CN113660100B

CN113660100B - Method, system and electronic equipment for generating soft token seed

Info

Publication number: CN113660100B
Application number: CN202111224172.3A
Authority: CN
Inventors: 陆舟
Original assignee: Feitian Technologies Co Ltd
Current assignee: Feitian Technologies Co Ltd
Priority date: 2021-10-21
Filing date: 2021-10-21
Publication date: 2022-01-18
Anticipated expiration: 2041-10-21
Also published as: CN113660100A

Abstract

The invention discloses a method, a system and electronic equipment for generating a soft token seed, and belongs to the field of information security. The application receives a soft token identification and a first authorization code, calls the SDK to store the soft token identification, generates a first soft token binding request according to the soft token identification, a channel identification and the first authorization code, sends the first soft token binding request to the server, receives a first activation code and a first activation password sent by the server, calls the SDK to decrypt the first activation code by using the first activation password to obtain an activation factor, generates a soft token seed according to the activation factor, the soft token identification and the PIN code, generates a first OTP according to the dynamic factor and the soft token seed and sends the first OTP to the server, receives and analyzes a first authentication response sent by the server to obtain an authentication result, judges the type of the authentication result, and ends if the authentication result is a successful authentication result. The method of the invention avoids the leakage of the soft token seed caused by the malicious attack of the local application, and realizes the synchronization of the soft token seed.

Description

Method, system and electronic equipment for generating soft token seed

Technical Field

The present invention relates to the field of information security, and in particular, to a method, a system, and an electronic device for generating a soft token seed.

Background

With the high-speed development of the internet, the dependence of users on smart phones is getting larger and larger, so that various mobile phone applications are generated, in order to improve the application security, the user identity is often verified through a Password (OTP), and the generation of the Password requires the participation of a soft token seed.

In the prior art, the soft token seed is usually generated by a server and then sent to a local application, and in order to ensure the security of the soft token seed of each application, each local application often stores its own soft token seed independently. By adopting the method, once the local application is maliciously attacked, the soft token seed can be leaked, so that the password generated according to the soft token seed is no longer safe, and due to the independent storage of the soft token seed, the synchronization of the soft token seed can not be realized by a plurality of applications which are developed by the same company and can mutually trust each other.

Disclosure of Invention

In order to overcome the defects of the prior art, a method for generating soft token seeds is provided.

In a first aspect, the present invention provides a method for generating a soft token seed, comprising the steps of:

step 101: when an application receives a soft token identifier and a first authorization code, calling an SDK (software development kit) to store the soft token identifier, generating a first soft token binding request according to the soft token identifier, a channel identifier and the first authorization code, and sending the first soft token binding request to a server;

step 102: when the application receives a first activation code and a first activation password sent by the server, calling the SDK by taking the first activation code and the first activation password as parameters;

step 103: the SDK decrypts the first activation code by using the first activation password to obtain an activation factor, correspondingly stores the activation factor and the soft token identifier, obtains a PIN code, and generates a soft token seed according to the activation factor, the soft token identifier and the obtained PIN code;

step 104: the SDK generates activation confirmation information and a dynamic factor, generates a first OTP according to the dynamic factor and the soft token seed, and sends the soft token identification, the activation confirmation information and the first OTP to the application;

step 105: the application receives the soft token identification, the activation confirmation information and the first OTP, and sends a first authentication request containing the soft token identification, the activation confirmation information, the first OTP and the channel identification to the server;

step 106: when the application receives a first authentication response sent by the server, analyzing the first authentication response to obtain an authentication result, judging the type of the authentication result, if the authentication result is a successful authentication result, ending the authentication, and if the authentication result is a failed authentication result, calling the SDK to delete the stored activation factor and soft token identification;

the soft token identification and the activation factor are generated by the application for first binding the soft token and are used for synchronizing the application to be bound with the soft token.

In a second aspect, the present invention provides a method for generating a soft token seed, comprising the steps of:

when a server receives a first soft token binding request, analyzing the first soft token binding request to obtain a soft token identifier, a channel identifier and a first authorization code, verifying the first authorization code, binding the channel identifier and the soft token identifier when the first authorization code passes verification to generate a first activation password, acquiring a stored activation factor, encrypting the activation factor by using the first activation password to obtain a first activation code, and sending the first activation code and the first activation password to the application;

when the server receives a first authentication request sent by the application, analyzing the first authentication request to obtain activation confirmation information, a first OTP and a channel identifier, generating a soft token seed according to a stored activation factor, a soft token identifier and a PIN code, generating a dynamic factor, authenticating the first OTP according to the dynamic factor and the soft token seed to generate an authentication result, and sending a first authentication response containing the authentication result to the application;

the soft token identification and the activation factor are generated by an application of a first bound soft token, and are used for synchronizing the application of the soft token to be bound.

In a third aspect, the present invention provides a method for generating a soft token seed, comprising the following steps:

step D1: when an application receives a soft token identifier and a first authorization code, calling an SDK (software development kit) to store the soft token identifier, generating a first soft token binding request according to the soft token identifier, a channel identifier and the first authorization code, and sending the first soft token binding request to a server;

step D2: the server receives and analyzes the first soft token binding request to obtain a soft token identifier, a channel identifier and a first authorization code, verifies the first authorization code, binds the channel identifier and the soft token identifier when the verification is passed, generates a first activation password, obtains a stored activation factor, encrypts the activation factor by using the first activation password to obtain a first activation code, and sends the first activation code and the first activation password to the application;

step D3: the application receives the first activation code and the first activation password, and calls the SDK by taking the first activation code and the first activation password as parameters;

step D4: the SDK decrypts the first activation code by using the first activation password to obtain an activation factor, correspondingly stores the activation factor and the soft token identifier, obtains a PIN code, and generates a soft token seed according to the activation factor, the soft token identifier and the obtained PIN code;

step D5: the SDK generates activation confirmation information and a dynamic factor, generates a first OTP according to the dynamic factor and the soft token seed, and sends the soft token identification, the activation confirmation information and the first OTP to the application;

step D6: the application receives the soft token identification, the activation confirmation information and the first OTP, and sends a first authentication request containing the soft token identification, the activation confirmation information, the first OTP and the channel identification to the server;

step D7: the server receives and analyzes the first authentication request to obtain activation confirmation information, a first OTP and a channel identifier, generates a soft token seed according to a stored activation factor, a soft token identifier and a PIN code, generates a dynamic factor, authenticates the first OTP according to the dynamic factor and the soft token seed to generate an authentication result, and sends a first authentication response containing the authentication result to the application;

step D8: the application receives and analyzes the first authentication response to obtain an authentication result, judges the type of the authentication result, if the authentication result is an authentication success result, ends the authentication, and if the authentication result is an authentication failure result, calls the SDK to delete the stored activation factor and the soft token identifier;

In a fourth aspect, the present invention provides an electronic device, comprising: a processor and a memory;

a memory for storing a computer program;

a processor for executing a memory-stored computer program to implement the method of generating a soft token seed of the present application.

In a fifth aspect, the present invention provides a computer readable storage medium for storing a computer program which, when run on a computer, causes the computer to perform the method of generating a soft token seed of the present application.

The invention provides a method, a system and electronic equipment for generating a soft token seed, which avoid the leakage of the soft token seed caused by malicious attack of local application, ensure the security of a password, and realize the synchronization of the soft token seed by synchronizing applications with trustable data for generating the soft token seed through a server.

Drawings

Fig. 1 is a flowchart of a method for generating a soft token seed according to embodiment 1 of the present invention;

fig. 2 is a flowchart of a method for generating a soft token seed according to embodiment 2 of the present invention;

fig. 3 is a flowchart of a method for generating a soft token seed according to embodiment 2 of the present invention;

fig. 4 is a block diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

The present application provides a method for generating a soft token seed, and the following detailed description is made in conjunction with the accompanying drawings. Examples of which are illustrated in the accompanying drawings. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.

It will be understood by those within the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.

In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention are described in further detail below with reference to the accompanying drawings.

Example 1

Embodiment 1 of the present invention provides a method for generating a soft token seed, as shown in fig. 1, including the following steps:

step 101: when the application receives the soft token identification and the first authorization code, calling a Software Development Kit (SDK) to store the soft token identification, generating a first soft token binding request according to the soft token identification, the channel identification and the first authorization code, and sending the first soft token binding request to the server;

step 102: when the application receives a first activation code and a first activation password sent by the server, the SDK is called by taking the first activation code and the first activation password as parameters;

step 104: the SDK generates activation confirmation information and a dynamic factor, generates a first OTP according to the dynamic factor and the soft token seed, and sends a soft token identifier, the activation confirmation information and the first OTP to the application;

optionally, in this embodiment, the dynamic factor is specifically: a temporal, event, or challenge value;

step 106: when the application receives a first authentication response sent by the server, analyzing the first authentication response to obtain an authentication result, judging the type of the authentication result, if the authentication result is a successful authentication result, ending, if the authentication result is a failed authentication result, calling the SDK to delete the stored activation factor and the soft token identifier;

the soft token identification and the activation factor are generated by the application that first binds the soft token for synchronizing the applications to which the soft token is to be bound.

Optionally, in this embodiment, the method further includes:

step S1: when the application is called, displaying an authorization interface, receiving a PIN code input by a user, and calling the SDK by taking the PIN code input by the user as a parameter;

step S2: the SDK acquires the stored dynamic factor and the soft token identification, generates a soft token seed according to the dynamic factor, the soft token identification and the PIN code input by the user, generates a dynamic factor, generates a second OTP according to the dynamic factor and the soft token seed, and returns the second OTP to the application;

step S3: and the application generates a second authentication request for acquiring the first authorization code from the server according to the channel identifier of the application and the second OTP, and sends the second authentication request to the server.

Optionally, in this embodiment, in step S1, when the application is called, the authorization interface is displayed, specifically: displaying an authorization interface when the application receives a channel identifier of the third-party application sent by the third-party application;

step S3 is followed by: when the application receives a second authentication response sent by the server, the second authentication response is analyzed to obtain a first authorization code, the SDK is called to obtain a soft token identifier stored in the SDK, and the first authorization code and the soft token identifier are sent to the third-party application.

Optionally, in this embodiment, in step S1, when the application is called, the authorization interface is displayed, specifically: and displaying an authorization interface when the application receives an authorization message pushed by the server.

Optionally, in this embodiment, before step 101, further includes: the application detects whether the user has bound the soft token, if yes, step 101 is executed, otherwise, steps M1 to M9 are executed;

step M1: the application receives a PIN code input by a user, calls the SDK to store the PIN code input by the user, acquires stored user information and a channel identifier of the application, sends a PIN code setting request containing the PIN code input by the user, the user information and the channel identifier to the server, receives a PIN code setting success response sent by the server, and sends a verification code acquisition request containing the verification code request to the server;

step M2: the application receives and analyzes the verification code acquisition response sent by the server to obtain a second activation password, and the SDK is called by taking the second activation password as a parameter;

step M3: the SDK stores the second activation password, generates and stores a soft token identifier, and returns the soft token identifier to the application;

step M4: the application generates a second soft token binding request according to the user information, the channel identifier and the soft token identifier, and sends the second soft token binding request to the server;

step M5: the application receiving server sends a second activation code, and the second activation code is used as a parameter to call the SDK;

step M6: the SDK decrypts the second activation code by using the stored second activation code to obtain and store an activation factor, and generates a soft token seed according to the activation factor, the stored soft token identifier and the PIN code;

step M7: the SDK generates activation confirmation information and a dynamic factor, generates a third OTP according to the dynamic factor and the soft token seed, and sends the soft token identification, the activation confirmation information and the third OTP to the application;

step M8: the application receives the soft token identification, the activation confirmation information and the third OTP sent by the SDK, and sends a third authentication request containing the user information, the soft token identification, the activation confirmation information, the third OTP and the channel identification to the server;

step M9: and the application receives and analyzes the third authentication response sent by the server to obtain an authentication result, judges the type of the authentication result, if the authentication result is an authentication success result, ends the authentication, and if the authentication result is an authentication failure result, calls the SDK to delete the stored activation factor and the soft token identifier.

Optionally, in this embodiment, the detecting, by the application, whether the user has bound the soft token specifically includes:

step A1: an application sends a detection request containing user information to a server;

step A2: the server receives a detection request sent by the application, searches for a corresponding soft token identifier according to user information in the detection request, generates a successful detection result and sends the successful detection result to the application if the soft token identifier is found, and generates a failed detection result and sends the failed detection result to the application if the soft token identifier is not found;

step A3: and the application receives the detection result sent by the server, judges the type of the detection result, judges that the user is bound with the soft token if the detection result is successful, and judges that the user is not bound with the soft token if the detection result is failed.

Optionally, in this embodiment, the method further includes:

step B1: the application receives an original PIN code and a new PIN code input by a user, and calls the SDK by taking the original PIN code input by the user as a parameter;

step B2: the SDK acquires the stored activation factor and soft token identification, generates a soft token seed according to the activation factor, the soft token identification and the original PIN code, generates a dynamic factor, generates a fourth OTP according to the dynamic factor and the soft token seed, and sends the fourth OTP to the application;

step B3: the application receives the fourth OTP sent by the SDK and sends a PIN code modification request containing the fourth OTP and the new PIN code to the server;

step B4: and the application receives the modification result sent by the server and executes corresponding operation according to the modification result.

Optionally, in this embodiment, the method further includes:

step C1: the application receives the authentication mode selected by the user, judges the type of the authentication mode, if the authentication mode is PIN code authentication, executes the step C2, if the authentication mode is biological information authentication, executes the step C7;

step C2: the application waits for receiving a PIN code input by a user, and when the PIN code input by the user is received, the SDK is called by taking the PIN code input by the user as a parameter;

step C3: the SDK acquires a stored activation factor, generates a soft token seed according to the activation factor, the PIN code input by the user and the stored soft token identification, generates a dynamic factor, generates a fifth OTP according to the dynamic factor and the soft token seed, sends the fifth OTP to the application, and executes step C8;

step C4: the application sends a PIN code state inquiry request containing user information to a server;

step C5: the application receives a query response sent by the server, and calls the SDK by taking the PIN timestamp in the query response as a parameter;

step C6: the SDK judges whether the incoming PIN time stamp is consistent with the PIN time stamp stored in the SDK, if so, the step C7 is executed, otherwise, the operation is finished;

step C7: the SDK callback application acquires the biological information of the user, authenticates the biological information of the user, generates a soft token seed according to the stored PIN code, the activation factor and the soft token identification if the authentication is successful, generates a dynamic factor, generates a fifth OTP according to the dynamic factor and the soft token seed and sends the fifth OTP to the application, and executes step C8, if the authentication is failed, the operation is finished;

step C8: the application receives a fifth OTP sent by the SDK and sends a fourth authentication request containing the user information, the channel identification of the application and the fifth OTP to the server;

step C9: and the application receives and analyzes the fourth authentication response sent by the server to obtain an authentication result, and executes corresponding operation according to the authentication result.

Embodiment 1 of the present invention further provides a method for generating a soft token seed, including the following steps:

when the server receives a first soft token binding request, analyzing the first soft token binding request to obtain a soft token identifier, a channel identifier and a first authorization code, verifying the first authorization code, binding the channel identifier and the soft token identifier when the verification is passed, generating a first activation password, obtaining a stored activation factor, encrypting the activation factor by using the first activation password to obtain a first activation code, and sending the first activation code and the first activation password to the application;

when the server receives a first authentication request sent by the application, the server analyzes the first authentication request to obtain activation confirmation information, a first OTP and a channel identifier, generates a soft token seed according to a stored activation factor, a stored soft token identifier and a PIN code, generates a dynamic factor, authenticates the first OTP according to the dynamic factor and the soft token seed to generate an authentication result, and sends a first authentication response containing the authentication result to the application;

the soft token identification and the activation factor are generated by the application that first binds the soft token for synchronizing the application to which the soft token is to be bound.

Optionally, in this embodiment, the method further includes: when the server receives a second authentication request sent by the application, the second authentication request is analyzed to obtain a channel identifier and a second OTP, a soft token seed is generated according to the stored activation factor, the soft token identifier and the PIN code, a dynamic factor is generated, the second OTP is authenticated according to the dynamic factor and the soft token seed, when the authentication is successful, an authentication success result and a first authorization code are generated, the channel identifier and the first authorization code are correspondingly stored, a second authentication response containing the authentication success result and the first authorization code is sent to the application, when the authentication is failed, an authentication failure result is generated, and a second authentication response containing the authentication failure result is sent to the application.

Optionally, in this embodiment, when the server receives a PIN code setting request sent by the application, the PIN code setting request is analyzed to obtain a PIN code, user information, and a channel identifier, the PIN code, the user information, and the channel identifier are stored correspondingly, and a PIN code setting success response is sent to the application;

when receiving an authentication code acquisition request sent by an application, a server generates a second activation password, stores the second activation password in correspondence with user information in the authentication code acquisition request, and sends an authentication code acquisition response containing the second activation password to the application;

when the server receives a second soft token binding request sent by the application, the second soft token binding request is analyzed to obtain user information, a channel identifier and a soft token identifier, the channel identifier is verified, when the verification is passed, an activation factor is generated and stored corresponding to the user information, the channel identifier and the soft token identifier, the activation factor is encrypted by using a stored second activation code to obtain a second activation code, and the second activation code is sent to the application;

when the server receives a third authentication request sent by the application, the third authentication request is analyzed to obtain user information, a channel identifier, a soft token identifier, activation confirmation information and a third OTP, the stored channel identifier, a PIN code and an activation factor are obtained according to the user information, the channel identifier in the third authentication request is authenticated according to the obtained channel identifier, a soft token seed is generated according to the soft token identifier, the PIN code and the activation factor, the third OTP is authenticated according to the soft token seed to generate an authentication result, and a third authentication response containing the authentication result is sent to the application.

step D1: when the application receives the soft token identification and the first authorization code, calling the SDK to store the soft token identification, generating a first soft token binding request according to the soft token identification, the channel identification and the first authorization code, and sending the first soft token binding request to the server;

step D2: the server receives and analyzes a first soft token binding request to obtain a soft token identifier, a channel identifier and a first authorization code, verifies the first authorization code, binds the channel identifier and the soft token identifier when the verification is passed, generates a first activation code, obtains a stored activation factor, encrypts the activation factor by using the first activation code to obtain a first activation code, and sends the first activation code and the first activation code to the application;

step D3: the application receives a first activation code and a first activation password, and calls the SDK by taking the first activation code and the first activation password as parameters;

step D5: the SDK generates activation confirmation information and a dynamic factor, generates a first OTP according to the dynamic factor and the soft token seed, and sends a soft token identifier, the activation confirmation information and the first OTP to the application;

step D7: the server receives and analyzes the first authentication request to obtain activation confirmation information, a first OTP and a channel identifier, generates a soft token seed according to the stored activation factor, the soft token identifier and the PIN code, generates a dynamic factor, authenticates the first OTP according to the dynamic factor and the soft token seed to generate an authentication result, and sends a first authentication response containing the authentication result to the application;

The embodiment provides a method for generating a soft token seed, wherein the local application does not store the soft token seed, but stores data for generating the soft token seed in an SDK, the SDK is solely responsible for data security, and the soft token seed is temporarily generated by the SDK according to the locally stored data and a PIN code input by a user when a password is generated. By adopting the method of the embodiment, the leakage of the soft token seed caused by the malicious attack of the local application is avoided, the security of the password is ensured, and the synchronization of the soft token seed is realized by synchronizing the applications with trustable data for generating the soft token seed through the server.

Example 2

Embodiment 2 of the present invention provides a method for generating a soft token seed, as shown in fig. 2, including the following steps:

step N1: when the application is called, displaying an authorization interface, receiving a PIN code input by a user, and calling the SDK by taking the PIN code input by the user as a parameter;

step N2: the SDK acquires the stored dynamic factor and the soft token identification, generates a soft token seed according to the dynamic factor, the soft token identification and the PIN code input by the user, generates a dynamic factor, generates a second OTP according to the dynamic factor and the soft token seed, and returns the second OTP to the application;

step N3: the application generates a second authentication request for acquiring the first authorization code from the server according to the channel identifier of the application and the second OTP, and sends the second authentication request to the server;

step N4: the server analyzes the second authentication request to obtain a channel identifier and a second OTP, and generates a soft token seed according to the stored activation factor, the soft token identifier and the PIN code;

step N5: the server generates a dynamic factor, authenticates the second OTP according to the dynamic factor and the soft token seed, generates an authentication success result and a first authorization code when the authentication is successful, correspondingly stores the channel identifier and the first authorization code, and sends a second authentication response containing the authentication success result and the first authorization code to the application;

step N6: and the application receives and analyzes the second authentication response to obtain an authentication success result and a first authorization code, calls the SDK to obtain a soft token identifier stored in the SDK, and sends the first authorization code and the soft token identifier to the outside.

Optionally, in this embodiment, as shown in fig. 3, the method further includes:

step M1: the application receives a PIN code input by a user, calls the SDK to store the PIN code input by the user, acquires stored user information and a channel identifier, and sends a PIN code setting request containing the PIN code input by the user, the user information and the channel identifier to the server;

step M2: the server analyzes the request for setting the PIN code to obtain the PIN code, the user information and the channel identifier, correspondingly stores the PIN code, the user information and the channel identifier, and sends a successful response for setting the PIN code to the application;

optionally, in this embodiment, step M2 specifically includes: the server analyzes the request for setting the PIN code to obtain the PIN code, the user information and the channel identification, judges whether the user information in the request for setting the PIN code exists or not, if so, correspondingly stores the PIN code, the user information and the channel identification, sends a response for successfully setting the PIN code to the application, and otherwise, finishes;

step M3: the application receives a PIN code setting success response sent by the server, and sends a verification code obtaining request containing user information to the server;

step M4: the server generates a second activation password, stores the second activation password corresponding to the user information in the verification code acquisition request, and sends verification code acquisition response containing the second activation password to the application;

step M5: the application receives and analyzes the response of obtaining the authorization code sent by the server to obtain a second activation password, and the SDK is called by taking the second activation password as a parameter;

step M6: the SDK stores the second activation password, generates and stores a soft token identifier, and returns the soft token identifier to the application;

step M7: the application generates a second soft token binding request according to the user information, the channel identifier and the soft token identifier, and sends the second soft token binding request to the server;

step M8: the server receives and analyzes the second soft token binding request to obtain user information, a channel identifier and a soft token identifier, verifies the channel identifier, generates an activation factor when the verification is passed, stores the activation factor corresponding to the user information, the channel identifier and the soft token identifier, encrypts the activation factor by using a stored second activation password to obtain a second activation code, and sends the second activation code to the application;

step M9: the application receiving server sends a second activation code, and the second activation code is used as a parameter to call the SDK;

step M10: the SDK decrypts the second activation code by using the stored second activation code to obtain and store an activation factor, and generates a soft token seed according to the activation factor, the stored soft token identifier and the PIN code;

step M11: the SDK generates activation confirmation information and a dynamic factor, generates a third OTP according to the dynamic factor and the soft token seed, and sends the soft token identification, the activation confirmation information and the third OTP to the application;

step M12: the application receives the soft token identification, the activation confirmation information and the third OTP sent by the SDK, and sends a third authentication request containing the user information, the soft token identification, the activation confirmation information, the third OTP and the channel identification to the server;

step M13: the server receives and analyzes the third authentication request to obtain user information, a channel identifier, a soft token identifier, activation confirmation information and a third OTP, acquires a stored channel identifier, a PIN code and an activation factor according to the user information, authenticates the channel identifier in the third authentication request according to the acquired channel identifier, generates a soft token seed according to the soft token identifier, the PIN code and the activation factor, authenticates the third OTP according to the soft token seed to generate an authentication result, and sends a third authentication response containing the authentication result to the application;

step M14: and the application receives and analyzes the third authentication response sent by the server to obtain an authentication result, judges the type of the authentication result, if the authentication result is an authentication success result, ends the authentication, and if the authentication result is an authentication failure result, calls the SDK to delete the stored activation factor and the soft token identifier.

Example 3

Embodiment 3 of the present invention provides a method for generating a soft token seed, where an application to which a soft token is bound and an application to which a soft token is to be bound run on the same device, and the application to which the soft token is bound and the application to which the soft token is to be bound are integrated with an SDK, respectively. The method comprises the following steps:

step 201: the application to be bound with the soft token calls the application bound with the soft token through a second channel identifier;

optionally, in this embodiment, the application to which the soft token is bound and the application to which the soft token is to be bound run on the same device;

optionally, in this embodiment, the second channel identifier is used to uniquely identify the application of the soft token to be bound;

optionally, in this embodiment, before step 201, the method further includes: detecting whether the user is bound with the soft token by the application to be bound with the soft token, if so, executing step 201, otherwise, executing the process of binding the soft token;

optionally, in this embodiment, the application to be bound with the soft token detects whether the user has bound the soft token, specifically:

step A1: an application to be bound with a soft token sends a detection request containing user information to a server;

step A2: the server receives a detection request sent by the application of the soft token to be bound, searches the corresponding soft token according to the user information in the detection request, generates a successful detection result and sends the successful detection result to the application of the soft token to be bound if the successful detection result is found, and generates a failed detection result and sends the failed detection result to the application of the soft token to be bound if the successful detection result is not found;

optionally, in this embodiment, the soft token includes a soft token number and a soft token identifier;

step A3: and the application to be bound with the soft token receives the detection result sent by the server, judges the type of the detection result, acquires the first channel identifier from the detection success result if the detection success result is obtained, and executes the step 201, and executes the process of binding the soft token by the application to which the soft token is bound if the detection failure result is obtained.

For example: the application to be bound with the soft token calls the application through a second channel identifier com.

Step 202: the application bound with the soft token receives and stores a second channel identifier sent by the application to be bound with the soft token, waits for a user to input a PIN (personal identification number) code, and calls the SDK of the application bound with the soft token by taking the PIN code input by the user as a parameter when the PIN code input by the user is received;

optionally, in this embodiment, the invoking of the SDK of the application bound with the soft token with the PIN code input by the user as a parameter specifically includes: the application bound with the soft token calls a binding interface of the SDK of the application bound with the soft token by taking the PIN code input by the user as a parameter;

step 203: the SDK of the application bound with the soft token acquires a stored activation factor, generates a soft token seed according to the activation factor, the soft token identification and the PIN code input by the user, generates a dynamic factor, generates a second OTP according to the dynamic factor, the PIN code input by the user and the stored soft token seed, and returns the second OTP to the application bound with the soft token;

for example: the second OTP specifically is: 919321, respectively;

the PIN code input by the user is specifically: 136497, respectively;

step 204: the application bound with the soft token generates a second authentication request according to the user information, the channel identifier and the second OTP, and sends the second authentication request containing the user information, the second channel identifier and the second OTP to the server;

step 205: the server receives and analyzes a second authentication request sent by the application bound with the soft token to obtain user information, a second channel identifier and a second OTP, obtains a stored activation factor, a stored soft token identifier and a stored PIN code according to the user information, generates a soft token seed according to the activation factor, the stored soft token identifier and the stored PIN code, generates a dynamic factor, authenticates the second OTP according to the soft token seed, the stored soft token identifier and the stored PIN code, and executes step 206 when the authentication is successful;

optionally, in this embodiment, step 205 further includes: and ending when the server fails to authenticate the first OTP.

Optionally, in this embodiment, authenticating the second OTP according to the soft token seed, the dynamic factor and the PIN code specifically includes: the server acquires the current time, generates first verification data according to the current time, the soft token seed and the PIN code, judges whether the first verification data is the same as the second OTP, and if so, judges that the authentication is successful, otherwise, judges that the authentication is failed.

Step 206: the server generates a successful authentication result and a first authorization code, correspondingly stores the user information, the second channel identifier and the first authorization code, and sends a second authentication response containing the successful authentication result and the first authorization code to the application bound with the soft token;

for example: the second authentication response specifically is: { response: reauthorization, sharecode:389465 errode: 0}, wherein the successful authentication result specifically is as follows: the authorization, the first authorization code is specifically: 389465, respectively;

step 207: the application bound with the soft token receives and analyzes a first authentication response sent by the server to obtain an authentication success result and a first authorization code, calls the SDK of the application bound with the soft token to obtain a soft token identifier stored in the SDK, and sends the first authorization code and the soft token identifier to the application to be bound with the soft token;

for example: the first authorization code is specifically: 389465, respectively;

the soft token identification is specifically: 26549201459870600002, respectively;

step 208: the application to be bound with the soft token receives a first authorization code and a soft token identifier sent by the application to which the soft token is bound, calls an SDK (software development kit) of the application to be bound with the soft token to store the soft token identifier, generates a first soft token binding request according to user information, the soft token identifier, a second channel identifier and the first authorization code, and sends the first soft token binding request to a server;

optionally, in this embodiment, the step of calling the SDK of the application to which the soft token is to be bound to store the soft token identifier specifically includes: the application of the soft token to be bound calls a binding interface of the SDK of the application of the soft token to be bound to store a soft token identifier;

for example: the first binding request specifically includes:

{procode:bind,

username:test,

udid:26549201459870600002,

channelID:com.ftsafe.app.2,

tokesn:260920210001,

sharecode:389465}；

step 209: the method comprises the steps that a server receives and analyzes a first soft token binding request sent by an application to which a soft token is to be bound to obtain user information, a soft token identifier, a second channel identifier and a first authorization code, the first authorization code and the second channel identifier are verified, when the first authorization code and the second channel identifier are verified to pass, the second channel identifier and the soft token identifier are bound to generate a first activation password, a stored activation factor is obtained, the activation factor is encrypted by using the first activation password to obtain a first activation code, and the first activation code and the first activation password are sent to the application to which the soft token is to be bound;

for example: the first activation password is specifically: 782460, respectively;

the first activate code is specifically: 101190837814200120054601250013260912370001120265492014598706000022, respectively;

step 210: the application to be bound with the soft token receives a first activation code and a first activation password sent by a server, and calls the SDK of the application to be bound with the soft token by taking the first activation code and the first activation password as parameters;

optionally, in this embodiment, the invoking of the SDK of the application to be bound with the soft token with the first activation code and the first activation password as parameters specifically includes: the application to be bound with the soft token calls a generation interface of the SDK of the application to be bound with the soft token by taking the first activation code and the first activation password as parameters;

step 211: the SDK of the application to be bound with the soft token decrypts the first activation code by using the first activation code to obtain an activation factor, and correspondingly stores the activation factor and the soft token identifier;

step 212: the method comprises the steps that an SDK of an application to be bound with a soft token generates activation confirmation information and a dynamic factor, a first OTP is generated according to the dynamic factor, a stored PIN code and the activation factor, and a soft token identifier, the activation confirmation information and the first OTP are sent to the application to be bound with the soft token;

step 213: the application to be bound with the soft token receives the soft token identifier, the activation confirmation information and the first OTP, and sends a first authentication request containing the user information, the soft token identifier, the activation confirmation information, the first OTP and the channel identifier to the server;

step 214: the method comprises the steps that a server receives and analyzes a second authentication request sent by an application to which a soft token is to be bound to obtain user information, a soft token identifier, activation confirmation information, a first OTP and a second channel identifier, a channel identifier, an activation factor and a PIN code corresponding to the user information are obtained, the second channel identifier is authenticated according to the obtained channel identifier, a soft token seed is generated according to the channel identifier, the activation factor and the PIN code, a dynamic factor is generated, the first OTP is authenticated according to the soft token seed, the dynamic factor and the PIN code to generate an authentication result, and a first authentication response containing the authentication result is sent to the application to which the soft token is to be bound;

step 215: and the application to be bound with the soft token receives and analyzes the first authentication response sent by the server to obtain an authentication result, judges the type of the authentication result, if the authentication result is a successful authentication result, ends the authentication, and if the authentication result is a failed authentication result, calls the SDK of the application to be bound with the soft token to delete the stored dynamic factor and the soft token identifier.

The process of modifying the PIN code comprises the following steps:

step 401: the application receives an original PIN code and a new PIN code input by a user, and calls the SDK by taking the original PIN code input by the user as a parameter;

step 402: the SDK acquires the stored soft token identification and the activation factor, generates a soft token seed according to the original PIN code, the soft token identification and the activation factor, generates a dynamic factor, generates a fourth OTP according to the dynamic factor and the soft token seed, and sends the fourth OTP to the application;

step 403: the application receives the fourth OTP sent by the SDK and sends a PIN code modification request containing the fourth OTP and the new PIN code to the server;

step 404: the server receives a PIN code modification request sent by the application to obtain a fourth OTP and a new PIN code, generates a soft token seed according to the stored PIN code, the soft token identifier and the activation factor, generates a dynamic factor, verifies the fourth OTP according to the soft token seed and the dynamic factor, if the verification is passed, stores the new PIN code and generates a modification success result, returns the modification success result to the application, and if the verification is not passed, deletes the new PIN code and generates a modification failure result, and returns the modification failure result to the application;

step 405: and the application receives the modification result sent by the server and executes corresponding operation according to the modification result.

The OTP authentication process comprises the following steps:

step 501: the application receives the authentication mode selected by the user, judges the type of the authentication mode, if the authentication mode is PIN code authentication, executes step 502, if the authentication mode is biological information authentication, executes step 504;

step 502: the application waits for receiving a PIN code input by a user, and when the PIN code input by the user is received, the SDK is called by taking the PIN code input by the user as a parameter;

step 503: the SDK acquires the stored activation factor and soft token identification, generates a soft token seed according to the activation factor, the soft token identification and the PIN code input by the user, generates a dynamic factor, generates a fifth OTP according to the dynamic factor and the soft token seed, sends the fifth OTP to the application, and executes step 508;

step 504: the application sends a PIN code state inquiry request containing user information to a server;

step 505: the server receives a PIN state query request sent by the application, acquires a PIN timestamp according to user information in the PIN state query request, and sends a query response containing the PIN timestamp to the application;

step 506: the application receives a query response sent by the server, and calls the SDK by taking the PIN timestamp in the query response as a parameter;

step 507: the SDK judges whether the incoming PIN time stamp is consistent with the PIN time stamp stored in the SDK, if so, step 508 is executed, otherwise, the process is ended;

step 508: the SDK callback application acquires the biometric information of the user, authenticates the biometric information of the user, generates a soft token seed according to the stored PIN code, the activation factor, and the soft token identifier if the authentication is successful, generates a dynamic factor, generates a fifth OTP according to the dynamic factor and the soft token seed, and sends the fifth OTP to the application, and performs step 509, if the authentication is failed, the process is ended;

step 509: the application receives a fifth OTP sent by the SDK and sends a fourth authentication request containing the user information, the channel identification of the application and the fifth OTP to the server;

step 510: the server receives and analyzes a fourth authentication request sent by the application to obtain user information, a channel identifier and a fifth OTP, obtains a channel identifier, a PIN code, an activation factor and a soft token identifier corresponding to the user information, authenticates the channel identifier in the fourth authentication request according to the obtained channel identifier, generates a soft token seed according to the PIN code, the activation factor and the soft token identifier, generates a dynamic factor, authenticates the fifth OTP according to the soft token seed and the dynamic factor to generate an authentication result, and sends a fourth authentication response containing the authentication result to the application;

step 511: and the application receives and analyzes the fourth authentication response sent by the server to obtain an authentication result, and executes corresponding operation according to the authentication result.

Example 4

The embodiment 4 of the invention provides a method for generating a soft token seed, wherein an application bound with a soft token and an application to be bound with the soft token run on different devices, and the application bound with the soft token and the application to be bound with the soft token are respectively integrated with an SDK. The method comprises a PIN code synchronizing process, a soft token binding process, a PIN code modifying process and an OTP authentication process;

the process of synchronizing the PIN codes comprises the following steps:

step 601: an application to be bound with a soft token sends an authorization request containing a first channel identifier, a second channel identifier and the soft token identifier to a server;

optionally, in this embodiment, the first channel identifier is used to uniquely identify the application to which the soft token is bound, and the second channel identifier is used to uniquely identify the application to which the soft token is to be bound;

optionally, in this embodiment, before step 601, the method further includes: detecting whether the user is bound with the soft token by the application to be bound with the soft token, if so, executing the step 601, otherwise, executing the process of binding the soft token by the user;

step A3: and the application to be bound with the soft token receives the detection result sent by the server, judges the type of the detection result, acquires the first channel identifier from the detection success result if the detection success result is obtained, and executes step 201, and executes the process of binding the soft token if the detection failure result is obtained.

Step 602: the method comprises the steps that a server receives and analyzes an authorization request sent by an application to be bound with a soft token to obtain a first channel identifier, a second channel identifier and the soft token identifier, the first channel identifier, the second channel identifier and the soft token identifier are correspondingly stored, and an authorization message is pushed to the application bound with the soft token;

step 603: the application bound with the soft token receives an authorization message pushed by a server, invokes an authorization authentication interface, waits for a user to input a PIN code, and calls the SDK of the application bound with the soft token by taking the PIN code input by the user as a parameter when receiving the PIN code input by the user;

step 604: the SDK of the application bound with the soft token acquires the current time, generates a second OTP according to the current time, the PIN code input by the user and the stored soft token seed, and returns the second OTP to the application bound with the soft token;

step 605: the application bound with the soft token generates a second authentication request according to the user information, the channel identifier and the second OTP, and sends the second authentication request containing the user information, the second channel identifier and the second OTP to the server;

step 606: the server receives and analyzes a second authentication request sent by the application bound with the soft token to obtain user information, a second channel identifier and a second OTP, obtains a soft token seed and a PIN code according to the user information, authenticates the second OTP according to the obtained soft token seed and the PIN code, and executes step 607 when the authentication is successful;

step 607: the server generates an authentication success result and a first authorization code, correspondingly stores the user information, the second channel identifier and the first authorization code, acquires the stored soft token identifier, and sends a second authentication response containing the soft token identifier, the authentication success result and the first authorization code to the application to which the soft token is to be bound;

step 608: the application to be bound with the soft token receives and analyzes a first authentication response sent by the server to obtain a soft token identifier, an authentication success result and a first authorization code, calls the SDK to store the soft token identifier, generates a first soft token binding request according to the user information, the soft token identifier, a second channel identifier and the first authorization code, and sends the first soft token binding request to the server;

step 609: the method comprises the steps that a server receives and analyzes a first soft token binding request sent by an application to which a soft token is to be bound to obtain user information, a soft token identifier, a second channel identifier and a first authorization code, the first authorization code and the second channel identifier are verified, when the first authorization code and the second channel identifier are verified to pass, the second channel identifier and the soft token identifier are bound to generate a first activation password, a stored activation factor is obtained, the activation factor is encrypted by using the first activation password to obtain a first activation code, and the first activation code and the first activation password are sent to the application to which the soft token is to be bound;

step 610: the application to be bound with the soft token receives a first activation code and a first activation password sent by a server, and calls the SDK by taking the first activation code and the first activation password as parameters;

step 611: the SDK decrypts the first activation code by using the first activation code to obtain an activation factor, generates a soft token seed according to the activation factor, the stored soft token identifier and the PIN code, and correspondingly stores the soft token seed and the soft token identifier;

step 612: the SDK generates activation confirmation information, generates a first OTP according to the PIN code and the soft token seed, and sends a soft token identifier, the activation confirmation information and the first OTP to an application to be bound with the soft token;

step 613: the application to be bound with the soft token receives the soft token identifier, the activation confirmation information and the first OTP, and sends a first authentication request containing the user information, the soft token identifier, the activation confirmation information, the first OTP and the channel identifier to the server;

step 614: the server receives and analyzes a second authentication request sent by the application to which the soft token is to be bound to obtain user information, a soft token identifier, activation confirmation information, a first OTP and a second channel identifier, acquires a channel identifier and a PIN code corresponding to the user information, authenticates the second channel identifier according to the acquired channel identifier, authenticates the first OTP according to the acquired soft token seed and the PIN code to generate an authentication result, and sends a first authentication response containing the authentication result to the application to which the soft token is to be bound;

step 615: and the application to be bound with the soft token receives and analyzes the first authentication response sent by the server to obtain an authentication result, judges the type of the authentication result, if the authentication result is a successful authentication result, ends the authentication, and if the authentication result is a failed authentication result, calls the SDK to delete the stored soft token seed and the soft token identifier.

The process of binding the soft token, the process of modifying the PIN code, and the process of OTP authentication are the same as those of synchronizing the PIN code in embodiment 3, and are not described herein again.

The invention also provides an electronic device, as shown in fig. 4, which shows a schematic structural diagram of an electronic device (for example, an application in embodiment 1) 400 suitable for implementing embodiments of the present application. The devices in the embodiments of the present application may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., car navigation terminals), and the like, and fixed terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.

As shown in fig. 4, the apparatus 400 may include a processing device (e.g., central processing unit, graphics processor, etc.) 401 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM) 402 or a program loaded from a storage device 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data necessary for the operation of the electronic apparatus 400 are also stored. The processing device 401, the ROM 402, and the RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.

Generally, the following devices may be connected to the I/O interface 405: input devices 406 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 407 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 408 including, for example, tape, hard disk, etc.; and a communication device 409. The communication means 409 may allow the device 400 to communicate with other devices, either wirelessly or by wire, to exchange data. While fig. 4 illustrates an apparatus 400 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.

In particular, according to embodiments of the application, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication device 409, or from the storage device 408, or from the ROM 402. The computer program, when executed by the processing device 401, performs the above-described functions defined in the methods of the embodiments of the present application.

It should be noted that the computer readable medium mentioned above in the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.

The computer readable medium may be embodied in the apparatus; or may be separate and not incorporated into the device.

The computer readable medium carries one or more programs which, when executed by the apparatus, enable the apparatus to perform the method for hardware device seed key backup in the above embodiments.

Computer program code for carrying out operations for aspects of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units described in the embodiments of the present application may be implemented by software or hardware. Where the name of an element does not in some cases constitute a limitation on the element itself.

The electronic device provided by the present application is applicable to any embodiment of the method for generating a soft token seed of the present application, and is not described herein again.

The invention provides electronic equipment, which avoids leakage of soft token seeds caused by malicious attack of local applications, ensures the security of passwords, and realizes the synchronization of the soft token seeds by synchronizing applications with trustable data for generating the soft token seeds through a server.

The present application provides a computer-readable storage medium storing computer instructions for causing a computer to perform the method of generating soft token seeds as shown in the above embodiments.

The computer-readable storage medium provided in the present application is suitable for any embodiment of the above method for generating a soft token seed, and is not described herein again.

A computer program product is provided which, when run on a computer, causes the computer to perform the method of generating a soft token seed of the present application.

The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all such changes or substitutions should be covered by the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims

1. A method of generating a soft token seed, comprising the steps of:

step 101: when an application receives a soft token identifier and a first authorization code, calling an SDK (software development kit) to store the soft token identifier, generating a first soft token binding request according to the soft token identifier, a channel identifier of the application and the first authorization code, and sending the first soft token binding request to a server; the channel identification is used for identifying different applications, and each application corresponds to a unique channel identification;

2. The method of claim 1, wherein step 106 is further followed by:

step S2: the SDK acquires the stored activation factor and soft token identification, generates soft token seeds according to the activation factor, the soft token identification and a PIN code input by a user, generates dynamic factors, generates a second OTP according to the dynamic factors and the soft token seeds, and returns the second OTP to the application;

3. The method according to claim 2, wherein in step S1, when the application is invoked, an authorization interface is displayed, specifically: displaying an authorization interface when the application receives a channel identifier of the third-party application sent by the third-party application;

the step S3 is followed by: when the application receives a second authentication response sent by the server, the second authentication response is analyzed to obtain a first authorization code, the SDK is called to obtain a soft token identifier stored in the SDK, and the first authorization code and the soft token identifier are sent to the third-party application.

4. The method according to claim 2, wherein in step S1, when the application is invoked, an authorization interface is displayed, specifically: and displaying an authorization interface when the application receives the authorization message pushed by the server.

5. The method of claim 1, wherein step 101 is preceded by: the application detects whether the user has bound the soft token, if yes, step 101 is executed, otherwise, steps M1 to M9 are executed;

step M1: the application receives a PIN code input by a user, calls the SDK to store the PIN code input by the user, acquires stored user information and a channel identifier of the application, sends a PIN code setting request comprising the PIN code input by the user, the user information and the channel identifier to the server, receives a PIN code setting success response sent by the server, and sends a verification code acquisition request to the server;

step M2: the application receives and analyzes the verification code obtaining response sent by the server to obtain a second activation password, and the SDK is called by taking the second activation password as a parameter;

step M5: the application receives a second activation code sent by the server, and calls the SDK by taking the second activation code as a parameter;

step M6: the SDK decrypts the second activation code by using a stored second activation password to obtain an activation factor and stores the activation factor, and generates a soft token seed according to the activation factor, the stored soft token identifier and the PIN code;

step M7: the SDK generates activation confirmation information and a dynamic factor, generates a third OTP according to the dynamic factor and the soft token seed, and sends a soft token identifier, the activation confirmation information and the third OTP to the application;

step M8: the application receives the soft token identifier, the activation confirmation information and the third OTP sent by the SDK, and sends a third authentication request containing user information, the soft token identifier, the activation confirmation information, the third OTP and a channel identifier to the server;

6. The method of claim 5, wherein the application detecting whether the user has bound the soft token specifically comprises:

step A1: the application sends a detection request containing user information to the server;

step A2: the server receives a detection request sent by the application, searches for a corresponding soft token identifier according to user information in the detection request, generates a detection success result and sends the detection success result to the application if the detection success result is found, and generates a detection failure result and sends the detection failure result to the application if the detection failure result is not found;

7. The method of claim 1, wherein the method further comprises:

step B3: the application receives a fourth OTP sent by the SDK and sends a PIN code modification request containing the fourth OTP and the new PIN code to the server;

8. The method of claim 1, wherein the method further comprises:

step C1: the application receives an authentication mode selected by a user, judges the type of the authentication mode, if the authentication mode is PIN code authentication, executes step C2, and if the authentication mode is biological information authentication, executes step C4;

step C3: the SDK acquires a stored activation factor, generates a soft token seed according to the activation factor, a PIN code input by a user and a stored soft token identifier, generates a dynamic factor, generates a fifth OTP according to the dynamic factor and the soft token seed, sends the fifth OTP to the application, and executes step C8;

step C4: the application sends a PIN code state inquiry request containing user information to the server;

step C5: the application receives a query response sent by the server, and calls the SDK by taking a PIN time stamp in the query response as a parameter;

step C7: the SDK calls back the application to acquire biological information of the user, authenticates the biological information of the user, generates a soft token seed according to the stored PIN code, the activation factor and the soft token identification if the authentication is successful, generates a dynamic factor, generates a fifth OTP according to the dynamic factor and the soft token seed and sends the fifth OTP to the application, and executes step C8, if the authentication is failed, the operation is finished;

step C8: the application receives a fifth OTP sent by the SDK and sends a fourth authentication request containing user information, a channel identifier of the application and the fifth OTP to the server;

9. A method of generating a soft token seed, comprising the steps of:

step D1: when an application receives a soft token identifier and a first authorization code, calling an SDK (software development kit) to store the soft token identifier, generating a first soft token binding request according to the soft token identifier, a channel identifier of the application and the first authorization code, and sending the first soft token binding request to a server; the channel identification is used for identifying different applications, and each application corresponds to a unique channel identification;

10. The method of claim 9, wherein said step D8 is further followed by:

step E1: when the application is called, displaying an authorization interface, receiving a PIN code input by a user, and calling the SDK by taking the PIN code input by the user as a parameter;

step E2: the SDK acquires the stored activation factor and soft token identification, generates soft token seeds according to the activation factor, the soft token identification and a PIN code input by a user, generates dynamic factors, generates a second OTP according to the dynamic factors and the soft token seeds, and returns the second OTP to the application;

step E3: the application generates a second authentication request for acquiring a first authorization code from the server according to the channel identifier of the application and the second OTP, and sends the second authentication request to the server;

step E4: when receiving a second authentication request sent by the application, the server analyzes the second authentication request to obtain a channel identifier and a second OTP, generates a soft token seed according to the stored activation factor, soft token identifier and PIN code, generates a dynamic factor, authenticates the second OTP according to the dynamic factor and the soft token seed, and executes step E5 when the authentication is successful;

step E5: the server generates a successful authentication result and a first authorization code, correspondingly stores the channel identifier and the first authorization code, and sends a second authentication response containing the successful authentication result and the first authorization code to the application.

11. The method of claim 9, wherein the method further comprises:

step F1: the application receives an original PIN code and a new PIN code input by a user, and calls the SDK by taking the original PIN code input by the user as a parameter;

step F2: the SDK acquires a stored soft token identifier and an activation factor, generates a soft token seed according to the original PIN code, the soft token identifier and the activation factor, generates a dynamic factor, generates a fourth OTP according to the dynamic factor and the soft token seed, and sends the fourth OTP to the application;

step F3: the application receives a fourth OTP sent by the SDK and sends a PIN code modification request containing the fourth OTP and the new PIN code to the server;

step F4: the server receives a PIN code modification request sent by the application to obtain a fourth OTP and a new PIN code, generates a soft token seed according to the stored PIN code, a soft token identifier and an activation factor, generates a dynamic factor, verifies the fourth OTP according to the soft token seed and the dynamic factor, if the verification is passed, stores the new PIN code and generates a modification success result, and returns the modification success result to the application, and if the verification is not passed, deletes the new PIN code and generates a modification failure result, and returns the modification failure result to the application;

step F5: and the application receives the modification result sent by the server and executes corresponding operation according to the modification result.

12. The method of claim 9, wherein the method further comprises:

step H1: the application receives an authentication mode selected by a user, judges the type of the authentication mode, if the authentication mode is PIN code authentication, executes step H2, and if the authentication mode is biological information authentication, executes step H4;

step H2: the application waits for receiving a PIN code input by a user, and when the PIN code input by the user is received, the SDK is called by taking the PIN code input by the user as a parameter;

step H3: the SDK acquires the stored activation factor and soft token identification, generates soft token seeds according to the activation factor, the soft token identification and a PIN code input by a user, generates a dynamic factor, generates a fifth OTP according to the dynamic factor and the soft token seeds, sends the fifth OTP to the application, and executes step H9;

step H4: the application sends a PIN code state inquiry request containing user information to the server;

step H5: the server receives the PIN state query request sent by the application, acquires a PIN timestamp according to user information in the PIN state query request, and sends a query response containing the PIN timestamp to the application;

step H6: the application receives a query response sent by the server, and calls the SDK by taking a PIN time stamp in the query response as a parameter;

step H7: the SDK judges whether the incoming PIN time stamp is consistent with the PIN time stamp stored in the SDK, if so, the step H8 is executed, otherwise, the operation is finished;

step H8: the SDK callback application acquires biological information of a user, authenticates the biological information of the user, generates a soft token seed according to a stored PIN code, an activation factor and a soft token identifier if the authentication is successful, generates a dynamic factor, generates a fifth OTP according to the dynamic factor and the soft token seed and sends the fifth OTP to the application, and executes step H9, if the authentication is failed, the operation is finished;

step H9: the application receives a fifth OTP sent by the SDK and sends a fourth authentication request containing user information, a channel identifier of the application and the fifth OTP to the server;

step H10: the server receives and analyzes the fourth authentication request sent by the application to obtain user information, a channel identifier and a fifth OTP, obtains a channel identifier, a PIN code, an activation factor and a soft token identifier corresponding to the user information, authenticates the channel identifier in the fourth authentication request according to the obtained channel identifier, generates a soft token seed according to the PIN code, the activation factor and the soft token identifier, generates a dynamic factor, authenticates the fifth OTP according to the soft token seed and the dynamic factor to generate an authentication result, and sends a fourth authentication response containing the authentication result to the application;

step H11: and the application receives and analyzes the fourth authentication response sent by the server to obtain an authentication result, and executes corresponding operation according to the authentication result.

13. A system for generating a soft token seed, comprising: the system comprises electronic equipment and a server, wherein the electronic equipment is provided with an application, and the application is integrated with an SDK;

the application on the electronic device for performing the method of any one of claims 1 to 8;

the server is used for analyzing the first soft token binding request to obtain a soft token identifier, a channel identifier and a first authorization code when the first soft token binding request is received, verifying the first authorization code, binding the channel identifier and the soft token identifier when the first authorization code passes the verification to generate a first activation password, obtaining a stored activation factor, encrypting the activation factor by using the first activation password to obtain a first activation code, and sending the first activation code and the first activation password to the application;

the server is further configured to, when receiving a first authentication request sent by the application, parse the first authentication request to obtain activation confirmation information, a first OTP and a channel identifier, generate a soft token seed according to a stored activation factor, a stored soft token identifier and a PIN code, generate a dynamic factor, authenticate the first OTP according to the dynamic factor and the soft token seed to generate an authentication result, and send a first authentication response including the authentication result to the application.

14. The system of claim 13, wherein the server is further configured to, when receiving a second authentication request sent by the application, parse the second authentication request to obtain a channel identifier and a second OTP, generate a soft token seed according to the stored activation factor, soft token identifier, and PIN code, generate a dynamic factor, authenticate the second OTP according to the dynamic factor and the soft token seed, when authentication is successful, generate an authentication success result and a first authorization code, store the channel identifier and the first authorization code in correspondence, send a second authentication response including the authentication success result and the first authorization code to the application, when authentication is failed, generate an authentication failure result, and send a second authentication response including the authentication failure result to the application.

15. The system of claim 13, wherein the server is further configured to, when receiving a PIN code setting request sent by the application, parse the PIN code setting request to obtain a PIN code, user information, and a channel identifier, store the PIN code, the user information, and the channel identifier in correspondence, and send a PIN code setting success response to the application;

the server is further used for generating a second activation password and storing the second activation password corresponding to the user information in the verification code acquisition request when receiving the verification code acquisition request sent by the application, and sending a verification code acquisition response containing the second activation password to the application;

the server is further used for analyzing a second soft token binding request sent by the application to obtain user information, a channel identifier and a soft token identifier when the second soft token binding request is received, verifying the channel identifier, generating an activation factor and storing the activation factor corresponding to the user information, the channel identifier and the soft token identifier when the verification is passed, encrypting the activation factor by using a stored second activation password to obtain a second activation code, and sending the second activation code to the application;

the server is further used for analyzing the third authentication request to obtain user information, a channel identifier, a soft token identifier, activation confirmation information and a third OTP when the third authentication request sent by the application is received, obtaining a stored channel identifier, a PIN code and an activation factor according to the user information, authenticating the channel identifier in the third authentication request according to the obtained channel identifier, generating a soft token seed according to the soft token identifier, the PIN code and the activation factor, authenticating the third OTP according to the soft token seed to generate an authentication result, and sending a third authentication response containing the authentication result to the application.

16. An electronic device comprising a processor and a memory;

the memory for storing a computer program;

the processor to execute the computer program stored by the memory to perform the method of any of claims 1 to 8.

17. A computer-readable storage medium for storing a computer program which, when run on a computer, causes the computer to perform the method of any one of claims 1 to 8.