KR101733318B1 - Otp authentication system and method - Google Patents
Otp authentication system and method Download PDFInfo
- Publication number
- KR101733318B1 KR101733318B1 KR1020150185628A KR20150185628A KR101733318B1 KR 101733318 B1 KR101733318 B1 KR 101733318B1 KR 1020150185628 A KR1020150185628 A KR 1020150185628A KR 20150185628 A KR20150185628 A KR 20150185628A KR 101733318 B1 KR101733318 B1 KR 101733318B1
- Authority
- KR
- South Korea
- Prior art keywords
- otp
- terminal
- authentication
- short
- service
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H04W4/008—
Abstract
Description
At least some embodiments of the present invention relate to an OTP authentication system using an OTP terminal, a terminal, and an authentication method using the same.
Generally, OTP is an abbreviation of One Time Password and refers to authentication method using one-time password.
The OTP system includes an OTP terminal to be carried by a user (consumer), a PC as a means for a user to connect to an OTP authentication server through an Internet network or a wire / wireless telephone network, an OTP terminal And an OTP authentication server that performs authentication processing when a server authentication number generated by the authentication server matches the authentication number based on the current time.
In the conventional OTP terminal and the OTP authentication process using the OTP terminal, when the user accesses the OTP authentication server through the PC 20 and requests authentication, the OTP terminal authenticates the OTP terminal owned by the user corresponding to the current time And generates a disposable password. If the password input by the user matches the password generated by the OTP authentication server, the authentication processing is performed.
The OTP authentication server stores the user ID, the serial number of the OTP terminal owned by the user, the password generation key value, the last transaction date of the user, and the like stored in the user information stored in the database (not shown) When the authentication server is requested to be authenticated, a password corresponding to the current time is generated depending on the password generation key value of the OTP terminal owned by the user.
It is known that the security is superior to the existing 30-digit security card, and the actual security level of the bank is 3 grade for the credit card and 1 grade for the OTP generator. In addition, the type of phishing accident that has recently occurred by taking customer information has also occurred in all users of the card.
One of the main reasons for this notion of security, yet still popular, is portability. Current OTP generators are keyhole-shaped, so it is very inconvenient to carry them continuously. In the past, there was a necessity for a key ring to be able to be attached to an old cell phone. However, most smart phones nowadays can not be connected to a key chain without using a separate earphone cap or a separate smartphone case. It is a tough situation.
In addition, the related art has a problem in that, when a user connects to the OTP authentication server, normal authentication processing is performed when the password of the OTP terminal input to the OTP authentication server is normal regardless of whether the OTP terminal is owned or not.
An object of the present invention is to provide an authentication system and a method using an OTP which improves security by storing a public certificate and an OTP program in a single medium.
The OTP authentication system according to an embodiment of the present invention includes an accessory OTP terminal including a first short range wireless transmission / reception module and storing an OTP (One Time Password) program and a second short range wireless transmission / reception module, 1 short-range wireless transmission / reception module, generates an interface for generating an OTP of the OTP terminal, receives a signal for instructing OTP generation from the user through the interface, instructs the OTP terminal to generate an OTP, And a service providing apparatus for receiving the generated OTP and transmitting the generated OTP to the service providing apparatus, thereby receiving the OTP for providing the service to the host terminal requesting the service provision, and performing the authentication.
The OTP terminal includes a series of character strings, and when the service execution application is executed, the host terminal receives a series of character strings from the OTP terminal and confirms that the OTP terminal is a registered OTP terminal.
The head unit may further include an input unit for initializing an OTP generation number.
The OTP authentication method according to an embodiment of the present invention includes: a step in which a host terminal executes a service execution application to perform close-range communication with an OTP terminal; and a step in which the host terminal generates an interface for generating an OTP of the OTP terminal Receiving a signal indicating generation of an OTP from the user through the interface and instructing the OTP terminal to generate an OTP; and receiving the OTP generated from the OTP terminal, And requesting service provision by transmitting the service request.
The host terminal receives at least one of a plurality of account numbers of the user and a public certificate from the OTP terminal and transmits the received account number to the service providing apparatus.
An object of the present invention is to provide an OTP authentication system and method that can improve convenience and security by using an accessory type OTP.
In the embodiment of the present disclosure, when the OTP terminal is allowed to transfer only the account number stored in advance in the OTP terminal, even if the OTP terminal is stolen or hacked, it is impossible to transfer the account number to another account, .
FIG. 1 is a view for schematically explaining a configuration of an OTP authentication system according to an embodiment of the present invention.
2 is a diagram illustrating the structure of an accessory type OTP terminal according to an embodiment of the present invention.
3 is a diagram illustrating a structure of a host terminal according to an embodiment of the present invention.
4 is a flowchart illustrating an OTP authentication method according to an embodiment of the present invention.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. The configuration of the present invention and the operation and effect thereof will be clearly understood through the following detailed description. Before describing the present invention in detail, the same components are denoted by the same reference symbols as possible even if they are displayed on different drawings. In the case where it is judged that the gist of the present invention may be blurred to a known configuration, do.
