CN101699892A - Method and device for generating dynamic passwords and network system - Google Patents
Method and device for generating dynamic passwords and network system Download PDFInfo
- Publication number
- CN101699892A CN101699892A CN200910236825A CN200910236825A CN101699892A CN 101699892 A CN101699892 A CN 101699892A CN 200910236825 A CN200910236825 A CN 200910236825A CN 200910236825 A CN200910236825 A CN 200910236825A CN 101699892 A CN101699892 A CN 101699892A
- Authority
- CN
- China
- Prior art keywords
- dynamic password
- user
- portable terminal
- server
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method and a device for generating dynamic passwords and a network system. The method for generating the dynamic passwords comprises the following steps: receiving request information for acquiring a dynamic password used for the authentification of a user, wherein the request information is sent by a mobile terminal, wherein the request information is sent by the mobile terminal and carries dynamic password generation parameters when the user triggers the mobile terminal to acquire the dynamic password after a server prompts the user to submit the dynamic password; generating a corresponding dynamic password by using a preset dynamic password generating algorithm according to the stored personal certification information of the user and the dynamic password generation parameters; and returning the dynamic password to the mobile terminal, wherein the dynamic password is used by the user to request the server to authenticate the identity. The method and the device are suitable for the user to submit the dynamic password to the server for the identity authentication when the user logs in and visits the server through a client browser or client software, or performs an electronic transaction.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of dynamic password formation method and dynamic password generating apparatus and network system.
Background technology
Along with the develop rapidly of the communication technology, become important bank transaction business model based on internet and mobile network's electronic transaction.For example, the user can by support WAP (wireless application protocol) (WirelessApplication Protocol, be called for short: WAP) the portable terminal WAP site log-on of technology, carry out internet bank trade.In order to guarantee the reliability and the fail safe of e-bank transaction, become key problem in the internet bank trade business based on authentication to subscriber identity information.At present, each large-scale commerce bank mainly adopts dynamic password card and U shield as the e-bank's security medium to the subscriber identity information authentication.
Dynamic password card is big little, a card that shape is similar to bank card, is commonly called as scratch card, is coated with a plurality of different passwords on every card.The user submits client certificate to server earlier when using e-bank, server is imported trading password to client certificate verification by back prompting user, and the password that this moment, the user inputed on the scratch card in order gets final product, and each password can only use once.Dynamic password adopts the mode of one-time pad, does not need the client to be provided with, to remember, and all uses new password at every turn, has overcome the shortcoming of static password, efficiently solves some lawless persons and utilizes " wooden horse " virus to steal the problem of Web bank's password.
The U shield is a kind of USB (UniversalSerial Bus based on " USB Key " identification authentication mode; Hereinafter to be referred as: USB) equipment, built-in single-chip microcomputer or intelligent chip, shape is similar to USB flash disk.Single-chip microcomputer or intelligent chip have memory space, are used to store user's key or personal digital certificate.When the user concludes the business on the net, submit client certificate to server earlier, server inserts the U shield to client certificate verification by back prompting user, the user inserts the U shield USB interface of personal computer, built-in 1024 asymmetric key algorithms of U shield just to data encrypt, deciphering and digital signature, thereby guaranteed the fail safe of authentification of user.
But there are following defective in dynamic password card and U shield: the user for using dynamic password card or U shield, when carrying out electronic transaction, must carry dynamic password card or U shield; And dynamic password card or U shield also need to use simultaneously with client certificate, otherwise can't carry out electronic transaction.Thereby, for the user, can not carry out electronic transaction anywhere or anytime, limited the applied environment that the user carries out electronic transaction.
Summary of the invention
The purpose of this invention is to provide a kind of dynamic password formation method and dynamic password generating apparatus and network system, with the dynamic password that impels the user to obtain whenever and wherever possible to carry out authentication to carry out safe electronic transaction and secure log, access server.
For achieving the above object, the invention provides a kind of dynamic password formation method, comprising:
Mobile terminal receive sends, acquisition request is used for the user is carried out the solicited message of the dynamic password of authentication, described request information is that described portable terminal sends after the described user of server prompts submits dynamic password to, and carries dynamic password generation parameter;
Personal authentication's information and described dynamic password according to the described user who stores generate parameter, use the dynamic password generating algorithm that presets, and generate corresponding dynamic password;
Return described dynamic password to described portable terminal, use described dynamic password for described user and carry out authentication to described server requests.
The present invention also provides a kind of dynamic password generating apparatus, comprising:
Receiver module, be used for solicited message that mobile terminal receive sends, that acquisition request is used for the user is carried out the dynamic password of authentication, described request information is that described portable terminal is after the described user of server prompts submits dynamic password to, when described user triggers described portable terminal and obtains described dynamic password, that described portable terminal sends and carry dynamic password and generate parameter;
The dynamic password generation module is used for personal authentication's information and described dynamic password generation parameter according to the described user of storage, uses the dynamic password generating algorithm that presets, and generates corresponding dynamic password;
Sending module is used for returning described dynamic password to described portable terminal, uses described dynamic password for described user and carries out authentication to described server requests.
