User authentication methods with enhanced integrity and security

Abstract

The present invention relates to a user authentication method having strengthened integrity and security, the user authentication method according to the present invention comprising: a first step for, when a user registration process begins, a user terminal generating a first common authentication key by executing a primary transformation, and providing the first common authentication key, encrypted by executing a secondary transformation, to an authentication server, and the authentication server registering the encrypted first common authentication key; a second step for the authentication server generating a first server authentication key, and generating a first server authentication data by means of an OTP arithmetic operation on the first server authentication key; a third step for, when an authentication process begins, the user terminal generating a second common authentication key by executing a primary transformation, and then generating an encrypted second common authentication key by executing a secondary transformation, and generating a first user authentication key and generating a first user authentication data by means of an OTP arithmetic operation on the first user authentication key; and a fourth step for authenticating a user in accordance with whether the first server authentication data and first user authentication data match, or for authenticating the authentication server by determining the authenticity of the authentication server.

Description

Technical field [0001] The present invention relates to a user authentication method that has strengthened integrity and security, and more specifically, it relates to a method that cuts off personal information leakage from the source on an open network, gets rid of the danger of hacker attacks, strengthens security, and can verify transmitted data. Integrity, enhanced user authentication method of integrity and security, user authentication method. Background technique [0002] In modern society, compared with face-to-face contact, financial transactions through online environments or businesses that require various user authentication are becoming widespread. Compared with face-to-face contact, online user authentication requires more cautious access. In most cases, various security programs or control programs including ActiveX and keyboard security programs are required to be installed in the user terminal, through electronic certificates or security cards, Security devices...

AI Technical Summary

Problems solved by technology

[0004] However, when a user trades with multiple financial institutions, it is necessary to have multiple OTP authentication devices provided by each financial institution. Therefore, consumers need to separately purchase OTP authentication devices from each financial institution, and there is a need to hold multiple OTP authentication devices. Inconvenience of the authentication device, and the inconvenience of having to search for an authentication device for a specific financial institution one by one among multiple OTP authentication devices

[0005] In addition, since the user cannot change the inherent key of the OTP device at will, when the OTP device is lost, it is necessary to directly visit the financial institution and obtain the issuance again, which is more inconvenient

In addition, when the unique key of the customer's OTP device is leaked, there is a problem that financial institutions need to spend a lot of money and time to reissue OTP devices to all customers.

[0006] On the other hand, when the user authenticates or logs in with a specified password, the relevant server needs to log in, store and manage the user's password. From the user's perspective, it is necessary to recognize the password and require regular changes to prevent leakage. Therefore, there is a problem of inconvenient management

Images