FIG. 1 is a view for schematically explaining a configuration of an OTP authentication system according to an embodiment of the present invention.
The OTP authentication system of one embodiment of the present invention is a system for performing authentication with high security and a service providing device for providing services including finance by transmitting / receiving information for OTP authentication through short-distance communication between an OTP terminal and a host terminal.
The OTP authentication system of one embodiment of the present invention may include an
The
The
The
The short range communication module may be NFC (Near Field Communication).
NFC is a communication method that can complement each other, although its communication range is less than 10cm and is different from Bluetooth or infrared communication method. That is, when the NFC is applied, since the communication distance is short, there is an advantage that the user can decide whether to use the NFC communication or not.
When using NFC, the
The
2 is a diagram illustrating the structure of an accessory type OTP terminal according to an embodiment of the present invention.
As shown in FIG. 2, the accessory-
The
The
The
The
If the user authentication is normally performed, the
The OTP may be input directly from the user through the input interface provided in the
The
The
The
3 is a diagram illustrating a structure of a host terminal according to an embodiment of the present invention.
The
The
The
The
The
The
4 is a flowchart illustrating an OTP authentication method according to an embodiment of the present invention.
The host terminal executes the service execution application and performs short-range communication with the OTP terminal (S110). The service execution application can perform the login process using the public certificate stored in the OTP terminal before OTP authentication according to the preset case.
The host terminal generates an interface for generating the OTP of the OTP terminal (S120).
The host terminal receives a signal instructing the OTP generation through the interface from the user and instructs the OTP terminal to generate an OTP (S130).
When the OTP terminal is instructed to generate an OTP, it executes an OTP program to generate a random number. The random number is a random one-time password in that it is randomly generated and not used again. That is, a random number is not generated again once it is generated as volatile. Random numbers are composed of numbers and English combinations, but numbers and alphabets can be repeatedly arranged. As an example of random number generation, a random number generates an arbitrary digit number of a secret through an OTP generation algorithm based on a secret key and time of a unique OTP generation program.
The host terminal receives the OTP generated from the OTP terminal, and transmits the OTP to the service providing apparatus to request service provision (S140). The service providing apparatus authenticates the OTP through an authentication server. If the authentication is successful, the service can be provided.
When the service providing apparatus is a financial server, it is possible to provide a service such as an account transfer. In a case where the account number and the like can be stored in the OTP terminal, the service executing application can set the OTP terminal to allow the OTP terminal to transfer only the account number stored in advance in the OTP terminal. In this case, the host apparatus receives the transfer object account number from the OTP terminal through the account transfer interface provided by the service providing apparatus, that is, the financial server, receives the received account number, and performs transfer after OTP authentication for the inputted account number .
When the authorized certificate is stored in the OTP terminal as described above, the convenience of the user can be improved while the security is maintained.
In this way, when only the account number stored in advance in the OTP terminal is allowed to be transferred, security can be improved because the OTP terminal can not be transferred to another account even if the OTP terminal is stolen or hacked.
At this point, it will be appreciated that the combinations of blocks and flowchart illustrations in the process flow diagrams may be performed by computer program instructions. These computer program instructions may be loaded into a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, so that those instructions, which are executed through a processor of a computer or other programmable data processing apparatus, Thereby creating means for performing functions. These computer program instructions may also be stored in a computer usable or computer readable memory capable of directing a computer or other programmable data processing apparatus to implement the functionality in a particular manner so that the computer usable or computer readable memory The instructions stored in the block diagram (s) are also capable of producing manufacturing items containing instruction means for performing the functions described in the flowchart block (s). Computer program instructions may also be stored on a computer or other programmable data processing equipment so that a series of operating steps may be performed on a computer or other programmable data processing equipment to create a computer- It is also possible for the instructions to perform the processing equipment to provide steps for executing the functions described in the flowchart block (s).
In addition, each block may represent a module, segment, or portion of code that includes one or more executable instructions for executing the specified logical function (s). It should also be noted that in some alternative implementations, the functions mentioned in the blocks may occur out of order. For example, two blocks shown in succession may actually be executed substantially concurrently, or the blocks may sometimes be performed in reverse order according to the corresponding function.
Herein, the term " part " used in the present embodiment means a hardware component such as software or an FPGA or an ASIC, and 'part' performs certain roles. However, 'part' is not meant to be limited to software or hardware. &Quot; to " may be configured to reside on an addressable storage medium and may be configured to play one or more processors. Thus, by way of example, 'parts' may refer to components such as software components, object-oriented software components, class components and task components, and processes, functions, , Subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables. The functions provided in the components and components may be further combined with a smaller number of components and components or further components and components. In addition, the components and components may be implemented to play back one or more CPUs in a device or a secure multimedia card.
It will be understood by those skilled in the art that the present specification may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. The scope of the present specification is defined by the appended claims rather than the foregoing detailed description, and all changes or modifications derived from the meaning and scope of the claims and their equivalents are included in the scope of the present specification Should be interpreted.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, It is not intended to limit the scope of the specification. It will be apparent to those skilled in the art that other modifications based on the technical idea of the present invention are possible in addition to the embodiments disclosed herein.
