WO2016126052A3 - 인증 방법 및 시스템 - Google Patents
인증 방법 및 시스템 Download PDFInfo
- Publication number
- WO2016126052A3 WO2016126052A3 PCT/KR2016/000951 KR2016000951W WO2016126052A3 WO 2016126052 A3 WO2016126052 A3 WO 2016126052A3 KR 2016000951 W KR2016000951 W KR 2016000951W WO 2016126052 A3 WO2016126052 A3 WO 2016126052A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- otp
- server
- generating
- authentication
- server verification
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0872—Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Abstract
인증 서버가, 서버 검증용 OTP 생성 요청에 따라 서버 검증용 OTP를 생성하는 단계; OTP 생성기가, 상기 온라인 서비스 서버의 진위 확인을 위해 상기 서버 검증용 OTP와 동일 조건의 확인용 OTP를 생성하고, 상기 서버 검증용 OTP 생성에 사용된 OTP 생성키와 동일한 생성키를 이용하되 상기 서버 검증용 OTP 생성에 사용된 연산 조건과는 다른 연산 조건을 적용하여 상기 서버 검증용 OTP 생성에 사용된 연산 조건과 동일 연산 조건을 적용함으로써 상기 서버 검증용 OTP와 페어링되는 값을 갖는 사용자 OTP를 생성하는 단계; 및 상기 인증 서버가, 상기 사용자 OTP와 동일 조건의 대응 OTP를 생성하고, 상기 생성된 대응 OTP와 상기 사용자 OTP 간의 일치 여부를 비교함으로써 상기 서비스 사용자에 대한 인증을 수행하는 단계를 포함하는 상호 인증을 위한 컴퓨터 구현 방법이 제공된다.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/540,035 US10298400B2 (en) | 2015-02-06 | 2016-01-28 | Authentication method and system |
US16/377,242 US10574463B2 (en) | 2015-02-06 | 2019-04-07 | Authentication method and system |
US16/748,765 US11876908B2 (en) | 2015-02-06 | 2020-01-21 | Authentication method and system |
US18/512,061 US20240089110A1 (en) | 2015-02-06 | 2023-11-17 | Authentication method and system |
Applications Claiming Priority (10)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2015-0018752 | 2015-02-06 | ||
KR1020150018752A KR101570317B1 (ko) | 2015-02-06 | 2015-02-06 | Otp 애플리케이션 구동 방법 |
KR20150062552 | 2015-05-04 | ||
KR10-2015-0062552 | 2015-05-04 | ||
KR20150074949 | 2015-05-28 | ||
KR10-2015-0074949 | 2015-05-28 | ||
KR20150129976 | 2015-09-14 | ||
KR10-2015-0129976 | 2015-09-14 | ||
KR20150187986 | 2015-12-28 | ||
KR10-2015-0187986 | 2015-12-28 |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/540,035 A-371-Of-International US10298400B2 (en) | 2015-02-06 | 2016-01-28 | Authentication method and system |
US16/377,242 Continuation US10574463B2 (en) | 2015-02-06 | 2019-04-07 | Authentication method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2016126052A2 WO2016126052A2 (ko) | 2016-08-11 |
WO2016126052A3 true WO2016126052A3 (ko) | 2016-11-10 |
Family
ID=56564851
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2016/000951 WO2016126052A2 (ko) | 2015-02-06 | 2016-01-28 | 인증 방법 및 시스템 |
Country Status (2)
Country | Link |
---|---|
US (4) | US10298400B2 (ko) |
WO (1) | WO2016126052A2 (ko) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9858401B2 (en) * | 2011-08-09 | 2018-01-02 | Biogy, Inc. | Securing transactions against cyberattacks |
US10887103B2 (en) * | 2015-02-27 | 2021-01-05 | Feitian Technologies Co., Ltd. | Operating method for push authentication system and device |
US10911452B2 (en) * | 2016-11-22 | 2021-02-02 | Synergex Group (corp.) | Systems, methods, and media for determining access privileges |
KR102001516B1 (ko) * | 2017-03-03 | 2019-07-18 | 주식회사 와임 | 분할 기능을 이용한 자동 인증 처리 방법 및 시스템 |
