Authentication method and system

US 10,574,463 B2
Filed: 04/07/2019
Issued: 02/25/2020
Est. Priority Date: 02/06/2015
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for performing mutual authentication between an online service server and a service user comprising the steps of:

(a) generating, by an authentication server, a simple authentication number when a generation request of the simple authentication number including user account information of the service user accessing the online service server is received from the online service server;

(b) transmitting, by the authentication server, a generation condition used to generate the simple authentication number to a simple authenticator of a user corresponding to the user account information;

(c) generating, by the simple authenticator, an inspection authentication number corresponding to the simple authentication number by using the generation condition of the simple authentication number; and

(d) generating, by the authentication server, a corresponding inspection value to correspond to an additional inspection value transferred from the simple authenticator when inspection of the online service server through the simple authentication number and the inspection authentication number is completed and comparing whether the additional inspection value and the corresponding inspection value match each other to authenticate a corresponding service user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a computer implemented method for performing mutual authentication between an online service server and a service user, including: (a) generating, by an authentication server, a server inspection OTP; (b) generating, by an OTP generator, a verification OTP having the same condition as the server inspection OTP and using the same generation key as an OTP generation key and a calculation condition different from a calculation condition is applied or a generation key different from the OTP generation key is used and the same calculation condition as the calculation condition used for generating the server inspection OTP is applied to generate a user OTP; and (c) generating, by the authentication server, a corresponding OTP having the same condition as the user OTP and comparing whether the generated corresponding OTP and the user OTP match each other to authenticate the service user.

23 Citations

8 Claims

1. A computer implemented method for performing mutual authentication between an online service server and a service user comprising the steps of:
- (a) generating, by an authentication server, a simple authentication number when a generation request of the simple authentication number including user account information of the service user accessing the online service server is received from the online service server;
  
  (b) transmitting, by the authentication server, a generation condition used to generate the simple authentication number to a simple authenticator of a user corresponding to the user account information;
  
  (c) generating, by the simple authenticator, an inspection authentication number corresponding to the simple authentication number by using the generation condition of the simple authentication number; and
  
  (d) generating, by the authentication server, a corresponding inspection value to correspond to an additional inspection value transferred from the simple authenticator when inspection of the online service server through the simple authentication number and the inspection authentication number is completed and comparing whether the additional inspection value and the corresponding inspection value match each other to authenticate a corresponding service user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer implemented method of claim 1, wherein the generation request of the simple authentication number is transmitted from the online service server to the authentication server when the user account information, which the service user inputs to an online site provided by the online service server, matches previously-registered account information of a corresponding user.
  - 3. The computer implemented method of claim 1, wherein, in the step (b), the generation condition of the simple authentication number is transmitted from the authentication server to a mobile device of a user corresponding to the user account information or a simple authenticator installed in the mobile device through a push message or socket data communication.
  - 4. The computer implemented method of claim 1, wherein, in the step (a), the authentication server further receives client access environment information related to an access terminal of the service user accessing the online service server from the online service server and uses the client access information when the simple authentication number is generated,wherein, in the step (b), the authentication server transmits the generation condition of the simple authentication number including the client access environment information to the simple authenticator.
  - 5. The computer implemented method of claim 4, wherein the client access environment information is at least one of server variables related to an access terminal accessing the online service server, a host name, cookie information, a previous URL, a current connection IP address, a one-step-forwarded connection IP address, client browser information, client language information or system variables of the access terminal, a server host name of the online service server providing a service to the access terminal, a server IP address, a session ID, and maximum session valid time information.
  - 6. The computer implemented method of claim 4, wherein, in the step (a), the authentication server sets the client access environment information as a first seed value and at least one piece of preset additional information as a second seed value and generates the simple authentication number using a time or a number of times of attempts as an operation condition, andwherein, in the step (c), the simple authenticator generates the inspection authentication number by applying the same generation condition as in a case of generating the simple authentication number.
  - 7. The computer implemented method of claim 1, wherein, when inspection of the online service server is completed through the simple authentication number and the inspection authentication number, the simple authenticator generates an additional inspection value according to a preset condition and transmits the additional inspection value to the authentication server, andwherein the authentication server generates a corresponding inspection value by applying the same condition as the preset condition and when the additional inspection value matches the corresponding inspection value, notifies the online service server of normal authentication.
  - 8. The computer implemented method of claim 1, further comprising transmitting, by the authentication server, the simple authentication number to the online service server such that the simple authentication number is disclosed on an authentication number disclosure screen provided by the online service server,wherein, when a posterior access using the same account information as the user account information of the service user is attempted before an inspection valid time of the simple authentication number through the authentication number disclosure screen elapses or before inspection of the online service server by the service user is completed, andwherein the authentication server maintains the simple authentication number generated according to an anterior access or prevents new generation of a simple authentication number according to the posterior access during the inspection valid time of the simple authentication number or until the inspection of the online service server is completed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Estorm Co., Ltd.
Original Assignee
Estorm Co., Ltd.
Inventors
Woo, Jong Hyun
Primary Examiner(s)
Zaidi, Syed A

Application Number

US16/377,242
Publication Number

US 20190238336A1
Time in Patent Office

324 Days
Field of Search

726 6
US Class Current
CPC Class Codes

H04L 63/0838   using one-time-passwords

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0863   involving passwords or one-...

H04L 9/0872   using geo-location informat...

H04L 9/32   including means for verifyi...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3228   One-time or temporary data,...

Authentication method and system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

8 Claims

Specification

Use Cases

Quick Links

Others

Authentication method and system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

8 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others