Embodiment
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
At present, portable terminal (for example mobile phone) has become a kind of means of communication of carrying that all kinds of crowds generally use.The data card that is provided with in the portable terminal, for example subscriber identification module (SubscriberIdentity Module; Hereinafter to be referred as: SIM card) or the SIM expansion card, be a kind of intelligent chip with functions such as storage, able to programme, processing.The SIM expansion card claims sticker again, is the contact conversion thin slice that designs for the SIM card slot that adapts to the different mobile terminal correspondence on the external form., that both are bonding during use the contact on the SIM card chip contacts aligning sticker, more this " bonding " blocked the SIM card slot that directly inserts portable terminal.Thus, the present invention utilizes the advantage of portable terminal and data card, a kind of scheme that solves above-mentioned prior art defective is provided, promptly on the basis that does not influence the portable terminal proper communication, in data card, is built-in with the dynamic password generation module that can in time generate dynamic password for the user.
Fig. 1 is the flow chart of dynamic password formation method embodiment one of the present invention.Executive agent in the present embodiment is the data card that is arranged in the portable terminal, specifically can be SIM card, also can be the SIM expansion card.Present embodiment describes the technical scheme of dynamic password formation method of the present invention so that to be arranged on data card in the portable terminal be example.As shown in Figure 1, present embodiment comprises:
Step 11: mobile terminal receive sends, acquisition request is used for the user is carried out the solicited message of the dynamic password of authentication.
The user by client browser (for example, Internet Explorer, or browser of mobile terminal: MP, Gorilla, UCWEB etc.) or client software is (for example, when stock exchange software) carrying out operation such as online payment, online login, or during by the login of client browser/client software, access server, server can point out the user that dynamic password is provided, by this dynamic password user identity is authenticated.At this moment, the user opens the portable terminal of carrying (for example, portable terminal), by the password menu item of (SIM TOOL Kit is called for short STK) of user identification application development instrument in the operating mobile terminal, sends solicited message to obtain dynamic password to data card.Send in the solicited message of data card at portable terminal, carry that portable terminal provides for data card, as to be used to generate dynamic password dynamic password generation parameter.(ApplicationProtocol Data Unit, be called for short: APDU) instruction sends the information that request generates dynamic password to data card to portable terminal by Application Protocol Data Unit.
For guaranteeing the fail safe of dynamic password, when the user starts the password menu item of STK, need PIN (the Personal Identify Number of input data card, be called for short PIN code), after the PIN code checking was passed through, portable terminal sent the information that request generates dynamic password by the APDU instruction to data card again.
Comprise one group among the STK and be used for portable terminal and data card carries out mutual instruction, by STK can the service data card plug-in.Communicating by letter between portable terminal and the data card, specifically the APDU by GSM11.11 and GSM11.14 agreement regulation instructs and realizes.The STK program can be positioned in the data card, and it provides a text menu operation interface for the user on portable terminal: the STK menu, the user can click menu wherein, realizes special application.In addition, if service provider's business has been carried out expansion or has been changed, can send message to customer mobile terminal, this message can be sent to data card, application program in the data card can be made amendment to existing STK menu according to this message, thereby reaches the purpose that new service is provided to the user.
Step 12: personal authentication's information and dynamic password according to the user who stores generate parameter, use the dynamic password generating algorithm that presets, and generate corresponding dynamic password.
After data card receives the solicited message of portable terminal transmission, use the dynamic password generating algorithm that presets, generate parameter according to the personal authentication's information of storage and the dynamic password of portable terminal transmission, for the user generates corresponding dynamic password.
At server end, store with data card in identical dynamic password generating algorithm and personal authentication's information of user.Server is the prompting user when submitting dynamic password to, can use the dynamic password generating algorithm of self storage and individual subscriber authentication information simultaneously and generate parameter with the dynamic password of data card agreement, also generates a dynamic password.If the dynamic password that server generates is consistent with the dynamic password that the user submits to, then user's authentication is passed through.