US10484177B2 (en) | 2017-07-10 | 2019-11-19 | Dell Products, Lp | Method and apparatus for generation of a time-based one-time password for session encryption of sensor data gathered in low-performance and IOT environments |
US10915949B2 (en) * | 2017-07-27 | 2021-02-09 | Swarna Kumari Adari | Real-time creation of bank account and dispensing welcome kit for the bank account through ATM |
US11063916B1 (en) * | 2017-08-01 | 2021-07-13 | Amazon Technologies, Inc. | Facility control service |
US20190306153A1 (en) * | 2018-03-27 | 2019-10-03 | Ca, Inc. | Adaptive risk-based password syncronization |
US10984093B2 (en) * | 2018-04-30 | 2021-04-20 | Western Digital Technologies, Inc. | Memory and controller mutual secure channel association |
CN109120597B (zh) * | 2018-07-18 | 2020-09-01 | 阿里巴巴集团控股有限公司 | 身份校验、登录方法、装置及计算机设备 |
KR20200143182A (ko) * | 2019-06-14 | 2020-12-23 | 우순조 | 고유 정보를 이용한 실시간 문자열 변조/복조 장치 및 방법 |
WO2021113034A1 (en) * | 2019-12-05 | 2021-06-10 | Identité, Inc. | Full-duplex password-less authentication |
JP7322732B2 (ja) * | 2020-02-03 | 2023-08-08 | トヨタ自動車株式会社 | 認証システム |
JP6847488B1 (ja) * | 2020-05-14 | 2021-03-24 | 甲賀電子株式会社 | Ip通信における認証方法 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008105602A1 (en) * | 2007-02-28 | 2008-09-04 | Mininfo Co., Ltd. | User authentication method and system using graphic otp |
KR20100136371A (ko) * | 2009-06-18 | 2010-12-28 | 주식회사 비즈모델라인 | 씨드 조합 방식의 오티피 인증을 통한 휴대폰 결제 방법 및 시스템과 이를 위한 기록매체 |
KR101028882B1 (ko) * | 2010-09-14 | 2011-04-12 | 김종승 | 휴대단말기를 이용한 otp 방식의 사용자인증 시스템 및 방법 |
KR20130060249A (ko) * | 2013-05-20 | 2013-06-07 | 장부권 | 비밀번호 관리 시스템 및 관리 방법 |
KR20140106360A (ko) * | 2013-02-26 | 2014-09-03 | (주)이스톰 | Otp 인증 시스템 및 방법 |
Family Cites Families (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5491752A (en) * | 1993-03-18 | 1996-02-13 | Digital Equipment Corporation, Patent Law Group | System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens |
US6360254B1 (en) * | 1998-09-15 | 2002-03-19 | Amazon.Com Holdings, Inc. | System and method for providing secure URL-based access to private resources |
US7437550B2 (en) * | 1999-12-02 | 2008-10-14 | Ponoi Corp. | System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data |
US7409543B1 (en) * | 2000-03-30 | 2008-08-05 | Digitalpersona, Inc. | Method and apparatus for using a third party authentication server |
US7526798B2 (en) * | 2002-10-31 | 2009-04-28 | International Business Machines Corporation | System and method for credential delegation using identity assertion |
US20040103325A1 (en) * | 2002-11-27 | 2004-05-27 | Priebatsch Mark Herbert | Authenticated remote PIN unblock |
WO2005062989A2 (en) * | 2003-12-23 | 2005-07-14 | Wachovia Corporation | Authentication system for networked computer applications |
WO2006095875A1 (ja) * | 2005-03-10 | 2006-09-14 | Nippon Telegraph And Telephone Corporation | ネットワークシステム、ストレージ装置へのアクセス制御方法、管理サーバ、ストレージ装置、ログイン制御方法、ネットワークブートシステムおよび単位記憶ユニットのアクセス方法 |
US9768963B2 (en) * | 2005-12-09 | 2017-09-19 | Citicorp Credit Services, Inc. (Usa) | Methods and systems for secure user authentication |
