CN106603574B - Dynamic password generates and authentication method and device - Google Patents
Dynamic password generates and authentication method and device Download PDFInfo
- Publication number
- CN106603574B CN106603574B CN201710058395.4A CN201710058395A CN106603574B CN 106603574 B CN106603574 B CN 106603574B CN 201710058395 A CN201710058395 A CN 201710058395A CN 106603574 B CN106603574 B CN 106603574B
- Authority
- CN
- China
- Prior art keywords
- password
- time
- dynamic
- numerical value
- dynamic password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
Abstract
The invention discloses a kind of generation of dynamic password and authentication method and device.Wherein, this method includes:Obtain the dynamic password of dynamic token, wherein, dynamic token is used to generate initial challenge according to the password generated time according to preset password generating algorithm, and the numerical value of the default position of initial challenge is replaced with to the numerical value of the reference bit of password generated time to obtain dynamic password;The numerical value of the reference bit of password generated time is determined according to dynamic password, wherein, the numerical value of the default position of dynamic password is the numerical value of the reference bit of password generated time;According to the value revision password receiving time of the reference bit of password generated time, the basic authentication time is obtained;Using the basic authentication time as initial value certification dynamic password.The present invention solves the less efficient technical problem of authentication method of dynamic password in correlation technique.
Description
Technical field
The present invention relates to information security field, in particular to a kind of generation of dynamic password and authentication method and device.
Background technology
In the identity identifying technology for being currently based on time type dynamic password, the generation of dynamic password is mainly by following two
The factor is produced by crypto-operation:Seed key+time.Wherein seed key is stored in the dynamic token of front end and moving for rear end
In state command identifying, it would not change after dynamic token activation;Time produces dynamic mouth for front end dynamic token
The time of dynamic password when making.
Since dynamic token is produced after dynamic password, it is necessary to user is entered manually into operation system, then operation system tune
It is authenticated with dynamic password authentication system, dynamic password authentication system can be by the dynamic password of calculating and the dynamic passed over
Password is compared.There is a time difference since front-end and back-end calculate dynamic password, and the time of dynamic token is with use
The increase of time, may be inconsistent with the appearance of the server time of dynamic password authentication system, therefore dynamic password authentication system
Statistics, which calculates dynamic password, just the concept of window, if calculating dynamic password and the mouth of dynamic token calculating using current time
Make it is inconsistent, then can according to window size distinguish the calculation window time in dynamic password, then with dynamic token calculate mouth
Order is compared, if all dynamic passwords calculated in window time are all more unsuccessful, dynamic password authentication failure.
For the less efficient technical problem of the authentication method of dynamic password in correlation technique, not yet propose at present effective
Solution.
The content of the invention
An embodiment of the present invention provides a kind of generation of dynamic password and authentication method and device, at least to solve correlation technique
The less efficient technical problem of the authentication method of middle dynamic password.
One side according to embodiments of the present invention, there is provided a kind of dynamic password authentication method, this method are applied to recognize
Card system, this method include:The dynamic password of dynamic token is obtained, wherein, dynamic token, which is used to generate according to preset password, to be calculated
Method generates initial challenge according to the password generated time, and the numerical value of the default position of initial challenge is replaced with the password generated time
The numerical value of reference bit is to obtain dynamic password;The numerical value of the reference bit of password generated time is determined according to dynamic password;According to mouth
The value revision password receiving time of the reference bit of generated time is made, obtains the basic authentication time;Using the basic authentication time as
Initial value certification dynamic password.
Further, according to the value revision password receiving time of the reference bit of password generated time, basic authentication is obtained
Time includes:Password receiving time is determined according to the time of Verification System when getting dynamic password;During according to password generated
Between numerical value, systematic error valuation and the actual time difference valuation of reference bit of the numerical value of reference bit, password receiving time correct mouth
Receiving time is made, obtains the basic authentication time, wherein, systematic error valuation misses for dynamic token and the system time of Verification System
The estimate of difference, actual time difference valuation get dynamic password for dynamic token generation dynamic password to Verification System and are actually passed through
Time difference estimate.
