CN106603574B - Dynamic password generates and authentication method and device - Google Patents

Dynamic password generates and authentication method and device Download PDF

Info

Publication number
CN106603574B
CN106603574B CN201710058395.4A CN201710058395A CN106603574B CN 106603574 B CN106603574 B CN 106603574B CN 201710058395 A CN201710058395 A CN 201710058395A CN 106603574 B CN106603574 B CN 106603574B
Authority
CN
China
Prior art keywords
password
time
dynamic
numerical value
dynamic password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710058395.4A
Other languages
Chinese (zh)
Other versions
CN106603574A (en
Inventor
安晓江
蒋红宇
柳增寿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Haitai Fangyuan High Technology Co Ltd
Original Assignee
Beijing Haitai Fangyuan High Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Haitai Fangyuan High Technology Co Ltd filed Critical Beijing Haitai Fangyuan High Technology Co Ltd
Priority to CN201710058395.4A priority Critical patent/CN106603574B/en
Publication of CN106603574A publication Critical patent/CN106603574A/en
Application granted granted Critical
Publication of CN106603574B publication Critical patent/CN106603574B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Abstract

The invention discloses a kind of generation of dynamic password and authentication method and device.Wherein, this method includes:Obtain the dynamic password of dynamic token, wherein, dynamic token is used to generate initial challenge according to the password generated time according to preset password generating algorithm, and the numerical value of the default position of initial challenge is replaced with to the numerical value of the reference bit of password generated time to obtain dynamic password;The numerical value of the reference bit of password generated time is determined according to dynamic password, wherein, the numerical value of the default position of dynamic password is the numerical value of the reference bit of password generated time;According to the value revision password receiving time of the reference bit of password generated time, the basic authentication time is obtained;Using the basic authentication time as initial value certification dynamic password.The present invention solves the less efficient technical problem of authentication method of dynamic password in correlation technique.

Description

Dynamic password generates and authentication method and device
Technical field
The present invention relates to information security field, in particular to a kind of generation of dynamic password and authentication method and device.
Background technology
In the identity identifying technology for being currently based on time type dynamic password, the generation of dynamic password is mainly by following two The factor is produced by crypto-operation:Seed key+time.Wherein seed key is stored in the dynamic token of front end and moving for rear end In state command identifying, it would not change after dynamic token activation;Time produces dynamic mouth for front end dynamic token The time of dynamic password when making.
Since dynamic token is produced after dynamic password, it is necessary to user is entered manually into operation system, then operation system tune It is authenticated with dynamic password authentication system, dynamic password authentication system can be by the dynamic password of calculating and the dynamic passed over Password is compared.There is a time difference since front-end and back-end calculate dynamic password, and the time of dynamic token is with use The increase of time, may be inconsistent with the appearance of the server time of dynamic password authentication system, therefore dynamic password authentication system Statistics, which calculates dynamic password, just the concept of window, if calculating dynamic password and the mouth of dynamic token calculating using current time Make it is inconsistent, then can according to window size distinguish the calculation window time in dynamic password, then with dynamic token calculate mouth Order is compared, if all dynamic passwords calculated in window time are all more unsuccessful, dynamic password authentication failure.
For the less efficient technical problem of the authentication method of dynamic password in correlation technique, not yet propose at present effective Solution.
The content of the invention
An embodiment of the present invention provides a kind of generation of dynamic password and authentication method and device, at least to solve correlation technique The less efficient technical problem of the authentication method of middle dynamic password.
One side according to embodiments of the present invention, there is provided a kind of dynamic password authentication method, this method are applied to recognize Card system, this method include:The dynamic password of dynamic token is obtained, wherein, dynamic token, which is used to generate according to preset password, to be calculated Method generates initial challenge according to the password generated time, and the numerical value of the default position of initial challenge is replaced with the password generated time The numerical value of reference bit is to obtain dynamic password;The numerical value of the reference bit of password generated time is determined according to dynamic password;According to mouth The value revision password receiving time of the reference bit of generated time is made, obtains the basic authentication time;Using the basic authentication time as Initial value certification dynamic password.
Further, according to the value revision password receiving time of the reference bit of password generated time, basic authentication is obtained Time includes:Password receiving time is determined according to the time of Verification System when getting dynamic password;During according to password generated Between numerical value, systematic error valuation and the actual time difference valuation of reference bit of the numerical value of reference bit, password receiving time correct mouth Receiving time is made, obtains the basic authentication time, wherein, systematic error valuation misses for dynamic token and the system time of Verification System The estimate of difference, actual time difference valuation get dynamic password for dynamic token generation dynamic password to Verification System and are actually passed through Time difference estimate.
Further, password receiving time is corrected, obtaining the basic authentication time uses following steps:Step 1, password is obtained The numerical value B1 of the reference bit of generated time, the numerical value B2 of the reference bit of password receiving time ST, systematic error valuation T1, it is actual when Poor valuation T2, the first offset window W1, wherein, the initial value of T1 and T2 are 0;Step 2, the first offset OTPi_W1 is calculated simultaneously Judge whether the first offset OTPi_W1 exceeds the first offset window W1:If T1 is negative, OTPi_W1=(B2+T1-B1+ 10-T2) %10, if T1 is just, OTPi_W1=(B1+10-B2+T1-T2) %10, if T1 is 0, OTPi_W1= MIN { (B1+10-B2-T2) %10, (B2-B1+10-T2) %10 }, wherein, if it is judged that OTPi_W1>W1, then certification are lost Lose;Step 3, if it is judged that OTPi_W1≤W1, then update T1:If T1 is negative, T1=(T1*N-OTPi_W1)/(N+ 1), wherein, N is certification number, if T1 is not negative, T1=(T1*N+OTPi_W1)/(N+1);Step 4, password is corrected to connect ST between time receiving, obtains basic authentication time T:T=ST+T1.
Further, include the basic authentication time as initial value certification dynamic password:According to the basic authentication time according to Preset password generating algorithm generates certification password;Judge other positions of the certification password in addition to default position whether with dynamic password phase Together;If it is judged that it is yes, then certification success;If it is judged that be it is no, then on the basis of the basic authentication time according to Prefixed time interval increases or decreases the second offset until certification success or the second offset exceed default second offset window Mouthful.
Further, after certification success, this method further includes the actual time difference valuation T2 of renewal, wherein:Determine certification The second offset OTPi_W2 during success;T2 is updated by equation below:T2=(T2*N+OTPi_W2)/(N+1);By certification Times N adds 1.
