CN102891753B - The initialized method and device of dynamic token - Google Patents
The initialized method and device of dynamic token Download PDFInfo
- Publication number
- CN102891753B CN102891753B CN201210361019.XA CN201210361019A CN102891753B CN 102891753 B CN102891753 B CN 102891753B CN 201210361019 A CN201210361019 A CN 201210361019A CN 102891753 B CN102891753 B CN 102891753B
- Authority
- CN
- China
- Prior art keywords
- key
- data
- dynamic token
- protection
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
A kind of open initialized method of dynamic token of the present invention, including: receive and preserve the first data including serial number, current time and protection key information, according to fixed key, protection key information is decrypted, obtain protecting key;Receive and include check key ciphertext and the second data of seeded dispersion key ciphertext, be decrypted according to the ciphertext in protection double secret key the second data, obtain check key and seeded dispersion key and preserve.Invention additionally discloses a kind of initialized device of dynamic token.The present invention includes the first data of serial number, current time and protection key information by receiving and preserving and is obtained protecting key, obtaining check key and seeded dispersion key the method preserved according to protection key by protection key information; have when dynamic token initializes without the beneficial effect being manually entered; improve the initialized efficiency of dynamic token and safety, the initialization procedure making dynamic token is more convenient.<!--1-->
Description
Technical field
The present invention relates to field of information security technology, particularly relate to a kind of initialized method and device of dynamic token.
Background technology
Dynamic token is used to generate the terminal of dynamic password, and dynamic password can confirm that the legal identity of user, thus ensures the safety that customer service accesses with legal identity on the basis of user logs in.Dynamic password authentication technology be considered as at present can one of the mode of most effective solution authenticating user identification, thus be widely used in the various information system scenarios such as bank, security, Third-party payment, big business are internal.
Dynamic token of the prior art uses symmetric key system mostly, and the key of the encryption of this key code system and deciphering is identical;Therefore, the safety of this dynamic token places one's entire reliance upon key, and once Key Exposure means that user profile can be encrypted and decrypted by anyone.In order to avoid the leakage of key, when dynamic token initializes, typically use and key is generated factor input dynamic token, inside dynamic token, generate the factor according to this key calculate generation key rather than directly key inputted dynamic token.Key generate the factor generally comprise dynamic token serial number, current time, mackey(check key), seedkey(seeded dispersion key) etc..Prior art typically uses the mode being manually entered to input dynamic token serial number and current time, and is stored in inside dynamic token before dynamic token initializes by mackey and seedkey;Prior art uses and is manually entered mode and initializes, very inconvenient and to initialize efficiency the lowest when operation, is also easy to make mistakes, and mackey and seedkey is stored in inside dynamic token existing great potential safety hazard before an initialization.
Summary of the invention
The main object of the present invention is to provide a kind of initialized method and device of dynamic token, it is intended to solve manually to input dynamic token initializes brought series of problems.
The invention discloses a kind of initialized method of dynamic token, comprise the following steps:
Receive and preserve the first data including serial number, current time and protection key information, according to fixed key, described protection key information is decrypted, obtain protecting key;
Receive and include check key ciphertext and the second data of seeded dispersion key ciphertext, be decrypted according to the described ciphertext in the second data described in described protection double secret key, obtain check key and seeded dispersion key and preserve.
Preferably, described reception preservation include the first data of serial number, current time and protection key information, are decrypted described protection key information according to fixed key, further comprise the steps of: before obtaining the step of protection key
Preset described fixed key.
Preferably, after described first data of described reception, described first data are verified;If verification is passed through, then preserve described first data and carry out follow-up associative operation.
Preferably, after described second data of described reception, described second data are verified;If verification is passed through, then described second data are utilized to carry out follow-up associative operation.
Preferably, described first data and/or the second data are received by serial ports, USB interface or communication.
Invention additionally discloses a kind of initialized device of dynamic token, including:
First initialization module, includes the first data of serial number, current time and protection key information, is decrypted described protection key information according to fixed key for reception preservation, obtains protecting key;
Second initialization module, includes check key ciphertext and the second data of seeded dispersion key ciphertext for receiving, is decrypted according to the described ciphertext in the second data described in described protection double secret key, obtains check key and seeded dispersion key and preserves.
Preferably, the initialized device of described dynamic token, also include:
Fixed key arranges module, for preset described fixed key.
Preferably, described first initialization module is additionally operable to, and after receiving described first data, verifies described first data;If verification is passed through, then preserve described first data and carry out follow-up associative operation.
Preferably, described second initialization module is additionally operable to, and after receiving described second data, verifies described second data;If verification is passed through, then described second data are utilized to carry out follow-up associative operation.
Preferably, described first initialization module and/or the second initialization module receive corresponding data by serial ports, USB interface or communication.
The present invention includes serial number by receiving and preserving, current time and the first data of protection key information, according to fixed key, described protection key information is decrypted, obtain protecting key, receive and include check key ciphertext and the second data of seeded dispersion key ciphertext, it is decrypted according to the described ciphertext in the second data described in described protection double secret key, obtain check key and seeded dispersion key the method preserved, have when dynamic token initializes without the beneficial effect being manually entered, improve the initialized efficiency of dynamic token and safety, the initialization procedure making dynamic token is more convenient.
Accompanying drawing explanation
Fig. 1 is dynamic token of the present invention initialized method first embodiment schematic flow sheet;
Fig. 2 is dynamic token of the present invention initialized method the second embodiment schematic flow sheet;
Fig. 3 is dynamic token of the present invention initialized device first embodiment structural representation;
Fig. 4 is dynamic token of the present invention initialized device the second example structure schematic diagram.
The realization of the object of the invention, functional characteristics and advantage will in conjunction with the embodiments, are described further referring to the drawings.
Detailed description of the invention
Technical scheme is further illustrated below in conjunction with Figure of description and specific embodiment.Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.
It is dynamic token of the present invention initialized method first embodiment schematic flow sheet with reference to Fig. 1, Fig. 1;As it is shown in figure 1, the initialized method of dynamic token of the present invention comprises the following steps:
Step S01, receive and preserve the first data including serial number, current time and protection key information, according to fixed key, described protection key information is decrypted, obtain protecting key;
When dynamic token initializes, receive the first data at least including serial number, current time and protection key information, and use the fixed key pre-set that the protection key information in the first data is decrypted, obtain protection key.Described protection key can be a random number, and protection key original text encryption is obtained by described protection key information by fixed key.
In a preferred embodiment, dynamic token passes through serial ports, USB(UniversalSerialBus, USB (universal serial bus)) interface or communication receive corresponding data.
In a preferred embodiment, described first data also include the first check code MAC1, after dynamic token receives the first data, will verify the first data, and verification is by rear, then carries out these first data preserving or the operation such as deciphering;If verification is not passed through, then wait the first new data again received.Described checking procedure is particularly as follows: dynamic token uses described fixed key that the first data carry out MAC(MessageAuthenticationCode, informed source correctness authentication data) yardage calculation, obtain the second check code MAC2;Judge that MAC1 and MAC2 is the most equal, if the two is equal, then uses described fixed key that protection key information is decrypted, obtain protecting key, and be saved in dynamic token, such as the RAM(RandomAccessMemory of dynamic token, random access memory) in;Meanwhile, current time is write dynamic token, described serial number is saved in dynamic token, in the RAM of dynamic token.
Step S02, reception include check key ciphertext and the second data of seeded dispersion key ciphertext, are decrypted according to the described ciphertext in the second data described in described protection double secret key, obtain check key and seeded dispersion key also preserves.
After dynamic token obtains protection key, receive and include at least check key ciphertext i.e. MAC key ciphertext and the second data of seeded dispersion key ciphertext.Described seeded dispersion key ciphertext is obtained by the encryption of described protection double secret key seeded dispersion key original text, and described seeded dispersion key original text can be obtained with dynamic token serial number computing by seeded dispersion root key;Described MAC key ciphertext is by protecting the encryption of double secret key MAC key original text to obtain, and described MAC key original text can be obtained with dynamic token serial number computing by seeded dispersion root key.
In a preferred embodiment, described second data also include MAC3, and after receiving described second data, described second data are verified by dynamic token, if verification is passed through, then utilize described second data to carry out follow-up associative operation;If verification is not passed through, then wait and again receive the second new data.Described checking procedure, particularly as follows: dynamic token uses described fixed key that described second data are carried out MAC calculating, obtains MAC4;Judging that MAC3 and MAC4 is the most equal, if the two is equal, then the second data check passes through.
MAC key ciphertext and seeded dispersion key ciphertext in the second data that the protection double secret key that dynamic token obtains according to step S01 receives are decrypted; obtain MAC key and seeded dispersion key; and described MAC key and seeded dispersion key are preserved, as being saved in the RAM of dynamic token.
The present invention includes serial number by receiving and preserving, current time and the first data of protection key information, according to fixed key, described protection key information is decrypted, obtain protecting key, receive and include check key ciphertext and the second data of seeded dispersion key ciphertext, it is decrypted according to the described ciphertext in the second data described in described protection double secret key, obtain check key and seeded dispersion key the method preserved, have when dynamic token initializes without the beneficial effect being manually entered, improve the initialized efficiency of dynamic token and safety, the initialization procedure making dynamic token is more convenient.
It is dynamic token of the present invention initialized method the second embodiment schematic flow sheet with reference to Fig. 2, Fig. 2;The difference of the present embodiment method initialized with dynamic token of the present invention first embodiment is to increase only step S00;Step S00 is only described specifically by the present embodiment, and other steps involved by the initialized method of dynamic token of the present invention refer to the specific descriptions of embodiment described in Fig. 1, does not repeats them here.
As shown in Figure 2; the initialized method of dynamic token of the present invention in step S01, receive and preserve and include the first data of serial number, current time and protection key information; according to fixed key, described protection key information is decrypted, further comprises the steps of: before obtaining protecting key
Step S00, preset described fixed key.
In a preferred embodiment; before dynamic token dispatches from the factory; being implanted into a fixing key such as MCU chip in dynamic token, i.e. described fixed key, for making the encryption and decryption process that MAC yardage is calculated and this dynamic token is protected key in dynamic token initialization procedure.
The present embodiment, by the method arranging fixed key inside dynamic token, has the beneficial effect improving dynamic token safety.
It is dynamic token of the present invention initialized device first embodiment structural representation with reference to Fig. 3, Fig. 3;As it is shown on figure 3, the initialized device of dynamic token of the present invention includes:
First initialization module 01, includes the first data of serial number, current time and protection key information, is decrypted described protection key information according to fixed key for reception preservation, obtains protecting key;
When dynamic token initializes; first initialization module 01 receives the first data at least including serial number, current time and protection key information; and use the fixed key pre-set that the protection key information in the first data is decrypted, obtain protection key.Described protection key can be a random number, and protection key original text encryption is obtained by described protection key information by fixed key.
In a preferred embodiment, dynamic token receives corresponding data by serial ports, USB interface or communication.
In a preferred embodiment, described first data also include the first check code MAC1, after the first initialization module 01 receives the first data, will verify the first data, and verification is by rear, then carries out these first data preserving or the operation such as deciphering;If verification is not passed through, then wait the first new data again received.Described checking procedure, particularly as follows: the first initialization module 01 uses described fixed key that the first data carry out MAC yardage calculation, obtains the second check code MAC2;Judging that MAC1 and MAC2 is the most equal, if the two is equal, then the first initialization module 01 uses described fixed key to be decrypted protection key information, obtains protecting key, and is saved in dynamic token, in the RAM of dynamic token;Meanwhile, current time is write dynamic token by the first initialization module 01, is saved in dynamic token by described serial number, in the RAM of dynamic token.
Second initialization module 02, includes check key ciphertext and the second data of seeded dispersion key ciphertext for receiving, is decrypted according to the described ciphertext in the second data described in described protection double secret key, obtains check key and seeded dispersion key and preserves.
After dynamic token obtains protection key by the first initialization module 01, the second initialization module 02 receives and includes at least check key ciphertext i.e. MAC key ciphertext and the second data of seeded dispersion key ciphertext.Described seeded dispersion key ciphertext is obtained by the encryption of described protection double secret key seeded dispersion key original text, and described seeded dispersion key original text can be obtained with dynamic token serial number computing by seeded dispersion root key;Described MAC key ciphertext is by protecting the encryption of double secret key MAC key original text to obtain, and described MAC key original text can be obtained with dynamic token serial number computing by seeded dispersion root key.
In a preferred embodiment, described second data also include MAC3, after the second initialization module 02 receives described second data, verify described second data, if verification is passed through, the second initialization module 02 then utilizes described second data to carry out follow-up associative operation;If verification is not passed through, then wait and again receive the second new data.Described checking procedure, particularly as follows: the second initialization module 02 uses described fixed key that described second data are carried out MAC calculating, obtains MAC4;Judging that MAC3 and MAC4 is the most equal, if the two is equal, then the second data check passes through.
MAC key ciphertext and seeded dispersion key ciphertext in the second data that the protection double secret key that second initialization module 02 obtains according to the first initialization module 01 receives are decrypted; obtain MAC key and seeded dispersion key; and described MAC key and seeded dispersion key are preserved, as being saved in the RAM of dynamic token.
The present invention includes serial number by receiving and preserving, current time and the first data of protection key information, according to fixed key, described protection key information is decrypted, obtain protecting key, receive and include check key ciphertext and the second data of seeded dispersion key ciphertext, it is decrypted according to the described ciphertext in the second data described in described protection double secret key, obtain check key and seeded dispersion key and preserve, have when dynamic token initializes without the beneficial effect being manually entered, improve the initialized efficiency of dynamic token and safety, the initialization procedure making dynamic token is more convenient.
It is dynamic token of the present invention initialized device the second example structure schematic diagram with reference to Fig. 4, Fig. 4.The difference of the present embodiment device initialized with invention dynamic token first embodiment is to increase only fixed key and arrange module 03;The present embodiment only arranges module 03 and is described specifically fixed key, and other modules involved by the initialized device of dynamic token of the present invention refer to the specific descriptions of dynamic token of the present invention initialized device first embodiment, does not repeats them here.
As shown in Figure 4, the initialized device of dynamic token of the present invention also includes:
Fixed key arranges module 03, for preset described fixed key.
In a preferred embodiment; before dynamic token dispatches from the factory; fixed key arranges module 03 in dynamic token as MCU chip is implanted into a fixing key; i.e. described fixed key, for making the encryption and decryption process that MAC yardage is calculated and this dynamic token is protected key in dynamic token initialization procedure.
The present embodiment, by arranging fixed key inside dynamic token, has the beneficial effect improving dynamic token safety.
The foregoing is only the preferred embodiments of the present invention; not thereby its scope of the claims is limited; every equivalent structure utilizing description of the invention and accompanying drawing content to be made or equivalence flow process conversion; directly or indirectly it is used in other relevant technical fields, is the most in like manner included in the scope of patent protection of the present invention.
Claims (6)
1. the initialized method of dynamic token, it is characterised in that comprise the following steps:
Preset fixed key;
Receive and preserve the first data including serial number, current time and protection key information, according to described fixed key, described protection key information is decrypted, obtain protecting key;Protection key original text encryption is obtained by described protection key information by fixed key;
Receive and include check key ciphertext and the second data of seeded dispersion key ciphertext, be decrypted according to the described ciphertext in the second data described in described protection double secret key, obtain check key and seeded dispersion key and preserve;Wherein, described first data and/or the second data are received by serial ports, USB interface or communication.
2. the method for claim 1, it is characterised in that after described first data of described reception, described first data are verified;If verification is passed through, then preserve described first data and carry out follow-up associative operation.
3. the method for claim 1, it is characterised in that after described second data of described reception, described second data are verified;If verification is passed through, then described second data are utilized to carry out follow-up associative operation.
4. the initialized device of dynamic token, it is characterised in that including:
Fixed key arranges module, for preset fixed key;
First initialization module, includes the first data of serial number, current time and protection key information, is decrypted described protection key information according to described fixed key for reception preservation, obtains protecting key;Protection key original text encryption is obtained by described protection key information by fixed key;
Second initialization module, includes check key ciphertext and the second data of seeded dispersion key ciphertext for receiving, is decrypted according to the described ciphertext in the second data described in described protection double secret key, obtains check key and seeded dispersion key and preserves;
Wherein, described first initialization module and/or the second initialization module receive corresponding data by serial ports, USB interface or communication.
5. device as claimed in claim 4, it is characterised in that described first initialization module is additionally operable to, and after receiving described first data, verifies described first data;If verification is passed through, then preserve described first data and carry out follow-up associative operation.
6. device as claimed in claim 4, it is characterised in that described second initialization module is additionally operable to, and after receiving described second data, verifies described second data;If verification is passed through, then described second data are utilized to carry out follow-up associative operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210361019.XA CN102891753B (en) | 2012-09-25 | 2012-09-25 | The initialized method and device of dynamic token |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210361019.XA CN102891753B (en) | 2012-09-25 | 2012-09-25 | The initialized method and device of dynamic token |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102891753A CN102891753A (en) | 2013-01-23 |
| CN102891753B true CN102891753B (en) | 2016-08-03 |
Family
ID=47535129
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210361019.XA Active CN102891753B (en) | 2012-09-25 | 2012-09-25 | The initialized method and device of dynamic token |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102891753B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104579680B (en) * | 2014-12-19 | 2018-03-09 | 飞天诚信科技股份有限公司 | A kind of method of secure distribution seed |
| CN105635114B (en) * | 2015-12-18 | 2019-02-26 | 恒宝股份有限公司 | A kind of password method of calibration and system |
| CN106936570B (en) * | 2015-12-31 | 2021-08-20 | 华为技术有限公司 | Key configuration method, key management center and network element |
| CN106850211B (en) * | 2017-03-06 | 2020-03-27 | 深圳市同为数码科技股份有限公司 | Encryption method and system based on MAC address |
| CN108454410B (en) * | 2018-04-13 | 2020-06-23 | 安徽江淮汽车集团股份有限公司 | Fuel cell diagnosis access method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197667A (en) * | 2007-12-26 | 2008-06-11 | 北京飞天诚信科技有限公司 | Dynamic password authentication method |
| CN101719826A (en) * | 2009-05-13 | 2010-06-02 | 北京宏基恒信科技有限责任公司 | Dynamic token having function of updating seed key and updating method for seed key thereof |
| US7738660B2 (en) * | 1998-02-13 | 2010-06-15 | Tecsec, Inc. | Cryptographic key split binding process and apparatus |
| CN102651743A (en) * | 2012-05-02 | 2012-08-29 | 飞天诚信科技股份有限公司 | Method for generating token seeds |
-
2012
- 2012-09-25 CN CN201210361019.XA patent/CN102891753B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7738660B2 (en) * | 1998-02-13 | 2010-06-15 | Tecsec, Inc. | Cryptographic key split binding process and apparatus |
| CN101197667A (en) * | 2007-12-26 | 2008-06-11 | 北京飞天诚信科技有限公司 | Dynamic password authentication method |
| CN101719826A (en) * | 2009-05-13 | 2010-06-02 | 北京宏基恒信科技有限责任公司 | Dynamic token having function of updating seed key and updating method for seed key thereof |
| CN102651743A (en) * | 2012-05-02 | 2012-08-29 | 飞天诚信科技股份有限公司 | Method for generating token seeds |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102891753A (en) | 2013-01-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6646341B2 (en) | Method and apparatus for authenticating a user and method and apparatus for registering a wearable device | |
| Kim et al. | A method of risk assessment for multi-factor authentication | |
| CN102891753B (en) | The initialized method and device of dynamic token | |
| CN103065168A (en) | Anti-fake method and system of radio frequency identification | |
| CN106612180A (en) | Method and device for realizing session identifier synchronization | |
| CN105391695A (en) | Terminal registration method and verification method | |
| CN102938032A (en) | Method and system for encrypting and decrypting application program on communication terminal as well as terminal | |
| CN105391696A (en) | Terminal registration method, terminal verification method, terminal registration system and terminal verification system | |
| CN102202300A (en) | System and method for dynamic password authentication based on dual channels | |
| CN103152174B (en) | It is applied to the data processing method in parking lot, device and managing system of car parking | |
| CN106372531B (en) | A kind of mandate obtains terminal attack warning message log approach and system | |
| CN104008351A (en) | System, method and device for Windows application program integrity checking | |
| CN103888938A (en) | PKI private key protection method of dynamically generated key based on parameters | |
| CN104393993A (en) | A security chip for electricity selling terminal and the realizing method | |
| CN103684797B (en) | User and the association authentication method and system of subscriber terminal equipment | |
| US20170011393A1 (en) | Personal identification and anti-theft system and method using disposable random key | |
| CN103606223B (en) | A kind of card authentication method and device | |
| CN103596175A (en) | Mobile intelligent terminal certification system and method based on near field communication technology | |
| CN102983969B (en) | Security login system and security login method for operating system | |
| CN114760052A (en) | Bank Internet of things platform key generation method and device, electronic equipment and medium | |
| US9756044B2 (en) | Establishment of communication connection between mobile device and secure element | |
| CN103532961A (en) | Method and system for authenticating identity of power grid website based on trusted crypto modules | |
| CN205160564U (en) | System security starting drive and intelligent terminal | |
| CN105635103A (en) | Network authentication method using card device | |
| CN102655454A (en) | Determination method and device for dynamic token trading |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170330 Address after: 100000 room 703-710, room B3, Huayuan Road, Haidian District, Beijing, 7 Patentee after: Beijing Minghua Alliance Technology Co., Ltd. Address before: 518057 Guangdong city of Shenzhen province Nanshan District Ke Feng Lu No. 2 idiopathic information building A building unit seven floor South 701-709 Patentee before: Shenzhen Wendingchuang Data Technology Co., Ltd. |