CN102075547B - Dynamic password generating method and device and authentication method and system - Google Patents
Dynamic password generating method and device and authentication method and system Download PDFInfo
- Publication number
- CN102075547B CN102075547B CN201110040568.2A CN201110040568A CN102075547B CN 102075547 B CN102075547 B CN 102075547B CN 201110040568 A CN201110040568 A CN 201110040568A CN 102075547 B CN102075547 B CN 102075547B
- Authority
- CN
- China
- Prior art keywords
- dynamic password
- information
- transaction information
- customer transaction
- challenge code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention relates to a dynamic password generating method, a dynamic password generating device, an authentication method and an authentication system. The authentication method comprises the following steps that: a transaction system generates and displays a graph which comprises transaction information and/or random information of users; after acquiring the graph displayed by the transaction system, the dynamic password generating device generates a challenge code according to the graph and generates a dynamic password of an authenticated party according to the challenge code; and after receiving the dynamic password of the authenticated party, the transaction system completes authentication by comparing the dynamic password of the authenticated party with a dynamic password of an authenticator, wherein the dynamic password of the authenticator is generated in a mode that the transaction system generates the challenge code according to the transaction information and/or the random information of the users or according to the graph, and generates the dynamic password of the authenticator according to the generated challenge code. The challenge code is not required to be inputted into the dynamic password generating device by the users manually, so user experience is improved, and the transaction efficiency is improved.
Description
Technical field
The present invention relates to information security field, especially a kind of dynamic password formation method and device, authentication method and system.
Background technology
In recent years, follow the fast development of the Internet and Financial Information, Web bank obtains rapidly the generally high praise of user and bank's industry with its facility, the advantage such as efficient.In order to overcome the safety defect of the authentication mode based on static password, a lot of Web banks have adopted the authentication mode based on dynamic password technology.
Dynamic password technology is called again one-time password (One Time Password is called for short OTP) technology, according to the difference of password generating mode, can be divided into time-based dynamic password technology and the dynamic password technology based on challenging/replying.
While adopting time-based dynamic password technology, dynamic password generating device is synchronizeed in time with server, and stores identical key seed; Dynamic password generating device and server are used this key seed dynamic password of (for example, 60 seconds) generation at set intervals; Need to carry out user while authenticating, user is known after current dynamic password by the display screen of dynamic password generating device, at transaction terminal, input this dynamic password, transaction terminal sends to server to authenticate the information such as this dynamic password and user name, static password.
During the dynamic password technology of employing based on challenging/replying, dynamic password generating device has identical key seed with server stores; Need to carry out user while authenticating, server sends transaction terminal from a challenge code to user or mobile phone, and user obtains after challenge code, and challenge code is inputted to dynamic password generating device; Dynamic password generating device is used the challenge code of key seed and user's input to generate answer back code (being dynamic password), user is known after current dynamic password by the display screen of dynamic password generating device, at transaction terminal, input this dynamic password, transaction terminal sends to server to authenticate the information such as this dynamic password and user name, static password.
The above-mentioned authentication mode based on dynamic password technology has overcome the changeless defect of password information in static password checking well, but also there are the following problems:
(1) while adopting time-based dynamic password technology, dynamic password is not to use once to lose efficacy, but effective within a certain period of time, therefore, after this dynamic password is intercepted and captured, hacker can use this dynamic password and server to carry out alternately; For example, user uses after time-based dynamic password login, and hacker can use this dynamic password of intercepting and capturing to carry out follow-up operation immediately.Be that the time-based dynamic password technology of existing employing exists larger potential safety hazard.
(2), while adopting the dynamic password technology based on challenging/replying, user must input the challenge code that server sends in dynamic password generating device; For the ease of user, carry, the size of dynamic password generating device is conventionally less, thus user in dynamic password generating device, to input challenge code very inconvenient.
In addition, also there are the following problems for the existing dynamic password technology based on challenging/replying:
(I) because challenge code is that server produces at random, irrelevant with Transaction Information and user profile (can be referred to as customer transaction information), if this challenge code is oversize, can causes user to input inconvenience, and easily cause input error, user experiences poor.
(II), because challenge code in the existing dynamic password technology based on challenging/replying is that server produces at random, irrelevant with Transaction Information and user profile (can be referred to as customer transaction information), user cannot confirm transaction according to challenge code.
Summary of the invention
Technical problem to be solved by this invention is, overcomes the deficiencies in the prior art, provides a kind of and can input by hand without user dynamic password formation method and device, authentication method and the system of challenge code.
In order to address the above problem, the invention provides a kind of authentication method, the method comprises:
Transaction system generates and shows the figure that comprises customer transaction information and/or random information;
Dynamic password generating device collects after the described figure of transaction system demonstration, according to described figure, generates challenge code, and according to the challenge code of its generation, generates certified side's dynamic password;
Transaction system receives after described certified side's dynamic password, by the dynamic password of itself and authenticating party is carried out recently completing authentication;
Wherein, the dynamic password of described authenticating party generates in the following way: described transaction system is according to described customer transaction information and/or random information or generate challenge code according to described figure, and according to the challenge code of its generation, generates the dynamic password of described authenticating party.
In addition, in described figure, comprise described customer transaction information or described customer transaction information and random information;
Described dynamic password generating device collects after the described figure that transaction system shows, according to described figure, generates before challenge code, also comprises following steps: show described figure or show that the customer transaction information of extracting confirms for user from described figure; And the confirmation that receives user is indicated.
In addition, described dynamic password generating device and transaction system generate challenge code according to described figure in the following way:
From described figure, extract described customer transaction information and/or random information;
According to described customer transaction information and/or random information, generate described challenge code.
In addition, described dynamic password generating device generates challenge code according to described figure in the following way: from described figure, extract described customer transaction information and/or random information; According to described customer transaction information and/or random information, generate described challenge code;
Described transaction system generates described challenge code according to described customer transaction information and/or random information.
In addition, described dynamic password generating device and transaction system generate challenge code according to described figure in the following way:
From described figure, extract the coded message of described customer transaction information and/or random information;
According to described coded message, generate described challenge code.
In addition the figure that comprises customer transaction information, is bar code.
In addition, described bar code is two-dimensional bar.
In addition, described figure is character image.
The present invention also provides a kind of dynamic password formation method, and the method comprises:
Transaction system generates and shows the figure that comprises customer transaction information and/or random information;
Dynamic password generating device collects after the described figure of transaction system demonstration, according to described figure, generates challenge code, and according to the challenge code of its generation, generates certified side's dynamic password;
Transaction system is according to described customer transaction information and/or random information or generate challenge code according to described figure, and according to the challenge code of its generation, generates the dynamic password of authenticating party.
In addition, in described figure, comprise described customer transaction information or described customer transaction information and random information;
Described dynamic password generating device collects after the described figure that transaction system shows, according to described figure, generates before challenge code, also comprises following steps: show described figure or show that the customer transaction information of extracting confirms transaction for user from described figure; Receive user's confirmation indication.
In addition, described dynamic password generating device and transaction system generate challenge code according to described figure in the following way:
From described figure, extract described customer transaction information and/or random information;
According to described customer transaction information and/or random information, generate described challenge code.
In addition, described dynamic password generating device generates challenge code according to described figure in the following way: from described figure, extract described customer transaction information and/or random information; According to described customer transaction information and/or random information, generate described challenge code;
Described transaction system generates described challenge code according to described customer transaction information and/or random information.
In addition, described dynamic password generating device and transaction system generate challenge code according to described figure in the following way:
From described figure, extract the coded message of described customer transaction information and/or random information;
According to described coded message, generate described challenge code.
In addition the figure that comprises customer transaction information, is bar code.
In addition, described bar code is two-dimensional bar.
In addition, described figure is character image.
The present invention also provides a kind of Verification System, it is characterized in that, this system comprises: dynamic password generating device and transaction system, wherein:
Described transaction system is used for generating and showing the figure that comprises customer transaction information and/or random information;
The described figure that described dynamic password generating device shows for gathering described transaction system, generates challenge code according to described figure, and according to the challenge code of its generation, generates certified side's dynamic password;
Described transaction system is also for after receiving described certified side's dynamic password, by the dynamic password of itself and authenticating party is carried out recently completing authentication;
Wherein, described transaction system is also for generating in the following way the dynamic password of described authenticating party: described transaction system is according to described customer transaction information and/or random information or generate challenge code according to described figure, and according to the challenge code of its generation, generates the dynamic password of described authenticating party.
In addition, in described figure, comprise described customer transaction information or described customer transaction information and random information;
Described dynamic password generating device collects after the described figure that transaction system shows, according to described figure, generates before challenge code, also for carrying out following operation: show described figure or show that the customer transaction information of extracting from described figure confirms for user; And the confirmation that receives user is indicated.
In addition, described dynamic password generating device and transaction system are for generating challenge code according to described figure in the following way:
From described figure, extract described customer transaction information and/or random information;
According to described customer transaction information and/or random information, generate described challenge code.
In addition, described dynamic password generating device is for generating challenge code according to described figure in the following way: from described figure, extract described customer transaction information and/or random information; According to described customer transaction information and/or random information, generate described challenge code;
Described transaction system is for generating described challenge code according to described customer transaction information and/or random information.
In addition, described dynamic password generating device and transaction system are for generating challenge code according to described figure in the following way:
From described figure, extract the coded message of described customer transaction information and/or random information;
According to described coded message, generate described challenge code.
In addition the figure that comprises customer transaction information, is bar code.
In addition, described bar code is two-dimensional bar.
In addition, described figure is character image.
The present invention also provides a kind of dynamic password generating device, comprising: dynamic password generation module, and display module, is characterized in that, this device also comprises: figure acquiring and identifying module; Wherein:
Described figure acquiring and identifying module is for gathering the figure that comprises customer transaction information and/or random information; And extract from described figure: the coded message of described customer transaction information and/or random information or described customer transaction information and/or random information, and send it to described dynamic password generation module;
Described dynamic password generation module is for after receiving the described customer transaction information of described figure acquiring and identifying module transmission and/or the coded message of random information or described customer transaction information and/or random information, according to the coded message of described customer transaction information and/or random information or described customer transaction information and/or random information, generate challenge code, and generate dynamic password according to the challenge code of its generation; The dynamic password of its generation is sent to described display module;
The described dynamic password of described display module for showing that described dynamic password generation module sends.
In addition, this device also comprises: user confirms module; Wherein:
In described figure, comprise described customer transaction information or described customer transaction information and random information;
Described figure acquiring and identifying module also, for after collecting described figure, is sent to described display module by described figure;
Described display module is the described figure for showing that described figure acquiring and identifying module sends also;
User confirms that module is used for, after the confirmation indication that receives user, sending dynamic password generate indication to described dynamic password generation module;
Described dynamic password generation module, after receiving described dynamic password generation indication, is carried out the operation of described generation challenge code.
In addition, this device also comprises: user confirms module; Wherein:
In described figure, comprise described customer transaction information or described customer transaction information and random information;
Described figure acquiring and identifying module, also for after collecting described figure, extracts described customer transaction information from described figure, and described customer transaction information is sent to described display module;
Described display module is the described customer transaction information for showing that described figure acquiring and identifying module sends also;
User confirms that module is used for, after the confirmation indication that receives user, sending dynamic password generate indication to described dynamic password generation module;
Described dynamic password generation module, after receiving described dynamic password generation indication, is carried out the operation of described generation challenge code.
In addition the figure that comprises customer transaction information, is bar code.
In addition, described bar code is two-dimensional bar.
In addition, described figure is character image.
In sum, the challenge code in the present invention inputs to dynamic password generating device by hand without user, has improved user's experience, and has improved trading efficiency.
In addition, in the present invention, for generating the challenge code of dynamic password, comprised customer transaction information, and dynamic password apparatus can be shown to user by customer transaction information before generating challenge code, for user, transaction is confirmed, therefore compare with challenge code generating mode of the prior art, improved the fail safe of dynamic password.
In addition, the present invention can also generate figure by random information together with customer transaction information, for dynamic password generating device collection and extraction (identification), and dynamic password generating device and transaction system be user's Transaction Information and random information generation dynamic password simultaneously, can further improve the fail safe of dynamic password.
Accompanying drawing explanation
Fig. 1 is the structural representation of Verification System of the present invention;
Fig. 2 is the authentication method flow chart of first embodiment of the invention;
Fig. 3 is the authentication method flow chart of second embodiment of the invention;
Fig. 4 is the dynamic password formation method flow chart of first embodiment of the invention;
Fig. 5 is the dynamic password formation method flow chart of second embodiment of the invention;
Fig. 6 is the structural representation of embodiment of the present invention dynamic password generating device.
Embodiment
Core of the present invention is, generation comprises and (or is called expression, as follows) figure of customer transaction information (or is called image, as follows), and be presented on the transaction terminal of transaction system (authentication authorization and accounting side), user's (being certified side) uses the dynamic password generating device with figure collection and recognition function to gather above-mentioned figure from transaction terminal, and (extract in other words according to the figure identification collecting, as follows) all or part of customer transaction information that wherein comprises, and according to the customer transaction Information generation challenge code collecting, according to this challenge code, generate the dynamic password (being certified side's dynamic password) for authenticating, in addition, transaction system end also adopts corresponding mode to generate identical challenge code, and generates the dynamic password of identical authenticating party.
In addition, dynamic password generating device can generate before challenge code and dynamic password according to the figure collecting, show the figure that comprises customer transaction information collecting, so that user to user Transaction Information confirms, wait for that user confirms that rear dynamic password generating device carries out the operation that generates challenge code and dynamic password again.
Below in conjunction with drawings and Examples, describe the present invention.
Fig. 1 is the structural representation of Verification System of the present invention; As shown in Figure 1, this Verification System comprises: transaction system, dynamic password generating device (token as shown in Figure 1); Wherein:
Transaction system can comprise: transaction terminal and certificate server; Certainly, transaction terminal and certificate server also can be merged into an entity device.
Transaction system being for generating and show the figure that comprises customer transaction information, from this Graph Extraction customer transaction information, and uses the customer transaction Information generation challenge code of this extraction; Or directly user's Transaction Information generates challenge code, generates the dynamic password of transaction system end according to this challenge code.
The above-mentioned figure that dynamic password generating device shows for gathering transaction system, and from this figure, extract customer transaction information, and use the customer transaction Information generation challenge code of this extraction, according to this challenge code, generate and show the dynamic password of dynamic password generating device end.
So far, user can authenticate (comprising: authentication and/or transaction authentication) by the dynamic password input transaction system of dynamic password generating device end.
The concrete function of above-mentioned Verification System is described in more detail below.
the first authentication method embodiment
Fig. 2 is the authentication method flow chart of first embodiment of the invention.In the present embodiment, the transaction system that comprises discrete transaction terminal and certificate server of take is described authentication method of the present invention as example.As shown in Figure 2, the method comprises:
201, the figure that transaction terminal comprises customer transaction information according to current customer transaction Information generation, and be presented on display screen;
Above-mentioned transaction terminal can be the ATM (Automated Teller Machine, ATM) of bank, can be also the equipment such as PC.
Above-mentioned customer transaction information can comprise: user profile and/or current Transaction Information.For example: user name, account, dealing money etc.
Above-mentioned figure can be the bar code (comprising or represent the bar code of customer transaction information) generating after customer transaction information is encoded, and above-mentioned bar code can be one-dimensional bar code or two-dimensional bar (being called for short one dimension code or Quick Response Code).Preferably, in order to comprise more information, above-mentioned figure is two-dimensional bar.
If above-mentioned figure is bar code, need to according to adopted barcode encoding mode, to customer transaction information, encodes to customer transaction information, and generate corresponding bar code figure according to coded message.The coded system of bar code can adopt: Code39 code (39 yards of standards), Codabar code (Ku Deba code), Code25 code (25 yards of standards), ITF25 code (intersecting 25 yards), Matrix25 code (25 yards, matrix), UPC-A code, UPC-E code, EAN-13 code (EAN-13 international commodity bar code), EAN-8 code (EAN-8 international commodity bar code), Code128 code (Code128 code comprises EAN128 code) etc.Two-dimensional bar code can adopt: PDF417 code, Code49 code, Code 16K code, Data Matrix code, MaxiCode code etc.
Certainly, above-mentioned figure can be also the character image that comprises customer transaction information, and for the ease of gathering, above-mentioned character image may be displayed on the specific region of display screen, for example, in display screen rectangular area.
202, transaction terminal sends to certificate server by customer transaction information or above-mentioned figure.
203, after the above-mentioned figure that comprises customer transaction information that certificate server receives, according to this figure, generate challenge code; Certainly, if transaction terminal sends to certificate server by customer transaction information, certificate server is directly according to customer transaction Information generation challenge code;
The above-mentioned step according to figure generation challenge code can be:
203a, certificate server extracts customer transaction information from the above-mentioned figure that comprises customer transaction information;
According to the difference of graph style, the mode of extracting customer transaction information from figure is also different.
If figure is bar code, adopt bar code recognition of the prior art and corresponding decoding technique can from figure, extract customer transaction information;
If figure, for adopting the character image of customer transaction Information generation, adopts existing OCR (Optical Character Recognition, optical character identification) technology can extract the customer transaction information wherein comprising from figure.For example, customer transaction information is account name: " Zhang San ", above-mentioned character image is for being presented at " Zhang San " pattern on display screen.
203b, certificate server is according to customer transaction Information generation challenge code.
The above-mentioned step according to customer transaction Information generation challenge code can be:
203x, certificate server extracts all or part of information from customer transaction information, and this information is carried out to Hash operation, obtains cryptographic Hash H;
203y, certificate server is usingd predefined rule and from above-mentioned cryptographic Hash H, is extracted all or part of data as challenge code;
Above-mentioned predefined rule can be: from highest order, start to extract continuously the individual bit of n (n is greater than 1 integer).
204, certificate server is used the key seed of local storage to be encrypted computing to the challenge code of its generation, obtains the dynamic password (dynamic password of authentication authorization and accounting side) of certificate server end.
205, user uses the figure collecting unit of dynamic password generating device to gather being presented at the above-mentioned figure that comprises customer transaction information of transaction terminal;
Above-mentioned figure collecting unit can be camera, or special-purpose bar code scanner.
206, dynamic password generating device shows the figure that comprises customer transaction information collecting, and for user to user Transaction Information, confirms, waits for that user confirms; After user confirms, (receive after user's confirmation indication) and carry out next step;
User's confirmation indication can be that user presses the push button signalling that the acknowledgement key on dynamic password generating device generates.
This step is optional step.
207, dynamic password generating device generates challenge code according to the figure that comprises customer transaction information collecting;
The above-mentioned method according to figure generation challenge code is identical with certificate server end, can be referring to the description of step 203.
208, dynamic password generating device is used the key seed of local storage to be encrypted computing to the challenge code of its generation, obtains the dynamic password (being certified side's dynamic password) of dynamic password generating device end.
It should be noted that due to dynamic password generating device with in certificate server, preserve identical key seed, the dynamic password therefore generating is identical.
209, dynamic password generating device is showing the above-mentioned dynamic password of its generation of screen display.
210, user reads after the dynamic password of its demonstration from dynamic password generating device, is inputted transaction terminal.
211, transaction terminal sends to certificate server to authenticate the dynamic password of the dynamic password generating device end of user's input, and after authentication is passed through, transaction terminal completes follow-up authentication and/or trading processing.
the second authentication method embodiment
Fig. 3 is the authentication method flow chart of second embodiment of the invention.The difference of the present embodiment and the first embodiment is, generates challenge code, and send it to certificate server in the present embodiment by transaction terminal.As shown in Figure 3, the method comprises:
301, transaction terminal is according to current customer transaction Information generation figure, and is presented on display screen;
302, transaction terminal generates challenge code according to the above-mentioned figure that comprises customer transaction information, or directly according to customer transaction Information generation challenge code;
The above-mentioned step according to figure generation challenge code can be:
302a, transaction terminal extracts customer transaction information from the above-mentioned figure that comprises customer transaction information;
302b, transaction terminal is according to customer transaction Information generation challenge code.
The above-mentioned step according to customer transaction Information generation challenge code can be:
302x, transaction terminal extracts all or part of information from customer transaction information, and this information is carried out to Hash operation, obtains cryptographic Hash H;
302y, transaction terminal is usingd predefined rule and from above-mentioned cryptographic Hash H, is extracted all or part of data as challenge code.
303, transaction terminal sends to certificate server by the challenge code of its generation;
304, certificate server is used the key seed of local storage to be encrypted computing to the challenge code receiving, and obtains the dynamic password (dynamic password of authentication authorization and accounting side) of certificate server end.
305, user uses the figure collecting unit of dynamic password generating device to gather being presented at the above-mentioned figure that comprises customer transaction information of transaction terminal;
306, dynamic password generating device shows the figure that comprises customer transaction information collecting, and for user to user Transaction Information, confirms, waits for that user confirms; After user confirms, (receive after user's confirmation indication) and carry out next step;
User's confirmation indication can be that user presses the push button signalling that the acknowledgement key on dynamic password generating device generates.
This step is optional step.
307, dynamic password generating device generates challenge code according to the figure that comprises customer transaction information collecting;
The above-mentioned method according to figure generation challenge code is identical with certificate server end, can be referring to the description of step 203.
308, dynamic password generating device is used the key seed of local storage to be encrypted computing to the challenge code of its generation, obtains the dynamic password (being certified side's dynamic password) of dynamic password generating device end.
It should be noted that due to dynamic password generating device with in certificate server, preserve identical key seed, the dynamic password therefore generating is identical.
309, dynamic password generating device is showing the above-mentioned dynamic password of its generation of screen display.
310, user reads after the dynamic password of its demonstration from dynamic password generating device, is inputted transaction terminal.
311, transaction terminal sends to certificate server to authenticate the dynamic password of the dynamic password generating device end of user's input, and after authentication is passed through, transaction terminal completes follow-up authentication and/or trading processing.The first dynamic password formation method embodiment
Fig. 4 is the dynamic password formation method flow chart of first embodiment of the invention.In the present embodiment, the transaction system that comprises discrete transaction terminal and certificate server of take is described dynamic password formation method of the present invention as example.As shown in Figure 4, the first authentication method embodiment shown in the dynamic password formation method of first embodiment of the invention and Fig. 2 is basic identical, and difference is only that the dynamic password formation method of first embodiment of the invention has omitted step 210 and 211.
The second dynamic password formation method embodiment
Fig. 5 is the dynamic password formation method flow chart of second embodiment of the invention.In the present embodiment, the transaction system that comprises discrete transaction terminal and certificate server of take is described dynamic password formation method of the present invention as example.As shown in Figure 5, the second authentication method embodiment shown in the dynamic password formation method of second embodiment of the invention and Fig. 3 is basic identical, and difference is only that the dynamic password formation method of second embodiment of the invention has omitted step 310 and 311.
Fig. 6 is the structural representation of embodiment of the present invention dynamic password generating device; As shown in Figure 6, this device comprises: dynamic password generation module, display module; Wherein:
Figure acquiring and identifying module is for gathering the figure that comprises customer transaction information and/or random information; And extract from figure: the coded message of customer transaction information and/or random information or customer transaction information and/or random information, and send it to dynamic password generation module;
Dynamic password generation module is for after receiving the customer transaction information of figure acquiring and identifying module transmission and/or the coded message of random information or customer transaction information and/or random information, according to the coded message of customer transaction information and/or random information or customer transaction information and/or random information, generate challenge code, and generate dynamic password according to the challenge code of its generation; The dynamic password of its generation is sent to display module;
The dynamic password of display module for showing that dynamic password generation module sends.
In addition, in figure, comprise customer transaction information or customer transaction information and random information;
Figure acquiring and identifying module also, for after collecting figure, is sent to display module by figure; The figure that display module also sends for display graphics acquiring and identifying module; User confirms that module is used for, after the confirmation indication that receives user, sending dynamic password generate indication to dynamic password generation module; Dynamic password generation module, after receiving dynamic password generation indication, is carried out the operation that generates challenge code; Or:
Figure acquiring and identifying module, also for after collecting figure, extracts customer transaction information from figure, and customer transaction information is sent to display module; The customer transaction information that display module also sends for display graphics acquiring and identifying module; User confirms that module is used for, after the confirmation indication that receives user, sending dynamic password generate indication to dynamic password generation module; Dynamic password generation module, after receiving dynamic password generation indication, is carried out the operation that generates challenge code.
The figure that comprises customer transaction information can be bar code, and preferably, bar code is two-dimensional bar.
In addition, figure can be character image.
According to basic principle of the present invention, above-described embodiment can also have multiple mapping mode, for example:
(1) in the above-described embodiments, transaction system (authentication authorization and accounting side) and dynamic password generating device are all that user's Transaction Information generates challenge code;
In other embodiments of the invention, the coded message that transaction system and dynamic password generating device also can user's Transaction Informations generates challenge code.
For example, if above-mentioned, comprise the figure of customer transaction information for adopting PDF417 code as the Quick Response Code of coding/decoding mode, customer transaction information generates the code word data being comprised of binary data after coding, for code word data generates after error correction code word, generate the figure that comprises code word data and error correction code word.Above-mentioned code word data and/or error correction code word are exactly the coded message of customer transaction information.Therefore, transaction system and dynamic password generating device identification obtain after above-mentioned coded message, without it is decoded, can directly according to above-mentioned coded message, generate challenge code.
(2) in the above-described embodiments, transaction system (authentication authorization and accounting side) and dynamic password generating device are all that the coded message of user's Transaction Information or customer transaction information generates challenge code; Therefore in the figure that, transaction system shows, only comprise customer transaction information;
In other embodiments of the invention, (for example in above-mentioned figure, also comprise the random information of transaction system (transaction terminal) generation, random number, random character etc.), above-mentioned random information can carry out barcode encoding and demonstration together with customer transaction information; In addition, above-mentioned random information also can be presented on display screen for dynamic password generating device collection and extraction as character image together with customer transaction information; And transaction system and dynamic password generating device be user's Transaction Information and random information generation challenge code simultaneously.
If use random information and customer transaction Information generation challenge code simultaneously, in above-mentioned the first embodiment, can generate random information by the transaction terminal in transaction system, and it be sent to together with customer transaction information to the certificate server in transaction system; In above-mentioned the second embodiment, can generate random information by transaction terminal, and generate challenge code according to customer transaction information and random information.
(3) in the above embodiment of the present invention, dynamic password generating device is after collecting the figure that comprises customer transaction information, display it to user, for user, transaction (to customer transaction information) is confirmed, after user confirms, dynamic password generating device generates challenge code and dynamic password according to this figure again;
In other embodiments of the invention, dynamic password generating device can extract (adopting the technology such as challenge code identification or OCR) customer transaction information from above-mentioned figure, and with mode word, is shown to user and confirms for user.
Claims (30)
1. an authentication method, is characterized in that, the method comprises:
Transaction system generates and shows the figure that comprises customer transaction information and/or random information;
Dynamic password generating device collects after the described figure of transaction system demonstration, according to described figure, generates challenge code, and according to the challenge code of its generation, generates certified side's dynamic password;
Transaction system receives after described certified side's dynamic password, by the dynamic password of itself and authenticating party is carried out recently completing authentication;
Wherein, the dynamic password of described authenticating party generates in the following way: described transaction system is according to described customer transaction information and/or random information or generate challenge code according to described figure, and according to the challenge code of its generation, generates the dynamic password of described authenticating party.
2. the method for claim 1, is characterized in that,
In described figure, comprise described customer transaction information or described customer transaction information and random information;
Described dynamic password generating device collects after the described figure that transaction system shows, according to described figure, generates before challenge code, also comprises following steps: show described figure or show that the customer transaction information of extracting confirms for user from described figure; And the confirmation that receives user is indicated.
3. the method for claim 1, is characterized in that,
Described dynamic password generating device and transaction system generate challenge code according to described figure in the following way:
From described figure, extract described customer transaction information and/or random information;
According to described customer transaction information and/or random information, generate described challenge code.
4. the method for claim 1, is characterized in that,
Described dynamic password generating device generates challenge code according to described figure in the following way: from described figure, extract described customer transaction information and/or random information; According to described customer transaction information and/or random information, generate described challenge code;
Described transaction system generates described challenge code according to described customer transaction information and/or random information.
5. the method for claim 1, is characterized in that,
Described dynamic password generating device and transaction system generate challenge code according to described figure in the following way:
From described figure, extract the coded message of described customer transaction information and/or random information;
According to described coded message, generate described challenge code.
6. the method as described in arbitrary claim in claim 1 to 5, is characterized in that,
The described figure that comprises customer transaction information is bar code.
7. method as claimed in claim 6, is characterized in that,
Described bar code is two-dimensional bar.
8. the method as described in arbitrary claim in claim 1 to 5, is characterized in that,
Described figure is character image.
9. a dynamic password formation method, is characterized in that, the method comprises:
Transaction system generates and shows the figure that comprises customer transaction information and/or random information;
Dynamic password generating device collects after the described figure of transaction system demonstration, according to described figure, generates challenge code, and according to the challenge code of its generation, generates certified side's dynamic password;
Transaction system is according to described customer transaction information and/or random information or generate challenge code according to described figure, and according to the challenge code of its generation, generates the dynamic password of authenticating party.
10. method as claimed in claim 9, is characterized in that,
In described figure, comprise described customer transaction information or described customer transaction information and random information;
Described dynamic password generating device collects after the described figure that transaction system shows, according to described figure, generates before challenge code, also comprises following steps: show described figure or show that the customer transaction information of extracting confirms transaction for user from described figure; Receive user's confirmation indication.
11. methods as claimed in claim 9, is characterized in that,
Described dynamic password generating device and transaction system generate challenge code according to described figure in the following way:
From described figure, extract described customer transaction information and/or random information;
According to described customer transaction information and/or random information, generate described challenge code.
12. methods as claimed in claim 9, is characterized in that,
Described dynamic password generating device generates challenge code according to described figure in the following way: from described figure, extract described customer transaction information and/or random information; According to described customer transaction information and/or random information, generate described challenge code;
Described transaction system generates described challenge code according to described customer transaction information and/or random information.
13. methods as claimed in claim 9, is characterized in that,
Described dynamic password generating device and transaction system generate challenge code according to described figure in the following way:
From described figure, extract the coded message of described customer transaction information and/or random information;
According to described coded message, generate described challenge code.
14. methods as described in arbitrary claim in claim 9 to 13, is characterized in that,
The described figure that comprises customer transaction information is bar code.
15. methods as claimed in claim 14, is characterized in that,
Described bar code is two-dimensional bar.
16. methods as described in arbitrary claim in claim 9 to 13, is characterized in that,
Described figure is character image.
17. 1 kinds of Verification Systems, is characterized in that, this system comprises: dynamic password generating device and transaction system, wherein:
Described transaction system is used for generating and showing the figure that comprises customer transaction information and/or random information;
The described figure that described dynamic password generating device shows for gathering described transaction system, generates challenge code according to described figure, and according to the challenge code of its generation, generates certified side's dynamic password;
Described transaction system is also for after receiving described certified side's dynamic password, by the dynamic password of itself and authenticating party is carried out recently completing authentication;
Wherein, described transaction system is also for generating in the following way the dynamic password of described authenticating party: described transaction system is according to described customer transaction information and/or random information or generate challenge code according to described figure, and according to the challenge code of its generation, generates the dynamic password of described authenticating party.
18. systems as claimed in claim 17, is characterized in that,
In described figure, comprise described customer transaction information or described customer transaction information and random information;
Described dynamic password generating device collects after the described figure that transaction system shows, according to described figure, generates before challenge code, also for carrying out following operation: show described figure or show that the customer transaction information of extracting from described figure confirms for user; And the confirmation that receives user is indicated.
19. systems as claimed in claim 17, is characterized in that,
Described dynamic password generating device and transaction system are for generating challenge code according to described figure in the following way:
From described figure, extract described customer transaction information and/or random information;
According to described customer transaction information and/or random information, generate described challenge code.
20. systems as claimed in claim 17, is characterized in that,
Described dynamic password generating device is for generating challenge code according to described figure in the following way: from described figure, extract described customer transaction information and/or random information; According to described customer transaction information and/or random information, generate described challenge code;
Described transaction system is for generating described challenge code according to described customer transaction information and/or random information.
21. systems as claimed in claim 17, is characterized in that,
Described dynamic password generating device and transaction system are for generating challenge code according to described figure in the following way:
From described figure, extract the coded message of described customer transaction information and/or random information;
According to described coded message, generate described challenge code.
22. systems as described in arbitrary claim in claim 17 to 21, is characterized in that,
The described figure that comprises customer transaction information is bar code.
23. the system as claimed in claim 22, is characterized in that,
Described bar code is two-dimensional bar.
24. systems as described in arbitrary claim in claim 17 to 21, is characterized in that,
Described figure is character image.
25. 1 kinds of dynamic password generating devices, comprising: dynamic password generation module, and display module, is characterized in that, this device also comprises: figure acquiring and identifying module; Wherein:
Described figure acquiring and identifying module is for gathering the figure that comprises customer transaction information and/or random information; And extract from described figure: the coded message of described customer transaction information and/or random information or described customer transaction information and/or random information, and send it to described dynamic password generation module;
Described dynamic password generation module is for after receiving the described customer transaction information of described figure acquiring and identifying module transmission and/or the coded message of random information or described customer transaction information and/or random information, according to the coded message of described customer transaction information and/or random information or described customer transaction information and/or random information, generate challenge code, and generate dynamic password according to the challenge code of its generation; The dynamic password of its generation is sent to described display module;
The described dynamic password of described display module for showing that described dynamic password generation module sends.
26. devices as claimed in claim 25, is characterized in that, this device also comprises: user confirms module; Wherein:
In described figure, comprise described customer transaction information or described customer transaction information and random information;
Described figure acquiring and identifying module also, for after collecting described figure, is sent to described display module by described figure;
Described display module is the described figure for showing that described figure acquiring and identifying module sends also;
User confirms that module is used for, after the confirmation indication that receives user, sending dynamic password generate indication to described dynamic password generation module;
Described dynamic password generation module, after receiving described dynamic password generation indication, is carried out the operation of described generation challenge code.
27. devices as claimed in claim 25, is characterized in that, this device also comprises: user confirms module; Wherein:
In described figure, comprise described customer transaction information or described customer transaction information and random information;
Described figure acquiring and identifying module, also for after collecting described figure, extracts described customer transaction information from described figure, and described customer transaction information is sent to described display module;
Described display module is the described customer transaction information for showing that described figure acquiring and identifying module sends also;
User confirms that module is used for, after the confirmation indication that receives user, sending dynamic password generate indication to described dynamic password generation module;
Described dynamic password generation module, after receiving described dynamic password generation indication, is carried out the operation of described generation challenge code.
28. devices as described in arbitrary claim in claim 25 to 27, is characterized in that,
The described figure that comprises customer transaction information is bar code.
29. devices as claimed in claim 28, is characterized in that,
Described bar code is two-dimensional bar.
30. devices as described in arbitrary claim in claim 25 to 27, is characterized in that,
Described figure is character image.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110040568.2A CN102075547B (en) | 2011-02-18 | 2011-02-18 | Dynamic password generating method and device and authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110040568.2A CN102075547B (en) | 2011-02-18 | 2011-02-18 | Dynamic password generating method and device and authentication method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102075547A CN102075547A (en) | 2011-05-25 |
| CN102075547B true CN102075547B (en) | 2014-03-26 |
Family
ID=44033890
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110040568.2A Active CN102075547B (en) | 2011-02-18 | 2011-02-18 | Dynamic password generating method and device and authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102075547B (en) |
Families Citing this family (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102347942B (en) * | 2011-07-01 | 2016-09-28 | 飞天诚信科技股份有限公司 | A kind of information security method based on image acquisition and system |
| CN102509037B (en) * | 2011-10-10 | 2015-05-20 | 北京宏基恒信科技有限责任公司 | Trading system, method and device |
| CN102387020B (en) * | 2011-10-20 | 2015-06-17 | 天地融科技股份有限公司 | Dynamic password generating device as well as dynamic password implementing method and system |
| CN102368230A (en) * | 2011-10-31 | 2012-03-07 | 北京天地融科技有限公司 | Mobile memory and access control method thereof as well as system |
| CN102387150B (en) * | 2011-10-31 | 2014-11-26 | 天地融科技股份有限公司 | Access control method and system of mobile memory and mobile memory |
| CN102377783B (en) * | 2011-11-07 | 2014-03-12 | 飞天诚信科技股份有限公司 | Dynamic password generation and authentication method and dynamic password generation and authentication system |
| CN102377784B (en) * | 2011-11-24 | 2014-06-04 | 飞天诚信科技股份有限公司 | Dynamic password identification method and system |
| CN102592090A (en) * | 2011-12-30 | 2012-07-18 | 深圳市文鼎创数据科技有限公司 | Input method and input device of challenge type dynamic token challenge questions |
| CN102664736A (en) * | 2012-04-13 | 2012-09-12 | 天地融科技股份有限公司 | Electronic cipher generating method, device and equipment and electronic cipher authentication system |
| KR20130132672A (en) * | 2012-05-21 | 2013-12-05 | 김주한 | Mobile communication terminal for use as a payment terminal applications and application service provider system and method |
| CN103516674B (en) * | 2012-06-21 | 2016-10-12 | 棣南股份有限公司 | Quickly and the method for network device online and control device |
| CN102801724A (en) * | 2012-08-09 | 2012-11-28 | 长城瑞通(北京)科技有限公司 | Identity authentication method combining graphic image with dynamic password |
| CN103020574A (en) * | 2012-11-22 | 2013-04-03 | 北京握奇数据系统有限公司 | OTP (One Time Password) equipment and method combining photographing and bar code indentifying technologies |
| CN102970307B (en) * | 2012-12-21 | 2016-01-13 | 网秦无限(北京)科技有限公司 | Cipher safety system and password safety method |
| CN103269328A (en) * | 2013-03-08 | 2013-08-28 | 陈景辉 | Authentication system based on graphic information exchange and method thereof |
| CN103218740A (en) * | 2013-03-13 | 2013-07-24 | 北京宏基恒信科技有限责任公司 | Trading system, method and device using two-dimension codes |
| GB2515057B (en) * | 2013-06-12 | 2016-02-24 | Cryptomathic Ltd | System and Method for Obtaining a Digital Signature |
| CN104253689B (en) * | 2013-06-28 | 2018-10-23 | 中国电信股份有限公司 | Subscriber card verifying dynamic password method and system based on Quick Response Code |
| CN103475481A (en) * | 2013-09-06 | 2013-12-25 | 天地融科技股份有限公司 | Token and dynamic password generating method, dynamic password authentication method and system |
| CN103580873B (en) * | 2013-11-15 | 2017-06-06 | 清华大学 | Identity identifying method, system and cipher protection apparatus |
| CN103684784B (en) * | 2013-12-06 | 2017-01-25 | 上海众人网络安全技术有限公司 | Two-factor identity authentication method based on Chinese character format information |
