WO2014092425A1 - Procédé pour effectuer une authentification d'utilisateur intégrée par génération de nombre aléatoire - Google Patents

Procédé pour effectuer une authentification d'utilisateur intégrée par génération de nombre aléatoire Download PDF

Info

Publication number
WO2014092425A1
WO2014092425A1 PCT/KR2013/011392 KR2013011392W WO2014092425A1 WO 2014092425 A1 WO2014092425 A1 WO 2014092425A1 KR 2013011392 W KR2013011392 W KR 2013011392W WO 2014092425 A1 WO2014092425 A1 WO 2014092425A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
authentication key
user
key
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2013/011392
Other languages
English (en)
Korean (ko)
Inventor
정진원
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2014092425A1 publication Critical patent/WO2014092425A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Definitions

  • the present invention relates to a method for integrated user authentication by random number generation, and more specifically, a new authentication key is generated and registered every time authentication is performed after registering an authentication key generated through a random number in a user terminal.
  • the present invention relates to a user integrated authentication method by generating a random number that enhances security by updating a registered authentication key with a newly generated authentication key after performing authentication by encrypting the authentication key.
  • Such a banking service provides a great convenience for personal financial activities by allowing a user to perform a predetermined financial activity without going to a securities company or a bank.
  • a user authentication procedure for identifying a user is an essential element.
  • the method of checking the ID and password for user authentication has a high risk of hacking, and measures to enhance security such as increasing the number of digits of the password are still pointed out as problems of user inconvenience and security vulnerability.
  • a user authentication method using a public key based authentication protocol has been proposed.
  • a public key infrastructure (PKI) authentication technology a trusted third party is referred to as a certification authority. Responsible for maintaining and managing information on owned sites.
  • the same one-time password is distributed to the service providing server that requires authentication with the user, and the user enters it and verifies it on the service providing server.
  • the present invention was created to improve the above-mentioned problems, and after registering the authentication key generated by the random number in the user terminal in the integrated authentication server, the authentication key newly generated by creating an authentication key when authentication is required from the service providing server. After the authentication is completed by performing authentication between the service providing server and the integrated authentication server, the authentication key registered in the user terminal and the integrated authentication server is renewed with the newly generated authentication key and encrypted with a new authentication key each time authentication is performed.
  • the purpose of the present invention is to provide an integrated user authentication method by random number generation that can be authenticated to enhance security and improve convenience of use.
  • the user terminal inputs the authentication key generated through the authentication key generation module and authentication information input from the user to the integrated authentication server to request registration and perform initial authentication.
  • Performing a step of registering a user Generating, by the user terminal, a new authentication key through the authentication key generation module according to the authentication information input request of the service providing server, encrypting the registered authentication key with the authentication information input from the user, and transmitting it to the service providing server;
  • the service providing server requesting user authentication by transmitting the transmitted authentication information and the encrypted authentication key to the integrated authentication server;
  • the integrated authentication server decrypts the new authentication key encrypted through the authentication information transmitted from the service providing server and the registered authentication key, renews with the new authentication key, transmits the authentication result to the user terminal, and approves user authentication with the service providing server. Doing; And updating, by the user terminal, with a new authentication key according to the authentication confirmation result transmitted from the integrated authentication server.
  • updating to a new authentication key is characterized by deleting one of the registered authentication keys and registering a new authentication key.
  • the registering of the user may include: requesting registration by the user terminal transmitting the first authentication key and the second authentication key generated through the authentication key generation module together with the authentication information input from the user to the integrated authentication server; Storing the first authentication key and the second authentication key together with the authentication information transmitted by the integrated authentication server and requesting initial authentication to the user terminal; Generating, by the user terminal, a third authentication key through an authentication key generation module according to an initial authentication request, encrypting the third authentication key through the first authentication key and the second authentication key, and transmitting the third authentication key to the integrated authentication server; The integrated authentication server decrypts the encrypted third authentication key through the stored first authentication key and the second authentication key, deletes the first authentication key, stores the third authentication key, updates the authentication key, and then registers the user. Transmitting to a terminal; And updating the authentication key by deleting the first authentication key and storing the third authentication key according to the registration completion.
  • the authentication key generation module is connected to the user terminal through the interface unit, the calculation unit generates an authentication key through the random number pulse generated from the RPG module to provide to the user terminal, and stores and deletes the authentication key in the storage unit It is done.
  • the authentication information includes an ID of the user or further includes any one or more of a password and personal information in addition to the user ID.
  • the present invention registers the authentication key generated through the random number in the user authentication terminal in the integrated authentication server, when the service providing server requires authentication, generates a new authentication key, encrypts it with the registered authentication key, and transmits it.
  • the authentication key registered in the user terminal and the integrated authentication server is updated with a newly generated authentication key, so that each time authentication is performed, the authentication key can be encrypted and authenticated to enhance security.
  • the authentication key is automatically transmitted and received between the user terminal, the service providing server, and the integrated authentication server, thereby performing authentication. There is no inconvenience or error due to the convenience of use can be improved.
  • FIG. 1 is a block diagram illustrating a user integrated authentication system for applying a user integrated authentication method by random number generation according to an embodiment of the present invention.
  • FIG. 2 is a flowchart illustrating a user integrated authentication method by random number generation according to an embodiment of the present invention.
  • FIG. 1 is a block diagram illustrating a user integrated authentication system for applying a user integrated authentication method by random number generation according to an embodiment of the present invention.
  • the integrated user authentication system includes a user terminal 10 having an authentication key generation module 20, a service providing server 50, and an integrated authentication server 40.
  • the user terminal 10 When the user terminal 10 is connected to the service providing server 50 through the network 30 and receives the service, if the user terminal 10 inputs an ID and password according to the authentication procedure, the user terminal 10 includes the authentication key generation module 20 included in the user terminal. The generated new authentication key is transmitted to the service providing server 50, and the service providing server 50 transmits an ID, password, and a new authentication key to the integrated authentication server 40 to request user authentication by the integrated authentication server 40. The user authentication is performed using the authentication information and the registered authentication key, and according to the result, the service providing server 50 provides a service to the user terminal 10.
  • the authentication key generation module 20 may be installed in the user terminal 10 including an interface unit 22, a calculation unit 24, a RPG (random pulse generation) module 26 and a storage unit 28.
  • the terminal may be configured to be connected to the user terminal 10 using an independent USB medium.
  • the authentication key generation module 20 is connected to the user terminal 10 through the interface unit 22, the operation unit 24 generates the authentication key through a random number pulse generated from the RPG module 26 to the user terminal ( 10) to update the registered authentication key by storing and deleting the authentication key in the storage unit 28.
  • the integrated authentication server 40 registers the authentication information input by the user and the authentication key generated by the authentication key generation module 20 and then checks the authentication information and the registered authentication key when requesting user authentication from the service providing server 50. Approve user authentication.
  • the integrated authentication server 40 and the user terminal 10 is connected through the network 30 when the authentication is completed in the process of performing authentication every time the authentication is performed by updating the authentication key registered with a new authentication key It is renewed with new authentication key to enhance security.
  • the service providing server 50 does not have an independent authentication procedure
  • the authentication information and the authentication key input from the user terminal 10 are transferred to the integrated authentication server 40 to perform user authentication in the integrated authentication server 40.
  • the result of the approval can complete the certification process and provide the service.
  • FIG. 2 is a flowchart illustrating a user integration authentication method by random number generation according to an embodiment of the present invention.
  • a user terminal 10 is inputted from an authentication key generated by an authentication key generation module 20 and a user.
  • the user registration procedure is performed by inputting authentication information into the integrated authentication server 40 to request registration and performing initial authentication.
  • the user terminal 10 transmits the user ID (ID: brucejay01) and the password (PW: jb060816), which are authentication information input from the user (S10), and generates the first authentication generated through the authentication key generation module 20.
  • the key R1: 0B0814BC and the second authentication key R2: 59F810C1 are transmitted to the integrated authentication server 40 to request registration (S12) (S14).
  • the authentication information may include an ID of the user, and may further include any one or more of a password (PW) and personal information in addition to the ID of the user. That is, the password and the personal information may be omitted.
  • PW password
  • the integrated authentication server 40 stores the first authentication key (R1: 0B0814BC) and the second authentication key (R2: 59F810C1) together with the transmitted authentication information, and then requests initial authentication to the user terminal 10. (S16) (S18).
  • the user terminal 10 generates a third authentication key (R3: 1EFE3C29) through the authentication key generation module 20 according to the initial authentication request (S20), and then generates a third authentication key (R3: 1EFE3C29) first.
  • the third authentication key R3 is encrypted (R1 + R3: 15F6B32E) with the first authentication key R1 through the authentication key R1: 0B0814BC and the second authentication key R2: 59F810C1, respectively, and the second authentication key
  • the third authentication key R3 is encrypted (R2 + R3: 4706B753) by (R2) and transmitted to the integrated authentication server 40 (S22).
  • the integrated authentication server 40 decrypts the third authentication key (R3: 1EFE3C29) through the first authentication key (R1: 0B0814BC) and the second authentication key (R2: 59F810C1), which store the encrypted authentication key.
  • the key R1 is deleted and the third authentication key R3 is stored to update the authentication key with the second authentication key R2 and the third authentication key R3 (S24). Then, the registration completion is transmitted to the user terminal 10 (S26).
  • the user terminal 10 deletes the first authentication key (R1) and stores the third authentication key (R3) in accordance with the registration is completed, the authentication key with the second authentication key (R2) and third authentication key (R3)
  • the registration procedure is completed by updating (S28).
  • the service providing server 50 requests the authentication information input (S30) (S32).
  • the user terminal 10 generates a new fourth authentication key (R4: 68D4BK91) through the authentication key generation module 20 according to the authentication information input request of the service providing server 50 (S34).
  • the fourth authentication key R4 is encrypted with the registered second authentication key R2 (R2 + R4: 1G12JW08), and the fourth authentication key R4 is encrypted with the third authentication key R3 (R3).
  • + R4: 92F51M41 it transmits to the service providing server 50 together with the user ID (ID: brucejay01) and the password (PW: jb060816), which are authentication information input from the user (S36).
  • the service providing server 50 requests user authentication by transmitting the transmitted authentication information (ID, PW) and encrypted authentication keys (R2 + R4, R3 + R4) to the integrated authentication server 40 (S38).
  • Integrated authentication server 40 is encrypted through the authentication key (R2, R3) registered in the authentication information of the user ID (ID: brucejay01) and password (PW: jb060816) transmitted from the service providing server 50 ( After decrypting the fourth authentication key (R4: 68D4BK91) by decrypting R2 + R4, R3 + R4), the second authentication key (R2) is deleted and the fourth authentication key (R4) is stored to save the third authentication key (R3). ) And the fourth authentication key (R4) is updated (S40).
  • the authentication confirmation result is transmitted to the user terminal 10 (S42), and the user authentication is granted to the service providing server 50 (S46).
  • the user terminal 10 deletes the second authentication key R2 and stores the fourth authentication key R4 according to the authentication confirmation result transmitted from the integrated authentication server 40 to store the third authentication key R3 and the fourth.
  • the authentication key is updated with the authentication key R4 (S44).
  • the service providing server 50 When the authentication procedure is completed between the user terminal 10, the service providing server 50, and the integrated authentication server 40, the service providing server 50 provides the service to the user terminal 10 (S48).
  • the user integrated authentication method when the authentication key is generated through the random number pulse generated by the RPG module 26 to perform authentication through the unique authentication key of the user terminal 10.
  • security can be enhanced, and authentication is automatically performed between the user terminal 10, the service providing server 50, and the integrated authentication server 40 without user input. There is no inconvenience or error due to the convenience of use can be improved.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention porte sur un procédé pour effectuer une authentification d'utilisateur intégrée par génération de nombre aléatoire, l'authentification pouvant être effectuée par cryptage avec une nouvelle clé d'authentification chaque fois que l'authentification est effectuée par génération d'une nouvelle clé d'authentification lorsqu'un serveur de fourniture de service demande une authentification après qu'un terminal utilisateur a enregistré une clé d'authentification générée à l'aide de nombres aléatoires dans un serveur d'authentification intégrée, cryptage de la clé d'authentification nouvellement générée avec la clé d'authentification enregistrée, transmission de la clé d'authentification cryptée et mise à jour de la clé d'authentification enregistrée dans le terminal utilisateur et le serveur d'authentification intégrée à la clé d'authentification nouvellement générée lorsque l'authentification est achevée par réalisation d'une authentification entre le serveur de fourniture de service et le serveur d'authentification intégrée. La sécurité peut ainsi être améliorée, et il n'existe pas d'inconvénient ni d'erreur dus à une entrée d'un utilisateur par réalisation de l'authentification au moyen d'une transmission et d'une réception automatiques d'une clé d'authentification entre le serveur de fourniture de service et le serveur d'authentification intégrée, ce qui permet d'améliorer la commodité d'utilisation.
PCT/KR2013/011392 2012-12-13 2013-12-10 Procédé pour effectuer une authentification d'utilisateur intégrée par génération de nombre aléatoire Ceased WO2014092425A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2012-0145203 2012-12-13
KR1020120145203A KR101244853B1 (ko) 2012-12-13 2012-12-13 난수발생에 의한 사용자 통합 인증방법

Publications (1)

Publication Number Publication Date
WO2014092425A1 true WO2014092425A1 (fr) 2014-06-19

Family

ID=48182100

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2013/011392 Ceased WO2014092425A1 (fr) 2012-12-13 2013-12-10 Procédé pour effectuer une authentification d'utilisateur intégrée par génération de nombre aléatoire

Country Status (2)

Country Link
KR (1) KR101244853B1 (fr)
WO (1) WO2014092425A1 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101523760B1 (ko) * 2013-07-22 2015-05-28 주식회사 이와이엘 난수발생에 의한 이모빌라이져 장치 및 그 인증방법
KR101553116B1 (ko) * 2013-11-20 2015-09-14 (주)에이티솔루션즈 카드와 단말기 간 암호키 갱신 방법
KR101699810B1 (ko) 2016-05-31 2017-01-26 주식회사 이와이엘 양자 랜덤펄스 생성기
US10133555B2 (en) 2016-09-08 2018-11-20 Eyl Inc. Method of operating random pulse generator apparatus using radioisotope
KR102093317B1 (ko) 2018-08-13 2020-03-25 주식회사 이와이엘 무기섬광체를 이용한 난수생성방법 및 난수생성장치
KR102123820B1 (ko) * 2019-07-31 2020-06-23 국민대학교산학협력단 컴퓨터 실행 가능한 경량 난수 생성 장치 및 방법

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003216581A (ja) * 2002-01-25 2003-07-31 Fujitsu Ltd 乱数リストを用いた多重認証システムおよび方法
JP2007043416A (ja) * 2005-08-02 2007-02-15 Hitachi Ltd 認証方法、情報処理システム、及びプログラム
KR100860573B1 (ko) * 2006-12-01 2008-09-26 (재)대구경북과학기술연구원 사용자 인증 방법

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001357018A (ja) 2000-06-14 2001-12-26 Nippon Telegr & Teleph Corp <Ntt> 動的パスワード認証方法、装置およびその方法を記録した記録媒体

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003216581A (ja) * 2002-01-25 2003-07-31 Fujitsu Ltd 乱数リストを用いた多重認証システムおよび方法
JP2007043416A (ja) * 2005-08-02 2007-02-15 Hitachi Ltd 認証方法、情報処理システム、及びプログラム
KR100860573B1 (ko) * 2006-12-01 2008-09-26 (재)대구경북과학기술연구원 사용자 인증 방법

Also Published As

Publication number Publication date
KR101244853B1 (ko) 2013-03-18

Similar Documents

Publication Publication Date Title
US20250014021A1 (en) Cryptographic mechanisms including means for verifying the identity of a user of a system utilising key distribution involving additional devices
US10829088B2 (en) Identity management for implementing vehicle access and operation management
US11055802B2 (en) Methods and apparatus for implementing identity and asset sharing management
WO2021009645A1 (fr) Système et procédé pour identifier une instance de navigateur dans une session de navigateur avec un serveur
US20090187980A1 (en) Method of authenticating, authorizing, encrypting and decrypting via mobile service
CN102769623B (zh) 基于数字证书和生物识别信息进行双重认证的方法
KR20140127303A (ko) 다중 팩터 인증 기관
RU2008141288A (ru) Аутентификация для коммерческой транзакции с помощью мобильного модуля
CN113939839A (zh) 计算机实现的系统和方法
KR20070097736A (ko) 지역 도메인 관리 모듈을 가진 장치를 이용하여 도메인을지역적으로 관리하는 장치 및 방법
JP7135569B2 (ja) 端末登録システムおよび端末登録方法
WO2014092425A1 (fr) Procédé pour effectuer une authentification d&#39;utilisateur intégrée par génération de nombre aléatoire
CN101527634B (zh) 账户信息与证书绑定的系统和方法
US20090199009A1 (en) Systems, methods and computer program products for authorising ad-hoc access
JP2022545659A (ja) 承諾アーキテクチャ用の認証アプリ
CN110278084A (zh) eID建立方法、相关设备及系统
US12554828B2 (en) Multi-factor authentication using blockchain
WO2019163040A1 (fr) Système de gestion d&#39;accès et programme associé
CN101291220B (zh) 一种身份安全认证的系统、装置及方法
RU2007138849A (ru) Сетевые коммерческие транзакции
CN109005032A (zh) 一种路由方法和装置
CN104301288B (zh) 在线身份认证、在线交易验证、在线验证保护的方法与系统
KR20090017839A (ko) 모바일 단말 이용한 전자서명 무선공인인증서비스 시스템및 제공방법
JP4499575B2 (ja) ネットワークセキュリティ方法およびネットワークセキュリティシステム
KR102542840B1 (ko) 오픈 api 기반의 금융 인증 서비스 제공 방법 및 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13863490

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13863490

Country of ref document: EP

Kind code of ref document: A1