| 摘要 |
The disclosed method includes: a first step in which a user terminal receives the electronic transaction data, a one time password (OTP), and a signature password; a second step in which the user terminal generates an asymmetric key including a public key and a private key; a third step in which the user terminal generates a user′s electronic signature value; a forth step in which the user terminal generates a user authentication value; a fifth step in which the user terminal transmits the user′s electronic signature value, the electronic transaction message, the user authentication value, and the public key to a service providing institution server; a sixth step in which the service providing institution server verifies the user′s electronic signature value; a seventh step in which the service providing institution server acquires the identification data of the OTP token (one time password token) from the user identification data; an eighth step in which the service providing institution server transmits the token′s identification information, public key data, and the user authentication data to an authentication institution server; a ninth step in which the authentication institution server generates a referential one time password from the token′s identification information, a tenth step in which the authentication institution server generates a referential user authentication value; an eleventh step in which the authentication institution server acquires the public key data from the token′s identification information; a twelfth step in which the authentication institution server compares the referential user authentication value with the user authentication value from the eighth step; a thirteenth step in which the authentication institution server verifies whether the referential one time password is included in the public key from the eighth step; a fourteenth step in which the authentication institution server generates the electronic signature value of the authentication institute regarding the token′s identification information and the public key; a fifteenth step in which the authentication institution server transmits the electronic signature value of the authentication institute and the certificate of authorization to the service providing institution server; and a sixteenth step in which the service providing institution server verifies the electronic signature value of the authentication institute. [Reference numerals] (10) User; (100) Register one time password and a signature password; (105) Transmit user identification information, the identification information of one time password generation medium, the identification value of the signature password, and first public key data; (110) Save; (115) Start electronic transaction and input transaction information; (120) Generate one time password and input the signature password; (125) Generate an asymmetric key, a user′s electronic signature value, and a user authentication value; (130) Transmit a transaction message, the user′s electronic signature value, the user authentication value, first public key data, and second public key data; (135) Verify the user's electronic signature value; (140) Obtain the user authentication value from the second public key data; (145) Obtain the authentication data of one time password generation medium from the user authentication data; (150) Transmit the authentication data of one time password generation medium, the second public key data, and the user authentication value; (155) Generate the target one time password based on the authentication data of one time password generation medium/Obtain a signature password hash value from the authentication data of one time password generation medium/Obtain first public key data from the authentication data of one time password generation medium; (160) Generate a target user authentication value and compare with the transmitted user authentication value; (165) Confirm whether the one time password generated in the step 155 is included in the second public key data; (170) Generate the electronic signature value of the authentication institution; (175) Transmit authentication institution and a certificate of the authentication institution; (180) Verify; (185) Store the transaction message, the user′s electronic signature value, the first/second public key data, the authentication institution electronic signature value, and the certificate of the authentication institution; (20) Service providing institution server; (30) Authentication institution server |
