METHOD OF GENERATING ONE-TIME PASSWORD AND APPARATUS FOR PERFORMING THE SAME

US 20150180862A1
Filed: 12/18/2014
Published: 06/25/2015
Est. Priority Date: 12/20/2013
Status: Active Grant

First Claim

Patent Images

1. A method of generating a One-Time Password (OTP) performed by a user terminal, the method comprising:

receiving user secret information that is input according to execution of a process of providing an OTP;

authenticating the user secret information by generating a response value based on the received user secret information and a challenge value received from a user verification apparatus, and transmitting the response value to the user verification apparatus; and

generating an OTP using at least one of the user secret information, the challenge value and the response value as the user secret information is authenticated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a technology related to a method of generating an OTP and an apparatus for performing the same. The method includes receiving user secret information that is input according to execution of a process of providing an OTP; authenticating the user secret information by generating a response value based on the received user secret information and a challenge value received from a user verification apparatus, and transmitting the response value to the user verification apparatus; and generating an OTP using at least one of the user secret information, the challenge value and the response value as the user secret information is authenticated, thereby effectively dealing with loss or appropriation of a user terminal and also improving the security of an OTP.

13 Citations

View as Search Results

10 Claims

1. A method of generating a One-Time Password (OTP) performed by a user terminal, the method comprising:
- receiving user secret information that is input according to execution of a process of providing an OTP;
  
  authenticating the user secret information by generating a response value based on the received user secret information and a challenge value received from a user verification apparatus, and transmitting the response value to the user verification apparatus; and
  
  generating an OTP using at least one of the user secret information, the challenge value and the response value as the user secret information is authenticated.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the authenticating of the user secret information comprises:
    - requesting the user verification apparatus to authenticate the received user secret information;
      
      receiving the challenge value from the user verification apparatus;
      
      generating a response value using the received challenge value and the user secret information; and
      
      transmitting the generated response value to the user verification apparatus.
  - 3. The method of claim 2, wherein the user verification apparatus is configured to:
    - store a user secret information verification value corresponding to identification information of the process that is set while the process of providing the OTP is installed in the user terminal, and store the challenge value and the response value that are used while the user secret information is authenticated.
  - 4. The method of claim 3, wherein the user verification apparatus is configured to verify effectiveness of the OTP based on the identification information of the process, which is transmitted as the generated OTP is input to an online service that needs to authenticate a user, and the OTP.
  - 5. The method of claim 4, wherein the verifying of effectiveness of the OTP is achieved by comparing a verification-purpose password generated using at least one of the user secret information verification value corresponding to the identification information of the process, the challenge value, and the response value, which are stored in the user authentication apparatus, with the OTP input into the online service.

6. An apparatus for generating an One-Time Password (OTP) implemented by a user terminal, the apparatus comprising:
- a secret information receiving unit configured to receive user secret information that is input according to execution of a process of providing an OTP;
  
  a secret information authenticating unit configured to authenticate the user secret information by generating a response value based on the received user secret information and a challenge value received from a user verification apparatus, and transmitting the response value to the user verification apparatus; and
  
  an OTP generating unit configured to generate an OTP using at least one of the user secret information, the challenge value, and the response value as the user secret information is authenticated.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The apparatus of claim 6, wherein the secret information authenticating unit is configured to receive the challenge value by requesting the user verification apparatus to authenticate the received user secret information, generate a response value based on the received challenge value and the user secret information;
    - and transmit the response value to the user verification apparatus.
  - 8. The apparatus of claim 7, wherein the user verification apparatus is configured to store a user secret information verification value corresponding to identification information of the process that is set while the process of providing the OTP is installed in the user terminal;
    - and store the challenge value and the response value that are used while the user secret information is authenticated.
  - 9. The apparatus of claim 8, wherein the user verification apparatus is configured to verify effectiveness of the OTP based on the identification information of the process, which is transmitted as the generated OTP is input to an online service that needs to authenticate a user, and the OTP.
  - 10. The apparatus of claim 9, wherein the verifying of effectiveness of the OTP is achieved by comparing a verification-purpose password generated using at least one of the user secret information verification value corresponding to the identification information of the process, the challenge value and the response value, which are stored in the user authentication apparatus, with the OTP input into the online service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Penta Security Systems Inc.
Original Assignee
Penta Security Systems Inc.
Inventors
LEE, Seok Woo, SIM, Sang Gyoo, KIM, Duk Soo, JOO, Gi Young, LEE, You Sik

Granted Patent

US 9,621,546 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0838 using one-time-passwords

METHOD OF GENERATING ONE-TIME PASSWORD AND APPARATUS FOR PERFORMING THE SAME

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD OF GENERATING ONE-TIME PASSWORD AND APPARATUS FOR PERFORMING THE SAME

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links