KR101699167B1 - Otp authentication system, apparatus and method - Google Patents
Otp authentication system, apparatus and method Download PDFInfo
- Publication number
- KR101699167B1 KR101699167B1 KR1020150103506A KR20150103506A KR101699167B1 KR 101699167 B1 KR101699167 B1 KR 101699167B1 KR 1020150103506 A KR1020150103506 A KR 1020150103506A KR 20150103506 A KR20150103506 A KR 20150103506A KR 101699167 B1 KR101699167 B1 KR 101699167B1
- Authority
- KR
- South Korea
- Prior art keywords
- otp
- password
- terminal
- user
- authentication
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Abstract
At least some embodiments of the present invention relate to an OTP authentication system using an OTP terminal, a terminal, and an authentication method using the terminal, wherein the host terminal using the OTP terminal includes an interface for transmitting and receiving information from the OTP terminal storing the OTP program A communication unit for transmitting and receiving information in order to receive a service by accessing a service providing apparatus; and a communication unit for receiving a compound password pattern from the service providing apparatus, receiving a password of one or more digits corresponding to a user- And a control unit for requesting service provision by transmitting the compound password generated by automatically inputting the OTP generated by the OTP terminal according to the compound password pattern to the service providing apparatus.
Description
At least some embodiments of the present invention relate to an OTP authentication system using an OTP terminal, a terminal, and an authentication method using the same.
Generally, OTP is an abbreviation of One Time Password and refers to authentication method using one-time password.
The OTP system includes an OTP terminal to be carried by a user (consumer), a PC as a means for a user to connect to an OTP authentication server through an Internet network or a wire / wireless telephone network, an OTP terminal And an OTP authentication server that performs authentication processing when a server authentication number generated by the authentication server matches the authentication number based on the current time.
In the conventional OTP terminal and the OTP authentication process using the OTP terminal, when the user accesses the OTP authentication server through the PC 20 and requests authentication, the OTP terminal authenticates the OTP terminal owned by the user corresponding to the current time And generates a disposable password. If the password input by the user matches the password generated by the OTP authentication server, the authentication processing is performed.
The OTP authentication server stores the user ID, the serial number of the OTP terminal owned by the user, the password generation key value, the last transaction date of the user, and the like stored in the user information stored in the database (not shown) When the authentication server is requested to be authenticated, a password corresponding to the current time is generated depending on the password generation key value of the OTP terminal owned by the user.
The conventional technology has a problem that when a user connects to the OTP authentication server, normal authentication processing is performed when the password of the OTP terminal input to the OTP authentication server is normal regardless of whether the OTP terminal is owned or not.
On the other hand, prior to providing security services such as financial transactions, authentication is required prior to OTP use. Therefore, the customer has a problem in that the user must have a medium storing an official certificate, an OTP terminal, and the like at the time of financial transaction, which is inconvenient.
An object of the present invention is to provide an authentication system and a method using an OTP which improves security by storing a public certificate and an OTP program in a single medium.
The OTP authentication system according to an exemplary embodiment of the present invention includes an OTP terminal storing an official certificate and an OTP program, and an OTP server, when the OTP terminal is connected and user authentication is normally performed using preset user authentication information, And provides a mixed password pattern in which a host terminal receiving a service and a host terminal logged in are mixed with an OTP and a user set password to provide a service, and when a compound password is received from the host terminal, And a service providing device for performing authentication by applying the OTP and the pre-stored user setting password to the compound password pattern, wherein the host terminal transmits a password of one or more digits corresponding to the user setting password of the received compound password pattern four And the OTP generated by the OTP terminal is automatically input in accordance with the composite password pattern, and the generated composite password is transmitted to the service providing apparatus.
A terminal according to an embodiment of the present invention includes an interface unit for enabling information to be transmitted and received from an OTP terminal storing an OTP program, a communication unit for transmitting and receiving information to be connected to the service providing apparatus and receiving the service, Receives a compound password pattern from the device, receives a password of one or more digits corresponding to the user set password of the received compound password pattern from the user, automatically inputs the OTP generated by the OTP terminal according to the compound password pattern And a control unit for requesting a service provision by transmitting a composite password to the service providing apparatus.
The authentication method using the OTP according to an embodiment of the present invention includes the steps of performing user authentication using preset user authentication information when the host terminal is connected to the OTP terminal, A step of providing a composite password pattern for providing a service to a host terminal in which the service providing apparatus has been logged in by using the service providing apparatus; And transmitting the OTP generated by the OTP terminal to the service providing apparatus by automatically inputting the OTP generated by the OTP terminal according to the compound password pattern, From the terminal, And performing complex password authentication by applying the OTP received from the OTP authentication server and the pre-stored user set password to the compound password pattern upon receipt thereof.
The authentication method using an OTP of a host terminal that performs authentication to receive a service provided by a service providing apparatus by using information stored in an OTP terminal connected to an OTP terminal according to an embodiment of the present invention, A step of receiving from the user a password of one or more digits corresponding to a user set password of the received compound password pattern; and a step of receiving the OTP generated by the OTP terminal from the compound password pattern And transmitting the combined password generated by automatically inputting the password to the service providing apparatus, thereby requesting service provision.
According to one embodiment of the present invention, the public certificate and the OTP program can be stored in one medium to provide convenience and improve security.
According to an embodiment of the present invention, even when the input number is exposed by hacking the keyboard input information, the user password may not be exposed.
According to the embodiment of the present invention, even if the generated OTP is exposed to a third party for a certain period of time, the OTP can be prevented from being used by illegal users.
FIG. 1 is a view for schematically explaining a configuration of an OTP authentication system according to an embodiment of the present invention.
2 is a diagram illustrating a structure of a USB type OTP terminal according to an embodiment of the present invention.
3 is a schematic diagram for explaining a configuration of a host terminal of an OTP authentication system according to an embodiment of the present invention.
4 is a flowchart illustrating an authentication method of an OTP authentication system according to an embodiment of the present invention.
5 is a flowchart illustrating an authentication method for a service providing apparatus of a host terminal according to an embodiment of the present invention.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. The configuration of the present invention and the operation and effect thereof will be clearly understood through the following detailed description. Before describing the present invention in detail, the same components are denoted by the same reference symbols as possible even if they are displayed on different drawings. In the case where it is judged that the gist of the present invention may be blurred to a known configuration, do.
FIG. 1 is a view for schematically explaining a configuration of an OTP authentication system according to an embodiment of the present invention.
The OTP authentication system according to an embodiment of the present invention is a system for providing a service including a financial service using an OTP generation program stored in an OTP terminal and public authentication, and a highly secure authentication system.
As shown in FIG. 1, the OTP authentication system may include an
The
The
The
The
The compound password is a combination of a user preset password set by the user and the OTP generated by the OTP program according to an arbitrary pattern. The pattern used at this time is called the compound password pattern.
The
2 is a diagram illustrating a structure of a USB type OTP terminal according to an embodiment of the present invention.
2, the USB
The
The
The
When the operation of the OTP terminal is requested, the
The
The
The user authentication information may include at least one of a password including a number or character set by the user, user biometrics information, and an OTP terminal authentication number.
The OTP generation
The
In the embodiment of the present invention, the USB type OTP terminal is taken as an example. In another modification, the OTP terminal may be an OTP terminal using a short distance communication. In this case, a short distance communication unit may be required instead of the USB type connector. In addition, a start end button capable of inputting the communication start signal and the end signal of the short-range communication may be required.
3 is a schematic diagram for explaining a configuration of a host terminal of an OTP authentication system according to an embodiment of the present invention.
3, the
The
The
The
The
When the
The
The
The
The
4 is a flowchart illustrating an authentication method of an OTP authentication system according to an embodiment of the present invention.
The
When the
If authentication is normally performed, the lock is released (S50). Releasing the lock means putting the function of the OTP terminal into a state in which it can perform normally. For example, the information stored in the storage unit of the OTP terminal can be read or the execution program stored in the OTP terminal can be executed. On the other hand, when the authentication is not normally performed, the information stored in the storage unit of the OTP terminal can not be read and the execution program can not be executed.
Next, the
Before the service is provided, the
The
To this end, in one embodiment of the present invention, the
Upon receiving the compound password pattern from the
The compound password pattern may be a pattern including some or all of the user-set password set by the user and the one-time password generated by the OTP.
In the compound password pattern, the user set number is displayed as 0, and the disposable password generated by the OTP can be indicated by *.
The
When the user set number is input, the
The
When the OTP generation command is received, the
The
The
As another example, if the user password is '223344', the OTP generation number is '112233', and the compound password pattern is 000 ***, the compound password is '223233'.
In another modification, the arithmetic information may be added to the compound password pattern. For example, the compound password pattern of 000 *** + 2 means that the final compound password is generated by adding 2 to the generated compound password by adding the arithmetic information of '+2' to the pattern of '000 ***'.
Here, the arithmetic information can be set in various ways such as +, -, 2, and 5.
The
The
5 is a flowchart illustrating an authentication method for a service providing apparatus of a host terminal according to an embodiment of the present invention.
The host terminal receives the compound password pattern for authentication from the service providing apparatus (S510).
A user-set password position and an OTP input position of the compound password pattern are distinguishably displayed (S520).
A password of one or more digits corresponding to the user set password of the received complex password pattern is input from the user (S530).
And transmits a command to the OTP terminal and the OTP authentication server to the OTP authentication server (S540).
The OTP generated by the OTP terminal is automatically input according to the composite password pattern (S550).
And transmits the combined password to the service providing apparatus to request service provision (S560).
At this point, it will be appreciated that the combinations of blocks and flowchart illustrations in the process flow diagrams may be performed by computer program instructions. These computer program instructions may be loaded into a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, so that those instructions, which are executed through a processor of a computer or other programmable data processing apparatus, Thereby creating means for performing functions. These computer program instructions may also be stored in a computer usable or computer readable memory capable of directing a computer or other programmable data processing apparatus to implement the functionality in a particular manner so that the computer usable or computer readable memory The instructions stored in the block diagram (s) are also capable of producing manufacturing items containing instruction means for performing the functions described in the flowchart block (s). Computer program instructions may also be stored on a computer or other programmable data processing equipment so that a series of operating steps may be performed on a computer or other programmable data processing equipment to create a computer- It is also possible for the instructions to perform the processing equipment to provide steps for executing the functions described in the flowchart block (s).
In addition, each block may represent a module, segment, or portion of code that includes one or more executable instructions for executing the specified logical function (s). It should also be noted that in some alternative implementations, the functions mentioned in the blocks may occur out of order. For example, two blocks shown in succession may actually be executed substantially concurrently, or the blocks may sometimes be performed in reverse order according to the corresponding function.
Herein, the term " part " used in the present embodiment means a hardware component such as software or an FPGA or an ASIC, and 'part' performs certain roles. However, 'part' is not meant to be limited to software or hardware. &Quot; to " may be configured to reside on an addressable storage medium and may be configured to play one or more processors. Thus, by way of example, 'parts' may refer to components such as software components, object-oriented software components, class components and task components, and processes, functions, , Subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables. The functions provided in the components and components may be further combined with a smaller number of components and components or further components and components. In addition, the components and components may be implemented to play back one or more CPUs in a device or a secure multimedia card.
It will be understood by those skilled in the art that the present specification may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. The scope of the present specification is defined by the appended claims rather than the foregoing detailed description, and all changes or modifications derived from the meaning and scope of the claims and their equivalents are included in the scope of the present specification Should be interpreted.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, It is not intended to limit the scope of the specification. It will be apparent to those skilled in the art that other modifications based on the technical idea of the present invention are possible in addition to the embodiments disclosed herein.
100: OTP terminal
110: USB connector portion
120:
130: Data storage unit
140: OTP generation program storage unit
150: Power supply
200: Host terminal
210:
220:
230:
240:
300: Service providing device
400: OTP authentication server
Claims (12)
A host terminal connected to the OTP terminal through a USB connector to log into the service providing apparatus through the authorized certificate and to receive a service when user authentication is normally performed using preset user authentication information; And
The OTP and the user setting password are mixed to provide the service to the host terminal, and when the compound password is received from the host terminal, the OTP received from the OTP authentication server and the pre- A service providing apparatus that performs authentication by applying the pattern
, ≪ / RTI &
The service providing apparatus generates and provides the compound password pattern at every authentication or at arbitrary intervals,
The host terminal When receiving a password of one or more digits corresponding to the user set password of the received complex password pattern from the user, transmits a command instructing to generate OTP to the connected OTP terminal and the OTP authentication server, and transmits the OTP generated by the OTP terminal Generates a compound password according to the compound password pattern using the password received from the user, transmits the compound password to the service providing apparatus,
The compound password pattern may include some or all of the user-set passwords and any rules for combining some or all of the OTPs,
Wherein the host terminal controls so that a place where a user setting password is input and a place where an OTP is inputted are displayed so as to be distinguishable.
Wherein the host terminal performs login using a public certificate stored in the OTP terminal when the host terminal accesses the service providing apparatus.
Wherein the host terminal performs user authentication with the OTP terminal using preset user authentication information when the host terminal accesses the OTP terminal, and receives the OTP or the authorized certificate from the OTP terminal when the authentication is normally performed.
The host terminal logging in to the service providing apparatus using a public certificate stored in the OTP terminal;
Providing a compound password pattern for providing a service to a host terminal in which the service providing apparatus has been logged;
When receiving a password of one or more digits corresponding to a user setting password of the complex password pattern received by the host terminal from the user, transmits a command for generating an OTP to the OTP terminal and the OTP authentication server, Generating a compound password according to the compound password pattern using the received OTP and the password received from the user, and transmitting the compound password to the service providing apparatus; And
When the service providing apparatus receives the compound password from the host terminal, performs a compound password authentication by applying the OTP received from the OTP authentication server and the pre-stored user set password to the compound password pattern
Lt; / RTI >
The service providing apparatus generates and provides the compound password pattern at every authentication or at arbitrary intervals,
The compound password pattern may include some or all of the user-set passwords and any rules for combining some or all of the OTPs,
Wherein when the host terminal receives the compound password pattern, the user password field and the OTP input field of the compound password pattern are displayed in a distinguishable manner.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150103506A KR101699167B1 (en) | 2015-07-22 | 2015-07-22 | Otp authentication system, apparatus and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150103506A KR101699167B1 (en) | 2015-07-22 | 2015-07-22 | Otp authentication system, apparatus and method |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101699167B1 true KR101699167B1 (en) | 2017-01-23 |
Family
ID=57989723
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150103506A KR101699167B1 (en) | 2015-07-22 | 2015-07-22 | Otp authentication system, apparatus and method |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101699167B1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108667762A (en) * | 2017-03-27 | 2018-10-16 | 深圳兆日科技股份有限公司 | Authenticating operation method and apparatus |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070174904A1 (en) * | 2006-01-24 | 2007-07-26 | Samsung Electronics Co., Ltd. | One-time password service system using mobile phone and authentication method using the same |
KR20070104025A (en) * | 2006-04-21 | 2007-10-25 | 주식회사 프럼나우 | Method and system for implementing financial transactions using otp |
KR101434447B1 (en) * | 2013-09-13 | 2014-08-27 | 제이슨 준 이 | Apparatus and method for authenticating users using dynamic combinational password |
-
2015
- 2015-07-22 KR KR1020150103506A patent/KR101699167B1/en active IP Right Grant
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070174904A1 (en) * | 2006-01-24 | 2007-07-26 | Samsung Electronics Co., Ltd. | One-time password service system using mobile phone and authentication method using the same |
KR20070104025A (en) * | 2006-04-21 | 2007-10-25 | 주식회사 프럼나우 | Method and system for implementing financial transactions using otp |
KR101434447B1 (en) * | 2013-09-13 | 2014-08-27 | 제이슨 준 이 | Apparatus and method for authenticating users using dynamic combinational password |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108667762A (en) * | 2017-03-27 | 2018-10-16 | 深圳兆日科技股份有限公司 | Authenticating operation method and apparatus |
CN108667762B (en) * | 2017-03-27 | 2021-07-02 | 深圳兆日科技股份有限公司 | Operation authentication method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10284547B2 (en) | Facilitating users to obfuscate user credentials in credential responses for user authentication | |
US9306954B2 (en) | Apparatus, systems and method for virtual desktop access and management | |
EP3070632B1 (en) | Binding to a user device | |
EP1557741B1 (en) | Information storage device, security system, access permission method, network access method and security process execution permission method | |
RU2684584C1 (en) | Device for storing information and operation method thereof | |
CN113711211A (en) | First-factor contactless card authentication system and method | |
RU2632122C2 (en) | Method and password verification device for inspecting input password and computer system containing password verification device | |
US20140230017A1 (en) | Programmable security token | |
US8701174B1 (en) | Controlling access to a protected resource using a virtual desktop and ongoing authentication | |
CN108595943A (en) | Utilize the certification of two level ratifier | |
CN102685202A (en) | Sharing user ID between operating system and application | |
US7581111B2 (en) | System, method and apparatus for transparently granting access to a selected device using an automatically generated credential | |
CN110781468A (en) | Identity authentication processing method and device, electronic equipment and storage medium | |
CN103929306A (en) | Intelligent secret key device and information management method of intelligent secret key device | |
US11165780B2 (en) | Systems and methods to secure publicly-hosted cloud applications to run only within the context of a trusted client application | |
SG188688A1 (en) | Method and system for remote access to data stored on a host system | |
US20160330195A1 (en) | System and method for securing offline usage of a certificate by otp system | |
KR101699167B1 (en) | Otp authentication system, apparatus and method | |
EP3363215B1 (en) | Method of managing an application | |
KR101733318B1 (en) | Otp authentication system and method | |
KR101378810B1 (en) | Certificate saving method | |
US20230379324A1 (en) | Systems and methods for multi-stage, biometric-based, digital authentication | |
US20230379321A1 (en) | Systems and methods for multi-stage, identity-based, digital authentication | |
TWI623851B (en) | Password verification method | |
JP2019087172A (en) | Terminal authentication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AMND | Amendment | ||
E601 | Decision to refuse application | ||
AMND | Amendment | ||
X701 | Decision to grant (after re-examination) | ||
GRNT | Written decision to grant |