KR20100006304A - Apparatus and method for protecting secret number - Google Patents

Apparatus and method for protecting secret number Download PDF

Info

Publication number
KR20100006304A
KR20100006304A KR1020080066489A KR20080066489A KR20100006304A KR 20100006304 A KR20100006304 A KR 20100006304A KR 1020080066489 A KR1020080066489 A KR 1020080066489A KR 20080066489 A KR20080066489 A KR 20080066489A KR 20100006304 A KR20100006304 A KR 20100006304A
Authority
KR
South Korea
Prior art keywords
password
extended
input
terminal
digits
Prior art date
Application number
KR1020080066489A
Other languages
Korean (ko)
Inventor
조승모
Original Assignee
주식회사 브리지텍
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 브리지텍 filed Critical 주식회사 브리지텍
Priority to KR1020080066489A priority Critical patent/KR20100006304A/en
Publication of KR20100006304A publication Critical patent/KR20100006304A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2123Dummy operation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a password protection device, wherein the password protection device generates an extended password based on the number of digits of the actual password, and transmits the generated extended password to the terminal, the extended password and an input password input by the user. When the final extended password consisting of the input from the terminal, characterized in that for extracting the input password from the final extended password. As a result, even if the password entered by the user from the terminal to the financial call center unit is hacked or eavesdropped, the risk of financial accident is reduced because it is an extended password rather than an accurate password.

Description

Password protector and its method {APPARATUS AND METHOD FOR PROTECTING SECRET NUMBER}

The present invention relates to a password protection device and a method thereof.

In general, every time you use a variety of financial transactions, a password is used to verify your identity, and when a password is exposed to others, many economic losses occur.

In recent years, the convenience of users has increased as electronic financial transactions such as Internet banking and phone banking have been activated.However, the risk of password exposure due to computer hacking has also increased, resulting in increased user anxiety. Increases.

Therefore, one of the methods used to reduce the exposure of passwords in electronic financial transactions is the use of security cards with passwords.

If you use an electronic financial transaction using a security card paid for each individual, security is improved because 40 different passwords are used for each security card. However, there is still a risk of eavesdropping or hacking since the password and the number of the security card entered for identity verification are transmitted through a telephone line or an internet network through signal conversion.

In addition, inconvenience occurs when using a security card every time a financial transaction, if the security card is lost, a new security card paying a predetermined fee must be paid, resulting in waste of cost.

Therefore, the technical problem to be achieved by the present invention is to reduce the risk of exposure of passwords used in electronic financial transactions.

Password protection device according to an aspect of the present invention generates an extended password based on the actual number of digits of the password, and transmits the generated extended password to the terminal, the final expansion consisting of the extended password and the input password input by the user When the password is input from the terminal, the input password is extracted from the final extended password.

The number of digits of the extended password may be larger than the number of digits of the actual password.

The extended password preferably includes a dummy symbol having a portion where the input password is input by the user and at least one digit.

The dummy symbol may include a randomly generated number of symbols.

The extended password is preferably transmitted to the terminal as a video signal.

The password protection device according to the above features generates a dummy symbol in response to a controller requesting generation of the extended password, the request from the controller, and generates the extended password using the digits of the actual password and the dummy symbol. A password extension unit for transmitting the generated extended password to the terminal, an extended password transceiver for receiving a final extended password inputted from the terminal, and an input to the dummy extended password transmitter / receiver using the dummy symbol; It may include a password extraction unit for extracting the input password input by the user from the last extended password.

The extended password transmitter / receiver may transmit a message regarding a method of inputting a password to the terminal.

The password protection method according to another aspect of the present invention, when the password input request signal is input, generating an extended password including a dummy symbol based on the actual number of digits, transmitting the extended password to the terminal, the dummy symbol And determining whether a final extended password consisting of an input password input by the user has been input, and if the final extended password is input, extracting the input password from the final extended password based on the dummy symbol. do.

The number of digits of the extended password may be larger than the number of digits of the actual password.

The transmitting of the extended password may include transmitting a message regarding a password input method.

According to a feature of the invention, when conducting an electronic financial transaction such as phone banking, instead of entering the actual password, the user enters an extended password having more digits than the actual password. As a result, even if the password entered by the user from the terminal to the financial call center unit is hacked or eavesdropped, the risk of financial accident is reduced because it is an extended password rather than an accurate password.

DETAILED DESCRIPTION Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention. As those skilled in the art would realize, the described embodiments may be modified in various different ways, all without departing from the spirit or scope of the present invention. In the drawings, parts irrelevant to the description are omitted in order to clearly describe the present invention, and like reference numerals designate like parts throughout the specification.

Throughout the specification, when a part is said to "include" a certain component, it means that it can further include other components, without excluding other components unless specifically stated otherwise. In addition, the terms “… unit” and the like described in the specification mean a unit for processing at least one function or operation, which may be implemented by hardware or software or a combination of hardware and software.

Now, a password protection device and a method thereof according to an embodiment of the present invention will be described in detail with reference to the drawings.

First, a password protection device according to an exemplary embodiment of the present invention will be described with reference to FIG. 1.

1 is a block diagram of a password protection device according to an embodiment of the present invention.

Referring to FIG. 1, a financial call center unit 30 connected to a terminal 10, a financial call center unit 30 connected to a terminal 10 through a delivery network 20, and a financial server 40 connected to a financial call center unit 30 through a delivery network 20. It is provided.

The terminal 10 may be a terminal capable of transmitting and receiving video signals and audio signals, and may be connected to the delivery network 20. The terminal 10 may be a video telephone, a computer, a mobile phone, a laptop, or the like.

The delivery network 20 may be a wired or wireless Internet network or a telephone network, and the terminal 10 is connected to the financial call center unit 30 through the delivery network 20.

Financial call center unit 30 may be an interactive voice & video response (IVVR), the control unit 31, the password extension unit 32 connected to the control unit 31, the extended password transmission and reception unit (32) connected to the password extension unit ( 33, and a password extractor 34 connected to the controller 31, the password expander 32, and the extended password transmitter / receiver 33.

When the user accesses the financial call center unit 30 through the terminal 10 for an electronic financial transaction using phone banking, the controller 31 executes a scenario that is already stored in a memory (not shown) and the like. The message is sent to the terminal 10, and a guide message for an electronic financial transaction is delivered to the user.

The password extension unit 32 is operated at the request of the control unit 31, and generates an extended password having an extended number of digits of the account password, together with an identification number of the corresponding terminal 10, for example, a phone number. The extended password is transmitted to the transmitter / receiver 33.

The extended password transmission / reception unit 33 converts the extended password transmitted from the password expansion unit 32 into an image signal, and then transmits the converted password to the terminal 10 corresponding to the identification number of the terminal through the transmission network 20, and the terminal ( 10) to receive the last extended password entered by the user.

The password extractor 34 extracts a desired password from the final extended password inputted to the extended password transmitter / receiver 33 and transmits it to the financial server 40.

The financial server 40 stores a database 41 in which customer information such as a social security number, an account password, an electronic financial transaction password specified when applying for an electronic financial transaction, or an identification number of a terminal such as a telephone number is stored. ). The database 41 is included in the financial server 40 in the present embodiment, but, alternatively, the database 41 may be installed as a separate device from the financial server 40. The financial server 40 determines whether the password input through the terminal 10 is correct so that the electronic financial transaction selected by the user can be made according to the determination result.

The operation of the password protection device having such a structure will be described with reference to FIG.

2 is a flowchart illustrating a password protection method according to an embodiment of the present invention.

In the present embodiment, a method of receiving an account password using an extended password will be described. Therefore, the password used in this embodiment is an account password.

First, when the user connects to the control unit 31 of the financial call center unit 30 through the terminal 10, the operation of the financial call center unit 30 is started (S10).

Therefore, the controller 31 executes a scenario stored in a memory (not shown) or the like and transmits a corresponding guide message to the terminal 10 (S110), and transmits a guide message for an electronic financial transaction to the user. At this time, the control unit 31 transmits the guidance message until the request for input of the account password. The guide message may be delivered to the user in various ways such as voice, video, or both.

Next, the control unit 31 outputs a password input request signal to the password expansion unit 32 (S11).

When input to the password input request signal from the control unit 31, the password expansion unit 32 generates an extended password using the number of digits of the password already known (S12). In other words, the password extension unit 32 generates an extended password having more digits than the actual account password, which is generally four digits. In this embodiment, the password extension unit 32 uses the digits of the password that has already been set. However, unlike this, the password extension unit 32 may receive the number of digits of the user's account password from the control unit 31 each time the extension number is generated.

Therefore, the generated extended password includes a predetermined number of symbols (hereinafter, referred to as "dummy symbols") randomly generated in addition to the digits of the actual account password. In this case, the dummy symbol may include not only numbers but also letters, special characters, and the like, and vary each time an extended password is generated. In addition, the extended password has a form in which a dummy symbol generated in the middle of an actual account password is inserted. At this time, the form of the dummy symbol arrangement based on the position at which the dummy symbol is inserted, the number of dummy symbols to be inserted, and the like changes every time the extended password is generated. Therefore, as the number of dummy symbols increases, the number of extended passwords increases, thereby improving the security of the password.

Therefore, an example of the 8-digit extended password generated based on the 4-digit actual account password by the operation of the password expansion unit 32 may be "1 □ 7 □ 78 □□”. In the above example, the □ part is the part where the user's actual account password is to be entered, and the remaining number “1778” is a generated dummy symbol.

When the extended password is generated in this way, the password expansion unit 32 outputs the generated extended password to the extended password transmission and reception unit 33 (S14).

The extended password transmission / reception unit 33 converts the extended password into a video signal and transmits the converted password to the terminal 10 through the transmission network 20. At this time, a message regarding a method of inputting a password together with the converted video signal is transmitted to the terminal 10 as an audio signal (S15). For this reason, the extended password is displayed on the display device (not shown) of the user's terminal 10, and the input method of the account password is transmitted to the user by voice. As described above, the account password is transmitted as a video signal, and the method of inputting the account password is transmitted as a voice signal, so that the account password and its input method are transmitted as signals of different types. However, security is improved. In contrast, the input method of the account password may be delivered to the user in various ways, such as a method using a video or both audio and video.

 (Description: The account secret input method is transmitted by voice, not video, that is, it is transmitted by a signal different from the extended password, so that the security can be improved. Instead, we've added a description that tells you how to enter your account password in a variety of other ways.

For example, the image displayed on the display device of the terminal 10 is “1 □ 7 □ 78 □□”, and an example of the voice message at this time may be “Please input the customer's password including the following number”. have. Therefore, when the actual account password is "1234", the user may input "11727834" including the dummy symbol and the actual account password through an input device (not shown) of the terminal 10.

Then, the extended password transmission and reception unit 33 determines whether the extended password has been input (S16).

When the user inputs the final extended password consisting of a dummy symbol and an actual account password using the input device of the terminal 10, the final extended password is input to the extended password transceiver 33 through the transmission network 20 (S16). . Therefore, the extended password transmitter / receiver 33 transmits the inputted final extended password to the password extractor 34.

The password extraction unit 34 uses the dummy symbol generated in the password extension unit 32 and the final extended password, that is, the account password inputted by the user by excluding the dummy symbol from the last extended password input, that is, the input. After extracting the account password (S17), and transmits to the control unit 31.

The control unit 31 transmits the extracted input account password inputted within the set time to the financial server 40 (S18 and S19).

For this reason, the financial server 40 determines whether the input account password matches the actual account password using the customer information stored in the database 41 (S20).

 When the actual account password and the input password input by the user coincide with each other, the financial server 40 transmits a comparison result to the controller 31 to match each other (S21). In this case, the financial server 40 may provide the control unit 31 with financial information related to the electronic financial transaction service selected by the user, for example, information on the balance of the account.

Therefore, the control unit 31 transmits a guide message about the information related to the electronic financial transaction service selected by the user through the terminal 10 or a guide message relating to the following scenario after entering the account password to the terminal 10 to perform an electronic financial transaction. It can be carried out (S22). As described above, the output guidance message may be delivered to the user in various ways, such as by using voice, video, or both voice and video.

In the subsequent process, if a password such as an account password or an electronic financial transaction password is required, the financial call center unit 30 uses the extended password through the same operation (S12-S19) as described above to obtain a desired password from the user. Can be input. At this time, in one electronic financial transaction, the number of times that a desired password such as an account password or an electronic financial transaction password can be obtained from the user by using the extended password method as described above is determined to the operator in consideration of user convenience and safety. It is determined by and can be changed.

In step S20, when the actual account password and the input account password are different, the financial server 40 transmits a comparison result to the controller 31 that the input account password is different from the actual account password (S23). Based on the comparison result, the control unit 31 outputs a message requesting re-entry of the account password to the terminal 10 (S24), and then determines whether an input account password has been input from the user (S18). In this case, the output message may be delivered to the user in various ways, such as using voice, video, or both voice and video.

However, in step S18, when the final extended password is not input from the terminal 10 for a set time, the controller 31 sends a voice message requesting the input of the final extended account password to the terminal 10. (S25), it is determined whether the input account password is input from the user (S18).

As described above, the present embodiment has been described with respect to a method of acquiring an account password from a user using an extended password, but may be equally applicable to obtaining another password such as an electronic financial transaction password.

The embodiments of the present invention described above are not implemented only through the apparatus and the method, but may be implemented through a program for realizing a function corresponding to the configuration of the embodiment of the present invention or a recording medium on which the program is recorded. Implementation may be easily implemented by those skilled in the art from the description of the above-described embodiments.

Although the embodiments of the present invention have been described in detail above, the scope of the present invention is not limited thereto, and various modifications and improvements of those skilled in the art using the basic concepts of the present invention defined in the following claims are also provided. It belongs to the scope of rights.

1 is a block diagram of a password protection device according to an embodiment of the present invention.

2 is an operational flowchart of a password protection method according to an embodiment of the present invention.

Claims (10)

When the extended password is generated based on the actual number of digits of the password, the extended password is transmitted to the terminal, and the final extended password consisting of the extended password and the input password input by the user is inputted from the terminal. Password protection device for extracting the input password from a password. In claim 1, The number of digits of the extended password is greater than the number of digits of the actual password. In claim 2, The extended password includes a dummy symbol having a portion of the input password is input by the user and at least one digit. In claim 3, And the dummy symbol includes a randomly generated number of symbols. In claim 4, The extended password is a password protection device that is transmitted to the terminal as a video signal. The method according to any one of claims 2 to 5, The password protection device, A controller for requesting generation of the extended password; A password extension unit generating the dummy symbol by a request from the controller, and generating the extended password using the number of digits of the actual password and the dummy symbol; An extended password transmission / reception unit for transmitting the generated extended password to the terminal and receiving a final extended password inputted from the terminal; Password extracting unit for extracting the input password input by the user from the last extended password input to the dummy password extension transmitting and receiving unit using the dummy symbol Password protected device comprising a. In claim 6, The extended password transmitting and receiving unit password protection device for transmitting a message on how to enter a password to the terminal. When the password input request signal is input, generating an extended password including a dummy symbol based on the actual password digits, Transmitting the extended password to a terminal; Determining whether a final extended password consisting of the dummy symbol and the input password input by the user is input; and If the final extended password is input, extracting the input password from the final extended password based on the dummy symbol; Password protection method comprising a. In claim 8, The number of digits of the extended password is greater than the number of digits of the actual password. In claim 8, The transmitting of the extended password may include transmitting a message regarding a password input method.
KR1020080066489A 2008-07-09 2008-07-09 Apparatus and method for protecting secret number KR20100006304A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020080066489A KR20100006304A (en) 2008-07-09 2008-07-09 Apparatus and method for protecting secret number

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020080066489A KR20100006304A (en) 2008-07-09 2008-07-09 Apparatus and method for protecting secret number

Publications (1)

Publication Number Publication Date
KR20100006304A true KR20100006304A (en) 2010-01-19

Family

ID=41815491

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020080066489A KR20100006304A (en) 2008-07-09 2008-07-09 Apparatus and method for protecting secret number

Country Status (1)

Country Link
KR (1) KR20100006304A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10631006B2 (en) 2013-01-04 2020-04-21 Samsung Electronics Co., Ltd. Encoding apparatus and decoding apparatus for depth image, and encoding method and decoding method
US11891216B2 (en) 2021-04-08 2024-02-06 Heiner MESSERLE Packaging

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10631006B2 (en) 2013-01-04 2020-04-21 Samsung Electronics Co., Ltd. Encoding apparatus and decoding apparatus for depth image, and encoding method and decoding method
US11891216B2 (en) 2021-04-08 2024-02-06 Heiner MESSERLE Packaging

Similar Documents

Publication Publication Date Title
US9886688B2 (en) System and method for secure transaction process via mobile device
US9305152B2 (en) Automatic pin creation using password
KR100992573B1 (en) Authentication method and system using mobile terminal
US8869255B2 (en) Method and system for abstracted and randomized one-time use passwords for transactional authentication
JP2009527835A (en) PIN service
KR101741917B1 (en) Apparatus and method for authenticating using speech recognition
WO2019116052A1 (en) Authentication and authorisation
US20170337553A1 (en) Method and appartus for transmitting payment data using a public data network
US11604870B2 (en) Systems and methods for authentication code entry using mobile electronic devices
KR101531878B1 (en) Simple payment support apparatus and method for a mobile terminal
KR101625065B1 (en) User authentification method in mobile terminal
KR101699032B1 (en) Service providing system and method for payment using electronic tag
KR20150146061A (en) Voice recognition authentication system and method for providing authentication service using voice recognition
KR20100006304A (en) Apparatus and method for protecting secret number
US20230419325A1 (en) Method for processing an operation involving secret data, terminal, system and corresponding computer program
WO2005024743A1 (en) Granting access to a system based on the use of a card having stored user data thereon
KR20170141930A (en) System for providing financial service and method for transfer thereof
KR20090106078A (en) One time password generating device, sever for authentication of real user and system including the same
KR20160007153A (en) Financial transaction system using security intensification one time password and method thereof
KR101710794B1 (en) Financial transaction system and operating method of the same
TWI844841B (en) A card binding method, user terminal, server, system and storage medium
JP2011145785A (en) User registration system in internet banking
KR20170111942A (en) Electronic commercial transaction authentication method and system by specific infomation related otp
TWM642404U (en) System for identity verification applied to financial system
KR20220018671A (en) System for authenticating using CAVV based on random card number and method thereof

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination