摘要 |
The present invention relates to an one time password (OTP) managing method using medium possession authentication. A method executed on a device which is possessed by a user and generates an OTP comprises: a first step in which medium information for medium possession authentication is received through radio frequency (RF) communication from an RF device which corresponds to a separate medium possessed by a user, wherein the separate medium is physically separated from the device possessed by a user; a second step in which medium authentication information for authenticating validity of medium possession for the RF device is acknowledged; a third step in which medium possession validity of the user for generating an OTP is acknowledged by authenticating the medium information by using the medium authentication information; a fourth step in which, when the medium possession validity of the user is acknowledged, an OTP of preset N number of digits (N>=2) are dynamically generated by applying at least one seed to an assigned OTP generation algorithm; and a step in which, when the OTP of N number of digits is generated, the generated OTP of N number of digits is transmitted to a terminal within a short range by using a short-range communication means of the device. According to the present invention, it is possible to prevent a malicious use of an OTP device by a third party even when the OTP device is stolen or extorted. |