication technology is essential because personalized services such as online shopping malls, online financial transactions, and electronic complaints are performed on the non-contact Internet.

In order to provide online user authentication securely, a service provider uses various methods of sharing secret information (e.g., a password, a public certificate, a security card, an OTP, a TAN, etc.) with a user, using a cryptographic protocol, and installing a security program.

In other words, the security elements of online user authentication (hereinafter referred to as user authentication) can be roughly divided into three parts. The first part is secret information shared between the service provider and the user (password, authorized certificate, secure card, OTP, etc., hereinafter referred to as "shared secret"), the second part is the encryption protocol, And the like.

The shared secret is used as evidence to authenticate the user, the cryptographic protocol is used to ensure a secure channel between the service provider and the user, and the security program is used to counter the security threats that may occur in the client.

The cryptographic protocol is secure from the attacker unless the cryptographic key is exposed. However, since security programs are designed to provide security services against known malicious code, they can not be expected to be secure against unknown malicious code.

The shared secret is input to the client through an input device such as a keyboard and a mouse, and the encryption key of the encryption protocol is also present in the client. Since malicious code is assumed to be able to acquire all the resources of the client, it is not easy to block all paths of malicious code that can obtain such input values and cryptographic keys.

That is, current user authentication is made on the assumption that the client is secure, but in reality it can not be considered secure because the assumption may not apply.

In the related art, a content providing security for a portion where personal information is displayed on the screen is disclosed in Korean Patent Registration No. 10-1230055. However, Korean Patent No. 10-1230055 is software level screen security.

 Other related prior arts include, in setting a secret function such as a secure print job rather than a general function setting in a touch screen operation, permitting only an operation input using an input tool other than a body rather than a finger operation, The disclosure of Korean Patent Application No. 10-2009-0013567 discloses that the possibility of leakage of secret information due to traces is excluded. Korean Patent Publication No. 10-2009-0013567 requires a special input device.

SUMMARY OF THE INVENTION The present invention has been proposed in order to solve the above problems of the prior art, and provides an apparatus and method for preventing an MITM attack by extending a client in a server / client model to a screen level so as to respond to an MITM attack occurring at a client level It has its purpose.

In order to achieve the above object, an MITM attack prevention apparatus according to a preferred embodiment of the present invention is an MITM attack prevention apparatus included in a screen connected to a server through a client,

A key storage unit for storing a key shared with the server; A decryption unit for decrypting data input through the client based on the key and outputting the decrypted data on a screen; A screen security display unit for performing screen security on or warning of the screen based on whether or not the decryption is normal in the decryption unit; An encryption unit for encrypting and outputting input data requiring security from a user based on the key; And a screen security ON state in response to the decryption in the decryption unit being normal, causing the decryption unit and the result of encryption to be output respectively, and controlling the screen security display unit in response to the decryption in the decryption unit being abnormal And a control unit for performing display corresponding thereto.

At this time, the key may be provided directly from the server, or may be generated based on secret information.

At this time, the secret information may be any one of a password, a secure card, an authorized certificate, an OTP, and a TAN.

At this time, the secret information may be input by touching the virtual screen on the screen.

At this time, the secret information may be input through a keyboard and a mouse connected to input terminals provided on the screen.

At this time, the secret information may be input through a camera installed on the screen.

In this case, the screen security indicator includes a light emitting element, and the screen security indicator may output green light indicating the screen security on if the decryption in the decryption unit is normal.

In this case, the screen security indicator includes a light emitting element, and the screen security indicator may output a red light when the decryption in the decryption unit is abnormal.

In this case, the screen security pattern storage unit may store a screen security pattern displayed on the screen when the screen security is on.

At this time, the control unit may warn the user through the screen security display unit if the screen security pattern is included in the data from the client.

Meanwhile, the MITM attack prevention method according to a preferred embodiment of the present invention is an MITM attack prevention method in an MITM attack prevention apparatus included in a screen connected to a server through a client,

Receiving data input through the client; Decrypting the data based on a key shared with the server; And performing screen security on or warning of the screen of the screen based on whether or not the decryption is normal in the decrypting step.

The method may further include displaying a previously stored screen security pattern on the screen when the screen security is on.

At this time, if the data from the client includes the screen security pattern, the step of warning may be further included.