US7904946B1 (en) * | 2005-12-09 | 2011-03-08 | Citicorp Development Center, Inc. | Methods and systems for secure user authentication |
JP3939736B1 (ja) * | 2006-03-27 | 2007-07-04 | 株式会社シー・エス・イー | ユーザ認証システム、およびその方法 |
KR100847999B1 (ko) * | 2006-06-30 | 2008-07-23 | 포스데이타 주식회사 | 네트워크 기반의 dvr 시스템에 있어서 dvr 서버 및모니터링 대상 단말 접근 제어 방법 |
KR100786551B1 (ko) * | 2006-09-15 | 2007-12-21 | 이니텍(주) | 복수 개의 방식에 의한 일회용 비밀번호의 사용자 등록,인증 방법 및 그러한 방법을 수행하는 프로그램이 기록된컴퓨터 판독 가능 기록 매체 |
US8539559B2 (en) * | 2006-11-27 | 2013-09-17 | Futurewei Technologies, Inc. | System for using an authorization token to separate authentication and authorization services |
NO332479B1 (no) * | 2009-03-02 | 2012-09-24 | Encap As | Fremgangsmåte og dataprogram for verifikasjon av engangspassord mellom tjener og mobil anordning med bruk av flere kanaler |
US8843757B2 (en) * | 2009-11-12 | 2014-09-23 | Ca, Inc. | One time PIN generation |
AU2011205391B2 (en) * | 2010-01-12 | 2014-11-20 | Visa International Service Association | Anytime validation for verification tokens |
US8627088B2 (en) * | 2010-02-10 | 2014-01-07 | Authernative, Inc. | System and method for in- and out-of-band multi-factor server-to-user authentication |
CN102804200B (zh) * | 2010-10-05 | 2015-04-01 | 株式会社希爱思异 | 双因素用户认证系统及其方法 |
US20130139222A1 (en) * | 2011-11-29 | 2013-05-30 | Rawllin International Inc. | Authentication of mobile device |
CN104160652B (zh) * | 2011-12-27 | 2017-06-13 | 英特尔公司 | 用于使用一次性密码的分布式离线登录的方法和系统 |
US9367678B2 (en) * | 2012-02-29 | 2016-06-14 | Red Hat, Inc. | Password authentication |
KR101409754B1 (ko) * | 2012-03-12 | 2014-06-19 | 에스케이플래닛 주식회사 | 오프라인 거래 결제 시스템, 이를 위한 방법 및 장치 |
US9143492B2 (en) * | 2013-03-15 | 2015-09-22 | Fortinet, Inc. | Soft token system |
US20140365780A1 (en) * | 2013-06-07 | 2014-12-11 | Safa Movassaghi | System and methods for one-time password generation on a mobile computing device |
US9332008B2 (en) * | 2014-03-28 | 2016-05-03 | Netiq Corporation | Time-based one time password (TOTP) for network authentication |
-
2016
- 2016-01-28 WO PCT/KR2016/000951 patent/WO2016126052A2/ko active Application Filing
- 2016-01-28 US US15/540,035 patent/US10298400B2/en active Active
-
2019
- 2019-04-07 US US16/377,242 patent/US10574463B2/en active Active
-
2020
- 2020-01-21 US US16/748,765 patent/US11876908B2/en active Active
-
2023
- 2023-11-17 US US18/512,061 patent/US20240089110A1/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008105602A1 (en) * | 2007-02-28 | 2008-09-04 | Mininfo Co., Ltd. | User authentication method and system using graphic otp |
KR20100136371A (ko) * | 2009-06-18 | 2010-12-28 | 주식회사 비즈모델라인 | 씨드 조합 방식의 오티피 인증을 통한 휴대폰 결제 방법 및 시스템과 이를 위한 기록매체 |
KR101028882B1 (ko) * | 2010-09-14 | 2011-04-12 | 김종승 | 휴대단말기를 이용한 otp 방식의 사용자인증 시스템 및 방법 |
KR20140106360A (ko) * | 2013-02-26 | 2014-09-03 | (주)이스톰 | Otp 인증 시스템 및 방법 |
KR20130060249A (ko) * | 2013-05-20 | 2013-06-07 | 장부권 | 비밀번호 관리 시스템 및 관리 방법 |
Also Published As
Publication number | Publication date |
---|---|
US10298400B2 (en) | 2019-05-21 |
US20190238336A1 (en) | 2019-08-01 |
WO2016126052A2 (ko) | 2016-08-11 |
US11876908B2 (en) | 2024-01-16 |
US10574463B2 (en) | 2020-02-25 |
US20200162258A1 (en) | 2020-05-21 |
US20180270067A1 (en) | 2018-09-20 |
US20240089110A1 (en) | 2024-03-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016126052A3 (ko) | 인증 방법 및 시스템 | |
PH12016501640A1 (en) | Techniques to operate a service with machine generated authentication tokens | |
PH12019500771A1 (en) | Business processing method and apparatus | |
WO2014138430A3 (en) | Secure simple enrollment | |
WO2016175914A3 (en) | Transaction signing utilizing asymmetric cryptography | |
EP3667593A4 (en) | VIRTUAL TOKEN-BASED BILLING DEPLOYING SYSTEM, VIRTUAL TOKEN GENERATING DEVICE, VIRTUAL TOKEN-VERIFICATION SERVER, VIRTUAL TOKEN-BASED BILLING PROVISION PROCESSING AND VIRTUAL PROCESSING | |
EE201800028A (et) | Plokiahelal põhinev isikusarnasuse mitmikkontrolli süsteem ja meetod | |
PH12018501983A1 (en) | Method and system for user authentication with improved security | |
MX2015003746A (es) | Metodo y dispositivo de interaccion de informacion, dispositivo electronico. | |
JP2016522932A5 (ko) | ||
BR112017026107A2 (pt) | entidade configuradora distribuída | |
WO2016190990A3 (en) | Method, apparatus, and system for cloud-based encryption machine key injection | |
MX2018005593A (es) | Metodo y sistema de procesamiento de transaccion de cadena de bloques en red de procesamiento de transaccion. | |
GB201213279D0 (en) | Identity generation mechanism | |
RU2015146659A (ru) | Синхронизация хэшей мандатов между службами каталогов | |
IN2014MU00771A (ko) | ||
GB2525719A8 (en) | Method and system for providing a vulnerability management and verification service | |
MX361152B (es) | Aprovisionamiento de licencias de gestión de derechos digitales (drm) en un dispositivo cliente que utiliza un servidor de actualizaciones. | |
EP3694143A3 (en) | Enabling access to data | |
BR112013001728A2 (pt) | métodos para criptografar um valor introduzido em um dispositivo de usuário, para verificar um valor comunicado a um sistema de autenticação via uma rede de comunicações, e para comunicar um valor introduzido em um dispositivo de usuário a um sistema de autenticação via uma rede de comunicações, dispositivo de usuário, sistema, software, e, meio legível por computador. | |
WO2015118176A8 (en) | Management of identities in a transaction infrastructure | |
EP4246926A3 (en) | Domain name operation verification code generation and/or verification | |
MX2018007332A (es) | Metodo, dispositivo, servidor y sistema para autenticar a un usuario. | |
WO2016114830A3 (en) | Methods and systems for authentication interoperability | |
GB2543726A (en) | Password-based generation and management of secret cryptographic keys |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16746793 Country of ref document: EP Kind code of ref document: A2 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15540035 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 16746793 Country of ref document: EP Kind code of ref document: A2 |