NETWORK TYPE ONE-TIME PASSWORD OPERATION METHOD USING CONTACTLESS MEDIUM AUTHENTICATION FOR PREVENTING ILLEGAL PAYMENT OF A MOBILE PHONE WHICH USES THE MOBILE PHONE AND PERSONAL INFORMATION OF OTHER PERSON

摘要

PURPOSE: A network type one-time password (OTP) operation method using contactless medium authentication is provided to generate and output an OTP by using only a mobile phone which is registered in an effective OTP medium.;CONSTITUTION: User authentication is processed through a user password or a personal identification number of a user (405). A mobile phone comprises OTP medium authentication information including unique information of a mobile phone and transmits OTP medium authentication information to a server (415,420). The mobile phone is authenticated as an OTP medium by reading the unique information of the mobile phone which is included in the OTP medium authentication information. The server confirms OTP generation information related to OTP medium information including the unique information of the mobile phone (445). At least one of a static seed value and a dynamic seed value is confirmed and determined through the OTP generation information and an OTP is generated by combining at least one of the static seed value and the dynamic seed value with an OTP generation algorithm (450). The server transmits and outputs the generated OTP to the mobile phone (450,460).;COPYRIGHT KIPO 2013;[Reference numerals] (400) Mobile phone request user authentication for using the mobile phone as an OTP medium by driving an OTP agent; (405) Mobile phone processes the user authentication through a user password or a PIN; (410) User authentication?; (415) Mobile phone comprises OTP medium authentication information including mobile phone unique information; (420) Mobile phone outputs user authentication error information; (425) Mobile phone connects a server and a communication channel and transmits the OTP medium authentication information; (430) Server authenticates the mobile phone as the OTP medium by reading the mobile phone unique information (+user medium information) of the OTP medium authentication information; (435) OTP medium authentication?; (440) Server transmits the OTP medium error information to the mobile phone; (445) Server confirms OTP generation information related to the OTP medium information including the mobile phone unique information; (450) Server generates an OTP with N figures to the mobile phone through the communication channel; (455) Server transmits the OTP with N figures to the mobile phone through the communication channel; (460) Mobile phone receives and outputs the OTP with N figures; (AA) Start; (BB,DD) No; (CC,FF) Yes; (EE,GG,HH) End