KR20100006304A - Apparatus and method for protecting secret number - Google Patents
Apparatus and method for protecting secret number Download PDFInfo
- Publication number
- KR20100006304A KR20100006304A KR1020080066489A KR20080066489A KR20100006304A KR 20100006304 A KR20100006304 A KR 20100006304A KR 1020080066489 A KR1020080066489 A KR 1020080066489A KR 20080066489 A KR20080066489 A KR 20080066489A KR 20100006304 A KR20100006304 A KR 20100006304A
- Authority
- KR
- South Korea
- Prior art keywords
- password
- extended
- input
- terminal
- digits
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2123—Dummy operation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The present invention relates to a password protection device, wherein the password protection device generates an extended password based on the number of digits of the actual password, and transmits the generated extended password to the terminal, the extended password and an input password input by the user. When the final extended password consisting of the input from the terminal, characterized in that for extracting the input password from the final extended password. As a result, even if the password entered by the user from the terminal to the financial call center unit is hacked or eavesdropped, the risk of financial accident is reduced because it is an extended password rather than an accurate password.
Description
The present invention relates to a password protection device and a method thereof.
In general, every time you use a variety of financial transactions, a password is used to verify your identity, and when a password is exposed to others, many economic losses occur.
In recent years, the convenience of users has increased as electronic financial transactions such as Internet banking and phone banking have been activated.However, the risk of password exposure due to computer hacking has also increased, resulting in increased user anxiety. Increases.
Therefore, one of the methods used to reduce the exposure of passwords in electronic financial transactions is the use of security cards with passwords.
If you use an electronic financial transaction using a security card paid for each individual, security is improved because 40 different passwords are used for each security card. However, there is still a risk of eavesdropping or hacking since the password and the number of the security card entered for identity verification are transmitted through a telephone line or an internet network through signal conversion.
In addition, inconvenience occurs when using a security card every time a financial transaction, if the security card is lost, a new security card paying a predetermined fee must be paid, resulting in waste of cost.
Therefore, the technical problem to be achieved by the present invention is to reduce the risk of exposure of passwords used in electronic financial transactions.
Password protection device according to an aspect of the present invention generates an extended password based on the actual number of digits of the password, and transmits the generated extended password to the terminal, the final expansion consisting of the extended password and the input password input by the user When the password is input from the terminal, the input password is extracted from the final extended password.
The number of digits of the extended password may be larger than the number of digits of the actual password.
The extended password preferably includes a dummy symbol having a portion where the input password is input by the user and at least one digit.
The dummy symbol may include a randomly generated number of symbols.
The extended password is preferably transmitted to the terminal as a video signal.
The password protection device according to the above features generates a dummy symbol in response to a controller requesting generation of the extended password, the request from the controller, and generates the extended password using the digits of the actual password and the dummy symbol. A password extension unit for transmitting the generated extended password to the terminal, an extended password transceiver for receiving a final extended password inputted from the terminal, and an input to the dummy extended password transmitter / receiver using the dummy symbol; It may include a password extraction unit for extracting the input password input by the user from the last extended password.
The extended password transmitter / receiver may transmit a message regarding a method of inputting a password to the terminal.
The password protection method according to another aspect of the present invention, when the password input request signal is input, generating an extended password including a dummy symbol based on the actual number of digits, transmitting the extended password to the terminal, the dummy symbol And determining whether a final extended password consisting of an input password input by the user has been input, and if the final extended password is input, extracting the input password from the final extended password based on the dummy symbol. do.
The number of digits of the extended password may be larger than the number of digits of the actual password.
The transmitting of the extended password may include transmitting a message regarding a password input method.
According to a feature of the invention, when conducting an electronic financial transaction such as phone banking, instead of entering the actual password, the user enters an extended password having more digits than the actual password. As a result, even if the password entered by the user from the terminal to the financial call center unit is hacked or eavesdropped, the risk of financial accident is reduced because it is an extended password rather than an accurate password.
DETAILED DESCRIPTION Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention. As those skilled in the art would realize, the described embodiments may be modified in various different ways, all without departing from the spirit or scope of the present invention. In the drawings, parts irrelevant to the description are omitted in order to clearly describe the present invention, and like reference numerals designate like parts throughout the specification.
Throughout the specification, when a part is said to "include" a certain component, it means that it can further include other components, without excluding other components unless specifically stated otherwise. In addition, the terms “… unit” and the like described in the specification mean a unit for processing at least one function or operation, which may be implemented by hardware or software or a combination of hardware and software.
Now, a password protection device and a method thereof according to an embodiment of the present invention will be described in detail with reference to the drawings.
First, a password protection device according to an exemplary embodiment of the present invention will be described with reference to FIG. 1.
1 is a block diagram of a password protection device according to an embodiment of the present invention.
Referring to FIG. 1, a financial
The
The
Financial
When the user accesses the financial
The
The extended password transmission /
The
The
The operation of the password protection device having such a structure will be described with reference to FIG.
2 is a flowchart illustrating a password protection method according to an embodiment of the present invention.
In the present embodiment, a method of receiving an account password using an extended password will be described. Therefore, the password used in this embodiment is an account password.
First, when the user connects to the
Therefore, the
Next, the
When input to the password input request signal from the
Therefore, the generated extended password includes a predetermined number of symbols (hereinafter, referred to as "dummy symbols") randomly generated in addition to the digits of the actual account password. In this case, the dummy symbol may include not only numbers but also letters, special characters, and the like, and vary each time an extended password is generated. In addition, the extended password has a form in which a dummy symbol generated in the middle of an actual account password is inserted. At this time, the form of the dummy symbol arrangement based on the position at which the dummy symbol is inserted, the number of dummy symbols to be inserted, and the like changes every time the extended password is generated. Therefore, as the number of dummy symbols increases, the number of extended passwords increases, thereby improving the security of the password.
Therefore, an example of the 8-digit extended password generated based on the 4-digit actual account password by the operation of the
When the extended password is generated in this way, the
The extended password transmission /
(Description: The account secret input method is transmitted by voice, not video, that is, it is transmitted by a signal different from the extended password, so that the security can be improved. Instead, we've added a description that tells you how to enter your account password in a variety of other ways.
For example, the image displayed on the display device of the terminal 10 is “1 □ 7 □ 78 □□”, and an example of the voice message at this time may be “Please input the customer's password including the following number”. have. Therefore, when the actual account password is "1234", the user may input "11727834" including the dummy symbol and the actual account password through an input device (not shown) of the terminal 10.
Then, the extended password transmission and
When the user inputs the final extended password consisting of a dummy symbol and an actual account password using the input device of the terminal 10, the final extended password is input to the
The
The
For this reason, the
When the actual account password and the input password input by the user coincide with each other, the
Therefore, the
In the subsequent process, if a password such as an account password or an electronic financial transaction password is required, the financial
In step S20, when the actual account password and the input account password are different, the
However, in step S18, when the final extended password is not input from the terminal 10 for a set time, the
As described above, the present embodiment has been described with respect to a method of acquiring an account password from a user using an extended password, but may be equally applicable to obtaining another password such as an electronic financial transaction password.
The embodiments of the present invention described above are not implemented only through the apparatus and the method, but may be implemented through a program for realizing a function corresponding to the configuration of the embodiment of the present invention or a recording medium on which the program is recorded. Implementation may be easily implemented by those skilled in the art from the description of the above-described embodiments.
Although the embodiments of the present invention have been described in detail above, the scope of the present invention is not limited thereto, and various modifications and improvements of those skilled in the art using the basic concepts of the present invention defined in the following claims are also provided. It belongs to the scope of rights.
1 is a block diagram of a password protection device according to an embodiment of the present invention.
2 is an operational flowchart of a password protection method according to an embodiment of the present invention.
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020080066489A KR20100006304A (en) | 2008-07-09 | 2008-07-09 | Apparatus and method for protecting secret number |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020080066489A KR20100006304A (en) | 2008-07-09 | 2008-07-09 | Apparatus and method for protecting secret number |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20100006304A true KR20100006304A (en) | 2010-01-19 |
Family
ID=41815491
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020080066489A KR20100006304A (en) | 2008-07-09 | 2008-07-09 | Apparatus and method for protecting secret number |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20100006304A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10631006B2 (en) | 2013-01-04 | 2020-04-21 | Samsung Electronics Co., Ltd. | Encoding apparatus and decoding apparatus for depth image, and encoding method and decoding method |
US11891216B2 (en) | 2021-04-08 | 2024-02-06 | Heiner MESSERLE | Packaging |
-
2008
- 2008-07-09 KR KR1020080066489A patent/KR20100006304A/en not_active Application Discontinuation
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10631006B2 (en) | 2013-01-04 | 2020-04-21 | Samsung Electronics Co., Ltd. | Encoding apparatus and decoding apparatus for depth image, and encoding method and decoding method |
US11891216B2 (en) | 2021-04-08 | 2024-02-06 | Heiner MESSERLE | Packaging |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9886688B2 (en) | System and method for secure transaction process via mobile device | |
US9305152B2 (en) | Automatic pin creation using password | |
KR100992573B1 (en) | Authentication method and system using mobile terminal | |
US8869255B2 (en) | Method and system for abstracted and randomized one-time use passwords for transactional authentication | |
JP2009527835A (en) | PIN service | |
KR101741917B1 (en) | Apparatus and method for authenticating using speech recognition | |
WO2019116052A1 (en) | Authentication and authorisation | |
US20170337553A1 (en) | Method and appartus for transmitting payment data using a public data network | |
US11604870B2 (en) | Systems and methods for authentication code entry using mobile electronic devices | |
KR101531878B1 (en) | Simple payment support apparatus and method for a mobile terminal | |
KR101625065B1 (en) | User authentification method in mobile terminal | |
KR101699032B1 (en) | Service providing system and method for payment using electronic tag | |
KR20150146061A (en) | Voice recognition authentication system and method for providing authentication service using voice recognition | |
KR20100006304A (en) | Apparatus and method for protecting secret number | |
US20230419325A1 (en) | Method for processing an operation involving secret data, terminal, system and corresponding computer program | |
WO2005024743A1 (en) | Granting access to a system based on the use of a card having stored user data thereon | |
KR20170141930A (en) | System for providing financial service and method for transfer thereof | |
KR20090106078A (en) | One time password generating device, sever for authentication of real user and system including the same | |
KR20160007153A (en) | Financial transaction system using security intensification one time password and method thereof | |
KR101710794B1 (en) | Financial transaction system and operating method of the same | |
TWI844841B (en) | A card binding method, user terminal, server, system and storage medium | |
JP2011145785A (en) | User registration system in internet banking | |
KR20170111942A (en) | Electronic commercial transaction authentication method and system by specific infomation related otp | |
TWM642404U (en) | System for identity verification applied to financial system | |
KR20220018671A (en) | System for authenticating using CAVV based on random card number and method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WITN | Withdrawal due to no request for examination |