100: Accessory type OTP terminal
110: head portion
120:
200: Host terminal
300: Service providing device
Claims (8)
And a second short-range wireless transmission / reception module. When short-distance communication with the first short-range wireless transmission / reception module is performed, an interface for generating an OTP of the OTP terminal is generated, and a signal for instructing OTP generation from the user through the interface A host terminal for receiving an input and instructing the OTP terminal to generate an OTP, receiving a generated OTP and transmitting the received OTP to a service providing apparatus, thereby requesting service provision; And
A service providing apparatus for receiving an OTP for providing a service to a host terminal
Including the
The OTP terminal stores one or more account numbers,
Wherein the service providing apparatus is a financial server, and is configured to enable transfer only through OTP authentication for an account number stored in advance in the OTP terminal,
Wherein the host terminal receives the transfer account number from the OTP terminal through the account transfer interface provided by the service providing apparatus, inputs the transferred account number, and performs OTP authentication on the inputted account number.
Wherein when the service execution application is executed, the host terminal receives a series of character strings from the OTP terminal and confirms that the OTP terminal is a registered OTP terminal.
Generating an interface by which the host terminal generates an OTP of the OTP terminal;
Receiving an OTP generation instruction signal from the user through the interface and instructing the OTP terminal to generate an OTP; And
Receiving the OTP generated from the OTP terminal and transmitting the OTP to the service providing apparatus,
, ≪ / RTI &
The OTP terminal stores one or more account numbers,
The service execution application sets OTP authentication only for the account number stored in advance in the OTP terminal,
Wherein the host terminal receives the transfer account number from the OTP terminal through the account transfer interface provided by the service providing apparatus, inputs the transfer account number, and performs OTP authentication only for the inputted account number.
Wherein the host terminal receives at least one of a public certificate and user authentication information from the OTP terminal and transmits the received authentication certificate and user authentication information to the service providing apparatus.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150185628A KR101733318B1 (en) | 2015-12-24 | 2015-12-24 | Otp authentication system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150185628A KR101733318B1 (en) | 2015-12-24 | 2015-12-24 | Otp authentication system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101733318B1 true KR101733318B1 (en) | 2017-05-24 |
Family
ID=59051166
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150185628A KR101733318B1 (en) | 2015-12-24 | 2015-12-24 | Otp authentication system and method |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101733318B1 (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100950704B1 (en) * | 2009-05-20 | 2010-03-31 | 조정현 | Information descernment system for unidentified people and method thereof |
KR101402660B1 (en) * | 2013-09-17 | 2014-06-03 | 주식회사 에스씨테크원 | Wireless authentication system for one time password using mobile communication terminal comprising near field communication, and method thereof |
-
2015
- 2015-12-24 KR KR1020150185628A patent/KR101733318B1/en active IP Right Grant
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100950704B1 (en) * | 2009-05-20 | 2010-03-31 | 조정현 | Information descernment system for unidentified people and method thereof |
KR101402660B1 (en) * | 2013-09-17 | 2014-06-03 | 주식회사 에스씨테크원 | Wireless authentication system for one time password using mobile communication terminal comprising near field communication, and method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11055385B2 (en) | Multi-factor user authentication framework using asymmetric key | |
US10171428B2 (en) | Confidential data management method and device, and security authentication method and system | |
US20160379220A1 (en) | Multi-Instance Shared Authentication (MISA) Method and System Prior to Data Access | |
US20180198774A1 (en) | Method for authenticating a user via a non-secure terminal | |
EP3230917B1 (en) | System and method for enabling secure authentication | |
US20150310427A1 (en) | Method, apparatus, and system for generating transaction-signing one-time password | |
WO2017185577A1 (en) | Esim card data sharing method, and related device and system | |
EP2927834A1 (en) | Information processing apparatus, information processing method, and recording medium | |
US20170076285A1 (en) | Payment Method and Apparatus and Payment Factor Processing Method and Apparatus | |
US9871890B2 (en) | Network authentication method using a card device | |
WO2017134759A1 (en) | Authentication device, authentication system, and authentication program | |
US10911236B2 (en) | Systems and methods updating cryptographic processes in white-box cryptography | |
KR101733318B1 (en) | Otp authentication system and method | |
EP3320664B1 (en) | Method of authenticating communication of an authentication device and at least one authentication server using local factor | |
KR20180048424A (en) | Method for authenticating a user by means of a non-secure terminal | |
CN110602679B (en) | Display and transmission method, identity authentication and data transmission device and terminal | |
EP4104079A1 (en) | Method, system, and computer program product for authentication | |
US10445510B2 (en) | Data checking apparatus and method using same | |
KR101699167B1 (en) | Otp authentication system, apparatus and method | |
KR101710794B1 (en) | Financial transaction system and operating method of the same | |
KR20180048425A (en) | Method for securely transmitting a secret data to a user of a terminal | |
WO2018017019A1 (en) | Personal security device and method | |
CN115103356A (en) | Computer security verification system, method, mobile terminal and readable storage medium | |
KR20170138358A (en) | System and method operating an application's password and for enhancing the security of the password |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |