Most modern web applications send and receive data using the HTTP (HyperText Transfer Protocol) transmission method. HTTP has the characteristic of being non-connected. Due to this characteristic, the client must inform the server every time that he or she is an authenticated user. There are currently several authentication methods for this, such as cookies, session cookies, and tokens. Currently, a JSON-formatted token called JWT is being widely used. JWT is used in domains such as QR check-ins and social logins due to its fast and simple characteristics. However, JWT has a critical security vulnerability because it contains the user's information as it is in the token. If an attacker steals a token on the network, the user's information can be easily obtained by simply base64 decoding. The purpose of this study is to protect the user's information from the attacker by encrypting the payload part containing the user's information and the header part containing the hash information.