| 摘要 |
PURPOSE: A user authentication system and a method thereof are provided to be able to fundamentally prevent an illegal authentication of a mobile terminal through OTP authentication problems and duplication of a mobile phone and USIM. CONSTITUTION: A client terminal (10) includes a web browser which displays a web page transmitted when logging-in to a web site. A web server (20) transmits the web page in response to the access of the client terminal, and transmits a graphic authentication code to the web page of the corresponding client terminal in response to a web service request. The web server provides a web service to the client terminal in response to the user authentication message receipt of the client terminal. A database (30) stores the member information and the authentication tokens for member authentication of subscribing members of a web service. A mobile user terminal (40) is equipped with a memory storing an identity token and an authentication token, and generates one time authentication key (OTAC) in response to an authentication request. The mobile user terminal transmits an authentication request message including OTAK and the pre-set identity token to an authentication server, and scans the graphic authentication code on the web page displayed in the client terminal. The mobile user terminal transmits the token authentication message to the authentication server when the authentication token is identical to the generated OTAK and the stored authentication token. [Reference numerals] (10) Client terminal; (12) Webbrowser; (20) Web server; (30) Database; (40) Mobile user terminal; (42) Scanner; (44) OTAK generator; (46) OTAK authentication device; (48) Memory; (5) Wired or wireless network; (50) Authentication server; (52) Encoding/decoding key generator; (54) QR code generator; (56) User authentication device |
