With the recent development of Internet communication technology, various functions utilizing mobile communication devices such as smart phones are being provided.
That is, as the data processing technology based on the wireless communications rapidly develops, people can use services like not only a voice communication but also a short message transmission, a video call, an electronic notebook, entertainment, Internet connection, and video message transmission.
Recently, a mobile device authentication service became popular which carries out identity authentication provided by a telecommunications company, a financial institution server, a portal site, etc. through a mobile communication network among various services utilizing a mobile device.
In the mobile device authentication service, when a user possessing a mobile device requests payment, information confirmation, registration, or information change all requiring authentication at a web site, an authentication number is transmitted to the mobile device having the pre-registered phone number of the user, and the user is authenticated by inputting the received authentication number through the web site. The mobile device authentication service is largely divided into two ways of authentication, one is possession authentication in which only the phone number is required for receiving the authentication number: the phone number is inputted, the authentication number is requested, then the authentication number is transmitted to the mobile device having the phone number, and the other is ownership authentication in which the phone number as well as an SSN is required: the phone number and the SSN are inputted, the authentication is performed using a DB of the telecommunications company by referring to the phone number and the SSN, then the authentication number is transmitted to the mobile device having the phone number.
However, the conventional mobile device authentication service has a problem because an unauthorized user can acquire the authentication number while its transmission from the server of the web site to the mobile device of the user through the mobile communication network, which may jeopardize financial services.