SYSTEM AND METHOD FOR THE ONE-TIME PASSWORD AUTHENTICATION BY USING A SMART CARD AND/OR A MOBILE PHONE INCLUDING A SMART-CARD CHIP

摘要

The present invention is a one-time password authentication method and system using a smart card or smart card chips embedded mobile phone As the user is online banking, online shopping, intranets (Intranet) and servers for services such as oil, online connected PC, laptop through the wireless network, PDA, kiosk (KIOSK), ATM, vending machines and other unattended payment Disposable certified values with the presentation of the certification criteria for services from the server to connect to the user authentication screen for identification or for payment on the payment terminal and client system, that is, being asked to enter the one-time password (OTP, One-Time Password) , contact or proximity smart card reader and smart card operating program is brought into contact or close to the reading device in the client system is provided with smart card or smart card chip (ICC, Integrated Circuit Chip) is a portable telephone to operate the menu by selecting the appropriate one-time password, a smart card IC Chip recognizes the portable telephone or a smart card operating program in the client system or mobile phone is running, the operating program for the smart card reader through the internal IC Chip Chip identification number (Serial Number), password key value, reads the authentication information specific to the user, such as personal security information, and the client computer or the one-time password generation program is executed to the mobile phone received from the server and presents the read-out authentication information to generate an authentication condition based on one-time password, and the user is transmitted, the service server transmits received for one-time pass word corresponding to the user by analyzing the properties and presents a one-time password to the server by entering the above generated in the client computer meets the certification criteria verified and the user authentication according to the result and relate to the identification and one-time password using a smart card or smart card chip is formed, including the portable telephone to execute a payment authentication method and system . ; According to the present invention, servers and services for oil and online connected PC, laptop through the wireless network, PDA, kiosk (KIOSK), ATM, vending machines and other unattended payment terminals for by having such a contact or proximity smart card reader and smart card driving program on the client machine in addition to, or in conjunction with a smart card user, the smart card chip (IC Chip) and smart card-driven program with built-in mobile phone By using and implementing a one-time password for user authentication in the online network. ; The present invention is a one-time password by using the smart card operating program and a one-time password generation program included in the client system or mobile phone ( because it generates an OTP) server for the service operator may eliminate the need for life-like security card issued by a bank in the form of hardware, such as a separate nansupyo of the OTP generator to provide each user save money and time, one-time passwords information required to generate the Chip ID number, password, key value, record authentication information specific to the user, such as personal security information in IC Chip to the above issue, because, corruption or piracy is impossible to increased security and the deployment is intended for users It is easy to use. From the user's perspective and always be offered the convenience that you do not manage to carry an OTP generator generates a one-time password separately, so using a smart card or mobile phone to mobile. ; In addition, according to the present invention By using the one-time password authentication method and system using a smart card or a smart card chip is a portable telephone, in the billing screen of the client computer that is connected to the Internet as online shopping mall, is not strict user authentication when the card payment Verified and Secure Payment (ISP) to enter your payment without having to enter a password or payment authorization number received by text message (SMS) that occurs incidental expenses when the mobile payment, safer and easier with one-time password authentication methods can a card payment or mobile payments.