User authentication system for authenticating an authorized user of an IC card
First Claim
1. A system for authenticating an authorized user, comprising:
- an integrated circuit (IC) card containing a secret key for enabling generation of a one-time password and a random number;
a portable terminal adapted to accommodate said IC card for generating said one-time password and processing transactions conducted by a user;
a server installed at a host institution for authenticating the one-time password generated from the portable terminal;
said portable terminal comprising;
a card receiver adapted to receive said IC card for determining whether said IC card is inserted therein for the first time;
a random number memory for reading and storing, and then deleting the random number of said IC card when said IC card is inserted for the first time into said card receiver;
a first password generator for generating the one-time password by reading the secret key of said IC card and the random number stored in said random number memory;
a first random number changer for changing the random numbers stored in said random number memory into a predetermined value and storing the changed value in said random number memory when said one-time password is generated in said first password generator; and
a display for displaying the processed results of said terminal and said server, and said server comprising;
a secret key memory for storing a secret key and a predetermined random number identical to the secret key and a predetermined random number initially stored in said IC card;
a second password generator for reading the secret key and the random number stored in said secret key memory and for generating a one-time password;
a second random number changer for changing the random number value of said secret key memory into a value identical to the random number changer of said portable terminal, and storing the changed value in the secret key memory when the one-time password is generated by said second password generator;
a password receiver for receiving the one-time password generated from said portable terminal through a telephone network; and
a password verifier for verifying whether the one-time password received from said portable terminal is identical to the one-time password generated from said second password generator.
1 Assignment
0 Petitions
Accused Products
Abstract
An user authentication system for authenticating a user using an IC card in conjunction with a portable terminal used to generate a one-time password and a server used to generate a corresponding one-time password for user authentication. The IC card contains a secret key for generating a one-time password and predetermined random numbers. The portable terminal contains a card receiver for receiving the IC card, a random number memory for reading and storing, and then deleting the random numbers of the IC card, a first password generator for generating a one-time password by the secret key of the IC card and the random number, a first random number changer for changing the random number stored in the random number memory into a predetermined value and storing the changed value in the random number storing portion, and a display for displaying the processed results of the terminal and the server. The server includes a secret key memory for storing a secret key and a random number, a second password generator for generating a one-time password, a second random number changer for storing a random number value identical to the random number value of the terminal, a password receiver for receiving the one-time password of the terminal, a password verifier for verifying the password to authenticate the user. As a result, it is possible to raise the security level by using a one-time password in which a different password is used each time a user is authenticated, and to save costs by generating a one-time password for various services with a single terminal.
414 Citations
17 Claims
-
1. A system for authenticating an authorized user, comprising:
-
an integrated circuit (IC) card containing a secret key for enabling generation of a one-time password and a random number; a portable terminal adapted to accommodate said IC card for generating said one-time password and processing transactions conducted by a user; a server installed at a host institution for authenticating the one-time password generated from the portable terminal; said portable terminal comprising; a card receiver adapted to receive said IC card for determining whether said IC card is inserted therein for the first time; a random number memory for reading and storing, and then deleting the random number of said IC card when said IC card is inserted for the first time into said card receiver; a first password generator for generating the one-time password by reading the secret key of said IC card and the random number stored in said random number memory; a first random number changer for changing the random numbers stored in said random number memory into a predetermined value and storing the changed value in said random number memory when said one-time password is generated in said first password generator; and a display for displaying the processed results of said terminal and said server, and said server comprising; a secret key memory for storing a secret key and a predetermined random number identical to the secret key and a predetermined random number initially stored in said IC card; a second password generator for reading the secret key and the random number stored in said secret key memory and for generating a one-time password; a second random number changer for changing the random number value of said secret key memory into a value identical to the random number changer of said portable terminal, and storing the changed value in the secret key memory when the one-time password is generated by said second password generator; a password receiver for receiving the one-time password generated from said portable terminal through a telephone network; and a password verifier for verifying whether the one-time password received from said portable terminal is identical to the one-time password generated from said second password generator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for authenticating an authorized user using a user authentication system comprising an IC card for storing a predetermined random number and a secret key for generating a one-time password, a terminal for generating a one-time password using said IC card as an input, and a server for storing the secret key and a random number identical to those of said IC card, said method comprising the steps:
-
inserting said IC card into said terminal; determining whether said IC card is inserted into said terminal for the first time; initializing a predetermined service and generating a one-time password when said IC card is inserted into said terminal for the first time, and alternatively, generating the one-time password when said IC card is inserted into said terminal at later times; wherein the initialization of said predetermined service comprises the steps of reading the random number of said IC card and storing the random number in the terminal, and subsequently deleting the random number from said IC card; wherein the generation of said one-time password comprises the steps of (a) reading the secret key of said IC card and the random number stored in said terminal;
(b) executing a symmetrical key cipher algorithm using said secret key and random number as an input;
(c) performing a one way hash function on a value output from said symmetrical key cipher algorithm;
(d) changing the random number into a predetermined value and storing the same in the terminal; and
(e) converting the output of said one way hash function into a predetermined format;receiving a one-time password generated in a previous step through a predetermined communication medium, and verifying said one-time password for user authentication; wherein the verification of the one-time password comprises the steps of receiving the one-time password generated from said terminal, through said predetermined communication medium;
reading the secret key and the random number stored in said server;
performing a symmetrical key cipher algorithm using said secret key and said random number as an input;
performing a one way hash function on the value output from said symmetrical key cipher algorithm;
changing said random number into a predetermined value and storing the same in the terminal; and
converting the output of said one way hash function into a predetermined format for user authentication, when said predetermined format corresponds to the one-time password received from the terminal. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification