主权项 |
1. A security key device communicating with an authentication device within a security domain, a security service device and a one time password (OTP) authentication server over a network, and managing access to the security domain, the security key device comprising:
an interface unit configured to provide an interface with the authentication device installed at the security domain; an module configured to communicate with the authentication device through the interface unit, wherein the OTP module comprises
a non-transitory computer-readable storage medium configured to store at least one pair of OTP Seed Identification (ID) and OTP Algorithm ID generated in the security service device and received from the security service device;an OTP generation unit configured to receive an OTP request message including the OTP Seed ID and OTP Algorithm ID sent by the authentication device, and in response, generate a OTP, by using the OTP Seed ID and OTP Algorithm ID included in the OTP request message, and using time information or event information corresponding to an accessing of the security domain, and provide the OTP and a security key identification information to the authentication device, wherein the authentication device transmits a first OTP authentication request message that includes the OTP and the security key identification information to the security service device; the security service device requests the OTP authentication server to authenticate the OTP generated by the security key device when a holder associated with the security key device is registered to have access to the security domain based on the security key identification information, and retrieves in its storage a corresponding OTP seed ID and Algorithm ID, generates a second OTP authentication request message including the OTP generated by the security key device, the retrieved corresponding OTP seed ID and algorithm id, transmitted to the OTP authentication server; the OTP authentication server generates from the second OTP authentication request message a second OTP, determines whether the second OTP matches the OTP generated by the security key device and sends an authentication result to the authentication device through the first security device, the authentication device granting or denying the holder of the security key device access to the security domain based on the authentication result. |