[go: up one dir, main page]

WO2008032916A1 - Method for registering and certificating user of one time password by a plurality of mode and computer-readable recording medium where program executing the same method is recorded - Google Patents

Method for registering and certificating user of one time password by a plurality of mode and computer-readable recording medium where program executing the same method is recorded Download PDF

Info

Publication number
WO2008032916A1
WO2008032916A1 PCT/KR2007/001890 KR2007001890W WO2008032916A1 WO 2008032916 A1 WO2008032916 A1 WO 2008032916A1 KR 2007001890 W KR2007001890 W KR 2007001890W WO 2008032916 A1 WO2008032916 A1 WO 2008032916A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
time
server
user
onetime
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2007/001890
Other languages
French (fr)
Inventor
Changhee Lee
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
INITECH CO Ltd
Original Assignee
INITECH CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020070026677A external-priority patent/KR100786551B1/en
Application filed by INITECH CO Ltd filed Critical INITECH CO Ltd
Priority to US12/441,310 priority Critical patent/US20090328168A1/en
Priority to JP2009528166A priority patent/JP2010503912A/en
Publication of WO2008032916A1 publication Critical patent/WO2008032916A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • the present invention relates to a method of registering a user of a onetime-password and a computer readable recoding medium having a program recorded therein for executing such a method, and more specifically, to a method of registering a user of a one-time-password in a plurality of modes at one one-time-password terminal and a computer readable recoding medium having a program recorded therein for executing such a method.
  • an ordinary password has a fixed value designated by a user, and the user is responsible for managing the password not to be leaked.
  • the user is responsible for managing the password not to be leaked.
  • a one-time-password has been appeared to prevent such a problem, and since such a one-time -password is valid only once and another password is created in the next time, so that although someone intercepts the password in the middle and uses it, the password is already invalid at that time, and thus safety is relatively increased as compared with a conventional fixed password that maintains a fixed value.
  • a one-time-password can be created using a separate terminal, or a onetime-password creation program downloaded to a cellular phone or the like.
  • the created one-time-password can be used at an automatic teller machine (ATM) or for Internet banking.
  • ATM automatic teller machine
  • the present invention has been made in order to solve the above problems, and it is an object of the invention to provide a method of registering a user of a one-time -password, in which one-time-passwords requested by a plurality of financial institutes that use a different one-time-passwords creation mode can be created by one one-time -password creation program. Furthermore, another object of the present invention is to provide a computer readable recoding medium having a program recorded therein for executing such a method.
  • the present invention relates to a method of creating and registering a on e- time-password in accordance with a one-time-password creation mode of each financial institute by installing one program in a one-time-password terminal.
  • information on one-time-password creation modes used by respective financial institutes in a one-time -password server After storing information on one-time-password creation modes used by respective financial institutes in a one-time -password server, information on a one-time-password creation mode appropriate for a financial institute selected by a user (register) is transmitted to the one-time-password terminal, and a program loaded on the one-time-password terminal creates a one-time-password based on the transmitted mode.
  • a method of registering a one-time-password user in a one-time -password terminal in an environment including the one-time -password terminal loaded with a program for creating one-time-passwords in a plurality of modes, an authentication server for authenticating authenticity of the onetime-password user, a one-time-password server, and a one-time-password database server for storing information on the one-time-password user, the method comprising: a first step of allowing the one-time-password terminal to request both a profile of an institute for a corresponding one-time-password to be used and a serial number of the program for creating the one-time-password from the one-time-password server; a second step of allowing the one-time-password terminal to receive the serial number and the profile issued by the one-time-password server from the one-time-password server; and a third
  • a method for allowing a one-time-password server to authenticate a first one-time-password inputted by a user in an environment including a one-time-password terminal loaded with a program for creating one-time -passwords in a plurality of modes, an authentication server for authenticating authenticity of the one-time-password user, the onetime-password server, and a one-time-password database server for storing information on the one-time-password user, the method comprising: a first step of allowing the one-time-password server to receive user information and the first one-time-password from the authentication server; a second step of allowing the one-time-password server to inquire and receive a seed value from the one-time-password database server based on the user information; a third step of allowing the one-time-password server to create a second one-time-password based on the seed value; and a fourth step of allowing the one
  • a profile of a financial institute is transferred from the one-time-password server, and a onetime-password is created in a one-time -password creation mode determined through the profile. Therefore, one-time-passwords can be created by one program in a plurality of one-time -password creation modes specified by a plurality of financial institutes. It is apparent that a financial institute should be selected by the program.
  • the first to fourth steps are repeated as many times as the number of onetime-password creation modes.
  • the computer readable recoding medium according to the present invention is a computer readable recoding medium having a program recorded therein for executing the above-mentioned steps.
  • OTP is used among those skilled in the art to refer to the onetime-password used in the present specification and figures.
  • An environment for performing the present invention includes a one-time-password terminal 10 loaded with a program for creating one-time-passwords, a user computer 20, an authentication server 30 for authenticating authenticity of a one-time-password user, a one-time-password server 40, and a one-time-password database server 50 for storing information on the one-time-password user.