The present invention has also comprised a kind of network system, comprising:
Be provided with the portable terminal of described dynamic password generating apparatus, and be used for the dynamic password submitted to according to described user, the server that described user's identity is verified.
Embodiment of the invention dynamic password formation method and dynamic password generating apparatus and system, when the server prompts user obtains the dynamic password that carries out authentication, after portable terminal sends the solicited message that generates dynamic password to the dynamic password generating apparatus, the dynamic password generating apparatus in time generates dynamic password by personal authentication's information of built-in dynamic password algorithm and user for the user, and offers the user by portable terminal.Therefore, carry mobile terminal user and can obtain the dynamic password that carries out authentication whenever and wherever possible, and use this dynamic password to the request server authentication to carry out safe electronic transaction and secure log, access server.Thereby, satisfied the demand that the user carries out secure electronic transaction and secure log, access server whenever and wherever possible.
Description of drawings
Fig. 1 is the flow chart of dynamic password formation method embodiment one of the present invention;
Fig. 2 is the schematic diagram of dynamic password way of submission among the dynamic password formation method embodiment two of the present invention;
Fig. 3 is the schematic diagram of dynamic password way of submission among the dynamic password formation method embodiment three of the present invention;
Fig. 4 is dynamic password among the dynamic password formation method embodiment four of the present invention generates parameter when being the current system time of portable terminal signaling process figure;
Signaling process figure when Fig. 5 is the password challenging value for dynamic password among the dynamic password formation method embodiment five of the present invention generates parameter;
Fig. 6 is dynamic password among the dynamic password formation method embodiment six of the present invention generates parameter when being several Transaction Informations of user signaling process figure;
Fig. 7 is the structural representation of dynamic password generating apparatus embodiment one of the present invention;
Fig. 8 is the structural representation of dynamic password generating apparatus embodiment two of the present invention;
Fig. 9 is the structural representation of network system embodiment of the present invention.
Embodiment
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
At present, portable terminal (for example mobile phone) has become a kind of means of communication of carrying that all kinds of crowds generally use.The data card that is provided with in the portable terminal, for example subscriber identification module (SubscriberIdentity Module; Hereinafter to be referred as: SIM card) or the SIM expansion card, be a kind of intelligent chip with functions such as storage, able to programme, processing.The SIM expansion card claims sticker again, is the contact conversion thin slice that designs for the SIM card slot that adapts to the different mobile terminal correspondence on the external form., that both are bonding during use the contact on the SIM card chip contacts aligning sticker, more this " bonding " blocked the SIM card slot that directly inserts portable terminal.Thus, the present invention utilizes the advantage of portable terminal and data card, a kind of scheme that solves above-mentioned prior art defective is provided, promptly on the basis that does not influence the portable terminal proper communication, in data card, is built-in with the dynamic password generation module that can in time generate dynamic password for the user.
Fig. 1 is the flow chart of dynamic password formation method embodiment one of the present invention.Executive agent in the present embodiment is the data card that is arranged in the portable terminal, specifically can be SIM card, also can be the SIM expansion card.Present embodiment describes the technical scheme of dynamic password formation method of the present invention so that to be arranged on data card in the portable terminal be example.As shown in Figure 1, present embodiment comprises:
Step 11: mobile terminal receive sends, acquisition request is used for the user is carried out the solicited message of the dynamic password of authentication.
The user by client browser (for example, Internet Explorer, or browser of mobile terminal: MP, Gorilla, UCWEB etc.) or client software is (for example, when stock exchange software) carrying out operation such as online payment, online login, or during by the login of client browser/client software, access server, server can point out the user that dynamic password is provided, by this dynamic password user identity is authenticated.At this moment, the user opens the portable terminal of carrying (for example, portable terminal), by the password menu item of (SIM TOOL Kit is called for short STK) of user identification application development instrument in the operating mobile terminal, sends solicited message to obtain dynamic password to data card.Send in the solicited message of data card at portable terminal, carry that portable terminal provides for data card, as to be used to generate dynamic password dynamic password generation parameter.(ApplicationProtocol Data Unit, be called for short: APDU) instruction sends the information that request generates dynamic password to data card to portable terminal by Application Protocol Data Unit.
For guaranteeing the fail safe of dynamic password, when the user starts the password menu item of STK, need PIN (the Personal Identify Number of input data card, be called for short PIN code), after the PIN code checking was passed through, portable terminal sent the information that request generates dynamic password by the APDU instruction to data card again.
Comprise one group among the STK and be used for portable terminal and data card carries out mutual instruction, by STK can the service data card plug-in.Communicating by letter between portable terminal and the data card, specifically the APDU by GSM11.11 and GSM11.14 agreement regulation instructs and realizes.The STK program can be positioned in the data card, and it provides a text menu operation interface for the user on portable terminal: the STK menu, the user can click menu wherein, realizes special application.In addition, if service provider's business has been carried out expansion or has been changed, can send message to customer mobile terminal, this message can be sent to data card, application program in the data card can be made amendment to existing STK menu according to this message, thereby reaches the purpose that new service is provided to the user.
Step 12: personal authentication's information and dynamic password according to the user who stores generate parameter, use the dynamic password generating algorithm that presets, and generate corresponding dynamic password.
After data card receives the solicited message of portable terminal transmission, use the dynamic password generating algorithm that presets, generate parameter according to the personal authentication's information of storage and the dynamic password of portable terminal transmission, for the user generates corresponding dynamic password.
At server end, store with data card in identical dynamic password generating algorithm and personal authentication's information of user.Server is the prompting user when submitting dynamic password to, can use the dynamic password generating algorithm of self storage and individual subscriber authentication information simultaneously and generate parameter with the dynamic password of data card agreement, also generates a dynamic password.If the dynamic password that server generates is consistent with the dynamic password that the user submits to, then user's authentication is passed through.
Wherein, personal authentication's information is the user after registration personal information on the server, is information that the user generates, the unique identification user identity by server.User's personal authentication's information and dynamic password generating algorithm can directly be built in the data card of user's use the user after succeeding in registration on the server.After personal authentication's information and the renewal of dynamic password generating algorithm, can be by server by aerial (the Over the Air that downloads, be called for short: OTA) passage promptly sends the OTA short message to the employed portable terminal of user, be handed down to the employed portable terminal of user, send data card to by portable terminal again.
Step 13: return dynamic password to portable terminal, use dynamic password for the user and carry out authentication to server requests.
After generating dynamic password, data card returns dynamic password to portable terminal, submits this dynamic password for the user to server, so that server carries out authentication to the user.
The present embodiment dynamic password formation method, when the server prompts user obtains the dynamic password that carries out authentication, after user's triggering mobile terminals sends the solicited message that generates dynamic password to data card, data card by built-in dynamic password algorithm and user personal authentication's information and the solicited message of portable terminal in the dynamic password that carries generate parameter, for the user in time generates dynamic password, and offer the user by portable terminal.Therefore, carry mobile terminal user and can obtain the dynamic password that carries out authentication whenever and wherever possible, and use this dynamic password to the request server authentication to carry out safe electronic transaction.Thereby, satisfied the demand that the user carries out secure electronic transaction and secure log, access server whenever and wherever possible.
In scheme shown in Figure 1, the user to server submit to dynamic password mode can for: the user directly imports dynamic password on client browser or client transaction software, sent to server by client browser or client transaction software.Fig. 2 is the schematic diagram of dynamic password short message way of submission among the dynamic password formation method embodiment two of the present invention.As shown in Figure 2, server, can be pointed out the user " please import dynamic password " simultaneously, and provide the dynamic password input frame when prompting user submits dynamic password to by client browser or client transaction software interface.Portable terminal is after the user provides dynamic password, and the user imports dynamic password in this input frame, and dynamic password sends to server through client browser or client transaction software.After server receives this dynamic password, the user is carried out authentication, if checking is by then allowing the user to enter concrete business according to this dynamic password.
In addition, the user submit dynamic password to server mode also can for: the user uses portable terminal and submits to server in the short message mode.Fig. 3 is the schematic diagram of dynamic password client way of submission among the dynamic password formation method embodiment three of the present invention, as shown in Figure 3, server is passing through client browser or client transaction software interface, when the prompting user submits dynamic password to, can point out the user " please to submit dynamic password to " simultaneously by short message.After server sent dynamic password, server carried out authentication according to this dynamic password to the user to user's operating mobile terminal in the short message mode, if checking is by then allowing the user to enter concrete business.
In scheme shown in Figure 1, if the data card that is arranged in the portable terminal is a SIM card, then dynamic password generates parameter and comprises any one or its combination in the following information: when user's triggering mobile terminals was obtained dynamic password, user's password challenging value input, that provide to the user when server prompts user submits dynamic password to was provided portable terminal; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.Several authorization informations wherein can be user's current Transaction Information when carrying out online payment.
In scheme shown in Figure 1, if the data card that is arranged in the portable terminal is a sticker for the SIM expansion card, then dynamic password generates parameter and comprises any one or its combination in the following information: when user's triggering mobile terminals is obtained dynamic password, and the current system time that portable terminal obtains; When user's triggering mobile terminals was obtained dynamic password, user's password challenging value input, that provide to the user when server prompts user submits dynamic password to was provided portable terminal; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.Several authorization informations wherein can be user's current Transaction Information when carrying out online payment.
If server generates parameter with the current system time of portable terminal as dynamic password, the SIM expansion card is used the dynamic password generating algorithm that presets, for the user generates dynamic password according to the personal authentication's information of storage and the current system time of portable terminal.Fig. 4 is dynamic password among the dynamic password formation method embodiment four of the present invention generates parameter when being the current system time of portable terminal signaling process figure, as shown in Figure 4, the user is when carrying out electronic transaction, server is by webpage, WAP interface or client transaction software, and the prompting user imports dynamic password so that user identity is authenticated.The user opens the STK in the portable terminal, clicks " time password " menu, and portable terminal is encapsulated in current system time in the APDU instruction and sends to the SIM expansion card, and request generates dynamic password.The SIM expansion card is used the dynamic password generating algorithm that presets according to the personal authentication's information of storage and the current system time of portable terminal transmission, generates the order of opening one's mouth.After generating dynamic password, the SIM expansion card sends to portable terminal by the APDU instruction with this dynamic password, so that portable terminal shows for the user on display screen.
At server end, adopt same dynamic password generating algorithm, personal authentication's information according to the user who self stores, current system time with server generates parameter as dynamic password, generate a dynamic password, if consistent with the dynamic password that the user submits to, then subscriber authentication is passed through.May there be error in the current system time of server and the current system time of portable terminal, so the dynamic password that server also can be submitted to the user in the error range of accepting is revised.As the SIM expansion card with current system time 10: 10: 20 on the 1st September in 2009 of portable terminal as time parameter, the current system time of server is 10: 10: 30 on the 1st September in 2009.If server acceptable time error range is 30 seconds, server is a time parameter with on September 1,10: 10: 45 10: 10 15 seconds to 2009 on the 1st September in 2009 so, generates 30 dynamic passwords.If the dynamic password that the user submits to is in above-mentioned 30 dynamic passwords, then user's authentication is passed through.
If the password challenging value that server will generate at random generates parameter as dynamic password, when the server prompts user imports dynamic password, can generate a password challenging value at random and provide this password challenging value simultaneously so to the user.Server provides the mode of this password challenging value to have two kinds to the user: the one, provide this password challenging value by above-mentioned client browser or client transaction software to the user; The 2nd, this password challenging value is sent to user's portable terminal by short message way.Signaling process figure when Fig. 5 is the password challenging value for dynamic password among the dynamic password formation method embodiment five of the present invention generates parameter, as shown in Figure 5, on client browser interface or client transaction software interface, show the password challenging value " 478319 " that server provides." challenging value password " menu item of STK on user's operating mobile terminal, the challenging value of directly in dialog box that ejects or input frame, entering password.The user enters password behind the challenging value, and portable terminal is enclosed in the password challenging value in the APDU instruction and sends to SIM card or SIM expansion card, and request generates dynamic password.SIM card or SIM expansion card are used the dynamic password generating algorithm that presets according to the personal authentication's information of storage and the password challenging value of portable terminal transmission, generate dynamic password.After generating dynamic password, SIM card or SIM expansion card send to portable terminal by the APDU instruction with this dynamic password, so that portable terminal shows for the user on display screen.
At server end, adopt same dynamic password generating algorithm, according to personal authentication's information of the user who self stores, generate parameter with the password challenging value as dynamic password, generate a dynamic password, if consistent with the dynamic password of user's submission, then subscriber authentication is passed through.
If server is with user's current number item authorization information, the current number item Transaction Information when for example the user pays on the net generates parameter as dynamic password, and portable terminal need obtain user's several Transaction Informations so.User's several Transaction Informations can for, the remittance number of the account of current transaction, shroff account number, dealing money, negotiator's name Pinyin abbreviation etc.Above-mentioned account information, it is complete not require that the user imports, and for example, can require the user to import remittance preceding 4 of number of the account, back 4 of shroff account number etc.Fig. 6 is dynamic password among the dynamic password formation method embodiment six of the present invention generates parameter when being several Transaction Informations of user signaling process figure, as shown in Figure 6, on client browser interface or client transaction software interface, the dynamic password that shows server requirement generates parameter: remittance number of the account, shroff account number, dealing money." multiple password " menu item of STK on user's operating mobile terminal, STK can eject dialog box or input frame prompting user imports several current Transaction Informations, and the user directly imports several current Transaction Informations on STK.After the user imported several Transaction Informations, portable terminal was enclosed in several Transaction Informations in the APDU instruction and sends to SIM card or SIM expansion card, and request generates dynamic password.SIM card or SIM expansion card are used the dynamic password generating algorithm that presets according to personal authentication's information of storage and several Transaction Informations of portable terminal transmission, generate dynamic password.After generating dynamic password, SIM card or SIM expansion card send to portable terminal by the APDU instruction with this dynamic password, so that portable terminal shows for the user on display screen.
At server end, adopt same dynamic password generating algorithm, personal authentication's information according to the user who self stores, and several the current authorization informations of importing with the user generate parameter as dynamic password, generate a dynamic password, if consistent with the dynamic password that the user submits to, then subscriber authentication is passed through.
Except that above-mentioned dynamic password generates parameter, also can be with the combination in any of current system time, password challenging value and several the authorization informations of portable terminal, and generate parameter as dynamic password.
In such scheme, if server update dynamic password generating algorithm and dynamic password generate personal authentication's information of parameter and user, personal authentication's information that dynamic password generating algorithm after will upgrading by the OTA short message and dynamic password generate parameter and user is handed down to the portable terminal that the user uses, and is sent to SIM card or the SIM expansion card that is arranged in the portable terminal by portable terminal.For example, server is updated to the dynamic password parameter user's several authorization informations by the password challenging value, by sending the OTA short message to the employed portable terminal of user, after making the dynamic password generation parameter update in SIM card or the SIM expansion card, the password menu is updated to " multiple password " menu item by " password challenging value " menu item among the STK, and dialog box or the input frame that the prompting user imports the dynamic password parameter also is updated to " input user's several Transaction Informations " by " challenging value of entering password ".After then the user operated STK password menu, STK can eject dialog box or the input frame that the prompting user imports several Transaction Informations.
Fig. 7 is the structural representation of dynamic password generating apparatus embodiment one of the present invention.The dynamic password generating apparatus is specifically as follows the data card that is arranged in the portable terminal in the present embodiment, specifically can be SIM card or SIM expansion card.Present embodiment is example with the data card, and the technical scheme of dynamic password generating apparatus of the present invention is described.As shown in Figure 7, present embodiment comprises: receiver module 71, dynamic password generation module 72, sending module 73.
Dynamic password generation module 72 is used for personal authentication's information and dynamic password generation parameter according to the user of storage, uses the dynamic password generating algorithm that presets, and generates corresponding dynamic password.
Sending module 73 is used for returning dynamic password to portable terminal, uses dynamic password for the user and carries out authentication to server requests.
Particularly, when the server prompts user obtained dynamic password, user's triggering mobile terminals sent the solicited message of obtaining dynamic password to receiver module.The solicited message of the generation dynamic password that receiver module 71 mobile terminal receives send.Solicited message carries dynamic password and generates parameter.The dynamic password that dynamic password generation module 72 receives according to receiver module 71 generates personal authentication's information of the user of parameter and storage, uses the dynamic password generating algorithm that presets, and generates dynamic password.After dynamic password generation module 72 generated dynamic password, sending module 73 returned to portable terminal with this dynamic password, used dynamic password for the user and carried out authentication to server requests.
Wherein, the user submits to the mode of dynamic password to have two kinds to server: the one, and the user directly imports dynamic password on client browser or client transaction software, sent to server by client browser or client transaction software; The 2nd, the user uses portable terminal and submits to server in the short message mode.
Wherein, data card is a SIM card in the portable terminal as if being arranged on, then the dynamic password that carries in the solicited message that portable terminal sends generates parameter and comprises any one or its combination in the following information: when user's triggering mobile terminals was obtained dynamic password, user's password challenging value input, that provide to the user when server prompts user submits dynamic password to was provided portable terminal; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.
Wherein, data card is the SIM expansion card in the portable terminal as if being arranged on, then the dynamic password that carries in the solicited message that portable terminal sends generates parameter and comprises any one or its combination in the following information: when user's triggering mobile terminals is obtained dynamic password, and the current system time that portable terminal obtains; When user's triggering mobile terminals was obtained dynamic password, user's password challenging value input, that provide to the user when server prompts user submits dynamic password to was provided portable terminal; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.
The working mechanism of dynamic password apparatus can not repeat them here referring to the record of the corresponding embodiment of Fig. 1 to Fig. 6 in the present embodiment.
The present embodiment dynamic password apparatus, when the server prompts user obtains dynamic password, the user sends the solicited message that generates dynamic password by operating mobile terminal to the receiver module of dynamic password generating apparatus, the dynamic password generating apparatus in time generates dynamic password by the dynamic password generation module that is built in wherein for the user, and offers the user by portable terminal.Therefore, carry mobile terminal user and can obtain the dynamic password that carries out authentication whenever and wherever possible, and use this dynamic password to the request server authentication to carry out safe electronic transaction and secure log, access server.Thereby, satisfied the demand that the user carries out secure electronic transaction and secure log, access server whenever and wherever possible.
Fig. 8 implements two structural representation for dynamic password generating apparatus of the present invention.Be personal authentication's information and the dynamic password generating algorithm that makes the user who stores in the data card, and the dynamic password that generates dynamic password time institute foundation generates parameter, consistent with server end, can be by the OTA passage with the data card of above-mentioned download of information to user's use.As shown in Figure 8, on the basis of Fig. 7, such scheme also comprises: update module 74.Update module 74 is used for downloading and renewal data card user's the personal authentication's information and the relevant information of dynamic password generating algorithm and relevant dynamic password generation parameter by aerial download channel.
As shown in Figure 8, on the basis of Fig. 7, such scheme also comprises: memory module 75.Memory module 75 is used to store personal authentication's information of dynamic password generating algorithm and user.
Receive the solicited message of portable terminal transmission at receiver module 71 after, the dynamic password that dynamic password generation module 72 receives according to receiver module 71 generates personal authentication's information of the user of parameter and memory module 75 storages, and the dynamic password generating algorithm of application memory module 75 storages, generate dynamic password.
Beijing Foreign Language Studies University, generate under the situation of several Transaction Informations that parameter is password challenging value or the current transaction of user at dynamic password, when user's triggering mobile terminals is obtained the solicited message of dynamic password to the data card transmission, password challenging value that needs input server provides or several Transaction Informations of current transaction.When making the user operate the password menu of STK, STK can eject dialog box or input frame, prompting user's " enter password challenging value or several Transaction Informations ", memory module 75 also is used to store several Transaction Informations of pointing out the user to import the user and/or the information of pointing out the user to enter password challenging value.
Fig. 9 is the structural representation of network system embodiment of the present invention, and as shown in Figure 9, present embodiment comprises; Be provided with the portable terminal 91 of dynamic password generating apparatus 90, and server 92.Wherein, the working mechanism of dynamic password generating apparatus 90 does not repeat them here referring to the description of Fig. 7 or the corresponding embodiment of Fig. 8.
Wherein, the user submits to the mode of dynamic password to have two kinds to server 92: the one, and the user directly imports dynamic password on client browser or client transaction software, sent to server 92 by client browser or client transaction software; The 2nd, the user uses portable terminal 91 and submits to server 92 in the short message mode.
The present embodiment network system, when the server prompts user obtains the dynamic password that carries out authentication, after portable terminal sends the solicited message that generates dynamic password to the dynamic password generating apparatus, the dynamic password generating apparatus in time generates dynamic password by personal authentication's information of built-in dynamic password algorithm and user for the user, and offers the user by portable terminal.Therefore, carry mobile terminal user and can obtain the dynamic password that carries out authentication whenever and wherever possible, and use this dynamic password to the request server authentication to carry out safe electronic transaction and secure log, access server.Thereby, satisfied the demand that the user carries out secure electronic transaction and secure log, access server whenever and wherever possible.
It should be noted that at last: above embodiment is only in order to technical scheme of the present invention to be described but not limit it, although the present invention is had been described in detail with reference to preferred embodiment, those of ordinary skill in the art is to be understood that: it still can make amendment or be equal to replacement technical scheme of the present invention, and these modifications or be equal to replacement and also can not make amended technical scheme break away from the spirit and scope of technical solution of the present invention.
Claims (10)
1. a dynamic password formation method is characterized in that, comprising:
Mobile terminal receive sends, acquisition request is used for the user is carried out the solicited message of the dynamic password of authentication, described request information is after the described user of server prompts submits dynamic password to, when described user triggers described portable terminal and obtains described dynamic password, described portable terminal sends, and carries dynamic password generation parameter;
Personal authentication's information and described dynamic password according to the described user who stores generate parameter, use the dynamic password generating algorithm that presets, and generate corresponding dynamic password;
Return described dynamic password to described portable terminal, use described dynamic password for described user and carry out authentication to described server requests.
2. dynamic password formation method according to claim 1 is characterized in that, described dynamic password generates parameter and comprises any one or its combination in the following information:
When described user triggers described portable terminal and obtains dynamic password, the current system time that described portable terminal obtained;
When described user triggered described portable terminal and obtains dynamic password, described user password challenging value input, that provide to described user when the described user of described server prompts submits dynamic password to was provided described portable terminal;
When described user triggered described portable terminal and obtains dynamic password, described portable terminal received the described user's of described user's input several authorization informations.
3. dynamic password formation method according to claim 2 is characterized in that, described password challenging value is provided to described user by client browser or client transaction software by described server; Or, provide to described user with the short message form by described server.
4. dynamic password formation method according to claim 1 is characterized in that, described method also comprises:
Download and upgrade described user's personal authentication's information and described dynamic password generating algorithm by aerial download channel.
5. dynamic password formation method according to claim 1 is characterized in that, described user uses described dynamic password and carries out authentication to described server requests and comprise:
Described user uses described portable terminal and sends described dynamic password in the short message mode to described server; Or,
Described user submits described dynamic password by client browser or client transaction software to described server.
6. a dynamic password generating apparatus is characterized in that, comprising:
Receiver module, be used for solicited message that mobile terminal receive sends, that acquisition request is used for the user is carried out the dynamic password of authentication, described request information is after the described user of server prompts submits dynamic password to, when described user triggers described portable terminal and obtains described dynamic password, that described portable terminal sends and carry dynamic password and generate parameter;
The dynamic password generation module is used for personal authentication's information and described dynamic password generation parameter according to the described user of storage, uses the dynamic password generating algorithm that presets, and generates corresponding dynamic password;
Sending module is used for returning described dynamic password to described portable terminal, uses described dynamic password for described user and carries out authentication to described server requests.
7. dynamic password generating apparatus according to claim 6 is characterized in that, also comprises:
Memory module is used to store personal authentication's information of dynamic password generating algorithm and user.
8. dynamic password generating apparatus according to claim 7 is characterized in that, described memory module also is used to store the prompting user and imports described user's several Transaction Informations and/or point out the user to import the information of described password challenging value.
9. dynamic password generating apparatus according to claim 6 is characterized in that, also comprises:
Update module is used for downloading and upgrading by aerial download channel described user's personal authentication's information and described dynamic password generating algorithm.
10. network system, it is characterized in that, comprise: be provided with portable terminal, and be used for the dynamic password submitted to according to described user, the server that described user's identity is verified as each described dynamic password generating apparatus of claim 6 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102368252A CN101699892B (en) | 2009-10-30 | 2009-10-30 | Method and device for generating dynamic passwords and network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102368252A CN101699892B (en) | 2009-10-30 | 2009-10-30 | Method and device for generating dynamic passwords and network system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101699892A true CN101699892A (en) | 2010-04-28 |
| CN101699892B CN101699892B (en) | 2012-06-06 |
Family
ID=42148332
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009102368252A Active CN101699892B (en) | 2009-10-30 | 2009-10-30 | Method and device for generating dynamic passwords and network system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101699892B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102468862A (en) * | 2010-11-15 | 2012-05-23 | 上海合玉科技发展有限公司 | High frequency radio-frequency circuit embedded mobile phone expansion card sticker |
| WO2013067935A1 (en) * | 2011-11-08 | 2013-05-16 | Chan Ka Yin Victor | Method and system for authenticating user's identity and equipment used therein |
| WO2013075380A1 (en) * | 2011-11-24 | 2013-05-30 | 飞天诚信科技股份有限公司 | Dynamic password authentication method and system |
| CN103580874A (en) * | 2013-11-15 | 2014-02-12 | 清华大学 | Identity authentication method and system and password protection device |
| CN103684796A (en) * | 2013-12-27 | 2014-03-26 | 大唐微电子技术有限公司 | SMI (subscriber identity module) card and personal identity authentication method |
| CN104125230A (en) * | 2014-07-31 | 2014-10-29 | 上海动联信息技术股份有限公司 | Short message authentication service system and authentication method |
| CN104202162A (en) * | 2014-08-12 | 2014-12-10 | 武汉理工大学 | System for login based on mobile phone and login method |
| CN103152732B (en) * | 2013-03-15 | 2015-01-28 | 汪德嘉 | Cloud password system and operation method thereof |
| WO2015117323A1 (en) * | 2014-07-16 | 2015-08-13 | 中兴通讯股份有限公司 | Method and device for achieving remote payment |
| CN106953726A (en) * | 2017-02-14 | 2017-07-14 | 上海林果实业股份有限公司 | A kind of message authentication method, message authentication device and host computer |
| CN106998251A (en) * | 2014-04-21 | 2017-08-01 | 李海英 | Dynamic password formation method based on integrated mode |
| CN107294978A (en) * | 2017-06-27 | 2017-10-24 | 北京知道创宇信息技术有限公司 | System, equipment, method and input equipment that account to user is authenticated |
| CN108809659A (en) * | 2015-12-01 | 2018-11-13 | 神州融安科技(北京)有限公司 | Generation, verification method and system, the dynamic password system of dynamic password |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100505927C (en) * | 2004-10-22 | 2009-06-24 | 北京握奇数据系统有限公司 | Dynamic password identification method |
| CN1731723A (en) * | 2005-08-19 | 2006-02-08 | 上海林果科技有限公司 | Electron/handset token dynamic password identification system |
| CN101339677B (en) * | 2008-08-28 | 2010-06-23 | 北京飞天诚信科技有限公司 | Safe authorization method and system |
-
2009
- 2009-10-30 CN CN2009102368252A patent/CN101699892B/en active Active
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102468862A (en) * | 2010-11-15 | 2012-05-23 | 上海合玉科技发展有限公司 | High frequency radio-frequency circuit embedded mobile phone expansion card sticker |
| CN102468862B (en) * | 2010-11-15 | 2015-06-03 | 上海合玉科技发展有限公司 | High frequency radio-frequency circuit embedded mobile phone expansion card sticker |
| WO2013067935A1 (en) * | 2011-11-08 | 2013-05-16 | Chan Ka Yin Victor | Method and system for authenticating user's identity and equipment used therein |
| WO2013075380A1 (en) * | 2011-11-24 | 2013-05-30 | 飞天诚信科技股份有限公司 | Dynamic password authentication method and system |
| US9386013B2 (en) | 2011-11-24 | 2016-07-05 | Feitian Technologies Co., Ltd. | Dynamic password authentication method and system thereof |
| CN103152732B (en) * | 2013-03-15 | 2015-01-28 | 汪德嘉 | Cloud password system and operation method thereof |
| CN103580874A (en) * | 2013-11-15 | 2014-02-12 | 清华大学 | Identity authentication method and system and password protection device |
| CN103580874B (en) * | 2013-11-15 | 2017-01-04 | 清华大学 | Identity identifying method, system and cipher protection apparatus |
| CN103684796A (en) * | 2013-12-27 | 2014-03-26 | 大唐微电子技术有限公司 | SMI (subscriber identity module) card and personal identity authentication method |
| CN106998251A (en) * | 2014-04-21 | 2017-08-01 | 李海英 | Dynamic password formation method based on integrated mode |
| CN106998251B (en) * | 2014-04-21 | 2018-03-09 | 广州合利宝支付科技有限公司 | Dynamic password formation method based on integrated mode |
| WO2015117323A1 (en) * | 2014-07-16 | 2015-08-13 | 中兴通讯股份有限公司 | Method and device for achieving remote payment |
| CN104125230A (en) * | 2014-07-31 | 2014-10-29 | 上海动联信息技术股份有限公司 | Short message authentication service system and authentication method |
| CN104125230B (en) * | 2014-07-31 | 2017-12-15 | 上海动联信息技术股份有限公司 | A kind of short message certification service system and authentication method |
| CN104202162B (en) * | 2014-08-12 | 2017-09-22 | 武汉理工大学 | A kind of system logged in based on mobile phone and login method |
| CN104202162A (en) * | 2014-08-12 | 2014-12-10 | 武汉理工大学 | System for login based on mobile phone and login method |
| CN108809659A (en) * | 2015-12-01 | 2018-11-13 | 神州融安科技(北京)有限公司 | Generation, verification method and system, the dynamic password system of dynamic password |
| CN108809659B (en) * | 2015-12-01 | 2022-01-18 | 神州融安科技(北京)有限公司 | Dynamic password generation method, dynamic password verification method, dynamic password system and dynamic password verification system |
| CN106953726A (en) * | 2017-02-14 | 2017-07-14 | 上海林果实业股份有限公司 | A kind of message authentication method, message authentication device and host computer |
| CN107294978A (en) * | 2017-06-27 | 2017-10-24 | 北京知道创宇信息技术有限公司 | System, equipment, method and input equipment that account to user is authenticated |
| CN107294978B (en) * | 2017-06-27 | 2019-11-12 | 北京知道创宇信息技术股份有限公司 | System, equipment, method and the input equipment that the account of user is authenticated |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101699892B (en) | 2012-06-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101699892B (en) | Method and device for generating dynamic passwords and network system | |
| CN101414909B (en) | System, method and mobile communication terminal for verifying network application user identification | |
| CA2665961C (en) | Method and system for delivering a command to a mobile device | |
| KR20070048815A (en) | System and method for the one-time password authentication by using a smart card and/or a mobile phone including a smart-card chip | |
| CN104820944A (en) | Method and system for bank self-service terminal authentication, and device | |
| CN101931530B (en) | Generation method, authentication method and device for dynamic password and network system | |
| CN108460597A (en) | A kind of key management system and method | |
| CN109451483B (en) | eSIM data processing method, equipment and readable storage medium | |
| CN106485480A (en) | A kind of terminal recharge method and system, a kind of network payment system | |
| CN106651366A (en) | Mobile terminal and transaction confirmation method and device thereof, and smart card | |
| KR101625222B1 (en) | Method for Operating OTP by Seed Combination Mode | |
| KR20130080029A (en) | Method for displaying network type one time password by using authentication of near field communication medium | |
| KR20170087073A (en) | Method for Providing Network type OTP by Seed Combination Mode | |
| KR101625219B1 (en) | Method for Providing Network type OTP of Multiple Code Creation Mode by using Users Medium | |
| KR101754823B1 (en) | Method for Operating Multiple Authentication Mode OTP by using Biometrics | |
| KR20100136379A (en) | System and method for settling mobile phone by multiple code creation mode network otp authentication and recording medium | |
| KR20160121791A (en) | Method for Providing Network type OTP by Seed Combination Mode | |
| TWI603222B (en) | Trusted service opening method, system, device and computer program product on the internet | |
| TWM642404U (en) | System for identity verification applied to financial system | |
| KR102131375B1 (en) | Method for Providing Network type OTP | |
| KR20200080214A (en) | Method for Providing Network type OTP based on Program | |
| KR20130075762A (en) | System for operating network type one time password | |
| KR101645558B1 (en) | Method for Operating OTP by using Medium Authentication | |
| KR101625218B1 (en) | Method for Providing Network type OTP of Seed Combination Mode by using Users Medium | |
| KR20170109510A (en) | Method for Providing Service based on Medium Authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: BEIJING QIANDAIBAO NETWORK TECHNOLOGY CO., LTD. Free format text: FORMER NAME: BEIJING SHENZHOUFU E-PAY TECHNOLOGY CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 100088 Beijing City, Haidian District Zhichun Road No. 6 (Jinqiu International Building) No. B03 15 Patentee after: Beijing Bao Bao Network Technology Co., Ltd. Address before: 100088 Beijing City, Haidian District Zhichun Road No. 6 (Jinqiu International Building) No. B03 15 Patentee before: Beijing Shenzhoufu E-pay Technology Co., Ltd. |
|
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: 102300 A-3927 building, building 20, 3 Yongan Road, Shilong Economic Development Zone, Mentougou, Beijing Patentee after: Beijing purse net information technology Co., Ltd. Address before: 100088 Beijing City, Haidian District Zhichun Road No. 6 (Jinqiu International Building) No. B03 15 Patentee before: Beijing Bao Bao Network Technology Co., Ltd. |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20160912 Address after: 100080 Beijing Haidian District North Fourth Ring Road West, No. 9 2106-030 Patentee after: The fast online Science and Technology Ltd. in Beijing three Address before: 102300 A-3927 building, building 20, 3 Yongan Road, Shilong Economic Development Zone, Mentougou, Beijing Patentee before: Beijing purse net information technology Co., Ltd. |