According to the present invention having such a configuration, a client in an existing server / client model is extended to a screen (for example, a monitor) level so as to ensure security so that malicious code existing in the client can be accessed .

This ensures the security of encrypted communication between the server and the screen. This is different from the server / client model, where security can be compromised due to malicious code even though the security of the cryptography is high.

1 is a diagram illustrating a server / screen model to which the present invention is applied.
2 is a configuration diagram of an MITM attack prevention apparatus according to an embodiment of the present invention.
3 is a flowchart illustrating an exemplary MITM attack prevention method according to an embodiment of the present invention.
Figs. 4 to 7 are views employed in the description of Fig. 3. Fig.
FIG. 8 is a flowchart illustrating a process of transmitting input from a keyboard received in the screen shown in FIG. 1 to a server.
9 is a flowchart illustrating another example of the MITM attack prevention method according to the embodiment of the present invention.
FIG. 10 is a diagram adopted in the description of FIG.

While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail.

It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In the present application, the terms "comprises" or "having" and the like are used to specify that there is a feature, a number, a step, an operation, an element, a component or a combination thereof described in the specification, But do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries should be interpreted as having a meaning consistent with the meaning in the context of the relevant art and are to be interpreted in an ideal or overly formal sense unless explicitly defined in the present application Do not.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. In order to facilitate the understanding of the present invention, the same reference numerals are used for the same constituent elements in the drawings and redundant explanations for the same constituent elements are omitted.

The present invention proposes a server / screen model instead of a server / client model in order to securely authenticate a user on-line even in the case where a malicious code can be installed on a client.

1 is a diagram illustrating a server / screen model to which the present invention is applied.

In order to overcome the vulnerability to a man in the middle attack at the level of the client 20 (e.g., PC), the client 20 in the server 10 / client 20 model is referred to as a screen , Monitor) (30).

The security of the network and the client 20 can not be relied upon as the security of the network can not be trusted and the server 10 as the both terminals and the client 20 perform the encrypted communication. So as to perform encrypted communication.

1, the client 20 only plays the role of transmitting encrypted input / output data between the server 10 and the screen 30 screen. However, when transmitting the encrypted screen data to the screen of the screen 30, the client 20 must transmit a specific signal together to inform the screen terminal whether or not the screen security operation is performed.

Extending the encryption interval to the level of the screen 30, as in FIG. 1, is also related to HCI (Human-Computer Interaction). When the user uses an online service (e.g., an online shopping mall, an online financial transaction, an electronic civilization, etc.) provided by the server 10, the client 20 is a tool for transferring the input / output data of the server 10 and the user Remember that. From the HCI point of view, the client 20 communicates information to the user via the monitor output and the value entered by the user via the keyboard / mouse to the server 10. At this time, if the client 20 is infected with a malicious code, both the output and the input become unreliable. That is, the client 20 located between the server 10 and the user can be exploited for MITM attacks in which both the server 10 and the user are deceived by modulating the HCI data.

Accordingly, when the encryption technology is implemented at the level of the monitor and the keyboard / mouse as the input device, as shown in FIG. 1, it is possible to cope with the MITM attack occurring at the client 20 level.

FIG. 2 is a block diagram of an MITM attack prevention apparatus according to an embodiment of the present invention, which is understood to be an internal configuration diagram of the screen 30 shown in FIG.

The screen 30 includes a receiving unit 41, a cryptographic key generating unit 42, a cryptographic key storing unit 43, a decrypting unit 44, a screen 45, a screen security displaying unit 46, an encrypting unit 47, A transmission unit 48, a screen security pattern storage unit 49, and a control unit 50.

The receiving unit 41 receives screen data (that is, encrypted data) (for example, an internet account transfer screen, screen data for confirming transaction amount details, etc.) provided from the server 10.

The receiving unit 41 can exchange or share the encryption key from the server 10. [ This is because the server 10 and the screen 30 use a key exchange / sharing protocol to have an encryption key. On the other hand, the receiving unit 41 may receive secret information from the outside (i.e., a source for generating a cryptographic key). Of course, the receiving unit 41 may receive MITM attack data (i.e., encrypted data made to deceive the user) in the client 20.

On the other hand, the receiving unit 41 receives input data required for security provided by the user. Here, input data requiring security can be input through a keyboard and / or a mouse.

