CN101577697B - Authentication method and authentication system for enforced bidirectional dynamic password - Google Patents
Authentication method and authentication system for enforced bidirectional dynamic password Download PDFInfo
- Publication number
- CN101577697B CN101577697B CN200810066997A CN200810066997A CN101577697B CN 101577697 B CN101577697 B CN 101577697B CN 200810066997 A CN200810066997 A CN 200810066997A CN 200810066997 A CN200810066997 A CN 200810066997A CN 101577697 B CN101577697 B CN 101577697B
- Authority
- CN
- China
- Prior art keywords
- server
- dynamic
- password
- verification system
- sign indicating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention relates to an authentication method and an authentication system for an enforced bidirectional dynamic password in order to increase the safety and the convenience of use. The dynamic password authentication system for the authentication method of the enforced bidirectional dynamic password comprises at least one authentication system server and at least one user password generator. The authentication method comprises the following steps: an authentication request is sent to the authentication system server, and then the authentication system server generates a server dynamic additional code containing server identity information; the user password generator judges the identity of the authentication system server according to the server dynamic additional code and then generates a dynamic user password containing user identity information according to a cryptographic algorithm corresponding to the authentication system server; and the dynamic user password is sent to the authentication system server which verifies the dynamic user password so as to judge the identity of the user password generator.
Description
Technical field
The present invention relates to a kind of authentication method and Verification System thereof of dynamic password, relate in particular to a kind of authentication method and Verification System thereof of enforced bidirectional dynamic password.
Background technology
Along with the development of ecommerce, IT application in enterprises, increasing business activity is being carried out through comprising in the electronic systems such as network, phone, self-aided terminal, and the safety of customer account becomes an important problem.And the identity validation mode that single dependence static password is concluded the business exists serious to be stolen, to guess and safety problem such as crack.E-token, promptly the dynamic password generator can address the above problem preferably, and at aspects such as ecommerce increasing application arranged.Dynamic password generator, inside solidification have unique user profile, can calculate and produce the password of dynamic change through AES.This password is delivered to corresponding Verification System discern, check, promptly can identify this password and whether meet the corresponding client identity through corresponding algorithm.Most on the market at present dynamic password generator products adopts time-based dynamic password technology.Because dynamic password changes generation in time; Therefore each password that produces is all inequality; And each password that produces also can only be in the regular hour scope effectively, and limit disposable use, so potential safety hazard such as spy upon for password conjecture, password preventive effect preferably arranged.
Generation and authentication password use close spoon, algorithm and the parameter of different encrypted algorithm can produce different ciphers now.But there is certain defective in present dynamic password generator product on certification mode.Most scrambler products adopt the unilateral authentication pattern, promptly produce current password by dynamic cipher device according to synchronization mechanism, and the user directly returns server to cipher feedback then.This unidirectional mode lacks the effective distinguishing ability to the service end true or false, is difficult to prevent to forge the phishing attack that service end such as website is stolen user's current password." phishing " attacked the Web website utilize fraudulent Email and forgery and waited and carry out fraud; The swindler usually can be with the believable brands such as well-known bank, online retailer and credit card company that oneself disguise oneself as; What the lamb tended to think login is formal website; And carry out the login of account password, thus stolen the financial data of oneself by these websites, like contents such as credit number, account user name, passwords.
Though dynamic password has certain ageing, each password can only use once.The password variation of present dynamic cipher device is generally one minute once, and the term of validity of each password is in a minute rank, and the fishing website that can be pretended fully snatches password, and steals user profile with the system of the password login protection that steals then.
Also have a kind of certification mode commonly used, promptly obtain the random challenge sign indicating number, carry out asynchronous generation pin mode and increase checking server from server.This pattern is not carried out the legitimacy verification to extra-code, still has security risk yet.
Present dynamic password generator product on the market all exists certain deficiency and defective at aspects such as using design, structural design and shared by multiple systems.Such as; When scrambler adopts the random challenge pattern to carry out authentication; To the structure Design of scrambler own; Can require to have that enough buttons are accomplished simply, input operation easily and fast, require scrambler enough sizes to be arranged holding button, and this point often belongs to the small and exquisite attribute of portable secured product requirement outward appearance with scrambler and conflicts mutually.Algorithm in the dynamic password generator and parameter; Definitely can not be known and use based on safety requirements by other application systems; Using in the performance is exactly the certificate server that each application system all will have oneself, and the scrambler parameter in using only allows to be stored securely in the dynamic cipher authentication system of oneself.
Under this application safety requires, if a plurality of application systems that the user uses all require the device that accesses to your password, the user will apply for, have and carry the scrambler of a plurality of correspondences so.If but require the user to carry a plurality of scramblers, and not only carry inconvenience, also may be mistaken the corresponding relation of scrambler and application system, bring inconvenience in the use and confusion.
Summary of the invention
The technical problem that the present invention will solve; Design a kind of authentication method and Verification System thereof of dynamic password; The spyware such as software of at first wanting effectively to prevent to go fishing is stolen user's dynamic password, secondly can let corresponding a plurality of servers that single user password generator can be simple and effective use.
In order to solve the problems of the technologies described above; The present invention provides a kind of authentication method of enforced bidirectional dynamic password; This method is based on a kind of enforced bidirectional dynamic password Verification System; This dynamic cipher authentication system comprises at least one Verification System server and at least one user password generator, it is characterized in that said authentication method may further comprise the steps A:
Send authentication request to said Verification System server, then said Verification System server produces the server dynamic additional heat sign indicating number that comprises server identity information;
Said user password generator produces the dynamic subscriber's password that includes subscriber identity information according to the pairing AES of this Verification System server then according to the identity of this Verification System server of server dynamic additional heat sign indicating number judgement;
Send into this dynamic subscriber's password to this Verification System server, this dynamic subscriber's password of this Verification System server authentication is judged the identity of said user password generator.
Pass through technique scheme; The Verification System of dynamic password of the present invention is before using; The mandatum alterius user password generator is confirmed the Verification System server, prevented that effectively spyware such as fishing software from stealing dynamic subscriber's password.
As an embodiment of said method, the Verification System of said enforced bidirectional dynamic password comprises two or more Verification System servers;
Said user password generator stores the server identity information of whole Verification System servers; Said Verification System server stores has the subscriber identity information of associated whole user password generator with it.
Pass through technique scheme; When the user imports server dynamic additional heat sign indicating number after user password generator; User password generator can be judged the pairing Verification System server of this server dynamic additional heat sign indicating number automatically; Single like this user password generator can produce the corresponding dynamic user cipher according to the different Verification System server of being confirmed, supports a plurality of different Verification System servers to realize the unique user cipher code generator.
Another embodiment of such scheme does, said user password generator when verifying each other with different said Verification System servers, employing be that close spoon, algorithm and the parameter of different encrypted algorithm comes to produce respectively said dynamic subscriber's password.
Said user password generator is stored in close spoon, algorithm and the parameter of the AES of the said server identity information Verification System server corresponding with this server identity information together in groups; Said user password generator is compared the server identity information that said server dynamic additional heat sign indicating number is comprised, and adopts close spoon, algorithm and parameter generating dynamic subscriber password with the corresponding AES of this server identity information;
Said Verification System server adopts close spoon, algorithm and this dynamic subscriber's password of parameter checking of the corresponding AES of this user password generator.
Another embodiment of such scheme does; In order to strengthen the fail safe of said user password generator, corresponding each said Verification System server, said user password generator includes one and starts close spoon; Before described steps A or initialization are launched, have the following steps:
Import one and start close spoon to said user password generator, said user password generator is checked the close spoon of this startup, if through checking, then carries out said steps A; Otherwise, finish.
