Embodiment
Through accompanying drawing and embodiment, technical scheme of the present invention is done further detailed description below.
At present, portable terminal (for example mobile phone) has become a kind of means of communication of carrying that all kinds of crowds generally use.The data card that is provided with in the portable terminal, for example subscriber identification module (SubscriberIdentity Module; Hereinafter to be referred as: SIM) or the SIM expansion card, be a kind of intelligent chip with functions such as storage, able to programme, processing.The SIM expansion card is claimed sticker again, is for adapting to the contact conversion thin slice that the corresponding SIM slot of different mobile terminal designs on the external form.Aim at the contact on the sticker to the SIM chip contacts during use, both are bonding, more this " bonding " blocked the SIM slot that directly inserts portable terminal.Thus; The present invention utilizes the advantage of portable terminal and data card; A kind of scheme that solves above-mentioned prior art defective is provided, promptly on the basis that does not influence the portable terminal proper communication, in data card, is built-in with the dynamic password generation module that can in time generate dynamic password for the user.
Fig. 1 is the flow chart of dynamic password formation method embodiment one of the present invention.Executive agent in the present embodiment is the data card that is arranged in the portable terminal, specifically can be SIM, also can be the SIM expansion card.Present embodiment describes the technical scheme of dynamic password formation method of the present invention so that to be arranged on data card in the portable terminal be example.As shown in Figure 1, present embodiment comprises:
Step 11: mobile terminal receive sends, acquisition request is used for the user is carried out the solicited message of the dynamic password of authentication.
The user through client browser (for example; Internet Explorer; Or browser of mobile terminal: MP, Gorilla, UCWEB etc.) or client software (for example, stock exchange software) when carrying out operation such as online payment, online login, or during through client browser/client software login, access server; Server can point out the user that dynamic password is provided, through this dynamic password user identity is carried out authentication.At this moment, the user opens the portable terminal of carrying (for example, portable terminal), through the password menu item of (SIM TOOL Kit is called for short STK) of user identification application development instrument in the operating mobile terminal, sends solicited message to obtain dynamic password to data card.Send in the solicited message of data card at portable terminal, carrying portable terminal is dynamic password generation parameter that data card provides, that be used to generate dynamic password.(ApplicationProtocol Data Unit, be called for short: APDU) instruction generates the information of dynamic password to portable terminal to the data card request of sending through Application Protocol Data Unit.
For guaranteeing the fail safe of dynamic password; When the user starts the password menu item of STK; Need PIN (the Personal Identify Number of input data card; Be called for short PIN code), after the PIN code checking was passed through, portable terminal generated the information of dynamic password again to the data card request of sending through the APDU instruction.
Comprise one group among the STK and be used for portable terminal and data card carries out mutual instruction, through STK can the service data card plug-in.Communicating by letter between portable terminal and the data card, specifically the APDU through GSM11.11 and GSM11.14 agreement regulation instructs and realizes.The STK program can be positioned in the data card, and it provides a text menu operation interface for the user on portable terminal: the STK menu, the user can click menu wherein, realizes special application.In addition; If service provider's business has been carried out expansion or has been changed; Can send message to customer mobile terminal; This message can be sent to data card, and the application program in the data card can be made amendment to existing STK menu according to this message, thereby reaches the purpose that new service is provided to the user.
Step 12: personal authentication's information and dynamic password according to the user who stores generate parameter, use the dynamic password generating algorithm that presets, and generate corresponding dynamic password.
After data card receives the solicited message of portable terminal transmission, use the dynamic password generating algorithm that presets, generate parameter according to the personal authentication's information of storage and the dynamic password of portable terminal transmission, for the user generates corresponding dynamic password.
At server end, store with data card in identical dynamic password generating algorithm and personal authentication's information of user.Server is the prompting user when submitting dynamic password to, the dynamic password generating algorithm that can use self storage simultaneously and individual subscriber authentication information and with the dynamic password generation parameter of data card agreement, also generate a dynamic password.If the dynamic password that server generates is consistent with the dynamic password that the user submits to, then user's authentication is passed through.
