WO2012067371A1 - 능동형 보안 인증 제공 방법, 이를 지원하는 단말기 및 시스템 - Google Patents
능동형 보안 인증 제공 방법, 이를 지원하는 단말기 및 시스템 Download PDFInfo
- Publication number
- WO2012067371A1 WO2012067371A1 PCT/KR2011/008451 KR2011008451W WO2012067371A1 WO 2012067371 A1 WO2012067371 A1 WO 2012067371A1 KR 2011008451 W KR2011008451 W KR 2011008451W WO 2012067371 A1 WO2012067371 A1 WO 2012067371A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- security
- information
- key
- input
- terminal
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
Definitions
- the present invention relates to a security authentication technology using a terminal, and more particularly, to a method for providing an active security authentication, which supports the security setting and release of a terminal more reliably, and a terminal and a system supporting the same.
- authentication In a security system, authentication is traditionally divided into three types by distinguishing legitimate users from those who do not.
- the first authentication method is ID and password input authentication method based on What do you know ?
- the second authentication method is What user do you have?
- the third authentication method is a biometric authentication method (Who are you?).
- the basic authentication method which checks the ID for identifying the user and the password for authenticating the user, is less expensive and easier to apply than other authentication methods. It is the most widely applied and has long been used as the basis of all security certification systems.
- the existing basic authentication method repeatedly uses the same ID and password every time, and as the number of times the digital device is used in public places like the modern times is unintentional, it is easily exposed to neighbors, and the contents of wired and wireless communication are malicious. It has also been the ultimate attack target for eavesdropping hackers, causing numerous security problems and incidents.
- additional expensive security systems such as OTP and biometric authentication have been installed and operated, which has placed a considerable burden on the user.
- the present invention allows the user to create and use a one-time password without the help of a separate one-time password (OTP) device while still using the advantages of the existing basic authentication method, thereby more effectively detecting fraudulent users.
- OTP one-time password
- an object of the present invention is to solve the above-described needs, and an aspect of the present invention is to provide an active security authentication providing method and a terminal and a system supporting the same that can more reliably support security authentication of a terminal.
- Another object of the present invention is to provide an active security authentication providing method and a terminal and a system supporting the fixed password checking procedure used for identification of a legitimate user in a security authentication system dynamically according to user selection. Is in.
- the present invention provides an active security authentication method for preventing accidents and a terminal and a system supporting the same.
- Active security authentication providing system for achieving the above object may include a terminal and a content server.
- the terminal outputs a random authentication matrix-based security authentication screen for arranging a plurality of keys by a random number array, generates input information including at least one key input among the plurality of keys, and provides the content server to the content server.
- Obtaining a security certificate according to the input information from the content server, wherein the content server includes at least one item key of an exclusion key type that should not be pressed for detecting a false security release attempt among a plurality of keys and a security for security authentication Receives and registers the setting information, provides the security authentication screen to the terminal according to the access of the terminal, and then performs security authentication or misuse determination of the terminal based on the input information transmitted by the terminal.
- the content server of the present invention receives and registers an item key that sets at least some of the adjacent key areas as an exclusion key based on the item key from the terminal, and adds the item key based on the item application method setting among the input information. Confirm that the exclusion key defined as is included, and exclude the exclusion keys determined according to the arrangement of the item key on the security authentication screen currently being output if the exclusion key is not included in the input information.
- the security release information to be actually applied may be calculated, and the illegal use of the terminal may be determined according to whether the input information matches the security release information.
- the content server of the present invention may perform a security processing step according to the case where the item information is included in the input information, the exclusion key is included in the input information, and the input information is inconsistent with the security release information. For example, by providing a predetermined number of times to re-enter new input information, notify the specific security management server of the notification of fraud, delete at least some information stored in the terminal performing the security authentication, The terminal may provide a message or an alarm regarding the illegal use to the terminal, limit the terminal's access to the server, or perform location tracking based on the terminal's location information or IP information.
- the content server checks whether the input information is an input signal for removing the item key, and controls to apply the item key to the security authentication screen when the input information is an input signal for removing the item key. Therefore, it is possible to determine the illegal use of the terminal according to whether the additional input information input later matches the security setting information that is not applied.
- the present invention may also include a storage unit, a display unit, an input unit, and a controller configured to support an active security authentication function according to an embodiment of the present invention for achieving the above object.
- the storage unit sets at least one item key for detecting a fraudulent security release attempt among a plurality of keys, an item applying method for setting at least some of the adjacent key areas based on the item key as an exclusion key that should not be pressed, and security for security authentication Storing information, wherein the display unit outputs a random number matrix-based security authentication screen for arranging the plurality of keys by a random number arrangement; and the input unit generates input information including at least one key input among the plurality of keys. do.
- the controller may determine whether an exclusion key, which should not be pressed corresponding to the item key, is included in the input information, and determine that the exclusion key is misused when the exclusion key is included in the input information.
- the control unit calculates security release information to be actually applied by excluding exclusion keys determined according to the item key arrangement on a security authentication screen currently being output if the exclusion key is not included in the input information.
- misuse can be determined according to whether the input information matches the security release information.
- an item key is included in the input information and an exclusion key is included in the input information.
- Security processing for reproviding an opportunity for new input information a predetermined number of times when the input information is inconsistent with the security release information, a security processing for notifying a specific security management server of a notification of fraudulent use, and stored in the storage unit. Secure processing to delete at least some information, generate messages or alarms for misuse Security processing, it is possible to perform at least one of the security processing for restricting a specific server connected.
- the controller may determine whether the input information is an input signal for removing the item key, and if the input information is an input signal for removing the item key, controls the item key not to be applied to the security authentication screen. After the item key is removed, input information additionally input may be compared with whether or not the item key corresponds to the non-applied security setting information, and if it matches, security authentication may be performed.
- the present invention also provides a registration step of registering at least one item key for detecting a fraudulent security release attempt among a plurality of keys and security setting information for security authentication, and random numbers of the plurality of keys in order to achieve the object as described above.
- a method of providing an active security authentication comprising a step of confirming whether an exclusion key is included and determining that the exclusion key is included in the input information is illegal.
- the registering step may further include an item application method setting step of setting at least some of the adjacent key areas as an exclusion key based on the item key, and the checking step according to the item application method setting of the input information.
- the method may further include checking whether the defined exclusion key is included.
- the exclusion keys determined according to the arrangement of the item key on the currently displayed security authentication screen are excluded from the security setting information and are actually applied. Calculating release information, checking whether the input information matches the security release information, performing security authentication if the input information matches the security release information, and determining that the input information is illegal. It may further comprise a step.
- the active security authentication method may further include performing a security process according to the misuse determination, and the performing the security process may include an exclusion key in the input information when the item key is included in the input information.
- a security processing step may be performed according to each.
- the method of providing an active security authentication confirms whether the input information is an input signal for removing the item key, and if the input information is an input signal for removing the item key, displaying the item key on the security authentication screen.
- the method further includes controlling the non-applicability, and compares whether the additional input information after the item key removal matches the security setting information that has not been applied, and if so, performs security authentication and does not match. If not, it can be determined to be illegal.
- the performing of the security processing may include providing a predetermined number of times for re-input of new input information, informing a specific security server of a notification of fraudulent use, and deleting at least some information stored in a terminal performing security authentication.
- the method may include at least one of outputting a message or an alarm regarding unauthorized use, and restricting a specific server connection.
- the present invention changes the user's password every time, so that even if exposed by a neighbor or malicious hacker The occurrence can be prevented in advance.
- the present invention can achieve a strong security effect such as a one-time password generator without operating an existing expensive one-time password generator (OTP Generator) as a separate device or a separate program installed in the user.
- OTP Generator one-time password generator
- the present invention enables not only a password for confirming a user but also an item for detecting a fraudulent user together, which enables the early detection and active response of the fraudulent use.
- the present invention can be applied to the operating system of all the terminals using the existing fixed password confirmation without changing the hardware only by changing the program installation is cheap and easy to operate.
- FIG. 1 is a block diagram schematically showing the configuration of a terminal according to an embodiment of the present invention.
- FIG. 2 is a view showing in more detail the configuration of the control unit of the terminal according to an embodiment of the present invention.
- FIG. 3 is a flowchart illustrating a security authentication providing method according to an embodiment of the present invention.
- FIG. 4 is a diagram schematically showing the configuration of a system for providing security authentication according to an embodiment of the present invention.
- FIG. 5 is an exemplary screen illustrating a security authentication providing screen according to an embodiment of the present invention.
- FIG. 6 is an exemplary screen illustrating an application of an item key in a security authentication providing screen according to an embodiment of the present invention.
- FIG. 7 is a screen example for explaining a security authentication providing screen according to another embodiment of the present invention.
- FIG. 8 is a diagram for explaining application of dangerous direction pattern information of an item key according to another exemplary embodiment of the present invention.
- FIG. 1 is a view showing in more detail the configuration of a terminal 100 according to an embodiment of the present invention.
- the terminal 100 may include a configuration of a wireless communication unit 110, an input unit 120, an audio processing unit 130, a display unit 140, and a storage unit 150.
- a mobile terminal such as a smart phone including the wireless communication unit 110 is illustrated as the terminal 100, but is not limited thereto.
- the terminal 100 having such a configuration may provide a security authentication method capable of detecting a fraudulent security release attempt in accordance with the operation of the active security program 151 stored in the storage 150.
- a security authentication method capable of detecting a fraudulent security release attempt in accordance with the operation of the active security program 151 stored in the storage 150.
- the wireless communication unit 110 may be a mobile communication module in consideration of the mobility of the terminal 100, for example, may be a 3G communication network support module or a Wi-Fi support module. In addition, the wireless communication unit 110 may be a communication module supporting WiBro, HSDPA, or the like.
- the wireless communication unit 110 may form a communication channel for transmitting and receiving a signal with the corresponding server.
- the wireless communication unit 110 establishes a communication channel with a service server for providing a web page for purchasing an item and a payment server for payment for a specific item purchase selected by the user. Can be formed. Meanwhile, the wireless communication unit 110 may be omitted when the terminal 100 does not support a separate wireless communication function.
- the terminal 100 includes the wireless communication unit 100
- the terminal 100 may include a wired communication unit connectable to a wired communication network instead of the wireless communication unit, or may include a wired and wireless communication unit.
- the input unit 120 may include a plurality of input keys and function keys for receiving numeric or text information and setting various functions.
- the function keys may include direction keys, side keys, shortcut keys, and the like, which are set to perform a specific function.
- a plurality of input keys and function keys of the input unit 120 may be omitted, and the input unit 120 is replaced with the display unit 140.
- the input unit 120 may include only a side key or a specific function key for power on / off or camera operation control when the terminal 100 is manufactured in the form of a full touch screen.
- the input unit 120 may generate an input signal corresponding to a specific key selected according to user control and transmit the generated input signal to the controller 160. . Then, the controller 160 may control whether to perform a security authentication by checking whether a specific password according to an input signal input from the input unit 120 matches the preset security information 153.
- the audio processor 130 outputs an audio signal received through the wireless communication unit 110 or an audio signal generated by playing an audio file stored in the storage unit 150 to the speaker SPK under the control of the controller 160 or a microphone ( An audio signal, such as a voice input from the MIC, may be transmitted through the wireless communication unit 110.
- the audio processor 130 according to the present invention outputs a sound effect according to a specific input signal generation input by the user while the security authentication screen is output, and an effect sound according to the input password when it matches the preset security information 153. You can print
- the audio processor 130 may output a warning sound when a predetermined number of passwords are inconsistent with the preset security information 153 or output various guide sounds related to the loss or theft of the terminal 100 according to a user setting policy. Can be.
- the display unit 140 provides various menu screens, standby screens, call function screens, and the like of the terminal 100.
- the display unit 140 may output an item purchase site access screen, an item purchase screen, a payment approval request screen, a payment approval screen, a user authentication screen, and the like. have.
- the display unit 140 may support the touch screen function by placing the touch panel 143 on the display panel 141 on which the above-described screens are output. In this case, the display unit 140 may support an input means function for generating a specific input signal based on the touch panel 143.
- the display unit 140 may be formed of a flat panel display element formed based on a thin film transistor such as a liquid crystal display (LCD), an organic light emitting diode (OLED), or the like.
- the display unit 140 of the present invention may output a security authentication screen according to the operation of the active security program 151.
- the security authentication screen may be output to the display unit 140 when an input signal for reusing the terminal 100 is generated after the terminal 100 has been transitioned to the security screen if there is no operation for a predetermined time according to a user setting. have.
- the security authentication screen output to the display unit 140 may be a key map screen having a matrix structure in which numbers, letters, special characters, images or icons are arranged in a predetermined matrix. have.
- the security authentication screen may be in the form of an input window including information for requesting a password input.
- the input window may be pressed. You can output specific symbols corresponding to the key buttons.
- the security authentication screen in the form of the keymap screen will be described in more detail with reference to the screen example that will be described later.
- the storage unit 150 may store data input from the input unit 120, data transmitted from another terminal, information received through the wireless communication unit 110, and the like, as well as a program required for the function operation of the terminal 100. have.
- the storage unit 150 may largely include a program area and a data area.
- the program area may store an application program required for driving a device such as an operating system (OS) that controls the overall operation of the terminal 100.
- the program area may include a web application for accessing the server of the terminal 100 and various programs for supporting electronic payment based thereon.
- the program area stores the active security program 151 for providing an active security authentication function of the present invention.
- the active security program 151 is a program including various routines for providing an active security authentication function of the present invention.
- the active security program 151 may include a random number matrix generation routine, a security information verification routine, and a security processing routine.
- the random number matrix generation routine generates a random number to dynamically change the arrangement of various numbers, letters, or symbols included in the key map of the outputted security authentication screen randomly or according to a certain rule when outputting a security authentication screen in which a password can be input. It is a routine that generates.
- the controller 160 may configure the security authentication screen by arranging keys according to the random number generated by the random number matrix generation routine and then output the corresponding screen to the display unit 140.
- the security information checking routine is the same as the password corresponding to the input signal input from the input unit 120 or the display unit 140 of the touch screen function and the security information 153 stored in the data area while the security authentication screen is output. Routine to check.
- the security processing routine may include a routine for setting a number of inconsistencies between the input password and the security information 153, and a routine for determining a misuse when a predetermined number of inconsistencies occur and supporting prevention and tracking.
- the data area is an area in which data generated according to the use of the terminal 100 is stored, and may store phone book, audio data, corresponding content, information corresponding to learner data, and the like.
- the data area may store security information 153 for confirming user authentication.
- the security information 153 may have a predetermined length or more as an encryption key for using the terminal 100, and may be information without repetitive numbers, letters, symbols, or images.
- the security information 153 may include mine release information for releasing item information "mines" set to detect unauthorized security release attempts, security setting information set by the user, and security release information to be applied according to the application of the mines. .
- the controller 160 may control an overall operation of the terminal 100 and a signal flow between internal blocks, and may control a data processing function.
- the control unit 160 according to the present invention activates the active security program 151 according to the operation state of the terminal 100, and supports to provide an active security authentication function according to the operation of the active security program 151. do.
- the controller 160 may include a configuration as shown in FIG. 2.
- the terminal 100 is a device capable of setting or releasing security through input of security information.
- the terminal 100 is a mobile communication terminal, a portable multimedia player, a digital broadcasting player, a personal digital assistant (PDA). Assistant), a music player (eg, an MP3 player), a portable game terminal, a smart phone, a notebook, a handheld PC, an ATM, a digital door lock, and the like.
- PDA personal digital assistant
- FIG. 2 is a view showing in more detail the configuration of the controller 160 according to an embodiment of the present invention.