The present invention also designs a kind of Verification System of enforced bidirectional dynamic password, comprising: at least one Verification System server and at least one user password generator;
Said Verification System server comprises: system interface, dynamic additional heat sign indicating number generation module, authentication module, password generating module, be used to said password generating module the system clock of time data is provided, store all users' the user profile and the system database of AES;
Said dynamic additional heat sign indicating number generation module is used to receive the server dynamic additional heat code authentication request of said system interface, and orders said password generating module to generate server dynamic additional heat sign indicating number, and this server dynamic additional heat sign indicating number is exported via said system interface; Said authentication module is used to receive dynamic subscriber's password of said system interface; Dynamic subscriber's password in conjunction with said password generating module generation; The identity of the corresponding user password generator of back this dynamic subscriber's password authentification request of affirmation of comparing is exported authentication result via said system interface; Said password generating module is a calculation processing unit, is used to combine the AES information of said system database and the temporal information of said system clock, generates server dynamic additional heat sign indicating number and dynamic subscriber's password.
Said user password generator comprises: be used to show the display module of output, the input module that is used to import data, dynamic additional heat sign indicating number authentication module, dynamic password generation module, crypto module, be used to said crypto module the clock of time data is provided, be used to store the identity code register of particular server identity information and AES;
Server dynamic additional heat sign indicating number via said input module input; Get into said dynamic additional heat sign indicating number authentication module; The server dynamic additional heat sign indicating number that combines said crypto module generation by said dynamic additional heat sign indicating number authentication module; The identity information of pairing server is asked in back this checking of affirmation of comparing, and the server identity information after confirming is exported to said dynamic password generation module or shown output via said display module; Said dynamic password generation module is used to receive the server identity information of said dynamic additional heat sign indicating number authentication module output, and orders said crypto module to generate dynamic subscriber's password, and this dynamic subscriber's password is shown output via said display module; Said crypto module is a calculation processing unit, is used to combine the AES information of said identity code register and the temporal information of said clock, generates server dynamic additional heat sign indicating number and dynamic subscriber's password.
Adopt technique scheme, any contact do not take place with system interface in the said password generating module of Verification System server, is responsible for producing password, and it then is the function of said authentication module that data are compared.The crypto module of user password generator is responsible for producing password, and the extra-code authentication module is compared to data.
Said dynamic additional heat sign indicating number authentication module is to the input of said input module; Verify comparison; If this dynamic additional heat sign indicating number can find corresponding server identity information; Then said dynamic password generation module orders said crypto module to call the data of said identity code register and clock, produces dynamic subscriber's password, and by said display module output.When this dynamic additional heat sign indicating number can not find corresponding server identity information, then said dynamic additional heat sign indicating number authentication module is to said display module output error message.
The Verification System of this enforced bidirectional dynamic password can let user password generator will confirm the Verification System server by force before use, and has prevented that effectively spyware such as fishing software from stealing dynamic subscriber's password.
As embodiment more specifically of the present invention, the Verification System of said enforced bidirectional dynamic password comprises two or more Verification System server;
Said identity code register is stored in close spoon, algorithm and the parameter of the AES of the server identity information of the said Verification System server Verification System server corresponding with this server identity information together in groups;
Isolated each other between close spoon, algorithm and the parameter of the AES of different server identity information and the Verification System server corresponding and stored with it;
After confirming the pairing Verification System server of said server dynamic additional heat sign indicating number; Said crypto module adopts close spoon, algorithm and the parameter with the pairing AES of this Verification System server, produces user's dynamic password in conjunction with said user profile and time data.
Pass through technique scheme; When the user imports server dynamic additional heat sign indicating number after user password generator; User password generator can be judged the pairing Verification System server of this server dynamic additional heat sign indicating number automatically; Single like this user password generator can produce the corresponding dynamic user cipher according to the different Verification System server of being confirmed, supports a plurality of different Verification System servers to realize the unique user cipher code generator.
Take this method, user password generator the corresponding Verification System number of servers of supporting, determine by the memory space of this user password generator, and can conveniently expand the new Verification System server of support.In user password generator, the encrypted isolated storage of server identity information of different Verification System servers.When newly-increased Verification System server, only need be written to data such as the parameter of the server identity information that comprises this Verification System server, close spoon, AES and program in the user password generator and get final product.
Simultaneously, stored user information all is unique for each Verification System server in the identity code register of user password generator.When authentication dynamic password generator was dismantled, all identity code registers of auto-destruct were provided with etc. with protection key, algorithm, parameter and are not revealed.
Import server dynamic additional heat sign indicating number for the ease of the user, said server dynamic additional heat sign indicating number is the arabic numeric characters string;
Said input module comprises: be used to switch input pattern and the numerical key of realizing importing the switch key of data shift and being used to switch current input digit.
In order to make the present invention have autgmentability, can support initiate Verification System server, said user password generator also further comprises: be used for the data-interface of exchanges data, said data-interface is connected with said identity code register.
Compared with prior art the invention has the advantages that; The authentication method of enforced bidirectional dynamic password of the present invention and Verification System thereof be safety and be easy to the user and use more; The spyware such as software that at first can effectively prevent to go fishing are stolen user's dynamic password; Secondly can let corresponding a plurality of servers that single user password generator can be simple and effective use, will carry and select the trouble of a plurality of cipher code generators when avoiding the user will use a plurality of Verification System server.
Description of drawings
Fig. 1 is the Verification System server architecture sketch map of the Verification System of enforced bidirectional dynamic password of the present invention;
Fig. 2 is the user password generator structural representation of the Verification System of enforced bidirectional dynamic password of the present invention;
Fig. 3 is the schematic flow sheet of the authentication method of enforced bidirectional dynamic password of the present invention.
Embodiment
Below in conjunction with accompanying drawing the present invention is done further explanation.
As shown in Figure 1, said Verification System server comprises: system interface 21, dynamic additional heat sign indicating number generation module 22, authentication module 24, password generating module 23, be used to said password generating module 23 system database 25 of the system clock 26 of time data, the user profile that stores all users and AES is provided.
Dynamic additional heat sign indicating number generation module 22; Be used to accept the authentication request of system interface 21 and order password generating module 23 to calculate the server dynamic additional heat sign indicating number of Verification System server, and send this server dynamic additional heat sign indicating number through system interface 21 for user password generator.
Dynamic subscriber's password authentification request of authentication module 24 reading system interfaces 21; Order password generating module 23 generates dynamic subscriber's password according to the user profile and the AES of requests verification; With the dynamic subscriber's password that reads in system interface 21; The checking of comparing, and will verify 21 outputs of result retrieval system interface.
Password generating module 23 is a calculation processing unit, can the coupling system clock temporal information and the AES in the said system database 25 of 26 inputs generate server dynamic additional heat sign indicating number and dynamic subscriber's password.
The server identity information that in system database 25, is write down, all users' user profile, and the generate pattern parameter with adopt algorithm to carry out computing to produce needed data.
As shown in Figure 2, said user password generator comprises: be used to show the display module 11 of output, the input module 12 that is used to import data, dynamic additional heat sign indicating number authentication module 13, dynamic password generation module 17, crypto module 14, be used to said crypto module 14 clock 15 of time data is provided, be used to store the identity code register 16 of particular server identity information and AES.
Said server dynamic additional heat sign indicating number is input to said dynamic additional heat sign indicating number authentication module 13 from said input module 12; Said dynamic additional heat sign indicating number authentication module 13 is according to server identity information in the server dynamic additional heat sign indicating number; Order said crypto module 14 to call said clock 15 and generate server dynamic additional heat sign indicating number with identity code register 16 AES information, 13 pairs of two extra-codes of said dynamic additional heat sign indicating number authentication module are compared and are come the authentication server identity.
After said dynamic additional heat sign indicating number authentication module 13 is confirmed server identity; Call said crypto module 14 by dynamic password generation module 17 and combine the information of said clock 15 and identity code register 16 to generate dynamic subscriber's password, and deliver to said display module 11 demonstration outputs to this dynamic subscriber's password.
Between the Verification System server and user password generator that mate each other, can adopt identical AES to produce server dynamic additional heat sign indicating number and dynamic subscriber's password.But, can adopt the different algorithms characteristic between each user password generator.
Requirement to the shared unique user cipher code generator of a plurality of Verification System servers; The crypto module 14 that the present invention proposes user password generator can be supported the design of a plurality of Verification System servers simultaneously; When using, by input module 12 inputs need the server dynamic additional heat sign indicating number of forcible authentications confirm the Verification System server that will use.
The identity code register 16 of user password generator comprises and is divided into a plurality of separate, registers group that safety is isolated, every group of close spoon, algorithm and parameter that all includes with the corresponding AES of this server identity information.A kind of concrete execution mode is all to comprise two kinds of data in each register: one for server identity information, one be with the corresponding Verification System server of this server identity information in the user profile of this user password generator.The user profile of the identical user password generator in the said different authentication system server can be identical, also can be different.
No matter the Verification System of bidirectional dynamic password comprises still a plurality of Verification System servers; All relate to the safety problem of the enciphered message of user password generator production, distribution, use, also can relate to trust and the licensing issue produced between exploitation producer, the user of each system, the user side.
To the safe isolating problem of the enciphered message in the user password generator, particularly under the use scene of many Verification Systems server, must guarantee can not shared enciphered message completely between the different authentication system server between the user of each system.Therefore, need come different encrypted information isolation between the different authentication system server, and need be through effective mandate in many ways when launching.
During the production user password generator, be implanted into AES information to different Verification System servers in user password generator.During the dispatch user cipher code generator; Manufacturer is distributed to the user of Verification System to the peculiar unique cover enciphered message of each Verification System server, and enciphered message that system user obtains only is directed to its Verification System server and user password generator of having.
As shown in Figure 3; The user password generator end produces an authentication request that gets into the Verification System server; The Verification System server generates a server dynamic additional heat sign indicating number according to corresponding AES then according to the sign of the authentication request judges cipher code generator of input.Include the server identity information of said Verification System server in the said server dynamic additional heat sign indicating number, and certain timeliness is arranged.
Server dynamic additional heat sign indicating number front two can be set at the code name of different Verification System servers, can identify authentication according to the dynamic additional heat sign indicating number and go out different Verification System servers.Import this server dynamic additional heat sign indicating number to said user password generator, said user password generator is carried out authentication to this server dynamic additional heat sign indicating number, reads server identity information and calculates comparison, to confirm the identity of said Verification System server.
When said user password generator has been confirmed said Verification System server, and to generate dynamic subscriber's password with the corresponding AES of this Verification System server.Include user profile in said dynamic subscriber's password, and certain timeliness is arranged.If said user password generator can't be confirmed this server dynamic additional heat sign indicating number, then point out user's corresponding error information.
Input this dynamic subscriber's password to said Verification System server, said Verification System server is handled this dynamic subscriber's password, reads corresponding user profile, and compares.If confirmed the user profile of this dynamic subscriber's password, then carry out identity validation, allow the user to carry out the operation of corresponding authority.If do not confirm the user profile of this dynamic subscriber's password, then point out user's corresponding error information.