Wherein, personal authentication's information is the user after registration personal information on the server, is information that the user generates, the unique identification user identity by server.User's personal authentication's information and dynamic password generating algorithm can directly be built in the data card of user's use the user after succeeding in registration on the server.After personal authentication's information and the renewal of dynamic password generating algorithm; Can be by server through air download (Over the Air; Be called for short: OTA) passage promptly sends the OTA short message to the employed portable terminal of user; Be handed down to the employed portable terminal of user, send data card to by portable terminal again.
Step 13: return dynamic password to portable terminal, supply user's application of dynamic password to carry out authentication to server requests.
After generating dynamic password, data card returns dynamic password to portable terminal, supplies the user to submit this dynamic password to server, so that server carries out authentication to the user.
The present embodiment dynamic password formation method; When the server prompts user obtains the dynamic password that carries out authentication; After user's triggering mobile terminals is sent the solicited message that generates dynamic password to data card; The dynamic password that carries in the solicited message of personal authentication's information and the portable terminal of data card through built-in dynamic password algorithm and user generates parameter, for the user in time generates dynamic password, and offers the user through portable terminal.Therefore, carry mobile terminal user and can obtain the dynamic password that carries out authentication whenever and wherever possible, and use this dynamic password to the request server authentication to carry out safe electronic transaction.Thereby, satisfied the demand that the user carries out secure electronic transaction and secure log, access server whenever and wherever possible.
In scheme shown in Figure 1, the user to server submit to dynamic password mode can for: the user directly imports dynamic password on client browser or client transaction software, sent to server by client browser or client transaction software.Fig. 2 is the sketch map of dynamic password short message way of submission among the dynamic password formation method embodiment two of the present invention.As shown in Figure 2, server, can be pointed out the user " please import dynamic password " simultaneously, and provide the dynamic password input frame when prompting user submits dynamic password to through client browser or client transaction software interface.Portable terminal is after the user provides dynamic password, and the user imports dynamic password in this input frame, and dynamic password sends to server through client browser or client transaction software.After server receives this dynamic password, the user is carried out authentication, if checking is through then allowing the user to get into concrete business according to this dynamic password.
In addition, the user submit dynamic password to server mode also can for: the user uses portable terminal and submits to server with the short message mode.Fig. 3 is the sketch map of dynamic password client way of submission among the dynamic password formation method embodiment three of the present invention; As shown in Figure 3; Server is passing through client browser or client transaction software interface; When the prompting user submits dynamic password to, can point out the user " please submit dynamic password to " simultaneously through short message.After server sent dynamic password, server carried out authentication according to this dynamic password to the user to user's operating mobile terminal with the short message mode, if checking is through then allowing the user to get into concrete business.
In scheme shown in Figure 1; If the data card that is arranged in the portable terminal is a SIM; Then dynamic password generation parameter comprises any one or its combination in the following information: when user's triggering mobile terminals was obtained dynamic password, portable terminal received user's password challenging value input, that provide to the user when server prompts user submits dynamic password to; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.Several authorization informations wherein can be user's current Transaction Information when carrying out online payment.
In scheme shown in Figure 1; If the data card that is arranged in the portable terminal is a sticker for the SIM expansion card; Then dynamic password generation parameter comprises any one or its combination in the following information: when user's triggering mobile terminals is obtained dynamic password, and the current system time that portable terminal obtains; When user's triggering mobile terminals was obtained dynamic password, portable terminal received user's password challenging value input, that provide to the user when server prompts user submits dynamic password to; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.Several authorization informations wherein can be user's current Transaction Information when carrying out online payment.
If server generates parameter with the current system time of portable terminal as dynamic password, the SIM expansion card is used the dynamic password generating algorithm that presets, for the user generates dynamic password according to the personal authentication's information of storage and the current system time of portable terminal.Fig. 4 is dynamic password among the dynamic password formation method embodiment four of the present invention generates parameter when being the current system time of portable terminal signaling process figure; As shown in Figure 4; The user is when carrying out electronic transaction; Server is through webpage, WAP interface or client transaction software, and the prompting user imports dynamic password so that user identity is carried out authentication.The user opens the STK in the portable terminal, clicks " time password " menu, and portable terminal is encapsulated in current system time in the APDU instruction and sends to the SIM expansion card, and request generates dynamic password.The SIM expansion card is used the dynamic password generating algorithm that presets according to the personal authentication's information of storage and the current system time of portable terminal transmission, generates the order of opening one's mouth.After generating dynamic password, the SIM expansion card sends to portable terminal through the APDU instruction with this dynamic password, so that portable terminal shows for the user on display screen.
At server end; Adopt same dynamic password generating algorithm; According to personal authentication's information of user of self storage, generate parameter with the current system time of server as dynamic password, generate a dynamic password; If consistent with the dynamic password that the user submits to, then subscriber authentication is passed through.Possibly there are error in the current system time of server and the current system time of portable terminal, so the dynamic password that server also can be submitted to the user in the error range of accepting is revised.As the SIM expansion card with current system time 10: 10: 20 on the 1st September in 2009 of portable terminal as time parameter, the current system time of server is 10: 10: 30 on the 1st September in 2009.If server acceptable time error range is 30 seconds, server is a time parameter with 1,2009 10: 10: 45 September of 10: 10 15 seconds to 2009 on the 1st September in so, generates 30 dynamic passwords.If the dynamic password that the user submits to is in above-mentioned 30 dynamic passwords, then user's authentication is passed through.
If the password challenging value that server will generate at random generates parameter as dynamic password, when the server prompts user imports dynamic password, can generate a password challenging value at random and this password challenging value is provided simultaneously so to the user.Server provides the mode of this password challenging value to have two kinds to the user: the one, to the user this password challenging value is provided through above-mentioned client browser or client transaction software; The 2nd, this password challenging value is sent to user's portable terminal through short message way.Signaling process figure when Fig. 5 is the password challenging value for dynamic password among the dynamic password formation method embodiment five of the present invention generates parameter; As shown in Figure 5; On client browser interface or client transaction software interface, show the password challenging value " 478319 " that server provides." challenging value password " menu item of STK on user's operating mobile terminal, the challenging value of directly in dialog box that ejects or input frame, entering password.The user enters password behind the challenging value, and portable terminal is enclosed in the password challenging value in the APDU instruction and sends to SIM or SIM expansion card, and request generates dynamic password.SIM or SIM expansion card are used the dynamic password generating algorithm that presets according to the personal authentication's information of storage and the password challenging value of portable terminal transmission, generate dynamic password.After generating dynamic password, SIM or SIM expansion card send to portable terminal through the APDU instruction with this dynamic password, so that portable terminal shows for the user on display screen.
At server end, adopt same dynamic password generating algorithm, according to personal authentication's information of the user who self stores; Generate parameter with the password challenging value as dynamic password; Generate a dynamic password, if consistent with the dynamic password of user's submission, then subscriber authentication is passed through.
If server is with user's current number item authorization information, the current number item Transaction Information when for example the user pays on the net generates parameter as dynamic password, and portable terminal need obtain user's several Transaction Informations so.User's several Transaction Informations can for, the remittance number of the account of current transaction, shroff account number, dealing money, negotiator's name Pinyin abbreviation etc.Above-mentioned account information, it is complete not require that the user imports, and for example, can require the user to import remittance preceding 4 of number of the account, back 4 of shroff account number etc.Fig. 6 is dynamic password among the dynamic password formation method embodiment six of the present invention generates parameter when being several Transaction Informations of user signaling process figure; As shown in Figure 6; On client browser interface or client transaction software interface, the dynamic password that shows server requirement generates parameter: remittance number of the account, shroff account number, dealing money." multiple password " menu item of STK on user's operating mobile terminal, STK can eject dialog box or input frame prompting user imports several current Transaction Informations, and the user directly imports several current Transaction Informations on STK.After the user imported several Transaction Informations, portable terminal was enclosed in several Transaction Informations in the APDU instruction and sends to SIM or SIM expansion card, and request generates dynamic password.SIM or SIM expansion card are used the dynamic password generating algorithm that presets according to personal authentication's information of storage and several Transaction Informations of portable terminal transmission, generate dynamic password.After generating dynamic password, SIM or SIM expansion card send to portable terminal through the APDU instruction with this dynamic password, so that portable terminal shows for the user on display screen.
At server end; Adopt same dynamic password generating algorithm; According to personal authentication's information of user of self storage, and generate parameter as dynamic password, generate a dynamic password with several the current authorization informations of user's input; If consistent with the dynamic password that the user submits to, then subscriber authentication is passed through.
Except that above-mentioned dynamic password generates parameter, also can be with the combination in any of current system time, password challenging value and several the authorization informations of portable terminal, and generate parameter as dynamic password.
In such scheme; If server update personal authentication's information of dynamic password generating algorithm and dynamic password generation parameter and user; Personal authentication's information that dynamic password generating algorithm after will upgrading through the OTA short message and dynamic password generate parameter and user is handed down to the portable terminal that the user uses, and is sent to SIM or the SIM expansion card that is arranged in the portable terminal by portable terminal.For example; Server is updated to the dynamic password parameter user's several authorization informations by the password challenging value; Through sending the OTA short message to the employed portable terminal of user; After making the dynamic password generation parameter update in SIM or the SIM expansion card; The password menu is updated to " multiple password " menu item by " password challenging value " menu item among the STK, and dialog box or the input frame that the prompting user imports the dynamic password parameter also is updated to " input user's several Transaction Informations " by " challenging value of entering password ".After then the user operated STK password menu, STK can eject dialog box or the input frame that the prompting user imports several Transaction Informations.
Fig. 7 is the structural representation of dynamic password generating apparatus embodiment one of the present invention.The dynamic password generating apparatus specifically can specifically can be SIM or SIM expansion card for being arranged on the data card in the portable terminal in the present embodiment.Present embodiment is example with the data card, and the technical scheme of dynamic password generating apparatus of the present invention is described.As shown in Figure 7, present embodiment comprises: receiver module 71, dynamic password generation module 72, sending module 73.
Receiver module 71 is used for solicited message that mobile terminal receive sends, that acquisition request is used for the user is carried out the dynamic password of authentication; Solicited message is after the server prompts user submits dynamic password to, and is when user's triggering mobile terminals is obtained dynamic password, that portable terminal sends and carry dynamic password and generate parameter.
Dynamic password generation module 72 is used for personal authentication's information and dynamic password generation parameter according to the user of storage, uses the dynamic password generating algorithm that presets, and generates corresponding dynamic password.
Sending module 73 is used for returning dynamic password to portable terminal, supplies user's application of dynamic password to carry out authentication to server requests.
Particularly, when the server prompts user obtained dynamic password, user's triggering mobile terminals was sent the solicited message of obtaining dynamic password to receiver module.The solicited message of the generation dynamic password that receiver module 71 mobile terminal receives send.Solicited message carries dynamic password and generates parameter.The dynamic password that dynamic password generation module 72 receives according to receiver module 71 generates personal authentication's information of the user of parameter and storage, uses the dynamic password generating algorithm that presets, and generates dynamic password.After dynamic password generation module 72 generated dynamic password, sending module 73 returned to portable terminal with this dynamic password, supplied user's application of dynamic password to carry out authentication to server requests.
Wherein, the user submits to the mode of dynamic password to have two kinds to server: the one, and the user directly imports dynamic password on client browser or client transaction software, sent to server by client browser or client transaction software; The 2nd, the user uses portable terminal and submits to server with the short message mode.
Wherein, Data card is a SIM in the portable terminal as if being arranged on; The dynamic password that carries in the solicited message that then portable terminal sends generates parameter and comprises any one or its combination in the following information: when user's triggering mobile terminals was obtained dynamic password, portable terminal received user's password challenging value input, that provide to the user when server prompts user submits dynamic password to; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.
Wherein, Data card is the SIM expansion card in the portable terminal as if being arranged on; The dynamic password that carries in the solicited message that then portable terminal sends generates parameter and comprises any one or its combination in the following information: when user's triggering mobile terminals is obtained dynamic password, and the current system time that portable terminal obtains; When user's triggering mobile terminals was obtained dynamic password, portable terminal received user's password challenging value input, that provide to the user when server prompts user submits dynamic password to; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.
The working mechanism of dynamic password apparatus can repeat no more at this referring to the record of the corresponding embodiment of Fig. 1 to Fig. 6 in the present embodiment.
