KR20150088987A - Method for Providing Service by using Installed Program at Handheld Phone - Google Patents

Abstract

The present invention relates to a method for providing a service by using a program in a mobile phone. According to the present invention, the method, which is executed by a server, comprises the processes of: confirming medium information for verifying a user mobile phone installed and driven with a specific program as a medium possessed by a user, which realizes a service provided to the user, and storing the medium information in an indicated storage medium; storing authentication information in the indicated storage medium for verifying a code value which is dynamically generated in the user mobile phone, and transmitted through the program; verifying the mobile phone in a state where the program is driven through the medium information, as a medium possessed by the user when the program of the user mobile phone is driven; verifying validity of the code value transmitted through the program of the mobile phone by using the authentication information; and generating information to be used for providing a service by using the program of the user mobile phone corresponding to the authenticated medium, in order to provide the information to the program of the user mobile phone, when the mobile phone for driving the program is authenticated as the medium possessed by the user by using the medium information and the code value, wherein the medium information includes an eigen value uniquely allocated not to be overlapped after the program is installed in the user mobile phone to authenticate the mobile phone in a state that the program is installed and driven.

Description

Technical Field [0001] The present invention relates to a method for providing a service using a mobile phone,

The present invention provides a method executed by a server, comprising the steps of: confirming medium information for authenticating a user mobile phone installing and running a specific program to a medium owned by a user implementing a service to be provided to the user, And a step of storing authentication information for authenticating a code value dynamically generated by the user's mobile phone and transmitted through the program to a designated storage medium, A procedure for authenticating a cell phone in which a program is running to the medium owned by the user, a procedure for authenticating the validity of a code value transmitted through a program of the mobile phone using the authentication information, And the code value, The method comprising the steps of: generating information to be used for providing a service using a program of a user's mobile phone corresponding to the authenticated medium, and providing the generated information to a program of the user's mobile phone when authenticating the user's own medium; The present invention relates to a service providing method using a program of a mobile phone, which comprises a unique value that is uniquely assigned to the user's cellular phone after the program is installed so as to authenticate the mobile phone in a state in which the mobile phone is installed and operated.

As non-face-to-face transactions are activated by the development of information and communication technology, non-face traders must certify that the connected user is a valid trader through the communication network and prepare for accidents that may occur.

In the non-face-to-face transaction, the most common method for authenticating a user connected through a communication network is authentication using ID / PW. However, due to the problem that the ID / PW is easily exposed, And is used to identify a trader rather than to be used as a transaction.

As a non-face transaction authentication method more advanced than the method using the ID / PW, an authentication method using a public certificate is used. When a medium (for example, a computer) on which the public certificate is recorded is hacked or a keyboard hacking program When the non-face-to-face transaction is processed through the installed terminal, the authorized certificate also has a problem that it can not provide reliable non-face-to-face transaction authentication.

One-time password (OTP) is used as a method for solving the problem of the above-mentioned public certificate. The OTP is a fixed seed that is exchanged / shared by a trading partner in a non-contact manner when the one or more fixed seed values and a fixed seed value dynamically determined at the time of generating the secret are determined and determined at the time of non- Value and a dynamic seed value to a predetermined code generation algorithm (for example, a hash function) to generate an OTP that can be used once, exchange and authenticate the generated OTP, and reuse the same OTP even if the OTP is exposed It is used as an authentication means which is safer to hacking than other authentication means.

In order to generate the OTP as described above, the user has to carry a portable device called OTP generator. In recent years, the OTP generator has been implemented in an OTP generation program (for example, an OTP generation algorithm A program code and a seed value) are installed and used as an OTP generator.

However, in the conventional mobile phone OTP generator, an OTP generator in the form of a portable device is implemented as a program code on a mobile phone, and the OTP generation program installed in the mobile phone OTP generator is copied (for example, ), Or when the mobile phone OTP generator replicates a mobile phone in which the OTP generation program is installed, the mobile phone OTP generator is no longer reliable.

Also, when wireless non-face-to-face transaction such as wireless settlement / banking is used through a mobile phone used as the mobile phone OTP generator, the mobile phone is used as a transaction medium for the non-face-to-face transaction, In this case, the wireless non-face-to-face transaction as described above may not satisfy the two-factor authentication condition that the transaction medium and the authentication medium must be separated into different media in the non-face-to-face transaction through OTP authentication It has a problem.

An object of the present invention is to provide a method that is executed by a server, in which a user mobile phone that installs and runs a specific program is checked for media information for authenticating the user's own media implementing the service to be provided to the user, A step of storing authentication information for authenticating a code value dynamically generated by the user's mobile phone and transmitted through the program on a designated storage medium; A procedure for authenticating a cell phone in which the program is run through the medium information to the medium owned by the user, and a procedure for authenticating the validity of the code value transmitted through the program of the mobile phone using the authentication information And using the medium information and the code value, A step of generating information to be used for providing a service using a program of a user's mobile phone corresponding to the authenticated medium and providing the information to a program of the user's mobile phone, Wherein the medium information includes at least one of eigenvalues that are uniquely assigned after the program is installed in the user's cellular phone to authenticate the cellular phone in which the program is installed and installed, And to provide a service providing method.

A method of providing a service using a program of a mobile phone according to the present invention is a method executed by a server, the method comprising the steps of: receiving a media file for authenticating a user mobile phone installed with a specific program with a medium owned by a user implementing a service to be provided to the user A step of storing authentication information for authenticating a code value dynamically generated in the user's mobile phone and transmitted through the program to a designated storage medium; A procedure for authenticating a mobile phone in a state in which the program is driven through the medium information to the medium owned by the user when a program of a user's mobile phone is activated; A second step of performing a procedure for authenticating validity, and When the cellular phone driving the program using the medium information and the code value is authenticated as the medium owned by the user, generates information to be used for providing a service using the program of the user's mobile phone corresponding to the authenticated medium, And a third step of performing a procedure for providing the program as a program of the mobile phone, wherein the medium information includes a unique identifier that is uniquely assigned uniquely after the program is installed in the user's mobile phone, And a value.

In the method of providing a service using a program of a mobile phone according to the present invention, the service is characterized by including an authentication service using N (N > = 2) OTP (One Time Password) through the user's mobile phone .

In the method of providing a service using a program of a cellular phone according to the present invention, the medium information may further include at least one of unique information stored in a memory unit of the cellular phone, and code information provided from an IC chip interfaced with the cellular phone .

In the method of providing a service using a program of a mobile phone according to the present invention, the code value includes at least one of a code value generated through a program of the mobile phone and a code value generated through an IC chip interfaced with the mobile phone .

A method for providing a plurality of authentication method opiates according to the present invention is a method for providing a plurality of authentication method opiates to be executed by a server, the method comprising: providing a program for displaying OTP (One Time Password) A step for storing information for authenticating the OTP medium information for the mobile phone and the code value generated by the mobile phone and transmitted through the program to a designated storage medium; And an authentication unit for authenticating a mobile phone on which the program is driven based on the OTP medium information with the OTP medium, authenticating a code value transmitted from the mobile phone program, and authenticating a program driven by the mobile phone with an OTP medium, In step 2 and the authentication of the OTP medium, the server side dynamically A third step of verifying the generated OTPs of N (N? 2) digits, and a fourth step of providing the identified N digits of OTPs to a program of a cellular phone corresponding to the authenticated OTP medium .

The OTP medium information includes at least one of an eigenvalue assigned to authenticate a mobile phone installed with the program, unique information stored in a memory of the mobile phone, And code information provided from the IC chip.

In the method for providing a plurality of authentication methods according to the present invention, the code value may include at least one of a code value generated through a program of the mobile phone and a code value generated through an IC chip interfaced with the mobile phone .

The method comprising: a fifth step of receiving N-digit OTPs provided to the OTP medium via a designated path; and a sixth step of performing a procedure of authenticating the validity of the received OTP, The method comprising the steps of:

The plurality of authentication method opportunistic output methods according to the present invention may be implemented by providing OTP medium information including mobile phone specific information registered in an OTP (One Time Password) medium in a server and USIM (or memory) of a cellular phone registered with the OTP medium And storing OTP generation information for generating OTPs of N (N > = 2) digits in the storage medium, and storing OTP generation information for OTP (OTP generation information) (Or verification operation) between the OTP medium information stored in the storage medium and the OTP medium authentication information in the server, the medium authentication information, and the OTP generated through the terminal side OTP generation information, (Or output) an OTP medium of N digits, and generates OTP 'through terminal-side OTP generation information for the OTP medium stored in the storage medium And performing a second authentication with the mobile phone with the OTP medium by comparing (or verifying) the received OTP with the received OTP; and when performing authentication of the mobile phone with the OTP medium at the first and second authentication, OTP generation information for the OTP medium; generating an OTP of N digits through the OTP and transmitting the OTP to the mobile phone; and receiving and outputting the OTP of the N digits in the mobile phone .

The method of outputting a plurality of authentication methods according to the present invention includes the steps of: checking OTP generation information for the OTP medium stored in the storage medium at the server when the N-digit OTP is transmitted from the user terminal or the mobile phone; Generating OTP 'of N digits through the OTP generation information in the server, and comparing (or verifying) the received OTP of N digits and the generated OTP' And authenticating the validity of the OTP.

The OTP medium authentication information may further include a user password or a user's personal identification number. The server may store the user password or the user's personal identification number And authenticating the mobile phone with the OTP medium.

On the other hand, a computer-readable recording medium is characterized by recording a program for executing the above-mentioned multiple authentication method opportunistic output method.

On the other hand, the multi-authentication system authentication output system according to the present invention includes OTP medium information including mobile phone specific information registered as an OTP (One Time Password) medium and USIM (or memory) of a mobile phone registered with the OTP medium OTP generation information for generating the OTP generation information of the terminal and OTP generation information for generating OTP of N (N > = 2) digits, OTP medium authentication information including the mobile phone specific information in the user's mobile phone, (Or verification operation) between the OTP medium information stored in the storage medium and the OTP medium authentication information to generate (or output) an OTP of N digits, 1, generates OTP 'through terminal-side OTP generation information for the OTP medium stored in the storage medium, and compares (or verifies) the received OTP with the received OTP, OTP generation means for generating N-digit OTPs through OTP generation information for the OTP medium stored in the storage medium at the time of first and second authentication with the OTP medium, And OTP transmission means for transmitting the generated OTP of N digits to the cellular phone.

The multi-authentication scheme validity output system according to the present invention checks OTP generation information for the OTP medium stored in the storage medium when receiving an OTP of N digits from the user terminal or the cellular phone, OTP authentication means for generating N-digit OTP 'through the N-number of OTPs and for comparing the received OTP' with the generated OTP 'to verify the validity of the N-digit OTP .

Meanwhile, a mobile phone according to the present invention includes a code generation unit for generating an OTP through terminal-side OTP generation information stored in a USIM (or a memory), and an OTP (One Time Password authentication information, an authentication processing unit for transmitting the generated OTP to a server on a communication network and requesting the mobile phone to authenticate the OTP medium, a first OTP medium authentication result through the OTP medium authentication information, And a OTP output unit for outputting the N-number of OTPs received and the N (N > = 2) OTPs received through the OTP generation information according to the second OTP medium authentication result do.

According to the present invention, a Universal Subscriber Identity Module (USIM) of a user's mobile phone used as an OTP medium or one or more information sets for authenticating the mobile phone as an OTP medium via a communication network is stored (or set) The OTP medium authentication information including at least one of the information sets stored in the USIM / memory and the OTP generated through the terminal side OTP generation information are transmitted to the server on the communication network to transmit the OTP medium authentication information The mobile phone is first authenticated to a valid OTP medium through the received OTP and the second authenticated to the valid OTP medium via the received OTP so that whenever the OTP is generated through the mobile phone, The reliability of the OTP generated through the mobile phone is continuously verified and maintained. .

According to the present invention, when the mobile phone is a valid OTP medium, the OTP generation information combining the server-side OTP generation information with the server-side OTP generation information in the server on the communication network is generated as N-digit OTP The mobile phone can receive and output the OTP of N digits so as to generate and output OTP of N digits only by the mobile phone registered as a valid OTP medium, There is an advantage in that the condition of two-factor authentication is always satisfied irrespective of whether the two-factor authentication is used.

1 is a diagram illustrating a configuration of a mobile phone having a function of generating an OTP according to an embodiment of the present invention.
2 is a diagram showing a mobile phone OTP system configuration according to an embodiment of the present invention.
3 is a diagram illustrating an OTP media registration process according to an embodiment of the present invention.
4 is a diagram illustrating an OTP generation process according to an embodiment of the present invention.
5 is a diagram illustrating an OTP authentication process according to an embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

FIG. 1 is a diagram illustrating a functional configuration of a cellular phone 100 having a function of generating an OTP according to an embodiment of the present invention.

1 illustrates an OTP medium included in an OTP agent in which the cellular phone 100 that provides data communication by connecting to a mobile communication network generates OTP (One Time Password) through the mobile communication network (N > = 2) number of OTPs from a server of the communication network after authentication, and outputs the received OTPs. If the person skilled in the art is familiar with the present invention, Referring to and / or modified with reference to FIG. 1, a wireless communication terminal (for example, a portable Internet terminal or the like) connected to a wireless communication network of a wireless communication standard other than the cellular phone 100 alerts an implementation method having a function of generating the OTP And the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

The cellular phone 100 includes an outer body in terms of hardware and a speaker and a microphone, a keypad, a Liquid Crystal Display (LCD), an antenna, and a battery 125 according to an embodiment of the present invention, A modem chip (for example, an MSM series modem chip of Qualcomm of the United States) having a function of a CDMA (Code Division Multiple Access) modem, a CPU / MPU (Central Processing Unit / Micro Processing Unit) A power amplifier that amplifies a transmission signal, a high power amplifier (HPA), an isolator that prevents a high output transmission signal from returning in the opposite direction, a memory device, a memory device, a duplexer filter that separates a transmission signal from an antenna, An RF / IF SAW filter for eliminating the desired out-of-band spurious signal, a frequency upstream circuit for the transmission path, a frequency downconversion circuit for the reception path, a VCTCXO (Voltage A controlled temperature compensated X-tal oscillator, a UHF frequency synthesizer used as a local signal of frequency up-down conversion, and a codec chip for converting an analog voice signal into a digital signal. Are gradually integrated into the modem chip. Various functions for various multimedia services or various additional services are integrated in the modem chip in addition to core components for the mobile communication service.

1, the mobile phone 100 includes a control unit 105 corresponding to the modem chip on a structure corresponding to the components, a screen output unit 110 corresponding to an LCD (Liquid Crystal Display) A sound processing unit 115 corresponding to a microphone / speaker, a key input unit 120 corresponding to a keypad, a wireless communication unit 130 corresponding to an antenna and various RF modules, a memory unit 145 corresponding to a nonvolatile memory, A Universal Subscriber Identity Module (USIM) 140 corresponding to an IC (Integrated Circuit) chip for storing universal subscriber identification information, and a USIM reader unit (for reading / writing information (or data) 135 and a battery 125 for power supply.

The control unit 105 includes a processor and an execution memory including a CPU / MPU provided in the modem chip in hardware, and includes a program routine for providing a function peculiar to the mobile phone 100 from a memory device, (Or an integrated circuit) provided for the bus (BUS) for inputting and outputting data, and an electronic circuit (or an integrated circuit) provided therefor. The memory unit 145 or the memory device A program corresponding to an OTP agent recorded on the recording medium of the cellular phone 100 for the function of generating the OTP (hereinafter, referred to as a " program " The routine configuration unit is described as being provided in the control unit 105 for convenience) The program routine of the control unit 105 basically includes an operating system routine (not shown) and one or more system management routines (e.g., a power management routine, a channel (forward / backward) management routine, And the control unit 105 realizes various functional configurations to be implemented in the mobile phone 100. [0033] FIG.

According to an embodiment of the present invention, after power is supplied to the cellular phone 100, the operating system routine (not shown), one or more system management routines (not shown), and various system parameters corresponding thereto, The mobile phone 100 may be configured to perform the steps of: loading a system memory including a system setting detailed state, a pilot channel obtaining detailed state, a synchronization channel obtaining detailed state, and a timing conversion detailed state according to a booting procedure, Is set to an operation mode corresponding to "mobile station initialization state ".

After performing the booting procedure, the operating system routine (not shown), one or more system management routines (not shown) and various system variables corresponding thereto are loaded into the execution memory provided in the control unit 105, The mobile phone 100 is set to the operation mode corresponding to the "mobile station call waiting state", "system access state", or "call channel state" ) Procedure.

According to the embodiment of the present invention, it is preferable that the function of generating the OTP is started (or realized) by key input in the operation mode corresponding to the "mobile station call waiting state"

The screen output unit 110 is a functional configuration unit for a screen for confirming operation modes of the mobile phone 100 and corresponding operation states. The screen output unit 110 may include at least one screen output including an LCD provided in the mobile phone 100 And a driver for driving the screen output device. The control unit 105 outputs one or more key data input through the key input unit 120, or outputs the key data input through the key input unit 120 to the mobile phone 100 A function processing screen, and a function processing result screen corresponding to one or more functions (or programs) provided in the mobile phone 100 or one or more contents (for example, characters Content, image content, and multimedia content).

According to the embodiment of the present invention, the screen output unit 110 preferably performs a function of a menu screen corresponding to the function of generating the OTP, a function processing screen, and a screen output means for outputting a function processing result screen .

The sound processing unit 115 is a functional unit for processing input and output of sound in each operation mode of the mobile phone 100. The sound processing unit 115 decodes one or more encoded sound data and outputs the decoded sound data to a speaker And a vocoder and a codec for encoding and encoding a sound signal input through a microphone provided in the mobile phone 100. [

According to the embodiment of the present invention, the sound processing unit 115 decodes sound data corresponding to a ring back tone through the speaker in an operation mode corresponding to the "system access state" among the respective operation modes of the cellular phone 100 Or to encode a voice signal through a microphone in an operation mode corresponding to the "call channel state ", or to decode and output the voice signal through a speaker.

In addition, the sound processing unit 115 may be operable to reproduce one or more sound contents or multimedia contents provided in (or downloaded from) the mobile phone 100 in one or more operation modes including the " It is preferable that the sound data corresponding to the content is decoded and output.

The key input unit 120 may include a key input device having one or more key buttons including a number key, a character key or a function key, Wherein the key input device detects one or more key input signals generated by clicking (or inputting) the key button in the key input device.

According to the present invention, when a key input signal is detected from a key button provided in the key input device in an input mode or one or more operation modes controlled by the control unit 105, the key input unit 120 detects the key (E.g., MH_KEY_PRESSEVENT, MH_KEY_REPEATEVENT, and MH_KEY_RELEASEEVENT) corresponding to the input signal, and provides the generated key event to the control unit 105. The control unit 105 controls the operation of the mobile phone 100, (For example, from the key table storing (managing) one or more key data corresponding to a specific key event in each input mode or operation mode) in the current input mode or operation mode of the key Reading the key data in the event), or reading a command that executes a function defined by matching with the key event And a gong.

According to an embodiment of the present invention, the key input unit 120 inputs a telephone number in an operation mode corresponding to the "mobile station call waiting state" among the operation modes of the cellular phone 100, , It is preferable to change the operation mode of the cellular phone 100 to the operation mode corresponding to the "system access state ".

The key input unit 120 inputs a function key (e.g., a menu key) in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the mobile phone 100, It is desirable to perform various functions provided.

According to an embodiment of the present invention, the key input unit 120 performs a function of key input means for inputting one or more key data corresponding to the function of generating the OTP.

The wireless communication unit 130 includes a CDMA modem and various RF modules (for example, a duplexer filter, a power amplifier, a high-power amplifier, and the like) for connecting a wireless channel to a base station on a mobile communication network in which the cellular phone 100 operates based on WCDMA. A high frequency amplifier, a high power amplifier (HPA), an isolator, an RF / IF SAW filter, a frequency upstream circuit, a frequency downconversion circuit, a VCTCXO corresponding to a reference clock source, a UHF frequency synthesizer, A slot mode, a power control, or a hand-off mode corresponding to each operation mode of the cellular phone 100 in cooperation with the control unit 105. [ off or a call processing procedure.

According to another embodiment of the present invention, if the cellular phone 100 shown in FIG. 1 is a portable Internet terminal, the wireless communication unit 130 may configure a wireless communication function to access a portable Internet based on IEEE 802.16x to provide a portable Internet service It is possible to implement the present invention by modifying various other types of wireless communication configurations for providing wireless data communication in addition to the portable Internet and the present invention is not limited to the configuration of the wireless communication unit 130 I will make it clear.

The USIM reader 135 is a functional unit for exchanging one or more pieces of information (or data or commands) with the USIM 140 mounted or detached from the mobile phone 100 via a standard including ISO / IEC 7816 And a contact type IC card reader corresponding to the ISO / IEC 7816 standard. The IC card reader reads the one or more pieces of information (or data) from the USIM 140 through an APDU (Application Protocol Data Unit) , Or command) is exchanged.

The USIM 140 mounted on or detached from the mobile phone 100 is an IC chip conforming to the ISO / IEC 7816 standard. The USIM 140 includes a power supply VCC, (E.g., command or data exchange) with the USIM reader 135 through contact points such as a reset signal RST, a clock signal CLK, a ground GND, a programming power supply VPP, an input / output An input / output interface for inputting and outputting a program, an input / output interface for inputting and outputting data, and a processor unit including at least one computing element including a central processing unit (CPU), a micro processing unit (MPU), a coprocessor, (E.g., ROM) among the memory devices, and a memory including at least one memory device including an access memory (EEPROM), an electrically erasable and programmable read only memory (EEPROM), and a flash memory To manage internal resources of IC card The COS stored in the memory is loaded into the execution memory when power is supplied from the USIM reader 135 through the VCC contact point of the input / And controls the overall operation of the USIM 140 and controls the operation of the USIM 140 through an APDU (Application Protocol Data Unit) based on a clock frequency (e.g., 3.57 MHz or 4.9 MHz) of the clock signal (CLK) And controls the exchange of information or data between the USIM reader unit 135.

According to the present invention, it is preferable that the memory of the USIM 140 is provided with an OTP applet including various information and program codes necessary for generating the OTP in the cellular phone 100, (Not shown) for storing a data set corresponding to information or data read out or used by a processor provided in the USIM 140 and a command set provided by the COS, And interacts with the instruction set of the COS as a program routine (e.g., a Java applet in the case of a Javacard) used by a processor included in the mobile phone 100 A processing unit corresponding to an application including an instruction calling code to be executed by the processor unit and an execution code to be processed by the processor unit In particular, the processor reads an instruction provided from a processor provided in the cellular phone 100 via the input / output interface through the APDU, and the processor reads one or more Information or data, and provides the result or the read information or data to the processor provided in the mobile phone 100 via the input / output interface through the APDU.

According to an embodiment of the present invention, it is preferable that the storage unit of the OTP applet stores OTP generation information for media authentication for generating a medium authentication OTP to be transmitted from the mobile phone 100 to a server on the communication network.

The OTP generation information for media authentication includes a fixed seed value (or a part of a fixed seed value) for generating a medium authentication OTP to be transmitted from the cellular phone 100 to the server on the communication network, (Or a part of a parameter) for determining a dynamic seed value, and the mobile phone 100 preferably includes a fixed seed value included in the OTP generation information for media authentication or OTP generation information for media authentication And generates a media authentication OTP by substituting the dynamic seed value determined through the included parameters into a predetermined OTP generation algorithm, and transmits the generated OTP to the server on the communication network. The server on the communication network transmits OTP generation information (Or verification operation) between the OTP for medium authentication and the OTP for medium authentication to generate a medium authentication OTP ' The mobile phone 100 provides the OTP generation information (i.e., information including one or more fixed seed values and parameters for generating N (N > = 2) OTPs in the OTP agent included in the cellular phone 100) .

For example, if the OTP is generated in a time-synchronized manner, the OTP generation information for media authentication includes at least one fixed seed value (or a part of a fixed seed value) for generating an OTP generated through the time- (Or a parameter part) for determining a dynamic seed value, and the OTP for media authentication generated through the OTP generation information for media authentication includes OTP generation information for media authentication Is used as a means for authenticating the cellular phone 100 as an OTP medium.

Alternatively, if the OTP is generated by a challenge-response scheme, the OTP generation information for media authentication includes at least one fixed seed value (or a part of a fixed seed value) for generating an OTP generated through the challenge-response scheme (Or a part of parameters) for determining a dynamic seed value, and wherein the OTP for medium authentication generated through the OTP generation information for medium authentication includes OTP generation information for medium authentication Is preferably used as a means for authenticating the cellular phone 100 as an OTP medium as compared with OTP 'for medium authentication to be generated.

According to an embodiment of the present invention, it is preferable that the OTP generation information for media authentication is stored (cipherably stored) in the storage unit in association with an OTP agent downloaded to the user's cellular phone 100.

According to the embodiment of the present invention, the function of generating the OTP for media authentication may be provided in the USIM 140. In this case, the processing unit of the OTP applet includes a user password Or one or more fixed seed values for generating the OTP for media authentication through OTP generation information for media authentication provided through the cellular phone 100 (or stored in the storage unit) after user authentication via a user personal identification number And program code for identifying / determining the dynamic seed value and generating the OTP by substituting the determined one or more fixed seed values and the dynamic seed value into the set OTP algorithm.

According to the embodiment of the present invention, the function of the OTP applet may include a function of generating the N (N> = 2) OTPs in the USIM 140. In this case, (N > = 2) number of OTPs through the OTP generation information provided through the mobile phone 100 after the user authentication through the user password or the user personal identification number input through the mobile phone 100, And the program code for generating the OTP by checking / determining the value and the dynamic seed value, and substituting the determined one or more fixed seed values and the dynamic seed value into the set OTP algorithm.

According to an embodiment of the present invention, the storage unit of the OTP applet may store (or encrypt and store) a user password or a user personal identification number for user authentication for generating the OTP in the cellular phone 100 In this case, when the user password or the user's personal identification number is transmitted from the cellular phone 100, the processing unit of the OTP applet transmits the transmitted user password or the user's personal identification number and the user stored in the storage unit, (Or verifying) a password or a user's personal identification number to process user authentication for generating the OTP in the cellular phone 100 via the user's password or a user's personal identification number, (100).

According to an embodiment of the present invention, the storage unit of the OTP applet includes at least one mobile phone 100 (100) registered in a server on the communication network, for authenticating that the mobile phone 100 is an OTP medium having an OTP agent capable of generating the OTP The unique information of the cellular phone 100 may include unique information stored in a fixed storage area of the USIM 140 memory and IC chip information in addition to the storage of the OTP applet according to the intention of a person skilled in the art .

The unique information of the mobile phone 100 provided in the USIM 140 may include a mobile identification number (MIN), a serial number (ESN), a subscriber identification number, The mobile phone 100 includes one or more IC chip serial numbers constituting the International Mobile Equipment Identity (IMEI), the MSISDN (Mobile Station International ISDN Number) and the USIM 140, or the OTP agent (E.g., a non-redundant code value) or a USIM 140 identifier that is registered to authenticate that the OTP medium is an OTP medium having an OTP.

According to an embodiment of the present invention, the memory of the USIM 140 is divided into a subscriber information area having a fixed memory address and an application area having a directory file (EFdir) structure. The application area is based on ISO / IEC 10202 The memory includes a protection area in which secret information such as a chip serial number (CSN) is stored, a COS control area, a user application area, a read / write access area, an application program area, and a FAT (File Allocation Table) management area, and the OTP applet is stored in a designated storage area other than the protection area and the COS control area.

According to the ISO / IEC 7816 standard, an application area of the memory includes one master file (MF) corresponding to a root file, and function information for one or more storage information under the master file (DF) corresponding to each ICC storage information, and actual information or data for a smart card service disposed under the dedicated file are included The OTP applet includes a file structure including the above-described file structure.

The memory unit 145 is a generic name of a nonvolatile memory corresponding to a storage medium for storing one or more pieces of information (or data) in the cellular phone 100 and a recording medium for recording a program code corresponding to one or more program routines A read only memory (ROM) corresponding to the read only memory, a flash memory (FM) and an electrically erasable and programmable read only memory (EEPROM) capable of reading / writing.

According to the embodiment of the present invention, the memory unit 145 may encrypt and store a user password or a user's personal identification number for user authentication for generating the OTP in the cellular phone 100. [

According to the embodiment of the present invention, the memory unit 145 may include one or more mobile phones 100 registered in a server on the communication network to authenticate that the mobile phone 100 is an OTP medium having an OTP agent capable of generating the OTP, It is desirable to store unique information.

The unique information of the cellular phone 100 provided in the memory unit 145 includes a phone number (Mobile Identification Number) (MIN) stored in a predetermined system area of the memory unit 145 provided in the cellular phone 100, The mobile phone 100 includes at least one of an ESN, a subscriber identification number, and an International Mobile Equipment Identity (IMEI), or a separate (registered) mobile phone 100 registered to authenticate that the mobile phone 100 is an OTP medium having an OTP agent capable of generating the OTP OTP medium identifier (e.g., a non-redundant code value).

Referring to FIG. 1, the mobile phone 100 is provided with a user authentication unit 150 for processing user authentication for generating the OTP.

A dedicated key button for requesting to generate the OTP is input through a key input unit provided in the mobile phone 100 or is requested to generate the OTP through a predetermined menu selection, When the command (or the OTP agent driving command) is received, the user authentication unit 150 outputs a user authentication interface for inputting a user password or a user personal identification number through the screen output unit 110, And when the user password or the user personal identification number is inputted through the user authentication interface, the user authentication for generating the OTP of the number is performed through the inputted user password or the user personal identification number.

When the USIM 140 is provided with a user authentication function for generating the OTP according to an embodiment of the present invention, the user authentication unit 150 may access the USIM 140 via the USIM reader 135, Or transmits the user identification number to the USIM 140. The PIN authentication function of the USIM 140 or the user authentication of the user password or the user personal identification number processed by the processing unit provided in the OTP applet And confirms whether the user validity of generating the OTP in the cellular phone 100 is authenticated by reading the user authentication result.

If the user authentication function for generating the OTP is provided in the memory unit 145 according to another embodiment of the present invention, when the user password or the user personal identification number is input, Decrypts the user password or the user's personal identification number encrypted and stored in the memory unit 145 according to a predetermined decryption procedure, compares the inputted user's password or the user's personal identification number with the decrypted user's password or the user's personal identification number (Or verification operation) to process the user authentication for generating the OTP in the cellular phone 100 through the user password or the user's personal identification number.

Referring to FIG. 1, the mobile phone 100 confirms / determines one or more fixed seed values and dynamic seed values for generating the OTP for media authentication from the OTP generation information for media authentication, And a code generation unit (160) for generating an OTP for medium authentication by substituting the fixed seed value and the dynamic seed value into the predetermined OTP generation algorithm.

If the user authentication unit 150 determines that the user authentication is valid, the code generation unit 160 generates the OTP for media authentication from the USIM 140 / memory unit 145 Determining one or more fixed seed values included in the OTP generation information for media authentication, determining one or more dynamic seed values based on parameters included in the OTP generation information, The above-mentioned fixed seed value and dynamic seed value are substituted into the predetermined OTP generation algorithm to generate OTP for medium authentication.

Here, the OTP for media authentication generated through the OTP generation information for media authentication includes OTP generation information (i.e., N (N> N) in the OTP agent provided in the mobile phone 100) from the server on the communication network to the mobile phone 100, = 2) information containing one or more fixed seed values and parameters for generating an OTP of a number of digits).

Referring to FIG. 1, the mobile phone 100 includes an authentication processing unit 155 for authenticating that the mobile phone 100 is an OTP medium having the OTP agent through the mobile communication network to generate the OTP And the authentication processing unit 155 can transmit the OTP for media authentication to the server on the communication network in the OTP medium authentication process according to a person skilled in the art.

If the user authentication unit 150 determines that the user authentication for generating the OTP in the cellular phone 100 is valid, the authentication processing unit 155 is provided in the USIM 140 / memory unit 145 And transmits the OTP medium authentication information to a server on a communication network that authenticates that the cellular phone 100 is an OTP medium having the OTP agent by configuring OTP medium authentication information including the unique information of the mobile phone 100 .

According to an embodiment of the present invention, the OTP medium authentication information includes the unique identification information of the mobile phone 100 and is encrypted by a secure communication session established between the mobile phone 100 and the server.

According to another embodiment of the present invention, the OTP medium authentication information includes the user's password or the user's personal identification number and the verified phone-specific information, The user password or the user's personal identification number and the phone-specific information are concatenated (or combined) according to a predetermined method to configure the OTP medium authentication information, or the user It is possible that the code value generated by substituting the password or user's personal identification number and the cell phone 100 unique information into the predetermined code generation algorithm can be determined as the OTP medium authentication information, (OTP) authentication information through the unique information of the OTP media This is not limited.

For example, the authentication processing unit 155 generates a media verifier by hashing one or more pieces of information of the user password, the user's personal identification number, and the mobile phone 100-specific information by a one-way hash function, And can generate the OTP medium authentication information by concatenating the user ID, the user password, or the user's personal identification number with the phone-specific information.

Alternatively, the authentication processing unit 155 hashashes the user password or the user's personal identification number through a one-way hash function, and the hashed user's password or user's personal identification number, at least one random number value, ) Unique identification information (or unique information of the mobile phone 100 hashed by the one-way hash function) to generate a media verifier, and generates the media verifier and at least one of the generated user verifier and the user's personal identification number Random number information, and mobile phone 100-specific information.

According to another embodiment of the present invention, the OTP medium authentication information can be generated by the processing unit of the OTP applet included in the USIM 140 through any of the above-described various schemes.

If the USIM 140 has the unique information of the cellular phone 100 and the processing unit of the OTP applet generates the OTP medium authentication information, the processing unit of the OTP applet includes the unique information of the cellular phone 100 OTP medium authentication information, or generates the OTP medium authentication information through the user password or the user's personal identification number provided to the USIM 140 by the user authentication unit 150 and the mobile phone 100-specific information, It is possible to transmit the generated OTP medium authentication information to the authentication processing unit 155. It is also possible to encrypt the OTP medium authentication information in the USIM 140 according to the intention of a person skilled in the art.

Alternatively, when the processor unit of the OTP applet generates the OTP medium authentication information in the memory unit 145, the authentication processor 155 acquires the unique information of the mobile phone 100 The processing unit of the OTP applet generates OTP medium authentication information including the unique information of the mobile phone 100 or the user authentication unit 150 transmits the OTP medium authentication information to the USIM 140 It is possible to generate the OTP media authentication information through the provided user password or the user's personal identification number and the unique information of the mobile phone 100 and to transmit the generated OTP media authentication information to the authentication processing unit 155, The USIM 140 may encrypt the OTP medium authentication information.

When the OTP medium authentication information including the unique information of the mobile phone 100 is generated, the authentication processing unit 155 confirms the server information on the communication network that authenticates the mobile phone 100 with the OTP medium provided with the OTP agent, And transmits the generated OTP medium authentication information to the server on the communication network through the wireless communication unit 130 according to the established secure communication session with the server on the communication network.

The server on the communication network receiving the OTP medium authentication information receives the OTP medium authentication information (decrypts the encrypted OTP medium authentication information) and transmits the OTP medium authentication information to the mobile phone 100 (Or verification operation) of the mobile phone 100-specific information registered to authenticate with the OTP medium having the OTP agent to authenticate the mobile phone 100 with the OTP medium provided with the OTP agent.

If the OTP media authentication information further includes a user password or a user's personal identification number and a server on the communication network has a user authentication function based on the user's password or a user's personal identification number, It is preferable to process the user authentication by comparing (or verifying) the registered user password or the user's personal identification number in association with the user password or the user's personal identification number included in the authentication information and the phone-specific information.

According to an embodiment of the present invention, the authentication processing unit 155 (or the processing unit of the OTP applet) further includes an OTP for medium authentication included in the USIM 140 / memory unit 145 in the OTP medium authentication information To be transmitted to the server on the communication network.

1, the cellular phone 100 includes a code transmission unit (not shown) for transmitting a medium authentication OTP provided in the USIM 140 / memory unit 145 to a server on a communication network through the wireless communication unit 130 165). ≪ / RTI >

When the OTP medium authentication OTP is included in the OTP medium authentication information through the authentication processing unit 155 and is not transmitted to the server on the communication network, the mobile phone 100 is notified to the OTP medium through the authentication processing unit 155 The code transmission unit 165 transmits the generated OTP for medium authentication to the server on the communication network through the wireless communication unit 130. The authentication processing unit 155 may be configured to transmit the medium authentication And the OTP is included in the OTP medium authentication information and transmitted to the server on the communication network, the code transmission unit 165 may be omitted, and thus the present invention is not limited thereto.

The mobile phone 100 is authenticated as an OTP medium having the OTP agent (or the mobile phone 100 is authenticated with the provided OTP medium and user authentication is further processed) at the server on the communication network, When the OTP for media authentication generated through the OTP generation information is received, the server on the communication network generates OTP 'for medium authentication through OTP generation information for medium authentication provided in the server, OTP generation information for generating N (N > = 2) OTPs in the cellular phone 100 by comparing (or verifying) the received OTP for authentication of the medium (i.e., The method comprising: authenticating validity for providing N (N > = 2) digit OTPs with one or more fixed seed values and parameters), and when the validity of providing OTP generation information is authenticated, The server on the server confirms the established OTP generation information and confirms / determines one or more fixed seed values and dynamic seed values for generating the N (N > = 2) OTPs through the OTP generation information, (N > = 2) digit OTP by substituting the determined one or more fixed seed values and the dynamic seed value into a preset OTP generation algorithm, And transmits the generated OTP information to the mobile phone 100 through the mobile communication network. The OTP generation information is encrypted and transmitted through a secure communication session between the mobile phone 100 and a server on the communication network.

Referring to FIG. 1, the mobile phone 100 is provided with a receiving unit 170 for receiving N (N> = 2) OTPs through the mobile communication network.

The mobile phone 100 authenticates the OTP medium having the OTP agent that generates the OTP in the server on the communication network, thereby generating N (N> = 2) OTPs from the OTP generation information in the server on the communication network The N (N > = 2) number of OTPs are received through the wireless communication unit 130, and the N (N > = 2) Decryption is performed according to a predetermined decryption procedure.

Referring to FIG. 1, the mobile phone 100 includes an OTP output unit 175 for outputting the OTP through the screen output unit 110 when the N (N> = 2) OTPs are received The OTP output unit 175 transmits the generated OTP to the mobile phone 100 through the short distance communication unit. In this case, It is possible to output to a terminal (or device) located in a close vicinity.

When the N (N> = 2) digit OTP is generated, the OTP output unit 175 outputs the received OTP to a predetermined area on the screen of the mobile phone 100 in cooperation with the screen output unit 110 .

According to one embodiment of the present invention, the OTP output unit 175 outputs an OTP output screen on the screen of the mobile phone 100 in cooperation with the screen output unit 110, It is preferable to output OTP.

According to another embodiment of the present invention, the OTP output unit 175 outputs (or assigns) the OTP output area to the screen area currently output on the screen of the mobile phone 100 in cooperation with the screen output unit 110, And output the generated OTP to the OTP output area.

If the mobile phone 100 is equipped with local communication means (e.g., Bluetooth, infrared communication, RFID communication, RF communication, etc.), the OTP output unit 175 transmits the generated It is possible to output the OTP to the terminal (or apparatus) located close to the cellular phone 100.

According to another embodiment of the present invention, when the generated OTP is transmitted from the mobile phone 100 to a server for authenticating the OTP, the OTP output unit 175 transmits the generated OTP to the wireless communication unit 130, (For example, an encryption / decryption-based communication channel) for transmitting the OTP to a server for authenticating the OTP through a secure communication channel, and authenticates the OTP through the secure communication channel It is possible to directly transmit the generated OTP to the server, and thus the present invention is not limited thereto.

2 is a diagram showing a configuration of a mobile phone 200 OTP system according to an embodiment of the present invention.

2 shows OTP medium authentication information corresponding to the mobile phone 200 registered with the OTP medium, OTP generation information for medium authentication for authenticating the mobile phone 200 with the OTP medium, OTP generation information for generating an OTP of N digits is stored in the storage medium 270 and an OTP agent corresponding to the configuration of the mobile phone 200 shown in FIG. 1 is provided to the mobile phone 200, When the mobile phone 200 is used as an OTP medium after generating OTP media authentication information and OTP generation information for media authentication from the mobile phone 200, Receives the OTP for media authentication, reads the OTP medium authentication information, first authenticates the mobile phone 200 with the OTP medium, and secondly authenticates the mobile phone 200 with the OTP medium through the medium authentication OTP Then, the storage medium 2 OTP operation in which the N-digit OTP is output from the mobile phone 200 by generating an N-digit OTP from the OTP generation information corresponding to the mobile phone 200 from the mobile phone 200 2 is a block diagram illustrating an OTP system configuration of a mobile phone 200 including a system according to an embodiment of the present invention. Referring to FIG. 2 and / or modified by those skilled in the art, It is to be understood that the invention may be practiced otherwise than as specifically described herein, but it will be appreciated that the invention may be practiced with various embodiments (eg, some of the components omitted, or subdivided, or combined) The technical features thereof are not limited by the implementation method alone.

Referring to FIG. 2, the mobile phone 200 OTP system includes a mobile phone 200 having the OTP agent configuration shown in FIG. 1, an OTP authentication requesting OTP authentication to a user having the mobile phone 200, OTP media authentication information corresponding to the mobile phone 200 registered as the OTP medium, OTP generation information for media authentication for authenticating the mobile phone 200 with the OTP medium, OTP generation information for generating an OTP of N digits is stored in the storage medium 270 and an OTP agent corresponding to the configuration of the mobile phone 200 shown in FIG. 1 is provided to the mobile phone 200, When the mobile phone 200 is used as an OTP medium after generating OTP media authentication information and OTP generation information for media authentication from the mobile phone 200, Receives an OTP for media authentication , Reads the OTP medium authentication information, first authenticates the mobile phone 200 with the OTP medium, secondly authenticates the mobile phone 200 with the OTP medium through the OTP for medium authentication, OTP operation information for generating the N-digit OTP from the mobile phone 200 by generating an OTP of N digits from the OTP generation information corresponding to the mobile phone 200 from the mobile phone 200, A user terminal 205 used by a user having the mobile phone 200 according to the intention of a person skilled in the art and an OTP server for authenticating an OTP of N digits generated by the mobile phone 200 220).

According to the present invention, in the OTP operating system, each means constituting the OTP operating system is implemented in the form of a single integrated server, or each means (or a combination of two or more means) constituting the OTP operating system, A part of the means constituting the OTP operating system is implemented in the form of a server, and a part of the means is constituted by the OTP server 220, the OTP authentication requesting server 215, Or each of the means constituting the OTP operating system may be implemented as a component of one or more servers of the communication company server 210 provided in the mobile communication network to which the mobile phone 200 is connected, The request server 215, and the communication company server 210. In the case where the OTP operating system is implemented, And bayida put out to clarify SHALL not limited to the invention by the server type and implementation location and number.

The mobile phone 200 is characterized in that the mobile phone 200 is provided with an OTP agent corresponding to the configuration of the mobile phone 200 shown in FIG. 1 by being registered as the OTP medium. A dedicated key button for requesting to generate an OTP is input through the provided key input means, or an OTP generation command (or an OTP agent driving command) is generated through the mobile communication network, (Or configures) the OTP medium authentication information requesting the mobile phone 200 to authenticate with the OTP medium after the user authentication by receiving the medium authentication OTP generation information, generating OTP for medium authentication through the OTP generation information for medium authentication, And transmits the OTP medium authentication information and the OTP generation information for medium authentication to the OTP operating system. In the OTP operating system, If the authentication, characterized in that it receives the output OTP of the N number of digits generated by the information generating OTP from the OTP operating system.

The OTP authentication request server 215 is a general term for a server requesting authentication of a user, payment settlement, or financial transaction through an OTP generated by the mobile phone 200, A shopping mall server or a contents providing server or a home shopping server for processing authentication of payment through an OTP generated by the mobile phone 200, a web server 200 for authenticating a financial transaction through an OTP The present invention is not limited to the OTP authentication request server 215 and the OTP authentication request method.

The user terminal 205 is a general term of a communication terminal to which the user having the mobile phone 200 accesses the OTP authentication request server 215 via a communication network and includes a key input means, (E.g., mobile phone 200, portable Internet terminal, etc.) connected to a wireless communication network, a bi-directional communication function, A digital TV, an IP-TV, a household terminal connected to a home network, and the like.

According to the embodiment of the present invention, the user terminal 205 and the mobile phone 200 may be the same apparatus, and thus the present invention is not limited thereto.

The OTP server 220 receives an N-digit OTP generated by the mobile phone 200 through a communication network, generates an OTP 'that matches the OTP, compares (or verifies) the OTP with OTP' And a function of authenticating the OTP by the OTP server 220 may be included in the OTP operating system, so that the present invention is not limited thereto.

Referring to FIG. 2, the OTP operating system receives OTP medium information (OTP information) including unique information of a mobile phone 200 corresponding to the mobile phone 200 and customer information from an OTP registration terminal registering the mobile phone 200 as an OTP medium Generates (or allocates) OTP generation information for media authentication for authenticating the mobile phone 200 as an OTP medium, and OTP generation information for generating an OTP of N digits in the mobile phone 200, OTP medium information, OTP generation information for media authentication for authenticating the mobile phone 200 with the OTP medium, and OTP generation information for generating N-digit OTP in the mobile phone 200 are stored in the storage medium 270 And an OTP medium registration unit 225 for registering the OTP generation information for media authentication in the mobile phone 200. When the mobile phone 200 is registered with the OTP medium, Store in department And an OTP agent having the configuration shown in FIG. 1 is not provided in the mobile phone 200, the mobile phone processing unit 230 may include a mobile phone processing unit 230, 200 to provide the OTP agent program code corresponding to the configuration shown in FIG.

Here, the OTP registration terminal is a collective term for a terminal device requesting to register the mobile phone 200 as an OTP medium. The OTP registration terminal includes a user terminal 205, an OTP registration authority (e.g., (E.g., a national institution terminal, an OTP authentication request server 215, an operator terminal, a credit card company terminal, a financial institution terminal, a securities company terminal, etc.) .

The OTP registration terminal inputs (or confirms) the OTP medium information including the mobile phone 200 specific information corresponding to the mobile phone 200 and the customer information in order to register the mobile phone 200 as the OTP medium, The OTP medium registration means 225 receives the OTP medium information through the communication network.

The mobile phone 200 unique information included in the OTP medium information includes a mobile identification number (MIN), a serial number (ESN), a subscriber identification number , An International Mobile Equipment Identity (IMEI), or a separate OTP medium identifier registered to authenticate that the mobile phone 200 is an OTP medium with an OTP agent capable of generating the N-digit OTP , Non-overlapping code values).

Alternatively, the mobile phone 200-specific information may include a mobile identification number (MIN), a serial number (ESN), a subscriber identification number, an IMEI (OTP) in which the mobile phone 200 includes the OTP agent capable of generating the OTP of the N digits. (E.g., a non-duplicated code value) or a USIM identifier that is registered to authenticate the OTP medium.

According to an embodiment of the present invention, the OTP medium information may further include a user password or a user personal identification number designated by the user, and the user password or the user personal identification number may be stored in the OTP medium, Is used as a condition to be used for authenticating the validity of the user possessing the mobile phone 200 or providing the OTP generation information to be provided to the mobile phone 200.

The customer information preferably includes a resident registration number corresponding to the name (or user) of the mobile phone 200 to be used as the OTP medium. The customer information may include a name, an address, a contact name It is preferable to further include the same personal information.

If the financial transaction is included in the authentication target using the mobile phone 200 as the OTP medium, the customer information may further include financial information (e.g., account number, bank, etc.) of the customer corresponding to the customer information desirable.

Or card transaction is included in an object authenticated using the mobile phone 200 as an OTP medium, the customer information may further include card information (e.g., card number, card company, etc.) of the customer corresponding to the customer information desirable.

According to the intention of a person skilled in the art practicing the present invention and the field of using the mobile phone 200 as an OTP medium, the customer information may include various information (for example, an object authenticated by using the mobile phone 200 as an OTP medium, And if so, the customer account information for the game, etc.), and the present invention is not limited thereto.

When the OTP medium information is received, the OTP medium registration unit 225 provides the client information and the mobile phone 200 specific information to the communication company server 210, ) As an OTP medium is valid.

When the validity of the OTP medium information is received or the validity of using the mobile phone 200 as an OTP medium is authenticated, the OTP medium registration means 225 registers the mobile phone 200 as an OTP medium (Or assigns) OTP generation information for media authentication and OTP generation information for generating OTP of N digits in the mobile phone 200. [

The OTP generation information for media authentication is provided to the mobile phone 200 and stored (or encrypted) in a USIM / memory unit provided in the mobile phone 200. In the mobile phone 200, And a parameter for determining the dynamic seed value.

The OTP generation information is preferably stored on the OTP operating system and includes at least one fixed seed value for generating an N-digit OTP in the OTP operating system and a parameter for determining a dynamic seed value, The generated N-digit OTP is provided to the mobile phone 200.

OTP medium information is received from the OTP registration terminal, OTP generation information for media authentication for authenticating the mobile phone 200 with the OTP medium, and OTP generation information for generating OTP of N digits in the mobile phone 200 The OTP medium registration means 225 registers OTP medium information, OTP generation information for medium authentication for authenticating the mobile phone 200 with the OTP medium, and OTP generation information for medium authentication in the mobile phone 200, And the OTP generation information is stored in the storage medium 270. The OTP generation information is stored in the storage medium 270 in association with the OTP generation information.

When the mobile phone 200 is registered as the OTP medium by the OTP medium registration means 225, the mobile phone processing means 230 transmits the mobile phone 200 corresponding to the mobile phone 200 unique information via the mobile communication network, And provides the OTP generation information for media authentication to the mobile phone 200 through the communication channel and stores the OTP generation information in the USIM / memory unit of the mobile phone 200. [

If the mobile phone 200 does not have an OTP agent corresponding to the configuration of the mobile phone 200 shown in FIG. 1, the mobile phone processing unit 230 transmits, to the mobile phone 200, The OTP agent program code and the OTP generation information for media authentication may be transmitted to the mobile phone 200 through a separate channel by providing the OTP agent program code corresponding to the configuration , Or package data including the OTP agent program code and OTP generation information for media authentication may be provided to the mobile phone 200, and thus the present invention is not limited thereto.

According to another embodiment of the present invention, the mobile phone processing means 230 may further provide the mobile phone 200 with OTP generation information for generating the N-digit OTP, in which case the storage medium 270 It is not necessary that the OTP generation information is stored.

Referring to FIG. 2, the OTP operating system includes information receiving means 235 for receiving OTP medium authentication information requesting authentication of the mobile phone 200 from the mobile phone 200 via the mobile communication network with the OTP medium, And media authentication means 240 for comparing (or verifying) the OTP medium authentication information with OTP medium information stored in the storage medium 270 to authenticate the mobile phone 200 as an OTP medium (Or verification operation) between the user password or the user's personal identification number and the user's password or the user's personal identification number stored in the storage medium 270 when the user's password or the user's personal identification number is received from the mobile phone 200, And user authentication means 245 for authenticating the validity of the user of the mobile phone 200 used as the OTP medium. It is preferable.

According to an embodiment of the present invention, a dedicated key button for requesting to generate an OTP is input through a key input unit provided in the mobile phone 200, or a request is made to generate an OTP through a predetermined menu selection, The mobile phone 200 confirms (or extracts) the mobile phone 200-specific information from the USIM / memory unit in the mobile phone 200 and generates OTP information When the OTP medium authentication information including OTP for medium authentication is constructed and transmitted through the mobile communication network, the information receiving means 235 receives the OTP medium authentication information through the mobile communication network.

According to another embodiment of the present invention, the information receiving means 235 constructs (or extracts from the database) an OTP generation command (or an OTP agent driving command) for driving the OTP agent included in the mobile phone 200 The mobile phone 200 transmits the OTP generation command (or an OTP agent driving command) to the mobile phone 200 through the mobile communication network, and the OTP generation command (or the OTP agent driving command) (Or extracts) the unique information of the mobile phone 200 from the USIM / memory unit in the mobile phone 200 and transmits the authentication information including the unique information of the mobile phone 200, OTP medium authentication information including the OTP for medium authentication generated through the OTP generation information for the OTP, and transmits the OTP medium authentication information through the mobile communication network, It characterized in that for receiving the medium OTP authentication information over the same communication network.

That is, the OTP medium authentication information includes the unique information of the mobile phone 200, or may be transmitted through the mobile phone 200 specific information and the OTP generation information for media authentication provided in the mobile phone 200 according to the intention of a person skilled in the art And the generated OTP for authentication of the medium.

If the OTP generation information for media authentication is not included in the OTP media authentication information, the mobile phone 200 transmits the OTP generation information for media authentication via a separate channel, and the information reception unit 235 It is preferable to receive the OTP generation information for media authentication from the cellular phone 200 via a separate channel, and thus the present invention is not limited thereto.

According to an embodiment of the present invention, the OTP medium authentication information may further include a user password or a user's personal identification number, and thus the present invention is not limited thereto.

According to another embodiment of the present invention, when the mobile phone 200-specific information included in the OTP medium authentication information is a phone number assigned to the mobile phone 200, the mobile phone 200- The present invention is not limited to this, and can be confirmed through the sender information about the mobile phone 200 without being directly included.

When OTP generation information for generating the N-digit OTP is provided to the mobile phone 200 according to another embodiment of the present invention, the information receiving means 235 transmits the OTP generation information to the OTP medium authentication information Or to receive the OTP generation information on a separate channel.

When the OTP medium authentication information is received from the mobile phone 200, the medium authentication unit 240 receives an OTP medium authentication information including configuration information matching the configuration information included in the OTP medium authentication information from the storage medium 270, (Or verification operation) between the configuration information included in the OTP medium authentication information and the configuration information included in the OTP medium information, and transmits the configuration information included in the OTP medium authentication information as a result of the comparison (Or matched) with the configuration information included in the OTP medium information stored in the storage medium 270, or when a result predicted through the verification operation is derived, the mobile phone 200 ) To the valid cellular phone 200 registered as an OTP medium by the OTP medium registration means 225. [

When the OTP for media authentication is received from the mobile phone 200, the medium authentication unit 240 confirms OTP generation information for media authentication corresponding to the mobile phone 200 from the storage medium 270, Determining one or more fixed seed values included in the OTP generation information for the media authentication, determining one or more dynamic seed values based on the parameters included in the OTP generation information for media authentication, (Or verification operation) between the received OTP for media authentication and the generated OTP 'for medium authentication after generating OTP' for medium authentication in a predetermined OTP generation algorithm, (Or matched) with the generated medium authentication OTP ', or if a result predicted through the verification operation is derived, the mobile phone 200 that has transmitted the OTP medium authentication information is referred to as an upper And the first authentication is performed by the OTP media registration means (225) to a valid mobile phone (200) registered as an OTP medium.

According to an embodiment of the present invention, there is provided a method for authenticating a mobile phone, comprising the steps of: authenticating the mobile phone 200 to an OTP medium through the OTP medium authentication information; May be reversed, or may be performed at the same time, so that the present invention is not limited thereto.