Further, password receiving time is corrected, obtaining the basic authentication time uses following steps:Step 1, password is obtained
The numerical value B1 of the reference bit of generated time, the numerical value B2 of the reference bit of password receiving time ST, systematic error valuation T1, it is actual when
Poor valuation T2, the first offset window W1, wherein, the initial value of T1 and T2 are 0;Step 2, the first offset OTPi_W1 is calculated simultaneously
Judge whether the first offset OTPi_W1 exceeds the first offset window W1:If T1 is negative, OTPi_W1=(B2+T1-B1+
10-T2) %10, if T1 is just, OTPi_W1=(B1+10-B2+T1-T2) %10, if T1 is 0, OTPi_W1=
MIN { (B1+10-B2-T2) %10, (B2-B1+10-T2) %10 }, wherein, if it is judged that OTPi_W1>W1, then certification are lost
Lose;Step 3, if it is judged that OTPi_W1≤W1, then update T1:If T1 is negative, T1=(T1*N-OTPi_W1)/(N+
1), wherein, N is certification number, if T1 is not negative, T1=(T1*N+OTPi_W1)/(N+1);Step 4, password is corrected to connect
ST between time receiving, obtains basic authentication time T:T=ST+T1.
Further, include the basic authentication time as initial value certification dynamic password:According to the basic authentication time according to
Preset password generating algorithm generates certification password;Judge other positions of the certification password in addition to default position whether with dynamic password phase
Together;If it is judged that it is yes, then certification success;If it is judged that be it is no, then on the basis of the basic authentication time according to
Prefixed time interval increases or decreases the second offset until certification success or the second offset exceed default second offset window
Mouthful.
Further, after certification success, this method further includes the actual time difference valuation T2 of renewal, wherein:Determine certification
The second offset OTPi_W2 during success;T2 is updated by equation below:T2=(T2*N+OTPi_W2)/(N+1);By certification
Times N adds 1.
Another aspect according to embodiments of the present invention, additionally provides a kind of dynamic password formation method, and this method is applied to
Dynamic token, this method include:Initial challenge is generated according to the current time of dynamic token according to preset password generating algorithm;Will
The numerical value of the default position of initial challenge replaces with the numerical value of the reference bit of password generated time, obtains dynamic password, wherein, dynamic
Password is used to send to Verification System so that Verification System is authenticated according to dynamic password.
Further, reference bit is minute position.
Further, generating initial challenge according to the current time of dynamic token according to preset password generating algorithm includes:
Initial mouth is generated according to the current time of dynamic token and the key being stored in dynamic token according to preset password generating algorithm
Order.
Another aspect according to embodiments of the present invention, additionally provides a kind of dynamic password authentication device, which is contained in
In Verification System, which includes:Acquiring unit, for obtaining the dynamic password of dynamic token, wherein, dynamic token is used to press
Initial challenge is generated according to the password generated time according to preset password generating algorithm, and the numerical value of the default position of initial challenge is replaced
It is the numerical value of the reference bit of password generated time to obtain dynamic password;Determination unit, for determining password according to dynamic password
The numerical value of the reference bit of generated time;Amending unit, the value revision password for the reference bit according to the password generated time connect
Between time receiving, the basic authentication time is obtained;Authentication unit, for using the basic authentication time as initial value certification dynamic password.
Another aspect according to embodiments of the present invention, additionally provides a kind of dynamic password generating device, which is contained in
In dynamic token, which includes:Generation unit, for the current time according to preset password generating algorithm according to dynamic token
Generate initial challenge;Replacement unit, for the numerical value of the default position of initial challenge to be replaced with to the reference bit of password generated time
Numerical value, obtain dynamic password, wherein, dynamic password be used for send to Verification System so that Verification System according to dynamic password into
Row certification.
Another aspect according to embodiments of the present invention, additionally provides a kind of storage medium, which is used to store journey
Sequence, wherein, program controls equipment where storage medium to perform dynamic password formation method of the invention when being executed by processor.
In embodiments of the present invention, by the mouth for the reference bit for parsing the time that dynamic password is generated comprising dynamic token
Order, obtains the basic authentication time to correct password receiving time according to the reference bit of password generated time, solves correlation technique
The less efficient technical problem of the authentication method of middle dynamic password, and then the efficiently technology effect of certification dynamic password
Fruit.
Brief description of the drawings
Attached drawing described herein is used for providing a further understanding of the present invention, forms the part of the application, this hair
Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is a kind of flow chart of optional dynamic password authentication method according to embodiments of the present invention;
Fig. 2 is a kind of schematic diagram of optional dynamic password authentication device according to embodiments of the present invention;
Fig. 3 is a kind of flow chart of optional dynamic password formation method according to embodiments of the present invention;
Fig. 4 is a kind of schematic diagram of optional dynamic password generating device according to embodiments of the present invention.
Embodiment
In order to make those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention
Attached drawing, is clearly and completely described the technical solution in the embodiment of the present invention, it is clear that described embodiment is only
The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
Member's all other embodiments obtained without making creative work, should all belong to the model that the present invention protects
Enclose.
It should be noted that term " first " in description and claims of this specification and above-mentioned attached drawing, "
Two " etc. be for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that so use
Data can exchange in the appropriate case, so as to the embodiment of the present invention described herein can with except illustrating herein or
Order beyond those of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, be not necessarily limited to for example, containing the process of series of steps or unit, method, system, product or equipment
Those steps or unit clearly listed, but may include not list clearly or for these processes, method, product
Or the intrinsic other steps of equipment or unit.
This application provides a kind of embodiment of dynamic password authentication method.It should be noted that this method is applied to recognize
Card system.
Fig. 1 is a kind of flow chart of optional dynamic password authentication method according to embodiments of the present invention, as shown in Figure 1,
This method comprises the following steps:
Step S101, obtains the dynamic password of dynamic token, wherein, dynamic token is used for according to preset password generating algorithm
Initial challenge is generated according to the password generated time, and the numerical value of the default position of initial challenge is replaced with to the ginseng of password generated time
The numerical value of position is examined to obtain dynamic password;
Step S102, the numerical value of the reference bit of password generated time is determined according to dynamic password;
Step S103, according to the value revision password receiving time of the reference bit of password generated time, obtains basic authentication
Time;
Step S104, using the basic authentication time as initial value certification dynamic password.
Dynamic token (OTPi) it is the headend equipment based on time generation dynamic password.Dynamic token generates dynamic password
When, the hardware timeout of itself is obtained first as the password generated time, according to what is prestored in password generated time and dynamic token
Seed key generates dynamic password according to preset password generating algorithm.
In this embodiment, dynamic token is generating initial mouth according to preset password generating algorithm according to the password generated time
After order, the reference bit in the default position and password generated time in initial challenge is determined, by the default position in initial challenge
Numerical value replaces with the numerical value of the reference bit of password generated time.
For example, current time (such as 9 point 21 of the dynamic token according to existing preset password generating algorithm according to dynamic token
Point) and the seed key initial dynamic password P1 of generation, the default position for determining initial challenge is last position, determines password generated
Reference bit in time is minute position, then by last 1 of last 1 current time for being changed into dynamic token of P1, so that
To P2, if P1 is 12345678, P2 12345671.
After the dynamic password that Verification System gets dynamic token generation, it can determine that password is given birth to according to dynamic password
Into the numerical value of the reference bit of time.After the numerical value for determining the reference bit of password generated time, password receiving time can be corrected,
Wherein, password receiving time is the time for the dynamic password for getting dynamic token, corrects password receiving time and obtains base afterwards
Plinth authenticated time, wherein, the initial time value when basic authentication time is Verification System certification dynamic password, determines basic authentication
After time, using the basic authentication time as initial value certification dynamic password, in Verification System certification dynamic password, first using base
Plinth authenticated time and the seed key generation certification password identical with dynamic token being pre-stored in Verification System, judge certification mouth
Whether other positions in order in addition to default position are identical with the dynamic password got, if identical, certification success, if not
Together, then certification is unsuccessful.If unverified success, on the basis of the basic authentication time according to prefixed time interval increase or
Reduce by a time quantum deviated to generate certification password.
The embodiment generates the password of the reference bit of the time of dynamic password by parsing comprising dynamic token, with according to mouth
Make the reference bit of generated time correct password receiving time and obtain the basic authentication time, solve dynamic password in correlation technique
The less efficient technical problem of authentication method, and then the efficiently technique effect of certification dynamic password.
As a kind of alternative embodiment of above-described embodiment, according to the value revision password of the reference bit of password generated time
Receiving time, the step of obtaining the basic authentication time, can include:According to the time of Verification System when getting dynamic password
Determine password receiving time;According to the numerical value of the reference bit of password generated time, the reference bit of password receiving time numerical value, be
Password receiving time is corrected in error estimator of uniting and actual time difference valuation, obtains the basic authentication time, wherein, systematic error valuation is
The estimate of the system time error of dynamic token and Verification System, actual time difference valuation generate dynamic password extremely for dynamic token
Verification System gets the estimate for the time difference that dynamic password is actually passed through.
In existing dynamic password authentication method, when being calculated due to dynamic token and Verification System used by dynamic password
Between it is inconsistent, can cause Verification System when carrying out dynamic password authentication, it is necessary to carry out multiple dynamic password calculating process, sternly
The authentication efficiency problem of ghost image acoustic system.
The reason for causing dynamic token and Verification System to calculate Time Inconsistency used by dynamic password, mainly there is two,
One is that the certification for needing user that the dynamic password having been calculated is input to Verification System after dynamic password has been calculated in dynamic token
The page, and need dynamic password being transferred to Verification System and be authenticated, these are due to the reality that operation and transmission produce
Time difference;The other is the system time of dynamic token can be with the service of dynamic password authentication system with the increase of usage time
The appearance of device time is inconsistent, namely system time error.
One time window of generally use in the prior art, the window model of the time of dynamic password is received in Verification System
It is authenticated in enclosing.If dynamic token and Verification System is caused to calculate two reasons of Time Inconsistency using one by above-mentioned
Time window is authenticated, and be may result in time window scope and is become larger, and the amplitude changed is bigger, so as to cause to recognize
Card number increases, and reduces authentication efficiency.In addition, dynamic token increases over time, with the server time of Verification System
Error is possible to that time window can be exceeded, so as to cause authentification failure.When the authentication method that the alternative embodiment provides will cause
Between inconsistent two kinds of reasons be respectively processed, so as to solve the problems, such as the authentication efficiency of dynamic password.
Specifically, password receiving time is corrected, the steps and formula can be used by obtaining the basic authentication time:
Step 1, obtain the numerical value B1 of reference bit of password generated time, password receiving time ST reference bit numerical value
B2, systematic error valuation T1, actual time difference valuation T2, the first offset window W1:Verification System obtains the dynamic mouth of dynamic token
When making the P2 be authenticated, numerical value B1 of the numerical value as the reference bit of password generated time of the default position of P2 can be obtained, and is obtained
The numerical value B2 of the reference bit of the current time (namely password receiving time ST) of server (Verification System).Wherein, T1 and T2
Initial value is 0.Also, T1 represents dynamic token (OTP for timingi) time it is bigger T1 than the server time of Verification System point
Clock, and this big trend can increase, and dynamic token (OTP is represented when T1 is bearsi) time than Verification System service
The device time is T1 minutes small, and this small trend can increase, and T2, which is only, just, represents that the operating time of input dynamic password adds
The time delay of network transmission is T2 minutes.
Step 2, the first offset OTP is calculatedi_ W1 simultaneously judges the first offset OTPiWhether _ W1 exceeds the first offset window
W1:If T1 is negative, OTPi_ W1=(B2+T1-B1+10-T2) %10, if T1 is just, OTPi_ W1=(B1+10-B2+
T1-T2) %10, if T1 is 0, OTPi_ W1=MIN { (B1+10-B2-T2) %10, (B2-B1+10-T2) %10 }, its
In, if it is judged that OTPi_W1>W1, then authentification failure.Wherein, the first offset OTPi_ W1 is hardware timeout offset, and W1 is
Hardware shift time window.Wherein, " % " is the operation to rem, and MIN { A, B } represents to take the minimum value of A and B.
Step 3, if it is judged that OTPi_ W1≤W1, then update T1:
If T1 is negative, T1=(T1*N-OTPi_ W1)/(N+1), wherein, N is certification number, and the initial value of N is 0,
If T1 is not negative, T1=(T1*N+OTPi_W1)/(N+1)。
Step 4, password receiving time ST is corrected, obtains basic authentication time T:T=ST+T1.
After the basic authentication time is obtained according to above-mentioned steps, it can be given birth to according to the basic authentication time according to preset password
Certification password is generated into algorithm.Judge whether other positions of the certification password in addition to default position are identical with dynamic password;If sentence
Disconnected result is yes, then certification success;If it is judged that it is no, then according between preset time on the basis of the basic authentication time
Every increase or decrease the second offset until certification success or the second offset exceed default second offset window.
Before Verification System is authenticated, the second offset window W2, W2 is first set for operation shift time window.Recognizing
After demonstrate,proving successfully, actual time difference valuation T2 can also be updated by following step:Determine the second offset during certification success
OTPi_ W2, wherein, the second offset OTPi_ W2 is this operation shift time, then updates T2 by equation below:T2=
(T2*N+OTPi_W2)/(N+1);Certification times N is added 1.
For example, calculate certification password using the seed key preserved in definite basic authentication time T and Verification System
The numerical value of the default position of P3, is replaced with the numerical value of the default position of P2, obtains password P4, if P4=P2, then it represents that certification by P3
Success, otherwise, an offset W2 is chosen from operating time window W2 with thisi, then using T+W2iPressed as authenticated time
Dynamic password is calculated according to above method to be authenticated, such as W2=5, then offset W2iCan value 1 successively, -1,2, -2,
3, -3,4, -4,5, -5, if certification success, by offset W2 of certification when successfuliAs this operation shift time OTPi_
W2, OTPi_ W2=T2+W2i, the T2 stored in Verification System is updated by following formula:T2=(T2*N+OTPi_W2)/(N+
1), while certification times N adds 1.If offset W2iAll values are taken to be different from then authentification failure.
The embodiment can reduce dynamic password meter by the way that two kinds of reasons for causing Time Inconsistency are respectively processed
Number is calculated, so as to improve authentication efficiency.
Present invention also provides a kind of embodiment of storage medium, the storage medium of the embodiment is used for storage program, its
In, program controls the dynamic password generation side of the equipment execution embodiment of the present invention where storage medium when being executed by processor
Method.
Present invention also provides a kind of embodiment of dynamic password authentication device.It should be noted that the device is contained in
In Verification System.
Fig. 2 is a kind of schematic diagram of optional dynamic password authentication device according to embodiments of the present invention, as shown in Fig. 2,
The device includes acquiring unit 10, determination unit 20, amending unit 30 and authentication unit 40.
Acquiring unit is used for the dynamic password for obtaining dynamic token, wherein, dynamic token is used to generate according to preset password
Algorithm generates initial challenge according to the password generated time, and the numerical value of the default position of initial challenge is replaced with the password generated time
Reference bit numerical value to obtain dynamic password;Determination unit is used for the reference bit that the password generated time is determined according to dynamic password
Numerical value;Amending unit is used for the value revision password receiving time of the reference bit according to the password generated time, obtains basis and recognizes
Demonstrate,prove the time;Authentication unit is used for using the basic authentication time as initial value certification dynamic password
The embodiment generates the password of the reference bit of the time of dynamic password by parsing comprising dynamic token, with according to mouth
Make the reference bit of generated time correct password receiving time and obtain the basic authentication time, solve dynamic password in correlation technique
The less efficient technical problem of authentication method, and then the efficiently technique effect of certification dynamic password.
Present invention also provides a kind of embodiment of dynamic password formation method.It should be noted that this method is applied to
Dynamic token.
Fig. 3 is a kind of flow chart of optional dynamic password formation method according to embodiments of the present invention, as shown in figure 3,
This method comprises the following steps:
Step S301, initial challenge is generated according to preset password generating algorithm according to the current time of dynamic token;
The numerical value of the default position of initial challenge, is replaced with the numerical value of the reference bit of password generated time, obtained by step S302
To dynamic password, wherein, dynamic password is used to send to Verification System so that Verification System is authenticated according to dynamic password, can
Selection of land, reference bit are minute position.
The embodiment according to the numerical value of the reference bit of password generated time by when generating dynamic password, changing according to pre-
If the initial challenge of password generated algorithm generation so that Verification System in certification more than reference numerical value, can according to password
The value revision basic authentication time of the reference bit of generated time, solves the authentication method efficiency of dynamic password in correlation technique
Relatively low technical problem, and then the efficiently technique effect of certification dynamic password.
Alternatively, generating initial challenge according to the current time of dynamic token according to preset password generating algorithm includes:Press
Initial challenge is generated according to the current time of dynamic token and the key being stored in dynamic token according to preset password generating algorithm.
Present invention also provides a kind of embodiment of dynamic password generating device.It should be noted that the device is contained in
In dynamic token.
Fig. 4 is a kind of schematic diagram of optional dynamic password generating device according to embodiments of the present invention, as shown in figure 4,
The device includes generation unit 50 and replacement unit 60.
Generation unit is used to generate initial challenge according to the current time of dynamic token according to preset password generating algorithm;Replace
The numerical value that unit is used to replacing with the numerical value of the default position of initial challenge into the reference bit of password generated time is changed, obtains dynamic mouth
Order, wherein, dynamic password is used to send to Verification System so that Verification System is authenticated according to dynamic password
The order of above-mentioned the embodiment of the present application does not represent the quality of embodiment.
In above-described embodiment of the application, the description to each embodiment all emphasizes particularly on different fields, and does not have in some embodiment
The part of detailed description, may refer to the associated description of other embodiment.In several embodiments provided herein, it should be appreciated that
Arrive, disclosed technology contents, can realize by another way.
It should be noted that attached drawing flow chart though it is shown that logical order, but in some cases, can be with
Shown or described step is performed different from order herein.
Wherein, device embodiment described above is only schematical, such as the division of the unit, can be one
Kind of division of logic function, can there is an other dividing mode when actually realizing, for example, multiple units or component can combine or
Another system is desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or discussed it is mutual it
Between coupling, direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some interfaces, unit or module
Connect, can be electrical or other forms.
Above-mentioned device can include processor and memory, and said units can be stored in storage as program unit
In device, above procedure unit stored in memory is performed by processor to realize corresponding function.
Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/
Or the form such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flashRAM), memory includes at least one storage
Chip.
In addition, each functional unit in each embodiment of the application can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units integrate in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use
When, it can be stored in a computer read/write memory medium.Based on such understanding, the technical solution of the application is substantially
The part to contribute in other words to the prior art or all or part of the technical solution can be in the form of software products
Embody, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server or network equipment etc.) perform each embodiment the method for the application whole or
Part steps.And foregoing storage medium includes:USB flash disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD etc. are various can be with store program codes
Medium.
The above is only the preferred embodiment of the application, it is noted that for the ordinary skill people of the art
For member, on the premise of the application principle is not departed from, some improvements and modifications can also be made, these improvements and modifications also should
It is considered as the protection domain of the application.
Claims (10)
- A kind of 1. dynamic password authentication method, it is characterised in that the method is applied to Verification System, the described method includes:The dynamic password of dynamic token is obtained, wherein, the dynamic token is used for according to preset password generating algorithm according to password Generated time generates initial challenge, and the numerical value of the default position of the initial challenge is replaced with to the ginseng of the password generated time The numerical value of position is examined to obtain the dynamic password;The numerical value of the reference bit of the password generated time is determined according to the dynamic password;According to the value revision password receiving time of the reference bit of the password generated time, the basic authentication time is obtained;Using the basic authentication time as dynamic password described in initial value certification.
- 2. according to the method described in claim 1, it is characterized in that, repaiied according to the numerical value of the reference bit of the password generated time Positive password receiving time, obtaining the basic authentication time includes:The password receiving time is determined according to the time of Verification System when getting the dynamic password;Missed according to the numerical value of the reference bit of the password generated time, the numerical value of the reference bit of the password receiving time, system The password receiving time is corrected in poor valuation and actual time difference valuation, obtains the basic authentication time, wherein, the system is missed Poor valuation is the dynamic token and the estimate of the system time error of the Verification System, and the actual time difference valuation is institute State the dynamic token generation dynamic password to the Verification System and get the time difference that the dynamic password is actually passed through Estimate.
- 3. according to the method described in claim 2, it is characterized in that, correct the password receiving time, obtain the basis and recognize The card time uses following steps:Step 1, obtain the numerical value B1 of the reference bit of the password generated time, the password receiving time ST reference bit number Value B2, the systematic error valuation T1, the actual time difference valuation T2, the first offset window W1, wherein, the initial value of T1 and T2 For 0;Step 2, the first offset OTP is calculatedi_ W1 simultaneously judges the first offset OTPiWhether _ W1 is beyond the described first offset Window W1:If T1 is negative, OTPi_ W1=(B2+T1-B1+10-T2) %10, if T1 is just, OTPi_ W1=(B1+ 10-B2+T1-T2) %10, if T1 is 0, OTPi_ W1=MIN { (B1+10-B2-T2) %10, (B2-B1+10-T2) % 10 }, wherein, if it is judged that OTPi_W1>W1, then authentification failure;Step 3, if it is judged that OTPi_ W1≤W1, then update T1:If T1 is negative, T1=(T1*N-OTPi_W1)/(N+ 1), wherein, N is certification number, if T1 is not negative, T1=(T1*N+OTPi_W1)/(N+1);Step 4, the password receiving time ST is corrected, obtains basic authentication time T:T=ST+T1.
- 4. according to the method described in claim 3, it is characterized in that, moved using the basic authentication time as described in initial value certification State password includes:Certification password is generated according to the preset password generating algorithm according to the basic authentication time;Judge whether other positions of the certification password in addition to the default position are identical with the dynamic password;If it is judged that it is yes, then certification success;If it is judged that being no, then is increased or decreased according to prefixed time interval on the basis of the basic authentication time Two offsets are until certification success or second offset exceed default second offset window.
- 5. according to the method described in claim 4, it is characterized in that, after certification success, the method further includes renewal institute Actual time difference valuation T2 is stated, wherein:Determine the second offset OTP during certification successi_W2;T2 is updated by equation below:T2=(T2*N+OTPi_W2)/(N+1);Certification times N is added 1.
- A kind of 6. dynamic password formation method, it is characterised in that the method is applied to dynamic token, the described method includes:Initial challenge is generated according to the current time of the dynamic token according to preset password generating algorithm;The numerical value of the default position of the initial challenge is replaced with to the numerical value of the reference bit of the password generated time, obtains dynamic Password, wherein, the dynamic password is used to send to Verification System so that the Verification System is carried out according to the dynamic password Certification;Wherein, generating initial challenge according to the current time of the dynamic token according to preset password generating algorithm includes:According to The preset password generating algorithm is given birth to according to the current time of the dynamic token with the key being stored in the dynamic token Into the initial challenge.
- 7. according to the method described in claim 6, it is characterized in that, the reference bit is minute position.
- 8. a kind of dynamic password authentication device, it is characterised in that described device is contained in Verification System, and described device includes:Acquiring unit, for obtaining the dynamic password of dynamic token, wherein, the dynamic token is used to generate according to preset password Algorithm generates initial challenge according to the password generated time, and the numerical value of the default position of the initial challenge is replaced with the password The numerical value of the reference bit of generated time is to obtain the dynamic password;Determination unit, the numerical value of the reference bit for determining the password generated time according to the dynamic password;Amending unit, for the value revision password receiving time of the reference bit according to the password generated time, obtains basis Authenticated time;Authentication unit, for using the basic authentication time as dynamic password described in initial value certification.
- 9. a kind of dynamic password generating device, it is characterised in that described device is contained in dynamic token, and described device includes:Generation unit, for generating initial challenge according to the current time of the dynamic token according to preset password generating algorithm;Replacement unit, for the numerical value of the default position of the initial challenge to be replaced with to the reference bit of the password generated time Numerical value, obtains dynamic password, wherein, the dynamic password is used to send to Verification System so that the Verification System is according to Dynamic password is authenticated;Wherein, the generation unit be used for according to the preset password generating algorithm according to the current time of the dynamic token and The key being stored in the dynamic token generates the initial challenge.
- A kind of 10. storage medium, it is characterised in that the storage medium is used for storage program, wherein, described program is processed Equipment perform claim requires the dynamic password generation side described in 6 to 7 any one device controls the storage medium when performing where Method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710058395.4A CN106603574B (en) | 2017-01-23 | 2017-01-23 | Dynamic password generates and authentication method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710058395.4A CN106603574B (en) | 2017-01-23 | 2017-01-23 | Dynamic password generates and authentication method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106603574A CN106603574A (en) | 2017-04-26 |
CN106603574B true CN106603574B (en) | 2018-05-08 |
Family
ID=58586576
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710058395.4A Active CN106603574B (en) | 2017-01-23 | 2017-01-23 | Dynamic password generates and authentication method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106603574B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108710699B (en) * | 2018-05-23 | 2022-03-08 | 陈达康 | Dynamic password generation method, device and system |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101777984A (en) * | 2010-01-13 | 2010-07-14 | 北京飞天诚信科技有限公司 | Method and system for secure transaction |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101662465B (en) * | 2009-08-26 | 2013-03-27 | 深圳市腾讯计算机系统有限公司 | Method and device for verifying dynamic password |
CN101741567B (en) * | 2009-12-31 | 2012-05-23 | 飞天诚信科技股份有限公司 | Dynamic password-based authentication method and device |
CN103647647B (en) * | 2013-12-06 | 2016-06-22 | 上海众人网络安全技术有限公司 | Automatic correction method for time migration of dynamic password at server side |
-
2017
- 2017-01-23 CN CN201710058395.4A patent/CN106603574B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101777984A (en) * | 2010-01-13 | 2010-07-14 | 北京飞天诚信科技有限公司 | Method and system for secure transaction |
Non-Patent Citations (1)
Title |
---|
基于时间同步的动态口令身份认证的研究;苏武等;《计算机与现代化》;20091031;第1.2节,第2节,第4.2节,附图3 * |
Also Published As
Publication number | Publication date |
---|---|
CN106603574A (en) | 2017-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6883106B2 (en) | Distributed systems, message processing methods, nodes, clients and storage media | |
US20200349639A1 (en) | Computer systems, computer-implemented methods, and computer devices for processing a transaction message | |
CN105610938B (en) | Logging state synchronous method and system | |
David et al. | Ouroboros praos: An adaptively-secure, semi-synchronous proof-of-stake protocol | |
Nagarajan et al. | Dynamic trust enhanced security model for trusted platform based services | |
WO2018177093A1 (en) | Block chain processing method, accounting node, verification node and storage medium | |
EP3738271A1 (en) | Computer-implemented method for managing user-submitted reviews using anonymous reputation system | |
CN106487511A (en) | Identity identifying method and device | |
CN102868529B (en) | Method for identifying and calibrating time | |
CN107798538A (en) | One kind transaction accounting method and client | |
TW202101350A (en) | Method and device for cross-chain transmission of authenticable message based on processing module | |
JP2018196097A (en) | Generation device, consensus formation system, program, and generation method | |
CN103955643B (en) | Method and device for judging and prompting e-bank (electronic bank) transaction safety | |
EP3308564B1 (en) | Procédé de chargement d'une clé virtuelle et terminal utilisateur associé | |
CN108737105A (en) | Method for retrieving, device, private key equipment and the medium of private key | |
CN106603574B (en) | Dynamic password generates and authentication method and device | |
CN102724079A (en) | Method and system for auxiliary configuration of Ethernet equipment | |
CN104144168A (en) | Method for binding user account and gateway equipment on basis of open-type intelligent gateway platform | |
Gürgens et al. | On a formal framework for security properties | |
CN107425977B (en) | Dynamic token method for synchronizing time and device | |
CN109995775A (en) | Block chain identifying code application method, equipment and storage medium | |
CN108156009A (en) | A kind of service calling method and device | |
Boureanu et al. | Mechanised models and proofs for distance-bounding | |
CN104618112A (en) | Method for verifying dynamic password of dynamic token | |
Gao et al. | Modeling attack resilient reconfigurable latent obfuscation technique for PUF based lightweight authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |