KR101737066B1 - User identity authentication method using one time pin and otp, authentication server and otp generator implementing the same - Google Patents
User identity authentication method using one time pin and otp, authentication server and otp generator implementing the same Download PDFInfo
- Publication number
- KR101737066B1 KR101737066B1 KR1020150171395A KR20150171395A KR101737066B1 KR 101737066 B1 KR101737066 B1 KR 101737066B1 KR 1020150171395 A KR1020150171395 A KR 1020150171395A KR 20150171395 A KR20150171395 A KR 20150171395A KR 101737066 B1 KR101737066 B1 KR 101737066B1
- Authority
- KR
- South Korea
- Prior art keywords
- otp
- opin
- generation
- generator
- generated
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4012—Verifying personal identification numbers [PIN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Accounting & Taxation (AREA)
- General Business, Economics & Management (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
The present invention relates to a method for performing authentication using a disposable PIN and an OTP, an authentication server for performing the authentication, and an OTP generator. Specifically, the OTP is generated in the OTP generator only after the first verification is completed through the OPIN generated in the authentication server And a technique for improving security.
Along with the development of e-commerce, the way of verifying the identity of electronic transactions is continuing to develop. The most basic authentication method is that a user enters his / her ID and password and performs authentication of the user through the authentication.
However, the IDs and passwords of various web sites are often hacked by the hacking techniques that have been developed. Accordingly, a scheme of setting the passwords complicatedly and periodically changing the passwords has been performed. However, And the password was leaked, the third party who acquired it could take an unfair advantage through the ID and password of the other person, and the user who was hijacked the ID and the password could be unexpectedly damaged.
Various authentication schemes have been developed to prevent hacking. OTP (One Time Password) has been widely used. OTP means a one-time password used in a method of generating a password having a certain valid time each time authentication is performed and performing authentication using the password.
When the OTP is used, security is improved because a different password is used each time the authentication is performed. When the OTP generator generates an OTP using the OTP generation algorithm based on the time information and the OTP secret key, the user confirms the OTP using the OTP generation algorithm. You can enter OTP on the screen of the website. The OTP entered by the user is transmitted to the server side authenticating the OTP through the website, and the authentication server generates the OTP in the same manner as the OTP generator generates the OTP. That is, the authentication server generates the OTP through the same OTP generation algorithm based on the time information used by the OTP generator and the OTP secret key, compares the user input OTP received through the website with the self-generated OTP, You can do it successfully.
However, there is a disadvantage in that even in the authentication method using the OTP, an attacker, that is, a hacker can hack the OTP number of the desired time zone by manipulating the time information of the OTP generator. For example, if an OTP generator is a smartphone, an attacker can manipulate the smartphone's visual information in such a way as to plant a malicious code on the smartphone, and the smartphone can create an OTP of the desired time zone and seize it. In the future, an attacker can accomplish his / her purpose by carrying out identity verification through OTP at the time when he / she has tampered with it.
As described above, since the OTP generator including the smart phone receives the visual information from outside the security area, there is a security threat that the attacker manipulates the visual information. Accordingly, it has been necessary to develop an authentication method that can maintain the security even if the attacker manipulates the visual information.
SUMMARY OF THE INVENTION The present invention has been made to solve the above problems of the prior art.
SUMMARY OF THE INVENTION An object of the present invention is to provide a method for authenticating a user who is secure from a hacking means of modulating time information in authenticating the user through OTP.
According to another aspect of the present invention, there is provided a method of authenticating a user using an OTP, the method comprising: receiving an OPIN generation request from a banking server or a user terminal; Generating an OPIN through an OPIN generation algorithm based on at least one of an OPIN generation key, a current time, transaction information, and an authority code; Transmitting the generated OPIN to the user terminal; Receiving the self-generated OTP from an OTP generator that performs verification of the OPIN input from a user and generates an OTP only when verification is successfully completed; And verifying that the OTP is valid through the OTP verification algorithm based on at least one of the OTP generation key, the current time, the transaction information, and the authority code and the OTP.
The step of transmitting the generated OPIN to the user terminal may further include displaying the OPIN on the financial transaction screen displayed on the user terminal.
The OPIN generation algorithm or the transaction information input to the OTP generator may include an account number or a transfer amount.
If the OPIN generation key and the OTP generation key are the same, the OPIN generation algorithm and the OTP generation algorithm may be different.
If the OPIN generation key and the OTP generation key are different, the OPIN generation algorithm and the OTP generation algorithm may be the same.
The OTP verification algorithm may perform a verification procedure by comparing an OTP received from the OTP generator with a self-generated OTP in the authentication server.
The authenticating method of the authentication server may further include a step of completing the OTP verification if the generation time of the OPIN is different from the reception time of the OTP by a predetermined time or more.
According to another aspect of the present invention, there is provided an authentication server for authenticating a user using an OTP, comprising: an OPIN generation request receiving unit for receiving an OPIN generation request from a banking server or a user terminal; An OPIN generation unit for generating an OPIN through an OPIN generation algorithm based on at least one of an OPIN generation key, a current time, transaction information, and an authority code; An OPIN transmission unit for transmitting the generated OPIN to the user terminal; An OTP receiver for receiving the self-generated OTP from an OTP generator that performs verification of the OPIN inputted from a user and generates an OTP only when verification is successfully completed; And an OTP verifying unit for verifying whether the OTP is valid through at least one of an OTP generation key, a current time, transaction information, and an authority code, and an OTP verification algorithm based on the OTP.
In order to achieve the above object, another embodiment of the present invention provides a method for authenticating a user using a smart OTP using an OTP in an OTP generator, comprising: receiving an OPIN from a user or receiving an OPIN from a user terminal or an authentication server ; Verifying that the OPIN is valid through an OPIN verification algorithm based on the OPIN generation key, the current time, the transaction information, the authority code, and the OPIN; Generating an OTP through an OTP generation algorithm based on at least one of an OTP generation key, a current time, transaction information, and an authority code; And displaying the generated OTP through the OTP generator or transmitting the generated OTP to a user terminal or an authentication server.
Wherein verifying that the OPIN is valid comprises checking whether the OPIN generation time received from the authentication server and the current time of the OTP generator are different from each other by a predetermined time or longer using the current time information of the OTP generator .
The OPIN verification algorithm may be to perform the verification procedure in a manner that compares the received OPIN with the self-generated OPIN in the OTP generator.
In order to achieve the above object, another embodiment of the present invention is a smart OTP program installed on an OTP generator and performing authentication using the OTP, the smart OTP program comprising at least an OPIN generation key, a current time, transaction information, An OPIN verification module that verifies whether the OPIN is valid through an OPIN verification algorithm based on the one and the OPIN; And an OTP generation module that generates an OTP through an OTP generation algorithm based on at least one of an OTP generation key, a current time, transaction information, and an authority code, and performs OTP generation only when the OPIN is valid. , And Smart OTP program.
According to an embodiment of the present invention, since the OTP is generated after performing the verification first through the OPIN generated by the authentication server, when the attacker modulates the current time information of the OTP generator through hacking, the verification of the OPIN fails Since no OTP is generated, the security can be improved.
It should be understood that the effects of the present invention are not limited to the above effects and include all effects that can be deduced from the detailed description of the present invention or the configuration of the invention described in the claims.
1 is a general configuration diagram of a personal authentication system using an OTP according to an embodiment of the present invention.
FIG. 2 is a flowchart illustrating a process of authenticating a user using an OTP according to an exemplary embodiment of the present invention. Referring to FIG.
3 is a block diagram illustrating an internal configuration of an authentication server according to an embodiment of the present invention.
4 is a diagram schematically showing a configuration of a Smart OTP installed in an OTP generator.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.
Throughout the specification, when a part is referred to as being "connected" to another part, it includes not only "directly connected" but also "indirectly connected" . Also, when an element is referred to as "comprising ", it means that it can include other elements, not excluding other elements unless specifically stated otherwise.
In this specification, OTP (One Time Password) refers to the one-time password generated in the authentication process.
The authentication method using the OTP performed in the present invention can be used in combination with various OTP technologies. That is, the present invention is not limited to various OTP schemes such as NFC (Near Field Communication) OTP, USIM (Universal Subscriber Identity Module) OTP, Secure SD (Secure Digital) OTP, and TEE (Trusted Execution Environment) OTP.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
1 is a general configuration diagram of a personal authentication system using an OTP according to an embodiment of the present invention.
Referring to FIG. 1, the authentication system according to an exemplary embodiment of the present invention may include an
The
The
In the process of the user providing the financial service through the
According to one embodiment, the
The
The
That is, the
According to one embodiment, the
A mobile server (not shown) is provided separately from the
The communication between the
FIG. 2 is a flowchart illustrating a process of authenticating a user using an OTP according to an exemplary embodiment of the present invention. Referring to FIG.
According to an embodiment of the present invention, the
The OPIN (Onetime Personal Identification Number) is disposable PIN information generated by the
Referring to FIG. 2, the
When the user wants to receive the electronic financial transaction service through the operation of the
The
If the
The
Referring to the equation 1, f () is OPIN generation algorithm, K is OPIN generation key, T is the current time, I i represents the i-th additional information. That is, the
The OPIN generation key may be stored in the
According to one embodiment, the OPIN generation process may include an interworking function of a financial transaction. In this case, the
The
According to one embodiment, the user can check the OPIN displayed on the
The
According to one embodiment, the OPIN verification algorithm can perform the verification of OPIN through comparison of OPIN generated by the
Unlike the time obtained by the
If the OPIN verification fails, the
Conversely, if the OPIN verification is successfully performed, the
According to one embodiment, the OTP generation key that the
According to another embodiment, the OTP generation algorithm used by the
According to another embodiment, the OTP generation algorithm used by the
According to one embodiment, after generating the OTP, the
The
The
According to one embodiment, the OTP verification algorithm may be used to verify the OTP by comparing the OTP generated by the
After completing the OTP verification, the
3 is a block diagram illustrating an internal configuration of an
3, the
The OPIN generation
The
If the financial transaction interlock function is included in the OPIN generation process, the
The
The
The
A method of determining whether the OTP received by the
The OTP verification result performed by the
The
The
4 is a diagram schematically showing a configuration of the
4, the
Each module constituting the
The
The secret
The
The
As described above, according to the embodiments of the present invention, the OPIN is generated through the current time information recognized by the
The embodiments of the present invention described above can be implemented in the form of program instructions that can be executed through various computer components and recorded on a computer-readable recording medium. The computer-readable recording medium may include program commands, data files, data structures, and the like, alone or in combination. The program instructions recorded on the computer-readable recording medium may be those specially designed and constructed for the present invention or may be those known and used by those skilled in the computer software arts. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs and DVDs, magneto-optical media such as floptical disks, media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those generated by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules for performing the processing according to the present invention, and vice versa.
It will be understood by those skilled in the art that the foregoing description of the present invention is for illustrative purposes only and that those of ordinary skill in the art can readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.
The scope of the present invention is defined by the appended claims, and all changes or modifications derived from the meaning and scope of the claims and their equivalents should be construed as being included within the scope of the present invention.
100: OTP generator
200: User terminal
300: Banking server
400: authentication server
500: Smart OTP
Claims (12)
Receiving an OPIN generation request from a banking server or a user terminal;
Generating an OPIN through an OPIN generation algorithm based on at least one of an OPIN generation key, transaction information, and an authority code and a current time;
Transmitting the generated OPIN to the user terminal;
Receiving an OTP generated by the OTP generator from an OTP generator that performs verification of the OPIN input from a user and generates an OTP only when verification is successfully completed; And
Comparing the OTP generated by the authentication server with the OTP generated by the OTP generator based on at least one of the OTP generation key, the transaction information, and the authority code and the current time to verify whether the OTP is valid. How to perform authentication of the authentication server.
The transmitting of the generated OPIN to the user terminal comprises:
Further comprising the step of displaying the OPIN on a financial transaction screen displayed on the user terminal.
Wherein the OPIN generation algorithm or the transaction information input to the OTP generator includes an account number or a transfer amount.
Wherein if the OPIN generation key and the OTP generation key are identical, the OPIN generation algorithm and the OTP generation algorithm are different.
Wherein if the OPIN generation key and the OTP generation key are different, the OPIN generation algorithm and the OTP generation algorithm are the same.
Further comprising the step of completing OTP generation when the generation time of the OPIN and the reception time of the OTP differ by a predetermined time or more.
An OPIN generation request receiving unit for receiving an OPIN generation request from a banking server or a user terminal;
An OPIN generation unit for generating an OPIN through an OPIN generation algorithm based on at least one of an OPIN generation key, transaction information, and an authority code and a current time;
An OPIN transmission unit for transmitting the generated OPIN to the user terminal;
An OTP receiver for receiving an OTP generated by the OTP generator from an OTP generator that performs verification of the OPIN inputted from a user and generates an OTP only when verification is successfully completed; And
And an OTP verifying unit for verifying whether the OTP is valid by comparing at least one of the OTP generation key, the transaction information, and the authority code with the OTP generated by the authentication server based on the current time and the OTP generated by the OTP generator , Authentication server.
Receiving an OPIN from a user or receiving an OPIN from a user terminal or an authentication server;
Verifying whether the received OPIN is valid through an OPIN verification algorithm for comparing the OPIN generated by the OTP generator with the received OPIN based on at least one of the OPIN generation key, the transaction information, and the authority code and the current time;
Generating an OTP through the OTP generation algorithm based on at least one of the OTP generation key, the transaction information, and the authority code and the current time only if the received OPIN is verified as valid; And
And displaying the generated OTP through the OTP generator or transmitting the generated OTP to the user terminal or the authentication server so that the OTP generated by the authentication server and the OTP generated by the OTP generator can be compared and verified. How to perform authentication of smart OTP.
Wherein verifying that the OPIN is valid comprises:
And checking whether the OPIN generation time received from the authentication server and the current time of the OTP generator are different from each other by a predetermined time or longer using the current time information of the OTP generator.
An OPIN verification module for generating an OPIN based on at least one of an OPIN generation key, transaction information, and an authority code and a current time and comparing the OPIN with an OPIN received from the outside to verify whether the OPIN received from the outside is valid; And
Generating an OTP through an OTP generation algorithm based on at least one of an OTP generation key, transaction information, and an authority code, and performing an OTP generation only when the OPIN is valid, and transmitting the generated OTP to the outside, A smart OTP program stored on a medium for executing an OTP generation module that allows an OTP generated by an authentication server and an OTP transmitted to the outside to be compared.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150171395A KR101737066B1 (en) | 2015-12-03 | 2015-12-03 | User identity authentication method using one time pin and otp, authentication server and otp generator implementing the same |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150171395A KR101737066B1 (en) | 2015-12-03 | 2015-12-03 | User identity authentication method using one time pin and otp, authentication server and otp generator implementing the same |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101737066B1 true KR101737066B1 (en) | 2017-05-18 |
Family
ID=59048963
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150171395A KR101737066B1 (en) | 2015-12-03 | 2015-12-03 | User identity authentication method using one time pin and otp, authentication server and otp generator implementing the same |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101737066B1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20200031801A (en) * | 2018-09-17 | 2020-03-25 | 인비즈넷 주식회사 | User authentication system and method |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100814561B1 (en) | 2006-08-01 | 2008-03-17 | 인포섹(주) | One Time Password Authentication Using A Mobile Phone |
KR101386363B1 (en) * | 2013-11-04 | 2014-04-29 | 유한회사 실릭스 | One-time passwords generator for generating one-time passwords in trusted execution environment of mobile device and method thereof |
-
2015
- 2015-12-03 KR KR1020150171395A patent/KR101737066B1/en active Search and Examination
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100814561B1 (en) | 2006-08-01 | 2008-03-17 | 인포섹(주) | One Time Password Authentication Using A Mobile Phone |
KR101386363B1 (en) * | 2013-11-04 | 2014-04-29 | 유한회사 실릭스 | One-time passwords generator for generating one-time passwords in trusted execution environment of mobile device and method thereof |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20200031801A (en) * | 2018-09-17 | 2020-03-25 | 인비즈넷 주식회사 | User authentication system and method |
WO2020060150A1 (en) * | 2018-09-17 | 2020-03-26 | 인비즈넷 주식회사 | Identity authentication system and method |
KR102145766B1 (en) * | 2018-09-17 | 2020-08-19 | 인비즈넷 주식회사 | User authentication system and method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210226941A1 (en) | System and method for electronic credentials | |
US11223948B2 (en) | Anonymous authentication and remote wireless token access | |
KR102358546B1 (en) | System and method for authenticating a client to a device | |
KR102382474B1 (en) | System and method for establishing trust using secure transmission protocols | |
KR102383021B1 (en) | Enhanced security for registration of authentication devices | |
US11917074B2 (en) | Electronic signature authentication system based on biometric information and electronic signature authentication method | |
US10044725B2 (en) | Controlling access to online resources using device validations | |
KR102439782B1 (en) | System and method for implementing a hosted authentication service | |
CN113474774A (en) | System and method for approving a new validator | |
US11539526B2 (en) | Method and apparatus for managing user authentication in a blockchain network | |
US20160164921A1 (en) | Service Channel Authentication Processing Hub | |
KR101516881B1 (en) | User authentication method and apparatus | |
US20160191504A1 (en) | Mobile terminal for providing one time password and operating method thereof | |
KR20150011293A (en) | Biometric authentication Electronic Signature Service methods Using an instant messenger | |
CN113711560A (en) | System and method for efficient challenge-response verification | |
CN110838919B (en) | Communication method, storage method, operation method and device | |
EP3425550B1 (en) | Transaction method, transaction information processing method, transaction terminal and server | |
US20230198751A1 (en) | Authentication and validation procedure for improved security in communications systems | |
KR20210116407A (en) | Cross authentication method and system between online service server and client | |
KR101737066B1 (en) | User identity authentication method using one time pin and otp, authentication server and otp generator implementing the same | |
KR101708880B1 (en) | Integrated lon-in apparatus and integrated log-in method | |
KR20180037168A (en) | Cross authentication method and system using one time password | |
Arnosti et al. | Secure physical access with NFC-enabled smartphones | |
Hauck | OpenID for Verifiable Credentials: formal security analysis using the Web Infrastructure Model | |
KR102210894B1 (en) | Method for Exchanging Transaction Information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination |