公开(公告)号：KR1020120093594A

公开(公告)日：2012-08-23

申请号：KR1020110013253

申请日：2011-02-15

Applicant: 동서대학교산학협력단

Inventor： 이훈재 ,  김낙현 ,  조형국 ,  정도운 ,  남호수

IPC: H04L9/32 ,  H04L9/08 ,  G06Q20/40 ,  G06Q20/30

CPC classification number: H04L9/3228 ,  G06Q20/30 ,  G06Q20/4014 ,  H04L9/0869 ,  H04L9/3247 ,  H04L9/3263

Abstract: PURPOSE: A transaction protecting system using a certificate and an OTP(One Time Password) generated by a keystream generator and a method thereof are provided to add confidentiality in a certification process for a certificate as a certification institution confirms the validity of the OTP, thereby resolving a safety problem related to the effectiveness of an electronic signature. CONSTITUTION: A terminal(10), a SP server(20), and a certification institution server(30) are connected through a network. An internet access module(11) generates a first transaction when a user requests a service to the SP server. If an electronic signature is required when the first transaction is transmitted to the SP server, an electronic signature module(12) generates an encoded value by receiving a password from the user. The electronic signature module generates an electronically signed file by performing the electronic signature to the encoded value.

Abstract translation: 目的：提供使用由密钥流生成器生成的证书和OTP（一次性密码）的交易保护系统及其方法，以在证书的认证过程中增加机密性，作为认证机构确认OTP的有效性，从而 解决有关电子签字有效性的安全问题。 构成：通过网络连接终端（10），SP服务器（20）和认证机构服务器（30）。 当用户向SP服务器请求服务时，互联网访问模块（11）产生第一事务。 如果在将第一交易发送到SP服务器时需要电子签名，则电子签名模块（12）通过从用户接收密码来生成编码值。 电子签名模块通过对编码值执行电子签名来生成电子签名文件。

公开(公告)号：KR101210411B1

公开(公告)日：2012-12-10

申请号：KR1020110013253

申请日：2011-02-15

Applicant: 동서대학교산학협력단

Inventor： 이훈재 ,  김낙현 ,  조형국 ,  정도운 ,  남호수

IPC: H04L9/32 ,  H04L9/08 ,  G06Q20/40 ,  G06Q20/30

Abstract: 본발명은기존의공인인증서만을활용하거나 OTP만을활용한트렌젝션보호시스템의문제를해결하기위한것으로, 인터넷접속모듈(11), 공인인증서를포함한전자서명모듈(12), 제1OTP모듈(13), 트렌젝션암호화모듈(14)을포함하는사용자의단말기(10)와서비스를제공하는 SP서버(20)와전자서명인증모듈(31), 제2OTP모듈(32), 트렌젝션검증모듈(33), OTP keyDB(34)를포함하는인증기관서버(30)를포함하되, 상기단말기(10), SP서버(20), 인증기관서버(30)는네트워크로연결되어있으며, 공인인증서에서개인키를복호화하는과정에서추출한데이터를 OTP생성에사용하고, 인증기관에서 OTP의유효여부를확인하여공인인증서의인증과정에서기밀성을추가함으로써, 공인인증서비스만을사용했을때의개인키유출에의한전자서명효력에관한안전성문제와 OTP만을사용했을때의피싱(Phishing) 공격및 MITM(Man-in-the-Middle Attack)공격에의취약점을해결하고, 공인인증서만을사용했을때와는달리전송데이터를암호화하기위한추가프로그램의설치없이 OTP를이용하여암호화함으로써단말기에따른호환성문제를극복한공인인증서와키수열발생기로생성되는 OTP를이용한트렌젝션보호방법및 시스템을제공한다.