1. Field of the Invention
The present invention relates to an information management and mutual agreement authentication system using an encrypted image with a matryoshka structure, and more particularly to, an encrypted image with a matryoshka structure and a mutual agreement authentication system and method using the same, in which a plurality of other encrypted images is inserted into a specifically encrypted image to perform a sequential authentication procedure so as to prevent leakage of authentication information and immediately monitor the illegal use of the authentication information in real time.
2. Background of the Related Art
Recently, damages caused by an on-line ID theft are increasing along with the rapid change in a digital environment. As communications and financial transactions on-line are activated, a lot of monetary damages occur in reality.
As IP-based services are increasing, the importance of a digital identity (ID) management technology and system has been continuously raised due to the threats of ID theft, and to national security and main communication infrastructures and the like.
A technology which is spotlighted as a user-centric digital identity (ID) management technology is OpenID supported by the Liberty Alliance and CardSpace from Microsoft, and it is expected that interoperability between these two major identity (ID) management solutions, namely the Liberty Alliance and CardSpace will be gradually activated.
Currently, log-in information used in services and transactions on-line such as finances, stocks, on-line games, e-mails and the like includes of a user-ID and a password which are based on a text.
However, a text-based authentication structure is defenseless against damages caused by the ID theft through a hacking program (for example, keyboard hacking) automatically installed at a user computer upon the installation of software such as ACTIVE X and a virus-infected file and the like during the web surfing
For example, as shown in FIG. 1, in the case where hacking program is installed, and a third party (hacker) unlawfully acquires a user's certificate and other information (user ID, password, certificate password, etc.) due to the user's carelessness, an existing digital ID management system cannot entirely protect the user's personal property. In addition, in the case where a financial accident occurs due to leakage of the user's certificate and other information to the hacker, when the user fails to report the damage caused by the financial accident to relevant authorities, a financial company also cannot correctly determine this damage situation. Further, it is difficult for a service provider to grasp and prevent a time point when a log-in information associated problem occurs.
Such a conventional authentication system used in services and transactions on-line has the following problems.
First, in case of a certificate, when an individual stores his or her certificate, the certificate is liable to be exposed to an illegal hacking.
Also, in the case where an unlawful user hacks a certificate stored by an individual and fraudulently uses it, the responsibility for the fraudulent use of the certificate is allocated to the individual, and thus there is very few countermeasure against the damages.
Moreover, in case of the conventional authentication system using a prior art certificate, it is difficult to immediately discern a service request by an unlawful user
Besides, in case of an authentication system using a text-based user ID and password, the user ID and password is a simple combination of a variety of peripheral information such as a phone number, a birthday, and so forth, or is a simple modification, and thus is likely to be exposed to the keyboard hacking or phishing attacks.
Also, the use of the same user ID and password in a number of different websites makes leakage damages of personal information serious.
In addition, in the conventional authentication system, more enormous damage is caused by a large quantity of leakage of personal information at a service provider side than by leakage of personal information at an individual user side.
The large quantity of leakage of personal information at a service provider side may occur due to leakage of customer information by an insider, hacking of a personal information DB, and the like.
Furthermore, the digital ID management system is intended to provide centralized management of a user ID and a password at respective websites and convenience in use (aimed to reduce damage of different ID managements by each website) to a user.
However, the log-in information includes a personal website address superseding a user ID and a password, and a huger damage may be caused upon the leakage of personal information by hacking as compared a system requiring registration of an individual's personal information. Financial transactions associated with the digital ID management system may give a damage to personal property along with leakage of personal information.