DOI QR코드

DOI QR Code

A Study on Integrated ID Authentication Protocol for Web User

웹 사용자를 위한 통합 ID 인증 프로토콜에 관한 연구

  • Shin, Seung-Soo (Dept. of Information Security, Tongmyong University) ;
  • Han, Kun-Hee (Division of Information & Communication Engineering, Baekseok University)
  • 신승수 (동명대학교 정보보호학과) ;
  • 한군희 (백석대학교 정보통신학부)
  • Received : 2015.05.08
  • Accepted : 2015.07.20
  • Published : 2015.07.28

Abstract

Existing Web authentication method utilizes the resident registration number by credit rating agencies separating i-PIN authentication method which has been improved authentication using resident registration number via the real name confirmation database. By improving the existing authentication method, and it provides the available integrated ID authentication on Web. In order to enhance safety, the proposed authentication method by encrypting the user of the verification value, and stores the unique identifier in the database of the certificate authority. Then, the password required to log in to the Web is for receiving a disposable random from the certificate authority, the user does not need to remember a separate password and receives the random number by using the smart phone. It does not save the user's personal information in the database, and it is easy to management of personal information. Only the integration ID needs to be remembered with random number on every time. It doesn't need to use various IDs and passwords if you use this proposed authentication methods.

기존의 웹 인증방식은 주민등록번호를 이용하여 신용평가회사의 실명확인 데이터베이스를 통해서 인증 방식과 주민등록번호를 이용한 인증 방식을 개선한 대체인증 수단인 아이핀 인증방식 등이 있다. 기존 인증 방식을 개선하여 모든 웹에서 이용할 수 있는 통합 ID 인증 프로토콜을 제안한다. 제안한 인증 방식은 안전성을 높이기 위해서 사용자 검증값을 암호화하여 인증기관의 데이터베이스에 고유 식별번호로 저장한다. 그리고 해당 웹에 로그인하기 위해 필요한 패스워드는 일회용 난수를 인증기관으로부터 수신하기 때문에 사용자가 패스워드를 따로 기억할 필요가 없고 스마트폰을 사용하여 난수를 수신한다. 웹은 데이터베이스에 사용자의 개인정보를 저장하지 않기 때문에 개인정보 관리가 용이하며 사용자에게는 통합 ID 하나만 기억하고 매번 일회성 난수를 패스워드로 발급받아 여러 ID와 패스워드를 기억하고 관리하지 않아도 되는 편리성을 제공해 준다.

Keywords

References

  1. Yoon-Su Jeong, Yong-Tae Kim, "Security Protocol of u-Healthcare User Information based on i-PIN", Korean Institute of Information Technology, The Journal of Korean Institute of Information Technology, Vol.9, No.10, pp.133-141, 2011.
  2. Yoon-Su Jeong, Sang-Ho Lee, "User Authentication Protocol through Distributed Process for Cloud Environment". Korea Institute of Information Security & Cryptology, Journal of The Korea Institute of Information Security & Cryptology, Vol.22, No.4, pp.841-849, 2012.
  3. Young Seop Ahn, Jeong Kyung Moon, Yeon-i Kang, Hwang Rae Kim, Koo Rack Park, Dong Hyun Kim, "An User Authentication Protocol for Cloud Computing". Korean Society for Internet Information, Korean Society for Internet Information Academic Annual Conference Proceedings, pp.51-52, 2011.
  4. Yoon-Su Jeong, Yong-Tae Kim, "Personal Authentication Protocol of IPTV Game User using PIN Code". The Korea Institute of Information and Communication Engineering, Journal of the Korea Institute of Information and Communication Engineering, Vol.15, No.12, pp.2670-2678, 2011. https://doi.org/10.6109/jkiice.2011.15.12.2670
  5. Kwang-Hee Choi, Jong-Chan Ahn, Gang-Shin Lee, Seung-Ho Ahn, "i-PIN 2.0 Service Framework for Replace RRN on The Internet". Korea Institute of Information Security & Cryptology, Review of KIISC, Vol.20, No.6, pp.88-95, 2010.
  6. Chan-Joo Chung, Yoon-Jeong Kim, Jin-Won Kim, Kwang-Jin Park, "Technical Standard and Service Framework for Develop The Alternative(i-PIN) of RRN", Korea Institute of Information Security & Cryptology, Review of KIISC, Vol.18, No.6, pp. 20-27, 2008.
  7. Jung-Dong Kim, Kwan-Tae Cho, Dong-Hoon Lee, "A Study of Online User Identification Based on One-Time Password with Guaranteeing Unlinkability", Korea Institute of Information Security & Cryptology, Journal of The Korea Institute of Information Security & Cryptology, Vol.21, No.5, pp.129-139, 2011.
  8. Seung-Hyun Kim, Seok-Hyun Kim, Seung-Hun Jin, A Study on an Alternation of RNN and Access Control for Offline Environments by using I-PIN, Korea Information Processing Society, Vol.18, No.1, 2011.
  9. Java Card Technology, http://www.oracle.com/technetwork/java/javacard/overview/index.html
  10. KISA, http://www.signgate.com
  11. Chan-Joo Chung, Seung-Joo Kim, Dong-Ho Won, "A Study on The On-line Identification Plan by Using Financial Security OTP", Korea Institute of Information Security & Cryptology, Review of KIISC, Vol.18, No.5, pp.73-83, 2008.
  12. Seung-Hyun Kim, Seok-Hyun Kim, Seung-Hun Jin, "A Study on an Alternation of RNN and Access Control for Offline Environments by using I-PIN", Korea Information Processing Society, Korea Information Processing Society Conference, pp. 840-843, 2011.
  13. Hyung-Hyo Lee, "An Alternative Resident Registration Number System and Management Framework for Privacy Protection", Korean Institute of Information Technology, The Journal of Korean Institute of Information Technology, Vol.8, No.6, pp.49-58, 2010.
  14. Hyung-Hyo Lee, Hee-Man Park, Sang-Rae Cho, Seung-Hun Jin, "The Suggestion for A New On/Off-line Personal Identification Number System Offering The Privacy Safeguards", Korea Institute of Information Security & Cryptology, Review of KIISC, Vol.20, No.1, pp.74-87, 2010.
  15. In-Yong Jang, Heung-Youl Youm, "A Study on Activation Plan of i-PIN for Identification on The Internet", Korea Institute of Information Security & Cryptology, Review of KIISC, Vol.19, No.5, pp. 81-94, 2009.