Method of generating one-time password and apparatus for performing the same
First Claim
1. A method of generating a One-Time Password (OTP) performed by a user terminal including a processor, the method comprising:
- receiving, by the processor, user secret information that is input according to execution of a process of providing an OTP;
requesting, by the processor, the user verification apparatus to authenticate the received user secret information;
receiving, by the processor, a challenge value from the user verification apparatus;
generating, by the processor, a response value using the received challenge value and the user secret information;
transmitting, by the processor, the generated response value to the user verification apparatus; and
generating, by the processor, an OTP using at least one of the user secret information, the challenge value and the response value when the user secret information is authenticated by verifying of an effectiveness of the response value in the user verification apparatus,wherein the user verification apparatus is configured to store a user secret information verification value corresponding to identification information of the process that is set while the process of providing the OTP is installed in the user terminal, and store the challenge value and the response value that are used while the user secret information is authenticated, andwherein the user verification apparatus is configured to verify effectiveness of the OTP based on the identification information of the process, which is transmitted as the generated OTP is input to an online service that needs to authenticate a user, and the OTP.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a technology related to a method of generating an OTP and an apparatus for performing the same. The method includes receiving user secret information that is input according to execution of a process of providing an OTP; authenticating the user secret information by generating a response value based on the received user secret information and a challenge value received from a user verification apparatus, and transmitting the response value to the user verification apparatus; and generating an OTP using at least one of the user secret information, the challenge value and the response value as the user secret information is authenticated, thereby effectively dealing with loss or appropriation of a user terminal and also improving the security of an OTP.
-
Citations
4 Claims
-
1. A method of generating a One-Time Password (OTP) performed by a user terminal including a processor, the method comprising:
-
receiving, by the processor, user secret information that is input according to execution of a process of providing an OTP; requesting, by the processor, the user verification apparatus to authenticate the received user secret information; receiving, by the processor, a challenge value from the user verification apparatus; generating, by the processor, a response value using the received challenge value and the user secret information; transmitting, by the processor, the generated response value to the user verification apparatus; and generating, by the processor, an OTP using at least one of the user secret information, the challenge value and the response value when the user secret information is authenticated by verifying of an effectiveness of the response value in the user verification apparatus, wherein the user verification apparatus is configured to store a user secret information verification value corresponding to identification information of the process that is set while the process of providing the OTP is installed in the user terminal, and store the challenge value and the response value that are used while the user secret information is authenticated, and wherein the user verification apparatus is configured to verify effectiveness of the OTP based on the identification information of the process, which is transmitted as the generated OTP is input to an online service that needs to authenticate a user, and the OTP. - View Dependent Claims (2)
-
-
3. An apparatus for generating an One-Time Password (OT P) implemented as a user terminal, the apparatus comprising:
-
a processor; and a memory storing at least one instruction is configured to; receive user secret information that is input according to execution of a process of providing an OTP; request a user verification apparatus to authenticate the received user secret information; receive a challenge value from the user verification apparatus; generate a response value based on the received challenge value and the user secret information; transmit the response value to the user verification apparatus; and generate an OTP using at least one of the user secret information, the challenge value, and the response value when the user secret information is authenticated by verifying of the effectiveness of the response value in the user verification apparatus, wherein the user verification apparatus is configured to store a user secret information verification value corresponding to identification information of the process that is set while the process of providing the OTP is installed in the user terminal; and
store the challenge value and the response value that are used while the user secret information is authenticated, andwherein the user verification apparatus is configured to verify effectiveness of the OTP based on the identification information of the process, which is transmitted as the generated OTP is input to an online service that needs to authenticate a user, and the OTP. - View Dependent Claims (4)
-
Specification