Method of generating one-time password and apparatus for performing the same

US 9,621,546 B2
Filed: 12/18/2014
Issued: 04/11/2017
Est. Priority Date: 12/20/2013
Status: Active Grant

First Claim

Patent Images

1. A method of generating a One-Time Password (OTP) performed by a user terminal including a processor, the method comprising:

receiving, by the processor, user secret information that is input according to execution of a process of providing an OTP;

requesting, by the processor, the user verification apparatus to authenticate the received user secret information;

receiving, by the processor, a challenge value from the user verification apparatus;

generating, by the processor, a response value using the received challenge value and the user secret information;

transmitting, by the processor, the generated response value to the user verification apparatus; and

generating, by the processor, an OTP using at least one of the user secret information, the challenge value and the response value when the user secret information is authenticated by verifying of an effectiveness of the response value in the user verification apparatus,wherein the user verification apparatus is configured to store a user secret information verification value corresponding to identification information of the process that is set while the process of providing the OTP is installed in the user terminal, and store the challenge value and the response value that are used while the user secret information is authenticated, andwherein the user verification apparatus is configured to verify effectiveness of the OTP based on the identification information of the process, which is transmitted as the generated OTP is input to an online service that needs to authenticate a user, and the OTP.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a technology related to a method of generating an OTP and an apparatus for performing the same. The method includes receiving user secret information that is input according to execution of a process of providing an OTP; authenticating the user secret information by generating a response value based on the received user secret information and a challenge value received from a user verification apparatus, and transmitting the response value to the user verification apparatus; and generating an OTP using at least one of the user secret information, the challenge value and the response value as the user secret information is authenticated, thereby effectively dealing with loss or appropriation of a user terminal and also improving the security of an OTP.

Citations

4 Claims

1. A method of generating a One-Time Password (OTP) performed by a user terminal including a processor, the method comprising:
- receiving, by the processor, user secret information that is input according to execution of a process of providing an OTP;
  
  requesting, by the processor, the user verification apparatus to authenticate the received user secret information;
  
  receiving, by the processor, a challenge value from the user verification apparatus;
  
  generating, by the processor, a response value using the received challenge value and the user secret information;
  
  transmitting, by the processor, the generated response value to the user verification apparatus; and
  
  generating, by the processor, an OTP using at least one of the user secret information, the challenge value and the response value when the user secret information is authenticated by verifying of an effectiveness of the response value in the user verification apparatus,wherein the user verification apparatus is configured to store a user secret information verification value corresponding to identification information of the process that is set while the process of providing the OTP is installed in the user terminal, and store the challenge value and the response value that are used while the user secret information is authenticated, andwherein the user verification apparatus is configured to verify effectiveness of the OTP based on the identification information of the process, which is transmitted as the generated OTP is input to an online service that needs to authenticate a user, and the OTP.
- View Dependent Claims (2)
- - 2. The method of claim 1, wherein the verifying of effectiveness of the OTP is achieved by comparing a verification-purpose password generated using at least one of the user secret information verification value corresponding to the identification information of the process, the challenge value, and the response value, which are stored in the user authentication apparatus, with the OTP input into the online service.

3. An apparatus for generating an One-Time Password (OT P) implemented as a user terminal, the apparatus comprising:
- a processor; and
  
  a memory storing at least one instruction is configured to;
  
  receive user secret information that is input according to execution of a process of providing an OTP;
  
  request a user verification apparatus to authenticate the received user secret information;
  
  receive a challenge value from the user verification apparatus;
  
  generate a response value based on the received challenge value and the user secret information;
  
  transmit the response value to the user verification apparatus; and
  
  generate an OTP using at least one of the user secret information, the challenge value, and the response value when the user secret information is authenticated by verifying of the effectiveness of the response value in the user verification apparatus,wherein the user verification apparatus is configured to store a user secret information verification value corresponding to identification information of the process that is set while the process of providing the OTP is installed in the user terminal; and
  
  store the challenge value and the response value that are used while the user secret information is authenticated, andwherein the user verification apparatus is configured to verify effectiveness of the OTP based on the identification information of the process, which is transmitted as the generated OTP is input to an online service that needs to authenticate a user, and the OTP.
- View Dependent Claims (4)
- - 4. The apparatus of claim 3, wherein the verifying of effectiveness of the OTP is achieved by comparing a verification-purpose password generated using at least one of the user secret information verification value corresponding to the identification information of the process, the challenge value and the response value, which are stored in the user authentication apparatus, with the OTP input into the online service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Penta Security Systems Inc.
Original Assignee
Penta Security Systems Inc.
Inventors
Lee, You Sik, Joo, Gi Young, Lee, Seok Woo, Sim, Sang Gyoo, Kim, Duk Soo
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US14/575,016
Publication Number

US 20150180862A1
Time in Patent Office

845 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0838 using one-time-passwords

Method of generating one-time password and apparatus for performing the same

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

4 Claims

Specification

Solutions

Use Cases

Quick Links

Method of generating one-time password and apparatus for performing the same

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

4 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links