CN101102194B - A method for OTP device and identity authentication with this device - Google Patents
A method for OTP device and identity authentication with this device Download PDFInfo
- Publication number
- CN101102194B CN101102194B CN2007101197727A CN200710119772A CN101102194B CN 101102194 B CN101102194 B CN 101102194B CN 2007101197727 A CN2007101197727 A CN 2007101197727A CN 200710119772 A CN200710119772 A CN 200710119772A CN 101102194 B CN101102194 B CN 101102194B
- Authority
- CN
- China
- Prior art keywords
- otp
- disposal password
- key element
- equipment
- generation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000004891 communication Methods 0.000 claims abstract description 31
- 238000004364 calculation method Methods 0.000 claims description 22
- 230000003993 interaction Effects 0.000 description 10
- 230000008676 import Effects 0.000 description 3
- 238000003825 pressing Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The OTP apparatus comprises a control module, an OTP (one-time password) generating module, a display module, a memory module, a trigger module, an estimation module and a communication module. The method thereof comprises: OTP apparatus estimates its own working status; if the OTP apparatus is at an on-line working status, according to the factor of generating the one-time password (OTP) it generates a OPT and combines the factor of generating OPT and the generated OPT to form a message which is sent to a connectable device; the connectable device gets the factor of generating the OPT from the message to form a new OPT and compares both OPTs.
Description
Technical field
The present invention relates to information security field, particularly a kind of OTP equipment and utilize this equipment to carry out the method for authentication.
Background technology
Be the epoch of network now, online cryptosecurity problem has become the network security hidden danger of present maximum, each side such as bank, online game, payment platform, online secorities trading on the net, and password is ubiquitous, brings people more safety.But also there are some problems in password, in case password loss or stolen then can bring a lot of troubles when ensureing for people's necessary security.Frequent network cipher is stolen in the prior art; trojan horse, sense of self-protection difference are by phishing, and perhaps password all is the factor that causes the cryptosecurity problem by Brute Force etc.; be necessary to take the safeguard of some cryptosecurities, for password on the catch net is set up barrier one for this reason.Simultaneously, in Information technology flourishing day by day today, the fail safe and the confidentiality of data message are subject to people's attention day by day, but be accompanied by Internet development, more and more data information and the information that relates to individual privacy and business secret is by network delivery, and confidential information is transmitted between network and intercepted and captured by the hacker easily, thus, it is more and more important that wireless transmission also seems, wireless transmission commonly used at present has Bluetoot, Home/SWAP, IEEE802.11 etc.
In the prior art, OTP (One Time Password-disposal password) is for only representing the effective password of individual session.Using OTP to carry out in the process of authentication, even OTP is eavesdropped, also can't reuse OTP and carry out system and land, be the important raising of user name/password mode fail safe.It is as follows to produce the common working method of the OTP token of OTP: OTP (disposal password) is presented on the built-in display on the OTP token; The user must provide the password that is presented at that time on the OTP token to main frame, this normally carries out by the keyboard key entry data that are connected to main frame, main frame is when checking OTP (disposal password), can in the certain limit of the current time that receives OTP, not stop to calculate, obtain OTP (disposal password), till identical with the disposal password of user input, so not only can increase main unit load, but also may make main frame think that the OTP token lost efficacy because of the time error of OTP token and main frame.Present already present OTP equipment needs the user to import OTP (disposal password) by hand, and OTP (disposal password) length is generally 6 to 8 numerals, and fail safe lacks guarantee.
Summary of the invention
For compatible prior art, and solve input inconvenience and the not high problem of fail safe that exists in the prior art under certain condition, the invention provides a kind of OTP equipment and utilize this equipment to carry out the method for authentication.
OTP equipment provided by the invention comprises control module, OTP generation module, display module, memory module, trigger module, judge module and communication module;
Described judge module links to each other with described control module, is used to judge the operating state of OTP equipment;
Described trigger module links to each other with described control module, is used to receive the trigger message that the user sends, and triggers described OTP generation module generation OTP according to described trigger message;
Described OTP generation module links to each other with described control module, is used for after the triggering that receives described trigger module, obtains the OTP that stores in the described memory module by described control module and generates key element, and generate key element generation OTP according to described OTP;
Described communication module links to each other with described control module, when being used for judged result when described judge module and being described OTP equipment and being in the on-line working state, but send the message bag that contains described OTP and described OTP generation key element to connection device, but described message bag is used for the described OTP generation key element generation new disposal password of described connection device according to described message bag, and described new disposal password and the OTP that obtains from described message bag compared, if it is identical, then described OTP equipment is legal, and the OTP generation key element that renewal self is stored according to described OTP generation key element, otherwise described OTP equipment is illegal;
Described display module links to each other with described control module, when being used for judged result when described judge module and being described OTP equipment and being in the off-line working state, show described OTP, but, the OTP of described demonstration receives userspersonal information and the described OTP of user by the keyboard input of described connection device but being used for described connection device, generate new disposal password according to described userspersonal information, and described new disposal password and described OTP compared, if it is identical, then described OTP equipment is legal, otherwise described OTP equipment is illegal.
Described trigger module is specially button or numeric keypad.
Described communication module is specially at least one in USB interface, infrared interface, blue tooth interface, parallel port, serial ports, radio frequency interface and the eSATA interface.
The present invention also provides a kind of OTP of utilization equipment to carry out the method for authentication, and described method comprises:
OTP equipment is judged self working state;
If described OTP equipment is in the on-line working state, the user sends trigger message to described OTP equipment, after described OTP equipment is received described trigger message, generate key element according to the OTP of self storage and generate disposal password, but and send to connection device and to contain the message bag that described disposal password and described OTP generate key element; But described connection device generates key element according to the described OTP in the described message bag and generates new disposal password, and described new disposal password and the disposal password that obtains from described message bag compared, if it is identical, then described OTP equipment is legal, and the disposal password generation key element that renewal self is stored according to described OTP generation key element, otherwise described OTP equipment is illegal;
If described OTP equipment is in the off-line working state, the user sends trigger message to described OTP equipment, after described OTP equipment is received described trigger message, generate the key element generation and show disposal password according to the OTP that self stores, but the user is by the keyboard input userspersonal information and the described disposal password of connection device, but described connection device generates new disposal password according to the userspersonal information who receives, and described new disposal password and the disposal password that receives compared, if it is identical, then described OTP equipment is legal, otherwise described OTP equipment is illegal.
Described step according to the disposal password generation key element generation disposal password of self storing also comprises: but described connection device is verified described OTP equipment holder's identity.
Described user is specially to the step that described OTP equipment sends trigger message: the user presses the triggering button on the described OTP equipment.
Described user is specially to the step that described OTP equipment sends trigger message: the user is by the input of the numeric keypad on described OTP equipment long number.
Described according to the disposal password generation key element generation disposal password of self storing, but and be specially to the step that connection device sends the message bag contain described disposal password: described OTP equipment generates key element according to the disposal password of self storage and generates disposal password, and with described disposal password generation key element and disposal password composition message bag, but send described message bag to connection device.
But described connection device is specially according to the step that described message bag generates new disposal password: generate key element and disposal password but described connection device parses described disposal password from described message bag, generate key element according to described disposal password and generate new disposal password.
The described step that generates new disposal password according to described disposal password generation key element is specially: but the disposal password that described connection device obtains parsing generates key element and current disposal password generation key element of self storing compares, if resolving the disposal password that obtains generates the inferior numerical value of the generation disposal password in the key element or generates the time of the time of disposal password greater than the inferior numerical value or the generation disposal password of the generation disposal password of self storing, but the disposal password that then described connection device obtains according to parsing generates key element and generates new disposal password, otherwise, but described connection device prompting authentification failure.
The step that the disposal password that described renewal self is stored generates key element is specially: but described connection device generates key element with resolving the current disposal password of self storing of disposal password generation key element replacement that obtains.
Described according to the disposal password generation key element generation disposal password of self storing, but and be specially to the step that connection device sends the message bag contain described disposal password: described OTP equipment generates key element according to the disposal password of self storage and generates disposal password, and described disposal password is generated key element carry out cryptographic calculation, cryptographic calculation result and described disposal password are formed the message bag, but send described message bag to connection device.
But described connection device is specially according to the step that described message bag generates new disposal password: but described connection device parses described disposal password and cryptographic calculation result from described message bag, and to described cryptographic calculation result deciphering obtains described disposal password and generates key element, generate key element according to described disposal password and generate new disposal password.
The described step that generates new disposal password according to described disposal password generation key element is specially: but the disposal password that described connection device obtains deciphering generates key element and current disposal password generation key element of self storing compares, if the disposal password that deciphering obtains generates the inferior numerical value of the generation disposal password in the key element or generates the time of the time of disposal password greater than the inferior numerical value or the generation disposal password of the generation disposal password of self storing, but the disposal password that then described connection device obtains according to deciphering generates key element and generates new disposal password, otherwise, but described connection device prompting authentification failure.
The step that the disposal password that described renewal self is stored generates key element is specially: generate key element but the disposal password that described connection device obtains with deciphering generates the current disposal password of self storing of key element replacement.
The algorithm of described cryptographic calculation is two-way algorithm, and described two-way algorithm comprises DES, 3DES or RC4.
But described connection device is specially according to the step that the userspersonal information who receives generates new disposal password: generate key element but described connection device retrieves disposal password according to the userspersonal information who receives, and generate the new disposal password of key element generation according to described disposal password.
Described disposal password generates key element and comprises the inferior numerical value that generates disposal password, time or the random number that generates disposal password.