The encryption key generation unit 42 generates a cryptographic key based on the secret information received via the reception unit 41. [ Here, the secret information may be a password, a secure card, a public certificate, an OTP (One Time Password), a TAN (Transaction Authentication Number), or the like. It is safe to use confidential information that is difficult to duplicate, such as OTP, because passwords, secure cards, and public certificates may be exposed during distribution. It can be considered that the encryption key generating unit 42 incorporates an encryption algorithm.

The encryption key storage unit 43 stores the encryption key generated by the encryption key generation unit 42. [ Also, the encryption key storage unit 43 can store the encryption key from the server 10. As a result, it can be seen that the encryption key in the encryption key storage unit 43 is shared with the server 10. The encryption key may be an example of the key described in the claims of the present invention.

The decryption unit 44 decrypts the screen data requested to be secure from the server 10 received by the receiving unit 41. [ On the other hand, the decryption unit 44 will decrypt the MITM attack data in the client 20 received by the receiving unit 41. The decoding unit 44 may include a decoding algorithm.

Here, when decrypting screen data requiring security from the server 10, the decryption unit 44 decrypts the encryption key stored in the encryption key storage unit 43 (that is, the encryption key shared with the server 10) ), The normal decoding will be performed. However, when the decryption unit 44 decrypts the MITM attack data in the client 20, since the encryption key stored in the encryption key storage unit 43 and the encryption key of the MITM attack data are different from each other, Will not.

The screen 45 displays screen data decoded by the decoding unit 44.

The screen security display unit 46 displays whether the screen is secured or not. For example, the screen security display 46 notifies the user of the on / off state of screen security by performing a visual display through a display device such as a light emitting device (LED). Here, when the screen security is OFF, the light emitting device outputs no light, and when the screen security is ON, the light emitting device can output the green light. At least one light emitting element may be used. The screen security display unit 46 may be installed on the screen 30 separately from the screen 45.

Even if the malicious attacker creates data similar to the screen data requiring security in the server 10 through the client 20 and transmits the same to the screen 30, since the cryptographic key stored in the screen 30 is unknown, (Ie, MITM attack data). As a result, if the decryption unit 44 decrypts the MITM attack data (encrypted data) in the client 20, decryption is not properly performed, and thus the screen security display unit 46 can display this case. For example, red light may be output from the light emitting device to indicate that decoding is not performed properly.

Meanwhile, the screen security display unit 46 may display the screen security pattern of the screen security pattern storage unit 49 on the screen 45 when the screen security state is established. The screen security pattern at this time may be a form in which a green stripe is formed along the rim of the screen 45, instead of being displayed as a light emitting element. In addition, when the client 20 includes the screen security pattern in the data sent to the screen 30, it is in an abnormal state (that is, when malicious code is detected) Can be displayed.

The encrypting unit 47 encrypts the input data received by the receiving unit 41 and requires security. At this time, the encryption unit 47 encrypts based on the encryption key stored in the encryption key storage unit 43.

The transmitting unit 48 sends the encrypted input data to the server 10 by the encrypting unit 47.

The screen security pattern storage unit 49 stores a screen security pattern to be output on the screen 45 in a screen security state.

The control unit 50 controls the internal configuration of the screen 30. That is, when the control unit 50 receives the encryption key through the receiving unit 41, the control unit 50 stores the encryption key in the encryption key storage unit 43. When the control unit 50 receives the secret information through the receiving unit 41, it sends it to the encryption key generating unit 42. The control unit 50 receives screen data requiring security through the receiving unit 41, and sends it to the decrypting unit 44. [ When receiving the input data requiring security through the receiving unit 41, the control unit 50 sends the input data to the encrypting unit 47. The control unit 50 determines whether or not the screen is secure and sends the result to the screen security display unit 46. When the malicious code is detected, the control unit 50 sends the fact to the screen security display unit 46.

FIG. 3 is a flowchart illustrating an example of an MITM attack prevention method according to an embodiment of the present invention, and FIGS. 4 to 7 are views employed in the description of FIG.

The screen 30 can receive the encryption key directly from the server 10, but in the following description it is assumed that the secret key is generated by receiving the secret information.