| CN103647649B (en) * | 2013-12-18 | 2017-03-29 | 上海众人网络安全技术有限公司 | A kind of Dual-factor identity authentication method based on light-wave information |
| CN103745151B (en) * | 2014-01-08 | 2017-01-25 | 杭州晟元数据安全技术股份有限公司 | Method for authenticating identity through combination of two-dimension codes and dynamic passwords |
| CN104021328B (en) * | 2014-06-24 | 2018-02-06 | 上海众人网络安全技术有限公司 | Fishing website discrimination method and system based on light sensation technology |
| JP6460679B2 (en) * | 2014-08-13 | 2019-01-30 | 株式会社野村総合研究所 | Authentication system, authentication method, and authentication program |
| JP6454493B2 (en) * | 2014-08-13 | 2019-01-16 | 株式会社野村総合研究所 | Authentication system, authentication method, and authentication program |
| EP3013014A1 (en) * | 2014-10-21 | 2016-04-27 | Gemalto Sa | Method for accessing a service, corresponding first device, second device and system |
| CN105721155B (en) * | 2014-12-05 | 2019-01-25 | 北京握奇智能科技有限公司 | A kind of data processing method and system of dynamic token |
| CN104394002A (en) * | 2014-12-12 | 2015-03-04 | 恒宝股份有限公司 | Dynamic password authentication method and system |
| CN109074581B (en) * | 2016-11-29 | 2021-09-03 | 华为技术有限公司 | Method and terminal device for payment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101046870A (en) * | 2006-04-27 | 2007-10-03 | 陈龙军 | Method for raising safety of transaction process using two-dimensional code for identifying local cipher |
| CN101252437A (en) * | 2008-01-15 | 2008-08-27 | 深圳市九思泰达技术有限公司 | Dynamic verification method, system and apparatus of client terminal identification under C/S architecture |
| CN101465736A (en) * | 2008-12-31 | 2009-06-24 | 北京中星微电子有限公司 | Identification authentication method and system |
| CN101645775A (en) * | 2008-08-05 | 2010-02-10 | 北京灵创科新科技有限公司 | Over-the-air download-based dynamic password identity authentication system |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1552634A1 (en) * | 2002-10-16 | 2005-07-13 | Microsoft Corporation | Cryptographically secure person identification |
| CN101025806B (en) * | 2006-02-20 | 2012-09-05 | 普天信息技术研究院 | Method of fee payment via mobile communication terminal |
| CN1937498A (en) * | 2006-10-09 | 2007-03-28 | 网之易信息技术(北京)有限公司 | Dynamic cipher authentication method, system and device |
| US20090063850A1 (en) * | 2007-08-29 | 2009-03-05 | Sharwan Kumar Joram | Multiple factor user authentication system |
| CN101388066A (en) * | 2007-09-12 | 2009-03-18 | 北京方维银通科技有限公司 | Method for implementing two-dimensional code certification |
| CN101820346B (en) * | 2010-05-04 | 2012-06-27 | 飞天诚信科技股份有限公司 | Secure digital signature method |
-
2011
- 2011-02-18 CN CN201110040568.2A patent/CN102075547B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101046870A (en) * | 2006-04-27 | 2007-10-03 | 陈龙军 | Method for raising safety of transaction process using two-dimensional code for identifying local cipher |
| CN101252437A (en) * | 2008-01-15 | 2008-08-27 | 深圳市九思泰达技术有限公司 | Dynamic verification method, system and apparatus of client terminal identification under C/S architecture |
| CN101645775A (en) * | 2008-08-05 | 2010-02-10 | 北京灵创科新科技有限公司 | Over-the-air download-based dynamic password identity authentication system |
| CN101465736A (en) * | 2008-12-31 | 2009-06-24 | 北京中星微电子有限公司 | Identification authentication method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102075547A (en) | 2011-05-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102075547B (en) | Dynamic password generating method and device and authentication method and system | |
| US9147092B2 (en) | Anti-counterfeiting system and method of e-ticket | |
| CN105590199B (en) | Payment method and payment system based on dynamic two-dimensional code | |
| US8407463B2 (en) | Method of authentication of users in data processing systems | |
| CN104835046B (en) | A kind of data false distinguishing method for two-dimension code safe verification | |
| US11526885B2 (en) | Systems and methods for user identification using graphical barcode and payment card authentication read data | |
| US7647279B2 (en) | Method to make transactions secure by means of cards having unique and non-reproducible identifiers | |
| CN102387020B (en) | Dynamic password generating device as well as dynamic password implementing method and system | |
| CN103778728A (en) | Method and system for realizing transaction without bank card through automatic teller machine | |
| EP2693687A1 (en) | Method for generating a code, authorization method and authorization system for authorizing an operation | |
| CN104464117B (en) | Based on dynamic two-dimension code ATM (automatic teller machine) withdrawal method and system | |
| CN101454797A (en) | Methods and systems for secure transactions with electronic devices | |
| CN104599113A (en) | Information processing method, device and system | |
| CN103854170A (en) | Payment system and payment method based on two-dimension code | |
| WO2015000365A1 (en) | Quick payment method and system based on location information | |
| CN102752115A (en) | Challenge code generation method and device, dynamic password authentication method and system | |
| US20130018758A1 (en) | Quidlr | |
| US20180330367A1 (en) | Mobile payment system and process | |
| CN102158488A (en) | Dynamic countersign generation method and device and authentication method and system | |
| Eminagaoglu et al. | A two-factor authentication system with QR codes for web and mobile applications | |
| CN103942897A (en) | Method for money withdrawing without card on ATM | |
| US20140344162A1 (en) | Method and system for enhancing the security of electronic transactions | |
| TWM474207U (en) | Image recognition service system for M-commerce identification | |
| JP2019518265A (en) | System and method for identifying a user using graphical barcodes and payment card authorization readings | |
| KR101242684B1 (en) | User certification system and method for 2 dimensional barcode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 102211 Beijing city Changping District Baishan town 100 Ge Road No. 9 Building No. 2 hospital Applicant after: Tendyron Technology Co., Ltd. Address before: 100083, B, block 17, golden building, No. 1810 Qinghua East Road, Beijing, Haidian District Applicant before: Beijing Tendyron Technology Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |