SECURE USER TWO FACTOR AUTHENTICATION METHOD FROM PERSONAL INFOMATION LEAKING AND SMISHING

摘要

The present invention relates to a dual user authentication method and a dual user authentication system which can prevent the damage caused by hacking, smishing, and pharming through dual user authentication by using an international mobile subscriber identity (IMSI) and integrated circuit card identifier (ICCID) which is a unique identification number stored in a universal subscriber identity module (USIM) as well as a one-time password (OTP) or a password set by a user. The method of the present invention includes the steps of: having a service server receive subscriber information such as a mobile phone number for payment; having a payment server request user authentication to a communication company server when the service server requests the payment server to process payment; having the payment server request an authentication server to authenticate the user when the user is determined to be a valid subscriber according to a communication company authentication resu having an authentication server push an authentication application to the mobile phone of the corresponding subscriber to activate the authentication application in the users mobile phone, while the payment server transmits a message for OTP authentication to the users computer; having the authentication application extract unique information (ICCID) stored in the USIM to transmit the extracted information with the input OTP, and having the authentication server compare the transmitted ICCID to the ICCID of a corresponding pre-registered subscriber to authenticate the ICCID, and transmit the authentication result with the OTP to the payment server; and having the payment server execute the OTP authentication to approve the payment when the entire user authentication is successfully completed, and having the service server complete the payment process accordingly.