User authentication method and apparatus

US 9,203,839 B2
Filed: 09/23/2014
Issued: 12/01/2015
Est. Priority Date: 09/23/2013
Status: Active Grant

First Claim

Patent Images

1. A user authentication method for authenticating a user from a server, the user authentication method comprising:

(a) transmitting a one-time server certification message in response to an authentication request including a user ID of a client terminal, and receiving a one-time terminal certification message from the client terminal; and

(b) authenticating the user by verifying the one-time terminal certification message by using a hash value stored beforehand in correspondence to the user ID,wherein the authenticating of the user in said step (b) comprises;

calculating a second-order hash value by applying a unidirectional hash function to at least one of a random value, the hash value, and IP information included in a packet header of the one-time terminal certification message;

deriving a resultant value of applying an exclusive disjunction operation to the calculated second-order hash value and the hash value; and

authenticating the user by determining whether or not the derived resultant value and a resultant value included in the one-time terminal certification message are identical.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user authentication method and apparatus are disclosed. One embodiment of the invention can provide a method for authenticating a user from a server that includes: (a) transmitting a one-time server certification message in response to an authentication request including a user ID of a client terminal, and receiving a one-time terminal certification message from the client terminal; and (b) authenticating the user by verifying the one-time terminal certification message by using a hash value stored beforehand in correspondence to the user ID.

Citations

12 Claims

1. A user authentication method for authenticating a user from a server, the user authentication method comprising:
- (a) transmitting a one-time server certification message in response to an authentication request including a user ID of a client terminal, and receiving a one-time terminal certification message from the client terminal; and
  
  (b) authenticating the user by verifying the one-time terminal certification message by using a hash value stored beforehand in correspondence to the user ID,wherein the authenticating of the user in said step (b) comprises;
  
  calculating a second-order hash value by applying a unidirectional hash function to at least one of a random value, the hash value, and IP information included in a packet header of the one-time terminal certification message;
  
  deriving a resultant value of applying an exclusive disjunction operation to the calculated second-order hash value and the hash value; and
  
  authenticating the user by determining whether or not the derived resultant value and a resultant value included in the one-time terminal certification message are identical.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The user authentication method of claim 1, wherein the hash value is a resultant value of applying a password and a domain name to a unidirectional hash function and is registered together with the user ID received from the client terminal at a time of registering an account.
  - 3. The user authentication method of claim 1, wherein the one-time terminal certification message includes the resultant value of applying the exclusive disjunction operation to the second-order hash value and the hash value, the second-order hash value obtained by applying a hash function to at least one of the hash value, IP information of the client terminal, and the random value.
  - 4. The user authentication method of claim 3, wherein the random value is extracted from the one-time server certification message and is randomly generated with every authentication.
  - 5. The user authentication method of claim 1, wherein the transmitting of the one-time server certification message in said step (a) comprises:
    - generating a random value;
      
      calculating a verification seed value by applying an exclusive disjunction operation to the hash value and the random value;
      
      calculating a second-order hash value by applying a unidirectional hash function to at least one of the hash value, the random value, and IP information;
      
      calculating a resultant value of applying an exclusive disjunction operation to the second-order hash value and the hash value;
      
      generating the one-time server certification message including the resultant value and the verification seed value; and
      
      transmitting the generated one-time server certification message to the client terminal.
  - 6. The user authentication method of claim 1, further comprising, prior to said step (a):
    - storing the user ID and the hash value in correspondence to each other in response to an account registration request of the client terminal.

7. A user authentication request method for a client terminal requesting user authentication to a server, the user authentication request method comprising:
- transmitting a user ID to the server;
  
  receiving a one-time server certification message from the server in response to transmitting the user ID; and
  
  generating a one-time terminal certification message for user authentication, if a verification of the server is successful, and transmitting the one-time terminal certification message to the server, the verification of the server performed by verifying the one-time server certification message by using a hash value using a password,wherein the generating of the one-time terminal certification message comprises;
  
  generating a second-order hash value by applying a unidirectional hash function to at least one of the random value, the hash value, and IP information of the client terminal;
  
  calculating a resultant value of performing an exclusive disjunction operation on the second-order hash value and the hash value; and
  
  generating the one-time terminal certification message to include the resultant value.
- View Dependent Claims (8, 9, 10)
- - 8. The user authentication request method of claim 7, wherein the hash value is a resultant value of applying a password and a domain name to a unidirectional hash function.
  - 9. The user authentication request method of claim 7, wherein the one-time server certification message includes a verification seed value and a resultant value of applying an exclusive disjunction operation to a second-order hash value and the hash value, the second-order hash value obtained by applying a hash function to at least one of the hash value, IP information of the server, and a random value.
  - 10. The user authentication request method of claim 7, wherein the verifying of the one-time server certification message comprises:
    - extracting the verification seed value;
      
      extracting the random value by performing an exclusive disjunction operation on the hash value and the verification seed value;
      
      calculating a second-order hash value by applying a unidirectional hash function to the random value, IP information included in a packet header of the one-time server certification message, and the hash value, and performing an exclusive disjunction operation on the second-order hash value and the hash value to calculate a resultant value; and
      
      verifying the server according to whether or not the resultant value and a resultant value in the one-time server certification message are identical.

11. A server comprising:
- a processor configured to;
  
  transmit a one-time server certification message in response to an authentication request including a user ID of a client terminal and receive a one-time terminal certification message from the client terminal in reply to the transmission;
  
  authenticate a user by verifying the one-time terminal certification message by using a hash value stored beforehand in correspondence to the user ID;
  
  calculate a second-order hash value by applying a unidirectional hash function to at least one of a random value, the hash value, and IP information included in a packet header of the one-time terminal certification message;
  
  derive a resultant value of applying an exclusive disjunction operation to the calculated second-order hash value and the hash value; and
  
  authenticate the user by determining whether or not the derived resultant value and a resultant value included in the one-time terminal certification message are identical.

12. A client terminal comprising:
- a processor configured to;
  
  receive a one-time server certification message in response to transmitting a user ID;
  
  verify a server by verifying the one-time server certification message by using a hash value using a password;
  
  generate a one-time terminal certification message for user authentication, if a verification of the server is successful, and to transmit the one-time terminal certification message to the server;
  
  generate a second-order hash value by applying a unidirectional hash function to at least one of the random value, the hash value, and IP information of the client terminal;
  
  calculate a resultant value of performing an exclusive disjunction operation on the second-order hash value and the hash value; and
  
  generate the one-time terminal certification message to include the resultant value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Foundation of Soongsil University-Industry Cooperation
Original Assignee
Foundation of Soongsil University-Industry Cooperation
Inventors
Kim, Ik Su
Primary Examiner(s)
LE, CHAU D

Application Number

US14/493,926
Publication Number

US 20150089228A1
Time in Patent Office

434 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/1483   service impersonation, e.g....

H04L 9/3228   One-time or temporary data,...

H04L 9/3242   involving keyed hash functi...

User authentication method and apparatus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

User authentication method and apparatus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links