摘要 |
PURPOSE: An OTP authentication method and device using QR code is provided to fundamentally block sharing of a sync code of a user by removing phishing and sharing of a sync code of a normal user. CONSTITUTION: A web server performs authentication of a user(S100,S110). An ID received from the client is transmitted to an OTP server(S200). The OTP server generates a QR code and an OTP code using an encrypted algorithm(S210). A web server receives the QR code and OTP code from the OTP code(S230). The QR code is output(S300). An OTP terminal photographs the output QR code(S310). The OTP terminal generates an OTP code using the photographed QR code(S400). The web server receives the OTP code(S410). A user of the client is authenticated(S500). [Reference numerals] (10) Client; (20) OTP terminal; (30) Web server; (40) OTP server; (S100) Requesting user authentication; (S110) Inputting ID/PW; (S200) Checking ID/PW, transmitting ID; (S210) Generating a QR code and an OTP code; (S230) Transmitting the QR code and the OTP code; (S300) Outputting the QR code; (S310) Photographing the QR code; (S400) Analyzing the QR code and generating the OTP code; (S410) Transmitting the OTP code; (S500) Checking and certifying the OTP code |