Search

KR-102962116-B1 - APPARATUS AND METHOD FOR PREVENTING HACKING BASED ON VIRTUAL CODE FOR AUTHENTICATION

KR102962116B1KR 102962116 B1KR102962116 B1KR 102962116B1KR-102962116-B1

Abstract

An apparatus and method for preventing hacking through authentication based on a virtual code for authentication are provided. A service server according to the present disclosure may include a processor that, when a plurality of access requests are sequentially received from a user terminal that has completed logging into a service application through a first authentication based on biometric information, performs a second authentication based on a virtual code for authentication for each of the plurality of access requests and determines whether each of the plurality of access requests is a normal access through the second authentication.

Inventors

  • 유창훈

Assignees

  • 주식회사 센스톤

Dates

Publication Date
20260512
Application Date
20230303
Priority Date
20220304

Claims (10)

  1. A communication module that performs communication with a user terminal; and A processor that, when login to a service application is completed through a first authentication based on user input, maintains a login session for the user terminal for a preset period, and when a plurality of access requests are received sequentially from the user terminal during the login session maintenance period, performs a second authentication based on a virtual code for authentication generated by the user terminal for each of the plurality of access requests, and determines whether each of the plurality of access requests is a normal access through the second authentication; Each of the above multiple access requests occurs at the time of the transaction request or occurs periodically, and The processor performs a second authentication immediately without a separate user input operation for each of the plurality of access requests received during the login session maintenance period. A service server designed to prevent hacking through authentication based on a virtual code for authentication.
  2. In Article 1, If the processor determines that a specific access request among the plurality of access requests is an abnormal access, it terminates the login session of the user terminal at the determined time. Performing the first authentication for the first access from the user terminal after the above point in time, A service server designed to prevent hacking through authentication based on a virtual code for authentication.
  3. In Article 1, The processor, when it determines that a specific access request among the plurality of access requests is a normal access, proceeds with a transaction based on the transaction data included in the specific access request. A service server designed to prevent hacking through authentication based on a virtual code for authentication.
  4. In Article 1, The above-mentioned authentication virtual code is generated at the user terminal based on IP address data connected to the user terminal at the time of receiving each of the plurality of access requests, A service server designed to prevent hacking through authentication based on a virtual code for authentication.
  5. In Article 1, The above authentication virtual code is generated at the user terminal based on a unique value assigned to the user terminal, and The above unique value is generated by the processor or generated by the user terminal when the user terminal registers with the service application. A service server designed to prevent hacking through authentication based on a virtual code for authentication.
  6. A communication module that communicates with a service server; and A processor that requests the service server to perform a first authentication based on user input to log in to a service application, and when the login is completed, maintains a login session for the user terminal in the service application for a preset period, and sequentially transmits a plurality of access requests to the service server during the login session maintenance period, wherein for each of the plurality of access requests, a virtual code for authentication is generated and requests the performance of a second authentication based on the virtual code for authentication; Each of the above multiple access requests occurs at the time of the transaction request or occurs periodically, and For each of the plurality of access requests transmitted during the above login session maintenance period, a second authentication is performed immediately without a separate user input operation. A user terminal designed to prevent hacking through authentication based on a virtual code for authentication.
  7. In Article 6, If, through the second authentication above, a specific access request among the plurality of access requests is determined to be an abnormal access, the login session of the user terminal is terminated at the time of determination, and The processor requests the service server to perform the first authentication for the first access to the service server after the above point in time, A user terminal designed to prevent hacking through authentication based on a virtual code for authentication.
  8. In Article 6, If, through the second authentication above, a specific access request among the multiple access requests is determined to be a normal access, a transaction is processed based on the transaction data included in the specific access request. A user terminal designed to prevent hacking through authentication based on a virtual code for authentication.
  9. In Article 6, The processor generates the authentication virtual code based on IP address data connected to the service server at the time of transmission of each of the plurality of access requests. A user terminal designed to prevent hacking through authentication based on a virtual code for authentication.
  10. In Article 6, The above processor generates the above authentication virtual code based on a unique value assigned to a terminal on which the above service application is installed, and The above unique value is generated by the service server or by the processor when registered with the service application, A user terminal designed to prevent hacking through authentication based on a virtual code for authentication.

Description

Apparatus and method for preventing hacking based on virtual code for authentication The present disclosure relates to an apparatus and method for preventing hacking through authentication based on a virtual code for authentication. Code-based data is used in many fields. Examples of code-based data include card numbers and account numbers used for payments, as well as IPIN numbers and resident registration numbers used for user identification. However, many data leakage incidents occur during the process of using such code data. In the case of card numbers, the actual number is printed directly on the surface of the card, leading to visual leakage to others; additionally, during magnetic stripe payments, the card number is transmitted directly to the POS device, resulting in leakage. There were many attempts to use virtual code to prevent the actual code from being leaked as is, but data to identify the user was required to search for the actual code corresponding to the virtual code. However, in the case of OTP (One Time Password), it is inconvenient because it requires a separate OTP generation device, and especially in the case of user terminals, there are security vulnerabilities due to the leakage of seed data used for OTP generation. Therefore, there is a need for a method to generate an OTP code based on card data held by many users, such as generating a virtual security code required for user authentication, while simultaneously enhancing security by not requiring a separate OTP generation device and preventing seed data from being leaked. FIG. 1 is a schematic diagram illustrating a system for preventing hacking through authentication based on a virtual code for authentication using a virtual code for authentication according to the present disclosure. FIG. 2 is a schematic diagram of a service server and a user terminal for preventing hacking through authentication based on a virtual code for authentication according to the present disclosure. FIG. 3 is a flowchart of a method for preventing hacking through authentication based on a virtual code for authentication performed by a service server according to the present disclosure. FIGS. 4a and FIGS. 4b are exemplary diagrams for explaining how to sequentially request a plurality of transactions using at least two cards according to the present disclosure. FIGS. 5a and 5b are exemplary diagrams illustrating the performance of authentication for the first access after a login session has ended according to the present disclosure. FIG. 6 is an illustrative diagram for explaining the login session retention period according to the present disclosure. FIG. 7 is a flowchart of a method for preventing hacking through authentication based on a virtual code for authentication performed by a user terminal according to the present disclosure. Throughout this disclosure, the same reference numerals denote the same components. This disclosure does not describe all elements of the embodiments, and general content in the art to which this disclosure pertains or content that overlaps between embodiments is omitted. The terms ‘part, module, component, block’ as used in the specification may be implemented in software or hardware, and depending on the embodiments, a plurality of ‘parts, modules, components, blocks’ may be implemented as a single component, or a single ‘part, module, component, block’ may include a plurality of components. Throughout the specification, when a part is described as being "connected" to another part, this includes not only cases where they are directly connected but also cases where they are indirectly connected, and indirect connections include connections made via a wireless communication network. Furthermore, when it is stated that a part "includes" a certain component, this means that, unless specifically stated otherwise, it does not exclude other components but may include additional components. Throughout the specification, when it is stated that a component is located "on" another component, this includes not only cases where a component is in contact with another component, but also cases where another component exists between the two components. The terms first, second, etc. are used to distinguish one component from another, and the components are not limited by the aforementioned terms. Singular expressions include plural expressions unless there is an obvious exception in the context. In each step, identification codes are used for convenience of explanation and do not describe the order of the steps; the steps may be performed differently from the specified order unless a specific order is clearly indicated in the context. The operating principles and embodiments of the present disclosure will be described below with reference to the attached drawings. Hereinafter, embodiments of the present disclosure will be described in detail with reference to the attached drawings. Prior to the explanation, the meanings of the terms