Wherein, personal authentication's information is the user after registration personal information on the server, is information that the user generates, the unique identification user identity by server.User's personal authentication's information and dynamic password generating algorithm can directly be built in the data card of user's use the user after succeeding in registration on the server.After personal authentication's information and the renewal of dynamic password generating algorithm, can be by server by aerial (the Over the Air that downloads, be called for short: OTA) passage promptly sends the OTA short message to the employed portable terminal of user, be handed down to the employed portable terminal of user, send data card to by portable terminal again.
Step 13: return dynamic password to portable terminal, use dynamic password for the user and carry out authentication to server requests.
After generating dynamic password, data card returns dynamic password to portable terminal, submits this dynamic password for the user to server, so that server carries out authentication to the user.
The present embodiment dynamic password formation method, when the server prompts user obtains the dynamic password that carries out authentication, after user's triggering mobile terminals sends the solicited message that generates dynamic password to data card, data card by built-in dynamic password algorithm and user personal authentication's information and the solicited message of portable terminal in the dynamic password that carries generate parameter, for the user in time generates dynamic password, and offer the user by portable terminal.Therefore, carry mobile terminal user and can obtain the dynamic password that carries out authentication whenever and wherever possible, and use this dynamic password to the request server authentication to carry out safe electronic transaction.Thereby, satisfied the demand that the user carries out secure electronic transaction and secure log, access server whenever and wherever possible.
In scheme shown in Figure 1, the user to server submit to dynamic password mode can for: the user directly imports dynamic password on client browser or client transaction software, sent to server by client browser or client transaction software.Fig. 2 is the schematic diagram of dynamic password short message way of submission among the dynamic password formation method embodiment two of the present invention.As shown in Figure 2, server, can be pointed out the user " please import dynamic password " simultaneously, and provide the dynamic password input frame when prompting user submits dynamic password to by client browser or client transaction software interface.Portable terminal is after the user provides dynamic password, and the user imports dynamic password in this input frame, and dynamic password sends to server through client browser or client transaction software.After server receives this dynamic password, the user is carried out authentication, if checking is by then allowing the user to enter concrete business according to this dynamic password.
In addition, the user submit dynamic password to server mode also can for: the user uses portable terminal and submits to server in the short message mode.Fig. 3 is the schematic diagram of dynamic password client way of submission among the dynamic password formation method embodiment three of the present invention, as shown in Figure 3, server is passing through client browser or client transaction software interface, when the prompting user submits dynamic password to, can point out the user " please to submit dynamic password to " simultaneously by short message.After server sent dynamic password, server carried out authentication according to this dynamic password to the user to user's operating mobile terminal in the short message mode, if checking is by then allowing the user to enter concrete business.
In scheme shown in Figure 1, if the data card that is arranged in the portable terminal is a SIM card, then dynamic password generates parameter and comprises any one or its combination in the following information: when user's triggering mobile terminals was obtained dynamic password, user's password challenging value input, that provide to the user when server prompts user submits dynamic password to was provided portable terminal; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.Several authorization informations wherein can be user's current Transaction Information when carrying out online payment.
In scheme shown in Figure 1, if the data card that is arranged in the portable terminal is a sticker for the SIM expansion card, then dynamic password generates parameter and comprises any one or its combination in the following information: when user's triggering mobile terminals is obtained dynamic password, and the current system time that portable terminal obtains; When user's triggering mobile terminals was obtained dynamic password, user's password challenging value input, that provide to the user when server prompts user submits dynamic password to was provided portable terminal; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.Several authorization informations wherein can be user's current Transaction Information when carrying out online payment.
If server generates parameter with the current system time of portable terminal as dynamic password, the SIM expansion card is used the dynamic password generating algorithm that presets, for the user generates dynamic password according to the personal authentication's information of storage and the current system time of portable terminal.Fig. 4 is dynamic password among the dynamic password formation method embodiment four of the present invention generates parameter when being the current system time of portable terminal signaling process figure, as shown in Figure 4, the user is when carrying out electronic transaction, server is by webpage, WAP interface or client transaction software, and the prompting user imports dynamic password so that user identity is authenticated.The user opens the STK in the portable terminal, clicks " time password " menu, and portable terminal is encapsulated in current system time in the APDU instruction and sends to the SIM expansion card, and request generates dynamic password.The SIM expansion card is used the dynamic password generating algorithm that presets according to the personal authentication's information of storage and the current system time of portable terminal transmission, generates the order of opening one's mouth.After generating dynamic password, the SIM expansion card sends to portable terminal by the APDU instruction with this dynamic password, so that portable terminal shows for the user on display screen.
At server end, adopt same dynamic password generating algorithm, personal authentication's information according to the user who self stores, current system time with server generates parameter as dynamic password, generate a dynamic password, if consistent with the dynamic password that the user submits to, then subscriber authentication is passed through.May there be error in the current system time of server and the current system time of portable terminal, so the dynamic password that server also can be submitted to the user in the error range of accepting is revised.As the SIM expansion card with current system time 10: 10: 20 on the 1st September in 2009 of portable terminal as time parameter, the current system time of server is 10: 10: 30 on the 1st September in 2009.If server acceptable time error range is 30 seconds, server is a time parameter with on September 1,10: 10: 45 10: 10 15 seconds to 2009 on the 1st September in 2009 so, generates 30 dynamic passwords.If the dynamic password that the user submits to is in above-mentioned 30 dynamic passwords, then user's authentication is passed through.
If the password challenging value that server will generate at random generates parameter as dynamic password, when the server prompts user imports dynamic password, can generate a password challenging value at random and provide this password challenging value simultaneously so to the user.Server provides the mode of this password challenging value to have two kinds to the user: the one, provide this password challenging value by above-mentioned client browser or client transaction software to the user; The 2nd, this password challenging value is sent to user's portable terminal by short message way.Signaling process figure when Fig. 5 is the password challenging value for dynamic password among the dynamic password formation method embodiment five of the present invention generates parameter, as shown in Figure 5, on client browser interface or client transaction software interface, show the password challenging value " 478319 " that server provides." challenging value password " menu item of STK on user's operating mobile terminal, the challenging value of directly in dialog box that ejects or input frame, entering password.The user enters password behind the challenging value, and portable terminal is enclosed in the password challenging value in the APDU instruction and sends to SIM card or SIM expansion card, and request generates dynamic password.SIM card or SIM expansion card are used the dynamic password generating algorithm that presets according to the personal authentication's information of storage and the password challenging value of portable terminal transmission, generate dynamic password.After generating dynamic password, SIM card or SIM expansion card send to portable terminal by the APDU instruction with this dynamic password, so that portable terminal shows for the user on display screen.
At server end, adopt same dynamic password generating algorithm, according to personal authentication's information of the user who self stores, generate parameter with the password challenging value as dynamic password, generate a dynamic password, if consistent with the dynamic password of user's submission, then subscriber authentication is passed through.
If server is with user's current number item authorization information, the current number item Transaction Information when for example the user pays on the net generates parameter as dynamic password, and portable terminal need obtain user's several Transaction Informations so.User's several Transaction Informations can for, the remittance number of the account of current transaction, shroff account number, dealing money, negotiator's name Pinyin abbreviation etc.Above-mentioned account information, it is complete not require that the user imports, and for example, can require the user to import remittance preceding 4 of number of the account, back 4 of shroff account number etc.Fig. 6 is dynamic password among the dynamic password formation method embodiment six of the present invention generates parameter when being several Transaction Informations of user signaling process figure, as shown in Figure 6, on client browser interface or client transaction software interface, the dynamic password that shows server requirement generates parameter: remittance number of the account, shroff account number, dealing money." multiple password " menu item of STK on user's operating mobile terminal, STK can eject dialog box or input frame prompting user imports several current Transaction Informations, and the user directly imports several current Transaction Informations on STK.After the user imported several Transaction Informations, portable terminal was enclosed in several Transaction Informations in the APDU instruction and sends to SIM card or SIM expansion card, and request generates dynamic password.SIM card or SIM expansion card are used the dynamic password generating algorithm that presets according to personal authentication's information of storage and several Transaction Informations of portable terminal transmission, generate dynamic password.After generating dynamic password, SIM card or SIM expansion card send to portable terminal by the APDU instruction with this dynamic password, so that portable terminal shows for the user on display screen.
At server end, adopt same dynamic password generating algorithm, personal authentication's information according to the user who self stores, and several the current authorization informations of importing with the user generate parameter as dynamic password, generate a dynamic password, if consistent with the dynamic password that the user submits to, then subscriber authentication is passed through.
Except that above-mentioned dynamic password generates parameter, also can be with the combination in any of current system time, password challenging value and several the authorization informations of portable terminal, and generate parameter as dynamic password.
In such scheme, if server update dynamic password generating algorithm and dynamic password generate personal authentication's information of parameter and user, personal authentication's information that dynamic password generating algorithm after will upgrading by the OTA short message and dynamic password generate parameter and user is handed down to the portable terminal that the user uses, and is sent to SIM card or the SIM expansion card that is arranged in the portable terminal by portable terminal.For example, server is updated to the dynamic password parameter user's several authorization informations by the password challenging value, by sending the OTA short message to the employed portable terminal of user, after making the dynamic password generation parameter update in SIM card or the SIM expansion card, the password menu is updated to " multiple password " menu item by " password challenging value " menu item among the STK, and dialog box or the input frame that the prompting user imports the dynamic password parameter also is updated to " input user's several Transaction Informations " by " challenging value of entering password ".After then the user operated STK password menu, STK can eject dialog box or the input frame that the prompting user imports several Transaction Informations.
Fig. 7 is the structural representation of dynamic password generating apparatus embodiment one of the present invention.The dynamic password generating apparatus is specifically as follows the data card that is arranged in the portable terminal in the present embodiment, specifically can be SIM card or SIM expansion card.Present embodiment is example with the data card, and the technical scheme of dynamic password generating apparatus of the present invention is described.As shown in Figure 7, present embodiment comprises: receiver module 71, dynamic password generation module 72, sending module 73.
Receiver module 71 is used for solicited message that mobile terminal receive sends, that acquisition request is used for the user is carried out the dynamic password of authentication; Solicited message is after the server prompts user submits dynamic password to, and is when user's triggering mobile terminals is obtained dynamic password, that portable terminal sends and carry dynamic password and generate parameter.
Dynamic password generation module 72 is used for personal authentication's information and dynamic password generation parameter according to the user of storage, uses the dynamic password generating algorithm that presets, and generates corresponding dynamic password.
Sending module 73 is used for returning dynamic password to portable terminal, uses dynamic password for the user and carries out authentication to server requests.
Particularly, when the server prompts user obtained dynamic password, user's triggering mobile terminals sent the solicited message of obtaining dynamic password to receiver module.The solicited message of the generation dynamic password that receiver module 71 mobile terminal receives send.Solicited message carries dynamic password and generates parameter.The dynamic password that dynamic password generation module 72 receives according to receiver module 71 generates personal authentication's information of the user of parameter and storage, uses the dynamic password generating algorithm that presets, and generates dynamic password.After dynamic password generation module 72 generated dynamic password, sending module 73 returned to portable terminal with this dynamic password, used dynamic password for the user and carried out authentication to server requests.
Wherein, the user submits to the mode of dynamic password to have two kinds to server: the one, and the user directly imports dynamic password on client browser or client transaction software, sent to server by client browser or client transaction software; The 2nd, the user uses portable terminal and submits to server in the short message mode.
Wherein, data card is a SIM card in the portable terminal as if being arranged on, then the dynamic password that carries in the solicited message that portable terminal sends generates parameter and comprises any one or its combination in the following information: when user's triggering mobile terminals was obtained dynamic password, user's password challenging value input, that provide to the user when server prompts user submits dynamic password to was provided portable terminal; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.
Wherein, data card is the SIM expansion card in the portable terminal as if being arranged on, then the dynamic password that carries in the solicited message that portable terminal sends generates parameter and comprises any one or its combination in the following information: when user's triggering mobile terminals is obtained dynamic password, and the current system time that portable terminal obtains; When user's triggering mobile terminals was obtained dynamic password, user's password challenging value input, that provide to the user when server prompts user submits dynamic password to was provided portable terminal; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.
The working mechanism of dynamic password apparatus can not repeat them here referring to the record of the corresponding embodiment of Fig. 1 to Fig. 6 in the present embodiment.
The present embodiment dynamic password apparatus, when the server prompts user obtains dynamic password, the user sends the solicited message that generates dynamic password by operating mobile terminal to the receiver module of dynamic password generating apparatus, the dynamic password generating apparatus in time generates dynamic password by the dynamic password generation module that is built in wherein for the user, and offers the user by portable terminal.Therefore, carry mobile terminal user and can obtain the dynamic password that carries out authentication whenever and wherever possible, and use this dynamic password to the request server authentication to carry out safe electronic transaction and secure log, access server.Thereby, satisfied the demand that the user carries out secure electronic transaction and secure log, access server whenever and wherever possible.
Fig. 8 implements two structural representation for dynamic password generating apparatus of the present invention.Be personal authentication's information and the dynamic password generating algorithm that makes the user who stores in the data card, and the dynamic password that generates dynamic password time institute foundation generates parameter, consistent with server end, can be by the OTA passage with the data card of above-mentioned download of information to user's use.As shown in Figure 8, on the basis of Fig. 7, such scheme also comprises: update module 74.Update module 74 is used for downloading and renewal data card user's the personal authentication's information and the relevant information of dynamic password generating algorithm and relevant dynamic password generation parameter by aerial download channel.
As shown in Figure 8, on the basis of Fig. 7, such scheme also comprises: memory module 75.Memory module 75 is used to store personal authentication's information of dynamic password generating algorithm and user.
Receive the solicited message of portable terminal transmission at receiver module 71 after, the dynamic password that dynamic password generation module 72 receives according to receiver module 71 generates personal authentication's information of the user of parameter and memory module 75 storages, and the dynamic password generating algorithm of application memory module 75 storages, generate dynamic password.
Beijing Foreign Language Studies University, generate under the situation of several Transaction Informations that parameter is password challenging value or the current transaction of user at dynamic password, when user's triggering mobile terminals is obtained the solicited message of dynamic password to the data card transmission, password challenging value that needs input server provides or several Transaction Informations of current transaction.When making the user operate the password menu of STK, STK can eject dialog box or input frame, prompting user's " enter password challenging value or several Transaction Informations ", memory module 75 also is used to store several Transaction Informations of pointing out the user to import the user and/or the information of pointing out the user to enter password challenging value.
Fig. 9 is the structural representation of network system embodiment of the present invention, and as shown in Figure 9, present embodiment comprises; Be provided with the portable terminal 91 of dynamic password generating apparatus 90, and server 92.Wherein, the working mechanism of dynamic password generating apparatus 90 does not repeat them here referring to the description of Fig. 7 or the corresponding embodiment of Fig. 8.
Server 92 is used for the dynamic password according to user's submission, and user's identity is verified.
Portable terminal 91 sends solicited message to dynamic password generating apparatus 90, to obtain the dynamic password that is used for the user is carried out authentication.Afterwards, portable terminal 91 receives the dynamic password that dynamic password apparatus 92 returns, and provides dynamic password to submit dynamic password for the user to server 92 to the user.
Wherein, the user submits to the mode of dynamic password to have two kinds to server 92: the one, and the user directly imports dynamic password on client browser or client transaction software, sent to server 92 by client browser or client transaction software; The 2nd, the user uses portable terminal 91 and submits to server 92 in the short message mode.
The present embodiment network system, when the server prompts user obtains the dynamic password that carries out authentication, after portable terminal sends the solicited message that generates dynamic password to the dynamic password generating apparatus, the dynamic password generating apparatus in time generates dynamic password by personal authentication's information of built-in dynamic password algorithm and user for the user, and offers the user by portable terminal.Therefore, carry mobile terminal user and can obtain the dynamic password that carries out authentication whenever and wherever possible, and use this dynamic password to the request server authentication to carry out safe electronic transaction and secure log, access server.Thereby, satisfied the demand that the user carries out secure electronic transaction and secure log, access server whenever and wherever possible.
It should be noted that at last: above embodiment is only in order to technical scheme of the present invention to be described but not limit it, although the present invention is had been described in detail with reference to preferred embodiment, those of ordinary skill in the art is to be understood that: it still can make amendment or be equal to replacement technical scheme of the present invention, and these modifications or be equal to replacement and also can not make amended technical scheme break away from the spirit and scope of technical solution of the present invention.