If the OTP medium authentication information includes the user's password or the user's personal identification number or receives the user's password or the user's personal identification number from the cellular phone 200 via a separate channel, (Or verification operation) between the user password or the user's personal identification number and the user's password or the user's personal identification number included in the OTP medium information stored in the storage medium 270, Or if the user's personal identification number matches (or matches) the user's password or the user's personal identification number stored in the storage medium 270, or if the predicted result is obtained through the verification operation, The user is authenticated as a normal valid user of the mobile phone 200 registered as the OTP medium It characterized in that the process to be validated for providing an OTP generated information to be provided to the mobile phone based 200 OK.

Referring to FIG. 2, when the mobile phone 200 transmitting the OTP medium authentication information is authenticated as a valid OTP medium, the OTP operating system extracts OTP medium information corresponding to the OTP medium authentication information from the storage medium 270 An OTP generation unit 265 for verifying OTP generation information connected to the OTP generation information, and an OTP generation unit for verifying / determining at least one fixed seed value and a dynamic seed value for generating the N-digit OTP through the OTP generation information, OTP generation means (260) for generating N-digit OTP by substituting one or more fixed seed values and dynamic seed values into a predetermined OTP generation algorithm; and an OTP generating means (260) for generating the N-digit OTP generated through the mobile communication network And an OTP transmission means 250 for transmitting the OTP data to the OTP transmission means.

When the mobile phone 200 that has transmitted the OTP medium authentication information is authenticated as a valid OTP medium and the validity for providing the validity to the user of the mobile phone 200 or the OTP generation information to be provided to the mobile phone 200 is further authenticated (Not shown), the information checking means 265 checks the OTP generation information associated with the mobile phone 200 specific information corresponding to the OTP medium authentication information from the storage medium 270, And confirms the OTP generation information associated with the personal identification number.

According to another embodiment of the present invention, when the OTP generation information is received from the mobile phone 200, the information confirmation unit 265 preferably confirms the OTP generation information received from the mobile phone 200. [

When the OTP generation information is confirmed, the OTP generation unit 260 identifies one or more fixed seed values for generating the N-digit OTP through the identified OTP generation information, Determining one or more dynamic seed values using the determined parameters and substituting the determined one or more fixed seed values and dynamic seed values into a preset OTP generation algorithm to generate N-digit OTPs.

The OTP transmission unit 250 transmits the OTP to the mobile phone 200 through the communication channel connected to the mobile phone 200 through the mobile communication network, Is transmitted.

Referring to FIG. 2, the OTP operating system receives N-digit OTPs generated by an OTP agent provided in the mobile phone 200 through a communication network, and transmits OTPs, which are associated with the mobile phone 200- Checks the generation information, generates OTP 'of N digits through the OTP generation information, identifies OTP' of N digits corresponding to the OTP generated by the OTP generation means 260, And an OTP authentication means (255) for comparing the OTP of the OTP and the OTP 'to verify whether the received OTP is valid. The OTP authentication means (255) The present invention can be implemented in a separate OTP server 220, and it is clear that the present invention includes all possible embodiments of the present invention.

When the OTP is input through the OTP input interface displayed on the user terminal 205 and the OTP authentication unit 255 or the OTP server 220 generates the N-digit OTP in the mobile phone 200, And receives the OTP from the user terminal 205 through a communication network. When the OTP is encrypted and transmitted, the OTP is decrypted according to a predetermined decryption method.

Alternatively, when the N-digit OTP is generated, the mobile phone 200 can transmit the generated OTP through the mobile communication network. The OTP authentication unit 255 or the OTP server 220 can transmit the generated OTP to the mobile communication network And receives the OTP from the mobile phone 200 through the OTP. When the OTP is encrypted and transmitted, the OTP is decrypted according to a predetermined decryption method.

When the OTP is received, the OTP authentication unit 255 or the OTP server 220 confirms the OTP generation information associated with the unique information of the mobile phone 200 that generated the OTP, Determining one or more fixed seed values for generating OTP ', determining one or more dynamic seed values based on the parameters included in the OTP generation information, setting the determined one or more fixed seed values and dynamic seed values The OTP authentication unit 255 generates an OTP of N digits by substituting it into the OTP generation algorithm and if the OTP provided to the mobile phone 200 can be identified in the OTP operating system, The OTP provided to the mobile phone 200 is identified as OTP 'of N digits.

When the N-digit OTP 'is generated, the OTP authentication unit 255 or the OTP server 220 compares (or verifies) the received N-digit OTP' with the generated OTP ' .

If the result of the comparison indicates that the OTP and the OTP 'are identical (or matched), or the result predicted through the verification operation is derived, the OTP authentication unit 255 or the OTP server 220 determines that the OTP is authenticated And provides the OTP authentication result to at least one of the OTP authentication request server 215, the user terminal 205, and the mobile phone 200 that requires the OTP authentication result.

On the other hand, if the result of the comparison indicates that the OTP and OTP 'do not match (or match), or if a result predicted through a verification operation is not derived, the OTP authentication unit 255 or the OTP server 220 And provides the OTP authentication result to at least one of the OTP authentication request server 215, the user terminal 205, and the mobile phone 200 that requires the OTP authentication result.

3 is a diagram illustrating an OTP media registration process according to an embodiment of the present invention.

More specifically, FIG. 3 illustrates a process of registering a user's mobile phone 200 as an OTP medium on the mobile phone 200 OTP system shown in FIG. 2. Referring to FIG. 3, It is possible to refer to and / or modify the FIG. 3 to various implementations of the OTP media registration process (for example, omitting some steps or changing the order). However, And all the methods to be inferred, and the technical features thereof are not limited only by the method shown in FIG.

Hereinafter, in FIG. 3, the OTP operating system shown in FIG. 2 is referred to as a "server" for the sake of convenience.

Referring to FIG. 3, when an OTP registration terminal accesses a server through a communication network and requests registration of the user's mobile phone 200 as an OTP medium (300), the server registers the user information of the user, The OTP registration terminal provides an OTP media registration interface 300 for inputting / registering OTP media information including mobile phone 200 specific information corresponding to the mobile phone 200 of the OTP registration terminal, And inputs and configures the OTP medium information including the unique information of the mobile phone 200 and the customer information to the server (310).

The server receives OTP medium information including the unique information of the mobile phone 200 and the customer information from the OTP registration terminal and stores the unique information of the mobile phone 200 and the customer information in the communication terminal 200 corresponding to the unique information of the mobile phone 200 Server 210 and verifies the validity of using the mobile phone 200 corresponding to the mobile phone 200 specific information as the OTP medium (315).

If the validity of using the mobile phone 200 as an OTP medium is not confirmed at step 320, the server provides OTP medium error information to the OTP registration terminal at step 325 and transmits the mobile phone 200 as an OTP medium The registration process is terminated.

On the other hand, if the validity of using the mobile phone 200 as an OTP medium is confirmed (320), the server notifies the OTP medium of OTP generation information for media authentication for authenticating the mobile phone 200 as an OTP medium, (Or assigns) OTP generation information (or assigns) OTP generation information for generating N-digit OTPs in the storage medium 270, and stores the OTP medium information, OTP generation information for media authentication and OTP generation information in the storage medium 270 (335).

The OTP generation information for media authentication is provided to the mobile phone 200 and stored (or encrypted) in a USIM / memory unit provided in the mobile phone 200. In the mobile phone 200, And a parameter for determining the dynamic seed value.

The OTP generation information is preferably stored on the OTP operating system and includes at least one fixed seed value for generating an N-digit OTP in the OTP operating system and a parameter for determining a dynamic seed value, The generated N-digit OTP is provided to the mobile phone 200.

Then, the server checks whether an OTP agent corresponding to the configuration of the mobile phone 200 shown in FIG. 1 is provided to the mobile phone 200 corresponding to the mobile phone 200-specific information (340).

According to an embodiment of the present invention, the server transmits OTP agent information (for example, OTP agent version information, OTP issuer information, OTP usage location information, OTP agent information, (Not shown) or an OTP server 220 or a communication company server 210 that stores the OTP agent in the mobile phone 200 in association with the OTP agent.

If the OTP agent is not installed in the mobile phone 200 at operation 345, the server can operate in a platform (or an operating system) included in the mobile phone 200, The mobile phone 200 provides the corresponding OTP agent program code and the OTP generation information for media authentication for authenticating the mobile phone 200 as an OTP medium to the mobile phone 200 by the OTP agent 350, OTP agent is recorded in a recording medium (e.g., a program area of a USIM / memory) provided in the mobile phone 200, and the OTP agent for the media authentication is connected to the OTP agent, / Memory unit (360).

On the other hand, if the OTP agent is installed in the mobile phone 200 (step 345), the server provides OTP generation information for media authentication to the mobile phone 200 for authenticating the mobile phone 200 as an OTP medium by the OTP agent The mobile phone 200 connects the OTP generation information for media authentication with the OTP agent recorded in a recording medium (for example, a USIM / memory section) provided in the mobile phone 200, (360) in the USIM / memory unit provided in the memory 200.

According to another embodiment of the present invention, the server may further provide OTP generation information for generating the N-digit OTP to the mobile phone 200. In this case, Information is not required to be stored.

4 is a diagram illustrating an OTP generation process according to an embodiment of the present invention.

4 is a flowchart illustrating an operation of the OTP operating system shown in FIG. 2 in the mobile phone 200 shown in FIG. 1 after the user's mobile phone 200 is registered as an OTP medium through the process shown in FIG. (N > = 2) number of OTPs in association with each other. Referring to FIG. 4 and FIG. 4, the OTP generation process It is to be understood that the invention may be practiced otherwise than as specifically described herein, but it is to be understood that the invention may be practiced otherwise than as specifically described herein, The technical features are not limited by the method alone.

For example, FIG. 4 illustrates that the OTP for media authentication generated through the OTP generation information for media authentication is included in the OTP medium authentication information and provided to the OTP operating system shown in FIG. 2 The present invention is not limited thereto and the OTP for media authentication may be provided to the OTP operating system after first authenticating the mobile phone 200 to the OTP medium through the OTP medium authentication information, It includes all implementations that can be modified / inferred based on FIG.

Hereinafter, in FIG. 4, the OTP operating system shown in FIG. 2 is referred to as a "server" for the sake of convenience.

Referring to FIG. 4, after the user's mobile phone 200 is registered as an OTP medium through the process shown in FIG. 3, the mobile phone 200 requests to generate the N-digit OTP through key input means When an OTP generation command (or an OTP agent driving command) is received through the mobile communication network, or when an exclusive key button is input or when the OTP generation command is requested through the mobile communication network, The OTP agent corresponding to the configuration of the mobile phone 200 is requested to request the user authentication for using the mobile phone 200 as the OTP medium 400 and the user authentication is performed through the user password or the user personal identification number 405).

If the user authentication is not validated (410), the mobile phone 200 outputs user authentication error information (420) and ends the OTP generation process.

On the other hand, if the user authentication is validated (410), the mobile phone 200 confirms OTP generation information for media authentication for generating the OTP for media authentication from the USIM / memory unit provided in the mobile phone 200 Determining one or more fixed seed values included in the OTP generation information for media authentication, determining one or more dynamic seed values based on the parameters included in the OTP generation information for media authentication, And the dynamic seed value to a predetermined OTP generation algorithm to generate OTP for media authentication (step 415). The generated OTP includes OTP-specific information corresponding to the mobile phone 200, OTP medium authentication information including an OTP for medium authentication generated through OTP generation information for medium authentication is configured (425), and after connecting the communication channel with the server, And to the server transmits the OTP authentication information medium through 430.

When the mobile phone 200 is provided with OTP generation information for generating the N-digit OTP according to another embodiment of the present invention, the mobile phone 200 may include the OTP generation information in the OTP medium authentication information Or to transmit the OTP generation information over a separate channel.

The server receives the OTP medium authentication information through the communication channel, reads the mobile phone 200-specific information included in the received OTP medium authentication information, and first authenticates the mobile phone 200 with the OTP medium ( 435).

According to the embodiment of the present invention, the server verifies OTP medium information including configuration information matching configuration information included in the OTP medium authentication information from the storage medium 270, and stores the OTP medium authentication information in the OTP medium authentication information (Or verification operation) between the configuration information included in the OTP medium authentication information and the configuration information included in the OTP medium authentication information as a result of the comparison (or verification operation) When the configuration information included in the information is matched (or matched) or a result predicted through the verification operation is derived, the mobile phone 200 that has transmitted the OTP medium authentication information is managed by the OTP medium registration unit 225 It is preferable to authenticate with a valid mobile phone 200 registered as an OTP medium.

If the mobile phone 200 is not authenticated as a valid OTP medium 440, the server transmits OTP medium error information to the mobile phone 200, and ends the OTP generation process.

On the other hand, if the mobile phone 200 is first authenticated (440) with a valid OTP medium, the server extracts OTP generation information for media authentication (associated with OTP medium information including the mobile phone 200 unique information) from the storage medium 270 (450).

According to another embodiment of the present invention, when the OTP generation information is received from the mobile phone 200, the server preferably confirms OTP generation information received from the mobile phone 200.

Thereafter, the server confirms / determines one or more fixed seed values and dynamic seed values through OTP generation information for media authentication, and substitutes the determined / determined one or more fixed seed values and dynamic seed values into a predetermined OTP generation algorithm (Or verification operation) between the received OTP for medium authentication and the generated OTP 'for medium authentication, and performs second authentication with the mobile phone 200 using the OTP medium (455) .

According to an embodiment of the present invention, there is provided a method for authenticating a mobile phone, comprising the steps of: authenticating the mobile phone 200 to an OTP medium through the OTP medium authentication information; May be reversed, or may be performed at the same time, so that the present invention is not limited thereto.

If the mobile phone 200 is not authenticated as a valid OTP medium (460), the server transmits OTP medium error information to the mobile phone 200 (445), and ends the OTP generation process.

If the cellular phone 200 is secondly authenticated (460) with a valid OTP medium, the server confirms OTP generation information associated with the OTP medium information including the unique information of the mobile phone 200 from the storage medium 270 Determining one or more fixed seed values and dynamic seed values through the identified OTP generation information, substituting the determined one or more fixed seed values and the dynamic seed value into a predetermined OTP generation algorithm, And transmits the generated OTP to the mobile phone 200 through the communication channel 465. In response, the mobile phone 200 receives and outputs the OTP of the N digits in operation 470.

5 is a diagram illustrating an OTP authentication process according to an embodiment of the present invention.

5 is a diagram illustrating an example of an N (N > = 2) generated by the cellular phone 200 shown in FIG. 1 through the process shown in FIG. 4 through a communication network in the OTP operating system shown in FIG. (Or verification) of the OTP of the N digits, and authenticates the OTP validity by receiving the OTP of the number of digits, generating N-digit OTP 'that matches the OTP, comparing Those skilled in the art will appreciate that various implementations of the OTP authentication process (e.g., omitting some steps or changing the order) may be implemented by referring to and / or modifying FIG. 5 It should be understood that the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Hereinafter, in FIG. 5, the OTP operating system shown in FIG. 2 is referred to as a "server" for convenience.

Referring to FIG. 5, after the N-digit OTP is generated / outputted by the mobile phone 200 shown in FIG. 1 through the process shown in FIG. 4, 205 received from the mobile phone 200 shown in FIG. 1 or receives (500) the generated N-digit OTP from the mobile phone 200 shown in FIG. 1, 270 to OTP generation information corresponding to the OTP medium in which the N-digit OTP is generated (505).

When the N-digit OTP is received from the user terminal 205 according to an embodiment of the present invention, the mobile phone 200-specific information corresponding to the OTP medium is transmitted to the OTP authentication request before the N-digit OTP is received It is preferably provided to the server in the process, or to the server together with the N-digit OTP.

When the N-digit OTP is received from the user terminal 205 according to another embodiment of the present invention, the mobile phone 200 unique information corresponding to the OTP medium is transmitted from the caller information corresponding to the mobile phone 200 Or is provided to the server along with the N-digit OTP.

Thereafter, the server checks one or more fixed seed values for generating the N-digit OTP 'from the OTP generation information, determines one or more dynamic seed values based on the parameters included in the OTP generation information, / OTP 'of N digits is generated by substituting the determined one or more fixed seed values and the dynamic seed value into the predetermined OTP generation algorithm (515).

If the N-digit OTP 'is generated (520), the server compares (or verifies) the received N-digit OTP with OTP' to check the OTP validity (525).

According to the embodiment of the present invention, when the OTP and the OTP 'are matched (or matched) as a result of the comparison between the OTP and the OTP', or when the predicted result is obtained through the verification operation, .

If the validity of the OTP is not confirmed 530, the server transmits an OTP authentication result corresponding to the OTP validity error to the OTP authentication result receiving means (e.g., OTP authentication request server 215, user terminal 205, (E.g., including one or more of at least one of the mobile stations 200).

On the other hand, if the validity of the OTP is confirmed 530, the server transmits an OTP authentication result corresponding to the OTP validation confirmation to the OTP authentication result receiving means (e.g., the OTP authentication request server 215, the user terminal 205, 200) (540).

100: mobile phone 105: control unit
110: Screen output unit 115: Sound processing unit
120: key input unit 125: battery
130: wireless communication unit 135: USIM reader unit
140: USIM 145:
150: user authentication unit 155: authentication processing unit
160: Code generation unit 165: Code transmission unit
170: Receiving unit 175: OTP output unit

Claims (4)

In a method executed by a server,
The method comprising the steps of: checking media information for authenticating a user's mobile phone, which is installed with a specific program, with a medium owned by a user implementing a service to be provided to the user, and storing the media information in a designated storage medium; A step of storing authentication information for authenticating a code value to be transmitted through a predetermined storage medium;
A procedure for authenticating a cell phone in a state in which the program is driven through the medium information to the medium owned by the user when the user cell phone is programmed; A second step of performing a procedure for authenticating the validity of the validation result; And
When the cellular phone driving the program using the medium information and the code value is authenticated as the medium owned by the user, generates information to be used for providing a service using the program of the user's mobile phone corresponding to the authenticated medium, And a third step of performing a procedure of providing the program as a program,
Wherein the media information includes an eigenvalue that is uniquely assigned uniquely after the program is installed in the user's cellular phone to authenticate the cellular phone in which the program is installed and operated. Way.
The method of claim 1,
And an authentication service using N (N > = 2) OTP (One Time Password) through the user's mobile phone.
The information recording medium according to claim 1,
Unique information stored in a memory unit of the mobile phone,
Further comprising at least one of code information provided from an IC chip interfaced with the mobile phone.
2. The method of claim 1,
A code value generated through a program of the mobile phone,
And a code value generated through an IC chip interfaced with the mobile phone.

Images