OTP An OTP registration method based on location authentication and session for preventing replication and multi-registration

摘要

The present invention relates to a location authentication and session information-based OTP registration method for preventing duplication and multiple registration, the method comprising: (a) storing, by the authentication server, registration area information for each user; (b) requesting, by the service server, OTP device registration for a connected user to the authentication server; (c) the authentication server generating a unique ID and secret key, setting a registration area, and registering in the OTP device list; (d) transmitting, by the authentication server, OTP device information including the unique ID, the secret key, and the registration area to the OTP client; (e) extracting, by the OTP client, a unique ID, a secret key, and a registration area from the OTP device information; (f) the OTP client obtaining a measured current location and verifying whether the current location is located within the registration area; and, (g) when the current location is located within the registration area, the OTP client creates an OTP device with a corresponding unique ID and secret key, and transmits a registration completion message to the authentication server. By allowing only one OTP device to be registered at a specified location through verification of the registration location and a single registration session by the above method, even if an attacker captures or streams the user's screen, it is possible to prevent duplication or registration of the OTP device. can