- the controller 160 may include a configuration of the random number matrix generator 161, the security information checker 163, and the security processor 165.
- the random number matrix generator 161 generates a random number matrix for outputting a security authentication screen.
- the random number matrix generator 161 generates a random number matrix for a number-based active security authentication screen based on a number and a random number matrix for a picture-based active security authentication screen based on a picture according to an authentication medium. can do.
- the security information checking unit 163 is configured to check whether the input information input from the display unit 140 of the touch screen function matches the security setting information preset by the user while the security authentication screen is being output. In this case, the security information checking unit 163 may generate security release information of the currently displayed security authentication screen by applying pre-injected landmine information to the security setting information. In more detail, even if a number or a picture selected to be included in the security configuration information on a randomly arranged matrix by a random number matrix, even if the number or picture set as a mine, the illegal security release attempt information Can be overridden.
- the security information checking unit 163 generates security release information for a numeric picture, etc., which is set as security setting information, based on a position where a number or picture, which has been previously set as mine information, is placed on the current security authentication screen.
- the security information checking unit 163 may check whether the input information input by the user and the generated security release information match each other. In this case, the security information checking unit 163 may also check the input of information that is set as an unauthorized security release attempt by the user setting and the location of the land mine.
- the security authentication screen, security setting information, security release information according to the application of landmines, etc. will be described in more detail together with the description of the screen example.
- the security processor 165 may release the security setting or perform a process for preventing the illegal use of the terminal 100 according to the information verification result transmitted from the security information verification unit 163. For example, the security processing unit 165 may determine that an unauthorized user attempts to release security when the input information includes unauthorized security release attempt information according to a mine location on a security authentication screen. In this case, the security processing unit 165 may differently perform an illegal use prevention process according to a case of inputting information set as a mine and an input of information set in a dangerous direction according to the arrangement of landmines. That is, the security processing unit 165 closes all user functions of the terminal 100 when the information set as landmine is included in the input information, activates the camera function to capture a video, and records the captured video to the preset server.
- Security processing to control the transmission can be performed.
- the security processing unit 165 may perform information deletion security processing such as forcibly deleting all data stored in the storage unit 150 of the terminal 100 or forcibly deleting financial related user information according to a user setting policy. have.
- the security processing unit 165 may notify fraud or a password authentication input error according to a user setting policy.
- the security processing unit 165 may first notify an authentication error and provide an additional input opportunity according to a user setting policy. In the event that an authentication error occurs, it may be controlled to perform at least one of the above-described security processing. In addition, the security processing unit 165 checks the current location information of the terminal 100 when inputting the mine information or the dangerous direction pattern information input according to the arrangement of land mines, and whether the current location information is the same location information as the security authentication of the previous user. You can determine whether to apply security processing. To this end, the security processing unit 165 activates the GPS, etc.
- the security processing unit 165 may block the logging attempt of the user and inform the user of the information on the illegal use determination to the other terminal number stored in advance, and output a predetermined specific alarm when it is determined that the fraudulent use. .
- the terminal 100 may detect unauthorized users without merely providing a password input function for security release by operating a security authentication screen to which an item capable of detecting an unauthorized security release attempt is applied. I can support them.
- the terminal 100 of the present invention actively performs appropriate measures to prevent fraudulent use based on the corresponding terminal 100 by performing various fraudulent processing accordingly. Support processing
- FIG. 3 is a flowchart illustrating a method for providing active security authentication according to an embodiment of the present invention.
- the controller 160 of the terminal 100 controls to initialize each configuration of the terminal 100 based on the supplied power when the power is supplied. Can be. Accordingly, the terminal 100 performs a booting process, and when the booting is completed, the terminal 100 may control to output the standby screen to the display unit 140 as in step 301 according to preset schedule information.
- the terminal 100 may determine whether an input signal for the security setting mode is generated in step 303. In this case, when the generated input signal is not the input signal for the security setting mode, the terminal 100 branches to the corresponding input function generated by step 305, for example, a call function, a file search function, It may support to selectively perform a file playback function, a file generation function, a camera function, a broadcast reception function.
- the terminal 100 may determine whether an input signal for the security setting mode is generated in step 303. In this case, when the generated input signal is not the input signal for the security setting mode, the terminal 100 branches to the corresponding input function generated by step 305, for example, a call function, a file search function, It may support to selectively perform a file playback function, a file generation function, a camera function, a broadcast reception function.
- the terminal 100 branches to step 307 to collect security setting mode-based security information. can do.
- the terminal 100 controls the display unit 140 to output a key map for inputting the security information 153 to be set as a password to release the security, and according to the user input signal, the security information 153. Can be collected.
- the terminal 100 may collect the security setting information corresponding to the password and the landmine information for detecting the unauthorized security release attempt together, and may also collect the dangerous direction pattern information according to the arrangement of the landmines.
- the dangerous direction pattern information is information including a pattern of which of the adjacent areas of the mines to be set as the dangerous direction pattern information according to the landmine arrangement.
- the dangerous direction pattern information includes a 4-way operation pattern that can make all the numbers or pictures in the cross direction of the mines in the dangerous direction and all the numbers or pictures surrounding the landmines. It can contain 8 way behavior patterns that can be created.
- the terminal 100 may support to output a matrix screen including a predetermined number or more of at least one of numbers, letters, symbols, and pictures.
- the terminal 100 may support to store the security information 153 thus collected in the storage 150. In this case, the stored security information 153 may be encrypted in a predetermined manner.
- the terminal 100 performs security setting based on the security information 153. That is, the terminal 100 outputs a security authentication screen to check the authentication when a separate input signal does not occur for a predetermined time or a specific user function is to be operated based on the currently collected security information 153. Set.
- the terminal 100 can check whether security is executed in step 311. That is, the terminal 100 can check whether the current operating condition of the terminal 100 corresponds to the condition of security execution. For example, if the control unit 160 of the terminal 100 does not generate an input signal for a predetermined time from the input unit 120 or the display unit 140 of the touch screen function without performing a separate user function, security execution is performed in advance. When a user function configured to be selected is selected, whether or not a transition of an on-off state of the terminal 100 occurs, a case where a SIM card is inserted, etc. may be checked according to various cases. If a separate security execution condition does not occur, the control unit 160 branches to step 305 to support to perform a specific user function according to an input signal input or control to maintain a currently activated user function. have.
- the control unit 160 of the terminal 100 branches to step 313 to control to perform the security execution.
- the controller 160 of the terminal 100 may check whether there is an input signal generation for the authentication request in step 315.
- An input signal generation step for generating an authentication request is an event generation for outputting a security authentication screen to the display unit 140.
- the terminal 100 enters the lock setting mode as the terminal 100 is not used for a predetermined time. It may correspond to an input signal generation to wake up.
- steps 313 and 315 may be omitted according to a user function. That is, when the security function is set to execute when an input signal for executing a specific user function is generated, the controller 160 determines that the input signal for security execution is performed in step 311 and branches to step 317. Can be controlled.
- the controller 160 generates a random number matrix to configure a security authentication screen and outputs the generated security authentication screen to the display unit 140.
- the security authentication screen may be a matrix screen in which a plurality of at least one kind of numbers, letters, symbols, and pictures are arranged by a predetermined random number.
- the controller 160 compares the input information input while the security authentication screen is output with the security information set by the user in advance and stored in the storage 150.
- the user may attempt to release security by generating input information corresponding to the security release information except for the dangerous direction pattern information determined according to the location of the mine and the location of the mine previously set in the security authentication screen.
- the controller 160 may check whether the input information and the security information 153 do not coincide with each other. In this case, when the input information and the security information 153 coincide with each other, the controller 160 determines that the terminal is a normal terminal user and branches to step 303 to return to a user function performed before the following process, for example, security execution, or input signal. In this case, the execution of a function such as executing a security setting mode or a corresponding user function can be controlled.
- the control unit 160 includes the land map information defined by the random number matrix and the mine road information defined as an exclusion key that should not be pressed even in the case of a password, and the dangerous direction pattern information defining the exclusion key which should not be pressed according to the mine information. It may first be checked for inclusion and if so, it may be considered fraudulent.
- the controller 160 includes the mine map information defined by the random number matrix and the mine information, which is defined as an exclusion key that should not be pressed, even in the case of a password, and the dangerous direction pattern information defining an exclusion key which should not be pressed according to the mine information. If not, the security release information except for the mine information and the dangerous direction pattern information defined as the unauthorized security release attempt information is calculated from the previously stored security setting information. The controller 160 may compare the input information with the security release information and check whether they match.
- the controller 160 may check whether the input information is input information for preempting landmine information preemption. That is, the control unit 160 may define mine collection information in advance or collect information from the user in order to release the land mine information predetermination, and check whether the currently input information corresponds to the mine release information.
- the mine clearing information may also include a plurality of keys of at least one kind among numbers, letters, symbols, and images.
- the land mine release information may include a specific key combination regardless of the ground information or the dangerous direction pattern information.
- the controller 160 removes the mine from the current security authentication screen, and then compares the input information with the security setting information to determine fraudulent use according to the match.
- step 321 when the input information and the security information 153 do not match each other, mine information is input, or information set as dangerous direction pattern information is input according to the arrangement of the mines, the controller 160 branches to step 323.
- Security processing such as alarm output according to a setting policy can be performed. That is, the controller 160 outputs a message warning of incorrect information input, prohibits all use of the terminal 100, or deletes all user information stored in the storage 150 or the SIM card according to a setting policy. Can be controlled.
- the user information may include various information such as financial information of the user, a password of the user, web access information of the user, ID and password information for the web access of the user.
- control unit 160 determines the current information input as an attempt to release the illegal security in step 323, and provides security processing for the previously described illegal use, that is, providing a new input information re-entry opportunity a predetermined number of times, and secure server notification security. It may be controlled to perform at least one of processing, information deletion security processing and fraud alarm security processing, specific server access restriction security processing, and location tracking security processing.
- the controller 160 may support the security processes to perform at least one security process or to perform a plurality of security processes simultaneously according to the type of input information. That is, the controller 160 may include an item key set to detect an unauthorized security release attempt in the input information, include adjacent dangerous direction pattern information according to the arrangement of the item key, and mismatch with security setting information or security release information. It may support to perform the security process according to whether or not.
- the control unit 160 may control to provide an opportunity to re-enter the password more than a predetermined number of times for the inconsistency between the input information and the security information 153 in step 321, and the correct information input occurs during the corresponding number of times. If not, branching to step 323 may be performed to perform the above-described functions.
- the controller 160 checks whether an input signal for terminating the terminal 100 is generated in step 325 and if there is no input signal for terminating separately, branches to step 313 to control to maintain a security execution state. have. Meanwhile, the controller 160 may control the terminal 100 to be forcibly terminated in response to the occurrence of incorrect information input in step 323.
- the security authentication is performed based only on the terminal 100, but the present invention is not limited thereto.
- the active security authentication providing function of the present invention can provide a variety of operating forms based on the server. This will be described in more detail with reference to FIG. 4.
- FIG. 4 is a view schematically showing the configuration of an active security authentication providing system 10 according to an embodiment of the present invention.
- the active security authentication providing system 10 of the present invention includes a configuration of a terminal 100, a mobile communication network 200, a content server 300, and a security management server 400.
- the terminal 100 may attempt to access the content server 300 based on the mobile communication network 200 according to user control. Then, the content server 300 may provide the security authentication screen described with reference to FIGS. 1 to 3 to the terminal 100 to check whether the user inputs correct security release information. In this process, the content server 300 receives security information including security setting information and landmine information in advance during the information registration process of the user of the terminal 100, and encrypts the received security information using a predetermined encryption tool. Can store back.
- the terminal 100 may transmit a security authentication screen on which the key map is arranged by the random number combination according to the random number matrix generation method described above.
- the key map may be a map in which a plurality of at least one kind of numbers, letters, symbols, and images are arranged.
- the content server 300 may compare the security release information generated based on the pre-stored security setting information and the landmine information with the input information inputted and transmitted by the terminal 100.
- the content server 300 may calculate the actual effective security release information based on the key map arrangement and landmine information of the security authentication screen generated by the random number matrix, and compare the calculated security release information with the match of the input information. .
- the content server 300 if the input information is mismatched in the comparison process, or if the input information includes information that is redefined in the dangerous direction pattern information according to the mine information or landmine arrangement, secure server notification security processing, information deletion security Processing, fraud alarm security processing, logging restriction security processing, etc. can be performed.
- the security server notification security process is a security process that notifies the security management server 400 that the terminal 100 is being used illegally. Then, the security management server 400 may perform security processing such as location tracking, IP tracking, and image or video reception according to camera operation of the terminal 100 according to the corresponding report.
- the information deletion security process is a security process that informs the terminal 100 that the current user is an unauthorized user, and supports deletion of at least some of various user information stored in the storage unit 150 by the terminal 100's own security tool. This information deletion security process may be operated by the security management server 400.
- the fraudulent alarm security process is a security process that notifies the terminal 100 that the fraudulent user is output so that the terminal 100 outputs a preset specific alarm, for example, an alarm or a siren that warns fraudulent use.
- the fraud alarm security processing may also be operated by the security management server 400.
- the content server 300 may transmit a notification of the illegal use of the terminal 100 to the security management server 400.
- Logging restriction security processing is a configuration in which the content server 300 determines that the terminal 100 is operated by an unauthorized user and restricts access to the corresponding server for a predetermined time. Alternatively, it is a security process that requires input of other information registered in advance for logging, and releases the logging restriction by checking additional input information.
- the above-described content server 300 may be at least one of a server that provides various contents such as an operator server for goods purchase, a payment server for goods payment, and a game server.
- the security management server 400 When the security management server 400 is informed from the content server 300 that the specific terminal 100 is performing an operation corresponding to fraudulent use, the security management server 400 restricts the use or location of the terminal 100 according to the security processing described above. You can control to perform tracking.
- the content server 300 may apply a user setting policy according to key values included in the input information. That is, the content server 300 may additionally provide the terminal 100 with a password input opportunity a predetermined number of times when an incorrect password input occurs without including the mine information or the dangerous direction pattern information according to the mine arrangement. Even in this additional input opportunity, if there is no correct password input, the security processing described above can be performed.
- the content server 300 checks whether the received input information corresponds to the mine release information, and if it corresponds to the mine release information, controls to release the mine from the security authentication screen. can do.
- the content server 300 may be configured to transmit a message or an alarm for inputting security setting information to the terminal 100 and to perform security authentication by comparing additional input information with security setting information. .
- the active security authentication providing system 10 is based on a security authentication screen including a land mine in which the content server 300 detects an unauthorized security release attempt when the terminal 100 attempts to access the terminal 100. Can be used to attempt secure authentication. Accordingly, the active security authentication providing system 10 of the present invention can perform more reliable security authentication, as well as more actively prevent fraud.
- the security management server 400 and the content server 300 are separated into separate configurations to perform functions related to security in the security management server 400, but the present invention is not limited thereto. That is, the content server 300 may directly perform location tracking, information deletion of a terminal, use restriction, etc. performed by the security management server 400 according to a user's agreement.
- FIG. 5 is a diagram illustrating a security authentication screen according to an embodiment of the present invention.
- the security authentication screen 500 of the present invention displayed on the display unit 140 includes a key map area 501 according to the random number matrix generated by the random number matrix generation unit 161 of the controller 160. And an input information output area 503 for outputting a specific symbol corresponding to user input information, and an authentication request area 505 for requesting security authentication as the input information.
- the key map area 501 is an area in which keys randomly arranged by a random number matrix are arranged in a matrix form.
- the key map area 501 shown in FIG. 5 is an area in which numeric keys are arranged.
- the key map area 501 may include a "regenerate" key area for requesting new key arrangements by a random number matrix, and a "clear" key area for removing a previously input key input.
- the user may perform key input corresponding to previously set security setting information by using a plurality of numeric keys, a regenerating key, and an erasing key output on the key map area 501.
- the input information output area 503 is an area for outputting a specific symbol corresponding to the corresponding keys as the user selects the numeric keys provided in the key map area 501.
- the input information output area 503 may output a number corresponding to the numeric keys that the user selects in the key map area 501.
- Numeric keys entered with can be substituted. The user selects at least one of the numeric keys and inputs a certain array of numbers, but if the number is not entered by mistake, the user can remove it using the "clear" key. If desired, the "regenerate" key can be used to request the arrangement of numeric keys by another random number matrix.
- the authentication request area 505 is an area for requesting security authentication based on the numeric keys selected from the key map area 501. That is, the user selects a password corresponding to the security setting information in the key map area 501 and then generates an input signal for requesting to compare the selected input information with preset security setting information.
- the user may select input information corresponding to security setting information storage, mine information storage, and security release information based on the security authentication screen shown in FIG. 5.
- mine information will be described in more detail with reference to FIG. 6.
- FIG. 6 is an exemplary screen illustrating a mine setting of the present invention.
- the user of the terminal 100 may set an item for detecting an unauthorized security release attempt while a security authentication screen is displayed.
- the terminal 100 may support setting at least one key of a specific key output on the security authentication screen as the item.
- security setting information for example, “886341” based on the security authentication screen shown in FIG. 5.
- the user may set "2" as the item.
- the user may select a method of applying the unauthorized security release attempt detection item, for example, a “4way” method.
- the terminal 100 may support to output the security authentication screen 500 as shown in FIG. 5 to the display unit 140.
- the terminal 100 may calculate the current security release information generated by the random number matrix together with the output of the security authentication screen 500. That is, the terminal 100 is applied to the security authentication screen 500 currently being output by referring to the key information "2" corresponding to the unauthorized security release attempt detection item set by the user and the "4way" method selected as the item application method. Calculate security release information.
- the “4way” method is a method of setting a key disposed in front, rear, left, and right of a region adjacent to a region where a key defined as a fraudulent security release attempt detection item is output, to be set as dangerous direction pattern information so as not to be input.
- the terminal 100 may determine that the input attempt is a fraudulent attempt. For example, when the key "2" defined as the unauthorized security release attempt detection item is placed in the center of the key map area 501, as shown in FIG. 6, the numbers 6, 5, 0, and 7 are dangerous direction patterns. It can be set as information. Then, when the previously stored security setting information is 886341, "88341" except for "6" may be actual security release information. Accordingly, the user may request security authentication confirmation by inputting “88341” in the key map area 501 and pressing the authentication request area 505 while the security authentication screen 500 is output.
- the method of setting the "4way” method to the dangerous direction pattern information to be removed from the password is set as a key located in the front, rear, left, and right of the unauthorized security release attempt detection item, but the present invention is not limited thereto. That is, the "4way” method may be a method of setting keys arranged in a diagonal direction as dangerous direction pattern information.
- the unauthorized security release attempt detection item may be disposed not only in the center of the key map area 501 but also in various areas such as an edge area or an edge area according to the random number matrix. If 9 is selected as the unauthorized security release attempt detection item, and the 4-way method is left, right, left, or right, a key area which should not be pressed in the security authentication screen shown in FIG. 6 may be "6, 9, 5".
- the security authentication screen 500 of the present invention may be configured in a form in which images, for example, fruit images, are arranged in a constant 4 ⁇ 5 matrix form as shown in FIG. 7.
- images for example, fruit images
- dangerous direction pattern information may be determined according to an application method set around the selected fruit image.
- the "8way” method is a method of setting the omnidirectional directions, ie, "front, rear, left and right and four corners" areas, which are not defined by the key defined as the unauthorized security release attempt detection item 801, as dangerous direction pattern information.
- the terminal 100 may check input information for releasing a mine defined as an unauthorized security release attempt detection item, and perform mine release when corresponding input information is input. For example, when the user touches down the authentication request area 505 for a predetermined time based on the security authentication screen 500 illustrated in FIG. 5, the terminal 100 may control to release the set mine. Then, the user may sequentially input 886341, which is preset security setting information, to obtain a security certificate. Or if the security setting information is 886341 and the landmine release number is 9, after entering "8", "8", instead of entering "6", enter "9" and then "3" and "4". "May be entered sequentially to obtain a security certificate.
- 886341 which is preset security setting information
- the method for providing active security authentication supports the application of an item for detecting an attempt to release an unauthorized security on a security authentication screen in which keys are arranged based on a random number matrix. Active prevention of fraud can be performed.
- the active security authentication providing method supports applying new security release information every time based on a key arrangement of a security authentication screen that is updated at every security release attempt or updated according to a user's request, and an arrangement position of an unauthorized security release attempt detection item. Accordingly, the security authentication process can be performed more reliably.
- the above-described terminal 100 has a short range communication module for short range communication, an interface for data transmission and reception by a wired communication method or a wireless communication method, an internet communication module for performing an Internet function by communicating with an internet network, and a digital device. It may further include components not mentioned above, such as a digital broadcasting module for performing broadcast reception and playback functions. These components can not be enumerated because all of them vary according to the convergence trend of digital devices, but the components equivalent to those already mentioned are additionally included in the above-mentioned devices. Can be.
- the terminal 100 of the present invention may be excluded from the above-described configuration or replaced with another configuration, depending on the form of the present invention. This will be readily understood by those of ordinary skill in the art.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephone Function (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (18)
- 다수개의 키를 난수 배열에 의하여 배치하는 난수 매트릭스 기반의 보안 인증 화면을 출력하고, 상기 다수개의 키 중 적어도 하나의 키 입력을 포함하는 입력 정보를 생성하여 컨텐츠 서버에 제공하여 상기 컨텐츠 서버로부터 상기 입력 정보에 따른 보안 인증을 획득하는 단말기;상기 단말기로부터 다수개의 키 중 부정 보안 해제 시도 검출을 위한 적어도 하나의 아이템 키 및 보안 인증을 위한 보안 설정 정보를 수신하여 등록하고, 해당 단말기 접속에 따라 보안 실행 조건을 만족하는 경우, 상기 다수개의 키를 난수 배열에 의하여 배치하고, 난수 배열된 상기 다수개의 키 중 아이템 키를 기반으로 인접한 키 영역 중 적어도 일부 키를 눌려서는 안되는 제외 키로 설정한 난수 매트릭스 기반의 보안 인증 화면을 상기 단말기로 제공하고, 상기 단말기로부터 수신한 상기 입력 정보에 따라 보안 인증 또는 부정사용 판단을 수행하되, 상기 입력 정보에 상기 제외 키가 포함된 경우 부정사용으로 판단하는 컨텐츠 서버;를 포함하는 것을 특징으로 하는 능동형 보안 인증 제공 시스템.
- 제1항에 있어서,상기 컨텐츠 서버는등록된 상기 보안 설정 정보에 포함된 키 중에서 적어도 하나의 제외 키가 포함되어 있는 경우, 보안 인증을 수행할 때 상기 보안 설정 정보에 포함된 제외 키를 제외한 보안 설정 정보로 보인 인증을 수행하는 것을 특징으로 하는 능동형 보안 인증 제공 시스템.
- 제2항에 있어서,상기 컨텐츠 서버는상기 입력 정보에 상기 제외 키가 포함되지 않은 경우 현재 출력 중인 보안 인증 화면에서의 상기 아이템 키 배치에 따라 결정되는 제외 키들을 상기 보안 설정 정보에서 제외하여 실제 적용할 보안 해제 정보를 산출하고, 상기 입력 정보가 상기 보안 해제 정보와 일치하는지 여부에 따라 상기 단말기의 부정사용을 판단하는 것을 특징으로 하는 능동형 보안 인증 제공 시스템.
- 제3항에 있어서,상기 컨텐츠 서버는상기 입력 정보에 아이템 키가 포함된 경우, 상기 입력 정보에 제외 키가 포함된 경우, 상기 입력 정보가 보안 해제 정보와 불일치하는 경우 각각에 따라 보안 처리 단계를 수행하는 것을 특징으로 하는 능동형 보안 인증 제공 시스템.
- 제3항에 있어서,상기 컨텐츠 서버는새로운 입력 정보를 재입력할 수 있는 일정 횟수 기회를 제공하거나, 부정사용에 대한 통보를 특정 보안 관리 서버에 알리거나, 보안 인증을 수행하는 단말기에 저장된 적어도 일부 정보를 삭제하거나, 부정사용에 대한 메시지나 알람을 상기 단말기에 제공하거나, 상기 단말기의 서버 접속을 제한하거나, 단말기의 위치 정보 또는 IP 정보를 기반으로 위치 추적을 수행하는 것을 특징으로 하는 능동형 보안 인증 제공 시스템.
- 제1항에 있어서,상기 컨텐츠 서버는상기 입력 정보가 상기 아이템 키를 제거하기 위한 입력 신호인지 여부를 확인하고, 상기 입력 정보가 상기 아이템 키 제거를 위한 입력 신호인 경우 상기 아이템 키를 상기 보안 인증 화면에 미적용하도록 제어하여 추후 입력되는 추가 입력 정보가 상기 아이템 키가 미 적용된 보안 설정 정보와 일치하는지 여부에 따라 상기 단말기의 부정사용을 판단하는 것을 특징으로 하는 능동형 보안 인증 제공 시스템.
- 다수개의 키 중 부정 보안 해제 시도 검출을 위한 적어도 하나의 아이템 키, 상기 아이템 키를 기반으로 인접한 키 영역 중 적어도 일부 키를 눌려서는 안되는 제외 키로 설정하는 아이템 적용 방식 및 보안 인증을 위한 보안 설정 정보를 저장하는 저장부;상기 다수개의 키를 난수 배열에 의하여 배치하는 난수 매트릭스 기반의 보안 인증 화면을 출력하는 표시부;상기 다수개의 키 중 적어도 하나의 키 입력을 포함하는 입력 정보를 생성하는 입력부;보안 실행 조건을 만족하는 경우, 상기 다수개의 키를 난수 배열에 의하여 배치하고, 난수 배열된 상기 다수개의 키 중 아이템 키를 기반으로 인접한 키 영역 중 적어도 일부 키를 눌려서는 안되는 제외 키로 설정한 난수 매트릭스 기반의 보안 인증 화면을 상기 표시부에 출력하고, 상기 입력부를 통해 생성된 입력 정보에 상기 제외 키가 포함된 경우 부정사용으로 판단하는 제어부;를 포함하는 것을 특징으로 하는 능동형 보안 인증 기능을 지원하는 단말기.
- 제7항에 있어서,상기 제어부는저장된 상기 보안 설정 정보에 포함된 키 중에서 적어도 하나의 제외 키가 포함되어 있는 경우, 보안 인증을 수행할 때 상기 보안 설정 정보에 포함된 제외 키를 제외한 보안 설정 정보로 보인 인증을 수행하는 것을 특징으로 하는 능동형 보안 인증 제공 시스템.
- 제8항에 있어서,상기 제어부는부정사용 판단 시, 상기 입력 정보에 아이템 키가 포함된 경우, 상기 입력 정보에 제외 키가 포함된 경우, 상기 입력 정보가 보안 해제 정보와 불일치하는 경우 각각에 따라 새로운 입력 정보의 기회를 설정된 횟수만큼 다시 제공하는 보안 처리, 부정사용에 대한 통보를 특정 보안 관리 서버에 알리는 보안 처리, 상기 저장부에 저장된 적어도 일부 정보를 삭제하는 보안 처리, 부정사용에 대한 메시지나 알람을 출력하는 보안 처리, 특정 서버 접속을 제한하는 보안 처리 중 적어도 하나를 수행하는 것을 특징으로 하는 능동형 보안 인증 기능을 제공하는 단말기.
- 제7항에 있어서,상기 보안 인증 화면은 숫자, 문자, 특수 문자, 이미지 또는 아이콘들이 일정 행렬로 배치된 매트릭스 구조의 키 맵 화면인 것을 특징으로 하는 능동형 보안 인증 기능을 제공하는 단말기.
- 제7항에 있어서,상기 제어부는상기 입력 정보가 상기 아이템 키를 제거하기 위한 입력 신호인지 여부를 확인하고, 상기 입력 정보가 상기 아이템 키 제거를 위한 입력 신호인 경우 상기 아이템 키를 상기 보안 인증 화면에 미적용하도록 제어하고,상기 아이템 키 제거 이후 추가로 입력되는 입력 정보가 상기 아이템 키가 미 적용된 보안 설정 정보와 일치하는지 여부를 비교하고, 일치하는 경우 보안 인증을 수행하고 일치하지 않는 경우 부정사용으로 판단하는 것을 특징으로 하는 능동형 보안 인증 기능을 제공하는 단말기.
- 다수개의 키 중 부정 보안 해제 시도 검출을 위한 적어도 하나의 아이템 키 및 보안 인증을 위한 보안 설정 정보를 등록하는 등록 단계;보안 실행 조건을 만족하는 경우, 상기 다수개의 키를 난수 배열에 의하여 배치하고, 난수 배열된 상기 다수개의 키 중 아이템 키를 기반으로 인접한 키 영역 중 적어도 일부 키를 눌려서는 안되는 제외 키로 설정한 난수 매트릭스 기반의 보안 인증 화면을 출력하는 단계;상기 다수개의 키 중 적어도 하나의 키 입력을 포함하는 입력 정보를 수신하는 단계;상기 입력 정보 중 상기 제외 키가 포함되어 있는지를 확인하는 확인 단계;상기 입력 정보 중 제외 키가 포함된 경우 부정사용으로 판단하는 단계;를 포함하는 것을 특징으로 하는 능동형 보안 인증 제공 방법.
- 제12항에 있어서,상기 등록 단계는상기 아이템 키를 기반으로 인접한 키 영역 중 적어도 일부 키를 눌려서는 안되는 제외 키로 설정하는 아이템 적용 방식 설정 단계;를 더 포함하고,상기 확인 단계는상기 입력 정보 중 아이템 적용 방식 설정에 따라 추가로 정의된 제외 키가 포함되어 있는지를 확인하는 단계;를 더 포함하는 것을 특징으로 하는 능동형 보안 인증 제공 방법.
- 제13항에 있어서,상기 입력 정보에 상기 제외 키가 포함되지 않은 경우 현재 출력 중인 보안 인증 화면에서의 상기 아이템 키 배치에 따라 결정되는 제외 키들을 상기 보안 설정 정보에서 제외하여 실제 적용할 보안 해제 정보를 산출하는 단계;상기 입력 정보가 상기 보안 해제 정보와 일치하는지 여부를 확인하는 단계;상기 입력 정보가 상기 보안 해제 정보와 일치하는 경우 보안 인증을 수행하고 일치하지 않는 경우 부정사용으로 판단하는 단계;를 더 포함하는 것을 특징으로 하는 능동형 보안 인증 제공 방법.
- 제14항에 있어서,상기 부정사용 판단에 따라 보안 처리를 수행하는 단계;를 더 포함하고,상기 보안 처리를 수행하는 단계는상기 입력 정보에 아이템 키가 포함된 경우, 상기 입력 정보에 제외 키가 포함된 경우, 상기 입력 정보가 보안 해제 정보와 불일치하는 경우 각각에 따라 보안 처리 단계를 수행하는 것을 특징으로 하는 능동형 보안 인증 제공 방법.
- 제12항에 있어서,상기 입력 정보가 상기 아이템 키를 제거하기 위한 입력 신호인지 여부를 확인하는 단계;상기 입력 정보가 상기 아이템 키 제거를 위한 입력 신호인 경우 상기 아이템 키를 상기 보안 인증 화면에 미적용하도록 제어하는 단계;를 더 포함하는 것을 특징으로 하는 능동형 보안 인증 제공 방법.
- 제16항에 있어서,상기 아이템 키 제거 이후 추가로 입력되는 입력 정보가 상기 아이템 키가 미 적용된 보안 설정 정보와 일치하는지 여부를 비교하고, 일치하는 경우 보안 인증을 수행하고 일치하지 않는 경우 부정사용으로 판단하는 단계;를 더 포함하는 것을 특징으로 하는 능동형 보안 인증 제공 방법.
- 제12항 내지 제17항 중 어느 한 항에 있어서,상기 부정사용 판단에 따라 보안 처리를 수행하는 단계;를 더 포함하고,상기 보안 처리를 수행하는 단계는새로운 입력 정보를 재입력할 수 있는 일정 횟수 기회를 제공하는 단계;부정사용에 대한 통보를 특정 보안 서버에 알리는 단계;보안 인증을 수행하는 단말기에 저장된 적어도 일부 정보를 삭제하는 단계;부정사용에 대한 메시지나 알람을 출력하는 단계;특정 서버 접속을 제한하는 단계;중 적어도 하나의 단계를 포함하는 것을 특징으로 하는 능동형 보안 인증 제공 방법.
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2011330044A AU2011330044B2 (en) | 2010-11-19 | 2011-11-08 | Method for providing active security authentication, and terminal and system for supporting same |
RU2013127799/08A RU2013127799A (ru) | 2010-11-19 | 2011-11-08 | Способ аутентификации с активной безопасностью и терминал и система для ее поддержки |
CA2818568A CA2818568A1 (en) | 2010-11-19 | 2011-11-08 | Method for providing active security authentication, and terminal and system for supporting the same |
US13/695,547 US9083701B2 (en) | 2010-11-19 | 2011-11-08 | Method for providing active security authentication, and terminal and system supporting same |
JP2013539750A JP5837607B2 (ja) | 2010-11-19 | 2011-11-08 | 能動型セキュリティー認証提供方法、これを支援する端末機及びシステム |
EP11842339.1A EP2642685A1 (en) | 2010-11-19 | 2011-11-08 | Method for providing active security authentication, and terminal and system for supporting same |
CN2011800213106A CN102859930A (zh) | 2010-11-19 | 2011-11-08 | 能动型安全认证提供方法以及支持该方法的终端机和*** |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020100115790A KR101151294B1 (ko) | 2010-11-19 | 2010-11-19 | 능동형 보안 인증 제공 방법, 이를 지원하는 단말기 및 시스템 |
KR10-2010-0115790 | 2010-11-19 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012067371A1 true WO2012067371A1 (ko) | 2012-05-24 |
Family
ID=46084236
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2011/008451 WO2012067371A1 (ko) | 2010-11-19 | 2011-11-08 | 능동형 보안 인증 제공 방법, 이를 지원하는 단말기 및 시스템 |
Country Status (9)
Country | Link |
---|---|
US (1) | US9083701B2 (ko) |
EP (1) | EP2642685A1 (ko) |
JP (1) | JP5837607B2 (ko) |
KR (1) | KR101151294B1 (ko) |
CN (1) | CN102859930A (ko) |
AU (1) | AU2011330044B2 (ko) |
CA (1) | CA2818568A1 (ko) |
RU (1) | RU2013127799A (ko) |
WO (1) | WO2012067371A1 (ko) |
Families Citing this family (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8959359B2 (en) * | 2012-07-11 | 2015-02-17 | Daon Holdings Limited | Methods and systems for improving the security of secret authentication data during authentication transactions |
US9262615B2 (en) | 2012-07-11 | 2016-02-16 | Daon Holdings Limited | Methods and systems for improving the security of secret authentication data during authentication transactions |
US10261757B2 (en) * | 2013-03-13 | 2019-04-16 | Northrop Grumman Systems Corporation | System and method for automated web processing service workflow building and application creation |
WO2014165948A1 (en) * | 2013-04-08 | 2014-10-16 | Balabanov Georgiev Stoyan | Method and terminal for accessing to e-services using a secure code |
US20140359725A1 (en) * | 2013-06-04 | 2014-12-04 | Mark Rodney Anson | System and Method for Providing Authentication and Authorisation for a Person to Perform Specific Instructions (Tasks) |
CN105659244A (zh) * | 2013-08-12 | 2016-06-08 | 朴炫秀 | 使用附加代码的安全***、设备和方法 |
JP6268814B2 (ja) * | 2013-08-28 | 2018-01-31 | 富士通株式会社 | 情報処理装置、情報処理方法、及び情報処理プログラム |
US9774839B2 (en) * | 2013-08-30 | 2017-09-26 | Glasses.Com Inc. | Systems and methods for color correction of images captured using a mobile computing device |
JP5860443B2 (ja) * | 2013-08-30 | 2016-02-16 | 京セラドキュメントソリューションズ株式会社 | 認証プログラムおよび認証装置 |
KR20150049596A (ko) * | 2013-10-30 | 2015-05-08 | 삼성전자주식회사 | 보안 입력 방법 및 그 전자 장치 |
JP6524635B2 (ja) * | 2013-11-06 | 2019-06-05 | 株式会社リコー | 情報蓄積システム及び情報蓄積方法 |
CN103793668A (zh) * | 2014-01-22 | 2014-05-14 | 北京京东方显示技术有限公司 | 一种密码输入装置 |
KR101519301B1 (ko) * | 2014-06-26 | 2015-05-11 | 황영만 | 일회용 패스워드 생성장치 및 이를 이용한 인증방법 |
KR101547792B1 (ko) | 2015-01-21 | 2015-08-26 | 주식회사 엔씨소프트 | 격자 패턴을 이용한 사용자 인증 방법 및 시스템 |
US9674178B2 (en) * | 2015-02-05 | 2017-06-06 | Ca, Inc. | Secure user input mode using randomized mapping between ordered sets of symbols |
US9715111B2 (en) * | 2015-03-27 | 2017-07-25 | Ca, Inc. | Secure user input mode for electronic devices using randomized locations of selection indicia |
JP6387887B2 (ja) * | 2015-04-08 | 2018-09-12 | 京セラドキュメントソリューションズ株式会社 | 認証装置、認証プログラム、及び認証システム |
US9401914B1 (en) | 2015-06-05 | 2016-07-26 | International Business Machines Corporation | Utilization of multiple keypads for password inputs |
CN105930065A (zh) * | 2015-12-08 | 2016-09-07 | ***股份有限公司 | 一种操作指令输入方法、后台设备及终端 |
KR102582923B1 (ko) * | 2016-10-28 | 2023-09-26 | 삼성전자주식회사 | 컨텐츠 보호 방법 및 이를 지원하는 전자 장치 |
KR20180062868A (ko) * | 2016-12-01 | 2018-06-11 | 삼성전자주식회사 | 디스플레이 장치 및 방법 |
CN106709369A (zh) * | 2016-12-26 | 2017-05-24 | 宇龙计算机通信科技(深圳)有限公司 | 终端异常时的数据处理方法和数据处理装置 |
CN107733872B (zh) * | 2017-09-18 | 2022-03-25 | 北京小米移动软件有限公司 | 信息打印方法及装置 |
US11010467B2 (en) * | 2018-10-30 | 2021-05-18 | Blue Popcon Co.Ltd | Multifactor-based password authentication |
US11803629B2 (en) * | 2020-11-13 | 2023-10-31 | Google Llc | Systems, methods, and media for obfuscated personal identification number entry on media devices |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060215360A1 (en) * | 2005-03-24 | 2006-09-28 | Chyi-Yeu Lin | Password input and verification method |
KR20080008459A (ko) * | 2006-07-20 | 2008-01-24 | 삼성전자주식회사 | 전자기기에서 불법 접근 방지 방법 및 장치 |
