The Master-password based Method to manage authentication media securely and conveniently

摘要

The present invention relates to a technology for safely managing a self-authentication medium without user inconvenience. The user terminal of the present invention is a method of accessing the 'site server of the present invention'. When the user inputs a master password into the user terminal, Calculate the hash value of the master password, calculate the hash value of the site identification information, calculate the hash value of the authentication app issuer identification information, and use the hash values calculating a master key; Search the 'encrypted secret key' matching the authentication app issuer identification information in the secret information DB, and search the 'site ID, encrypted site password, and encrypted one-time terminal verification code' matching the site identification information, and , decrypting the 'encrypted site password' with the site dedicated master key, and decrypting the 'encrypted secret key' with the app management server dedicated master key; generating an OTP by decrypting the 'encrypted one-time terminal verification code' with the 'decrypted secret key' and encrypting the 'decrypted site password' with the decrypted one-time terminal verification code; transmitting the OTP to the site server by matching the site ID; The site server searches the customer DB for 'the hash value of the site password, the public key, and the one-time terminal verification code' matched with the site ID, and decrypts the OTP with the one-time terminal verification code to calculate the site password, comparing the hash value of the 'calculated site password' with the 'hash value of the searched site password'; If the matching result matches, the site server determines that authentication is complete, randomly generates a new one-time terminal verification code in the form of a binary code, and generates a terminal verification code field matching the ID for the site in the customer DB update to the one-time terminal verification code, encrypt the 'updated one-time terminal verification code' with the 'searched public key', and send the site identification information and 'the encrypted, updated one-time terminal verification code' to the user terminal transmitting; updating a terminal verification code field matched with the site identification information in the secret information DB in the user terminal to the 'encrypted one-time terminal verification code'; includes