Claims (10)
1. the authentication method of an enforced bidirectional dynamic password; This method is based on a kind of enforced bidirectional dynamic password Verification System; This dynamic cipher authentication system comprises at least one Verification System server and at least one user password generator, it is characterized in that said authentication method may further comprise the steps A:
Send authentication request to said Verification System server, then said Verification System server binding time information generating comprises server identity information and the server dynamic additional heat sign indicating number of certain timeliness is arranged;
Said user password generator is judged the identity of this Verification System server according to server dynamic additional heat sign indicating number, includes user profile according to the pairing AES binding time of this Verification System server information generating then and dynamic subscriber's password of certain timeliness is arranged;
Send into this dynamic subscriber's password to this Verification System server, this dynamic subscriber's password of this Verification System server authentication is judged the identity of said user password generator.
2. the authentication method of enforced bidirectional dynamic password according to claim 1 is characterized in that, the Verification System of said enforced bidirectional dynamic password comprises plural Verification System server;
Said user password generator stores the server identity information of whole Verification System servers; Said Verification System server stores has the subscriber identity information of associated whole user password generator with it.
3. the authentication method of enforced bidirectional dynamic password according to claim 2 is characterized in that,
Said user password generator adopts identical close spoon, algorithm and parameter to generate said dynamic subscriber's password or verify said server dynamic additional heat sign indicating number between this user password generator and this Verification System server respectively when verifying each other with some Verification System servers.
4. the authentication method of enforced bidirectional dynamic password according to claim 2 is characterized in that,
Said user password generator when verifying each other with different said Verification System servers, employing be that different close spoons, algorithm and parameter come to produce respectively said dynamic subscriber's password.
5. according to the authentication method of claim 3 or 4 described enforced bidirectional dynamic passwords, it is characterized in that,
Said user password generator is stored in close spoon, algorithm and the parameter of the AES of the said server identity information Verification System server corresponding with this server identity information together in groups;
Said user password generator is compared the server identity information that said server dynamic additional heat sign indicating number is comprised, and adopts and the corresponding close spoon of this server identity information, algorithm and parameter generating dynamic subscriber password;
Said Verification System server adopts this close spoon, algorithm and this dynamic subscriber's password of parameter checking.
6. the authentication method of enforced bidirectional dynamic password according to claim 1; It is characterized in that, corresponding each said Verification System server, said user password generator includes one and starts close spoon; Before described steps A or initialization are launched, have the following steps:
Import one and start close spoon to said user password generator, said user password generator is checked the close spoon of this startup, if through checking, then carries out said steps A; Otherwise, finish.
7. the Verification System of an enforced bidirectional dynamic password comprises: at least one Verification System server and at least one user password generator; It is characterized in that:
Said Verification System server comprises: system interface (21), dynamic additional heat sign indicating number generation module (22), authentication module (24), password generating module (23), be used to said password generating module (23) system clock (26) of time data is provided, store all users' user profile and the system database of AES (25);
Said dynamic additional heat sign indicating number generation module (22) is used to receive the authentication request of said system interface (21), and orders said password generating module (23) to generate server dynamic additional heat sign indicating number, and this server dynamic additional heat sign indicating number is exported via said system interface (21); Said authentication module (24) is used to receive dynamic subscriber's password of said system interface (21); Order said password generating module (23) to generate dynamic subscriber's password according to the user profile in dynamic subscriber's password; Confirm the identity of the user password generator that this dynamic subscriber's password is corresponding after said authentication module (24) is compared to two dynamic subscriber's passwords, authentication result is exported via said system interface (21); Said password generating module (23) is a calculation processing unit, is used to combine the AES information of said system database (25) and the temporal information of said system clock (26), generates server dynamic additional heat sign indicating number and dynamic subscriber's password;
Said user password generator comprises: be used to show the display module (11) of output, the input module (12) that is used to import data, dynamic additional heat sign indicating number authentication module (13), dynamic password generation module (17), crypto module (14), be used to said crypto module (14) clock (15) of time data is provided, be used to store the identity code register (16) of particular server identity information and AES;
Server dynamic additional heat sign indicating number via said input module (12) input; Get into said dynamic additional heat sign indicating number authentication module (13); By said dynamic additional heat sign indicating number authentication module (13) according to the server info in the server dynamic additional heat sign indicating number; Order said crypto module (14) to generate server dynamic additional heat sign indicating number; Confirm the identity information of the pairing server of server dynamic additional heat sign indicating number after said dynamic additional heat sign indicating number authentication module (13) is compared to two server dynamic additional heat sign indicating numbers, the server identity information after confirming is exported to said dynamic password generation module (17) or shown output via said display module (11); Said dynamic password generation module (17) is used to receive the server identity information of said dynamic additional heat sign indicating number authentication module (13) output; And order said crypto module (14) to generate dynamic subscriber's password, this dynamic subscriber's password is shown output via said display module (11); Said crypto module (24) is a calculation processing unit, is used to combine the AES information of said identity code register (16) and the temporal information of said clock (15), generates server dynamic additional heat sign indicating number and dynamic subscriber's password;
User password generator produces an authentication request input authentication system server; Generation comprised the server dynamic additional heat sign indicating number of server info and imports user password generator after the Verification System server was received authentication request; After user password generator is received server dynamic additional heat sign indicating number, calculate comparison, confirm the identity of server according to the server info in the server dynamic additional heat sign indicating number; Confirm to generate dynamic subscriber's password and the input authentication system server that comprises user profile after the server identity; After the Verification System server is received dynamic subscriber's password, calculate comparison, confirm user's identity according to the user profile in dynamic subscriber's password.
8. the Verification System of enforced bidirectional dynamic password according to claim 7 is characterized in that, comprises plural Verification System server;
Said identity code register (16) is stored in close spoon, algorithm and the parameter of the AES of the server identity information of the said Verification System server Verification System server corresponding with this server identity information together in groups; Isolated each other between close spoon, algorithm and the parameter of the AES of different server identity information and the Verification System server corresponding and stored with it;
After confirming the pairing Verification System server of said server dynamic additional heat sign indicating number; Said crypto module (14) adopts close spoon, algorithm and the parameter with the pairing AES of this Verification System server, produces dynamic subscriber's password in conjunction with said user profile and time data.
9. according to the Verification System of claim 7 or 8 described enforced bidirectional dynamic passwords, it is characterized in that said server dynamic additional heat sign indicating number is the arabic numeric characters string;
Said input module (12) comprising: be used to switch input pattern and the numerical key of realizing importing the switch key of data shift and being used to switch current input digit.
10. the Verification System of enforced bidirectional dynamic password according to claim 7 is characterized in that, said user password generator also further comprises: be used for the data-interface of exchanges data, said data-interface is connected with said identity code register (16).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810066997A CN101577697B (en) | 2008-05-07 | 2008-05-07 | Authentication method and authentication system for enforced bidirectional dynamic password |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810066997A CN101577697B (en) | 2008-05-07 | 2008-05-07 | Authentication method and authentication system for enforced bidirectional dynamic password |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101577697A CN101577697A (en) | 2009-11-11 |
| CN101577697B true CN101577697B (en) | 2012-09-05 |
Family
ID=41272486
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810066997A Active CN101577697B (en) | 2008-05-07 | 2008-05-07 | Authentication method and authentication system for enforced bidirectional dynamic password |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101577697B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101777984B (en) * | 2010-01-13 | 2012-05-23 | 飞天诚信科技股份有限公司 | Method and system for secure transaction |
| CN101741852B (en) * | 2009-12-31 | 2012-08-08 | 飞天诚信科技股份有限公司 | Authentication method, system and device |
| WO2011079753A1 (en) * | 2009-12-31 | 2011-07-07 | 北京飞天诚信科技有限公司 | Authentication method, authentication trade system and authentication apparatus |
| CN102082788A (en) * | 2010-12-15 | 2011-06-01 | 北京信安世纪科技有限公司 | Equipment and system for preventing phishing |
| CN102571341B (en) * | 2010-12-31 | 2015-09-16 | 中国银联股份有限公司 | A kind of Verification System based on dynamic image and authentication method |
| CN103136875B (en) * | 2011-12-05 | 2015-04-08 | 航天信息股份有限公司 | Method using dynamic password to conduct time limit management on tax-control cash register and system |
| CN102915427A (en) * | 2012-10-12 | 2013-02-06 | 深圳市华阳信通科技发展有限公司 | Two-dimensional code-based bidirectional dynamic authentication method |
| CN105874834B (en) * | 2014-05-19 | 2020-11-06 | 华为技术有限公司 | Wi-Fi access method, device and system |
| CN114978704B (en) * | 2022-05-24 | 2023-07-04 | 北京天融信网络安全技术有限公司 | Password modification method based on server and server |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1599314A (en) * | 2004-08-25 | 2005-03-23 | 湖南大学 | Two-way verification disposable password verification method based on S/KEY system |
| CN1695340A (en) * | 2002-09-19 | 2005-11-09 | 索尼株式会社 | Data processing method, its program, and its device |
| CN101159549A (en) * | 2007-11-08 | 2008-04-09 | 西安西电捷通无线网络通信有限公司 | Bidirectional access authentication method |
| WO2008045773A2 (en) * | 2006-10-10 | 2008-04-17 | Qualcomm Incorporated | Method and apparatus for mutual authentication |
-
2008
- 2008-05-07 CN CN200810066997A patent/CN101577697B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1695340A (en) * | 2002-09-19 | 2005-11-09 | 索尼株式会社 | Data processing method, its program, and its device |
| CN1599314A (en) * | 2004-08-25 | 2005-03-23 | 湖南大学 | Two-way verification disposable password verification method based on S/KEY system |
| WO2008045773A2 (en) * | 2006-10-10 | 2008-04-17 | Qualcomm Incorporated | Method and apparatus for mutual authentication |
| CN101159549A (en) * | 2007-11-08 | 2008-04-09 | 西安西电捷通无线网络通信有限公司 | Bidirectional access authentication method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101577697A (en) | 2009-11-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101577697B (en) | Authentication method and authentication system for enforced bidirectional dynamic password | |
| EP2999189B1 (en) | Network authentication method for secure electronic transactions | |
| EP1829281B1 (en) | Authentication device and/or method | |
| EP2732400B1 (en) | Method and system for verifying an access request | |
| AU2005318933B2 (en) | Authentication device and/or method | |
| US8555079B2 (en) | Token management | |
| US8972719B2 (en) | Passcode restoration | |
| CN101051908B (en) | Dynamic cipher certifying system and method | |
| CN101166085B (en) | Remote unlocking method and system | |
| CN101312453B (en) | User terminal, method for login network service system | |
| KR100548638B1 (en) | Creating and authenticating one time password using smartcard and the smartcard therefor | |
| CN101577917A (en) | Safe dynamic password authentication method based on mobile phone | |
| UA113415C2 (en) | METHOD, SERVER AND PERSONAL AUTHENTICATION SYSTEM | |
| CN104541475A (en) | Abstracted and randomized one-time passwords for transactional authentication | |
| JP2008269610A (en) | Protecting sensitive data intended for remote application | |
| JP7412725B2 (en) | Authentication method and authentication device | |
| CN104125064B (en) | A kind of dynamic cipher authentication method, client and Verification System | |
| TW201544983A (en) | Data communication method and system, client terminal and server | |
| CN104301288A (en) | Method and system for online identity authentication, online transaction certification, and online certification protection | |
| Zhu et al. | Loxin—A solution to password-less universal login | |
| CN201332401Y (en) | Compulsory two-way dynamic password authentication system and user password generator | |
| EP2763346B1 (en) | Mutual anti-piracy authentication system in smartphone-type software tokens and in the sms thereof | |
| KR20080109580A (en) | Server certification system and method thereof | |
| CN110752927A (en) | Equipment for dynamically generating security authentication key and authentication method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |