Authentication method and system

US 10,298,400 B2
Filed: 01/28/2016
Issued: 05/21/2019
Est. Priority Date: 02/06/2015
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for performing mutual authentication between an online service server and a service user, the method comprising the steps of:

(a) generating, by an authentication server, a server inspection OTP according to a server inspection OTP generation request;

(b) generating, by an OTP generator, a verification OTP having the same condition as the server inspection OTP in order to verify whether the online service server is true and using the same generation key as an OTP generation key used for generating the server inspection OTP and a calculation condition different from a calculation condition used for generating the server inspection OTP is applied or a generation key different from the OTP generation key used for generating the server inspection OTP is used and the same calculation condition as the calculation condition used for generating the server inspection OTP is applied to generate a user OTP having a value paired with the server inspection OTP; and

(c) generating, by the authentication server, when a user authentication request including the user OTP is received from the online service server, a corresponding OTP having the same condition as the user OTP and comparing whether the generated corresponding OTP and the user OTP match each other to authenticate the service user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a computer implemented method for performing mutual authentication between an online service server and a service user, including: (a) generating, by an authentication server, a server inspection OTP; (b) generating, by an OTP generator, a verification OTP having the same condition as the server inspection OTP and using the same generation key as an OTP generation key and a calculation condition different from a calculation condition is applied or a generation key different from the OTP generation key is used and the same calculation condition as the calculation condition used for generating the server inspection OTP is applied to generate a user OTP; and (c) generating, by the authentication server, a corresponding OTP having the same condition as the user OTP and comparing whether the generated corresponding OTP and the user OTP match each other to authenticate the service user.

15 Citations

11 Claims

1. A computer implemented method for performing mutual authentication between an online service server and a service user, the method comprising the steps of:
- (a) generating, by an authentication server, a server inspection OTP according to a server inspection OTP generation request;
  
  (b) generating, by an OTP generator, a verification OTP having the same condition as the server inspection OTP in order to verify whether the online service server is true and using the same generation key as an OTP generation key used for generating the server inspection OTP and a calculation condition different from a calculation condition used for generating the server inspection OTP is applied or a generation key different from the OTP generation key used for generating the server inspection OTP is used and the same calculation condition as the calculation condition used for generating the server inspection OTP is applied to generate a user OTP having a value paired with the server inspection OTP; and
  
  (c) generating, by the authentication server, when a user authentication request including the user OTP is received from the online service server, a corresponding OTP having the same condition as the user OTP and comparing whether the generated corresponding OTP and the user OTP match each other to authenticate the service user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer implemented method for performing mutual authentication of claim 1, further comprising:
    - before step (b),transmitting, by the authentication server, the OTP generation key and the calculation condition used for generating the server inspection OTP to the OTP generator installed in a mobile device of the service user through push message or socket transmission.
  - 3. The computer implemented method for performing mutual authentication of claim 1, whereinthe server inspection OTP generation request is transmitted from the online service server to the authentication server when user account information which the service user inputs in an online site provided by the online service server matches account information of the corresponding user, which is previously registered.
  - 4. The computer implemented method for performing mutual authentication of claim 1, whereinas the OTP generation key used for generating the server inspection OTP, any one of a fixation key previously registered to corresponding to the user account information of the service user, a previously registered fixation key corresponding to identification information of an authentic online service server, and a dynamic allocation key dynamically allocated at the time when the service user accesses the online service server is used.
  - 5. The computer implemented method for performing mutual authentication of claim 4, wherein:
    - as the dynamic allocation key, access terminal connection information of the service user accessing the online service server is used, andthe access terminal connection information is session ID or socket handle information allocated by the online service server at the time when the service user accesses the online service server.
  - 6. The computer implemented method for performing mutual authentication of claim 1, wherein:
    - the server inspection OTP is generated by using the OTP generation key as a seed value and setting the number of attempt times as a first calculation condition based on a challenge and response generation scheme as a calculation condition, andthe user OTP is generated by using the same generation key as the OTP generation key and a time as a second calculation condition based on a time OTP generation scheme as the calculation condition.
  - 7. The computer implemented method for performing mutual authentication of claim 6, whereinbefore a user OTP input valid time depending on an access attempt to the online service server by the service user elapsed or before the user OTP is input, a posterior access using the same account information as the user account information as the service user is reattempted,the authentication server maintains the server inspection OTP generated according to a prior access as it is or prevents the server inspection OTP depending on the posterior access from being newly generated for the user OTP input valid time or before the user OTP is input.
  - 8. The computer implemented method for performing mutual authentication of claim 1, whereinthe server inspection OTP and the user OTP are generated by the same generation key and the same generation method and generated by different calculation conditions having different mode distinguisher to be generates as values paired with each other.
  - 9. The computer implemented method for performing mutual authentication of claim 1, further comprising:
    - transmitting, by the authentication server, the server inspection OTP to the online service server so that the generated server inspection OTP is disclosed through an OTP disclosure screen provided by the online service server,wherein in the OTP disclosure screen, an OTP display window disclosing the server inspection OTP and an OTP input window for inputting the user OTP are both displayed, andin step (b), the user OTP is displayed while being paired with the verification OTP on the same screen through the mobile device in which the OTP generator is installed.
  - 10. The computer implemented method for performing mutual authentication of claim 9, wherein:
    - the OTP display window and the OTP input window are displayed in the OTP disclosure screen to be cognitively distinguished, andthe same cognitive distinguishing effect as applied to the OTP display window and the OTP input window is applied to the verification OTP an the user OTP displayed through the same screen of the mobile device to be displayed on the screen of the mobile device.

11. A system of authentication, which performs mutual authentication between an online service server and a service user, the system comprising:
- a memory configured to store program instructions; and
  
  at least one processor, coupled to said memory, and configured to execute the program instructions to implement a method comprising;
  
  generating, by an authentication server, a server inspection OTP according to a server inspection OTP generation request, generating, when a user authentication request including a user OTP is received from the online service server, a corresponding OTP having the same condition as the user OTP, and comparing whether the generated corresponding OTP and the user OTP match each other to authenticate the service user; and
  
  generating, by an OTP generator, a verification OTP having the same condition as the server inspection OTP in order to verify whether the online service server is true and using the same generation key as an OTP generation key used for generating the server inspection OTP and a calculation condition different from a calculation condition used for generating the server inspection OTP is applied or a generation key different from the OTP generation key used for generating the server inspection OTP is used and the same calculation condition as the calculation condition used for generating the server inspection OTP is applied to generate a user OTP having a value paired with the server inspection OTP.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Estorm Co., Ltd.
Original Assignee
Estorm Co., Ltd.
Inventors
Woo, Jong Hyun
Primary Examiner(s)
Zaidi, Syed A

Application Number

US15/540,035
Publication Number

US 20180270067A1
Time in Patent Office

1,209 Days
Field of Search

726 6
US Class Current
CPC Class Codes

H04L 63/0838   using one-time-passwords

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0863   involving passwords or one-...

H04L 9/0872   using geo-location informat...

H04L 9/32   including means for verifyi...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3228   One-time or temporary data,...

Authentication method and system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method and system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links