WO2006065002A1 - Procede d’authentification d’utilisateur d’un autre reseau au moyen de la signature numerique du terminal mobile - Google Patents
Procede d’authentification d’utilisateur d’un autre reseau au moyen de la signature numerique du terminal mobile Download PDFInfo
- Publication number
- WO2006065002A1 WO2006065002A1 PCT/KR2005/000490 KR2005000490W WO2006065002A1 WO 2006065002 A1 WO2006065002 A1 WO 2006065002A1 KR 2005000490 W KR2005000490 W KR 2005000490W WO 2006065002 A1 WO2006065002 A1 WO 2006065002A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- mobile terminal
- user
- authentication
- digital signature
- random data
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 239000012634 fragment Substances 0.000 claims description 7
- 238000010276 construction Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 1
- VJYFKVYYMZPMAB-UHFFFAOYSA-N ethoprophos Chemical compound CCCSP(=O)(OCC)SCCC VJYFKVYYMZPMAB-UHFFFAOYSA-N 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the present invention relates to a user authentication method in another network using a digital signature made by a mobile terminal, and more particularly to a user authentication method in another network using a digital signature made by a mobile terminal that enables an application server of a wire/wireless Internet to exploit the mobile terminal owned by a user when the application server authenticates the user.
- the authentication is a procedure of judging whether a person or an object is surely the actual reported person or object.
- the authentication in a public network including an individual network or Internet is mostly performed through the use of a password when a login is made.
- a person who knows the password is once considered to be a believable user. All the users first register their desired passwords, and thereafter, they should remember and use the previously reported passwords whenever the authentication procedure is required.
- the mobile terminal has a built-in key code, and a device authentication of the terminal may be performed in a mobile network.
- a certificate may be built in a smart card such as a USIM (Universal Subscriber Identity Module) in order to perform an authentication usable in financial transaction and so on.
- USIM Universal Subscriber Identity Module
- the mobile terminal has become a universal device that a modern possesses for making a phone call all the time or almost every day.
- the advantages of the mobile terminal having a built-in smart cart as an authentication device are that the mobile terminal uses a certificate that is an authentication method stronger than the existing password-based authentication and or it is not necessary to possess a separate device such as a smart card for the authentication.
- an object of the present invention is to provide a user authentication method in another network using a digital signature made by a mobile terminal that enables an application server to perform a user authentication using the digital signature made by the mobile terminal of the user when the user connects to the application server through a PC, a notebook computer, a PDA, etc., for a safer and stronger authentication of the application server.
- a user authentication method in another network using a digital signature made by a mobile terminal comprises the steps of a) a user device connecting to an application server by transmitting an ID to the application server, b) the application server generating and transmitting random data corresponding to the ID to the user device and transmitting the generated random data and the ID transmitted from the user device to an authentication server, c) the authentication server transmitting the random data to the corresponding mobile terminal, and d) the mobile terminal making the digital signature with respect to the random data using a private key of a certificate and transferring the digital signature to the application server.
- the step c) may further comprise the step of the authentication server searching the mobile terminal of the user that corresponds to the ID.
- the step d) comprises the steps of outputting the random data to the mobile terminal, the mobile terminal making the digital signature using the private key of the certificate, the mobile terminal transmitting the digital signature to the authentication server, the authentication server verifying the digital signature and transmitting a result of authentication to the application server, and the application server deciding whether to permit an access of the user device in accordance with the result of authentication.
- the step d) compares the random data between the user device and the mobile terminal through by the steps of the user device and the mobile terminal hashing the random data using a hash function that is one-way function, dividing a hash value into a predetermined number of fragments and giving numbers to the respective fragments, and displaying the fragment of the hash value that corresponds to a certain input number among the given numbers on the user device and the mobile terminal.
- the application server can authenticate the user stronger than the password type authentication method. Additionally, it is not required for the user to possess a separate authentication or to install the note of authentication in many user devices, and thus the convenience and the security can be increased.
- FIG. 1 is a view illustrating the whole construction of a system and an authentication procedure according to an embodiment of the present invention.
- FIG. 2 is a flowchart illustrating a procedure of comparing random data between a user device and a mobile terminal according to an embodiment of the present invention. Best Mode for Carrying Out the Invention
- FIG. 1 is a view illustrating the whole construction of a system and an authentication procedure according to an embodiment of the present invention which enables a user who possesses a mobile terminal to connect to a wire Internet or a wireless Internet with an Internet-connectable device such as a computer, a notebook computer, a PDA, etc., through an authentication procedure performed by an authentication server of a mobile communication network.
- an Internet-connectable device such as a computer, a notebook computer, a PDA, etc.
- the system according to the present invention includes a mobile terminal 100, a user device 101, an authentication server 102 and an application server 103.
- the mobile terminal 100 owned by a user has a digital authentication function.
- the user device 101 is a kind of an Internet-connectable device such as a PC, a notebook computer, a PDA, etc., and a device that a user can access, use and carry.
- the authentication server 102 can directly communicate with the user's mobile terminal 100, and stores a terminal number for the user's ID.
- the application server 103 which is a server that needs to authenticate the user device, is communicable with servers of sites of Internet shopping malls, the electronic government, banks, companies, etc., and the authentication server of the mobile communication network.
- the user accesses the application server 103 through the user device 101 (step Sl), and in this case, the application server 103 requests the user to input the user's ID (step S2). If the user inputs the ID (step S3), the application server 103 generates and transmits random data to the user device 101 (step S4), and simultaneously transmits the random data and the user's ID to the authentication server (step S5).
- the authentication server 102 searches for the user's mobile terminal 100 corresponding to the ID and transmits the random data to the mobile terminal 100 (step S6).
- the user confirms whether the random data from the user device 101 coincides with that from the mobile terminal 100, and if they coincide with each other, the user makes a digital signature with a private key of the certificate with respect to the random data.
- the mobile terminal 100 transmits the digital signature to the authentication server
- step S7 and the authentication server 102 verify the digital signature and then transmits the result of authentication to the application server 103 (step S8).
- the application server permits the access of the user device according to the result of authentication.
- FIG. 2 is a flowchart illustrating the procedure of comparing the random data between the user device and the mobile terminal according to an embodiment of the present invention. Specifically, FIG. 2 shows the logic for enabling the user to easily compare the random data between the user device 101 and the mobile terminal 100.
- the user device 101 and the mobile terminal 100 hash the random data using a hash function that is a one-way function (step S20), divide the hash value into 10 units, i.e., segments, and give numbers 0 to 9 to the respective segments (step S21). If the user inputs a certain figure, the devices display the fragment of the hash value corresponding to the input number on a display screen (step S22). Accordingly, the user can easily compare the random data (step S23).
- FIG. 1 can be implemented by a program and stored in a computer-readable recording medium (such as a CD ROM, RAM, ROM, floppy disc, hard disc, optomagnetic disc, etc.).
- a computer-readable recording medium such as a CD ROM, RAM, ROM, floppy disc, hard disc, optomagnetic disc, etc.