  • the one-time-password terminal 10 is a terminal for creating a one-time-password, which can be a dedicated terminal or a cellular phone where a program for creating one-time-passwords is loaded.
  • the user computer 20 includes all kinds of electronic devices connected to a communication network and capable of communicating with the authentication server 30.
  • the authentication server 30 means a server of a financial institute, such as a bank or the like, that uses the one-time-password in a transaction, and the authentication server 30 stores user information including information on financial accounts of onetime-password users. In order to register a user in the one-time-password server 40, the one-time-password user should obtain authentication through the authentication server 30.
  • FIG. 1 is a view showing a method of authenticating a user in a method of registering a user according to the present invention
  • FIG. 2 is a view showing a method registering a user according to the present invention
  • FIG. 3 is a view showing a process of sharing a key in registering a user according to the present invention
  • FIG. 4 is a view showing an embodiment implementing a process of registering a one-time-password user at a one-time-password terminal according to the present invention.
  • FIG. 5 is a view showing an embodiment implementing a process of creating a onetime-password and authenticating the one-time-password from a registered institute using a one-time-password terminal.
  • FIG. 1 shows a flowchart illustrating a method of authenticating a user according to the present invention and constitutional components of an environment for performing the user authentication method.
  • a banking transaction is performed through an electronic device such as a computer or the like.
  • a user connects to a web-site of a financial institute with which the user has an account in order to perform a financial transaction, such as Internet banking, through an electronic device, such as a computer or the like.
  • a financial transaction such as Internet banking
  • an electronic device such as a computer or the like.
  • a one-time-password is required to perform Internet banking or the like.
  • the one-time-password terminal 10 creates a first one-time-password in step SlOl.
  • the first one-time-password is preferably created based on a seed value created, encrypted, and stored in the step of registering a one-time-password user S209 shown in FIG. 2.
  • the computer 20 transfers user's identification (ID) and the first one-time-password to the authentication server 30 through a communication network S 103.
  • the user ID can be personal information including information on an account or the like that the user has at a financial institute that uses a one-time-password in a financial transaction.
  • the authentication server 30 that receives the user ID and the first onetime-password confirms whether the user is authorized in step S 104. This is to confirm whether the user is registered as a one-time-password user in the authentication server 30 in the step of registering a one-time-password user S210 shown in FIG. 2. If the user is confirmed to be an authorized user, user information and the first onetime-password value are transferred to the one-time-password server 40 in step S 105.
  • the user information is preferably an institute code of an institute where the first one- time-password is used, the user ID, and the like.
  • the one-time-password server 40 inquires a seed value of the corresponding user for the institute where the first onetime-password is used from the one-time-password database server 50 based on the transferred information and receives a return value S 106.
  • the seed value is preferably the value transferred to the one-time-password server 50 in the step of registering a one-time-password user S208 shown in FIG. 2.
  • the one-time -password server 40 that receives the seed value creates a second onetime-password in step S 107 based on the seed value received in step S 106. Then, the one-time-password server compares the created second one-time-password with the first one-time-password S 108. The one-time-password server transfers a result of the comparison to the authentication server 30 in step S 109, and the authentication server 30 performs authentication in connection with an existing authentication server and releases the connection SI lO.
  • FIG. 2 shows the process of such a user registration.
  • a user logs in the authentication server 30 using the computer 20 S201.
  • the authentication server 30 requests to use a one-time-password to the computer 20 of the user in step S202 and transfers the institute code of an institute where the onetime-password is used and user ID to the one-time-password server 40 in step S203.
  • the institute code means a unique identifier that can identify an institute where the one-time-password is used from other institutes, and the user ID can be personal information including information on an account or the like that the user has at a financial institute where the one-time-password is used.
  • the one-time -password server 40 transfers the institute code and the user ID to the one-time-password database server, and the one-time-password database server registers the user ID based on the transferred institute code and user ID S204.
  • the user executes a virtual machine (VM) of the onetime-password terminal 10 in step S205, and selects and handles an institute registration menu that can be included in the VM.
  • VM virtual machine
  • the VM is a terminology used by those skilled in the art, referring to software that functions as an interface between a complied binary code and a microprocessor that actually executes program instructions.
  • the VM generates a certain random value through the institute registration menu.
  • the random value is preferably a nonce for stability. Unlike a general random value, if the same values are consecutively generated, the nonce discards the latter value and regenerates a random value that is not the same.
  • the one-time-password terminal 10 may transfer the random value generated through the VM to the one-time-password server 40, or may not transfer and only save the generated random value. In addition, the onetime-password terminal requests the profile and a serial number of an institute where the one-time-password is used from the one-time-password server S206.
  • the one-time -password server 40 issues a serial number and a seed value in response to the request S207.
  • the serial number means a unique number of a program loaded on the one-time -password terminal.
  • the serial number and the seed value are preferably independent values created without having a functional relation to each other, and the seed value is preferably determined as unique information mapped to the serial number.
  • the one-time -password server 40 transfers the profile of the institute where the onetime-password is used requested in step S206 and the serial number issued in step S207 to the one-time-password terminal 10 S208, and transfers the seed value issued in step S207 to the one-time-password database server 50 S208 .
  • the seed value stored in the one-time-password database server 50 is used to confirm whether the seed value is matched in step S 106 in the user authentication process shown in FIG. 1.
  • the one-time -password terminal 10 registers the transferred profile and serial number and generates a separate seed value S209. That is, the transferred information is encrypted and processed in a method that uses the seed value.
  • step S209 The user inputs the serial number received in step S209 through the computer 20, and the computer 20 transfers the inputted serial number to the authentication server 30, thereby completing the user registration process S210. At this point, it is preferable to input an initial one-time-password value together, and the seed value generated in step S209 is stored in a state encrypted based on the initial one-time -password.
  • the profile includes information on a one-time-password creation mode of a financial institute where the one-time-password is used and information on the financial institute itself.
  • the profile may include information on a onetime-password creation interval specifying at which minute intervals the onetime-password is created again, information on a one-time-password creation algorithm, the size of the one-time-password, information on whether the last digit of the created one-time-password is used as a checksum, information on whether the onetime-password is set when the one-time-password terminal is executed, a service name, a service logo icon, guide messages of a customer service center, and the like.
  • the one-time-password creation algorithm includes a challenge-response method, a time-synchronization method, an event- synchronization method, a combination method, and the like, but other methods also can be used. Its algorithm is well-known among those skilled in the art.
  • the one-time-password terminal 10 creates a one-time-password in a onetime-password creation mode of a financial institute, where the one-time-password is used, contained in the profile.
  • the profile specified by each financial institute is different, and the one-time-password creation mode of each financial institute contained in the profile is transferred to the one-time-password terminal 10.
  • a program loaded on the one-time-password terminal applies the one-time-password creation mode of each financial institute when creating a one-time-password, and thus all kinds of one-time-passwords having a different creation mode can be created with one program.
  • a password creation mode is not fixedly embedded in the program loaded on the one-time-password terminal 10, but information on the onetime-password creation mode of each financial institute where the one-time-password is used is received from the one-time-password server 40 and used by the program whenever needed. Therefore, all kinds of one-time-passwords having a different creation mode can be created with one program.
  • FIG. 3 shows a process of sharing a seed in the process of registering a onetime-password by a user.
  • the one-time-password terminal 10 and the onetime-password server 40 use a method of sharing a secret key through public key encryption.
  • the one-time-password terminal 10 generates a first temporary random value in step S301.
  • the random value is preferably a nonce.
  • the first temporary random value is transferred to the one-time-password server 40 through public key encryption in step S302, and the one-time-password server 40 generates a second temporary random value S303 and transfers the second temporary random value to the onetime-password terminal 10 through public key encryption S304.
  • the second temporary random value is preferably used as a serial number.
  • the one-time-password terminal 10 and the one-time-password server 40 respectively receive the temporary random value created by itself and the temporary random value created by the other side and generate a seed by combining the temporary random values with a secret key in step S305 and S306. Accordingly, a value that is hashed using the first temporary random value, the second temporary random value, and the secret key as variables is preferably used as the seed.
  • FIG. 4 is a view showing an embodiment implementing a process of registering a one-time-password user at a one-time-password terminal according to the present invention.
  • a user executes a virtual machine (VM) of the onetime-password in step S205, and selects and handles an institute registration menu that can be included in the VM.
  • the one-time-password terminal inquires whether a new financial institute will be registered, and if the user selects an affirmative, a list of financial institute that can be registered is arranged, and the user selects a financial institute to be registered.
  • VM virtual machine
  • the one-time-password terminal requests a profile and a serial number of the selected financial institute from the one-time-password server, and creates and transmits a random value together with the request.
  • the one-time-password server that receives the random value issues a serial number and a seed value and transmits the issued serial number and seed value to the one-time-password terminal 10, and the serial number is displayed on the one-time-password terminal 10.
  • the exemplary screen E404 is a screen displaying a serial number issued by the one-time-password server
  • the exemplary screen E405 is a screen displaying a one-time-password created by a program loaded on the one-time-password terminal in accordance with the received profile of a financial institute.
  • the user transfers the serial number and the onetime-password to the authentication sever 30 using the computer 20, and the user registration is completed S210.
  • FIG. 5 is an exemplary view showing a process of creating a one-time-password and authenticating the one-time-password from a registered institute using the onetime-password terminal 10. If the one-time-password terminal 10 is executed, registered institutes are displayed. If the user selects a desired institute, the onetime-password terminal creates a one-time-password. Using the created onetime-password, the user can obtain user authentication for a desired financial transaction (authentication of Internet banking or authentication of an ATM machine). Details thereof have been described referring to FIG. 1. Industrial Applicability

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a method of registering a one-time-password user in a one-time-password terminal by the one-time-password terminal, in an environment including the one-time-password terminal loaded with a program for creating one-time-passwords in a plurality of modes, an authentication server for authenticating authenticity of the one-time-password user, a one-time-password server, and a one-time-password database server for storing information on the one-time-password user.

Description

Description
METHOD FOR REGISTERING AND CERTIFICATING USER OF ONE TIME PASSWORD BY A PLURALITY OF MODE AND
COMPUTER-READABLE RECORDING MEDIUM WHERE PROGRAM EXECUTING THE SAME METHOD IS RECORDED Technical Field
[1] The present invention relates to a method of registering a user of a onetime-password and a computer readable recoding medium having a program recorded therein for executing such a method, and more specifically, to a method of registering a user of a one-time-password in a plurality of modes at one one-time-password terminal and a computer readable recoding medium having a program recorded therein for executing such a method. Background Art
[2] In general, an ordinary password has a fixed value designated by a user, and the user is responsible for managing the password not to be leaked. However, when an Internet banking or phone banking transaction is performed, it occurs frequently that a password being inputted by a user is hacked or snatched by a third party in a communication network, leading to imposing unexpected damages on the user through the illegal password.
[3] A one-time-password (OTP) has been appeared to prevent such a problem, and since such a one-time -password is valid only once and another password is created in the next time, so that although someone intercepts the password in the middle and uses it, the password is already invalid at that time, and thus safety is relatively increased as compared with a conventional fixed password that maintains a fixed value.
[4] A one-time-password can be created using a separate terminal, or a onetime-password creation program downloaded to a cellular phone or the like. The created one-time-password can be used at an automatic teller machine (ATM) or for Internet banking.
[5] Recently, as the usefulness of the one-time-password is widely known, many financial institutes or the like competitively recommend customers to use the onetime-password in a banking transaction. However, there is a quite difference between methods of creating the one-time-password among the financial institutes. That is, examples of the method of creating the one-time-password include a method of using a 64-bit string and a 128-bit string, a method of using 4 digits and 8 digits, a method of using only digits or a combination of digits and characters, and so on. Some financial institutes do not allow for creation of a password itself with a string that is the same as user identification or a numeric string containing a birth date.
[6] Accordingly, since a program containing a fixed password creation mode as an algorithm cannot be used to create a password of another institute that uses a different password creation mode, a user who has accounts at a plurality of financial institutes suffers from inconvenience of having to carry a plurality of one-time-password terminals or install a plurality of one-time-password creation programs provided and downloaded from the plurality of financial institutes to a cellular phone or the like. Disclosure of Invention Technical Problem
[7] Accordingly, the present invention has been made in order to solve the above problems, and it is an object of the invention to provide a method of registering a user of a one-time -password, in which one-time-passwords requested by a plurality of financial institutes that use a different one-time-passwords creation mode can be created by one one-time -password creation program. Furthermore, another object of the present invention is to provide a computer readable recoding medium having a program recorded therein for executing such a method.
[8] That is, the present invention relates to a method of creating and registering a on e- time-password in accordance with a one-time-password creation mode of each financial institute by installing one program in a one-time-password terminal. After storing information on one-time-password creation modes used by respective financial institutes in a one-time -password server, information on a one-time-password creation mode appropriate for a financial institute selected by a user (register) is transmitted to the one-time-password terminal, and a program loaded on the one-time-password terminal creates a one-time-password based on the transmitted mode. Through the configuration described above, all kinds of passwords of financial institutes that use a different one-time-password creation mode can be created and registered using a onetime-password terminal loaded with one program. Technical Solution
[9] In order to accomplish the above objects of the invention, according to one aspect of the invention, there is provided a method of registering a one-time-password user in a one-time -password terminal, in an environment including the one-time -password terminal loaded with a program for creating one-time-passwords in a plurality of modes, an authentication server for authenticating authenticity of the onetime-password user, a one-time-password server, and a one-time-password database server for storing information on the one-time-password user, the method comprising: a first step of allowing the one-time-password terminal to request both a profile of an institute for a corresponding one-time-password to be used and a serial number of the program for creating the one-time-password from the one-time-password server; a second step of allowing the one-time-password terminal to receive the serial number and the profile issued by the one-time-password server from the one-time-password server; and a third step of allowing the one-time-password terminal to register the profile and the password in the one-time-password terminal and generate a seed value, wherein the serial number received in the second step is transferred to and registered in the authentication server by the user, the profile is information on a corresponding onetime-password creation mode and information on the institute, and the onetime-password is created by the one-time -password terminal in a one-time-password creation mode determined by the profile.
[10] According to another aspect of the invention, there is provided a method for allowing a one-time-password server to authenticate a first one-time-password inputted by a user, in an environment including a one-time-password terminal loaded with a program for creating one-time -passwords in a plurality of modes, an authentication server for authenticating authenticity of the one-time-password user, the onetime-password server, and a one-time-password database server for storing information on the one-time-password user, the method comprising: a first step of allowing the one-time-password server to receive user information and the first one-time-password from the authentication server; a second step of allowing the one-time-password server to inquire and receive a seed value from the one-time-password database server based on the user information; a third step of allowing the one-time-password server to create a second one-time-password based on the seed value; and a fourth step of allowing the one-time-password server to compare the first one-time-password with the second onetime-password and transfer a result of the comparison to the authentication server, wherein the first one-time-password is created by the user using the one-time-password terminal and transferred to the authentication server.
[11] According to the configuration of the present invention described above, a profile of a financial institute is transferred from the one-time-password server, and a onetime-password is created in a one-time -password creation mode determined through the profile. Therefore, one-time-passwords can be created by one program in a plurality of one-time -password creation modes specified by a plurality of financial institutes. It is apparent that a financial institute should be selected by the program.
[12] The first to fourth steps are repeated as many times as the number of onetime-password creation modes.
[13] The computer readable recoding medium according to the present invention is a computer readable recoding medium having a program recorded therein for executing the above-mentioned steps. [14] The terminology OTP is used among those skilled in the art to refer to the onetime-password used in the present specification and figures.
[15] An environment for performing the present invention includes a one-time-password terminal 10 loaded with a program for creating one-time-passwords, a user computer 20, an authentication server 30 for authenticating authenticity of a one-time-password user, a one-time-password server 40, and a one-time-password database server 50 for storing information on the one-time-password user.
[16] The one-time-password terminal 10 is a terminal for creating a one-time-password, which can be a dedicated terminal or a cellular phone where a program for creating one-time-passwords is loaded. The user computer 20 includes all kinds of electronic devices connected to a communication network and capable of communicating with the authentication server 30.
[17] The authentication server 30 means a server of a financial institute, such as a bank or the like, that uses the one-time-password in a transaction, and the authentication server 30 stores user information including information on financial accounts of onetime-password users. In order to register a user in the one-time-password server 40, the one-time-password user should obtain authentication through the authentication server 30.
Advantageous Effects
[18] According to the present invention, in a program for creating one-time-passwords, provided is an effect of creating one-time-passwords in a plurality of modes provided by a plurality of financial institutes with one program.
[19] That is, all kinds of passwords of financial institutes that use a different onetime-password creation mode can be created and registered using a one-time-password terminal loaded with one program. Therefore, a user who has accounts at a plurality of financial institutes can be relieved from inconvenience of carrying a plurality of onetime-password terminals or installing a plurality of one-time-password creation programs provided and downloaded from the plurality of financial institutes in a cellular phone or the like. Best Mode for Carrying Out the Invention
[20] Further objects and advantages of the invention can be more fully understood from the following detailed description taken in conjunction with the accompanying drawings in which:
[21] FIG. 1 is a view showing a method of authenticating a user in a method of registering a user according to the present invention;
[22] FIG. 2 is a view showing a method registering a user according to the present invention; [23] FIG. 3 is a view showing a process of sharing a key in registering a user according to the present invention;
[24] FIG. 4 is a view showing an embodiment implementing a process of registering a one-time-password user at a one-time-password terminal according to the present invention; and
[25] FIG. 5 is a view showing an embodiment implementing a process of creating a onetime-password and authenticating the one-time-password from a registered institute using a one-time-password terminal. Mode for the Invention
[26] Hereinafter, the preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.
[27] First, FIG. 1 shows a flowchart illustrating a method of authenticating a user according to the present invention and constitutional components of an environment for performing the user authentication method. In the process shown in FIG. 1, it is assumed that a banking transaction is performed through an electronic device such as a computer or the like.
[28] A user connects to a web-site of a financial institute with which the user has an account in order to perform a financial transaction, such as Internet banking, through an electronic device, such as a computer or the like. In this case, a one-time-password is required to perform Internet banking or the like.
[29] The one-time-password terminal 10 creates a first one-time-password in step SlOl.
The first one-time-password is preferably created based on a seed value created, encrypted, and stored in the step of registering a one-time-password user S209 shown in FIG. 2.
[30] If the created first one-time-password is inputted into the computer 20, the computer 20 transfers user's identification (ID) and the first one-time-password to the authentication server 30 through a communication network S 103.
[31] Here, the user ID can be personal information including information on an account or the like that the user has at a financial institute that uses a one-time-password in a financial transaction.
[32] The authentication server 30 that receives the user ID and the first onetime-password confirms whether the user is authorized in step S 104. This is to confirm whether the user is registered as a one-time-password user in the authentication server 30 in the step of registering a one-time-password user S210 shown in FIG. 2. If the user is confirmed to be an authorized user, user information and the first onetime-password value are transferred to the one-time-password server 40 in step S 105. The user information is preferably an institute code of an institute where the first one- time-password is used, the user ID, and the like. The one-time-password server 40 inquires a seed value of the corresponding user for the institute where the first onetime-password is used from the one-time-password database server 50 based on the transferred information and receives a return value S 106. The seed value is preferably the value transferred to the one-time-password server 50 in the step of registering a one-time-password user S208 shown in FIG. 2.
[33] The one-time -password server 40 that receives the seed value creates a second onetime-password in step S 107 based on the seed value received in step S 106. Then, the one-time-password server compares the created second one-time-password with the first one-time-password S 108. The one-time-password server transfers a result of the comparison to the authentication server 30 in step S 109, and the authentication server 30 performs authentication in connection with an existing authentication server and releases the connection SI lO.
[34] If the user has accounts at a plurality of financial institutes, the user should perform a user registration in order to create one-time-passwords in a plurality of modes using one program at the one-time-password terminal 10, and FIG. 2 shows the process of such a user registration.
[35] First, a user logs in the authentication server 30 using the computer 20 S201. The authentication server 30 requests to use a one-time-password to the computer 20 of the user in step S202 and transfers the institute code of an institute where the onetime-password is used and user ID to the one-time-password server 40 in step S203. The institute code means a unique identifier that can identify an institute where the one-time-password is used from other institutes, and the user ID can be personal information including information on an account or the like that the user has at a financial institute where the one-time-password is used.
[36] The one-time -password server 40 transfers the institute code and the user ID to the one-time-password database server, and the one-time-password database server registers the user ID based on the transferred institute code and user ID S204.
[37] On the other hand, the user executes a virtual machine (VM) of the onetime-password terminal 10 in step S205, and selects and handles an institute registration menu that can be included in the VM. Here, the VM is a terminology used by those skilled in the art, referring to software that functions as an interface between a complied binary code and a microprocessor that actually executes program instructions.
[38] The VM generates a certain random value through the institute registration menu.
The random value is preferably a nonce for stability. Unlike a general random value, if the same values are consecutively generated, the nonce discards the latter value and regenerates a random value that is not the same. The one-time-password terminal 10 may transfer the random value generated through the VM to the one-time-password server 40, or may not transfer and only save the generated random value. In addition, the onetime-password terminal requests the profile and a serial number of an institute where the one-time-password is used from the one-time-password server S206.
[39] The one-time -password server 40 issues a serial number and a seed value in response to the request S207. The serial number means a unique number of a program loaded on the one-time -password terminal. The serial number and the seed value are preferably independent values created without having a functional relation to each other, and the seed value is preferably determined as unique information mapped to the serial number.
[40] The one-time -password server 40 transfers the profile of the institute where the onetime-password is used requested in step S206 and the serial number issued in step S207 to the one-time-password terminal 10 S208, and transfers the seed value issued in step S207 to the one-time-password database server 50 S208 . The seed value stored in the one-time-password database server 50 is used to confirm whether the seed value is matched in step S 106 in the user authentication process shown in FIG. 1.
[41] The one-time -password terminal 10 registers the transferred profile and serial number and generates a separate seed value S209. That is, the transferred information is encrypted and processed in a method that uses the seed value.
[42] The user inputs the serial number received in step S209 through the computer 20, and the computer 20 transfers the inputted serial number to the authentication server 30, thereby completing the user registration process S210. At this point, it is preferable to input an initial one-time-password value together, and the seed value generated in step S209 is stored in a state encrypted based on the initial one-time -password.
[43] These steps can be repeated as many times as the number of financial institutes with which a customer has accounts. That is, the user selects financial institutes where onetime-passwords are used and iterates the steps shown in FIG. 2 as many times as the number of the desired financial institutes, and thus a profile of a corresponding financial institute and a seed value of the corresponding financial institute for the corresponding user are shared.
[44] The profile includes information on a one-time-password creation mode of a financial institute where the one-time-password is used and information on the financial institute itself. Preferably, the profile may include information on a onetime-password creation interval specifying at which minute intervals the onetime-password is created again, information on a one-time-password creation algorithm, the size of the one-time-password, information on whether the last digit of the created one-time-password is used as a checksum, information on whether the onetime-password is set when the one-time-password terminal is executed, a service name, a service logo icon, guide messages of a customer service center, and the like.
[45] Generally, the one-time-password creation algorithm includes a challenge-response method, a time-synchronization method, an event- synchronization method, a combination method, and the like, but other methods also can be used. Its algorithm is well-known among those skilled in the art.
[46] The one-time-password terminal 10 creates a one-time-password in a onetime-password creation mode of a financial institute, where the one-time-password is used, contained in the profile. The profile specified by each financial institute is different, and the one-time-password creation mode of each financial institute contained in the profile is transferred to the one-time-password terminal 10. A program loaded on the one-time-password terminal applies the one-time-password creation mode of each financial institute when creating a one-time-password, and thus all kinds of one-time-passwords having a different creation mode can be created with one program. That is, a password creation mode is not fixedly embedded in the program loaded on the one-time-password terminal 10, but information on the onetime-password creation mode of each financial institute where the one-time-password is used is received from the one-time-password server 40 and used by the program whenever needed. Therefore, all kinds of one-time-passwords having a different creation mode can be created with one program.
[47] FIG. 3 shows a process of sharing a seed in the process of registering a onetime-password by a user. The one-time-password terminal 10 and the onetime-password server 40 use a method of sharing a secret key through public key encryption.
[48] First, the one-time-password terminal 10 generates a first temporary random value in step S301. The random value is preferably a nonce. The first temporary random value is transferred to the one-time-password server 40 through public key encryption in step S302, and the one-time-password server 40 generates a second temporary random value S303 and transfers the second temporary random value to the onetime-password terminal 10 through public key encryption S304. At this point, the second temporary random value is preferably used as a serial number.
[49] Then, the one-time-password terminal 10 and the one-time-password server 40 respectively receive the temporary random value created by itself and the temporary random value created by the other side and generate a seed by combining the temporary random values with a secret key in step S305 and S306. Accordingly, a value that is hashed using the first temporary random value, the second temporary random value, and the secret key as variables is preferably used as the seed.
[50] SEED creation H(n) [Client Nonce I Server Nonce I Secret Key]
[51] FIG. 4 is a view showing an embodiment implementing a process of registering a one-time-password user at a one-time-password terminal according to the present invention. As shown in FIG. 2, a user executes a virtual machine (VM) of the onetime-password in step S205, and selects and handles an institute registration menu that can be included in the VM. At this point, the one-time-password terminal inquires whether a new financial institute will be registered, and if the user selects an affirmative, a list of financial institute that can be registered is arranged, and the user selects a financial institute to be registered.
[52] Next, the one-time-password terminal requests a profile and a serial number of the selected financial institute from the one-time-password server, and creates and transmits a random value together with the request. The one-time-password server that receives the random value issues a serial number and a seed value and transmits the issued serial number and seed value to the one-time-password terminal 10, and the serial number is displayed on the one-time-password terminal 10. In addition, it is possible to create an initial one-time-password at the same time. The exemplary screen E404 is a screen displaying a serial number issued by the one-time-password server, and the exemplary screen E405 is a screen displaying a one-time-password created by a program loaded on the one-time-password terminal in accordance with the received profile of a financial institute. The user transfers the serial number and the onetime-password to the authentication sever 30 using the computer 20, and the user registration is completed S210.
[53] FIG. 5 is an exemplary view showing a process of creating a one-time-password and authenticating the one-time-password from a registered institute using the onetime-password terminal 10. If the one-time-password terminal 10 is executed, registered institutes are displayed. If the user selects a desired institute, the onetime-password terminal creates a one-time-password. Using the created onetime-password, the user can obtain user authentication for a desired financial transaction (authentication of Internet banking or authentication of an ATM machine). Details thereof have been described referring to FIG. 1. Industrial Applicability
[54] As described above, according the present invention, in a program for creating onetime-passwords, provided is an effect of creating one-time-passwords in a plurality of modes provided by a plurality of financial institutes with one program.
[55] That is, all kinds of passwords of financial institutes that use a different onetime-password creation mode can be created and registered using a one-time-password terminal loaded with one program. Therefore, a user who has accounts at a plurality of financial institutes can be relieved from inconvenience of carrying a plurality of onetime-password terminals or installing a plurality of one-time-password creation programs provided and downloaded from the plurality of financial institutes in a cellular phone or the like. [56]

Claims

Claims
[1] A method of registering a one-time -password user in a one-time-password terminal by using the one-time -password terminal, in an environment including the one-time-password terminal loaded with a program for creating onetime-passwords in a plurality of modes, an authentication server for authenticating authenticity of the one-time-password user, a one-time-password server, and a one-time-password database server for storing information on the one-time-password user, the method comprising: a first step of allowing the one-time-password terminal to request both a profile of an institute for a corresponding one-time -password to be used and a serial number of the program for creating the one-time-password from the onetime-password server; a second step of allowing the one-time -password terminal to receive the serial number and the profile issued by the one-time-password server from the onetime-password server; and a third step of allowing the one-time-password terminal to register the profile and the password in the one-time-password terminal and generate a seed value, wherein the serial number received in the second step is transferred to and registered in the authentication server by the user, the profile is information on a corresponding one-time-password creation mode and information on the institute, and the one-time-password is created by the one-time-password terminal in a one-time-password creation mode determined by the profile.
[2] The method according to claim 1, wherein the first to fourth steps are repeated as many times as the number of the one-time-password creation modes.
[3] The method according to claim 1, wherein the profile contains any one or more of information on a one-time-password creation interval specifying at which minute intervals the one-time-password is created again, information on a onetime-password creation algorithm, the size of the one-time-password, information on whether a last digit of the created one-time-password is used as a checksum, information on whether the one-time-password is set when the onetime-password terminal is executed, a service name, a service logo icon, guide messages of a customer service center.
[4] A program for registering a one-time-password user in a one-time-password terminal by using the one-time -password terminal, the program being recorded in a computer readable recording medium, in an environment including a onetime-password terminal loaded with a program for creating one-time-passwords in a plurality of modes, an authentication server for authenticating authenticity of the one-time-password user, a one-time-password server, and a onetime-password database server for storing information on the one-time-password user, the program comprising: a first step of allowing the one-time-password terminal to request both a profile of an institute for a corresponding one-time -password to be used and a serial number of the program for creating the one-time-password from the onetime-password server; a second step of allowing the one-time -password terminal to receive the serial number and the profile issued by the one-time-password server from the onetime-password server; and a third step of allowing the one-time-password terminal to register the profile and the password in the one-time-password terminal and generate a seed value, wherein the serial number received in the second step is transferred to and registered in the authentication server by the user, the profile is information on a corresponding one-time-password creation mode and information on the institute, and the one-time-password is created by the one-time-password terminal in a one-time-password creation mode determined by the profile.
[5] A method for allowing a one-time-password server to authenticate a first onetime-password inputted by a user, in an environment including a onetime-password terminal loaded with a program for creating one-time-passwords in a plurality of modes, an authentication server for authenticating authenticity of the one-time-password user, the one-time-password server, and a onetime-password database server for storing information on the one-time-password user, the method comprising: a first step of allowing the one-time-password server to receive user information and the first one-time-password from the authentication server; a second step of allowing the one-time -password server to inquire and receive a seed value from the one-time-password database server based on the user information; a third step of allowing the one-time-password server to create a second onetime-password based on the seed value; and a fourth step of allowing the one-time-password server to compare the first onetime-password with the second one-time-password and transfer a result of the comparison to the authentication server, wherein the first one-time -password is created by the user using the onetime-password terminal and transferred to the authentication server.
[6] A program for allowing a one-time-password user to authenticate a first onetime-password inputted by a user, the program being recorded in a computer readable recording medium, in an environment including a one-time-password terminal loaded with a program for creating one-time-passwords in a plurality of modes, an authentication server for authenticating authenticity of the onetime-password user, the one-time-password server, and a one-time-password database server for storing information on the one-time-password user, the program comprising: a first step of allowing the one-time-password server to receive user information and a first one-time-password from the authentication server; a second step of allowing the one-time-password server to inquire and receive a seed value from the one-time-password database server based on the user information; a third step of allowing the one-time-password server to create a second onetime-password based on the seed value; and a fourth step of allowing the one-time-password server to compare the first onetime-password with the second one-time-password and transfer a result of the comparison to the authentication server, wherein the first one-time-password is created by the user using the one-time-password terminal and transferred to the authentication server.
PCT/KR2007/001890 2006-09-15 2007-04-18 Method for registering and certificating user of one time password by a plurality of mode and computer-readable recording medium where program executing the same method is recorded Ceased WO2008032916A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US12/441,310 US20090328168A1 (en) 2006-09-15 2007-04-18 Method for registering and certificating user of one time password by a plurality of mode and computer-readable recording medium where program executing the same method is recorded
JP2009528166A JP2010503912A (en) 2006-09-15 2007-04-18 User registration and authentication method for disposable passwords by a plurality of methods, and a computer-readable recording medium on which a program for performing the method is recorded

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR10-2006-0089569 2006-09-15
KR20060089569 2006-09-15
KR10-2007-0026677 2007-03-19
KR1020070026677A KR100786551B1 (en) 2006-09-15 2007-03-19 A computer-readable recording medium on which a user registration, authentication method, and program for performing the method of one-time passwords using a plurality of methods are recorded.

Publications (1)

Publication Number Publication Date
WO2008032916A1 true WO2008032916A1 (en) 2008-03-20

Family

ID=39183942

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2007/001890 Ceased WO2008032916A1 (en) 2006-09-15 2007-04-18 Method for registering and certificating user of one time password by a plurality of mode and computer-readable recording medium where program executing the same method is recorded

Country Status (1)

Country Link
WO (1) WO2008032916A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090307767A1 (en) * 2008-06-04 2009-12-10 Fujitsu Limited Authentication system and method
US8935762B2 (en) 2007-06-26 2015-01-13 G3-Vision Limited Authentication system and method
US10558978B1 (en) 2016-12-30 2020-02-11 Wells Fargo Bank, N.A. One-time passcode
US11552936B2 (en) * 2014-05-29 2023-01-10 Shape Security, Inc. Management of dynamic credentials
WO2023121671A1 (en) * 2021-12-23 2023-06-29 Eque Corporation Systems configured for validation with a dynamic cryptographic code and methods thereof
US12537688B2 (en) 2021-12-23 2026-01-27 Eque Corporation Systems configured for credential exchange with a dynamic cryptographic code and methods thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020063440A (en) * 2001-01-29 2002-08-03 주식회사 어니언소프트웨어 One-time password providing method, one-time password management system and method for protecting individual password outflow using one-time password management system
KR100412986B1 (en) * 2003-03-03 2003-12-31 Initech Co Ltd Method for generating and authenticating one-time password using synchronization and readable recording medium of storing program for generating one-time password
KR100441905B1 (en) * 2003-07-26 2004-07-27 주식회사 싸이클롭스 a certification service system utilizing a mobile phone as a tool for generating one time password
KR20050119515A (en) * 2004-06-16 2005-12-21 에스케이 텔레콤주식회사 Integrated authentication system based on one time password and method for constructing thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020063440A (en) * 2001-01-29 2002-08-03 주식회사 어니언소프트웨어 One-time password providing method, one-time password management system and method for protecting individual password outflow using one-time password management system
KR100412986B1 (en) * 2003-03-03 2003-12-31 Initech Co Ltd Method for generating and authenticating one-time password using synchronization and readable recording medium of storing program for generating one-time password
KR100441905B1 (en) * 2003-07-26 2004-07-27 주식회사 싸이클롭스 a certification service system utilizing a mobile phone as a tool for generating one time password
KR20050119515A (en) * 2004-06-16 2005-12-21 에스케이 텔레콤주식회사 Integrated authentication system based on one time password and method for constructing thereof

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8935762B2 (en) 2007-06-26 2015-01-13 G3-Vision Limited Authentication system and method
US20090307767A1 (en) * 2008-06-04 2009-12-10 Fujitsu Limited Authentication system and method
US11552936B2 (en) * 2014-05-29 2023-01-10 Shape Security, Inc. Management of dynamic credentials
US10558978B1 (en) 2016-12-30 2020-02-11 Wells Fargo Bank, N.A. One-time passcode
US11488168B1 (en) 2016-12-30 2022-11-01 Wells Fargo Bank, N.A. One-time passcode
US12026715B1 (en) 2016-12-30 2024-07-02 Wells Fargo Bank, N.A. One-time passcode
WO2023121671A1 (en) * 2021-12-23 2023-06-29 Eque Corporation Systems configured for validation with a dynamic cryptographic code and methods thereof
US12537688B2 (en) 2021-12-23 2026-01-27 Eque Corporation Systems configured for credential exchange with a dynamic cryptographic code and methods thereof

Similar Documents

Publication Publication Date Title
US20090328168A1 (en) Method for registering and certificating user of one time password by a plurality of mode and computer-readable recording medium where program executing the same method is recorded
US12300075B2 (en) Contactless card personal identification system
Hiltgen et al. Secure internet banking authentication
JP5066827B2 (en) Method and apparatus for authentication service using mobile device
US7644433B2 (en) Authentication system and method based upon random partial pattern recognition
EP2481230B1 (en) Authentication method, payment authorisation method and corresponding electronic equipments
US9053313B2 (en) Method and system for providing continued access to authentication and encryption services
US20040225899A1 (en) Authentication system and method based upon random partial digitized path recognition
KR20030057565A (en) Anti-spoofing password protection
JP2012503229A (en) Apparatus, system and computer program for authorizing server operation
KR20130125316A (en) Device, system, and method of secure entry and handling of passwords
AU2001283128A1 (en) Trusted authentication digital signature (TADS) system
JP2008269610A (en) Protecting sensitive data intended for remote application
CN116362747A (en) Block chain digital signature system
WO2008032916A1 (en) Method for registering and certificating user of one time password by a plurality of mode and computer-readable recording medium where program executing the same method is recorded
US20030002667A1 (en) Flexible prompt table arrangement for a PIN entery device
EP1046976B1 (en) Method and apparatus for enabling a user to authenticate a system prior to providing any user-privileged information
CN100504717C (en) Computing device with process-based keystore and method of operating a computing device
CN109743338A (en) Verification method, system, server and readable storage medium for automatic login
KR101769861B1 (en) User biometric authentication method and system using HSM smart card without password exposure
Ortiz-Yepes Enhancing Authentication in eBanking with NFC-enabled mobile phones
AU2004323374B2 (en) Authentication system and method based upon random partial digitized path recognition
JP2007336546A (en) Method and device of user authentication by server
JP2009020783A (en) Authentication system and authentication method using noncontact ic and personal digital assistant
WO2008084435A1 (en) Security arrangement

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200780033812.4

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07746052

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2009528166

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 12441310

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07746052

Country of ref document: EP

Kind code of ref document: A1