| 摘要 |
Provided is a system for preventing personal information leakage and, more particularly, related to a legal authentication message confirmation system and method which enables a user to identify whether an authentication message transmitted to the user's mobile communication terminal during user authentication originates from a trusted source, thereby preventing damage caused by pharming, smishing, and the like, such as personal information leakage and small sum payment fraud. |
| 主权项 |
1. A system for checking a legitimate authentication message, comprising:
a source checking server for, when an authentication message legitimacy determination request signal including origination identification information is received, determining whether a source that sent an authentication message causing the authentication message legitimacy determination request signal is a legitimate source, based on the origination identification information included in the received signal, and providing notification of results of the determination; and a mobile communication terminal for, when a message is received, analyzing the message, determining whether the message is an authentication message, detecting origination identification information if the message is the authentication message, transmitting the authentication message legitimacy determination request signal including the origination identification information to the source checking server, and processing the authentication message based on result information when the result information is received from the source checking server in response to the authentication message legitimacy determination request signal, wherein the system further comprises: a message sending server for, when an event to send an authentication message to the mobile communication terminal occurs, generating and storing a unique verification value for an authentication message to be sent, and sending an authentication message including origination identification information and the verification value to the mobile communication terminal; and a service server unit including a service server for, when a source inquiry request signal is received, comparing a verification value included in the received source inquiry request signal with stored verification values, determining whether the verification value is a verification value generated by the service server, and transmitting source authentication results including result information of the determination to the source checking server, wherein the source checking server comprises a business information database (DB) for storing pieces of origination identification information and information of service server units corresponding to the respective pieces of origination identification information, and wherein the mobile communication terminal is configured to, when a message is received and the message is an authentication message, check whether a verification value is included in the authentication message, and if the verification value is included, send an authentication message legitimacy determination request signal further including the verification value to the source checking server, receive result information responding to the request signal from the source checking server, and process the authentication message based on the result information, and wherein the source checking server is configured to, when the authentication message legitimacy determination request signal is received, search the business information DB for information about a service server unit corresponding to the origination identification information, transmit a source inquiry request signal including the verification value to the service server unit having the origination identification information, receive source authentication results from the service server unit in response to the request signal, and transmit corresponding result information to the mobile communication terminal. |
