WO2008102930A1 - Apparatus and method for authentication by using one time password - Google Patents

Apparatus and method for authentication by using one time password Download PDF

Info

Publication number
WO2008102930A1
WO2008102930A1 PCT/KR2007/001974 KR2007001974W WO2008102930A1 WO 2008102930 A1 WO2008102930 A1 WO 2008102930A1 KR 2007001974 W KR2007001974 W KR 2007001974W WO 2008102930 A1 WO2008102930 A1 WO 2008102930A1
Authority
WO
WIPO (PCT)
Prior art keywords
otp
server
secure
token
terminal
Prior art date
Application number
PCT/KR2007/001974
Other languages
French (fr)
Inventor
Gwi Yeoul Kim
Young Mi Cho
Jo Yoon Hwang
Original Assignee
Gwi Yeoul Kim
Young Mi Cho
Jo Yoon Hwang
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gwi Yeoul Kim, Young Mi Cho, Jo Yoon Hwang filed Critical Gwi Yeoul Kim
Publication of WO2008102930A1 publication Critical patent/WO2008102930A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Definitions

  • the present invention relates to an authentication apparatus and method using a one tiem password (OTP) generation algorithm and apparatus thereof; and, more particularly, to an authentication apparatus and method using a one tiem password generation algorithm, which enable a user to acquire an OTP number without an additional device.
  • OTP one tiem password
  • sort methods there are three sort methods to authenticate users in a secure process.
  • Three sort methods are a method for 'what you know', a method for 'what you have', and a method for 'what you are'.
  • a method using a combination of two methods is a two-factor authentication and is adapted to an application which requests a strong user authentication.
  • OTP is an abbreviated word of a 'One Time Password' and is a method for authenticating a user through different password at each time.
  • to infer a next password from the current password may be defined as a quite difficult password generation method.
  • Nearly all OTP generation algorithms are based on a single directional function (a function, which may not infer an input from an output, is called as a hash function).
  • the OTP algorithm is classified into four schemes including a question and answer scheme, a time synchronization scheme, an event synchronization scheme, and a combination scheme.
  • a question and answer scheme a user acquires an answer value by inputting a question value, which is presented by a server, on an algorithm, and is authenticated by the corresponding answer value.
  • the OTP apparatus which is operated in real, uses a question value of 6 places and an answer value of 6 places normally.
  • a password is generated to be changed per a specific time interval (normally one minute) based on synchronized time information between a server and an OTP apparatus. Accordingly, a user does not need to input/check a question value.
  • This scheme is used in many OTP apparatuses, e.g., a 'SecurelD of RSA company' and a 'Digipass of VASCO company 1 .
  • the password since the password is changed per a specific time interval, the password may be changed during input operation.
  • This scheme has demerits that the probability of attack is increased if the time interval is too much long, and a user waits for a re-generation of the password if the password is inputted erroneously.
  • an OTP apparatus and a server generate a password based on the same count value. That is, after the password is acquired by using the OTP algorithm, a count value is increased and stored, and the count value is used as an input of a next algorithm. Since the password is not changed if a regeneration of the password is not requested in case of this scheme, this scheme is better than the time synchronization scheme. However, if the password is generated and is not used in the OTP apparatus at many times, since a count between the OTP apparatus and the server is not harmonized, this scheme has a demerit that the OTP apparatus should be initialized.
  • a time and a count value are used as an input value of the OTP algorithm. That is, the password is generated at a predetermined time interval, and the password is changed by increasing the count value when the generation of the password is re-tried within the same time interval.
  • This method has a merit that the generation of the password is tried at many times within the same time interval by doing that, and since a different password is generated according to the count value within the same time interval, a safety of the password is improved.
  • Fig. 1 illustrates a general OTP private hardware.
  • a user authentication method using a private hardware will be described as follows. Firstly, in a bank window, after a user's identity (that is, a customer's identity) is proved, the use and registration of the OTP is allowed, and the OTP hardware is provided to the user.
  • a serial number written on a rear part of the OTP hardware is recorded.
  • the user when the user tries Internet banking, the user inputs identification (ID)/password and the password (normally, 6-figures) generated by the OTP hardware additionally.
  • ID identification
  • Password password
  • 6-figures 6-figures
  • An OTP server of the bank searches the serial number of the OTP hardware owned by the user based on the user's ID. And, the OTP server of the bank generates the OTP by the same scheme with the OTP hardware having the corresponding serial number, and allows a log-in or not by comparing the generated OTP with the OTP of 6-figures inputted by the user.
  • a method for implementing the OTP algorithm through the OTP private hardware has demerits that the user carries out the OTP hardware, and acquires an authentication by inputting a conventional ID/password and the OTP value additionally.
  • an object of the present invention is provide to an authentication apparatus and method using a one tiem password generation algorithm, which enable a user to acquire an OTP number without an additional device.
  • an authentication apparatus using an one time password (OTP) generation algorithm capable of accessing to a secure server and an open authentication (OATH) server, including: a terminal for generating a token identification (ID) using 'Unique Key' included in a secure program according to the secure program which is performed by an access to the secure server, performing an initial registration for the OATH server, generating an OTP number by the same scheme with the OTP generation scheme of the secure server, and performing an OTP generation algorithm which is provided to a user.
  • OTP one time password
  • ID token identification
  • OATH open authentication
  • the OTP generation algorithm performs the initial registration by transmitting the generated token ID to the OATH server according to checking a seed of a verisign config at a config of a secure server, and by receiving the seed corresponding to the transmitted token ID from the OATH server.
  • the OTP generation algorithm after determining whether the OTP generation scheme of the secure server is a time synchronization scheme or an event synchronization scheme by checking the config of the secure server, generates the OTP number by the same scheme with the OTP generation scheme of the determined secure server.
  • the OTP generation algorithm transmits the generated token ID to the secure server, receives and provides an input of a user ID/password of a corresponding terminal requested from the secure server which receives the transmitted token ID to the secure server, and provides the OTP number requested from the secure server to the secure server according to the user input with reference to the generated OTP number.
  • the secure server transmits a terminal authentication request message including the OTP number, a generation scheme of the OTP number and the token ID information to the OATH server, and determining an authentication for the accessed terminal according to a terminal authentication recognition message provided from the OATH server.
  • the token ID is not stored and is re-generated whenever a secure safety is requested after the token ID is generated by the OTP generation algorithm.
  • the OTP generation algorithm generates the same token ID with the token ID which is generated initially in case that a hard disk of the terminal is not changed, and generates a new token ID, transmits and registers the generated token ID to the OATH server in case that the hard disk of the terminal is changed.
  • the OTP generation algorithm generates the OTP number by the same scheme with the OTP generation scheme of the secure server without a registration for the OATH server in case that the secure program is performed according to the access of the secure server of the user after performing the initial registration for the OATH server, and provides the generated OTP number to the user.
  • the secure server requests an input of a user ID/password and the OTP number if the terminal which performs an initial access process is accessed, and performs the terminal authentication to the OATH server using the OTP number and the initially registered token ID according to the user ID/password and OTP number in response to the input request .
  • the OTP generation algorithm is operated in the terminal by an installation of the user, and is operated for an access time to the secure server by being installed by the accessed secure server.
  • an authentication method using a one time password (OTP) generation algorithm capable of accessing to a secure server and an open authentication (OATH) server, including the steps of: generating a token identification (ID) using 'Unique Key' included in a secure program at the OTP generation algorithm of a terminal according to the secure program which is performed by accessing the terminal to the secure server; performing an initial registration for the OATH server using the generated token ID at the OTP generation algorithm; and generating an OTP number by the same scheme with the OTP generation scheme of the secure server and providing the generated OTP number to a user at the OTP generation algorithm.
  • OTP one time password
  • OATH open authentication
  • the step of performing an initial registration for the OATH server at the OTP generation algorithm includes: checking a seed of a verisign config at a config of the accessed secure server; transmitting the generated token ID to the OATH server in case that the seed of the verisign config is not existed according to the checked result; and performing the initial registration by receiving the seed corresponding to the transmitted token ID from the OATH server.
  • the OTP number is generated by the same scheme with the OTP generation scheme of the determined secure server.
  • the authentication method using the OTP generation algorithm further includes the steps of transmitting the generated token ID to the secure server, receiving and providing an input of a user ID/password of a corresponding terminal requested from the secure server which receives the transmitted token ID to the secure server at the OTP generation algorithm; and providing the OTP number to the secure server according to the user input with reference to the generated OTP number.
  • the authentication method using the OTP generation algorithm further including the steps of: at the secure server, checking a generation scheme of the corresponding OTP number from the OTP number which is provided from the OTP generation algorithm, and transmitting a terminal authentication request message including the OTP number, a generation scheme of the OTP number and the token ID information to the OATH server; and at the secure server, determining an authentication for the accessed terminal according to a terminal authentication recognition message which is provided from the OATH server in response to the terminal authentication request message.
  • the authentication method using the OTP generation algorithm further includes the steps of: at the OTP generation algorithm, generating the same token ID with the token ID which is generated initially whenever the secure safety is requested in case that a hard disk of the terminal is not changed, generating, transmitting and registering a new token ID to the OATH server in case that the hard disk of the terminal is changed.
  • Fig. 1 is a diagram illustrating a general OTP private hardware
  • Fig. 2 is a block diagram illustrating an authentication apparatus using an OTP generation algorithm in accordance with an embodiment of the present invention!
  • Fig. 3 is a flowchart illustrating an authentication method using an OTP generation algorithm in accordance with an embodiment of the present invention
  • Fig. 4 is a flowchart illustrating an authentication method using an OTP generation algorithm in accordance with another embodiment of the present invention.
  • Fig. 5 is a flowchart illustrating an authentication method using an OTP generation algorithm in accordance with another embodiment of the present invention. [Best Mode]
  • the present invention enables a user to access to a secure system through a generated OTP by providing the generated OTP to the secure system after coupling a secure program with respect to an OATH and generating the OTP.
  • Oath' is a kind of promise of a standard which is proposed and supported by 'Verisign company' in USA, and means a secure system which is universally applied to overall applications, terminal and conditions.
  • the OATH starts from a limitation of an authentication system by a user identification (ID)/password which are used in general, and performs an open which combines the OTP, a public key infrastructure (PKI) and SIM (subscriber identity module) cards.
  • ID user identification
  • PKI public key infrastructure
  • SIM subscriber identity module
  • the OATH generates the OTP by coupling a secure program which performs an open through the OTP, and provides the generated OTP to a user.
  • Fig. 2 is a block diagram illustrating an authentication apparatus using an OTP generation algorithm in accordance with an embodiment of the present invention.
  • the OTP generation algorithm may be implemented in a user wire/wireless terminal 100, e.g., a PC, a mobile phone, a notebook computer and a PDA which are accessed to a plurality of secure servers (e.g., banks) 200 and an OATH server(e.g., verysign server) 300 through the Internet :
  • a user wire/wireless terminal 100 e.g., a PC, a mobile phone, a notebook computer and a PDA which are accessed to a plurality of secure servers (e.g., banks) 200 and an OATH server(e.g., verysign server) 300 through the Internet :
  • the OTP generation algorithm performs a user authentication between the OATH server 300 and the secure server 200 by using a token ID generated from an initial screen of a secure program based on the OATH.
  • the OTP generation algorithm is operated by an installation of a user or is operated for an access time to the web page by a reinforced installation by a specific web page (a webpage of a secure server).
  • Fig. 3 is a flowchart illustrating an authentication method using an OTP generation algorithm in accordance with an embodiment of the present invention.
  • Fig. 3 illustrates an authentication method using the OTP generation algorithm in case of an initial access to secure server 200, e.g., a bank server, through a bank uniform resource locator (URL) which a user wants to access.
  • secure server 200 e.g., a bank server
  • URL bank uniform resource locator
  • a secure program and a secure system e.g., bank site screen
  • the OTP generation algorithm generates a token ID using 'Unique Key' included in the secure program at step S102.
  • the OTP generation algorithm performs a Verisign initial registration according to a seed of the Verisign config in a secure server 200 config at step S104.
  • the OTP generation algorithm transmits the generated token ID to the OATH server 300 the Verisign initial registration at step S105, and receives the verisign seed, which is distributed from a corresponding OATH server 300 at step S106, from the OATH server 300 at step S107.
  • the OTP generation algorithm transmits the token ID to 'https'.
  • the OTP generation algorithm checks whether an OTP use is requested to a user through a pop-up window, if the OTP use is requested from the user at step S108, the OTP generation algorithm generates an OTP number by the same scheme with the OTP generation scheme of the accessed secure server 200 at step S109, and displays the generated OTP number through the pop-up window at step SIlO.
  • the OTP generation algorithm After determining whether the OPT generation scheme of the secure server 200 is a time synchronization scheme or an event synchronization scheme by checking a config of the secure server 200, the OTP generation algorithm generates the OTP number by the same scheme with the OTP generation scheme of the secure server 200.
  • the OTP generation algorithm transmits the generated token ID to the secure server 200 at step Sill.
  • the secure server 200 which receives the generated token ID requests a log-in of a secure system according to an input of a user ID/password of a corresponding terminal 100 at step S112.
  • the terminal 100 After displaying log-in request information of a secure system (that is, a site screen) of a secure server 200 at step S113, the terminal 100 transmits the user ID/password to the secure server 200 which is inputted from the user at step S113.
  • the secure server 200 stores the token ID provided from the OTP generation algorithm of the corresponding terminal 100 at step S114.
  • the secure server 200 requests the OTP number to the terminal 100 at step S115.
  • the terminal 100 displays the OTP request information of the secure system, performs an input of the user OTP number with respect to the OTP number generated from the OTP generation algorithm, and transmits the input user OTP number to the secure server 200 at step S116.
  • the secure server 200 transmits a terminal authentication request message including the provided OTP number, a generation scheme of corresponding OTP number and previously stored token ID information to the OATH server 300 at step S117.
  • the secure server 200 determines an authentication of the terminal 100 at step S119 according to the terminal authentication recognition message provided from the OATH server 300 in response to the terminal authentication request message at step S118.
  • the token ID generated by the OTP generation algorithm is not stored in the terminal 100 and is re-generated whenever a secure safety is requested.
  • the OTP generation algorithm In state that a hard disk is not changed, the OTP generation algorithm generates the same token ID with the initially generated token ID whenever the secure safety is requested. In state that the hard disk is changed, the OTP generation algorithm generates, transmits and registers a new token ID to the OATH server 300.
  • Fig. 4 is a flowchart illustrating an authentication method using an OTP generation algorithm in accordance with another embodiment of the present invention.
  • Fig. 4 illustrates an authentication method of the OTP generation algorithm for the terminal 100 which is accessed to the secure server 200 initially according to the process of Fig. 3. It is assumed that the secure system and the secure program which are provided from the secure server 200 in the access to the secure server are automatically performed.
  • the OTP generation algorithm generates the OTP number by the same scheme with the secure server 200 at step S203, and displays the generated OTP number through the pop-up window at step S204.
  • the OTP generation algorithm After determining whether the OTP generation scheme of the secure server 200 is a time synchronization scheme or an event synchronization scheme by checking a config of the secure server 200, the OTP generation algorithm generates the OTP number by the same scheme with the determined OTP generation scheme of the secure server 200.
  • the secure server 200 requests a log-in of the secure system according to the input of the user ID/password and OTP number at step S205.
  • terminal 100 After displaying the log-in request information of the secure system of the secure server 200, terminal 100 transmits the user ID/password and OTP number to the secure server 200 at step S206.
  • the secure server 200 If receiving the user ID/password and OTP number from the terminal 100, the secure server 200 transmits the terminal authentication request message including the provided OTP number, the generation scheme of the OTP number and the previously stored token ID information at step S207. And, the secure server 200 determines the authentication of the terminal according to the terminal authentication recognition message provided from the OATH server 300 in response to the terminal authentication request message at step S209.
  • the secure server 200 requests an input of at least one OTP number to the terminal 100, and authenticates the input of the user OTP number generated by the OTP generation algorithm.
  • Fig. 5 is a flowchart illustrating an authentication method using an OTP generation algorithm in accordance with another embodiment of the present invention.
  • Fig. 5 illustrates the authentication method of the OTP generations algorithm in case that a hard disk configuration of the terminal which is accessed to the secure server 200 is changed according to the processes of the Figs 3 and 4 mentioned above. It is assumed that the secure system and the secure program which are provided from the secure server 200 in the access to the secure server are automatically performed.
  • the secure program activates an environment resetting window in an OTP environment setting mode according to a user control which changes the hard disk of the terminal 100 at step S302.
  • the OTP generation algorithm generates the token ID using 'Unique Key 1 included in the secure program at step S303.
  • OTP generation algorithm performs a Verisign registration according to checking a seed of a verisign config in a config of the secure config at step S304.
  • the OTP generation algorithm transmits the generated token ID for the verisign re-registration to the OATH server 300 at step S305 and receives the seed of the verisign, which is distributed from the OATH server 300 at step S306, from the OATH server 300 at step S307.
  • the OTP generation algorithm transmits the token ID to https.
  • the OTP generation algorithm After checking the re-request of the OTP use to the user through a pop-up window, if the re-request of the OTP use is requested from the user at step 308, the OTP generation algorithm generates the OTP number by the same scheme with the OTP generation scheme of the accessed secure server 200 at step S309, and displays the generated OTP number through the pup-up window at step S310.
  • the OTP generation algorithm After determining whether the OTP generation scheme is the time synchronization scheme or the event synchronization scheme by checking the config of the secure server 200, the OTP generation algorithm generates the OTP number by the same scheme with the determined OTP generation scheme of the secure server 200.
  • the OTP generation algorithm transmits the generated token ID to the secure server 200 at step S311.
  • the secure server 200 which receives the generated token ID, requests the log-in of the secure system according to the input of the user ID/password of the terminal 100 to the terminal 100 at step S312.
  • the terminal 100 After the log-in information of the secure system (that is, site screen) of the secure server 200 is displayed, the terminal 100 transmits the user ID/password inputted from the user to the secure server 200 at step S313. In case that the user ID/password of the terminal 100 is the same with the user information which is previously stored in the database, the secure server 200 stores the token ID provided from the OTP generation algorithm of the terminal 100 at step S314.
  • the secure server 200 requests the OTP number to the terminal 100 at step S315.
  • the terminal 100 performs the input of the user OTP number with respect to the OTP number generated from the OTP generation algorithm and transmits the input user OTP number to the secure server 200 by displaying the OTP request information of the secure system at step S316.
  • the secure server 200 transmits the terminal authentication recognition message including the provided OTP number, the generation scheme of the OTP number and the previously stored token ID information to the OATH server 300 after checking the generation scheme of the corresponding OTP number from the provided OTP number at step S317.
  • the secure server 200 determines the authentication for the terminal 100 at step S319 according to the terminal authentication recognition message provided from the OATH server 300 in response to the terminal authentication request message at step S318.
  • an embodiment of the present invention is described in case of needing a user authentication (that is, accessing to a banking server), but another embodiment of the present invention may be adapted in case of needing all user authentication except the case of accessing to the banking server.
  • the present invention describes the verisign server as an embodiment of the OATH server, but may be adapted to all OATH servers except the verisign server in another embodiment of the present invention. [Industrial Applicability]
  • an authentication apparatus and method using a one tiem password generation algorithm in accordance with the present invention maximize the convenience of a user and improve access of the user according to acquiring the OTP number so that the OTP generation algorithm is operated by an installation of a user or is operated for an access time of the corresponding web site by a reinforced installation of a specific web page.

Abstract

There are provided an authentication apparatus and method using a one tiem password (OTP) generation algorithm capable of accessing to a secure server and an open authentication (OATH) server. The authentication apparatus includes a terminal for generating a token identification (ID) using 'Unique Key1 included in a secure program according to the secure program which is performed by an access to the secure server, performing an initial registration for the OATH server, generating an OTP number by the same scheme with the OTP generation scheme of the secure server, and performing an OTP generation algorithm which is provided to a user.

Description

[DESCRIPTION]
[Invention Title]
APPARATUS AND METHOD FOR AUTHENTICATION BY USING ONE TIME PASSWORD
[Technical Field]
The present invention relates to an authentication apparatus and method using a one tiem password (OTP) generation algorithm and apparatus thereof; and, more particularly, to an authentication apparatus and method using a one tiem password generation algorithm, which enable a user to acquire an OTP number without an additional device.
[Background Art]
In generally, there are three sort methods to authenticate users in a secure process. Three sort methods are a method for 'what you know', a method for 'what you have', and a method for 'what you are'. A method using a combination of two methods is a two-factor authentication and is adapted to an application which requests a strong user authentication.
OTP is an abbreviated word of a 'One Time Password' and is a method for authenticating a user through different password at each time. In a more detailed technical description, to infer a next password from the current password may be defined as a quite difficult password generation method. Nearly all OTP generation algorithms are based on a single directional function (a function, which may not infer an input from an output, is called as a hash function).
The OTP algorithm is classified into four schemes including a question and answer scheme, a time synchronization scheme, an event synchronization scheme, and a combination scheme. In the question and answer scheme, a user acquires an answer value by inputting a question value, which is presented by a server, on an algorithm, and is authenticated by the corresponding answer value. The OTP apparatus, which is operated in real, uses a question value of 6 places and an answer value of 6 places normally.
In case of the question and answer scheme, since a user inputs a question value, and an answer value acquired by the input result of the question value is inputted by the user, inconvenience is caused by a lot of inputs of the user. In the time synchronization scheme different from the question and answer scheme, a password is generated to be changed per a specific time interval (normally one minute) based on synchronized time information between a server and an OTP apparatus. Accordingly, a user does not need to input/check a question value. This scheme is used in many OTP apparatuses, e.g., a 'SecurelD of RSA company' and a 'Digipass of VASCO company1. However, in case of this scheme, since the password is changed per a specific time interval, the password may be changed during input operation. This scheme has demerits that the probability of attack is increased if the time interval is too much long, and a user waits for a re-generation of the password if the password is inputted erroneously.
In the event synchronization scheme, an OTP apparatus and a server generate a password based on the same count value. That is, after the password is acquired by using the OTP algorithm, a count value is increased and stored, and the count value is used as an input of a next algorithm. Since the password is not changed if a regeneration of the password is not requested in case of this scheme, this scheme is better than the time synchronization scheme. However, if the password is generated and is not used in the OTP apparatus at many times, since a count between the OTP apparatus and the server is not harmonized, this scheme has a demerit that the OTP apparatus should be initialized.
There is a combination algorithm of two algorithms to compensate demerits of the time synchronization scheme and the event synchronization scheme. That is, a time and a count value are used as an input value of the OTP algorithm. That is, the password is generated at a predetermined time interval, and the password is changed by increasing the count value when the generation of the password is re-tried within the same time interval. This method has a merit that the generation of the password is tried at many times within the same time interval by doing that, and since a different password is generated according to the count value within the same time interval, a safety of the password is improved.
Meanwhile, products using this OTP algorithm are provided to a user. In general, as shown in Fig. 1, an OTP private hardware is provided to a user.
Fig. 1 illustrates a general OTP private hardware.
A user authentication method using a private hardware will be described as follows. Firstly, in a bank window, after a user's identity (that is, a customer's identity) is proved, the use and registration of the OTP is allowed, and the OTP hardware is provided to the user. Here, in the bank window, a serial number written on a rear part of the OTP hardware is recorded.
Next, when the user tries Internet banking, the user inputs identification (ID)/password and the password (normally, 6-figures) generated by the OTP hardware additionally.
An OTP server of the bank searches the serial number of the OTP hardware owned by the user based on the user's ID. And, the OTP server of the bank generates the OTP by the same scheme with the OTP hardware having the corresponding serial number, and allows a log-in or not by comparing the generated OTP with the OTP of 6-figures inputted by the user.
However, this OTP private hardware has a demerit that a labor of the user is requested.
That is, a method for implementing the OTP algorithm through the OTP private hardware has demerits that the user carries out the OTP hardware, and acquires an authentication by inputting a conventional ID/password and the OTP value additionally. [Disclosure] [Technical Problem]
It is, therefore, an object of the present invention is provide to an authentication apparatus and method using a one tiem password generation algorithm, which enable a user to acquire an OTP number without an additional device. [Technical Solution] In accordance with an embodiment of the present invention to achieve a purpose of the present invention, there is provided an authentication apparatus using an one time password (OTP) generation algorithm capable of accessing to a secure server and an open authentication (OATH) server, including: a terminal for generating a token identification (ID) using 'Unique Key' included in a secure program according to the secure program which is performed by an access to the secure server, performing an initial registration for the OATH server, generating an OTP number by the same scheme with the OTP generation scheme of the secure server, and performing an OTP generation algorithm which is provided to a user.
The OTP generation algorithm performs the initial registration by transmitting the generated token ID to the OATH server according to checking a seed of a verisign config at a config of a secure server, and by receiving the seed corresponding to the transmitted token ID from the OATH server.
The OTP generation algorithm, after determining whether the OTP generation scheme of the secure server is a time synchronization scheme or an event synchronization scheme by checking the config of the secure server, generates the OTP number by the same scheme with the OTP generation scheme of the determined secure server.
The OTP generation algorithm transmits the generated token ID to the secure server, receives and provides an input of a user ID/password of a corresponding terminal requested from the secure server which receives the transmitted token ID to the secure server, and provides the OTP number requested from the secure server to the secure server according to the user input with reference to the generated OTP number.
The secure server transmits a terminal authentication request message including the OTP number, a generation scheme of the OTP number and the token ID information to the OATH server, and determining an authentication for the accessed terminal according to a terminal authentication recognition message provided from the OATH server.
The token ID is not stored and is re-generated whenever a secure safety is requested after the token ID is generated by the OTP generation algorithm.
The OTP generation algorithm generates the same token ID with the token ID which is generated initially in case that a hard disk of the terminal is not changed, and generates a new token ID, transmits and registers the generated token ID to the OATH server in case that the hard disk of the terminal is changed.
The OTP generation algorithm generates the OTP number by the same scheme with the OTP generation scheme of the secure server without a registration for the OATH server in case that the secure program is performed according to the access of the secure server of the user after performing the initial registration for the OATH server, and provides the generated OTP number to the user.
The secure server requests an input of a user ID/password and the OTP number if the terminal which performs an initial access process is accessed, and performs the terminal authentication to the OATH server using the OTP number and the initially registered token ID according to the user ID/password and OTP number in response to the input request .
The OTP generation algorithm is operated in the terminal by an installation of the user, and is operated for an access time to the secure server by being installed by the accessed secure server.
In accordance with another embodiment of the present invention to achieve another purpose of the present invention, there is provided an authentication method using a one time password (OTP) generation algorithm capable of accessing to a secure server and an open authentication (OATH) server, including the steps of: generating a token identification (ID) using 'Unique Key' included in a secure program at the OTP generation algorithm of a terminal according to the secure program which is performed by accessing the terminal to the secure server; performing an initial registration for the OATH server using the generated token ID at the OTP generation algorithm; and generating an OTP number by the same scheme with the OTP generation scheme of the secure server and providing the generated OTP number to a user at the OTP generation algorithm.
The step of performing an initial registration for the OATH server at the OTP generation algorithm includes: checking a seed of a verisign config at a config of the accessed secure server; transmitting the generated token ID to the OATH server in case that the seed of the verisign config is not existed according to the checked result; and performing the initial registration by receiving the seed corresponding to the transmitted token ID from the OATH server.
In the step of generating an OTP number at the OTP generation algorithm, after determining whether the OTP generation scheme of the secure server is a time synchronization scheme or an event synchronization scheme by checking the config of the secure server, the OTP number is generated by the same scheme with the OTP generation scheme of the determined secure server.
It is preferred that the authentication method using the OTP generation algorithm further includes the steps of transmitting the generated token ID to the secure server, receiving and providing an input of a user ID/password of a corresponding terminal requested from the secure server which receives the transmitted token ID to the secure server at the OTP generation algorithm; and providing the OTP number to the secure server according to the user input with reference to the generated OTP number.
It is preferred that the authentication method using the OTP generation algorithm further including the steps of: at the secure server, checking a generation scheme of the corresponding OTP number from the OTP number which is provided from the OTP generation algorithm, and transmitting a terminal authentication request message including the OTP number, a generation scheme of the OTP number and the token ID information to the OATH server; and at the secure server, determining an authentication for the accessed terminal according to a terminal authentication recognition message which is provided from the OATH server in response to the terminal authentication request message. It is preferred that the authentication method using the OTP generation algorithm further includes the steps of: at the OTP generation algorithm, generating the same token ID with the token ID which is generated initially whenever the secure safety is requested in case that a hard disk of the terminal is not changed, generating, transmitting and registering a new token ID to the OATH server in case that the hard disk of the terminal is changed. [Description of Drawings]
Fig. 1 is a diagram illustrating a general OTP private hardware;
Fig. 2 is a block diagram illustrating an authentication apparatus using an OTP generation algorithm in accordance with an embodiment of the present invention!
Fig. 3 is a flowchart illustrating an authentication method using an OTP generation algorithm in accordance with an embodiment of the present invention;
Fig. 4 is a flowchart illustrating an authentication method using an OTP generation algorithm in accordance with another embodiment of the present invention; and
Fig. 5 is a flowchart illustrating an authentication method using an OTP generation algorithm in accordance with another embodiment of the present invention. [Best Mode]
Hereinafter, preferred embodiments of the present invention will be set forth in detail so that a person who skilled in the art will easily carry out the present invention with reference to the accompanying drawings. Further, in the following description, well-known arts will not be described in detail if it appears that they could obscure the invention in unnecessary detail.
Moreover, the same reference number is used for a similar function and operation part in overall drawings.
As describe below, the present invention enables a user to access to a secure system through a generated OTP by providing the generated OTP to the secure system after coupling a secure program with respect to an OATH and generating the OTP. On the other hand, Oath' is a kind of promise of a standard which is proposed and supported by 'Verisign company' in USA, and means a secure system which is universally applied to overall applications, terminal and conditions.
The OATH starts from a limitation of an authentication system by a user identification (ID)/password which are used in general, and performs an open which combines the OTP, a public key infrastructure (PKI) and SIM (subscriber identity module) cards. A purpose of the OATH is to widen a setting of a low cost multi-authentication device from vendors to makers.
Accordingly, the OATH generates the OTP by coupling a secure program which performs an open through the OTP, and provides the generated OTP to a user.
Fig. 2 is a block diagram illustrating an authentication apparatus using an OTP generation algorithm in accordance with an embodiment of the present invention.
As shown in Fig. 2, the OTP generation algorithm may be implemented in a user wire/wireless terminal 100, e.g., a PC, a mobile phone, a notebook computer and a PDA which are accessed to a plurality of secure servers (e.g., banks) 200 and an OATH server(e.g., verysign server) 300 through the Internet :
That is, the OTP generation algorithm performs a user authentication between the OATH server 300 and the secure server 200 by using a token ID generated from an initial screen of a secure program based on the OATH.
On the other hand, the OTP generation algorithm is operated by an installation of a user or is operated for an access time to the web page by a reinforced installation by a specific web page (a webpage of a secure server).
Next, the OTP generation algorithm and an authentication method using the same will be described in detail.
Fig. 3 is a flowchart illustrating an authentication method using an OTP generation algorithm in accordance with an embodiment of the present invention.
Fig. 3 illustrates an authentication method using the OTP generation algorithm in case of an initial access to secure server 200, e.g., a bank server, through a bank uniform resource locator (URL) which a user wants to access.
As shown in Fig. 3, in case that a secure program and a secure system (e.g., bank site screen) is performed on a terminal 100 by a user which is initially accessed to the secure server 200 at step SlOl. The OTP generation algorithm generates a token ID using 'Unique Key' included in the secure program at step S102.
If an OTP open authentication window of the secure program is activated (that is, clicked) by a user at step S103, the OTP generation algorithm performs a Verisign initial registration according to a seed of the Verisign config in a secure server 200 config at step S104.
The OTP generation algorithm transmits the generated token ID to the OATH server 300 the Verisign initial registration at step S105, and receives the verisign seed, which is distributed from a corresponding OATH server 300 at step S106, from the OATH server 300 at step S107. Here, the OTP generation algorithm transmits the token ID to 'https'.
Next, after the OTP generation algorithm checks whether an OTP use is requested to a user through a pop-up window, if the OTP use is requested from the user at step S108, the OTP generation algorithm generates an OTP number by the same scheme with the OTP generation scheme of the accessed secure server 200 at step S109, and displays the generated OTP number through the pop-up window at step SIlO. Here, after determining whether the OPT generation scheme of the secure server 200 is a time synchronization scheme or an event synchronization scheme by checking a config of the secure server 200, the OTP generation algorithm generates the OTP number by the same scheme with the OTP generation scheme of the secure server 200.
On the other hand, the OTP generation algorithm transmits the generated token ID to the secure server 200 at step Sill. The secure server 200 which receives the generated token ID requests a log-in of a secure system according to an input of a user ID/password of a corresponding terminal 100 at step S112.