KR20080027530A (ko) * | 2006-09-25 | 2008-03-28 | 삼성전자주식회사 | 전자기기에서 금지키를 이용한 불법 접근 방지 방법 및장치 |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6980081B2 (en) * | 2002-05-10 | 2005-12-27 | Hewlett-Packard Development Company, L.P. | System and method for user authentication |
JP3789462B2 (ja) * | 2002-09-12 | 2006-06-21 | 三菱電機株式会社 | 認証システム及び認証装置及び端末装置及び認証方法 |
US20060206919A1 (en) * | 2005-03-10 | 2006-09-14 | Axalto Sa | System and method of secure login on insecure systems |
CN1687860A (zh) * | 2005-04-14 | 2005-10-26 | 慈孟夫 | 口令认证禁止键隐蔽自锁报警保护方法 |
CN101110667B (zh) * | 2006-07-19 | 2012-05-23 | 华为技术有限公司 | 用户认证方法和用户认证*** |
US8479288B2 (en) * | 2006-07-21 | 2013-07-02 | Research In Motion Limited | Method and system for providing a honeypot mode for an electronic device |
US8615662B2 (en) * | 2007-01-31 | 2013-12-24 | Microsoft Corporation | Password authentication via a one-time keyboard map |
US20090144162A1 (en) * | 2007-11-29 | 2009-06-04 | Neil Milne | Transaction Security Method and Apparatus |
KR100817767B1 (ko) * | 2008-01-14 | 2008-03-31 | 알서포트 주식회사 | 아이콘 암호를 이용한 인증방법 |
US20100109920A1 (en) * | 2008-11-05 | 2010-05-06 | Michael Dennis Spradling | Security - input key shuffle |
US20100185871A1 (en) * | 2009-01-15 | 2010-07-22 | Authentiverse, Inc. | System and method to provide secure access to personal information |
US8468598B2 (en) * | 2010-08-16 | 2013-06-18 | Sap Ag | Password protection techniques using false passwords |
US8782404B2 (en) * | 2010-09-07 | 2014-07-15 | Nicholas L. Lamb | System and method of providing trusted, secure, and verifiable operating environment |
-
2010
- 2010-11-19 KR KR1020100115790A patent/KR101151294B1/ko active IP Right Grant
-
2011
- 2011-11-08 AU AU2011330044A patent/AU2011330044B2/en not_active Ceased
- 2011-11-08 CN CN2011800213106A patent/CN102859930A/zh active Pending
- 2011-11-08 US US13/695,547 patent/US9083701B2/en not_active Expired - Fee Related
- 2011-11-08 EP EP11842339.1A patent/EP2642685A1/en not_active Withdrawn
- 2011-11-08 CA CA2818568A patent/CA2818568A1/en not_active Abandoned
- 2011-11-08 JP JP2013539750A patent/JP5837607B2/ja not_active Expired - Fee Related
- 2011-11-08 RU RU2013127799/08A patent/RU2013127799A/ru not_active Application Discontinuation
- 2011-11-08 WO PCT/KR2011/008451 patent/WO2012067371A1/ko active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060215360A1 (en) * | 2005-03-24 | 2006-09-28 | Chyi-Yeu Lin | Password input and verification method |
KR20080008459A (ko) * | 2006-07-20 | 2008-01-24 | 삼성전자주식회사 | 전자기기에서 불법 접근 방지 방법 및 장치 |
KR20080027530A (ko) * | 2006-09-25 | 2008-03-28 | 삼성전자주식회사 | 전자기기에서 금지키를 이용한 불법 접근 방지 방법 및장치 |
Also Published As
Publication number | Publication date |
---|---|
KR101151294B1 (ko) | 2012-06-08 |
US9083701B2 (en) | 2015-07-14 |
CN102859930A (zh) | 2013-01-02 |
EP2642685A1 (en) | 2013-09-25 |
CA2818568A1 (en) | 2012-05-24 |
JP2013544404A (ja) | 2013-12-12 |
JP5837607B2 (ja) | 2015-12-24 |
AU2011330044B2 (en) | 2015-05-07 |
US20130047238A1 (en) | 2013-02-21 |
RU2013127799A (ru) | 2014-12-27 |
AU2011330044A1 (en) | 2013-07-11 |
KR20120054425A (ko) | 2012-05-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2012067371A1 (ko) | 능동형 보안 인증 제공 방법, 이를 지원하는 단말기 및 시스템 | |
EP3706022B1 (en) | Permissions policy manager to configure permissions on computing devices | |
CN100568212C (zh) | 隔离***及隔离方法 | |
WO2018124857A1 (ko) | 블록체인 기반의 모바일 아이디를 이용하여 사용자를 비대면 인증하는 방법, 단말 및 이를 이용한 서버 | |
WO2013176491A1 (ko) | 웹 서비스 사용자 인증 방법 | |
WO2015069018A1 (ko) | 보안 로그인 시스템, 방법 및 장치 | |
Guerar et al. | Using screen brightness to improve security in mobile social network access | |
KR101534307B1 (ko) | 스마트기기를 통한 내부 기밀 자료 유출 방지 및 추적 시스템 및 그 방법 | |
WO2016064041A1 (ko) | 해쉬값을 이용하여 응용 프로그램의 위변조 여부를 탐지하는 사용자 단말기 및 그것을 이용한 위변조 탐지 방법 | |
WO2018026109A1 (ko) | 네트워크를 사용하여 게이트에 대한 액세스 허용 여부를 결정하는 방법, 서버 및 컴퓨터 판독 가능한 기록 매체 | |
WO2015105222A1 (ko) | 이동 단말기의 해킹 방지 시스템 및 그 방법 | |
WO2014061897A1 (ko) | 이동 사용자 단말기를 이용한 로그인 확인 및 승인 서비스 구현 방법 | |
WO2016064040A1 (ko) | 서명정보를 이용하여 응용 프로그램의 위변조 여부를 탐지하는 사용자 단말기 및 그것을 이용한 위변조 탐지 방법 | |
WO2018026108A1 (ko) | 네트워크를 사용하여 게이트에 대한 액세스 허용 여부를 결정하는 방법, 권한자 단말 및 컴퓨터 판독 가능한 기록 매체 | |
WO2012169752A2 (ko) | 접속 시도 기기 인증 시스템 및 방법 | |
CN104021076B (zh) | 应用测试方法及路由器 | |
WO2015026183A1 (ko) | Sw 토큰을 이용한 오프라인 로그인 방법 및 이를 적용한 모바일 기기 | |
WO2014163420A1 (ko) | 본인 인증 시스템 및 그 제공방법 | |
WO2014010875A1 (ko) | 페어장치와 연동되는 애플리케이션 실행 및 결제방법, 이를 위한 디지털 시스템 | |
Thotadi et al. | E-Brightpass: A Secure way to access social networks on smartphones | |
US20230116384A1 (en) | Obfuscation of sensitive information through non-visual feedback | |
WO2024143612A1 (ko) | 사용자의 모바일 기기를 이용한 계정 정보 관리 방법 | |
WO2024144174A1 (ko) | 사용자의 모바일 기기를 이용한 계정 정보 관리 방법 | |
KR101613664B1 (ko) | 인증서를 이용한 전자거래에서의 본인확인기능을 강화한 보안 시스템 | |
KR101592475B1 (ko) | 회원제 인터넷 사이트 불법 이용 방지 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201180021310.6 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11842339 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2013539750 Country of ref document: JP Kind code of ref document: A |
|
REEP | Request for entry into the european phase |
Ref document number: 2011842339 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13695547 Country of ref document: US Ref document number: 2011842339 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2818568 Country of ref document: CA |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2013127799 Country of ref document: RU Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2011330044 Country of ref document: AU Date of ref document: 20111108 Kind code of ref document: A |