Embodiments of the inventive concept described herein relate to a user authentication method for enhancing integrity and security, and more particularly, to a user authentication method for enhancing integrity and security by blocking any attempt to leak personal information on an open network, by preventing hacking to enhance security, and by verifying integrity of transmission data.
In the modern society, financial trades or business that requires various user authentications is made through online environments rather than through face-to-face contacts. As the online user authentications require more prudent approaches than in the case of the face-to-face contacts, it is necessary to install various security programs or control programs, including ActiveX and keyboard security programs, in the user terminals, and leakage of information is prevented by enhancing security through a certificate of authentication, a security card, or a security device, such as a one-time password (OTP) device.
According to a method using an OTP device that corresponds to one of representative user authentication methods, the OTP device having a unique key therein is provided to a user in advance, an OTP number is generated based on random numbers associated with a current time while the unique key functions as an operation key when the user access a financial trade network to request an authentication from an authentication server (a server of a financial institute), and the user authenticates that he or she is a genuine user by manually inputting the generated OTP number as a password and transmitting the input password to the authentication server.
However, when a user does business with a plurality of financial institutes, he or she has to have a plurality of OTP authentication devices provided by the financial institutes, respectively, and accordingly, the consumer has to purchase the OTP authentication devices for the financial institutes, respectively, has to carry the plurality of OTP authentication devices, and has to search for an authentication device for a specific financial institute, from the plurality of OTP authentication devices.
Further, because the unique key of the OTP device cannot be arbitrarily replaced by the user, the user has to visit a financial institute to receive a new OTP device when he or she loses the OTP device. Further, when the unique keys of the OTP devices of the clients are leaked, the financial institute has to consume enormous costs and time, for example, to reissue the OTP devices to all the clients.
Meanwhile, the user performs an authentication or a login through a specific password, the related server has to register, store, and manage the password of the user and the user has to perceive the password and regularly change the password against a leakage of the password, which makes the management of the password difficult.
Moreover, due to the development of the hacking technologies, because information, such as a certificate of authentication or a password is leaked in various routes, including a screen capture, a shoulder surfing attack, a screen hacking technology such as screen monitoring, or spyware installed in a PC and a professional hacker may decrypt an encoded password with a degree of effort, it is necessary to enhance security while guaranteeing convenience of user in a procedure for authentication of a user. Further, it is necessary to enhance integrity by verifying errors in a transmission process.