- the application server can authenticate the user stronger than the password type authentication method. Additionally, it is not required for the user to possess a separate authentication or to install the certificate in many user devices, and thus the convenience and the security can be increased.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2004-0108115 | 2004-12-17 | ||
KR1020040108115A KR20060069611A (ko) | 2004-12-17 | 2004-12-17 | 이동통신 단말기의 서명을 이용한 이종 네트워크에서의사용자 인증 방법 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006065002A1 true WO2006065002A1 (fr) | 2006-06-22 |
Family
ID=36588030
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2005/000490 WO2006065002A1 (fr) | 2004-12-17 | 2005-02-24 | Procede d’authentification d’utilisateur d’un autre reseau au moyen de la signature numerique du terminal mobile |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR20060069611A (fr) |
WO (1) | WO2006065002A1 (fr) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2166697A1 (fr) * | 2008-09-17 | 2010-03-24 | GMV Soluciones Globales Internet S.A. | Procédé et système d'authentification d'un utilisateur au moyen d'un dispositif mobile |
WO2010063091A3 (fr) * | 2008-11-04 | 2010-09-02 | Securekey Technologies Inc. | Système et procédés pour une authentification en ligne |
WO2011060739A1 (fr) * | 2009-11-23 | 2011-05-26 | 南京新神郁网络科技有限公司 | Système et procédé de sécurité |
WO2011123940A1 (fr) * | 2010-04-08 | 2011-10-13 | Securekey Technologies Inc. | Délivrance de justificatifs et système de vérification |
CN102906776A (zh) * | 2010-03-31 | 2013-01-30 | 帕特尔有限公司 | 一种用于用户和服务提供商之间双向认证的方法 |
US8484709B2 (en) | 2006-01-13 | 2013-07-09 | Authenticor Identity Protection Services Inc. | Multi-mode credential authentication |
US8756674B2 (en) | 2009-02-19 | 2014-06-17 | Securekey Technologies Inc. | System and methods for online authentication |
CN113055161A (zh) * | 2021-03-09 | 2021-06-29 | 武汉大学 | 一种基于sm2和sm9数字签名算法的移动终端认证方法与*** |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100907825B1 (ko) * | 2006-12-04 | 2009-07-14 | 한국전자통신연구원 | 이종 무선망 연동 시스템에서 로밍에 필요한 인증 방법 |
KR100936920B1 (ko) * | 2007-12-14 | 2010-01-18 | 한국전자통신연구원 | 원 타임 패스워드를 사용하는 관리 서버 예약 접속 방법,클라이언트 및 시스템 |
KR101285362B1 (ko) * | 2012-12-11 | 2013-07-11 | 이지강 | 전자서명 인증 시스템 |
KR102053993B1 (ko) * | 2013-07-05 | 2019-12-13 | 주식회사 비즈모델라인 | 인증서를 이용한 사용자 인증 방법 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002015626A1 (fr) * | 2000-08-15 | 2002-02-21 | Telefonaktiebolaget Lm Ericsson (Publ) | Authentification de reseau a l'aide d'un telephone mobile a fonctionnalite wap |
WO2004056038A1 (fr) * | 2002-12-18 | 2004-07-01 | Nokia Corporation | Authentification d'utilisateur mobile en connexion avec l'acces a des services mobiles |
EP1487176A1 (fr) * | 2003-06-09 | 2004-12-15 | Lucent Technologies Inc. | Méthode pour payer d'un compte d'un client avec un terminal mobil et réseau d'authentification des clients |
-
2004
- 2004-12-17 KR KR1020040108115A patent/KR20060069611A/ko not_active Application Discontinuation
-
2005
- 2005-02-24 WO PCT/KR2005/000490 patent/WO2006065002A1/fr active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002015626A1 (fr) * | 2000-08-15 | 2002-02-21 | Telefonaktiebolaget Lm Ericsson (Publ) | Authentification de reseau a l'aide d'un telephone mobile a fonctionnalite wap |
WO2004056038A1 (fr) * | 2002-12-18 | 2004-07-01 | Nokia Corporation | Authentification d'utilisateur mobile en connexion avec l'acces a des services mobiles |
EP1487176A1 (fr) * | 2003-06-09 | 2004-12-15 | Lucent Technologies Inc. | Méthode pour payer d'un compte d'un client avec un terminal mobil et réseau d'authentification des clients |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8484709B2 (en) | 2006-01-13 | 2013-07-09 | Authenticor Identity Protection Services Inc. | Multi-mode credential authentication |
US8261089B2 (en) | 2008-09-17 | 2012-09-04 | Gmv Soluciones Globales Internet, S.A. | Method and system for authenticating a user by means of a mobile device |
EP2166697A1 (fr) * | 2008-09-17 | 2010-03-24 | GMV Soluciones Globales Internet S.A. | Procédé et système d'authentification d'un utilisateur au moyen d'un dispositif mobile |
US9160732B2 (en) | 2008-11-04 | 2015-10-13 | Securekey Technologies Inc. | System and methods for online authentication |
AU2009322102B2 (en) * | 2008-11-04 | 2015-02-19 | Securekey Technologies Inc. | System and methods for online authentication |
WO2010063091A3 (fr) * | 2008-11-04 | 2010-09-02 | Securekey Technologies Inc. | Système et procédés pour une authentification en ligne |
US8943311B2 (en) | 2008-11-04 | 2015-01-27 | Securekey Technologies Inc. | System and methods for online authentication |
US8578467B2 (en) | 2008-11-04 | 2013-11-05 | Securekey Technologies, Inc. | System and methods for online authentication |
US8756674B2 (en) | 2009-02-19 | 2014-06-17 | Securekey Technologies Inc. | System and methods for online authentication |
US9083533B2 (en) | 2009-02-19 | 2015-07-14 | Securekey Technologies Inc. | System and methods for online authentication |
US9860245B2 (en) | 2009-02-19 | 2018-01-02 | Secure Technologies Inc. | System and methods for online authentication |
WO2011060739A1 (fr) * | 2009-11-23 | 2011-05-26 | 南京新神郁网络科技有限公司 | Système et procédé de sécurité |
CN102906776A (zh) * | 2010-03-31 | 2013-01-30 | 帕特尔有限公司 | 一种用于用户和服务提供商之间双向认证的方法 |
WO2011123940A1 (fr) * | 2010-04-08 | 2011-10-13 | Securekey Technologies Inc. | Délivrance de justificatifs et système de vérification |
US10210489B2 (en) | 2010-04-08 | 2019-02-19 | Securekey Technologies Inc. | Credential provision and proof system |
CN113055161A (zh) * | 2021-03-09 | 2021-06-29 | 武汉大学 | 一种基于sm2和sm9数字签名算法的移动终端认证方法与*** |
CN113055161B (zh) * | 2021-03-09 | 2021-11-26 | 武汉大学 | 一种基于sm2和sm9数字签名算法的移动终端认证方法与*** |
Also Published As
Publication number | Publication date |
---|---|
KR20060069611A (ko) | 2006-06-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6992105B2 (ja) | 認証能力を決定するためのクエリシステム及び方法 | |
WO2006065002A1 (fr) | Procede d’authentification d’utilisateur d’un autre reseau au moyen de la signature numerique du terminal mobile | |
US8807426B1 (en) | Mobile computing device authentication using scannable images | |
US9813236B2 (en) | Multi-factor authentication using a smartcard | |
US9240891B2 (en) | Hybrid authentication | |
US9117324B2 (en) | System and method for binding a smartcard and a smartcard reader | |
US8041954B2 (en) | Method and system for providing a secure login solution using one-time passwords | |
CN108804906B (zh) | 一种用于应用登陆的***和方法 | |
US20110185181A1 (en) | Network authentication method and device for implementing the same | |
US20130023241A1 (en) | Authentication method and system using portable terminal | |
US9344896B2 (en) | Method and system for delivering a command to a mobile device | |
US20070150942A1 (en) | Centralized identity verification and/or password validation | |
CN101517562A (zh) | 通过多个模式对一次性密码的用户进行注册和验证的方法以及记录有执行该方法的程序的计算机可读记录介质 | |
WO2010101476A1 (fr) | Procédé et programme informatique pour générer et vérifier un mot de passe à usage unique entre un serveur et un dispositif mobile utilisant plusieurs canaux | |
WO2008123939A1 (fr) | Procédé et appareil pour générer des mots de passe à usage unique | |
CN105164689A (zh) | 用户认证 | |
JP2002055955A (ja) | 本人認証方法および本人認証システム | |
CN109063438A (zh) | 一种数据访问方法、装置、本地数据安全访问设备及终端 | |
TW200910894A (en) | Authentication system and method thereof for wireless networks | |
Manurung | Designing of user authentication based on multi-factor authentication on wireless networks | |
KR20050053967A (ko) | 시간 동기 기반 일회용 비밀번호를 이용한 인증시스템 및인증방법 | |
KR100858146B1 (ko) | 이동통신 단말기 및 가입자 식별 모듈을 이용한 개인 인증방법 및 장치 | |
KR20050071768A (ko) | 원타임 패스워드 서비스 시스템 및 방법 | |
WO2014140426A1 (fr) | Procédés d'authentification multi-facteurs | |
CN111222858A (zh) | 一种区块链指纹识别认证个人钱包的实现方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 05726743 Country of ref document: EP Kind code of ref document: A1 |