The present embodiment dynamic password apparatus; When the server prompts user obtains dynamic password; The user sends the solicited message that generates dynamic password through operating mobile terminal to the receiver module of dynamic password generating apparatus; The dynamic password generating apparatus in time generates dynamic password through the dynamic password generation module that is built in wherein for the user, and offers the user through portable terminal.Therefore, carry mobile terminal user and can obtain the dynamic password that carries out authentication whenever and wherever possible, and use this dynamic password to the request server authentication to carry out safe electronic transaction and secure log, access server.Thereby, satisfied the demand that the user carries out secure electronic transaction and secure log, access server whenever and wherever possible.
Fig. 8 implements two structural representation for dynamic password generating apparatus of the present invention.Be personal authentication's information and the dynamic password generating algorithm that makes the user who stores in the data card; And the dynamic password that generates dynamic password time institute foundation generates parameter; Consistent with server end, can be through the OTA passage with the data card of above-mentioned download of information to user's use.As shown in Figure 8, on the basis of Fig. 7, such scheme also comprises: update module 74.Update module 74 is used for downloading and the card user's that Updates Information the personal authentication's information and the relevant information of dynamic password generating algorithm and relevant dynamic password generation parameter through the air download passage.
As shown in Figure 8, on the basis of Fig. 7, such scheme also comprises: memory module 75.Memory module 75 is used to store personal authentication's information of dynamic password generating algorithm and user.
Receive the solicited message of portable terminal transmission at receiver module 71 after; The dynamic password that dynamic password generation module 72 receives according to receiver module 71 generates personal authentication's information of the user of parameter and memory module 75 storages; And the dynamic password generating algorithm of application memory module 75 storages, generate dynamic password.
Beijing Foreign Language Studies University; Generate under the situation of several Transaction Informations that parameter is password challenging value or the current transaction of user at dynamic password; When user's triggering mobile terminals is obtained the solicited message of dynamic password to the data card transmission, password challenging value that needs input server provides or several Transaction Informations of current transaction.When making the user operate the password menu of STK; STK can eject dialog box or input frame; Prompting user's " enter password challenging value or several Transaction Informations ", memory module 75 also is used to store several Transaction Informations of pointing out the user to import the user and/or the information of pointing out the user to enter password challenging value.
Fig. 9 is the structural representation of network system embodiment of the present invention, and as shown in Figure 9, present embodiment comprises; Be provided with the portable terminal 91 of dynamic password generating apparatus 90, and server 92.Wherein, the working mechanism of dynamic password generating apparatus 90 repeats no more at this referring to the description of Fig. 7 or the corresponding embodiment of Fig. 8.
Server 92 is used for the dynamic password according to user's submission, and user's identity is verified.
Portable terminal 91 sends solicited message to dynamic password generating apparatus 90, to obtain the dynamic password that is used for the user is carried out authentication.Afterwards, portable terminal 91 receives the dynamic password that dynamic password apparatus 92 returns, and provides dynamic password to submit dynamic password for the user to server 92 to the user.
Wherein, the user submits to the mode of dynamic password to have two kinds to server 92: the one, and the user directly imports dynamic password on client browser or client transaction software, sent to server 92 by client browser or client transaction software; The 2nd, the user uses portable terminal 91 and submits to server 92 with the short message mode.
The present embodiment network system; When the server prompts user obtains the dynamic password that carries out authentication; After portable terminal sends the solicited message that generates dynamic password to the dynamic password generating apparatus; The dynamic password generating apparatus in time generates dynamic password through personal authentication's information of built-in dynamic password algorithm and user for the user, and offers the user through portable terminal.Therefore, carry mobile terminal user and can obtain the dynamic password that carries out authentication whenever and wherever possible, and use this dynamic password to the request server authentication to carry out safe electronic transaction and secure log, access server.Thereby, satisfied the demand that the user carries out secure electronic transaction and secure log, access server whenever and wherever possible.
What should explain at last is: above embodiment is only in order to technical scheme of the present invention to be described but not limit it; Although the present invention has been carried out detailed explanation with reference to preferred embodiment; Those of ordinary skill in the art is to be understood that: it still can make amendment or be equal to replacement technical scheme of the present invention, also can not make amended technical scheme break away from the spirit and the scope of technical scheme of the present invention and these are revised or be equal to replacement.