Another aspect according to embodiments of the present invention, additionally provides a kind of dynamic password formation method, and this method is applied to Dynamic token, this method include:Initial challenge is generated according to the current time of dynamic token according to preset password generating algorithm;Will The numerical value of the default position of initial challenge replaces with the numerical value of the reference bit of password generated time, obtains dynamic password, wherein, dynamic Password is used to send to Verification System so that Verification System is authenticated according to dynamic password.
Further, reference bit is minute position.
Further, generating initial challenge according to the current time of dynamic token according to preset password generating algorithm includes: Initial mouth is generated according to the current time of dynamic token and the key being stored in dynamic token according to preset password generating algorithm Order.
Another aspect according to embodiments of the present invention, additionally provides a kind of dynamic password authentication device, which is contained in In Verification System, which includes:Acquiring unit, for obtaining the dynamic password of dynamic token, wherein, dynamic token is used to press Initial challenge is generated according to the password generated time according to preset password generating algorithm, and the numerical value of the default position of initial challenge is replaced It is the numerical value of the reference bit of password generated time to obtain dynamic password;Determination unit, for determining password according to dynamic password The numerical value of the reference bit of generated time;Amending unit, the value revision password for the reference bit according to the password generated time connect Between time receiving, the basic authentication time is obtained;Authentication unit, for using the basic authentication time as initial value certification dynamic password.
Another aspect according to embodiments of the present invention, additionally provides a kind of dynamic password generating device, which is contained in In dynamic token, which includes:Generation unit, for the current time according to preset password generating algorithm according to dynamic token Generate initial challenge;Replacement unit, for the numerical value of the default position of initial challenge to be replaced with to the reference bit of password generated time Numerical value, obtain dynamic password, wherein, dynamic password be used for send to Verification System so that Verification System according to dynamic password into Row certification.
Another aspect according to embodiments of the present invention, additionally provides a kind of storage medium, which is used to store journey Sequence, wherein, program controls equipment where storage medium to perform dynamic password formation method of the invention when being executed by processor.
In embodiments of the present invention, by the mouth for the reference bit for parsing the time that dynamic password is generated comprising dynamic token Order, obtains the basic authentication time to correct password receiving time according to the reference bit of password generated time, solves correlation technique The less efficient technical problem of the authentication method of middle dynamic password, and then the efficiently technology effect of certification dynamic password Fruit.
Brief description of the drawings
Attached drawing described herein is used for providing a further understanding of the present invention, forms the part of the application, this hair Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is a kind of flow chart of optional dynamic password authentication method according to embodiments of the present invention;
Fig. 2 is a kind of schematic diagram of optional dynamic password authentication device according to embodiments of the present invention;
Fig. 3 is a kind of flow chart of optional dynamic password formation method according to embodiments of the present invention;
Fig. 4 is a kind of schematic diagram of optional dynamic password generating device according to embodiments of the present invention.
Embodiment
In order to make those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention Attached drawing, is clearly and completely described the technical solution in the embodiment of the present invention, it is clear that described embodiment is only The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people Member's all other embodiments obtained without making creative work, should all belong to the model that the present invention protects Enclose.
It should be noted that term " first " in description and claims of this specification and above-mentioned attached drawing, " Two " etc. be for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that so use Data can exchange in the appropriate case, so as to the embodiment of the present invention described herein can with except illustrating herein or Order beyond those of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that cover Cover it is non-exclusive include, be not necessarily limited to for example, containing the process of series of steps or unit, method, system, product or equipment Those steps or unit clearly listed, but may include not list clearly or for these processes, method, product Or the intrinsic other steps of equipment or unit.
This application provides a kind of embodiment of dynamic password authentication method.It should be noted that this method is applied to recognize Card system.
Fig. 1 is a kind of flow chart of optional dynamic password authentication method according to embodiments of the present invention, as shown in Figure 1, This method comprises the following steps:
Step S101, obtains the dynamic password of dynamic token, wherein, dynamic token is used for according to preset password generating algorithm Initial challenge is generated according to the password generated time, and the numerical value of the default position of initial challenge is replaced with to the ginseng of password generated time The numerical value of position is examined to obtain dynamic password;
