Security key using multi-OTP, security service apparatus, security system

摘要

A security key including an interface unit that provides an interface with an authentication device installed at a security domain; and an OTP module that communicates with the authentication device through the interface unit mentioned above, wherein the OTP module includes a storage unit that stores at least one OTP Seed ID and OTP Algorithm ID; and an OTP generation unit that generates an OTP by using an OTP Seed value and OTP algorithm that are identified by an OTP Seed ID and an OTP Algorithm ID matching with the OTP Seed ID and OTP Algorithm ID included in the OTP request message, which is received from the authentication device among the OTP Seed ID and OTP Algorithm ID stored in the storage unit, and provides the authentication device with the OTP generated in the process.

主权项

1. A security key device communicating with an authentication device within a security domain, a security service device and a one time password (OTP) authentication server over a network, and managing access to the security domain, the security key device comprising:
an interface unit configured to provide an interface with the authentication device installed at the security domain; an module configured to communicate with the authentication device through the interface unit, wherein the OTP module comprises
a non-transitory computer-readable storage medium configured to store at least one pair of OTP Seed Identification (ID) and OTP Algorithm ID generated in the security service device and received from the security service device;an OTP generation unit configured to receive an OTP request message including the OTP Seed ID and OTP Algorithm ID sent by the authentication device, and in response, generate a OTP, by using the OTP Seed ID and OTP Algorithm ID included in the OTP request message, and using time information or event information corresponding to an accessing of the security domain, and provide the OTP and a security key identification information to the authentication device, wherein the authentication device transmits a first OTP authentication request message that includes the OTP and the security key identification information to the security service device; the security service device requests the OTP authentication server to authenticate the OTP generated by the security key device when a holder associated with the security key device is registered to have access to the security domain based on the security key identification information, and retrieves in its storage a corresponding OTP seed ID and Algorithm ID, generates a second OTP authentication request message including the OTP generated by the security key device, the retrieved corresponding OTP seed ID and algorithm id, transmitted to the OTP authentication server; the OTP authentication server generates from the second OTP authentication request message a second OTP, determines whether the second OTP matches the OTP generated by the security key device and sends an authentication result to the authentication device through the first security device, the authentication device granting or denying the holder of the security key device access to the security domain based on the authentication result.