The present invention relates to a system and a method for one time password (OTP) authentication, and more particularly, to a system and a method for OTP authentication, in which an OTP is generated using an IP address assigned to a user's mobile terminal by a mobile communication operator (namely, mobile communication service company or mobile carrier), and it is confirmed whether the user is a legal user by using the generated OTP.
A one time password (OTP) is a user authentication method using an OTP of a random number generated randomly. The OTP has been introduced so as to overcome a weakness in security, which is generated as the same password is repeatedly used.
Currently used types of the OTP are a software type and a hardware type. The software type OTP is operated in a software form in a PC or smart device. Hence, the software type OTP may be copied due to malicious hacking or leakage, and therefore, is weak against security. The hardware type OTP is not widely used in general companies, public institutions, etc. except the financial sector due to inconvenience in carrying, cost required to supply devices, and the like.
In existing OTP methods, an OTP issuing rule (e.g., a seed value or OTP key value) is transmitted/received between a user and a service provider so as to issue and authenticate an OTP. In this case, when the issuing rule is leaked due to a phishing attack or the like, safety is degraded.
Accordingly, a technical method is urgently required which enables a user to confirm whether a service provider is a legal service provider so as to prevent a pharming attack that is a hacking technique.
The following prior documents have been disclosed as conventional arts related to the above-described OTP methods.    Korean Patent Publication No. 10-2010-0104161 (Sep. 29, 2010)    Korean Patent Publication No. 10-2009-0019576 (Feb. 5, 2009)    Korean Patent Publication No. 10-2010-0136572 (Dec. 29, 2010)