Step S102, the numerical value of the reference bit of password generated time is determined according to dynamic password;
Step S103, according to the value revision password receiving time of the reference bit of password generated time, obtains basic authentication Time;
Step S104, using the basic authentication time as initial value certification dynamic password.
Dynamic token (OTPi) it is the headend equipment based on time generation dynamic password.Dynamic token generates dynamic password When, the hardware timeout of itself is obtained first as the password generated time, according to what is prestored in password generated time and dynamic token Seed key generates dynamic password according to preset password generating algorithm.
In this embodiment, dynamic token is generating initial mouth according to preset password generating algorithm according to the password generated time After order, the reference bit in the default position and password generated time in initial challenge is determined, by the default position in initial challenge Numerical value replaces with the numerical value of the reference bit of password generated time.
For example, current time (such as 9 point 21 of the dynamic token according to existing preset password generating algorithm according to dynamic token Point) and the seed key initial dynamic password P1 of generation, the default position for determining initial challenge is last position, determines password generated Reference bit in time is minute position, then by last 1 of last 1 current time for being changed into dynamic token of P1, so that To P2, if P1 is 12345678, P2 12345671.
After the dynamic password that Verification System gets dynamic token generation, it can determine that password is given birth to according to dynamic password Into the numerical value of the reference bit of time.After the numerical value for determining the reference bit of password generated time, password receiving time can be corrected, Wherein, password receiving time is the time for the dynamic password for getting dynamic token, corrects password receiving time and obtains base afterwards Plinth authenticated time, wherein, the initial time value when basic authentication time is Verification System certification dynamic password, determines basic authentication After time, using the basic authentication time as initial value certification dynamic password, in Verification System certification dynamic password, first using base Plinth authenticated time and the seed key generation certification password identical with dynamic token being pre-stored in Verification System, judge certification mouth Whether other positions in order in addition to default position are identical with the dynamic password got, if identical, certification success, if not Together, then certification is unsuccessful.If unverified success, on the basis of the basic authentication time according to prefixed time interval increase or Reduce by a time quantum deviated to generate certification password.
The embodiment generates the password of the reference bit of the time of dynamic password by parsing comprising dynamic token, with according to mouth Make the reference bit of generated time correct password receiving time and obtain the basic authentication time, solve dynamic password in correlation technique The less efficient technical problem of authentication method, and then the efficiently technique effect of certification dynamic password.
As a kind of alternative embodiment of above-described embodiment, according to the value revision password of the reference bit of password generated time Receiving time, the step of obtaining the basic authentication time, can include:According to the time of Verification System when getting dynamic password Determine password receiving time;According to the numerical value of the reference bit of password generated time, the reference bit of password receiving time numerical value, be Password receiving time is corrected in error estimator of uniting and actual time difference valuation, obtains the basic authentication time, wherein, systematic error valuation is The estimate of the system time error of dynamic token and Verification System, actual time difference valuation generate dynamic password extremely for dynamic token Verification System gets the estimate for the time difference that dynamic password is actually passed through.
In existing dynamic password authentication method, when being calculated due to dynamic token and Verification System used by dynamic password Between it is inconsistent, can cause Verification System when carrying out dynamic password authentication, it is necessary to carry out multiple dynamic password calculating process, sternly The authentication efficiency problem of ghost image acoustic system.
The reason for causing dynamic token and Verification System to calculate Time Inconsistency used by dynamic password, mainly there is two, One is that the certification for needing user that the dynamic password having been calculated is input to Verification System after dynamic password has been calculated in dynamic token The page, and need dynamic password being transferred to Verification System and be authenticated, these are due to the reality that operation and transmission produce Time difference;The other is the system time of dynamic token can be with the service of dynamic password authentication system with the increase of usage time The appearance of device time is inconsistent, namely system time error.
One time window of generally use in the prior art, the window model of the time of dynamic password is received in Verification System It is authenticated in enclosing.If dynamic token and Verification System is caused to calculate two reasons of Time Inconsistency using one by above-mentioned Time window is authenticated, and be may result in time window scope and is become larger, and the amplitude changed is bigger, so as to cause to recognize Card number increases, and reduces authentication efficiency.In addition, dynamic token increases over time, with the server time of Verification System Error is possible to that time window can be exceeded, so as to cause authentification failure.When the authentication method that the alternative embodiment provides will cause Between inconsistent two kinds of reasons be respectively processed, so as to solve the problems, such as the authentication efficiency of dynamic password.
Specifically, password receiving time is corrected, the steps and formula can be used by obtaining the basic authentication time:
Step 1, obtain the numerical value B1 of reference bit of password generated time, password receiving time ST reference bit numerical value B2, systematic error valuation T1, actual time difference valuation T2, the first offset window W1:Verification System obtains the dynamic mouth of dynamic token When making the P2 be authenticated, numerical value B1 of the numerical value as the reference bit of password generated time of the default position of P2 can be obtained, and is obtained The numerical value B2 of the reference bit of the current time (namely password receiving time ST) of server (Verification System).Wherein, T1 and T2 Initial value is 0.Also, T1 represents dynamic token (OTP for timingi) time it is bigger T1 than the server time of Verification System point Clock, and this big trend can increase, and dynamic token (OTP is represented when T1 is bearsi) time than Verification System service The device time is T1 minutes small, and this small trend can increase, and T2, which is only, just, represents that the operating time of input dynamic password adds The time delay of network transmission is T2 minutes.
Step 2, the first offset OTP is calculatedi_ W1 simultaneously judges the first offset OTPiWhether _ W1 exceeds the first offset window W1:If T1 is negative, OTPi_ W1=(B2+T1-B1+10-T2) %10, if T1 is just, OTPi_ W1=(B1+10-B2+ T1-T2) %10, if T1 is 0, OTPi_ W1=MIN { (B1+10-B2-T2) %10, (B2-B1+10-T2) %10 }, its In, if it is judged that OTPi_W1>W1, then authentification failure.Wherein, the first offset OTPi_ W1 is hardware timeout offset, and W1 is Hardware shift time window.Wherein, " % " is the operation to rem, and MIN { A, B } represents to take the minimum value of A and B.
Step 3, if it is judged that OTPi_ W1≤W1, then update T1:
If T1 is negative, T1=(T1*N-OTPi_ W1)/(N+1), wherein, N is certification number, and the initial value of N is 0, If T1 is not negative, T1=(T1*N+OTPi_W1)/(N+1)。
Step 4, password receiving time ST is corrected, obtains basic authentication time T:T=ST+T1.
After the basic authentication time is obtained according to above-mentioned steps, it can be given birth to according to the basic authentication time according to preset password Certification password is generated into algorithm.Judge whether other positions of the certification password in addition to default position are identical with dynamic password;If sentence Disconnected result is yes, then certification success;If it is judged that it is no, then according between preset time on the basis of the basic authentication time Every increase or decrease the second offset until certification success or the second offset exceed default second offset window.
Before Verification System is authenticated, the second offset window W2, W2 is first set for operation shift time window.Recognizing After demonstrate,proving successfully, actual time difference valuation T2 can also be updated by following step:Determine the second offset during certification success OTPi_ W2, wherein, the second offset OTPi_ W2 is this operation shift time, then updates T2 by equation below:T2= (T2*N+OTPi_W2)/(N+1);Certification times N is added 1.
For example, calculate certification password using the seed key preserved in definite basic authentication time T and Verification System The numerical value of the default position of P3, is replaced with the numerical value of the default position of P2, obtains password P4, if P4=P2, then it represents that certification by P3 Success, otherwise, an offset W2 is chosen from operating time window W2 with thisi, then using T+W2iPressed as authenticated time Dynamic password is calculated according to above method to be authenticated, such as W2=5, then offset W2iCan value 1 successively, -1,2, -2, 3, -3,4, -4,5, -5, if certification success, by offset W2 of certification when successfuliAs this operation shift time OTPi_ W2, OTPi_ W2=T2+W2i, the T2 stored in Verification System is updated by following formula:T2=(T2*N+OTPi_W2)/(N+ 1), while certification times N adds 1.If offset W2iAll values are taken to be different from then authentification failure.
The embodiment can reduce dynamic password meter by the way that two kinds of reasons for causing Time Inconsistency are respectively processed Number is calculated, so as to improve authentication efficiency.
Present invention also provides a kind of embodiment of storage medium, the storage medium of the embodiment is used for storage program, its In, program controls the dynamic password generation side of the equipment execution embodiment of the present invention where storage medium when being executed by processor Method.
Present invention also provides a kind of embodiment of dynamic password authentication device.It should be noted that the device is contained in In Verification System.
Fig. 2 is a kind of schematic diagram of optional dynamic password authentication device according to embodiments of the present invention, as shown in Fig. 2, The device includes acquiring unit 10, determination unit 20, amending unit 30 and authentication unit 40.
Acquiring unit is used for the dynamic password for obtaining dynamic token, wherein, dynamic token is used to generate according to preset password Algorithm generates initial challenge according to the password generated time, and the numerical value of the default position of initial challenge is replaced with the password generated time Reference bit numerical value to obtain dynamic password;Determination unit is used for the reference bit that the password generated time is determined according to dynamic password Numerical value;Amending unit is used for the value revision password receiving time of the reference bit according to the password generated time, obtains basis and recognizes Demonstrate,prove the time;Authentication unit is used for using the basic authentication time as initial value certification dynamic password
The embodiment generates the password of the reference bit of the time of dynamic password by parsing comprising dynamic token, with according to mouth Make the reference bit of generated time correct password receiving time and obtain the basic authentication time, solve dynamic password in correlation technique The less efficient technical problem of authentication method, and then the efficiently technique effect of certification dynamic password.
Present invention also provides a kind of embodiment of dynamic password formation method.It should be noted that this method is applied to Dynamic token.
Fig. 3 is a kind of flow chart of optional dynamic password formation method according to embodiments of the present invention, as shown in figure 3, This method comprises the following steps:
Step S301, initial challenge is generated according to preset password generating algorithm according to the current time of dynamic token;
The numerical value of the default position of initial challenge, is replaced with the numerical value of the reference bit of password generated time, obtained by step S302 To dynamic password, wherein, dynamic password is used to send to Verification System so that Verification System is authenticated according to dynamic password, can Selection of land, reference bit are minute position.
The embodiment according to the numerical value of the reference bit of password generated time by when generating dynamic password, changing according to pre- If the initial challenge of password generated algorithm generation so that Verification System in certification more than reference numerical value, can according to password The value revision basic authentication time of the reference bit of generated time, solves the authentication method efficiency of dynamic password in correlation technique Relatively low technical problem, and then the efficiently technique effect of certification dynamic password.
Alternatively, generating initial challenge according to the current time of dynamic token according to preset password generating algorithm includes:Press Initial challenge is generated according to the current time of dynamic token and the key being stored in dynamic token according to preset password generating algorithm.
Present invention also provides a kind of embodiment of dynamic password generating device.It should be noted that the device is contained in In dynamic token.
Fig. 4 is a kind of schematic diagram of optional dynamic password generating device according to embodiments of the present invention, as shown in figure 4, The device includes generation unit 50 and replacement unit 60.
Generation unit is used to generate initial challenge according to the current time of dynamic token according to preset password generating algorithm;Replace The numerical value that unit is used to replacing with the numerical value of the default position of initial challenge into the reference bit of password generated time is changed, obtains dynamic mouth Order, wherein, dynamic password is used to send to Verification System so that Verification System is authenticated according to dynamic password
The order of above-mentioned the embodiment of the present application does not represent the quality of embodiment.
In above-described embodiment of the application, the description to each embodiment all emphasizes particularly on different fields, and does not have in some embodiment The part of detailed description, may refer to the associated description of other embodiment.In several embodiments provided herein, it should be appreciated that Arrive, disclosed technology contents, can realize by another way.
It should be noted that attached drawing flow chart though it is shown that logical order, but in some cases, can be with Shown or described step is performed different from order herein.
Wherein, device embodiment described above is only schematical, such as the division of the unit, can be one Kind of division of logic function, can there is an other dividing mode when actually realizing, for example, multiple units or component can combine or Another system is desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or discussed it is mutual it Between coupling, direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some interfaces, unit or module Connect, can be electrical or other forms.
Above-mentioned device can include processor and memory, and said units can be stored in storage as program unit In device, above procedure unit stored in memory is performed by processor to realize corresponding function.
Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/ Or the form such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flashRAM), memory includes at least one storage Chip.
In addition, each functional unit in each embodiment of the application can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units integrate in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use When, it can be stored in a computer read/write memory medium.Based on such understanding, the technical solution of the application is substantially The part to contribute in other words to the prior art or all or part of the technical solution can be in the form of software products Embody, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server or network equipment etc.) perform each embodiment the method for the application whole or Part steps.And foregoing storage medium includes:USB flash disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD etc. are various can be with store program codes Medium.
The above is only the preferred embodiment of the application, it is noted that for the ordinary skill people of the art For member, on the premise of the application principle is not departed from, some improvements and modifications can also be made, these improvements and modifications also should It is considered as the protection domain of the application.

Claims (10)

  1. A kind of 1. dynamic password authentication method, it is characterised in that the method is applied to Verification System, the described method includes:
    The dynamic password of dynamic token is obtained, wherein, the dynamic token is used for according to preset password generating algorithm according to password Generated time generates initial challenge, and the numerical value of the default position of the initial challenge is replaced with to the ginseng of the password generated time The numerical value of position is examined to obtain the dynamic password;
    The numerical value of the reference bit of the password generated time is determined according to the dynamic password;
    According to the value revision password receiving time of the reference bit of the password generated time, the basic authentication time is obtained;
    Using the basic authentication time as dynamic password described in initial value certification.
  2. 2. according to the method described in claim 1, it is characterized in that, repaiied according to the numerical value of the reference bit of the password generated time Positive password receiving time, obtaining the basic authentication time includes:
    The password receiving time is determined according to the time of Verification System when getting the dynamic password;
    Missed according to the numerical value of the reference bit of the password generated time, the numerical value of the reference bit of the password receiving time, system The password receiving time is corrected in poor valuation and actual time difference valuation, obtains the basic authentication time, wherein, the system is missed Poor valuation is the dynamic token and the estimate of the system time error of the Verification System, and the actual time difference valuation is institute State the dynamic token generation dynamic password to the Verification System and get the time difference that the dynamic password is actually passed through Estimate.
  3. 3. according to the method described in claim 2, it is characterized in that, correct the password receiving time, obtain the basis and recognize The card time uses following steps:
    Step 1, obtain the numerical value B1 of the reference bit of the password generated time, the password receiving time ST reference bit number Value B2, the systematic error valuation T1, the actual time difference valuation T2, the first offset window W1, wherein, the initial value of T1 and T2 For 0;
    Step 2, the first offset OTP is calculatedi_ W1 simultaneously judges the first offset OTPiWhether _ W1 is beyond the described first offset Window W1:If T1 is negative, OTPi_ W1=(B2+T1-B1+10-T2) %10, if T1 is just, OTPi_ W1=(B1+ 10-B2+T1-T2) %10, if T1 is 0, OTPi_ W1=MIN { (B1+10-B2-T2) %10, (B2-B1+10-T2) % 10 }, wherein, if it is judged that OTPi_W1>W1, then authentification failure;
    Step 3, if it is judged that OTPi_ W1≤W1, then update T1:If T1 is negative, T1=(T1*N-OTPi_W1)/(N+ 1), wherein, N is certification number, if T1 is not negative, T1=(T1*N+OTPi_W1)/(N+1);
    Step 4, the password receiving time ST is corrected, obtains basic authentication time T:T=ST+T1.
  4. 4. according to the method described in claim 3, it is characterized in that, moved using the basic authentication time as described in initial value certification State password includes:
    Certification password is generated according to the preset password generating algorithm according to the basic authentication time;
    Judge whether other positions of the certification password in addition to the default position are identical with the dynamic password;
    If it is judged that it is yes, then certification success;
    If it is judged that being no, then is increased or decreased according to prefixed time interval on the basis of the basic authentication time Two offsets are until certification success or second offset exceed default second offset window.
  5. 5. according to the method described in claim 4, it is characterized in that, after certification success, the method further includes renewal institute Actual time difference valuation T2 is stated, wherein:
    Determine the second offset OTP during certification successi_W2;
    T2 is updated by equation below:T2=(T2*N+OTPi_W2)/(N+1);
    Certification times N is added 1.
  6. A kind of 6. dynamic password formation method, it is characterised in that the method is applied to dynamic token, the described method includes:
    Initial challenge is generated according to the current time of the dynamic token according to preset password generating algorithm;
    The numerical value of the default position of the initial challenge is replaced with to the numerical value of the reference bit of the password generated time, obtains dynamic Password, wherein, the dynamic password is used to send to Verification System so that the Verification System is carried out according to the dynamic password Certification;
    Wherein, generating initial challenge according to the current time of the dynamic token according to preset password generating algorithm includes:According to The preset password generating algorithm is given birth to according to the current time of the dynamic token with the key being stored in the dynamic token Into the initial challenge.
  7. 7. according to the method described in claim 6, it is characterized in that, the reference bit is minute position.
  8. 8. a kind of dynamic password authentication device, it is characterised in that described device is contained in Verification System, and described device includes:
    Acquiring unit, for obtaining the dynamic password of dynamic token, wherein, the dynamic token is used to generate according to preset password Algorithm generates initial challenge according to the password generated time, and the numerical value of the default position of the initial challenge is replaced with the password The numerical value of the reference bit of generated time is to obtain the dynamic password;
    Determination unit, the numerical value of the reference bit for determining the password generated time according to the dynamic password;
    Amending unit, for the value revision password receiving time of the reference bit according to the password generated time, obtains basis Authenticated time;
    Authentication unit, for using the basic authentication time as dynamic password described in initial value certification.
  9. 9. a kind of dynamic password generating device, it is characterised in that described device is contained in dynamic token, and described device includes:
    Generation unit, for generating initial challenge according to the current time of the dynamic token according to preset password generating algorithm;
    Replacement unit, for the numerical value of the default position of the initial challenge to be replaced with to the reference bit of the password generated time Numerical value, obtains dynamic password, wherein, the dynamic password is used to send to Verification System so that the Verification System is according to Dynamic password is authenticated;
    Wherein, the generation unit be used for according to the preset password generating algorithm according to the current time of the dynamic token and The key being stored in the dynamic token generates the initial challenge.
  10. A kind of 10. storage medium, it is characterised in that the storage medium is used for storage program, wherein, described program is processed Equipment perform claim requires the dynamic password generation side described in 6 to 7 any one device controls the storage medium when performing where Method.
CN201710058395.4A 2017-01-23 2017-01-23 Dynamic password generates and authentication method and device Active CN106603574B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710058395.4A CN106603574B (en) 2017-01-23 2017-01-23 Dynamic password generates and authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710058395.4A CN106603574B (en) 2017-01-23 2017-01-23 Dynamic password generates and authentication method and device

Publications (2)

Publication Number Publication Date
CN106603574A CN106603574A (en) 2017-04-26
CN106603574B true CN106603574B (en) 2018-05-08

Family

ID=58586576

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710058395.4A Active CN106603574B (en) 2017-01-23 2017-01-23 Dynamic password generates and authentication method and device

Country Status (1)

Country Link
CN (1) CN106603574B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108710699B (en) * 2018-05-23 2022-03-08 陈达康 Dynamic password generation method, device and system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101777984A (en) * 2010-01-13 2010-07-14 北京飞天诚信科技有限公司 Method and system for secure transaction

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101662465B (en) * 2009-08-26 2013-03-27 深圳市腾讯计算机系统有限公司 Method and device for verifying dynamic password
CN101741567B (en) * 2009-12-31 2012-05-23 飞天诚信科技股份有限公司 Dynamic password-based authentication method and device
CN103647647B (en) * 2013-12-06 2016-06-22 上海众人网络安全技术有限公司 Automatic correction method for time migration of dynamic password at server side

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101777984A (en) * 2010-01-13 2010-07-14 北京飞天诚信科技有限公司 Method and system for secure transaction

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于时间同步的动态口令身份认证的研究;苏武等;《计算机与现代化》;20091031;第1.2节,第2节,第4.2节,附图3 *

Also Published As

Publication number Publication date
CN106603574A (en) 2017-04-26

Similar Documents

Publication Publication Date Title
JP6883106B2 (en) Distributed systems, message processing methods, nodes, clients and storage media
US20200349639A1 (en) Computer systems, computer-implemented methods, and computer devices for processing a transaction message
CN105610938B (en) Logging state synchronous method and system
David et al. Ouroboros praos: An adaptively-secure, semi-synchronous proof-of-stake protocol
Nagarajan et al. Dynamic trust enhanced security model for trusted platform based services
WO2018177093A1 (en) Block chain processing method, accounting node, verification node and storage medium
EP3738271A1 (en) Computer-implemented method for managing user-submitted reviews using anonymous reputation system
CN106487511A (en) Identity identifying method and device
CN102868529B (en) Method for identifying and calibrating time
CN107798538A (en) One kind transaction accounting method and client
TW202101350A (en) Method and device for cross-chain transmission of authenticable message based on processing module
JP2018196097A (en) Generation device, consensus formation system, program, and generation method
CN103955643B (en) Method and device for judging and prompting e-bank (electronic bank) transaction safety
EP3308564B1 (en) Procédé de chargement d'une clé virtuelle et terminal utilisateur associé
CN108737105A (en) Method for retrieving, device, private key equipment and the medium of private key
CN106603574B (en) Dynamic password generates and authentication method and device
CN102724079A (en) Method and system for auxiliary configuration of Ethernet equipment
CN104144168A (en) Method for binding user account and gateway equipment on basis of open-type intelligent gateway platform
Gürgens et al. On a formal framework for security properties
CN107425977B (en) Dynamic token method for synchronizing time and device
CN109995775A (en) Block chain identifying code application method, equipment and storage medium
CN108156009A (en) A kind of service calling method and device
Boureanu et al. Mechanised models and proofs for distance-bounding
CN104618112A (en) Method for verifying dynamic password of dynamic token
Gao et al. Modeling attack resilient reconfigurable latent obfuscation technique for PUF based lightweight authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant