KR20020087656A - Method for certifying a right user using a wireless communication apparatus - Google Patents

Abstract

PURPOSE: A method for authenticating a fair user using a wireless communication device is provided which can prevent a series of service accesses from being proceeded when a series of short message passwords transmitted wirelessly are hacked by a malicious and unfair user, and thus can minimize the unpredicted damage of a fair user. CONSTITUTION: A fair user authentication system comprises the first authentication system(100) based on a series of wire internet networks and the second authentication system(200) based on a series of wireless internet networks. The first authentication system comprises the first interface module(101), the first authentication management server(102), an encryption message information D/B(103) and an operation message information D/B(104), and various encryption information required in a series of encryption processes are stored in the encryption message information D/B. The first authentication management server proceeds a series of user authentication preparation processes systematically, and the first interface module processes various event data transmitted from a service provider system(300) accessing through an internet network, and transfers the event data to the first authentication management server, and also processes various information from the first authentication management server and then transfers them to the service provider system.

Description

Method for certifying a right user using a wireless communication apparatus}

The present invention relates to a party user authentication method using a wireless communication device, and more particularly, to a series of party user authentication processes, for example, "user wireless communication information returned to the authentication management server and wireless communication information input by the user himself. By employing a predetermined encryption technique as a background, a process of determining whether the data is matched with a background of a series of Internet services other than a party user, even if a series of short passwords transmitted over a wireless section are hacked by an unjust-intentional user during the transmission, It relates to a party user authentication method using a wireless communication device that can be blocked in advance so that access can not proceed normally.

Recently, with the rapid development of technology in the field of information and communication, the use of the Internet has become a general trend, and in accordance with the trend of the generalization of the Internet, numerous kinds of Internet websites have been widely opened by arbitrary service providers. It is becoming.

For example, Korean Patent Laid-Open Publication No. 2000-37105 "Advertising and shopping system and method using Internet game", Korean Patent Laid-Open Publication No. 2000-37174 "Intermediary for special information exchange and operation method using the Internet", Korean Patent Korean Patent Publication No. 2000-37207 "Method for managing registration of personal information on website", Korean Patent Publication No. 2000-37229 "System and method for advertisement of advertisement through dividend payment service", Korean Patent Publication No. 2000-37242 " Personal portal website operation system and operation method, Korean Patent Publication No. 2000-37385 "Operation apparatus and method of the website related to visual creation" and the like are described in detail various kinds of Internet websites according to the prior art. .

In general, the above-described conventional service providers use a series of " through a variety of paths " so that access to the service by unauthorized users can be blocked in advance whenever a series of Internet events, such as Internet events requiring payment, occur. Party user authentication process ".

For example, service providers perform a process of confirming a user's unique number, for example, a social security number, in advance, before a full-fledged Internet service is performed, so that "use of Internet service" by an unauthorized user can be blocked in advance.

However, in recent years, as personal information is leaked frequently, personal identification numbers such as social security numbers are easily leaked, and as mentioned above, most Internet websites, while proceeding to confirm the user's social security number, Without any countermeasures, most of them allow the unauthorized users to access the service.

In recent years, as the technology related to the short message service (SMS) is swiftly developed, a series of user authentication technologies that link this SMS with a user's wireless communication device has been improved. It is attracting much attention as an authentication technology.

When such a conventional "SMS / Wireless user connection technology" is implemented, any service provider transmits a series of short passwords to the user's wireless communication system through a systematic connection process with a wireless communication company. In the future, the user's legitimacy is judged by judging whether or not the specific password inputted by the service user is identical to the "short password previously transmitted to the wireless communication device".

In this case, since the validity of the user is proved based on the "owner's possession of the wireless device", in the service provider, the illegal user is a party user, even if any illegal user steals the social security number of the party user. Unless even a wireless device is stolen, a series of defenses can be provided that prevents normal services from being used, which in turn can significantly reduce the unforeseen damage of party users.

For example, Korean Patent Publication No. 2000-6796 "Electronic payment method using a mobile phone", Korean Patent Publication No. 2000-12391 "Electronic payment method and system on the Internet", Korean Patent Publication No. 2000-24137 " Payment method in Internet e-commerce using mobile communication, and Korean Patent Publication No. 2000-37355, "Method and system for approving electronic payment using short message service," such as "SMS / Wireless communication system linked user authentication" Technology "is more varied.

However, the conventional "SMS / wireless communication system-type user authentication technology" described above has a fatal drawback in that there is no separate security system in the "wireless section" between the base station of the wireless communication company and the wireless communication device possessed by the user. Therefore, unless the service provider utilizing the countermeasures is taken, the party user / service provider, etc., hacks a series of short passwords transmitted over the wireless section by the wrongful user during the transmission. There is no choice but to suffer from technical problems that can be hacked.

If a series of short passwords transmitted over a wireless section are hacked by a malicious user during the transmission, the service provider may perform an "SMS / Wireless User Linked Technology", but the user may not be able to use it. Will be allowed to access most services without any countermeasures. At this time, if the Internet service is a service that can cause enormous financial damage to party users, for example, an e-commerce service such as home shopping, the damage that party users / service providers may inevitably increase.

Accordingly, an object of the present invention is to encrypt a predetermined sequence of party user authentication processes, for example, "a process of determining whether the user wireless communication information returned to the authentication management server and the wireless communication information input by the user are identical". By employing the technology as a background, or as another example, by employing "a process of pre-transplanting a set of subscription certificate information into a wireless communication device owned by the user, and later using this subscription certificate information widely in determining the validity of a user". Even if a series of short passwords transmitted to a wireless section are hacked by an unjust user while sending out a radio section, a series of service accesses can be blocked in advance so that only a party user can access normally.

It is another object of the present invention to minimize the damage of unjustified party users by blocking access to the service of illegal users in advance.

Still other objects of the present invention will become more apparent from the following detailed description and the accompanying drawings.

Figure 1 is an exemplary diagram conceptually showing a party user authentication system constituting the base environment of the present invention.

2 is a flow chart sequentially showing a party user authentication method using a wireless communication device according to the present invention.

3 is an exemplary diagram conceptually showing a web page posting state of a user-side client according to the present invention;

4 and 5 conceptually illustrate the message posting state of the user-side wireless communication device according to the present invention.

In order to achieve the above object, the present invention discloses a party user authentication method using a wireless communication device composed of a combination of a series of user authentication preparation process and user authentication execution process proceeding in conjunction with each other.

At this time, the user authentication preparation process is a step of determining whether a series of user authentication request events for authenticating the validity of the user from any service provider system connected to a specific user client, and When a series of user authentication request events have occurred from the service provider side system, transmitting a series of self-communication radio number entry web pages containing a predetermined self-radio number entry item to the user client; Judging whether or not the above-mentioned series of self-radio number input information corresponding to the above-mentioned self-radio number input item has been transmitted from the client on the side, and the series of self-radio corresponding to the self-radio number input item from the user-side client; Communicator number If the output information is transmitted, self-made as a combination of generating a series of encrypted messages reflecting the radio communication device number, and generates an encrypted message is sent to the completion of the user held by the user-side Wireless Communication Station.

In addition, the user authentication execution process may include determining whether an encryption message is returned from the user side wireless communication unit, and if an encryption message is returned from the user side wireless communication unit, decrypting the returned encryption message and initializing it. Acquiring a self-communicator number entered in the terminal, and determining whether the return radio-communicator number of the user-side radio is identical with the initially inputted self-communicator number; In the case where the initially inputted self matches the radio communication number, a combination of the steps of transmitting a series of authentication completion messages to the user side radio communication.

Hereinafter, with reference to the accompanying drawings, it will be described in more detail a party user authentication method using a wireless communication device according to the present invention.

As shown in FIG. 1, the party user authentication system constituting the base environment of the present invention includes, for example, a first authentication system 100 based on a series of wired Internet networks, and a first wireless system based on a series of wireless Internet networks. 2 is a combination of the authentication system 200.

At this time, as shown in the figure, the first authentication system 100, the first interface module 101, the first authentication management server 102, encryption message information D / B 103, operating message information D / B 104, etc. In this case, the encrypted message information D / B 103 stores various encryption information necessary for a series of encryption processes, and the operation message information D / B 104 operates a web page. Various operational information required for the operation is stored.

In this state, the first authentication management server 102 systematically controls the encrypted message information D / B 103, the operation message information D / B 104, and the like, thereby storing and storing encrypted information, operation information, and the like. It plays a role to control whether extraction can be selectively determined.

With such a relationship with the encrypted message information D / B 103, the operation message information D / B 104, and the like, the first authentication management server 102 is arbitrarily connected via the first interface module 101. The service provider side system 300, the user side client 1, and the like also form a close signal connection relationship. In this case, the service provider side system 300, the user side client 1, etc. form a series of signal connection relationships with the first authentication management server 102, for example, using the Internet network.

In this state, the first authentication management server 102 requests a series of user authentication requests for authenticating the validity of the user from any service provider side system 300 that is in connection with the specific user-side client 1. When an event occurs, a series of user authentication preparation procedures are systematically performed by utilizing the above-mentioned encrypted message information D / B 103 and operation message information D / B 104, and through this, full-scale user authentication is performed. It provides a set of infrastructures on which the implementation process can proceed.

In this case, the first first interface module 101 processes various event data transmitted from the service provider side system 300, the user side client 1, and the like, which are connected through the Internet network, and then converts the event data into a first state. In addition to delivering to the authentication management server 102, and processes a variety of information transmitted from the first authentication management server 102, this information is service provider side system 300, the user side client (1) Act as a quick delivery.

On the other hand, the second authentication system 200 is similar to the aforementioned first authentication system 100, the second interface module 201, the second authentication management server 202, certificate information D / B (203), Operation message information D / B 204 or the like. In this case, the certificate information D / B 203 stores a series of subscription certificate information necessary for the authentication process of the user, and the operation message information D / B 204 stores various operation information necessary for the operation of the wireless message.

In this state, the second authentication management server 202 systematically controls the certificate information D / B 203, the operation message information D / B 204, and the like, thereby storing and storing subscription certificate information, operation information, and the like. It plays a role to control whether extraction can be selectively determined.

With such a relationship with the certificate information D / B 203, the operation message information D / B 204, and the like, the second authentication management server 202 uses the second interface module 201 as a user. The user-side wireless communication device 2 owned by the "), the wireless communication company-side system 500 that manages the user-side wireless communication device 2, and the like also form a close signal connection relationship. In this case, the base station 400 serves to transfer the information output from the second authentication system 200 to the user-side wireless communication device 2 and removes various information output from the user-side wireless communication device 2. 2 serves to return to the authentication system (200).

In this state, when a full-fledged user authentication event occurs from the user-side radio communication device 2, the second authentication management server 202 stores the preceding certificate information D / B 203 and operation message information D / B 204. By using the system, the process of authentic user authentication is carried out systematically, and through this, it provides a basic environment to prevent unauthorized users from accessing the service in advance.

At this time, the second interface module 201 is a variety of transmitted from the user-side wireless communication device 2 that is being connected through the Internet network, the wireless carrier-side system 500 that manages the user-side wireless communication device (2), etc. It processes the event data and delivers the event data to the second authentication management server 202, and processes various pieces of information transmitted from the second authentication management server 202 to process the information on the user side. It serves to quickly deliver to the communicator (2), wireless carrier-side system (500).

Hereinafter, the party user authentication method using the wireless communication device unique to the present invention based on the first and second authentication systems 100 and 200 described above will be described in detail.

As shown in FIG. 2, the party user authentication method using the wireless communication device according to the present invention comprises a combination of a series of user authentication preparation processes (step S100) and a user authentication execution process (step S200) which are performed in conjunction with each other.

First, the user authentication preparation process (step S100) will be described in detail.

First, a user U who wants to receive a predetermined Internet service from an arbitrary service provider side system 300 connects to the Internet network using, for example, the user side client 1, and then the service provider side. The system 300 is visited and a series of content surfing procedures are performed.

In this state, the first authentication management server 102 continuously checks the first interface module 101, whereby a series of user authentication request events for authenticating the user's validity from the service provider side system 300 is performed. It is determined whether or not (step S101) has occurred.

At this time, if it is determined that a separate user authentication request event has not occurred from the service provider side system 300, the first authentication management server 101 proceeds to step S102 to maintain a series of standby states.

However, an action requiring payment, for example, occurs from the user side client 1, and accordingly, a series of user authentication request events are generated from the service provider side system 300 to authenticate the validity of the user. If it is determined, the first authentication management server 102 immediately utilizes a series of operational message information stored in the operational message information D / B 104, and " self-radio ID input item " Generates a series of self-communicating radio number input web pages describing the communication number input items and sends the completed self-communication radio number input web page to the user side client 1 via the first interface module 101. The transmission proceeds (step S103).

In this case, the user side client 1 quickly interprets the web page 601 for self-radio number input from the first authentication system 100 side and displays it as shown in FIG. (U) allows a user to freely input his or her radio ID, for example, " own radio number "

In this state, the first authentication management server 102 continuously checks the first interface module 101, whereby a series of autonomous radio number corresponding to the previous self radiocommunication number input item from the user side client 1 is received. It is determined whether the input information has been transmitted (step S104).

At this time, if it is determined that the user U has not yet filled in the self-radio communication number input item 602 and no separate self-radio communication number input information is transmitted from the user-side client 1, the first authentication management server 102 proceeds to step S105 to maintain a series of standby states.

However, the user U fills in the self-communicator number input item 602 according to his / her intention, clicks the cellular phone payment item 603, and inputs a series of self-communicator numbers from the user-side client 1. If it is determined that the information has been transmitted, the first authentication management server 102 immediately utilizes the encryption information stored in the encrypted message information D / B 103 to reflect the user's own radio communication number. In step S106, a series of encrypted messages are generated, and the generated encrypted messages are loaded onto a predetermined encrypted message delivery page and transmitted to the user-side wireless communication device 2 held by the user U (step S106). . In this case, the encrypted message is encrypted by, for example, the "DES (Data Encryption Standard) method", which is a 128-bit encryption scheme.

Through the above process, when the "encryption message delivery page" carrying a series of encryption messages is transferred from the first authentication management server 102 to the first interface module 101, the first interface module 101 immediately In addition, the "encryption message delivery page" is transmitted to the user side wireless communication unit 2 via the base station 400, and the user side wireless communication unit 2 has a corresponding "encryption message delivery page 701". As soon as it is transmitted, it is displayed as shown in FIG. 4, thereby providing a set of infrastructure environments where a full "user authentication process" can proceed.

In this case, the encrypted message 702 hidden in the "encryption message delivery page 701" includes, for example, "URL of the second authentication management server 202 to be dedicated to a series of user authentication execution processes", and "the user has a previous process." Self-input radio number entered through "," service information currently pending "," payment information charged to the user "and the like is contained.

When the step S106 of the present invention proceeds as described above, the encryption message 702 outputted from the system 100 is, as shown in FIG. 1, the base station 400 and the user U of the wireless carrier side. Must pass through the "Wireless section (WA)" between the user-side wireless communication device (2).

At this time, as described above, since no separate security system is provided in the "wireless section WA" between the base station 400 of the wireless communication company side and the user wireless communication unit 2, no special measures are taken. Unless, for example, a party user, a service provider, etc. are forced to suffer a problem in which a series of messages sent to a wireless section WA can be hacked by an unjust user of maliciousness during the transmission.

However, in the case of the present invention, since the process of encrypting the message sent to the wireless section WA has been advanced in advance through the above-mentioned step S106, the present invention is achieved even though the wireless section WA is performed. Even if a series of messages sent to the network are hacked by a malicious unjust user during the transmission, a series of services cannot be normally accessed except for a party user, so that the party user can avoid unexpected damage in advance. .

Next, the user authentication execution process (step S200) linked to the above-described user authentication preparation process (step S100) will be described.

First, as shown in FIG. 4, when a series of encryption messages 702 are transmitted to the user side wireless communication unit 2 through the aforementioned user authentication preparation process (step S100), the user U encrypts this encryption. By utilizing the message, the user authentication process can be carried out in earnest.

In this state of infrastructure, the second authentication management server 202 continuously checks the second interface module 201, so that a series of encrypted messages from the user side wireless communication device 2 held by the user U is obtained. It is determined whether a return event has occurred (step S201).

At this time, if it is determined that the user U does not take any further action on the "encryption message delivery page 701" and a separate encrypted message return event has not occurred from the user-side wireless communication device 2, the second authentication management is performed. The server 202 advances the flow to step S202 to maintain a series of standby states.

However, if the user U clicks on the confirmation item 703 of the "encryption message delivery page 701", and it is determined that a series of encrypted message return events have occurred from the user-side wireless communication device 2, the second authentication is performed. The management server 202 immediately proceeds with the process of decrypting the "encryption message input via the second interface module 201" through a series of decryption processes, whereby the "initial self entered by the user U". In addition to securing the radio number, and analyzing the actual "access information" of the user-side radio (2) input via the second interface module 201 through a series of "header information analysis process", A "return wireless communication number" of the user-side wireless communication device 2 is secured (step S203).

When the initial self radio number and the actual "return radio number" are secured through the above process, the second authentication management server immediately returns the "return radio number" of the user side radio 2. Through step S103 and step S104, it is judged whether or not it matches with the "self-radio number" input by the user U (step S204).

At this time, when the " self-radio communication number " and " return radio communication number " previously input by the user do not coincide with each other, the second authentication management server 202 immediately stores the operation message information in the D / B 204. By utilizing a set of operating message information, a series of error messages are generated, for example, "Authentication failed because the mobile phone number does not match. Please try again." The process of transmitting the module 201, the base station 400, etc. to the user-side wireless communication device 2 is performed (step S205). Of course, in this case, the unauthenticated user U cannot achieve normal service progress, and eventually, the party user can avoid unexpected damage in advance.

However, unlike the foregoing case, when the " self-radio number " and " return radio number " previously input by the user coincide with each other, the second authentication management server 202 immediately prompts the user-side radio communication device ( 2) a process of transmitting a series of subscription certificate request messages is performed (step S206).

At this time, the above-mentioned subscription certificate is a series of "authorized from the system 100 side of the present invention at the time before the user U undergoes the authentic" authentication user authentication process "according to the present invention, for example, the service subscription time. The party user certificate "refers to the present invention. In the present invention, such a series of subscription certificate information is pre-transplanted into the wireless communication device 2 owned by the user at a specific point in time, for example, when the user U joins the service. In addition, this subscription certificate information can be widely used to determine the validity of users.

In the above step S206, in a state where a series of subscription certificate request messages have been transmitted to the user-side wireless communication device 2, the second authentication management server 202 continuously checks the second interface module 201, thereby making the user side. It is determined whether or not a series of subscription certificate information corresponding to the above-mentioned subscription certificate request message is returned from the wireless communication device 2 (step S207).

At this time, if it is determined that no separate subscription certificate information is returned from the user-side wireless communication device 2, the second authentication management server 202 proceeds to step S208 to maintain a series of standby states.

However, if it is determined from the user side wireless communication device 2 that the series of subscription certificate information corresponding to the above-mentioned subscription certificate request message is returned, the second authentication management server 202 immediately returns the certificate information D / B 203. ), And extracts a set of certificate information stored in the package), and utilizes the same to determine whether the returned subscription certificate information matches the previously stored set of subscription certificate information (step S209).

At this time, if it is determined that the subscription certificate information returned from the user side wireless communication device 2 does not match the previously stored series of subscription certificate information, the second authentication management server 202 immediately proceeds to step S205. Proceed to generate a series of error messages, for example, "Authentication failed because the subscription certificate information does not match. Please try again", etc., and generate the generated error messages in the second interface module 201, the base station ( 400) and the like to deliver to the user-side wireless communication device (2). Of course, even in this case, similarly to the above case, the unauthenticated user U cannot achieve normal service progress, and as a result, the party user can avoid unexpected damage in advance.

However, if it is determined that the subscription certificate information returned from the user-side wireless communication device 2 matches the previously stored series of subscription certificate information, the second authentication management server 202 immediately sends a series of authentication processing result messages. Process of transmitting the generated authentication processing result message to the wireless communication company side system 500 that manages the user side wireless communication unit 2 via the second interface module 201 (step). S210).

In this state, the second authentication management server 202 continuously checks the second interface module 201 to determine whether a series of normal processing confirmation information is returned from the wireless carrier side system 500 ( Step S211).

At this time, if it is determined from the wireless carrier side system 500 that no separate normal processing confirmation information has been returned yet, the second authentication management server 202 proceeds to step S212 to maintain a series of standby states. do.

However, if it is determined that a series of normal processing confirmation information has been transmitted from the wireless telecommunication company side system 500, the second authentication management server 202 immediately determines the predetermined message stored in the operation message information D / B 204. A process of generating a series of authentication completion messages and transmitting the generated authentication completion messages to the user side wireless communication unit 2 via the second interface module 201 and the base station 400 by utilizing the operation message information of the terminal. Proceed to step S213.

In this case, the user side wireless communication device 2 quickly interprets the authentication completion message 707 transmitted from the system 200 side and displays it as shown in FIG. It is easy to confirm that the legitimacy has been reliably certified. "

Thereafter, the user U can select the completion item 705 of the authentication completion message 704 to freely enjoy a series of Internet services desired by the user U.

As described above in detail, in the present invention, as a series of party user authentication processes, for example, "a process of judging whether the user wireless communication information returned to the authentication management server and the wireless communication information input by the user are the same" are used. The process of employing a predetermined encryption technology in the background, or another example, "the process of pre-transplanting a set of subscription certificate information into a wireless communication device owned by the user, and later using this subscription certificate information for widespread determination of the validity of the user" To employ.

In the case of the present invention, for example, "the process of judging whether the user radio communication information returned to the authentication management server and the radio communication information input by the user match" proceeds against a background of a series of encryption techniques. When the invention is achieved, even if a series of messages sent out to the corresponding wireless section are hacked by the wrongful user during the transmission, a series of services cannot be normally accessed except for a party user. Can avoid unexpected damage in advance.

The present invention can be variously applied to various types of wireless communication devices, such as PCS phones, mobile phones, mobile phones for IMT-2000, etc. which are on the market.

And while certain embodiments of the invention have been described and illustrated, it will be apparent that the invention may be embodied in various modifications by those skilled in the art.

Such modified embodiments should not be understood individually from the technical spirit or point of view of the present invention and such modified embodiments should fall within the scope of the appended claims of the present invention.

Claims (2)

It consists of a series of preparation process for user authentication and execution of user authentication. The user authentication preparation process may include determining whether a series of user authentication request events for authenticating the user's legitimacy have occurred from any service provider system connected to a specific user client; When a series of user authentication request events occur from the service provider side system, transmitting a series of self-providing radio ID input web pages including a predetermined self-communicator ID input item to a corresponding user-side client; Determining whether a series of self-radio ID input information corresponding to the self-communicator ID input item has been transmitted from the user side client; When a series of self ID information corresponding to the ID input item of the user is transmitted from the user side client, a series of encryption messages reflecting the ID of the self ID is generated, and a generated encryption message is generated. Transmitting to a user-side wireless communication device owned by the corresponding user, The user authentication execution process may include determining whether the encryption message is returned from the user side wireless communication device; When the encryption message is returned from the user side wireless communication device, the encrypted message is decrypted to secure an initially inputted self wireless communication device ID, and the self wireless terminal in which the return wireless communication device ID of the user side wireless communication device is initially inputted. Determining whether or not the communication ID matches the ID; And when the return wireless communication ID of the user side wireless communicator matches the initial inputted self wireless communication ID, transmitting a series of authentication completion messages to the user side wireless communication unit. How to authenticate a party user. The method of claim 1, wherein after the step of determining whether the return radio ID of the user-side radio corresponds to the initial input of the self-identification radio ID, a series of subscription certificate request messages are transmitted to the user-side radio. Making a step; Determining whether a series of subscription certificate information corresponding to the subscription certificate request message has been transmitted from the user side wireless communication device; When a series of subscription certificate information corresponding to the subscription certificate request message is transmitted from the user side wireless communication device, determining whether the subscription certificate information is identical to previously stored subscription certificate information is further performed. A party user authentication method using a wireless communication device.