Field of the Invention
The present invention relates to a system and method for issuing an OTP application in a face-to-face confirmation manner, and more specifically, to a system and method for issuing an OTP application in a face-to-face confirmation manner, which can solve the problem of face-to-face confirmation for confirming a real name of a user by registering secure storage medium identification information or an OTP serial number acquired from a reader to install an OTP application in a secure storage medium of a terminal device.
Background of the Related Art
A one time password (hereinafter, referred to as an OTP) generator used in a bank, stock or insurance transaction is provided through a separate device. When a financial institute provides an OTP generator to a customer, it performs a procedure of registering a serial number printed on the back of the OTP generator in corresponding subscriber information after confirming the real name of the user.
When a customer performs transfer of money larger than a specific amount in a banking transaction, the customer inputs an OTP generated by an OTP generator as an additional authentication means, and the bank performs a procedure of verifying the OTP.
However, such a method has a problem of inconvenience in using the OTP generator since the user should possess an OTP generator for each service provider and a problem of increasing the inconvenience in using the OTP generator since the user should separately carry the OTP generator.
In order to solve such problems, a card (IC card) type OTP generator connectible to a terminal device always carried by a user is distributed. Such a card is provided with an OTP function in addition to the function of a cash card or a check card generally distributed by a bank, and compared with an OTP generator of dedicated hardware, the card type OTP generator can be distributed at a much lower price since it does not need to mount a display or a battery, and it is very convenient since the customer may carry the card type OTP generator in a wallet.
Such a method may provide a function the same as that of the dedicated hardware method since an OTP application for generating an OTP is provided in the card and a generated OTP can be displayed on the terminal device, and this method also performs a work of confirming the real name of the user and matching an OTP serial number when a bank branch issues the card to the user.
However, since an OTP authentication method using a terminal device should contact the card to the back of the terminal device to generate and input an OTP when the user performs a financial transaction, the work should be done with two hands, or even a risk of breaking the terminal device may occur since handling the terminal device is inconvenient.
In order to solve such problems, there is an attempt of mounting an OTP application in a secure area of a terminal device, such as a Universal Subscriber Identity Module (USIM), a Secure Element (SE), a TrustZone or the like, and using the OTP application in a financial transaction service.
However, since a face-to-face confirmation should be performed as a method of confirming the real name of the user, the OTP application cannot be used for the purpose of financial transactions to which a strict regulation is applied.