KR101743951B1 - Digital Signature Device and Digital Signature Method Using It - Google Patents
Digital Signature Device and Digital Signature Method Using It Download PDFInfo
- Publication number
- KR101743951B1 KR101743951B1 KR1020150154272A KR20150154272A KR101743951B1 KR 101743951 B1 KR101743951 B1 KR 101743951B1 KR 1020150154272 A KR1020150154272 A KR 1020150154272A KR 20150154272 A KR20150154272 A KR 20150154272A KR 101743951 B1 KR101743951 B1 KR 101743951B1
- Authority
- KR
- South Korea
- Prior art keywords
- digital signature
- biometric information
- unit
- security token
- user
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to an electronic signature apparatus and an electronic signature method using the same, and more particularly, to an electronic signature apparatus and an electronic signature method using the same that enhance security and user convenience based on biometric information recognition.
Description
The present invention relates to an electronic signature apparatus and an electronic signature method using the same, and more particularly, to an electronic signature apparatus and an electronic signature method using the same that enhance security and user convenience based on biometric information recognition.
With the development of personal computers and the Internet, transactions and services using open networks such as Internet banking, electronic transactions, and electronic information services are being activated. In such electronic transactions and the like, digital signatures, which prevent forgery and alteration of electronic documents and provide functions such as non-repudiation to electronic transaction acts, are becoming essential elements along with the establishment of the accredited certificate system.
Generally, electronic signatures are widely used as a means of subscriber authentication in a login step such as internet banking, a cyber securities transaction, a credit card homepage, etc., an account transfer step, or a credit card payment step. Conventionally, a digital signature process using a public certificate is performed on a PC used by a user. In this case, a user authentication module in the form of a plug-in that operates on a web browser must be installed in the user PC. In the conventional authorized authentication module, the user interface for digital signature generation has the following configuration.
- Menu to select certificate to use for digital signature
- Input window to enter the certificate password
- buttons (for example, hard disk, removable disk, storage token, security token, mobile phone, etc.)
In this user interface configuration, when the user selects the hard disk button, the authorized authentication module can search the authorized certificate stored in the hard disk of the user PC and list the authorized certificate in the certificate selection window. Likewise, if the user selects the mobile disk button, the authorized authentication module can search the USB memory device connected to the user PC and list the USB memory device in the certificate selection window. The user can then select one of the listed certificates. After that, the user can input the certificate password into the input window using a keyboard or the like to proceed the digital signature. When the certificate password is inputted, the authorized authentication module performs digital signature using the selected public key certificate, electronic signature key, and certificate password, and transmits the generated digital signature value to the requested Internet banking, cyber securities transaction, credit It can be transmitted to the corresponding web site as means of subscriber authentication at the login step such as the card homepage, the account transfer step, or the credit card payment step.
Normally, a public certificate and an electronic signature key can be stored in a hard disk of a user PC, or a universal serial bus (USB) memory. One of the most common cases is to store a public certificate and an electronic signature key on the PC's hard disk. However, in this case, when a keyboard hacking program, a malicious virus, or the like is installed on the PC, or when the user accesses the phishing site unintentionally, the authentication certificate, the digital signature key, and / or the authorized certificate password are exposed to a third party There was a risk of being able to.
In order to prevent such exposure, a technology of a security token (Hardware Security Module) has been developed as a storage medium that can more safely manage and carry a subscriber's private key.
Such a security token is an apparatus capable of generating and storing an encryption key in independent hardware, and can encrypt, decrypt, and digitally sign with the encryption key inside the apparatus. However, since the encryption key itself is not leaked out, It has security.
Such a security token operates by its own controller or firmware, and interfaces with an external device according to the standard. However, such a security token typically has a small amount of memory, such as 32 KB, and can not handle application programs or complex operations on its own.
Accordingly, when a security token is used in a user terminal, an ActiveX or other application program downloaded from a homepage of a financial server or an authentication server of a user terminal is installed in the user terminal, and thereafter, the user terminal connects to the security token, Signing step can be performed.
However, in the case of such ActiveX or application programs, there is a problem of completing with other programs such as OS, a problem of security vulnerability during downloading and installation, an error in using ActiveX or application program itself, There are many problems such as user inconvenience in the course of the process. In addition, in the case of the conventional security token, it is troublesome to install the smart card reader driver in the user terminal connecting the security token.
Meanwhile, in order to further enhance security, an authentication procedure using fingerprint information has been proposed. However, when authentication is performed using only such fingerprint information, the risk of hacking from outside increases, and problems such as leakage of fingerprint information may occur. Further, in order to drive a terminal for reading fingerprint information and extract a fingerprint template from the fingerprint information, a separate Active X or application program must be installed in the user terminal, and such an Active X or application program also causes problems .
An object of the present invention is to provide an electronic signature apparatus and an electronic signature method using the same that enhance security and user convenience based on biometric information recognition.
According to an aspect of the present invention, there is provided a web server comprising: a web server unit receiving a digital signature request from a user terminal and transmitting the generated digital signature to a user terminal; A biometric information recognition module for recognizing biometric information and verifying the recognized biometric information; A security token for generating a digital signature when verification of the biometric information is confirmed in the biometric information recognition module; And an electronic signature generation unit, connected to the web server unit, for performing a task request to the security token and the biometric information recognition module, wherein the web server unit comprises: A signature device is provided.
In the present invention, the digital signature device further includes an electronic signature generation unit, wherein the digital signature generation unit includes: a web server unit interfacing unit for performing interfacing with the web server unit; A security token interfacing unit for interfacing with the security token; And a biometric information recognition module interfacing unit for performing interfacing with the biometric information recognition module.
In the present invention, the biometric information recognition module may include: a biometric information recognition unit for performing biometric information recognition; A biometric information verifying unit for verifying previously stored biometric information and recognized biometric information; And an electronic signature request unit for requesting the electronic signature generation unit to generate an electronic signature when the biometric information recognized by the biometric information verification unit is verified.
In the present invention, the security token interfacing unit may include a standard API of PKCS # 11, and may interface with the security token according to the PKCS # 11 standard.
In the present invention, the security token may be operated independently of the digital signature generation unit.
In the present invention, the web server unit receives a digital signature request from a user terminal in accordance with the HTTPS standard, and the web server unit sends an electronic signature request to the digital signature generation unit, and the digital signature generation unit transmits the digital signature to the biometric information recognition module interfacing unit Wherein the digital signature generation unit receives a biometric information verification request from the biometric information recognition module and transmits the security token digital signature to the security token through the security token interfacing unit, And the web server unit may transmit the digital signature generated in the security token to the user terminal through communication according to the HTTPS standard.
In the present invention, the digital signature apparatus further includes a digital signature history management unit, wherein the digital signature history management unit stores the digital signature request received from the user terminal, the generated digital signature transmitted to the user terminal, The history of the signature request and the generated digital signature transmitted to the user terminal can be recorded.
In the present invention, the digital signature history management unit may transmit the recorded history related to the digital signature to the external digital signature management server through the web server unit.
In the present invention, the biometric information of two or more users can be registered in the digital signature device, and the biometric information verification unit verifies whether the recognized biometric information matches one of the biometric information of the two or more registered users .
In the present invention, the digital signature apparatus further includes a digital signature history management unit, wherein the digital signature history management unit stores the digital signature request received from the user terminal, the generated digital signature transmitted to the user terminal, A signature request and a history of the generated digital signature sent to the user terminal and authenticated user information.
According to an aspect of the present invention, there is provided a web server comprising: a web server unit receiving a user password and an electronic signature request from a user terminal and transmitting the generated digital signature to a user terminal; A biometric information recognition module for recognizing biometric information and verifying the recognized biometric information; A security token that generates an electronic signature; A web server interfacing unit for interfacing with the web server unit, a security token interfacing unit for interfacing with the security token, a biometric information recognition module interfacing unit for interfacing with the biometric information recognition module, And a user password storing and verifying unit for verifying whether a user password stored in the user information storage unit and stored in the user information storage unit is stored in the storage unit and the user password received from the user terminal matches the user password of the legitimate user, Verification is confirmed and the user's password received from the user terminal matches the user's password stored in the user password storage and verification unit, the web server unit generates a digital signature, and the web server unit communicates with the user terminal in accordance with the HTTPS standard To do And it provides an electronic signature device.
According to an aspect of the present invention, there is provided an electronic signature requesting method, comprising: receiving an electronic signature request from a user terminal through a communication according to HTTPS standard; A first digital signature generation request step in which the web server unit issues a digital signature generation request to the digital signature generation unit; A biometric information recognition and verification request step in which the digital signature generation unit performs a biometric information recognition and verification request to the biometric information recognition module; A biometric information recognition and verification step of receiving biometric information of a user from the outside in the biometric information recognition module and discriminating whether or not the biometric information matches the biometric information of a previously stored user; A second digital signature generation step of performing a digital signature generation request to the digital signature generation unit by the biometric information recognition module when the biometric information of the user inputted from the biometric information recognition module coincides with the biometric information of the user, ; A third digital signature generation request step in which the digital signature generation unit performs a digital signature generation request to the security token; Performing an electronic signature in which the security token performs a digital signature; A first digital signature transmission step in which the security token transmits an electronic signature to the digital signature generation unit; The digital signature generation unit may include: a second digital signature transmission step of transmitting the received digital signature to the web server unit; And an electronic signature transmission step of the web server unit transmitting an electronic signature to the user terminal by communication according to the HTTPS standard.
In the present invention, the web server unit, the digital signature generation unit, and the biometric information recognition module may be operated by a single independent operating system, and the security token may be controlled by a controller independent of the operating system.
In the present invention, one or both of the biometric information recognition and verification request step and the third digital signature creation request step may be performed by an internal API stored in the digital signature generation unit.
In the present invention, the third digital signature creation request step may be performed according to the standard of PKCS # 11.
The present invention may further include an electronic signature history recording step of recording a history of one or both of the first digital signature creation request step and the digital signature performing step.
The present invention may further comprise a signature history transmission step of transmitting the recorded digital signature related history to an external digital signature management server through the web server unit.
According to an aspect of the present invention, there is provided an electronic signature method using an electronic signature apparatus including a web server unit, an electronic signature generation unit, a security token, and a biometric information recognition module, An electronic signature request receiving step of receiving an electronic signature request by communication according to a standard; A biometric information recognition and verification step of receiving biometric information of a user from the outside in the biometric information recognition module and discriminating whether or not the biometric information matches the biometric information of a previously stored user; Performing an electronic signature on the security token when the biometric information of the user inputted from the biometric information recognition module is identical to the biometric information of the user; And a digital signature transmission step in which the web server unit transmits a digital signature to a user terminal through communication according to the HTTPS standard, and the digital signature generation unit generates a digital signature based on a PKCS # 11 standard for interfacing with the security token And an electronic signature is requested to the security token using an interfacing API.
In the present invention, the web server unit, the digital signature generation unit, and the biometric information recognition module may be operated by a single independent operating system, and the security token may be controlled by a controller independent of the operating system.
The present invention may further include an electronic signature history recording step of recording a history of one or both of the digital signature request receiving step and the digital signature performing step.
In order to solve the above problems, there is provided an electronic signature requesting step of performing an electronic signature request to a web server unit while a user terminal transmits a user password inputted by a user by communication according to the HTTPS standard to a web server unit. A first digital signature generation request step in which the web server unit requests the digital signature generation unit to generate an electronic signature; A user password verification step of verifying whether the user's password received from the user terminal matches the user's password of a previously stored legitimate user; A biometric information recognition and verification step of performing a biometric information recognition and verification request to the biometric information recognition module when the digital signature generation unit verifies whether the user password is matched; A biometric information recognition and verification step of receiving biometric information of a user from the outside in the biometric information recognition module and discriminating whether or not the biometric information matches the biometric information of a previously stored user; A second digital signature generation step of performing a digital signature generation request to the digital signature generation unit by the biometric information recognition module when the biometric information of the user inputted from the biometric information recognition module coincides with the biometric information of the user, ; A third digital signature generation request step in which the digital signature generation unit performs a digital signature generation request to the security token; Performing an electronic signature in which the security token performs a digital signature; A first digital signature transmission step in which the security token transmits an electronic signature to the digital signature generation unit; The digital signature generation unit may include: a second digital signature transmission step of transmitting the received digital signature to the web server unit; And an electronic signature transmission step in which the web server unit transmits a digital signature to a user terminal by communication according to the HTTPS standard.
INDUSTRIAL APPLICABILITY The present invention can realize an electronic signature authentication procedure without causing problems of call completion, security vulnerability, use error, and user inconvenience due to downloading, installation, and driving of an active X or an application program .
Since the present invention can be used immediately by connecting an electronic signature device to a user terminal via a USB or the like when only an Internet connection is available, the convenience of the user can be maximized.
According to the present invention, since security is strengthened by biometric information authentication based on excellent security of the security token itself, it is possible to exert security at a level of zero defectiveness.
The present invention uses an internal web server unit in the digital signature device, although it combines the two methods of security token and biometric information authentication. Therefore, And it is possible to maximize the convenience of use without requiring a drive.
The present invention can exhibit strong security in the form of combining a security token and biometric information authentication by virtually connecting a user's own digital signature device to a user terminal and inputting only biometric information such as a fingerprint, It is possible to exhibit very high security against user's investment in time.
The present invention can exhibit an effect that a fingerprint of a plurality of users is registered in the digital signature generation of a corporation so that the digital signature can be easily converted and used even in the form of generating a digital signature of a corporation.
1 is a conceptual diagram showing a system of an electronic signature apparatus according to the present invention;
2 is an internal configuration diagram of an electronic signature apparatus according to the present invention;
3 is a detailed internal configuration diagram of an electronic signature apparatus according to the present invention;
Figure 4 is a step diagram of an electronic signature method according to the present invention;
5 is a diagram illustrating a signature history transmission process of an electronic signature method according to the present invention.
6 is a detailed step diagram of an electronic signature method according to the present invention.
7 is a detailed internal configuration diagram of an electronic signature apparatus according to another embodiment of the present invention;
8 is a detailed step diagram of an electronic signature method according to another embodiment of the present invention.
9 is a step diagram of an electronic signature method according to the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. Prior to the detailed description of the present invention, terms and words used in the present specification and claims should not be construed as limited to ordinary or dictionary terms. Therefore, the embodiments described in this specification and the configurations shown in the drawings are merely the most preferred embodiments of the present invention and do not represent all the technical ideas of the present invention. Therefore, It is to be understood that equivalents and modifications are possible.
In the present specification, the term "biometric information" refers to identifiable information obtained from a human body, and is a concept including information obtained from fingerprints, handwriting, DNA, iris, face, telegraph, However, in the present specification, an electronic document is generated and verified using information obtained from a fingerprint for convenience of explanation.
As used herein, the term "user terminal" may be any of a variety of computing devices such as a personal computer (PC), desktop, notebook, tablet, smart phone, PDA, It corresponds to a terminal that can connect to an institution.
As used herein, the term " module " includes any software installed and executed in a computing device, hardware within a computing device, or a combination of software and hardware.
1 is a conceptual diagram showing a system of an
Here, the
Meanwhile, according to the present invention, a digital signature is requested, generated and transmitted by the following steps.
(Step 1) The
(Step 2) The
(Step 3) When the
(Step 4) After performing the biometric information recognition in the
(Step 5) The digital signature is transmitted from the
(Step 6) The
In this regard, step 1 may be performed automatically by connecting the
Meanwhile, in connection with the step 3, the
Meanwhile, the
2 is an internal configuration diagram of an
The
Fig. 3 shows a detailed internal configuration diagram of the
As shown in FIG. 3, the biometric
The biometric
Preferably, in the present invention, the biometric information is verified only in the
3, the
The digital
Preferably, the security
Meanwhile, the security
The
The
Meanwhile, the biometric
In this configuration, the
As described above, in the present invention, communication with the
Meanwhile, the
In addition, the digital signature
The
In this case, the digital signature
7 is a detailed internal configuration diagram of an
7, the
A biometric
A security token (130) for generating a digital signature;
A web
A user
An
And an electronic signature
The
7, a user password of a legitimate user is stored therein, and a user password storage and
When the digital
That is, the
In this embodiment, it is possible to secure better security than the
Hereinafter, a digital signature method using the
6 is a detailed step diagram of the digital signature method according to the present invention.
6, an electronic signature method according to the present invention is a method in which a
Then, the
When the digital
Hereinafter, the biometric
The digital
Hereinafter, the
The
The
Meanwhile, in the digital signature method of the present invention, one or both of the biometric information recognition and verification request step and the third digital signature creation request step are performed by the internal API stored in the digital
Preferably, the third digital signature generation request step is performed according to the standard of PKCS # 11, and the API of the PKCS # 11 standard is embedded in the digital
Preferably, the digital signature method according to the present invention records the history of one or both of the first digital signature generation request step (S410) and the digital signature execution step (S460) in order to record the details of the digital signature The electronic signature history recording step can be further performed.
The first digital signature creation request step (S410) represents the history of the attempted generation of the digital signature, and the digital signature execution step (S460) represents the history of the digital signature generation finally. When biometric information of a plurality of users is registered, individual information of the user who has attempted to generate the digital signature and / or biometric information individually recognized can be recorded.
FIG. 5 is a flowchart illustrating a signature history transmission process of the digital signature method according to the present invention. 5, when the
Alternatively, although not shown in FIG. 5, after the first digital signature creation request step is performed, the
8 shows a detailed step diagram of an electronic signature method according to another embodiment of the present invention.
The electronic signature method of the present invention shown in Fig. 8 is a method in which the
An electronic signature requesting step (S300) of sending an electronic signature request to the web server unit (140) while transmitting the user password inputted by the user to the web server unit (140);
A first digital signature generation request step (S410) in which the
A user password verification step (S415) of verifying whether the digital signature generating unit (120) matches a user password received from the user terminal (200) and a user password of a legitimate user previously stored;
A biometric information recognition and verification step (S420) of performing biometric information recognition and verification request to the biometric
A biometric information recognition and verification step (S430) of receiving biometric information of a user from the outside in the biometric
When the biometric information of the user input from the biometric
A third digital signature generation request step (S450) in which the digital
Performing an electronic signature (S460) in which the security token (130) performs a digital signature;
A first digital signature transmission step (S470) in which the security token (130) transmits an electronic signature to the digital signature generation unit (120);
The digital
And an electronic signature transmission step (S500) in which the
In this embodiment, the electronic signature can be finally generated only if the password entered by the user is the same as the pre-stored password of the legitimate user. Therefore, even if the biometric information is falsified or altered, .
9 is a flowchart illustrating an electronic signature method by the
The digital signature method of the present invention includes: an electronic signature request receiving step (S300.1) wherein the
A biometric information recognition and verification step (S430) of receiving biometric information of a user from the outside in the biometric
An electronic signature performing step (S460) in which the security token (130) performs a digital signature when the biometric information of the user inputted from the biometric information recognition module (110) coincides with the biometric information of the user stored previously; And
And an electronic signature transmission step (S500) in which the
In this way, the
In the digital signature method according to the present invention, the
Also, in the digital signature method of the present invention, the
INDUSTRIAL APPLICABILITY The present invention can realize an electronic signature authentication procedure without causing problems of call completion, security vulnerability, use error, and user inconvenience due to downloading, installation, and driving of an active X or an application program .
Since the present invention can be used immediately by connecting an electronic signature device to a user terminal via a USB or the like when only an Internet connection is available, the convenience of the user can be maximized.
According to the present invention, since security is strengthened by biometric information authentication based on excellent security of the security token itself, it is possible to exert security at a level of zero defectiveness.
Although the present invention combines two methods of security token and biometric information authentication, it uses an own web server in the digital signature device. Therefore, it is possible to provide an active X and application program for each security token and biometric information authentication, And it is possible to maximize the convenience of use without requiring a drive.
The present invention can exhibit strong security in the form of combining a security token and biometric information authentication by virtually connecting a user's own digital signature device to a user terminal and inputting only biometric information such as a fingerprint, It is possible to exhibit very high security against user's investment in time.
The present invention can exhibit an effect that a fingerprint of a plurality of users is registered in the digital signature generation of a corporation so that the digital signature can be easily converted and used even in the form of generating a digital signature of a corporation.
It will be understood by those skilled in the art that various changes and modifications may be made without departing from the scope of the present invention.
Claims (21)
A web server unit receiving a digital signature request from a user terminal and transmitting the generated digital signature to a user terminal;
A biometric information recognition module for recognizing biometric information and verifying the recognized biometric information;
A security token for generating a digital signature when verification of the biometric information is confirmed in the biometric information recognition module;
An electronic signature generation unit, connected to the web server unit, for performing a task request to the security token and the biometric information recognition module; And
The web server unit; The biometric information recognition module; And an OS unit for operating and operating the digital signature generator,
The web server unit performs communication according to the HTTPS standard with the user terminal,
Wherein the digital signature generation unit comprises:
A web server interfacing unit for interfacing with the web server unit;
A security token interfacing unit for interfacing with the security token;
A biometric information recognizing module interfacing part for performing interfacing with the biometric information recognizing module; And
And a user password storage and verification unit for verifying whether a user password of a legitimate user is stored and a user password received from the user terminal matches the user password of the legitimate user,
Wherein the security token interfacing unit includes an API capable of interfacing with the security token,
Wherein the security token includes its own memory and a processor, and is operated independently from the digital signature generator,
The security token includes a key generation / management unit; An electronic signature performing unit; And a security token controller unit, wherein the security token controller unit includes an OS for operating the security token,
The web server unit receives an electronic signature request from a user terminal in accordance with the HTTPS standard,
Wherein the web server unit makes an electronic signature request to the electronic signature generation unit,
Wherein the digital signature generation unit performs a biometric information recognition and verification request to the biometric information recognition module through the biometric information recognition module interfacing unit,
Wherein the digital signature generation unit receives the biometric information verification confirmation from the biometric information recognition module and, when the user password received from the user terminal matches the user password stored in the user password storage and verification unit, transmits the digital signature to the security token interfacing unit Performing a security token digital signature generation request to the security token,
The web server unit transmits the digital signature generated in the security token to the user terminal through communication according to the HTTPS standard,
The biometric information recognition module comprises:
A biometric information recognizing unit for performing biometric information recognition;
A biometric information verifying unit for verifying previously stored biometric information and recognized biometric information; And
And a digital signature requesting unit for requesting the digital signature generation unit to generate a digital signature when the biometric information recognized by the biometric information verification unit is verified,
Wherein the digital signature apparatus further comprises an electronic signature history management unit,
The electronic signature history management unit records the history of the digital signature request received from the user terminal, the generated digital signature transmitted to the user terminal, or the digital signature request received from the user terminal and the generated digital signature transmitted to the user terminal ,
Wherein the electronic signature history management unit can transmit the recorded history related to the electronic signature to the external electronic signature management server through the web server unit.
The security token interfacing unit includes a standard API of PKCS # 11,
And performs interfacing with the security token according to the PKCS # 11 standard.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150154272A KR101743951B1 (en) | 2015-11-04 | 2015-11-04 | Digital Signature Device and Digital Signature Method Using It |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150154272A KR101743951B1 (en) | 2015-11-04 | 2015-11-04 | Digital Signature Device and Digital Signature Method Using It |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170052162A KR20170052162A (en) | 2017-05-12 |
KR101743951B1 true KR101743951B1 (en) | 2017-07-04 |
Family
ID=58739971
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150154272A KR101743951B1 (en) | 2015-11-04 | 2015-11-04 | Digital Signature Device and Digital Signature Method Using It |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101743951B1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102007431B1 (en) * | 2018-04-17 | 2019-08-05 | 주식회사 스마트솔루션 | System and method for checking the truth to application information for automatic withdrawal registration |
US11469903B2 (en) * | 2019-02-28 | 2022-10-11 | Microsoft Technology Licensing, Llc | Autonomous signing management operations for a key distribution service |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100842838B1 (en) * | 2007-08-13 | 2008-07-03 | 이태원 | System and method for wireless public certification service with mobile terminal using mpg system |
KR101348079B1 (en) * | 2013-06-07 | 2014-01-08 | 라온시큐어(주) | System for digital signing using portable terminal |
-
2015
- 2015-11-04 KR KR1020150154272A patent/KR101743951B1/en active IP Right Grant
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100842838B1 (en) * | 2007-08-13 | 2008-07-03 | 이태원 | System and method for wireless public certification service with mobile terminal using mpg system |
KR101348079B1 (en) * | 2013-06-07 | 2014-01-08 | 라온시큐어(주) | System for digital signing using portable terminal |
Also Published As
Publication number | Publication date |
---|---|
KR20170052162A (en) | 2017-05-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210409397A1 (en) | Systems and methods for managing digital identities associated with mobile devices | |
KR100876003B1 (en) | User Authentication Method Using Biological Information | |
CN106575326B (en) | System and method for implementing one-time passwords using asymmetric encryption | |
US20180082050A1 (en) | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device | |
US10586229B2 (en) | Anytime validation tokens | |
US8904495B2 (en) | Secure transaction systems and methods | |
JP5066827B2 (en) | Method and apparatus for authentication service using mobile device | |
EP2343678A1 (en) | Secure transaction systems and methods | |
US20130219481A1 (en) | Cyberspace Trusted Identity (CTI) Module | |
US20100180120A1 (en) | Information protection device | |
US20150082390A1 (en) | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device | |
EP2098985A2 (en) | Secure financial reader architecture | |
US20090222383A1 (en) | Secure Financial Reader Architecture | |
JP2000181871A (en) | Device and method for authentication | |
NO340355B1 (en) | 2-factor authentication for network connected storage device | |
KR101743951B1 (en) | Digital Signature Device and Digital Signature Method Using It | |
KR20170109126A (en) | Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof | |
KR20160008012A (en) | User authentification method in mobile terminal | |
KR101835718B1 (en) | Mobile authentication method using near field communication technology | |
AU2015200701B2 (en) | Anytime validation for verification tokens | |
TWI778319B (en) | Method for cross-platform authorizing access to resources and authorization system thereof | |
GB2607282A (en) | Custody service for authorising transactions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
AMND | Amendment | ||
E601 | Decision to refuse application | ||
AMND | Amendment | ||
X701 | Decision to grant (after re-examination) |