After displaying log-in request information of a secure system (that is, a site screen) of a secure server 200 at step S113, the terminal 100 transmits the user ID/password to the secure server 200 which is inputted from the user at step S113. In case that the user ID/password of the terminal is the same with the user information which is previously stored in a database, the secure server 200 stores the token ID provided from the OTP generation algorithm of the corresponding terminal 100 at step S114.
The secure server 200 requests the OTP number to the terminal 100 at step S115. The terminal 100 displays the OTP request information of the secure system, performs an input of the user OTP number with respect to the OTP number generated from the OTP generation algorithm, and transmits the input user OTP number to the secure server 200 at step S116.
Next, if the OTP number is provided form the terminal 100, after checking the generation scheme of the OTP number from the provided OTP number, the secure server 200 transmits a terminal authentication request message including the provided OTP number, a generation scheme of corresponding OTP number and previously stored token ID information to the OATH server 300 at step S117.
And, the secure server 200 determines an authentication of the terminal 100 at step S119 according to the terminal authentication recognition message provided from the OATH server 300 in response to the terminal authentication request message at step S118.
On the other hand, the token ID generated by the OTP generation algorithm is not stored in the terminal 100 and is re-generated whenever a secure safety is requested.
However, in state that a hard disk is not changed, the OTP generation algorithm generates the same token ID with the initially generated token ID whenever the secure safety is requested. In state that the hard disk is changed, the OTP generation algorithm generates, transmits and registers a new token ID to the OATH server 300.
Fig. 4 is a flowchart illustrating an authentication method using an OTP generation algorithm in accordance with another embodiment of the present invention.
Fig. 4 illustrates an authentication method of the OTP generation algorithm for the terminal 100 which is accessed to the secure server 200 initially according to the process of Fig. 3. It is assumed that the secure system and the secure program which are provided from the secure server 200 in the access to the secure server are automatically performed.
As shown in Fig. 4, If the OTP authentication window is activated by a user control at step S202 in the terminal where the secure program is performed by a second access user of the same terminal at step S201, the OTP generation algorithm generates the OTP number by the same scheme with the secure server 200 at step S203, and displays the generated OTP number through the pop-up window at step S204. Here, after determining whether the OTP generation scheme of the secure server 200 is a time synchronization scheme or an event synchronization scheme by checking a config of the secure server 200, the OTP generation algorithm generates the OTP number by the same scheme with the determined OTP generation scheme of the secure server 200.
On the other hand, if the access is performed by the terminal 100 which performs the initial access, the secure server 200 requests a log-in of the secure system according to the input of the user ID/password and OTP number at step S205.
After displaying the log-in request information of the secure system of the secure server 200, terminal 100 transmits the user ID/password and OTP number to the secure server 200 at step S206.
If receiving the user ID/password and OTP number from the terminal 100, the secure server 200 transmits the terminal authentication request message including the provided OTP number, the generation scheme of the OTP number and the previously stored token ID information at step S207. And, the secure server 200 determines the authentication of the terminal according to the terminal authentication recognition message provided from the OATH server 300 in response to the terminal authentication request message at step S209.
Meanwhile, in case that a secure access time of the accessed terminal 100 is exceeded, the secure server 200 requests an input of at least one OTP number to the terminal 100, and authenticates the input of the user OTP number generated by the OTP generation algorithm.
Fig. 5 is a flowchart illustrating an authentication method using an OTP generation algorithm in accordance with another embodiment of the present invention.
Fig. 5 illustrates the authentication method of the OTP generations algorithm in case that a hard disk configuration of the terminal which is accessed to the secure server 200 is changed according to the processes of the Figs 3 and 4 mentioned above. It is assumed that the secure system and the secure program which are provided from the secure server 200 in the access to the secure server are automatically performed.
As shown in Fig. 5, in case that the secure system and the secure program are performed by a user terminal which is accessed to the secure server 200 at step S301, the secure program activates an environment resetting window in an OTP environment setting mode according to a user control which changes the hard disk of the terminal 100 at step S302.
The OTP generation algorithm generates the token ID using 'Unique Key1 included in the secure program at step S303.
And, OTP generation algorithm performs a Verisign registration according to checking a seed of a verisign config in a config of the secure config at step S304.
The OTP generation algorithm transmits the generated token ID for the verisign re-registration to the OATH server 300 at step S305 and receives the seed of the verisign, which is distributed from the OATH server 300 at step S306, from the OATH server 300 at step S307. The OTP generation algorithm transmits the token ID to https.
Next, after checking the re-request of the OTP use to the user through a pop-up window, if the re-request of the OTP use is requested from the user at step 308, the OTP generation algorithm generates the OTP number by the same scheme with the OTP generation scheme of the accessed secure server 200 at step S309, and displays the generated OTP number through the pup-up window at step S310. Here, after determining whether the OTP generation scheme is the time synchronization scheme or the event synchronization scheme by checking the config of the secure server 200, the OTP generation algorithm generates the OTP number by the same scheme with the determined OTP generation scheme of the secure server 200.
On the other hand, the OTP generation algorithm transmits the generated token ID to the secure server 200 at step S311. The secure server 200, which receives the generated token ID, requests the log-in of the secure system according to the input of the user ID/password of the terminal 100 to the terminal 100 at step S312.
After the log-in information of the secure system (that is, site screen) of the secure server 200 is displayed, the terminal 100 transmits the user ID/password inputted from the user to the secure server 200 at step S313. In case that the user ID/password of the terminal 100 is the same with the user information which is previously stored in the database, the secure server 200 stores the token ID provided from the OTP generation algorithm of the terminal 100 at step S314.
And, the secure server 200 requests the OTP number to the terminal 100 at step S315. The terminal 100 performs the input of the user OTP number with respect to the OTP number generated from the OTP generation algorithm and transmits the input user OTP number to the secure server 200 by displaying the OTP request information of the secure system at step S316.
Next, if the OTP number is provided from the secure server 200, the secure server 200 transmits the terminal authentication recognition message including the provided OTP number, the generation scheme of the OTP number and the previously stored token ID information to the OATH server 300 after checking the generation scheme of the corresponding OTP number from the provided OTP number at step S317.
And, the secure server 200 determines the authentication for the terminal 100 at step S319 according to the terminal authentication recognition message provided from the OATH server 300 in response to the terminal authentication request message at step S318.
While the present invention has been described with respect to certain preferred embodiments, it will be apparent to those skilled in the art that various changes and modifications may be made without departing from the spirits and scope of the invention as defined in the following claims.
In particular, an embodiment of the present invention is described in case of needing a user authentication (that is, accessing to a banking server), but another embodiment of the present invention may be adapted in case of needing all user authentication except the case of accessing to the banking server.
Moreover, the present invention describes the verisign server as an embodiment of the OATH server, but may be adapted to all OATH servers except the verisign server in another embodiment of the present invention. [Industrial Applicability]
As mentioned above, an authentication apparatus and method using a one tiem password generation algorithm in accordance with the present invention maximize the convenience of a user and improve access of the user according to acquiring the OTP number so that the OTP generation algorithm is operated by an installation of a user or is operated for an access time of the corresponding web site by a reinforced installation of a specific web page.

Claims

[CLAIMS]
[Claim 1]
An authentication apparatus using one time password (OTP) generation algorithm capable of accessing to a secure server and an open authentication (OATH) server, comprising: a terminal for generating a token identification (ID) using 'Unique Key1 included in a secure program according to the secure program which is performed by an access to the secure server, performing an initial registration for the OATH server, generating an OTP number by the same scheme with the OTP generation scheme of the secure server, and performing an OTP generation algorithm which is provided to a user.
[Claim 2]
The apparatus as recited in claim 1, wherein the OTP generation algorithm performs the initial registration by transmitting the generated token ID to the OATH server according to checking a seed of a verisign config at a config of a secure server, and by receiving the seed corresponding to the transmitted token ID from the OATH server.
[Claim 3]
The apparatus as recited in claim 1, wherein the OTP generation algorithm, after determining whether the OTP generation scheme of the secure server is a time synchronization scheme or an event synchronization scheme by checking the config of the secure server, generates the OTP number by the same scheme with the OTP generation scheme of the determined secure server.
[Claim 4]
The apparatus as recited in claim 1, wherein the OTP generation algorithm transmits the generated token ID to the secure server, receives and provides an input of a user ID/password of a corresponding terminal requested from the secure server which receives the transmitted token ID to the secure server, and provides the OTP number requested from the secure server to the secure server according to the user input with reference to the generated OTP number .
[Claim 5]
The apparatus as recited in claim 4, wherein the secure server transmits a terminal authentication request message including the OTP number, a generation scheme of the OTP number and the token ID information to the OATH server, and determining an authentication for the accessed terminal according to a terminal authentication recognition message provided from the OATH server.
[Claim 6]
The apparatus as recited in claim 1, wherein the token ID is not stored and is re-generated whenever a secure safety is requested after the token ID is generated by the OTP generation algorithm.
[Claim 7]
The apparatus as recited in claim 1, wherein the OTP generation algorithm generates the same token ID with the token ID which is generated initially in case that a hard disk of the terminal is not changed, and generates a new token ID, transmits and registers the generated token ID to the OATH server in case that the hard disk of the terminal is changed.
[Claim 8]
The apparatus as recited in claim 1, wherein the OTP generation algorithm generates the OTP number by the same scheme with the OTP generation scheme of the secure server without a registration for the OATH server in case that the secure program is performed according to the access of the secure server of the user after performing the initial registration for the OATH server, and provides the generated OTP number to the user.
[Claim 9]
The apparatus as recited in claim 8, wherein the secure server requests an input of a user ID/password and the OTP number if the terminal which performs an initial access process is accessed, and performs the terminal authentication to the OATH server using the OTP number and the initially registered token ID according to the user ID/password and OTP number in response to the input request. [Claim 10]
The apparatus as recited in claim 1, wherein the OTP generation algorithm is operated in the terminal by an installation of the user, and is operated for an access time to the secure server by being installed by the accessed secure server. [Claim 11]
An authentication method using a one time password (OTP) generation algorithm capable of accessing to a secure server and an open authentication (OATH) server, comprising the steps of: generating a token identification (ID) using 'Unique Key1 included in a secure program at the OTP generation algorithm of a terminal according to the secure program which is performed by accessing the terminal to the secure server; performing an initial registration for the OATH server using the generated token ID at the OTP generation algorithm; and generating an OTP number by the same scheme with the OTP generation scheme of the secure server and providing the generated OTP number to a user at the OTP generation algorithm. [Claim 12)
The method as recited in claim 11, wherein the step of performing an initial registration for the OATH server at the OTP generation algorithm includes: checking a seed of a verisign config at a config of the accessed secure server ; transmitting the generated token ID to the OATH server in case that the seed of the verisign config is not existed according to the checked result; and performing the initial registration by receiving the seed corresponding to the token ID transmitted from the OATH server. [Claim 13]
The method as recited in claim 11, wherein in the step of generating an OTP number at the OTP generation algorithm, after determining whether the OTP generation scheme of the secure server is a time synchronization scheme or an event synchronization scheme by checking the config of the secure server, the OTP number is generated by the same scheme with the OTP generation scheme of the determined secure server. [Claim 14]
The method as recited in claim 11, further comprising the steps of: transmitting the generated token ID to the secure server, receiving and providing an input of a user ID/password of a corresponding terminal requested from the secure server which receives the transmitted token ID to the secure server at the OTP generation algorithm; and providing the OTP number to the secure server according to the input of the user with reference to the generated OTP number. [Claim 15]
The method as recited in claim 14, further comprising the steps of: at the secure server, checking a generation scheme of the corresponding OTP number from the OTP number which is provided from the OTP generation algorithm, and transmitting a terminal authentication request message including the OTP number, a generation scheme of the OTP number and the token ID information to the OATH server; and at the secure server, determining an authentication for the accessed terminal according to a terminal authentication recognition message which is provided from the OATH server in response to the terminal authentication request message. [Claim 16]
The method as recited in claim 11, wherein the token ID is not stored and is re-generated whenever a secure safety is requested after the token ID is generated by the OTP generation algorithm. [Claim 17]
The method as recited in claim 16, further comprising the step of: at the OTP generation algorithm, generating the same token ID with the token ID which is generated initially whenever the secure safety is requested in case that a hard disk of the terminal is not changed, generating, transmitting and registering a new token ID to the OATH server in case that the hard disk of the terminal is changed. [Claim 18]
The method as recited in claim 11, further comprising the step of: generating the OTP number by the same scheme with the OTP generation scheme of the secure server without a registration for the OATH server in case that the secure program is performed according to the access of the secure server from the user after performing the initial registration for the OATH server, and providing the generated OTP number to the user. [Claim 19]
The method as recited in claim 18, further comprising the steps of: at the secure server, requesting an input of a user ID/password and the OTP number to the terminal if the terminal which performs an initial access process is accessed; at the terminal, providing the OTP number according to the user input with reference to the OTP number which is generated from the user, the password and the OTP generation algorithm to the user; and at the secure server, performing the terminal authentication to the OATH server using the OTP number and the initially registered token ID, and determining the authentication for the accessed terminal according to the terminal authentication provided from the OATH server. [Claim 20]
The method as recited in claim 11, wherein the OTP generation algorithm is operated in the terminal by an installation of the user, and is operated for an access time to the secure server by being installed by the accessed secure server.
PCT/KR2007/001974 2007-02-22 2007-04-23 Apparatus and method for authentication by using one time password WO2008102930A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020070017738A KR20080083077A (en) 2007-02-22 2007-02-22 Apparatus and method for authentication by using one time password
KR10-2007-0017738 2007-02-22

Publications (1)

Publication Number Publication Date
WO2008102930A1 true WO2008102930A1 (en) 2008-08-28

Family

ID=39710195

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2007/001974 WO2008102930A1 (en) 2007-02-22 2007-04-23 Apparatus and method for authentication by using one time password

Country Status (2)

Country Link
KR (1) KR20080083077A (en)
WO (1) WO2008102930A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103095456A (en) * 2013-01-10 2013-05-08 天地融科技股份有限公司 Method and system for processing transaction messages
US8762279B2 (en) 2008-11-06 2014-06-24 Visa International Service Association Online challenge-response

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8121942B2 (en) 2007-06-25 2012-02-21 Visa U.S.A. Inc. Systems and methods for secure and transparent cardless transactions

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5592553A (en) * 1993-07-30 1997-01-07 International Business Machines Corporation Authentication system using one-time passwords
US20030212894A1 (en) * 2002-05-10 2003-11-13 Peter Buck Authentication token
KR100412986B1 (en) * 2003-03-03 2003-12-31 Initech Co Ltd Method for generating and authenticating one-time password using synchronization and readable recording medium of storing program for generating one-time password

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5592553A (en) * 1993-07-30 1997-01-07 International Business Machines Corporation Authentication system using one-time passwords
US5661807A (en) * 1993-07-30 1997-08-26 International Business Machines Corporation Authentication system using one-time passwords
US20030212894A1 (en) * 2002-05-10 2003-11-13 Peter Buck Authentication token
KR100412986B1 (en) * 2003-03-03 2003-12-31 Initech Co Ltd Method for generating and authenticating one-time password using synchronization and readable recording medium of storing program for generating one-time password

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8762279B2 (en) 2008-11-06 2014-06-24 Visa International Service Association Online challenge-response
US9898740B2 (en) 2008-11-06 2018-02-20 Visa International Service Association Online challenge-response
CN103095456A (en) * 2013-01-10 2013-05-08 天地融科技股份有限公司 Method and system for processing transaction messages
CN103095456B (en) * 2013-01-10 2016-07-06 天地融科技股份有限公司 The processing method of transaction message and system

Also Published As

Publication number Publication date
KR20080083077A (en) 2008-09-16

Similar Documents

Publication Publication Date Title
JP6992105B2 (en) Query system and method for determining authentication capability
KR101759193B1 (en) Network authentication method for secure electronic transactions
US9141782B2 (en) Authentication using a wireless mobile communication device
US10367797B2 (en) Methods, systems, and media for authenticating users using multiple services
US8954745B2 (en) Method and apparatus for generating one-time passwords
EP2839603B1 (en) Abstracted and randomized one-time passwords for transactional authentication
AU2013311425B2 (en) Method and system for verifying an access request
AU2013205396B2 (en) Methods and Systems for Conducting Smart Card Transactions
US20140082707A1 (en) Systems and methods for network connected authentication
US10848304B2 (en) Public-private key pair protected password manager
JP2016524248A (en) Method and system for protecting identity information from theft or copying
US20070186277A1 (en) System and method for utilizing a token for authentication with multiple secure online sites
WO2015188426A1 (en) Method, device, system, and related device for identity authentication
JP2016518667A (en) User authentication
KR20210095093A (en) Method for providing authentification service by using decentralized identity and server using the same
US20110145901A1 (en) Systems and methods for authenticating a server by combining image recognition with codes
KR20210095061A (en) Method for providing authentification service by using decentralized identity and server using the same
WO2008102930A1 (en) Apparatus and method for authentication by using one time password
WO2021107755A1 (en) A system and method for digital identity data change between proof of possession to proof of identity
KR101679183B1 (en) Server and method for electronic signature
CA2904646A1 (en) Secure authentication using dynamic passcode
BR102014012603A2 (en) method for authentication using ephemeral and anonymous credentials
KR20180037169A (en) User authentication method and system using one time password
KR20140023085A (en) A method for user authentication, a authentication server and a user authentication system
KR101107283B1 (en) method for securing information of mobile phone user

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07746136

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: COMMUNICATION UNDER RULE 112(1) EPC, EPO FORM 1205A DATED 03/12/09

122 Ep: pct application non-entry in european phase

Ref document number: 07746136

Country of ref document: EP

Kind code of ref document: A1