摘要 |
PURPOSE: A user authentication method which uses a temporary password issued through a certificate log-in process is provided to input the temporary password issued through a trading server, thereby fundamentally excluding errors due to a time synchronization mismatch problem. CONSTITUTION: A trading server transmits a random Nonce value to an electronic signature terminal(110). A certificate, Nonce electronic signature value, VID-R value, and electronic signature terminal information are submitted to the trading server(120). The certificate and Nonce electronic signature value are verified(130). The certificate, VID(Vendor IDentification)-R(Random) value, electronic signature terminal information, temporary password expiration date information are recorded in database(140). A temporary password is transmitted to the electronic signature terminal(150). The information of the trading server is transmitted(160). The presence of the temporary password is identified in a database table(170). The VID of certificate is verified(180). A log-in result is transmitted(190). |