But described OTP equipment is connected with described connection device by USB interface, infrared interface, blue tooth interface, parallel port, serial ports, radio frequency interface or eSATA interface.
Beneficial effect: the disposal password that OTP equipment provided by the invention produces does not need the user to import by hand, but directly sends connection device to, is user-friendly to; But the OTP that OTP equipment provided by the invention generates key element and generation with the OTP that encrypts is combined into the message bag and together sends to connection device as final password, has increased the password cracking difficulty like this, has improved fail safe; But the inferior numerical value of OTP equipment provided by the invention and connection device generation OTP or the time of generation OTP are synchronous automatically, have avoided main frame to calculate disposal password blindly again and again, can also stop Replay Attack simultaneously.
Description of drawings
Fig. 1 is the structure chart of OTP equipment provided by the invention;
Fig. 2 is that wireless type provided by the invention utilizes OTP equipment to carry out the theory diagram of authentication;
Fig. 3 is that wireless type provided by the invention utilizes OTP equipment to carry out the flow chart of the method for authentication;
Fig. 4 is that wired formula provided by the invention utilizes OTP equipment to carry out the theory diagram of authentication;
Fig. 5 is that wired formula provided by the invention utilizes OTP equipment to carry out the flow chart of the method for authentication.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
As shown in Figure 1, a kind of OTP equipment 108 that the embodiment of the invention provides, this OTP equipment 108 comprises communication module 102, memory module 101, control module 103, OTP generation module 104, judge module 105, display module 106 and trigger module 107;
In actual applications, but OTP equipment can carry out information interaction by wireless mode or wired mode and connection device.OTP equipment can by but be not limited to infrared signal, Bluetooth signal, Wireless USB signal, contactless smart card communication signal, lightwave signal or radiofrequency signal and but connection device carries out wireless information interaction; But OTP equipment can also by but be not limited to USB interface, parallel port, serial ports, radio frequency interface or eSATA interface and connection device and carry out information interaction.But connection device can but to be not limited to be card reader, communication apparatus, digital camera, main frame, main frame peripheral hardware, the server or other special equipment that connect by network.
But carrying out information interaction by wireless mode and wired mode with connection device with OTP equipment respectively below is example, but connection device can but to be not limited to be card reader, communication apparatus, digital camera, main frame, main frame peripheral hardware, by server or other special equipment that network connects, the OTP equipment that utilizes that setting forth the embodiment of the invention provides carries out the method for authentication.
Embodiment one
But OTP equipment carries out information interaction by wireless mode and connection device, wherein, but connection device is a main frame, OTP equipment is connected with the wireless messages fetch equipment, the wireless messages fetch equipment is connected with distance host by network, the method of utilizing OTP equipment to carry out authentication that the embodiment of the invention provides specifically may further comprise the steps, as shown in Figures 2 and 3:
Step 201:OTP equipment sends the wireless signal of searching main frame;
Step 202:OTP equipment judges whether to receive the feedback signal from main frame, if then execution in step 203, otherwise, execution in step 213;
If OTP equipment receives the feedback signal from main frame, illustrate that so OTP equipment is in the on-line working state; If OTP equipment does not receive the feedback signal from main frame, illustrate that so OTP equipment is in the off-line working state;
Step 203: the user sends trigger message to OTP equipment, and after OTP equipment was received trigger message, the OTP generation module obtained the OTP that stores in the memory module by control module and generates key element;
The user can send trigger message to OTP equipment by the triggering button of pressing on the OTP equipment, can also send trigger message to OTP equipment by the input of the numeric keypad on OTP equipment long number;
OTP generates key element and comprises the inferior numerical value that generates OTP, time or the random number that generates OTP; It is that example illustrates with the inferior numerical value that generates OTP that present embodiment OTP generates key element;
Step 204:OTP generation module adds up to the inferior numerical value that the OTP that gets access to generates the generation OTP in the key element, obtains the inferior numerical value of new generation OTP, and calculates generation OTP according to the inferior numerical value of this new generation OTP;
Step 205:OTP generation module sends to control module with the inferior numerical value of new generation OTP and the OTP of generation;
Step 206: control module sends to memory module with the inferior numerical value of new generation OTP, and the inferior numerical value of new generation OTP is carried out cryptographic calculation;
The algorithm of cryptographic calculation is two-way algorithm, two-way algorithm can for but be not limited to DES, 3DES or RC4 etc.;
Step 207: control module is formed the message bag with the OTP of cryptographic calculation result and generation, and by communication module this message bag is sent to the wireless messages fetch equipment;
Communication module carries out communication by wireless mode and wireless messages fetch equipment, communication module can for but be not limited to infrared interface, blue tooth interface etc.;
Step 208: after the wireless messages fetch equipment receives the message bag, this message bag is sent to main frame;
Step 209: main frame parses cryptographic calculation result and OTP from the message bag of receiving, the cryptographic calculation result is deciphered, obtain the inferior numerical value of new generation OTP, and the inferior numerical value of the generation OTP of inferior numerical value that will this new generation OTP and self storage compares, if the inferior numerical value of new generation OTP is greater than the inferior numerical value of the generation OTP that self stores, then execution in step 210, otherwise carry out 212;
Step 210: main frame generates new OTP according to the inferior numerical value of the new generation OTP that deciphering obtains, resolves the OTP that obtains with new OTP with from the message bag and compares, if two OTP are identical, then execution in step 211, otherwise execution in step 212;
Step 211: OTP is correct in the main frame prompting, allows OTP equipment holder login, and upgrades the OTP generation key element of self storing;
Main frame upgrades the OTP generation key element of self storing and is specially: main frame is replaced current OTP generation key element of self storing with deciphering the OTP generation key element that obtains, at the inferior numerical value of present embodiment main frame with the generation OTP of inferior numerical value replacement self storage of deciphering the new generation OTP that obtains;
Step 212: main frame prompting OTP makes mistakes, refusal OTP equipment holder login;
Step 213:OTP generation module generates OTP;
OTP and userspersonal information that step 214:OTP equipment holder demonstrates by the built-in display on the host keyboard input OTP equipment;
Step 215: main frame generates new OTP according to the userspersonal information who receives, and this new OTP is compared with the OTP that receives, if two OTP are identical, then execution in step 216, otherwise execution in step 212;
Step 216: OTP is correct in the main frame prompting, allows OTP equipment holder login.
In addition, control module can also be directly will new generation OTP inferior numerical value and the OTP composition packets of information of generation, send to main frame, and after not needing inferior numerical value to new generation OTP to carry out cryptographic calculation, again with the OTP composition packets of information of generation.It is basic identical to adopt this scheme to realize that the present invention utilizes OTP equipment to carry out method and the present embodiment of authentication, is step 206,207,209,210 and 211 different, 206,207,209,210 and 211 corresponding becoming:
Step 206 ': control module sends to memory module with the inferior numerical value of new generation OTP;
Step 207 ': control module is formed the message bag with the inferior numerical value of new generation OTP and the OTP of generation, and by communication module this message bag is sent to the wireless messages fetch equipment;
Communication module carries out communication by wireless mode and wireless messages fetch equipment, communication module can for but be not limited to infrared interface, blue tooth interface etc.;
Step 209 ': main frame is resolved inferior numerical value and the OTP of the generation OTP that makes new advances from the message bag of receiving, and the inferior numerical value of the generation OTP of inferior numerical value that will this new generation OTP and self storage compares, if the inferior numerical value of new generation OTP is greater than the inferior numerical value of the generation OTP that self stores, then execution in step 210 ', otherwise carry out 212;
Step 210 ': the inferior numerical value of the new generation OTP that main frame obtains according to parsing generates new OTP, resolve the OTP that obtains with new OTP with from the message bag and compare, if two OTP are identical, then execution in step 211 ', otherwise execution in step 212;
Step 211 ': OTP is correct in the main frame prompting, allows OTP equipment holder login, and upgrades the OTP generation key element of self storing;
Main frame upgrades the OTP generation key element of self storing and is specially: main frame is replaced current OTP generation key element of self storing with resolving the OTP generation key element that obtains, at the inferior numerical value of present embodiment main frame with the generation OTP of inferior numerical value replacement self storage of resolving the new generation OTP that obtains;
It is to be that example describes with the inferior numerical value that generates OTP that OTP in the present embodiment generates key element, in actual applications, can also be used as OTP with the time that generates OTP and generate key element, generate that will to realize usually that the present invention utilizes OTP equipment to carry out the method and the present embodiment of authentication just the same the time that adopt to generate OTP as OTP, repeat no more here.
Embodiment two
But OTP equipment carries out information interaction by wired mode and connection device, wherein but connection device is a main frame, OTP equipment carries out information interaction by USB interface and main frame, the method of utilizing OTP equipment to carry out authentication that the embodiment of the invention provides specifically may further comprise the steps, as shown in Figure 4 and Figure 5:
Step 301:OTP equipment sends the signal of searching main frame;
Step 302:OTP equipment judges whether to receive the feedback signal from main frame, if then execution in step 303, otherwise execution in step 312;
If OTP equipment receives the feedback signal from main frame, illustrate that so OTP equipment is in the on-line working state; If OTP equipment does not receive the feedback signal from main frame, illustrate that so OTP equipment is in the off-line working state;
Step 303: the user sends trigger message to OTP equipment, and after OTP equipment was received trigger message, the OTP generation module obtained the OTP that stores in the memory module by control module and generates key element;
The user can send trigger message to OTP equipment by the triggering button of pressing on the OTP equipment, can also send trigger message to OTP equipment by the input of the numeric keypad on OTP equipment long number;
OTP generates key element and comprises the inferior numerical value that generates OTP, time or the random number that generates OTP; It is that example illustrates with the inferior numerical value that generates OTP that present embodiment OTP generates key element;
Step 304:OTP generation module adds up to the inferior numerical value that the OTP that gets access to generates the generation OTP in the key element, obtains the inferior numerical value of new generation OTP, and calculates generation OTP according to the inferior numerical value of this new generation OTP;
Step 305:OTP generation module sends to control module with the inferior numerical value of new generation OTP and the OTP of generation;
Step 306: control module sends to memory module with the inferior numerical value of new generation OTP, and the inferior numerical value of new generation OTP is carried out cryptographic calculation;
The algorithm of cryptographic calculation is two-way algorithm, two-way algorithm can for but be not limited to DES, 3DES or RC4 etc.;
Step 307: control module is formed the message bag with the OTP of cryptographic calculation result and generation, and by communication module this message bag is sent to main frame;
Communication module carries out communication by wired mode and main frame, communication module can for but be not limited to USB interface, parallel port, serial ports or eSATA interface etc.;
Step 308: main frame parses cryptographic calculation result and OTP from the message bag of receiving, the cryptographic calculation result is deciphered, obtain the inferior numerical value of new generation OTP, and the inferior numerical value of the generation OTP of the inferior numerical value of new generation OTP and self storage compared, if the inferior numerical value of new generation OTP is greater than the inferior numerical value of the generation OTP that self stores, then execution in step 309, otherwise execution in step 311;
Step 309: main frame generates new OTP according to the inferior numerical value of the new generation OTP that deciphering obtains, resolves the OTP that obtains with new OTP with from the message bag and compares, if two OTP are identical, then execution in step 310, otherwise execution in step 311;
Step 310: OTP is correct in the main frame prompting, allows OTP equipment holder login, and upgrades the OTP generation key element of self storing;
Main frame upgrades the OTP generation key element of self storing and is specially: main frame is replaced current OTP generation key element of self storing with deciphering the OTP generation key element that obtains, at the inferior numerical value of present embodiment main frame with the generation OTP of inferior numerical value replacement self storage of deciphering the new generation OTP that obtains;
Step 311: main frame prompting OTP mistake, refusal OTP equipment holder login;
Step 312:OTP generation module generates OTP;
OTP and userspersonal information that step 313:OTP equipment holder demonstrates by the built-in display on the host keyboard input OTP equipment;
Step 314: main frame generates new OTP according to the userspersonal information who receives, and this new OTP is compared with the OTP that receives, if two OTP are identical, then execution in step 315, otherwise execution in step 311;
Step 315: OTP is correct in the main frame prompting, allows OTP equipment holder login.
In addition, control module can also be directly will new generation OTP inferior numerical value and the OTP composition packets of information of generation, send to main frame, and after not needing inferior numerical value to new generation OTP to carry out cryptographic calculation, again with the OTP composition packets of information of generation.It is basic identical to adopt this scheme to realize that the present invention utilizes OTP equipment to carry out method and the present embodiment of authentication, is step 306,307,308,309 and 310 different, 306,307,308,309 and 310 corresponding becoming:
Step 306 ': control module sends to memory module with the inferior numerical value of new generation OTP;
Step 307 ': control module is formed the message bag with the inferior numerical value of new generation OTP and the OTP of generation, and by communication module this message bag is sent to the wireless messages fetch equipment;
Communication module carries out communication by wireless mode and wireless messages fetch equipment, communication module can for but be not limited to infrared interface, blue tooth interface etc.;
Step 308 ': main frame is resolved inferior numerical value and the OTP of the generation OTP that makes new advances from the message bag of receiving, and the inferior numerical value of the generation OTP of inferior numerical value that will this new generation OTP and self storage compares, if the inferior numerical value of new generation OTP is greater than the inferior numerical value of the generation OTP that self stores, then execution in step 309 ', otherwise carry out 311;
Step 309 ': the inferior numerical value of the new generation OTP that main frame obtains according to parsing generates new OTP, resolve the OTP that obtains with new OTP with from the message bag and compare, if two OTP are identical, then execution in step 310 ', otherwise execution in step 311;
Step 310 ': OTP is correct in the main frame prompting, allows OTP equipment holder login, and upgrades the OTP generation key element of self storing;
Main frame upgrades the OTP generation key element of self storing and is specially: main frame is replaced current OTP generation key element of self storing with resolving the OTP generation key element that obtains, at the inferior numerical value of present embodiment main frame with the generation OTP of inferior numerical value replacement self storage of resolving the new generation OTP that obtains;
It is to be that example describes with the inferior numerical value that generates OTP that OTP in the present embodiment generates key element, in actual applications, can also be used as OTP with the time that generates OTP and generate key element, generate that will to realize usually that the present invention utilizes OTP equipment to carry out the method and the present embodiment of authentication just the same the time that adopt to generate OTP as OTP, repeat no more here.
In order further to increase the fail safe of authentication, before OTP equipment generated OTP, main frame can also be verified OTP equipment holder's identity, and verification mode can be PIN code checking, fingerprint or iris checking etc.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (19)
1. an OTP equipment is characterized in that, described equipment comprises control module, OTP generation module, display module, memory module, trigger module, judge module and communication module;
Described judge module links to each other with described control module, is used to judge the operating state of OTP equipment;
Described trigger module links to each other with described control module, is used to receive the trigger message that the user sends, and triggers described OTP generation module generation OTP according to described trigger message;
Described OTP generation module links to each other with described control module, is used for after the triggering that receives described trigger module, obtains the OTP that stores in the described memory module by described control module and generates key element, and generate key element generation OTP according to described OTP;
Described communication module links to each other with described control module, when being used for judged result when described judge module and being described OTP equipment and being in the on-line working state, but send the message bag that contains described OTP and described OTP generation key element to connection device, but described message bag is used for the described OTP generation key element generation new disposal password of described connection device according to described message bag, and described new disposal password and the OTP that obtains from described message bag compared, if it is identical, then described OTP equipment is legal, and the OTP generation key element that renewal self is stored according to described OTP generation key element, otherwise described OTP equipment is illegal;
Described display module links to each other with described control module, when being used for judged result when described judge module and being described OTP equipment and being in the off-line working state, show described OTP, but, the OTP of described demonstration receives userspersonal information and the described OTP of user by the keyboard input of described connection device but being used for described connection device, generate new disposal password according to described userspersonal information, and described new disposal password and described OTP compared, if it is identical, then described OTP equipment is legal, otherwise described OTP equipment is illegal.
2. OTP equipment as claimed in claim 1 is characterized in that described trigger module is specially button or numeric keypad.
3. OTP equipment as claimed in claim 1 is characterized in that, described communication module is specially at least one in USB interface, infrared interface, blue tooth interface, parallel port, serial ports, radio frequency interface and the eSATA interface.
4. a method of utilizing OTP equipment to carry out authentication is characterized in that, described method comprises:
OTP equipment is judged self working state;
If described OTP equipment is in the on-line working state, the user sends trigger message to described OTP equipment, after described OTP equipment is received described trigger message, generate key element according to the OTP of self storage and generate disposal password, but and send to connection device and to contain the message bag that described disposal password and described OTP generate key element; But described connection device generates key element according to the described OTP in the described message bag and generates new disposal password, and described new disposal password and the disposal password that obtains from described message bag compared, if it is identical, then described OTP equipment is legal, and the disposal password generation key element that renewal self is stored according to described OTP generation key element, otherwise described OTP equipment is illegal;
If described OTP equipment is in the off-line working state, the user sends trigger message to described OTP equipment, after described OTP equipment is received described trigger message, generate the key element generation and show disposal password according to the OTP that self stores, but the user is by the keyboard input userspersonal information and the described disposal password of connection device, but described connection device generates new disposal password according to the userspersonal information who receives, and described new disposal password and the disposal password that receives compared, if it is identical, then described OTP equipment is legal, otherwise described OTP equipment is illegal.
5. the OTP of utilization equipment as claimed in claim 4 carries out the method for authentication, it is characterized in that described step according to the disposal password generation key element generation disposal password of self storing also comprises: but described connection device is verified described OTP equipment holder's identity.
6. the OTP of utilization equipment as claimed in claim 4 carries out the method for authentication, it is characterized in that, described user is specially to the step that described OTP equipment sends trigger message: the user presses the triggering button on the described OTP equipment.
7. the OTP of utilization equipment as claimed in claim 4 carries out the method for authentication, it is characterized in that, described user is specially to the step that described OTP equipment sends trigger message: the user is by the input of the numeric keypad on described OTP equipment long number.
8. the OTP of utilization equipment as claimed in claim 4 carries out the method for authentication, it is characterized in that, described according to the disposal password generation key element generation disposal password of self storing, but and be specially to the step that connection device sends the message bag contain described disposal password: described OTP equipment generates key element according to the disposal password of self storage and generates disposal password, and with described disposal password generation key element and disposal password composition message bag, but send described message bag to connection device.
9. the OTP of utilization equipment as claimed in claim 8 carries out the method for authentication, it is characterized in that, but described connection device is specially according to the step that described message bag generates new disposal password: generate key element and disposal password but described connection device parses described disposal password from described message bag, generate key element according to described disposal password and generate new disposal password.
10. the OTP of utilization equipment as claimed in claim 9 carries out the method for authentication, it is characterized in that, the described step that generates new disposal password according to described disposal password generation key element is specially: but the disposal password that described connection device obtains parsing generates key element and current disposal password generation key element of self storing compares, if resolving the disposal password that obtains generates the inferior numerical value of the generation disposal password in the key element or generates the time of the time of disposal password greater than the inferior numerical value or the generation disposal password of the generation disposal password of self storing, but the disposal password that then described connection device obtains according to parsing generates key element and generates new disposal password, otherwise, but described connection device prompting authentification failure.
11. the OTP of utilization equipment as claimed in claim 10 carries out the method for authentication, it is characterized in that the step that the disposal password that described renewal self is stored generates key element is specially: but described connection device generates key element with resolving the current disposal password of self storing of disposal password generation key element replacement that obtains.
12. the OTP of utilization equipment as claimed in claim 4 carries out the method for authentication, it is characterized in that, described according to the disposal password generation key element generation disposal password of self storing, but and be specially to the step that connection device sends the message bag contain described disposal password: described OTP equipment generates key element according to the disposal password of self storage and generates disposal password, and described disposal password is generated key element carry out cryptographic calculation, cryptographic calculation result and described disposal password are formed the message bag, but send described message bag to connection device.
13. the OTP of utilization equipment as claimed in claim 12 carries out the method for authentication, it is characterized in that, but described connection device is specially according to the step that described message bag generates new disposal password: but described connection device parses described disposal password and cryptographic calculation result from described message bag, and to described cryptographic calculation result deciphering obtains described disposal password and generates key element, generate key element according to described disposal password and generate new disposal password.
14. the OTP of utilization equipment as claimed in claim 13 carries out the method for authentication, it is characterized in that, the described step that generates new disposal password according to described disposal password generation key element is specially: but the disposal password that described connection device obtains deciphering generates key element and current disposal password generation key element of self storing compares, if the disposal password that deciphering obtains generates the inferior numerical value of the generation disposal password in the key element or generates the time of the time of disposal password greater than the inferior numerical value or the generation disposal password of the generation disposal password of self storing, but the disposal password that then described connection device obtains according to deciphering generates key element and generates new disposal password, otherwise, but described connection device prompting authentification failure.
15. the OTP of utilization equipment as claimed in claim 14 carries out the method for authentication, it is characterized in that the step that the disposal password that described renewal self is stored generates key element is specially: generate key element but the disposal password that described connection device obtains with deciphering generates the current disposal password of self storing of key element replacement.
16. the OTP of utilization equipment as claimed in claim 12 carries out the method for authentication, it is characterized in that, the algorithm of described cryptographic calculation is two-way algorithm, and described two-way algorithm comprises DES, 3DES or RC4.
17. the OTP of utilization equipment as claimed in claim 4 carries out the method for authentication, it is characterized in that, but described connection device is specially according to the step that the userspersonal information who receives generates new disposal password: generate key element but described connection device retrieves disposal password according to the userspersonal information who receives, and generate the new disposal password of key element generation according to described disposal password.
18. the OTP of utilization equipment as claimed in claim 4 carries out the method for authentication, it is characterized in that, described disposal password generates key element and comprises the inferior numerical value that generates disposal password, time or the random number that generates disposal password.
19. the OTP of utilization equipment as claimed in claim 4 carries out the method for authentication, it is characterized in that, but described OTP equipment is connected with described connection device by USB interface, infrared interface, blue tooth interface, parallel port, serial ports, radio frequency interface or eSATA interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101197727A CN101102194B (en) | 2007-07-31 | 2007-07-31 | A method for OTP device and identity authentication with this device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101197727A CN101102194B (en) | 2007-07-31 | 2007-07-31 | A method for OTP device and identity authentication with this device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101102194A CN101102194A (en) | 2008-01-09 |
| CN101102194B true CN101102194B (en) | 2010-06-09 |
Family
ID=39036303
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101197727A Active CN101102194B (en) | 2007-07-31 | 2007-07-31 | A method for OTP device and identity authentication with this device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101102194B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101576945B (en) * | 2008-12-31 | 2012-12-12 | 飞天诚信科技股份有限公司 | Multifunctional card reader and realization method thereof |
| CN101789864B (en) * | 2010-02-05 | 2012-10-10 | 中国工商银行股份有限公司 | On-line bank background identity identification method, device and system |
| CN102130767B (en) * | 2011-01-25 | 2013-02-13 | 飞天诚信科技股份有限公司 | One-time password communication realization system and method |
| CN102521540A (en) * | 2011-12-09 | 2012-06-27 | 上海华勤通讯技术有限公司 | Authentication system of electronic device and authentication method thereof |
| CN104202299A (en) * | 2014-08-06 | 2014-12-10 | 北京中金国信科技有限公司 | System and method of identity authentication based on Bluetooth |
| CN104168329A (en) * | 2014-08-28 | 2014-11-26 | 尚春明 | User secondary authentication method, device and system in cloud computing and Internet |
| CN105357186B (en) * | 2015-10-10 | 2018-10-19 | 江苏通付盾科技有限公司 | A kind of secondary authentication method based on out-of-band authentication and enhancing OTP mechanism |
| CN106921498B (en) * | 2015-12-28 | 2019-09-20 | 腾讯科技(深圳)有限公司 | The security processing of virtual resource, device and system |
| CN114022981A (en) * | 2016-12-14 | 2022-02-08 | 余仁植 | Vehicle unlocking method, locking and unlocking device, vehicle and vehicle system |
| CN106789079A (en) * | 2016-12-30 | 2017-05-31 | 余仁植 | Identity identifying method, disposal password electronic installation and system |
| CN106953726A (en) * | 2017-02-14 | 2017-07-14 | 上海林果实业股份有限公司 | A kind of message authentication method, message authentication device and host computer |
| CN107403486A (en) * | 2017-06-28 | 2017-11-28 | 宁波久婵物联科技有限公司 | A kind of disposal password verification method of electronic lock |
| US10542036B1 (en) | 2018-10-02 | 2020-01-21 | Capital One Services, Llc | Systems and methods for signaling an attack on contactless cards |
| KR102499614B1 (en) * | 2018-10-30 | 2023-02-13 | 삼성전자주식회사 | A host device, a storage device, a VUC authentication system including them, and a VUC authentication method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1427609A (en) * | 2001-12-20 | 2003-07-02 | 西北工业大学 | Nonrecurring countersign and business confirmation method |
| CN1610293A (en) * | 2004-11-19 | 2005-04-27 | 陈智敏 | Method for making disposable password system log password calculation by cell phone applied program |
-
2007
- 2007-07-31 CN CN2007101197727A patent/CN101102194B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1427609A (en) * | 2001-12-20 | 2003-07-02 | 西北工业大学 | Nonrecurring countersign and business confirmation method |
| CN1610293A (en) * | 2004-11-19 | 2005-04-27 | 陈智敏 | Method for making disposable password system log password calculation by cell phone applied program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101102194A (en) | 2008-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101102194B (en) | A method for OTP device and identity authentication with this device | |
| EP2220840B1 (en) | Method of authentication of users in data processing systems | |
| CN101340436B (en) | Method and apparatus implementing remote access control based on portable memory apparatus | |
| EP2424185B1 (en) | Method and device for challenge-response authentication | |
| CN102215221B (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
| US8214888B2 (en) | Two-factor USB authentication token | |
| EP2252961B1 (en) | A strong authentication token generating one-time passwords and signatures upon server credential verification | |
| CN102148685B (en) | Method and system for dynamically authenticating password by multi-password seed self-defined by user | |
| US20120066749A1 (en) | Method and computer program for generation and verification of otp between server and mobile device using multiple channels | |
| CN100590639C (en) | System and method for managing multiple smart card sessions | |
| EP2932428B1 (en) | Method of allowing establishment of a secure session between a device and a server | |
| CN101815091A (en) | Cipher providing equipment, cipher authentication system and cipher authentication method | |
| CN1977559B (en) | Method and system for protecting information exchanged during communication between users | |
| JP2009510644A (en) | Method and configuration for secure authentication | |
| CN101641976A (en) | An authentication method | |
| US20100223479A1 (en) | Method for Protection of A Chip Card From Unauthorized Use, Chip Card and Chip Card Terminal | |
| CN103036681B (en) | A kind of password safety keyboard device and system | |
| CN101944216A (en) | Two-factor online transaction safety authentication method and system | |
| US20120284787A1 (en) | Personal Secured Access Devices | |
| CN102025748A (en) | Method, device and system for acquiring user name of Kerberos authentication mode | |
| Khan et al. | Offline OTP based solution for secure internet banking access | |
| CN102227106A (en) | Method and system for intelligent secret key equipment to communicate with computer | |
| CN107786978B (en) | NFC authentication system based on quantum encryption | |
| CN100592317C (en) | Peripheral apparatus and method for verifying authority thereof | |
| CN201717885U (en) | Code providing equipment and code identification system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: FEITIAN TECHNOLOGIES CO., LTD. Free format text: FORMER NAME: BEIJING FEITIAN CHENGXIN SCIENCE + TECHNOLOGY CO. LTD. |
|
| CP03 | Change of name, title or address |
Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer Patentee after: Feitian Technologies Co.,Ltd. Address before: 100083, Haidian District, Xueyuan Road, No. 40 research, 7 floor, 5 floor, Beijing Patentee before: FEITIAN TECHNOLOGIES Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 17th floor, building B, Huizhi building, No.9, Xueqing Road, Haidian District, Beijing 100085 Patentee after: Feitian Technologies Co.,Ltd. Country or region after: China Address before: 100085 17th floor, block B, Huizhi building, No.9 Xueqing Road, Haidian District, Beijing Patentee before: Feitian Technologies Co.,Ltd. Country or region before: China |