CN101582764B - Method and system for identity authentication based on dynamic password - Google Patents
Method and system for identity authentication based on dynamic password Download PDFInfo
- Publication number
- CN101582764B CN101582764B CN2009100811231A CN200910081123A CN101582764B CN 101582764 B CN101582764 B CN 101582764B CN 2009100811231 A CN2009100811231 A CN 2009100811231A CN 200910081123 A CN200910081123 A CN 200910081123A CN 101582764 B CN101582764 B CN 101582764B
- Authority
- CN
- China
- Prior art keywords
- dynamic password
- terminal
- user
- account
- numbering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 70
- 230000027455 binding Effects 0.000 claims abstract description 73
- 238000009739 binding Methods 0.000 claims abstract description 73
- 230000003068 static effect Effects 0.000 claims abstract description 63
- 238000004891 communication Methods 0.000 claims description 48
- 230000008569 process Effects 0.000 claims description 22
- 230000008676 import Effects 0.000 claims description 13
- 238000012545 processing Methods 0.000 claims description 9
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims description 6
- 238000012423 maintenance Methods 0.000 abstract description 2
- 238000013475 authorization Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000001737 promoting effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a system for identity authentication based on a dynamic password, belonging to the field of information security. The method comprises the steps that: when binding, a service terminal authenticates an account and a static password of a user, a third party authentication terminal authenticates the dynamic password of the user, if the dynamic password is correct,the binding between the account and a dynamic password token is successful, the service terminal establishes and stores the corresponding relationship of personal information, the account and the num ber of the dynamic password token, the third party authentication terminal establishes and stores the corresponding relationship of the personal information and the number of the dynamic password token; when the user logs in the service terminal, the service terminal authenticates the account and the static password of the user, the third party authentication terminal authenticates the personal information and the dynamic password of the user respectively, if the personal information and the dynamic password pass the authentication, the logging in is successful; otherwise, the logging in is failed. The system comprises: clients, the service terminal and the third party authentication terminal. The invention reduces cost and complexity of identity authentication performed by the user with the dynamic password and is easy to realize and convenient for operation and maintenance.
Description
Technical field
The present invention relates to information security field, particularly a kind of method and system that carries out authentication based on dynamic password.
Background technology
At present, in order to improve the authentication fail safe of network application systems such as Web bank, telephone bank, Internet securities, phone security, shopping online, online game, every profession and trade, the numerous and confused dynamic password identification authenticating system that has greater security than traditional static password of releasing of each enterprise.
Adopt dynamic password identification authenticating system to carry out authentication, greatly improved the fail safe of network application system.But because employed dynamic password token difference between the current heterogeneous networks application system, certificate server is also inequality, therefore can bring adverse influence to end user and service provider.
For the end user; a user can use a plurality of network application systems usually; have bank account such as a user in 3 different banks, have two securities accounts, also have shopping online account, online game account etc. in addition two different securities broker companies.If this user wishes to adopt the higher dynamic password of fail safe to protect the fail safe of its account; need all service providers that identity authorization system based on dynamic password can both be provided so; and this user must buy a dynamic password token for each account; the result is that the user is in order to obtain a safer network application environment; need to buy a plurality of dynamic password tokens; so not only increased user's use cost, and give the user use, carry, maintenance etc. causes very big inconvenience.
For the service provider, if the dynamic password identification authenticating system of meeting consumers' demand can not be provided, then can reduce its competitiveness, this is that each service provider is unwilling to see.
In sum, current have following shortcoming based on dynamic password identification authenticating The Application of Technology system:
1, significantly improved the cost that the user uses dynamic password identification authenticating system;
2, increase the user and used the complexity of dynamic password identification authenticating system, loaded down with trivial details property and inconvenience;
3, being unfavorable for that the service provider actively takes action uses the fail safe that dynamic password identification authenticating system promotes its service.
Summary of the invention
The invention provides a kind of method and system that carries out authentication based on dynamic password, reduced the complexity that cost and user use dynamic password to carry out authentication, realize easily, handled easily is convenient to safeguard.
Described technical scheme is as follows:
A kind of method of carrying out authentication based on dynamic password, described method comprises binding procedure and login process;
Described binding procedure comprises:
The numbering and the dynamic password of the personal information of service terminal reception user input, static password, account, dynamic password token, described account and static password are verified, if described account or static password mistake, then bindings stops, if described account and static password are all correct, then authenticate numbering and the dynamic password that terminal sends described dynamic password token to the third party, request is verified described dynamic password;
After described third party authenticates terminal and receives, described dynamic password is verified, returned the checking result and give described service terminal according to the numbering of described dynamic password token;
If described checking result is correct, the numbering corresponding relation of described personal information, account and dynamic password token is set up and preserved to described service terminal, described user's personal information is sent to described third party authenticate terminal, after described third party authenticates terminal and receives, set up and preserve the numbering corresponding relation of described personal information and dynamic password token, finish the binding procedure of described account and dynamic password token;
If described checking result is incorrect, then described account and dynamic password token Bind Failed;
Described login process comprises:
When after described user is binding successfully, logining described service terminal, described service terminal receives the log-on message of the described account of described user's input, static password and dynamic password, verify described account and static password, if described account or static password mistake, then forbid described user's login, if described account and static password are all correct, then the corresponding relation of preserving according to this locality is searched the personal information corresponding with described log-on message and the numbering of dynamic password token, with described personal information, the numbering of dynamic password token and described dynamic password send to described third party and authenticate the terminal request authentication;
After described third party authenticates terminal and receives,, described personal information and the dynamic password received are verified respectively, returned the checking result and give described service terminal according to the numbering and the local corresponding relation of preserving of described dynamic password token;
Pass through if described personal information and dynamic password are all verified, then described user logins success, otherwise, described login failed for user.
Before the described binding procedure, also comprise:
Described third party authenticates terminal and distributes unique seed and unique numbering for described dynamic password token;
Described user applies also obtains to preserve the described dynamic password token of described seed and numbering.
Described personal information comprises at least a in user's name, identification card number, telephone number, address and the E-mail address.
Described static password is the service password corresponding with described account that described user sets up at described service terminal.
Described log-on message comprises dynamic password, also comprises at least a in numbering, identification card number and the E-mail address of address name, dynamic password token.
In described binding procedure, after described checking result is correct, also comprise:
Described third party authenticates the state information that terminal is upgraded described dynamic password token;
Described state information comprises needed dynamic parameter when generating dynamic password.
In described login process, described personal information and dynamic password also comprise after all verifying and passing through:
Described third party authenticates the state information that terminal is upgraded described dynamic password token;
Described state information comprises needed dynamic parameter when generating dynamic password.
A kind of system that carries out authentication based on dynamic password, described system comprise that client, service terminal and third party authenticate terminal;
Described client comprises:
Input module, be used at binding procedure, the numbering and the dynamic password of the personal information of reception user input, static password, account, dynamic password token, when after described user is binding successfully, logining described service terminal, receive log-on message, static password and the dynamic password of the described account of described user's input;
Communication module, all information that are used for described input module is received send to described service terminal, receive binding result and login result that described service terminal returns;
Output module is used at binding procedure, exports described binding result and gives the user, and in process of user login, the prompting user imports log-on message, static password and dynamic password, exports described login result and gives the user;
Described service terminal comprises:
Communication module is used for communicating with described client, receives the information of described user input when binding and login, also authenticates terminal with described third party and communicates, and receives described third party and authenticates binding checking result and the login authentication result that terminal is returned;
Binding checking processing module, be used for described account and static password that the user imports at binding procedure are verified, if described account or static password mistake, then stop bindings, if described account and static password are all correct, then the communication module by described service terminal authenticates numbering and the dynamic password that terminal sends described dynamic password token to described third party, and request is verified described dynamic password;
The binding result processing module, be used for by when described binding checking result is correct, set up and preserve described personal information, the corresponding relation of the numbering of account and dynamic password token, notify described account of described client and dynamic password token to bind successfully by the communication module of described service terminal, and the communication module by described service terminal sends to described third party with described user's personal information and authenticates terminal, also be used for when described binding checking result is incorrect, notifying described account of described client and dynamic password token Bind Failed by the communication module of described service terminal;
The login authentication processing module, be used for described account and static password that the user imports in login process are verified, if described account or static password mistake, then forbid described user's login, if described account and static password are all correct, then the corresponding relation of preserving according to described service terminal is searched the personal information corresponding with described log-on message and the numbering of dynamic password token, communication module by described service terminal is with described personal information, the numbering of dynamic password token and described dynamic password send to described third party and authenticate the terminal request authentication, also being used for the login authentication result that receives when the communication module of described service terminal all verifies when passing through for described personal information and dynamic password, notify the described user of described client to login success by the communication module of described service terminal, when described login authentication result be not described personal information and dynamic password all verify by the time, notify described client described login failed for user by the communication module of described service terminal;
Described third party authenticates terminal and comprises:
Communication module is used for communicating with described service terminal;
The binding authentication module, be used for after the communication module that described third party authenticates terminal is received the numbering and dynamic password of described dynamic password token, numbering according to described dynamic password token verifies that to described dynamic password the communication module that authenticates terminal by described third party is returned binding checking result to described service terminal;
Memory module is used for setting up and preserve the corresponding relation of the numbering of described personal information and dynamic password token after the communication module that described third party authenticates terminal is received described user's personal information;
The login authentication module, be used for after the communication module that described third party authenticates terminal is received the numbering and described dynamic password of described personal information, dynamic password token, numbering and described third party according to described dynamic password token authenticate the corresponding relation that terminal is preserved, described personal information and dynamic password are verified respectively the communication module that authenticates terminal by described third party is returned the login authentication result to described service terminal.
Described dynamic password token stores described third party and authenticates unique seed of terminal distribution and unique numbering.
Described personal information comprises at least a in user's name, identification card number, telephone number, address and the E-mail address.
Described static password is the service password corresponding with described account that described user sets up at described service terminal.
Described log-on message comprises dynamic password, also comprises at least a in numbering, identification card number and the E-mail address of address name, dynamic password token.
Technique scheme provided by the invention, having reduced the user uses dynamic password token to carry out cost, complexity and the loaded down with trivial details property of authentication, help service terminal the application of promoting dynamic password authentication system is provided, promote the fail safe of service, the user only needs a dynamic password token just can register the identity authorization system of a plurality of service terminals of login, greatly be user-friendly to, realize easily, simple to operate, and the seed of dynamic password token authenticates the terminal centralized management by the third party, is convenient to safeguard.
Description of drawings
Fig. 1 is the application schematic diagram that carries out authentication based on dynamic password that the embodiment of the invention provides;
Fig. 2 is the method flow diagram that carries out authentication based on dynamic password that the embodiment of the invention provides;
Fig. 3 is the system construction drawing that carries out authentication based on dynamic password that the embodiment of the invention provides.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
The embodiment of the invention provides a kind of centralized method of carrying out authentication based on dynamic password, introduce the third party and authenticate terminal is carried out binding procedure and login process to the user authentication, be user-friendly to dynamic password token login service terminal, especially can realize that the user uses a dynamic password token, just can login a plurality of service terminals and carry out authentication, be very easy to the user and use.
Referring to Fig. 1, the user who provides for the embodiment of the invention uses a dynamic password token to login the application schematic diagram of a plurality of service terminals respectively.The third party authenticates terminal and first service terminal, second service terminal and the 3rd service terminal communicate, the user uses a dynamic password token can login this three service terminals respectively, preserve seed and numbering in this dynamic password token, this seed and numbering are that the third party authenticates terminal distribution, write when generating dynamic password token usually.And it all is unique to the seed that each dynamic password token distributes that the third party authenticates terminal, and the numbering of distribution also is unique.The third party authenticates terminal and utilizes database to preserve all seeds and the numbering of having distributed, uses when authenticating with convenient.When the third party among the figure authenticated the terminal authentication server table and is shown in the user login services terminal, the third party authenticated terminal and specifically adopts certificate server to come to provide the authentication service for service terminal.Wherein, the user also can be by the service terminal login service terminal at each service terminal place, and service terminal comes to provide service for the user by service terminal particularly.When the user logins, to bring in the login service terminal by the client, and use the acquired dynamic password token of user to login, this client and dynamic password token do not draw in the drawings.Logining a service terminal with the user below is that example specifies binding procedure and login process.
Referring to Fig. 2, the embodiment of the invention provides a kind of method of carrying out authentication based on dynamic password, specifically comprises:
Step 201: user applies obtains dynamic password token;
In the present embodiment, the user can authenticate the end application for registration the third party and obtain, if the third party authenticates terminal dynamic password token is offered service terminal, and then the user also can obtain in the application for registration of service terminal place.
Step 202: the user gives service terminal by numbering and dynamic password that client is imported personal information, static password, account, dynamic password token, and request was bound the account and dynamic password token;
Wherein, this personal information specifically comprises at least a in user's name, identification card number, telephone number, address and the E-mail address.This static password is the corresponding service password of the account with above-mentioned input that the user sets up at service terminal.The dynamic password of user's input generates for using this dynamic password token.
Step 203: after service terminal is received the numbering and dynamic password of personal information that the user imports, static password, account, dynamic password token, the account and static password are verified, if account or static password mistake, then bindings stops, if account and static password are all correct, then authenticate numbering and the dynamic password that terminal sends dynamic password token to the third party, request is verified dynamic password;
Step 204: after the third party authenticates terminal and receives the numbering and dynamic password of this dynamic password token, search corresponding seed and state information in this locality according to the numbering of dynamic password token, generate interim dynamic password according to seed that finds and state information, the dynamic password that comparison is received and the interim dynamic password of generation, bind checking, and the checking result who returns binding gives service terminal;
Wherein, state information is meant some parameters relevant with dynamic password token, is used for participating in generating when checking or authentication the computing of dynamic password, and this parameter comprises: time factor, incident factor or the like.For example, the time of utilizing current system generates the calculating of dynamic password as time factor, perhaps utilizes the number of times that generates dynamic password to generate the calculating of dynamic password as the incident factor.
Step 205: after service terminal receives that the third party authenticates the checking result that terminal returns, judge whether this checking result is that checking is passed through, if, the corresponding relation of the numbering of service terminal foundation and preservation user's account and personal information, dynamic password token, and user's personal information is sent to the third party authenticate terminal, if the checking result does not pass through for checking, then user's account and dynamic password token Bind Failed.
Service terminal can be given the user with the result notification of binding by client.
In the present embodiment, when the method for using metering generates dynamic password, comprise that also the third party authenticates the state information that terminal is upgraded this dynamic password token, promptly generate the number of times of dynamic password if the third party authenticates when the checking result of terminal is correct;
Accordingly, when the method for using timing generates dynamic password, if the third party authenticates the checking result of terminal for correct, and the time factor that the third party authenticates terminal and user's dynamic password token produces when drifting about, the third party authenticate terminal according to time of user as standard, adjust time factor.
Step 206: after the third party authenticates terminal and receives the user's that service terminal is sent personal information, set up in this locality and preserve the corresponding relation of the numbering of this personal information and dynamic password token, as be kept in the database, finish the binding flow process.
Further, if the checking result is correct in the binding procedure, the third party authenticates the state information that terminal can also be upgraded above-mentioned dynamic password token, and this state information comprises needed dynamic parameter when generating dynamic password.
Above step is the process of binding, and after the user finished account and the binding of dynamic password token at service terminal, follow-up this dynamic password token that can utilize was logined this service terminal, carries out the flow process of login.
Step 207: when the user when binding successfully back login service terminal, service terminal receives log-on message, static password and the dynamic password of user by the account of client input, this log-on message comprises above-mentioned account;
Wherein, the log-on message of user input comprises dynamic password, can also comprise at least a in numbering, identification card number and the E-mail address of address name, dynamic password token.The dynamic password of user's input generates for the user utilizes dynamic password token.
Step 208: service terminal checking account and this static password, if the account or static password mistake, forbid that then the user logins, if this number of the account and static password are all correct, the corresponding relation of the numbering of the user's who preserves according to this locality account and personal information, account dynamic password token then, search the personal information corresponding and the numbering of dynamic password token with the account, and, send to the third party and authenticate the terminal request authentication the personal information and the numbering of dynamic password token and the dynamic password of receiving that find.
If in this step, service terminal does not find the personal information corresponding with this log-on message and the numbering of dynamic password token in this locality, then returns the account of this log-on message correspondence and does not bind the error message of dynamic password token to client.
Step 209: after the third party authenticates terminal and receives the numbering and dynamic password of this personal information, dynamic password token, corresponding relation according to the numbering of the numbering of dynamic password token and local personal information of preserving and dynamic password token, personal information and the dynamic password received are verified respectively the checking result who returns login gives service terminal.
Wherein, the third party authenticate terminal to the proof procedure of dynamic password with step 204, if verifying dynamic password is correct, the third party authenticates terminal and can also upgrade state information.Pass through if personal information and dynamic password are all verified, then the third party authenticates the state information that terminal can also be upgraded above-mentioned dynamic password token.
Step 210: after service terminal is received the checking result of login, judge that whether this checking result is that personal information and dynamic password are all verified and passed through, if, then user login services terminal success, login process finishes, otherwise, the failure of user login services terminal, the prompting corresponding error, login process finishes.
In the present embodiment, adopt the mode based on time or incident to generate dynamic password in the binding procedure of step 202~206, this mode can also be replaced by the mode of following challenge response:
The user imports personal information by client, static password, the numbering of account and dynamic password token is given service terminal, the service terminal checking account and static password, if mistake, terminating operation then, if it is correct, then authenticate the numbering that terminal sends dynamic password token to the third party, the third party authenticates terminal and returns a challenge code, the user utilizes this challenge code and dynamic password token to generate dynamic password and inputs to service terminal by client, service terminal sends to the third party with this dynamic password and authenticates terminal, the third party authenticates terminal and searches corresponding seed and state information according to the numbering of dynamic password token, according to this seed, state information generates the dynamic password that interim dynamic password verifies that the user imports, and return the checking result, if the dynamic password of user's input is correct, user account and personal information are set up and preserved to service terminal, the corresponding relation of dynamic password token numbering, the third party authenticates that terminal is set up and preserves user's personal information and the corresponding relation of the numbering of dynamic password token, user account and dynamic password token are bound successfully, if the dynamic password of user's input is incorrect, then Bind Failed.
In present embodiment step 207, the mode that the user uses dynamic password token to generate dynamic password can also be replaced by following mode:
The user imports log-on message by client to service terminal, service terminal is searched numbering with account corresponding dynamic password token according to the corresponding relation of preserving, this numbering is sent to the third party authenticate the terminal request checking, the third party authenticates terminal and receives that the back generates challenge code and sends to client by service terminal, the user is after client obtains this challenge code, utilize this challenge code to generate dynamic password, and utilize this dynamic password to login.
In present embodiment step 208, further, when service terminal is searched the numbering of personal information and dynamic password token according to the corresponding relation of preserving, can also search the dynamic password token numbering of not corresponding a guy's information, and this dynamic password token of prompting user is bound.
In the present embodiment, the third party authenticates that the login authentication result that terminal returns to service terminal is correct except the dynamic password of login, the mistake, can also be that dynamic password token is in locking, state such as reports the loss, thereby service terminal sends to client with these state informations, and the Client-Prompt corresponding error is given the user.
In the present embodiment, if user's dynamic password token is lost, then the crucial identity information of the registration that the user can be when the third party authenticates terminal or service terminal by registration is reported the loss dynamic password token, the third party authenticates terminal and this dynamic password token can be labeled as and report the loss, and the dynamic password token of this numbering then can not use before releasing is reported the loss.
Above-mentioned flow process is to describe at binding and the situation of logining a service terminal, when the user logins a plurality of service terminals and carries out authentication, login wherein each service terminal to carry out the process of authentication all identical with above-mentioned flow process, repeat no more herein.
Referring to Fig. 3, the embodiment of the invention also provides a kind of system that carries out authentication based on dynamic password, comprises that client 1, service terminal 2 and third party authenticate terminal 3;
Client 1 comprises:
Input module 11, be used at binding procedure, the numbering and the dynamic password of the personal information of reception user input, static password, account, dynamic password token, when the user when binding successfully back login service terminal 2, receive log-on message, static password and the dynamic password of the account of user's input, this log-on message comprises account;
Communication module 12, all information that are used for input module 11 is received send to service terminal 2, receive binding result and login result that service terminal 2 returns;
Output module 13 is used at binding procedure, and the output binding result is given the user, and in process of user login, the prompting user imports log-on message, static password and dynamic password, and the output login is the result give the user;
Service terminal 2 comprises:
Communication module 21 is used for communicating with client 1, receives the information of user's input when binding and login, also authenticates terminal 3 with the third party and communicates, and receives the third party and authenticates binding checking result and the login authentication result that terminal 3 is returned;
Binding checking processing module 22, be used for account and static password that the user imports at binding procedure are verified, if account or static password mistake, then stop bindings, if account and static password are all correct, then the communication module 21 by service terminal 2 authenticates numbering and the dynamic password that terminal 3 sends dynamic password token to the third party, and request is verified dynamic password;
Binding result processing module 23, be used for by when binding checking result is correct, set up and preserve the corresponding relation of the numbering of personal information, account and dynamic password token, communication module 21 notice client 1 accounts and dynamic password token by service terminal 2 are bound successfully, and the communication module 21 by service terminal 2 sends to the third party with user's personal information and authenticates terminal 3, also be used for when binding checking result is incorrect, by communication module 21 notice client 1 account and the dynamic password token Bind Faileds of service terminal 2;
Login authentication processing module 24, be used for account and static password that the user imports in login process are verified, if account or static password mistake, forbid that then the user logins, if account and static password are all correct, then the corresponding relation of preserving according to service terminal 2 is searched the personal information corresponding with log-on message and the numbering of dynamic password token, communication module 21 by service terminal 2 is with personal information, the numbering of dynamic password token and dynamic password send to the third party and authenticate terminal 3 request authentication, also being used for the login authentication result that receives when the communication module 21 of service terminal 2 all verifies when passing through for personal information and dynamic password, communication module 21 by service terminal 2 notifies the client user to login success, when the login authentication result be not personal information and dynamic password all verify by the time, communication module 21 notice clients 1 login failed for user by service terminal 2;
The third party authenticates terminal 3 and comprises:
Communication module 31 is used for communicating with service terminal 2;
Binding authentication module 32, be used for after the communication module 31 that the third party authenticates terminal 3 is received the numbering and dynamic password of dynamic password token, numbering according to dynamic password token verifies that to dynamic password the communication module 31 that authenticates terminal 3 by the third party is returned binding checking result to service terminal 2;
Memory module 33 is used for setting up the corresponding relation of also preserving the numbering of personal information and dynamic password token after the communication module 31 that the third party authenticates terminal 3 is received user's personal information;
Login authentication module 34, be used for after the communication module 31 that the third party authenticates terminal 3 is received the numbering and dynamic password of personal information, dynamic password token, numbering and third party according to dynamic password token authenticate the corresponding relation that terminal 3 is preserved, personal information and dynamic password are verified respectively the communication module 31 that authenticates terminal 3 by the third party is returned the login authentication result to service terminal 2.
In the present embodiment, terminal or service terminal obtain dynamic password token for the user authenticates the third party, and store the third party in this dynamic password token and authenticate unique seed of terminal distribution and unique numbering.
In the present embodiment, personal information comprises at least a in user's name, identification card number, telephone number, address and the E-mail address.Static password is the service password corresponding with account that the user sets up at service terminal.Log-on message comprises dynamic password, also comprises at least a in numbering, identification card number and the E-mail address of address name, dynamic password token.
Said method that the embodiment of the invention provides and system all can support the scene of a plurality of service terminals, and the present invention does not do concrete qualification to the number of service terminal.Said method that the embodiment of the invention provides and system, having reduced the user uses dynamic password token to carry out cost, complexity and the loaded down with trivial details property of authentication, help service terminal the application of promoting dynamic password authentication system is provided, promote the fail safe of service, the user only needs a dynamic password token just can register the identity authorization system of a plurality of service terminals of login, greatly be user-friendly to, realize easily, simple to operate, and the seed of dynamic password token authenticates the terminal centralized management by the third party, is convenient to safeguard.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (12)
1. a method of carrying out authentication based on dynamic password is characterized in that, described method comprises binding procedure and login process;
Described binding procedure comprises:
The numbering and the dynamic password of the personal information of service terminal reception user input, static password, account, dynamic password token, described account and static password are verified, if described account or static password mistake, then bindings stops, if described account and static password are all correct, then authenticate numbering and the dynamic password that terminal sends described dynamic password token to the third party, request is verified described dynamic password;
After described third party authenticates terminal and receives, described dynamic password is verified, returned the checking result and give described service terminal according to the numbering of described dynamic password token;
If described checking result is correct, the numbering corresponding relation of described personal information, account and dynamic password token is set up and preserved to described service terminal, described user's personal information is sent to described third party authenticate terminal, after described third party authenticates terminal and receives, set up and preserve the numbering corresponding relation of described personal information and dynamic password token, finish the binding procedure of described account and dynamic password token;
If described checking result is incorrect, then described account and dynamic password token Bind Failed;
Described login process comprises:
When after described user is binding successfully, logining described service terminal, described service terminal receives the log-on message of the described account of described user's input, static password and dynamic password, verify described account and static password, if described account or static password mistake, then forbid described user's login, if described account and static password are all correct, then the corresponding relation of preserving according to this locality is searched the personal information corresponding with described log-on message and the numbering of dynamic password token, with described personal information, the numbering of dynamic password token and described dynamic password send to described third party and authenticate the terminal request authentication;
After described third party authenticates terminal and receives,, described personal information and the dynamic password received are verified respectively, returned the checking result and give described service terminal according to the numbering and the local corresponding relation of preserving of described dynamic password token;
Pass through if described personal information and dynamic password are all verified, then described user logins success, otherwise, described login failed for user.
2. method of carrying out authentication based on dynamic password according to claim 1 is characterized in that, before the described binding procedure, also comprises:
Described third party authenticates terminal and distributes unique seed and unique numbering for described dynamic password token;
Described user applies also obtains to preserve the described dynamic password token of described seed and numbering.
3. method of carrying out authentication based on dynamic password according to claim 1 is characterized in that, described personal information comprises at least a in user's name, identification card number, telephone number, address and the E-mail address.
4. method of carrying out authentication based on dynamic password according to claim 1 is characterized in that, described static password is the service password corresponding with described account that described user sets up at described service terminal.
5. method of carrying out authentication based on dynamic password according to claim 1 is characterized in that described log-on message comprises dynamic password, also comprises at least a in numbering, identification card number and the E-mail address of address name, dynamic password token.
6. method of carrying out authentication based on dynamic password according to claim 1 is characterized in that, in described binding procedure, after described checking result is correct, also comprises:
Described third party authenticates the state information that terminal is upgraded described dynamic password token;
Described state information comprises needed dynamic parameter when generating dynamic password.
7. method of carrying out authentication based on dynamic password according to claim 1 is characterized in that, in described login process, described personal information and dynamic password also comprise after all verifying and passing through:
Described third party authenticates the state information that terminal is upgraded described dynamic password token;
Described state information comprises needed dynamic parameter when generating dynamic password.
8. a system that carries out authentication based on dynamic password is characterized in that, described system comprises that client, service terminal and third party authenticate terminal;
Described client comprises:
Input module, be used at binding procedure, the numbering and the dynamic password of the personal information of reception user input, static password, account, dynamic password token, when after described user is binding successfully, logining described service terminal, receive log-on message, static password and the dynamic password of the described account of described user's input;
Communication module, all information that are used for described input module is received send to described service terminal, receive binding result and login result that described service terminal returns;
Output module is used at binding procedure, exports described binding result and gives the user, and in process of user login, the prompting user imports log-on message, static password and dynamic password, exports described login result and gives the user;
Described service terminal comprises:
Communication module is used for communicating with described client, receives the information of described user input when binding and login, also authenticates terminal with described third party and communicates, and receives described third party and authenticates binding checking result and the login authentication result that terminal is returned;
Binding checking processing module, be used for described account and static password that the user imports at binding procedure are verified, if described account or static password mistake, then stop bindings, if described account and static password are all correct, then the communication module by described service terminal authenticates numbering and the dynamic password that terminal sends described dynamic password token to described third party, and request is verified described dynamic password;
The binding result processing module, be used for by when described binding checking result is correct, set up and preserve described personal information, the corresponding relation of the numbering of account and dynamic password token, notify described account of described client and dynamic password token to bind successfully by the communication module of described service terminal, and the communication module by described service terminal sends to described third party with described user's personal information and authenticates terminal, also be used for when described binding checking result is incorrect, notifying described account of described client and dynamic password token Bind Failed by the communication module of described service terminal;
The login authentication processing module, be used for described account and static password that the user imports in login process are verified, if described account or static password mistake, then forbid described user's login, if described account and static password are all correct, then the corresponding relation of preserving according to described service terminal is searched the personal information corresponding with described log-on message and the numbering of dynamic password token, communication module by described service terminal is with described personal information, the numbering of dynamic password token and described dynamic password send to described third party and authenticate the terminal request authentication, also being used for the login authentication result that receives when the communication module of described service terminal all verifies when passing through for described personal information and dynamic password, notify the described user of described client to login success by the communication module of described service terminal, when described login authentication result be not described personal information and dynamic password all verify by the time, notify described client described login failed for user by the communication module of described service terminal;
Described third party authenticates terminal and comprises:
Communication module is used for communicating with described service terminal;
The binding authentication module, be used for after the communication module that described third party authenticates terminal is received the numbering and dynamic password of described dynamic password token, numbering according to described dynamic password token verifies that to described dynamic password the communication module that authenticates terminal by described third party is returned binding checking result to described service terminal;
Memory module is used for setting up and preserve the corresponding relation of the numbering of described personal information and dynamic password token after the communication module that described third party authenticates terminal is received described user's personal information;
The login authentication module, be used for after the communication module that described third party authenticates terminal is received the numbering and described dynamic password of described personal information, dynamic password token, numbering and described third party according to described dynamic password token authenticate the corresponding relation that terminal is preserved, described personal information and dynamic password are verified respectively the communication module that authenticates terminal by described third party is returned the login authentication result to described service terminal.
9. the system that carries out authentication based on dynamic password according to claim 8 is characterized in that, described dynamic password token stores described third party and authenticates unique seed of terminal distribution and unique numbering.
10. the system that carries out authentication based on dynamic password according to claim 8 is characterized in that, described personal information comprises at least a in user's name, identification card number, telephone number, address and the E-mail address.
11. the system that carries out authentication based on dynamic password according to claim 8 is characterized in that, described static password is the service password corresponding with described account that described user sets up at described service terminal.
12. the system that carries out authentication based on dynamic password according to claim 8 is characterized in that described log-on message comprises dynamic password, also comprises at least a in numbering, identification card number and the E-mail address of address name, dynamic password token.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100811231A CN101582764B (en) | 2009-04-02 | 2009-04-02 | Method and system for identity authentication based on dynamic password |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100811231A CN101582764B (en) | 2009-04-02 | 2009-04-02 | Method and system for identity authentication based on dynamic password |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101582764A CN101582764A (en) | 2009-11-18 |
| CN101582764B true CN101582764B (en) | 2011-08-17 |
Family
ID=41364746
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100811231A Active CN101582764B (en) | 2009-04-02 | 2009-04-02 | Method and system for identity authentication based on dynamic password |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101582764B (en) |
Families Citing this family (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101764800A (en) * | 2009-12-02 | 2010-06-30 | 深圳市融创天下科技发展有限公司 | Method for dynamic password multi-terminal combined authentication |
| CN102158951B (en) * | 2010-02-11 | 2014-01-01 | 上海博泰悦臻网络技术服务有限公司 | Automatic registering method of vehicle-mounted equipment user, service platform and vehicle-mounted system |
| CN102567914A (en) * | 2010-12-09 | 2012-07-11 | 同方股份有限公司 | System for realizing bank secure transaction by mobile communication terminal and method thereof |
| CN102624678A (en) * | 2011-01-27 | 2012-08-01 | 中国联合网络通信集团有限公司 | System verification method and system verification server |
| CN102098162A (en) * | 2011-03-26 | 2011-06-15 | 成都勤智数码科技有限公司 | Method for performing safety management of operation and maintenance based on security token |
| CN103188241A (en) * | 2011-12-31 | 2013-07-03 | 上海第九城市信息技术有限公司 | User account management method based on mobile intelligent terminal number |
| CN103581114A (en) * | 2012-07-20 | 2014-02-12 | 上海湛泸网络科技有限公司 | Authentication method and system |
| CN102752319B (en) * | 2012-07-31 | 2015-02-11 | 广州市品高软件开发有限公司 | Cloud computing secure access method, device and system |
| US9667424B2 (en) | 2014-06-26 | 2017-05-30 | Xiaomi Inc. | Methods and apparatuses for binding token key to account |
| CN104901808A (en) * | 2015-04-14 | 2015-09-09 | 时代亿宝(北京)科技有限公司 | Voiceprint authentication system and method based on time type dynamic password |
| CN107026816B (en) * | 2016-01-29 | 2019-12-24 | 阿里巴巴集团控股有限公司 | Identity authentication method and device |
| CN108234409B (en) * | 2016-12-15 | 2020-11-27 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
| CN107332819A (en) * | 2017-05-25 | 2017-11-07 | 苏州科达科技股份有限公司 | A kind of method for authenticating and device for conference system |
| CN110505184B (en) * | 2018-05-18 | 2022-02-22 | 深圳企业云科技股份有限公司 | Enterprise network disk safe login authentication system and method |
| CN109299617A (en) * | 2018-09-19 | 2019-02-01 | 中国农业银行股份有限公司贵州省分行 | A kind of file encryption and decryption system |
| CN110348827A (en) * | 2019-05-24 | 2019-10-18 | 平安银行股份有限公司 | The direct-connected method of medium and small bank, minuscule-type-enterprise and relevant device based on third-party application |
| CN112333154A (en) * | 2020-10-16 | 2021-02-05 | 四川九八村信息科技有限公司 | Method for controlling authority based on dynamic password and plasma collector thereof |
| CN113221081A (en) * | 2021-05-25 | 2021-08-06 | 南方电网电力科技股份有限公司 | Double-factor identity authentication method and related device |
| CN113268780B (en) * | 2021-06-08 | 2022-02-11 | 天津赢达信科技有限公司 | Identity authentication method and device, computer equipment and storage medium |
| CN114553504B (en) * | 2022-01-29 | 2024-03-08 | 重庆华唐云树科技有限公司 | Third party secure login method |
| CN115189960A (en) * | 2022-07-18 | 2022-10-14 | 西安热工研究院有限公司 | Authentication method combining static password and dynamic password |
| CN116708708B (en) * | 2023-08-01 | 2024-04-02 | 广州市艾索技术有限公司 | Method and system for constructing paperless conference based on distribution |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101163014A (en) * | 2007-11-30 | 2008-04-16 | 中国电信股份有限公司 | Dynamic password identification authenticating system and method |
| CN101296241A (en) * | 2008-06-30 | 2008-10-29 | 北京飞天诚信科技有限公司 | Method for improving identity authentication security based on password card |
-
2009
- 2009-04-02 CN CN2009100811231A patent/CN101582764B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101163014A (en) * | 2007-11-30 | 2008-04-16 | 中国电信股份有限公司 | Dynamic password identification authenticating system and method |
| CN101296241A (en) * | 2008-06-30 | 2008-10-29 | 北京飞天诚信科技有限公司 | Method for improving identity authentication security based on password card |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101582764A (en) | 2009-11-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101582764B (en) | Method and system for identity authentication based on dynamic password | |
| CN101582762B (en) | Method and system for identity authentication based on dynamic password | |
| CN101582886B (en) | Method and system for identity authentication based on dynamic password | |
| US8869253B2 (en) | Electronic system for securing electronic services | |
| CN101051908B (en) | Dynamic cipher certifying system and method | |
| CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
| CN102111275B (en) | User authentication and authorization method and system for implementing user authentication and authorization method | |
| CN101163014A (en) | Dynamic password identification authenticating system and method | |
| Harini et al. | 2CAuth: A new two factor authentication scheme using QR-code | |
| CN102202306B (en) | Mobile security authentication terminal and method | |
| CN111083220A (en) | Method for providing financial service application | |
| CN101582763B (en) | Method and system for identity authentication based on dynamic password | |
| CN101877637A (en) | Single sign-on method and single sign-on system | |
| CN102217280B (en) | Method, system, and server for user service authentication | |
| CN101645775A (en) | Over-the-air download-based dynamic password identity authentication system | |
| WO2008008014A9 (en) | Method and arrangement for authentication procedures in a communication network | |
| CN102209046A (en) | Network resource integration system and method | |
| CN113992408B (en) | Multi-system unified login information processing method and system | |
| CN1829143A (en) | Novel method for network account number identity affirmation without cipher and encryption | |
| CN102868702A (en) | System login device and system login method | |
| CN102892091A (en) | Scheme for acquiring own mobile phone number | |
| CN104184836B (en) | Multi-service single-node login system and method based on remote service business | |
| JP2009118110A (en) | Method and system for provisioning meta data of authentication system, its program and recording medium | |
| US10867326B2 (en) | Reputation system and method | |
| CN102255904A (en) | Communication network and terminal authentication method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 17th floor, building B, Huizhi building, No.9, Xueqing Road, Haidian District, Beijing 100085 Patentee after: Feitian Technologies Co.,Ltd. Country or region after: China Address before: 100085 17th floor, block B, Huizhi building, No.9 Xueqing Road, Haidian District, Beijing Patentee before: Feitian Technologies Co.,Ltd. Country or region before: China |
|
| OL01 | Intention to license declared | ||
| OL01 | Intention to license declared |