Field of the Invention
The present invention relates to a secure login system, method, and apparatus and, more particularly, to a secure login technology capable of guaranteeing high security by verifying whether a login attempt is a login attempt made by a legitimate user based on timing when the letters of at least some of login information obtained from a plurality of devices when a user logs in are inputted and authenticating the login information.
Discussion of the Related Art
As infrastructure for a wireless Internet or wired Internet has recently been constructed and ultrahigh speed data communication is made possible based on the infrastructure, most part of services performed offline in the past has been replaced with online services. It is expected that online services will be further expanded in the future because they have an advantage in that a user can be provided with a required service without being limited to the time and space.
A representative example of such online services includes the Internet service based on a web. Most of sites are equipped with a login function for authenticating and managing a user who uses services when using the Internet service. For example, when a user terminal accesses a website server, the website server requests login information of the user, such as a user ID and a password, from the user terminal, associates the login information transmitted by the user terminal with member registration information, and stores the login information associated with the member registration information in a database, thereby registering the login information. Thereafter, the user terminal may log in to a service provided by the website server using the registered login information and may be provided with a special service provided to members.
As described above, in online services, a login process is one of the most basic and important processes. In such online services, unrestricted copy is possible without a loss of information due to the nature of digital information despite the aforementioned various advantages. Accordingly, the online services may be exposed to illegal behaviors, such as information leakage, relatively easily through hacking.
In particular, in online services, a user ID is the most basic identifier for identifying a user, associated with almost all pieces of major information of a user, and managed by a database. Accordingly, if a user ID leaks to a person who has an impure intention, fatal damage may be generated.
For example, in an electronic commerce site, a user ID is the most basic delimiter for identifying a person, that is, the subject who purchases articles in the corresponding electronic commerce site. The user ID functions as an absolute key capable of extracting all of pieces of electronic commerce information, including personal information, e-mail, financial transaction information, posting information, and the telephone number of a corresponding user. Accordingly, if a user ID and a password leak, there is a high probability that fatal damage to a corresponding user may be generated because the corresponding information is illegally abused.
Accordingly, many security solution companies are currently developing and releasing various types of information leakage prevention systems. Recent information security systems have been focused on preventing the leakage of an ID and password through hacking or phishing from a terminal or a server. However, as information security systems are advanced, hacking technologies are also advanced faster. Currently, there are many hacking tools and schemes for draining personal information, such as IDs and passwords.
Accordingly, if a security specialist of the highest level does not directly manage devices, communication, and systems related to online services, no one can assure that his or her devices, communication, and systems are perfectly protected from hacking. This may be a burden on both an online service provider and a user because reliability of online services is affected.