User authentication method and apparatus

摘要

A user authentication method and apparatus are disclosed. One embodiment of the invention can provide a method for authenticating a user from a server that includes: (a) transmitting a one-time server certification message in response to an authentication request including a user ID of a client terminal, and receiving a one-time terminal certification message from the client terminal; and (b) authenticating the user by verifying the one-time terminal certification message by using a hash value stored beforehand in correspondence to the user ID.

主权项

1. A user authentication method for authenticating a user from a server, the user authentication method comprising:
(a) transmitting a one-time server certification message in response to an authentication request including a user ID of a client terminal, and receiving a one-time terminal certification message from the client terminal; and (b) authenticating the user by verifying the one-time terminal certification message by using a hash value stored beforehand in correspondence to the user ID, wherein the authenticating of the user in said step (b) comprises: calculating a second-order hash value by applying a unidirectional hash function to at least one of a random value, the hash value, and IP information included in a packet header of the one-time terminal certification message; deriving a resultant value of applying an exclusive disjunction operation to the calculated second-order hash value and the hash value; and authenticating the user by determining whether or not the derived resultant value and a resultant value included in the one-time terminal certification message are identical.