Authentication method and system
First Claim
1. A computer implemented method for performing mutual authentication between an online service server and a service user, the method comprising the steps of:
- (a) generating, by an authentication server, a server inspection OTP according to a server inspection OTP generation request;
(b) generating, by an OTP generator, a verification OTP having the same condition as the server inspection OTP in order to verify whether the online service server is true and using the same generation key as an OTP generation key used for generating the server inspection OTP and a calculation condition different from a calculation condition used for generating the server inspection OTP is applied or a generation key different from the OTP generation key used for generating the server inspection OTP is used and the same calculation condition as the calculation condition used for generating the server inspection OTP is applied to generate a user OTP having a value paired with the server inspection OTP; and
(c) generating, by the authentication server, when a user authentication request including the user OTP is received from the online service server, a corresponding OTP having the same condition as the user OTP and comparing whether the generated corresponding OTP and the user OTP match each other to authenticate the service user.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided is a computer implemented method for performing mutual authentication between an online service server and a service user, including: (a) generating, by an authentication server, a server inspection OTP; (b) generating, by an OTP generator, a verification OTP having the same condition as the server inspection OTP and using the same generation key as an OTP generation key and a calculation condition different from a calculation condition is applied or a generation key different from the OTP generation key is used and the same calculation condition as the calculation condition used for generating the server inspection OTP is applied to generate a user OTP; and (c) generating, by the authentication server, a corresponding OTP having the same condition as the user OTP and comparing whether the generated corresponding OTP and the user OTP match each other to authenticate the service user.
15 Citations
11 Claims
-
1. A computer implemented method for performing mutual authentication between an online service server and a service user, the method comprising the steps of:
-
(a) generating, by an authentication server, a server inspection OTP according to a server inspection OTP generation request; (b) generating, by an OTP generator, a verification OTP having the same condition as the server inspection OTP in order to verify whether the online service server is true and using the same generation key as an OTP generation key used for generating the server inspection OTP and a calculation condition different from a calculation condition used for generating the server inspection OTP is applied or a generation key different from the OTP generation key used for generating the server inspection OTP is used and the same calculation condition as the calculation condition used for generating the server inspection OTP is applied to generate a user OTP having a value paired with the server inspection OTP; and (c) generating, by the authentication server, when a user authentication request including the user OTP is received from the online service server, a corresponding OTP having the same condition as the user OTP and comparing whether the generated corresponding OTP and the user OTP match each other to authenticate the service user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system of authentication, which performs mutual authentication between an online service server and a service user, the system comprising:
-
a memory configured to store program instructions; and at least one processor, coupled to said memory, and configured to execute the program instructions to implement a method comprising; generating, by an authentication server, a server inspection OTP according to a server inspection OTP generation request, generating, when a user authentication request including a user OTP is received from the online service server, a corresponding OTP having the same condition as the user OTP, and comparing whether the generated corresponding OTP and the user OTP match each other to authenticate the service user; and generating, by an OTP generator, a verification OTP having the same condition as the server inspection OTP in order to verify whether the online service server is true and using the same generation key as an OTP generation key used for generating the server inspection OTP and a calculation condition different from a calculation condition used for generating the server inspection OTP is applied or a generation key different from the OTP generation key used for generating the server inspection OTP is used and the same calculation condition as the calculation condition used for generating the server inspection OTP is applied to generate a user OTP having a value paired with the server inspection OTP.
-
Specification