That is, the secret information issued by the server 10 can be directly input by the user to the screen 30. Accordingly, the receiving unit 41 of the screen 30 receives the confidential information to be input (S10). Here, the method of inputting the secret information on the screen is as shown in FIG. 4 to FIG. 6. 4 shows a case where the screen 30 has a touch screen function. 4, the user can touch the virtual screen 51 on the screen 45 to input secret information. 5 shows an example in which the screen 30 has an input terminal such as USB or PS / 2. In FIG. 5, an input device 52 such as a keyboard and a mouse may be connected to an input terminal to input secret information. 6 shows a case where the camera 53 is provided on the screen 30. Fig. In Fig. 6, the camera 53 can directly capture and input secret information, or input secret information through OCR reading. On the other hand, the camera 53 can photograph a multidimensional code (for example, a QR code) and obtain and input confidential information from the photographing information.

When the secret information is received in this manner, the secret information is sent to the encryption key generating unit 42. The encryption key generation unit 42 generates an encryption key using the received secret information, and stores the generated encryption key in the encryption key storage unit 43 (S12).

Of course, if the encryption key already exists in the encryption key storage unit 43, the operations of S10 and S12 described above will not be necessary.

Then, the server 10 sends screen data requiring security to the screen 30 through the network. Accordingly, the receiving unit 41 of the screen 30 receives screen data requiring security (S14).

The control unit 50 of the screen 30 sends the screen data (for example, an internet bank transfer screen, screen data for confirming transaction amount details, encrypted data) required for security to the decryption unit 44, . The decryption unit 44 decrypts screen data that requires security.

However, even if the server 10 sends screen data encrypted using the shared cryptographic key, a malicious attacker will deliberately deceive the user by using a technique such as pharming. Even if the malicious attacker creates data similar to the screen data requiring security in the server 10 through the client 20 and transmits the same to the screen 30, since the cryptographic key stored in the screen 30 is unknown, (Ie, MITM attack data). As a result, if the MITM attack data (encrypted data) in the client 20 is decrypted, the decryption unit 44 will not decrypt properly.

If the decryption is not normally performed ("No" in S16), the decryption unit 44 notifies the control unit 50 of the decryption. Accordingly, the control unit 50 issues a warning to output the red light through the screen security display unit 46 (S18). Of course, the control unit 50 may make the whole of the screen 45 black with a warning through the screen security display unit 46 so that nothing can be seen.

 On the contrary, when the decoding is normally performed ("Yes" in S16), the decoding unit 44 notifies the control unit 50 of this. Accordingly, the controller 50 determines that the screen security is ON and displays the screen security ON through the screen security indicator 46 (S20). For example, in the initial stage, when the screen is turned on (OFF) while the light emitting device 54 is turned off as shown in (a) of FIG. 7, the light emitting element 54 is turned on to emit green light as in b).

Then, the decoding unit 44 displays the decoded screen data on the screen 45 (S22).

If the server 10 transmits general screen data (that is, screen data whose security is not required and which is not encrypted), the control unit 50 of the screen 30 sets the screen security OFF And ends the screen security. That is, when the screen requiring security is terminated, it returns to the normal screen.

FIG. 8 is a flowchart illustrating a process of transmitting input from a keyboard received in the screen shown in FIG. 1 to a server.

Assume that the screen 30 is connected to a keyboard and a mouse.

When the user inputs input data requiring security through the keyboard, the receiving unit 41 receives the input data requiring security (S30).

Then, the control unit 50 applies the input data requiring security to the encrypting unit 47.

Accordingly, the encryption unit 47 encrypts the input data requiring security based on the encryption key stored in the encryption key storage unit 43 (S32).

The encrypted input data is transmitted to the server 10 via the transmission unit 48 (S34).

The above-described S30 to S34 may be regarded as being performed after S22 in Fig. 3 described above. That is, when the screen data requiring security is decrypted and displayed on the screen 45, the user inputs the screen data and input data corresponding to the screen data (i.e., input data requiring security). The inputted data is encrypted and sent to the server 10.

Here, it can be said that the input data is encrypted and transmitted to the server 10 only when the screen security is in operation. While the operation of S30 to S34 is being performed, since the screen security is ON, the light emitting element 54 is emitting green light as shown in FIG. 7B.

FIG. 9 is a flow chart for explaining another example of the MITM attack prevention method according to the embodiment of the present invention, and FIG. 10 is a diagram adopted in the description of FIG.

First, the screen 30 receives predetermined screen data through the client 20 (S40).

