USER AUTHENTICATION METHOD AND APPARATUS

US 20150089228A1
Filed: 09/23/2014
Published: 03/26/2015
Est. Priority Date: 09/23/2013
Status: Active Grant

First Claim

Patent Images

1. A user authentication method for authenticating a user from a server, the user authentication method comprising:

(a) transmitting a one-time server certification message in response to an authentication request including a user ID of a client terminal, and receiving a one-time terminal certification message from the client terminal; and

(b) authenticating the user by verifying the one-time terminal certification message by using a hash value stored beforehand in correspondence to the user ID.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user authentication method and apparatus are disclosed. One embodiment of the invention can provide a method for authenticating a user from a server that includes: (a) transmitting a one-time server certification message in response to an authentication request including a user ID of a client terminal, and receiving a one-time terminal certification message from the client terminal; and (b) authenticating the user by verifying the one-time terminal certification message by using a hash value stored beforehand in correspondence to the user ID.

Citations

14 Claims

1. A user authentication method for authenticating a user from a server, the user authentication method comprising:
- (a) transmitting a one-time server certification message in response to an authentication request including a user ID of a client terminal, and receiving a one-time terminal certification message from the client terminal; and
  
  (b) authenticating the user by verifying the one-time terminal certification message by using a hash value stored beforehand in correspondence to the user ID.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The user authentication method of claim 1, wherein the hash value is a resultant value of applying a password and a domain name to a unidirectional hash function and is registered together with the user ID received from the client terminal at a time of registering an account.
  - 3. The user authentication method of claim 1, wherein the one-time terminal certification message includes a resultant value of applying an exclusive disjunction operation to a second-order hash value and the hash value, the second-order hash value obtained by applying a hash function to at least one of the hash value, IP information of the client terminal, and a random value.
  - 4. The user authentication method of claim 3, wherein the random value is extracted from the one-time server certification message and is randomly generated with every authentication.
  - 5. The user authentication method of claim 3, wherein the authenticating of the user in said step (b) comprises:
    - calculating a second-order hash value by applying a unidirectional hash function to at least one of the random value, the hash value, and IP information included in a packet header of the one-time terminal certification message;
      
      deriving the resultant value of applying an exclusive disjunction operation to the calculated second-order hash value and the hash value; and
      
      authenticating the user by determining whether or not the derived resultant value and a resultant value included in the one-time terminal certification message are identical.
  - 6. The user authentication method of claim 1, wherein the transmitting of the one-time server certification message in said step (a) comprises:
    - generating a random value;
      
      calculating a verification seed value by applying an exclusive disjunction operation to the hash value and the random value;
      
      calculating a second-order hash value by applying a unidirectional hash function to at least one of the hash value, the random value, and IP information;
      
      calculating a resultant value of applying an exclusive disjunction operation to the second-order hash value and the hash value;
      
      generating the one-time server certification message including the resultant value and the verification seed value; and
      
      transmitting the generated one-time server certification message to the client terminal.
  - 7. The user authentication method of claim 1, further comprising, prior to said step (a):
    - storing the user ID and the hash value in correspondence to each other in response to an account registration request of the client terminal.

8. A user authentication request method for a client terminal requesting user authentication to a server, the user authentication request method comprising:
- transmitting a user ID to the server;
  
  receiving a one-time server certification message from the server in response to transmitting the user ID; and
  
  generating a one-time terminal certification message for user authentication, if a verification of the server is successful, and transmitting the one-time terminal certification message to the server, the verification of the server performed by verifying the one-time server certification message by using a hash value using a password.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The user authentication request method of claim 8, wherein the hash value is a resultant value of applying a password and a domain name to a unidirectional hash function.
  - 10. The user authentication request method of claim 8, wherein the one-time server certification message includes a verification seed value and a resultant value of applying an exclusive disjunction operation to a second-order hash value and the hash value, the second-order hash value obtained by applying a hash function to at least one of the hash value, IP information of the server, and a random value.
  - 11. The user authentication request method of claim 8, wherein the verifying of the one-time server certification message comprises:
    - extracting the verification seed value;
      
      extracting the random value by performing an exclusive disjunction operation on the hash value and the verification seed value;
      
      calculating a second-order hash value by applying a unidirectional hash function to the random value, IP information included in a packet header of the one-time server certification message, and the hash value, and performing an exclusive disjunction operation on the second-order hash value and the hash value to calculate a resultant value; and
      
      verifying the server according to whether or not the resultant value and a resultant value included in the one-time server certification message are identical.
  - 12. The user authentication request method of claim 8, wherein the generating of the one-time terminal certification message comprises:
    - generating a second-order hash value by applying a unidirectional hash function to at least one of the random value, the hash value, and IP information of the client terminal;
      
      calculating a resultant value of performing an exclusive disjunction operation on the second-order hash value and the hash value; and
      
      generating the one-time terminal certification message to include the resultant value.

13. A server comprising:
- a communication unit configured to transmit a one-time server certification message in response to an authentication request including a user ID of a client terminal and configured to receive a one-time terminal certification message from the client terminal in reply to the transmission; and
  
  an authentication unit configured to authenticate a user by verifying the one-time terminal certification message by using a hash value stored beforehand in correspondence to the user ID.

14. A client terminal comprising:
- a communication unit configured to receive a one-time server certification message in response to transmitting a user ID;
  
  a server verification unit configured to verify a server by verifying the one-time server certification message by using a hash value using a password; and
  
  an authentication request unit configured to generate a one-time terminal certification message for user authentication, if a verification of the server is successful, and to transmit the one-time terminal certification message to the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Foundation of Soongsil University-Industry Cooperation
Original Assignee
Foundation of Soongsil University-Industry Cooperation
Inventors
Kim, Ik Su

Granted Patent

US 9,203,839 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/1483   service impersonation, e.g....

H04L 9/3228   One-time or temporary data,...

H04L 9/3242   involving keyed hash functi...

USER AUTHENTICATION METHOD AND APPARATUS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

USER AUTHENTICATION METHOD AND APPARATUS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links