SECURE USER TWO FACTOR AUTHENTICATION METHOD FROM PERSONAL INFOMATION LEAKING AND SMISHING

摘要

The present invention relates to a double user authentication method which uses subscriber information (IMSI, ICCID) being a unique identification number stored in a USIM and an OTP or a user-set password to authenticate a user twice to prevent the damage caused by hacking, smishing, and pharming. The method includes: a first step of registering an ID and a password in a service server; a second step of enabling a mobile communication company server to check the validity of a user when an authentication server receives the mobile phone number of a user in an authentication service subscription step to store unique information for the user authentication in a database; a third step of enabling the service server to receive the mobile phone number and transmit the number to the authentication server when the user requests the authentication log-in in an authentication service usage step; a fourth step of activating an authentication app in the corresponding user′s mobile phone when the user is an authentication service subscriber to extract the unique information thereof when the authentication server receives the mobile phone number of the user; a fifth step of receiving the ID and password of the user by the authentication app in order to enable the authentication app to transmit the information with the unique information to the authentication server; a sixth step of enabling the authentication server to compare the received unique information with the stored unique information or with the unique information of a mobile communication company to conduct a first authentication operation; a seventh step of enabling the service server to receive the first authentication result, ID, and password from the authentication server in order to compare the received information with the ID and password registered therein; and an eighth step of enabling the service server to provide a service to the corresponding user according to the authentication result.