Then, the control unit 50 of the screen 30 determines whether the received screen data includes a screen security pattern.

If the screen security pattern is included ("Yes" in S42), the control unit 50 determines that the currently input screen data is MITM attack data (for example, malicious code) sent from a malicious attacker (S44).

When the malicious code is detected in this manner, the malicious code detection is displayed on the screen 46 (S46). For example, as shown in FIG. 10A, when the screen security is changed from the OFF state to the normal ON state, as shown in FIG. 10B, A screen security pattern in which a green band is formed is output. In this state, when a malicious code is detected, the screen 30 forms a red band along the rim of the screen 45 as shown in FIG. 10 (c). At this time, characters such as "malicious code detected" and "do not input important information" can be displayed together.

That is, the screen security pattern can be generated and displayed only on the screen 30. If a malicious attacker creates a screen security pattern through the client 20 and inputs the screen security pattern together with the screen data, (I.e., a screen security pattern) is included in the screen data of the MITM attack data, it can be determined that the MITM attack data has been input.

As described above, an optimal embodiment has been disclosed in the drawings and specification. Although specific terms have been employed herein, they are used for purposes of illustration only and are not intended to limit the scope of the invention as defined in the claims or the claims. Therefore, those skilled in the art will appreciate that various modifications and equivalent embodiments are possible without departing from the scope of the present invention. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.

10: Server 20: Client
30: Screen 41: Receiver
42: encryption key generation unit 43: encryption key storage unit
44: decryption unit 45: screen
46: Screen security display unit 47: Encryption unit
48: Transmission unit 49: Screen security pattern storage unit
50:

Claims (20)

An MITM attack prevention device included in a screen connected to a server through a client,
A key storage unit for storing a key shared with the server;
A decryption unit for decrypting data input through the client based on the key and outputting the decrypted data on a screen;
A screen security display unit for performing screen security on or warning of the screen based on whether or not the decryption is normal in the decryption unit;
An encryption unit for encrypting and outputting input data requiring security from a user based on the key;
And the control unit controls the screen security display unit according to the decryption in the decryption unit according to the abnormal state, and outputs the result of encryption to the decryption unit, A control unit for performing a corresponding display; And
And a screen security pattern storage unit for storing a screen security pattern displayed on the screen when the screen security is on,
The key may be provided directly from the server, or may be generated based on secret information,
Wherein the secret information includes any one of a password, a security card, an authentication certificate, an OTP, and a TAN corresponding to information on a key shared with the server,
Wherein the screen combines the screen security pattern with data from the client and outputs the result,
Wherein the controller alerts the user through the screen security indicator if the data from the client includes the screen security pattern. delete delete The method according to claim 1,
Wherein the secret information is input by touching a virtual screen on the screen. The method according to claim 1,
Wherein the secret information is input through a keyboard and a mouse connected to input terminals provided on the screen. The method according to claim 1,
Wherein the secret information is input through a camera installed on the screen. The method according to claim 1,
Wherein the screen security indicator comprises a light emitting element,
Wherein the screen security display unit outputs green light indicating that the screen security is on when the decryption in the decryption unit is normal. The method according to claim 1,
Wherein the screen security indicator comprises a light emitting element,
Wherein the screen security display unit outputs a red light when the decoding in the decoding unit is abnormal and warns the MITM attack. delete delete A method for preventing an MITM attack in a MITM attack prevention device included in a screen connected to a server via a client,
Receiving data input through the client;
Decrypting the data based on a key shared with the server;
Performing screen security on or warning of a screen of the screen based on whether or not the decoding is normal in the decrypting step;
Synthesizing a screen security pattern previously stored in the data from the client when the screen security is on, and displaying the synthesized screen security pattern on the screen; And
And warning if the data from the client already includes the screen security pattern,
The key may be provided directly from the server, or may be generated based on secret information,
Wherein the secret information includes at least one of a password, a secure card, a public certificate, an OTP, and a TAN corresponding to information about a key shared with the server. delete delete The method of claim 11,
Wherein the secret information is input by touching a virtual screen on the screen. The method of claim 11,
Wherein the secret information is input through a keyboard and a mouse connected to input terminals provided on the screen. The method of claim 11,
Wherein the secret information is input through a camera installed on the screen. The method of claim 11,
Wherein the step of turning on screen security or warning of the screen of the screen drives the light emitting element if the decryption is normal, and outputs green light indicating the screen security ON. The method of claim 11,
Wherein the step of turning on the screen security or warning of the screen of the screen drives the light emitting element when the decoding is abnormal and outputs a red light to warn the user. delete delete
KR1020140055316A 2014-05-09 2014-05-09 Apparatus and method for preventing MITM attack KR101634785B1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
KR1020140055316A KR101634785B1 (en) 2014-05-09 2014-05-09 Apparatus and method for preventing MITM attack
PCT/KR2014/007619 WO2015170801A1 (en) 2014-05-09 2014-08-18 Apparatus and method for preventing mitm attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020140055316A KR101634785B1 (en) 2014-05-09 2014-05-09 Apparatus and method for preventing MITM attack

Publications (2)

Publication Number Publication Date
KR20150128252A KR20150128252A (en) 2015-11-18
KR101634785B1 true KR101634785B1 (en) 2016-06-29

Family

ID=54392640

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020140055316A KR101634785B1 (en) 2014-05-09 2014-05-09 Apparatus and method for preventing MITM attack

Country Status (2)

Country Link
KR (1) KR101634785B1 (en)
WO (1) WO2015170801A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100284482B1 (en) * 1998-10-10 2001-03-15 구자홍 Data encryption method
JP2009124311A (en) * 2007-11-13 2009-06-04 Kddi Corp Mutual authentication system, mutual authentication method, and program
JP2009223375A (en) * 2008-03-13 2009-10-01 Ntt Communications Kk Malicious web site decision device, malicious web site decision system, method thereof, and program

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101210411B1 (en) * 2011-02-15 2012-12-10 동서대학교산학협력단 Transaction Protection System and Method using Connection of Certificate and OTP Generated by Keystream

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100284482B1 (en) * 1998-10-10 2001-03-15 구자홍 Data encryption method
JP2009124311A (en) * 2007-11-13 2009-06-04 Kddi Corp Mutual authentication system, mutual authentication method, and program
JP2009223375A (en) * 2008-03-13 2009-10-01 Ntt Communications Kk Malicious web site decision device, malicious web site decision system, method thereof, and program

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
정보보호학회논문지(제 84면 내지 99면)(2011.12)

Also Published As

Publication number Publication date
KR20150128252A (en) 2015-11-18
WO2015170801A1 (en) 2015-11-12

Similar Documents

Publication Publication Date Title
US11856104B2 (en) Methods for secure credential provisioning
JP7257561B2 (en) computer-implemented method, host computer, computer-readable medium
US9838205B2 (en) Network authentication method for secure electronic transactions
CN111756533B (en) System, method and storage medium for secure password generation
KR101878149B1 (en) Device, system, and method of secure entry and handling of passwords
Nyang et al. Keylogging-resistant visual authentication protocols
RU158940U1 (en) STRICT AUTHENTICATION TOKEN WITH VISUAL OUTPUT OF OPEN KEY INFRASTRUCTURE SIGNATURES (PKI)
JP6399382B2 (en) Authentication system
US20130205380A1 (en) Identity verification
US20110202772A1 (en) Networked computer identity encryption and verification
US9674166B2 (en) Method for securing a request for executing a first application, by a second application
KR101856530B1 (en) Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof
US10445510B2 (en) Data checking apparatus and method using same
KR101754519B1 (en) Keyboard secure system and method for protecting data input via keyboard using one time key
KR102308248B1 (en) Encryption Gateway equipped with quantum encryption chip based a quantum random number and method of providing encryption communication service between IoT device using the same
KR101634785B1 (en) Apparatus and method for preventing MITM attack
KR101271464B1 (en) Method for coding private key in dual certificate system
KR102547682B1 (en) Server for supporting user identification using physically unclonable function based onetime password and operating method thereof
US20240005820A1 (en) Content encryption and in-place decryption using visually encoded ciphertext
WO2011060738A1 (en) Method for confirming data in cpu card
Nyang et al. Decryptable to Your Eyes: Visualization of Security Protocols at the User Interface
KR20160099767A (en) Secure payment method, digital system, and payment system thereof
KR20160099766A (en) Secure payment method, digital system, and payment system thereof
KR20140142440A (en) The security and authentication software by the designated PC and 2 channel system
KR20100120835A (en) Security device and method using security input device

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E90F Notification of reason for final refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant