CN101699892B - Method and device for generating dynamic passwords and network system - Google Patents
Method and device for generating dynamic passwords and network system Download PDFInfo
- Publication number
- CN101699892B CN101699892B CN2009102368252A CN200910236825A CN101699892B CN 101699892 B CN101699892 B CN 101699892B CN 2009102368252 A CN2009102368252 A CN 2009102368252A CN 200910236825 A CN200910236825 A CN 200910236825A CN 101699892 B CN101699892 B CN 101699892B
- Authority
- CN
- China
- Prior art keywords
- dynamic password
- user
- portable terminal
- server
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a method and a device for generating dynamic passwords and a network system. The method for generating the dynamic passwords comprises the following steps: receiving request information for acquiring a dynamic password used for the authentification of a user, wherein the request information is sent by a mobile terminal, wherein the request information is sent by the mobile terminal and carries dynamic password generation parameters when the user triggers the mobile terminal to acquire the dynamic password after a server prompts the user to submit the dynamic password; generating a corresponding dynamic password by using a preset dynamic password generating algorithm according to the stored personal certification information of the user and the dynamic password generation parameters; and returning the dynamic password to the mobile terminal, wherein the dynamic password is used by the user to request the server to authenticate the identity. The method and the device are suitable for the user to submit the dynamic password to the server for the identity authentication when the user logs in and visits the server through a client browser or client software, or performs an electronic transaction.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of dynamic password formation method and dynamic password generating apparatus and network system.
Background technology
Along with the develop rapidly of the communication technology, become important bank transaction business model based on internet and mobile network's electronic transaction.For example, the user can through support WAP (WirelessApplication Protocol, be called for short: WAP) the portable terminal WAP site log-on of technology, carry out internet bank trade.In order to guarantee the reliability and the fail safe of e-bank's transaction, become the key problem in the internet bank trade business based on authentication to subscriber identity information.At present, each large-scale commerce bank mainly adopts dynamic password card and U shield as the e-bank's security medium to the subscriber identity information authentication.
Dynamic password card is big little, a card that shape is similar with bank card, is commonly called as scratch card, is coated with a plurality of different ciphers on every card.The user submits client certificate to server earlier when using e-bank, server is imported trading password to client certificate verification through back prompting user, and the password that this moment, the user inputed on the scratch card in order gets final product, and each password can only use once.Dynamic password adopts the mode of one-time pad, does not need the client to be provided with, to remember, and all uses new password at every turn, has overcome the shortcoming of static password, efficiently solves some lawless persons and utilizes " wooden horse " virus to steal the problem of Web bank's password.
The U shield is a kind of USB (UniversalSerial Bus based on " USB Key " identification authentication mode; Hereinafter to be referred as: USB) equipment, built-in single-chip microcomputer or intelligent chip, shape is similar to USB flash disk.Single-chip microcomputer or intelligent chip have memory space, are used to store user's key or personal digital certificate.When the user concludes the business on the net; Submit client certificate to server earlier; Server inserts the U shield to client certificate verification through back prompting user; The user inserts the USB interface of personal computer with the U shield, built-in 1024 asymmetric key algorithms of U shield just to data encrypt, deciphering and digital signature, thereby guaranteed the fail safe of authentification of user.
But there are following defective in dynamic password card and U shield: the user for using dynamic password card or U shield, when carrying out electronic transaction, must carry dynamic password card or U shield; And dynamic password card or U shield also need use with client certificate simultaneously, otherwise can't carry out electronic transaction.Thereby, for the user, can not carry out electronic transaction anywhere or anytime, limited the applied environment that the user carries out electronic transaction.
Summary of the invention
The purpose of this invention is to provide a kind of dynamic password formation method and dynamic password generating apparatus and network system, with the dynamic password that impels the user to obtain whenever and wherever possible to carry out authentication to carry out safe electronic transaction and secure log, access server.
For realizing above-mentioned purpose, the invention provides a kind of dynamic password formation method, comprising:
Mobile terminal receive sends, acquisition request is used for the user is carried out the solicited message of the dynamic password of authentication; Described request information is that said portable terminal sends after the said user of server prompts submits dynamic password to, and carries dynamic password generation parameter;
Personal authentication's information and said dynamic password according to the said user who stores generate parameter, use the dynamic password generating algorithm that presets, and generate corresponding dynamic password;
Return said dynamic password to said portable terminal, supply said user to use said dynamic password and carry out authentication to said server requests.
The present invention also provides a kind of dynamic password generating apparatus, comprising:
Receiver module; Be used for solicited message that mobile terminal receive sends, that acquisition request is used for the user is carried out the dynamic password of authentication; Described request information is that said portable terminal is after the said user of server prompts submits dynamic password to; When said user triggers said portable terminal and obtains said dynamic password, that said portable terminal sends and carry dynamic password and generate parameter;
The dynamic password generation module is used for personal authentication's information and said dynamic password generation parameter according to the said user of storage, uses the dynamic password generating algorithm that presets, and generates corresponding dynamic password;
Sending module is used for returning said dynamic password to said portable terminal, supplies said user to use said dynamic password and carries out authentication to said server requests.
The present invention has also comprised a kind of network system, comprising:
Be provided with the portable terminal of said dynamic password generating apparatus, and be used for the dynamic password submitted to according to said user, the server that said user's identity is verified.
Embodiment of the invention dynamic password formation method and dynamic password generating apparatus and system; When the server prompts user obtains the dynamic password that carries out authentication; After portable terminal sends the solicited message that generates dynamic password to the dynamic password generating apparatus; The dynamic password generating apparatus in time generates dynamic password through personal authentication's information of built-in dynamic password algorithm and user for the user, and offers the user through portable terminal.Therefore, carry mobile terminal user and can obtain the dynamic password that carries out authentication whenever and wherever possible, and use this dynamic password to the request server authentication to carry out safe electronic transaction and secure log, access server.Thereby, satisfied the demand that the user carries out secure electronic transaction and secure log, access server whenever and wherever possible.
Description of drawings
Fig. 1 is the flow chart of dynamic password formation method embodiment one of the present invention;
Fig. 2 is the sketch map of dynamic password way of submission among the dynamic password formation method embodiment two of the present invention;
Fig. 3 is the sketch map of dynamic password way of submission among the dynamic password formation method embodiment three of the present invention;
Fig. 4 is dynamic password among the dynamic password formation method embodiment four of the present invention generates parameter when being the current system time of portable terminal signaling process figure;
Signaling process figure when Fig. 5 is the password challenging value for dynamic password among the dynamic password formation method embodiment five of the present invention generates parameter;
Fig. 6 is dynamic password among the dynamic password formation method embodiment six of the present invention generates parameter when being several Transaction Informations of user signaling process figure;
Fig. 7 is the structural representation of dynamic password generating apparatus embodiment one of the present invention;
Fig. 8 is the structural representation of dynamic password generating apparatus embodiment two of the present invention;
Fig. 9 is the structural representation of network system embodiment of the present invention.
Embodiment
Through accompanying drawing and embodiment, technical scheme of the present invention is done further detailed description below.
At present, portable terminal (for example mobile phone) has become a kind of means of communication of carrying that all kinds of crowds generally use.The data card that is provided with in the portable terminal, for example subscriber identification module (SubscriberIdentity Module; Hereinafter to be referred as: SIM) or the SIM expansion card, be a kind of intelligent chip with functions such as storage, able to programme, processing.The SIM expansion card is claimed sticker again, is for adapting to the contact conversion thin slice that the corresponding SIM slot of different mobile terminal designs on the external form.Aim at the contact on the sticker to the SIM chip contacts during use, both are bonding, more this " bonding " blocked the SIM slot that directly inserts portable terminal.Thus; The present invention utilizes the advantage of portable terminal and data card; A kind of scheme that solves above-mentioned prior art defective is provided, promptly on the basis that does not influence the portable terminal proper communication, in data card, is built-in with the dynamic password generation module that can in time generate dynamic password for the user.
Fig. 1 is the flow chart of dynamic password formation method embodiment one of the present invention.Executive agent in the present embodiment is the data card that is arranged in the portable terminal, specifically can be SIM, also can be the SIM expansion card.Present embodiment describes the technical scheme of dynamic password formation method of the present invention so that to be arranged on data card in the portable terminal be example.As shown in Figure 1, present embodiment comprises:
Step 11: mobile terminal receive sends, acquisition request is used for the user is carried out the solicited message of the dynamic password of authentication.
The user through client browser (for example; Internet Explorer; Or browser of mobile terminal: MP, Gorilla, UCWEB etc.) or client software (for example, stock exchange software) when carrying out operation such as online payment, online login, or during through client browser/client software login, access server; Server can point out the user that dynamic password is provided, through this dynamic password user identity is carried out authentication.At this moment, the user opens the portable terminal of carrying (for example, portable terminal), through the password menu item of (SIM TOOL Kit is called for short STK) of user identification application development instrument in the operating mobile terminal, sends solicited message to obtain dynamic password to data card.Send in the solicited message of data card at portable terminal, carrying portable terminal is dynamic password generation parameter that data card provides, that be used to generate dynamic password.(ApplicationProtocol Data Unit, be called for short: APDU) instruction generates the information of dynamic password to portable terminal to the data card request of sending through Application Protocol Data Unit.
For guaranteeing the fail safe of dynamic password; When the user starts the password menu item of STK; Need PIN (the Personal Identify Number of input data card; Be called for short PIN code), after the PIN code checking was passed through, portable terminal generated the information of dynamic password again to the data card request of sending through the APDU instruction.
Comprise one group among the STK and be used for portable terminal and data card carries out mutual instruction, through STK can the service data card plug-in.Communicating by letter between portable terminal and the data card, specifically the APDU through GSM11.11 and GSM11.14 agreement regulation instructs and realizes.The STK program can be positioned in the data card, and it provides a text menu operation interface for the user on portable terminal: the STK menu, the user can click menu wherein, realizes special application.In addition; If service provider's business has been carried out expansion or has been changed; Can send message to customer mobile terminal; This message can be sent to data card, and the application program in the data card can be made amendment to existing STK menu according to this message, thereby reaches the purpose that new service is provided to the user.
Step 12: personal authentication's information and dynamic password according to the user who stores generate parameter, use the dynamic password generating algorithm that presets, and generate corresponding dynamic password.
After data card receives the solicited message of portable terminal transmission, use the dynamic password generating algorithm that presets, generate parameter according to the personal authentication's information of storage and the dynamic password of portable terminal transmission, for the user generates corresponding dynamic password.
At server end, store with data card in identical dynamic password generating algorithm and personal authentication's information of user.Server is the prompting user when submitting dynamic password to, the dynamic password generating algorithm that can use self storage simultaneously and individual subscriber authentication information and with the dynamic password generation parameter of data card agreement, also generate a dynamic password.If the dynamic password that server generates is consistent with the dynamic password that the user submits to, then user's authentication is passed through.
Wherein, personal authentication's information is the user after registration personal information on the server, is information that the user generates, the unique identification user identity by server.User's personal authentication's information and dynamic password generating algorithm can directly be built in the data card of user's use the user after succeeding in registration on the server.After personal authentication's information and the renewal of dynamic password generating algorithm; Can be by server through air download (Over the Air; Be called for short: OTA) passage promptly sends the OTA short message to the employed portable terminal of user; Be handed down to the employed portable terminal of user, send data card to by portable terminal again.
Step 13: return dynamic password to portable terminal, supply user's application of dynamic password to carry out authentication to server requests.
After generating dynamic password, data card returns dynamic password to portable terminal, supplies the user to submit this dynamic password to server, so that server carries out authentication to the user.
The present embodiment dynamic password formation method; When the server prompts user obtains the dynamic password that carries out authentication; After user's triggering mobile terminals is sent the solicited message that generates dynamic password to data card; The dynamic password that carries in the solicited message of personal authentication's information and the portable terminal of data card through built-in dynamic password algorithm and user generates parameter, for the user in time generates dynamic password, and offers the user through portable terminal.Therefore, carry mobile terminal user and can obtain the dynamic password that carries out authentication whenever and wherever possible, and use this dynamic password to the request server authentication to carry out safe electronic transaction.Thereby, satisfied the demand that the user carries out secure electronic transaction and secure log, access server whenever and wherever possible.
In scheme shown in Figure 1, the user to server submit to dynamic password mode can for: the user directly imports dynamic password on client browser or client transaction software, sent to server by client browser or client transaction software.Fig. 2 is the sketch map of dynamic password short message way of submission among the dynamic password formation method embodiment two of the present invention.As shown in Figure 2, server, can be pointed out the user " please import dynamic password " simultaneously, and provide the dynamic password input frame when prompting user submits dynamic password to through client browser or client transaction software interface.Portable terminal is after the user provides dynamic password, and the user imports dynamic password in this input frame, and dynamic password sends to server through client browser or client transaction software.After server receives this dynamic password, the user is carried out authentication, if checking is through then allowing the user to get into concrete business according to this dynamic password.
In addition, the user submit dynamic password to server mode also can for: the user uses portable terminal and submits to server with the short message mode.Fig. 3 is the sketch map of dynamic password client way of submission among the dynamic password formation method embodiment three of the present invention; As shown in Figure 3; Server is passing through client browser or client transaction software interface; When the prompting user submits dynamic password to, can point out the user " please submit dynamic password to " simultaneously through short message.After server sent dynamic password, server carried out authentication according to this dynamic password to the user to user's operating mobile terminal with the short message mode, if checking is through then allowing the user to get into concrete business.
In scheme shown in Figure 1; If the data card that is arranged in the portable terminal is a SIM; Then dynamic password generation parameter comprises any one or its combination in the following information: when user's triggering mobile terminals was obtained dynamic password, portable terminal received user's password challenging value input, that provide to the user when server prompts user submits dynamic password to; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.Several authorization informations wherein can be user's current Transaction Information when carrying out online payment.
In scheme shown in Figure 1; If the data card that is arranged in the portable terminal is a sticker for the SIM expansion card; Then dynamic password generation parameter comprises any one or its combination in the following information: when user's triggering mobile terminals is obtained dynamic password, and the current system time that portable terminal obtains; When user's triggering mobile terminals was obtained dynamic password, portable terminal received user's password challenging value input, that provide to the user when server prompts user submits dynamic password to; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.Several authorization informations wherein can be user's current Transaction Information when carrying out online payment.
If server generates parameter with the current system time of portable terminal as dynamic password, the SIM expansion card is used the dynamic password generating algorithm that presets, for the user generates dynamic password according to the personal authentication's information of storage and the current system time of portable terminal.Fig. 4 is dynamic password among the dynamic password formation method embodiment four of the present invention generates parameter when being the current system time of portable terminal signaling process figure; As shown in Figure 4; The user is when carrying out electronic transaction; Server is through webpage, WAP interface or client transaction software, and the prompting user imports dynamic password so that user identity is carried out authentication.The user opens the STK in the portable terminal, clicks " time password " menu, and portable terminal is encapsulated in current system time in the APDU instruction and sends to the SIM expansion card, and request generates dynamic password.The SIM expansion card is used the dynamic password generating algorithm that presets according to the personal authentication's information of storage and the current system time of portable terminal transmission, generates the order of opening one's mouth.After generating dynamic password, the SIM expansion card sends to portable terminal through the APDU instruction with this dynamic password, so that portable terminal shows for the user on display screen.
At server end; Adopt same dynamic password generating algorithm; According to personal authentication's information of user of self storage, generate parameter with the current system time of server as dynamic password, generate a dynamic password; If consistent with the dynamic password that the user submits to, then subscriber authentication is passed through.Possibly there are error in the current system time of server and the current system time of portable terminal, so the dynamic password that server also can be submitted to the user in the error range of accepting is revised.As the SIM expansion card with current system time 10: 10: 20 on the 1st September in 2009 of portable terminal as time parameter, the current system time of server is 10: 10: 30 on the 1st September in 2009.If server acceptable time error range is 30 seconds, server is a time parameter with 1,2009 10: 10: 45 September of 10: 10 15 seconds to 2009 on the 1st September in so, generates 30 dynamic passwords.If the dynamic password that the user submits to is in above-mentioned 30 dynamic passwords, then user's authentication is passed through.
If the password challenging value that server will generate at random generates parameter as dynamic password, when the server prompts user imports dynamic password, can generate a password challenging value at random and this password challenging value is provided simultaneously so to the user.Server provides the mode of this password challenging value to have two kinds to the user: the one, to the user this password challenging value is provided through above-mentioned client browser or client transaction software; The 2nd, this password challenging value is sent to user's portable terminal through short message way.Signaling process figure when Fig. 5 is the password challenging value for dynamic password among the dynamic password formation method embodiment five of the present invention generates parameter; As shown in Figure 5; On client browser interface or client transaction software interface, show the password challenging value " 478319 " that server provides." challenging value password " menu item of STK on user's operating mobile terminal, the challenging value of directly in dialog box that ejects or input frame, entering password.The user enters password behind the challenging value, and portable terminal is enclosed in the password challenging value in the APDU instruction and sends to SIM or SIM expansion card, and request generates dynamic password.SIM or SIM expansion card are used the dynamic password generating algorithm that presets according to the personal authentication's information of storage and the password challenging value of portable terminal transmission, generate dynamic password.After generating dynamic password, SIM or SIM expansion card send to portable terminal through the APDU instruction with this dynamic password, so that portable terminal shows for the user on display screen.
At server end, adopt same dynamic password generating algorithm, according to personal authentication's information of the user who self stores; Generate parameter with the password challenging value as dynamic password; Generate a dynamic password, if consistent with the dynamic password of user's submission, then subscriber authentication is passed through.
If server is with user's current number item authorization information, the current number item Transaction Information when for example the user pays on the net generates parameter as dynamic password, and portable terminal need obtain user's several Transaction Informations so.User's several Transaction Informations can for, the remittance number of the account of current transaction, shroff account number, dealing money, negotiator's name Pinyin abbreviation etc.Above-mentioned account information, it is complete not require that the user imports, and for example, can require the user to import remittance preceding 4 of number of the account, back 4 of shroff account number etc.Fig. 6 is dynamic password among the dynamic password formation method embodiment six of the present invention generates parameter when being several Transaction Informations of user signaling process figure; As shown in Figure 6; On client browser interface or client transaction software interface, the dynamic password that shows server requirement generates parameter: remittance number of the account, shroff account number, dealing money." multiple password " menu item of STK on user's operating mobile terminal, STK can eject dialog box or input frame prompting user imports several current Transaction Informations, and the user directly imports several current Transaction Informations on STK.After the user imported several Transaction Informations, portable terminal was enclosed in several Transaction Informations in the APDU instruction and sends to SIM or SIM expansion card, and request generates dynamic password.SIM or SIM expansion card are used the dynamic password generating algorithm that presets according to personal authentication's information of storage and several Transaction Informations of portable terminal transmission, generate dynamic password.After generating dynamic password, SIM or SIM expansion card send to portable terminal through the APDU instruction with this dynamic password, so that portable terminal shows for the user on display screen.
At server end; Adopt same dynamic password generating algorithm; According to personal authentication's information of user of self storage, and generate parameter as dynamic password, generate a dynamic password with several the current authorization informations of user's input; If consistent with the dynamic password that the user submits to, then subscriber authentication is passed through.
Except that above-mentioned dynamic password generates parameter, also can be with the combination in any of current system time, password challenging value and several the authorization informations of portable terminal, and generate parameter as dynamic password.
In such scheme; If server update personal authentication's information of dynamic password generating algorithm and dynamic password generation parameter and user; Personal authentication's information that dynamic password generating algorithm after will upgrading through the OTA short message and dynamic password generate parameter and user is handed down to the portable terminal that the user uses, and is sent to SIM or the SIM expansion card that is arranged in the portable terminal by portable terminal.For example; Server is updated to the dynamic password parameter user's several authorization informations by the password challenging value; Through sending the OTA short message to the employed portable terminal of user; After making the dynamic password generation parameter update in SIM or the SIM expansion card; The password menu is updated to " multiple password " menu item by " password challenging value " menu item among the STK, and dialog box or the input frame that the prompting user imports the dynamic password parameter also is updated to " input user's several Transaction Informations " by " challenging value of entering password ".After then the user operated STK password menu, STK can eject dialog box or the input frame that the prompting user imports several Transaction Informations.
Fig. 7 is the structural representation of dynamic password generating apparatus embodiment one of the present invention.The dynamic password generating apparatus specifically can specifically can be SIM or SIM expansion card for being arranged on the data card in the portable terminal in the present embodiment.Present embodiment is example with the data card, and the technical scheme of dynamic password generating apparatus of the present invention is described.As shown in Figure 7, present embodiment comprises: receiver module 71, dynamic password generation module 72, sending module 73.
Dynamic password generation module 72 is used for personal authentication's information and dynamic password generation parameter according to the user of storage, uses the dynamic password generating algorithm that presets, and generates corresponding dynamic password.
Sending module 73 is used for returning dynamic password to portable terminal, supplies user's application of dynamic password to carry out authentication to server requests.
Particularly, when the server prompts user obtained dynamic password, user's triggering mobile terminals was sent the solicited message of obtaining dynamic password to receiver module.The solicited message of the generation dynamic password that receiver module 71 mobile terminal receives send.Solicited message carries dynamic password and generates parameter.The dynamic password that dynamic password generation module 72 receives according to receiver module 71 generates personal authentication's information of the user of parameter and storage, uses the dynamic password generating algorithm that presets, and generates dynamic password.After dynamic password generation module 72 generated dynamic password, sending module 73 returned to portable terminal with this dynamic password, supplied user's application of dynamic password to carry out authentication to server requests.
Wherein, the user submits to the mode of dynamic password to have two kinds to server: the one, and the user directly imports dynamic password on client browser or client transaction software, sent to server by client browser or client transaction software; The 2nd, the user uses portable terminal and submits to server with the short message mode.
Wherein, Data card is a SIM in the portable terminal as if being arranged on; The dynamic password that carries in the solicited message that then portable terminal sends generates parameter and comprises any one or its combination in the following information: when user's triggering mobile terminals was obtained dynamic password, portable terminal received user's password challenging value input, that provide to the user when server prompts user submits dynamic password to; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.
Wherein, Data card is the SIM expansion card in the portable terminal as if being arranged on; The dynamic password that carries in the solicited message that then portable terminal sends generates parameter and comprises any one or its combination in the following information: when user's triggering mobile terminals is obtained dynamic password, and the current system time that portable terminal obtains; When user's triggering mobile terminals was obtained dynamic password, portable terminal received user's password challenging value input, that provide to the user when server prompts user submits dynamic password to; When user's triggering mobile terminals was obtained dynamic password, portable terminal received the user's of user's input several authorization informations.
The working mechanism of dynamic password apparatus can repeat no more at this referring to the record of the corresponding embodiment of Fig. 1 to Fig. 6 in the present embodiment.
The present embodiment dynamic password apparatus; When the server prompts user obtains dynamic password; The user sends the solicited message that generates dynamic password through operating mobile terminal to the receiver module of dynamic password generating apparatus; The dynamic password generating apparatus in time generates dynamic password through the dynamic password generation module that is built in wherein for the user, and offers the user through portable terminal.Therefore, carry mobile terminal user and can obtain the dynamic password that carries out authentication whenever and wherever possible, and use this dynamic password to the request server authentication to carry out safe electronic transaction and secure log, access server.Thereby, satisfied the demand that the user carries out secure electronic transaction and secure log, access server whenever and wherever possible.
Fig. 8 implements two structural representation for dynamic password generating apparatus of the present invention.Be personal authentication's information and the dynamic password generating algorithm that makes the user who stores in the data card; And the dynamic password that generates dynamic password time institute foundation generates parameter; Consistent with server end, can be through the OTA passage with the data card of above-mentioned download of information to user's use.As shown in Figure 8, on the basis of Fig. 7, such scheme also comprises: update module 74.Update module 74 is used for downloading and the card user's that Updates Information the personal authentication's information and the relevant information of dynamic password generating algorithm and relevant dynamic password generation parameter through the air download passage.
As shown in Figure 8, on the basis of Fig. 7, such scheme also comprises: memory module 75.Memory module 75 is used to store personal authentication's information of dynamic password generating algorithm and user.
Receive the solicited message of portable terminal transmission at receiver module 71 after; The dynamic password that dynamic password generation module 72 receives according to receiver module 71 generates personal authentication's information of the user of parameter and memory module 75 storages; And the dynamic password generating algorithm of application memory module 75 storages, generate dynamic password.
Beijing Foreign Language Studies University; Generate under the situation of several Transaction Informations that parameter is password challenging value or the current transaction of user at dynamic password; When user's triggering mobile terminals is obtained the solicited message of dynamic password to the data card transmission, password challenging value that needs input server provides or several Transaction Informations of current transaction.When making the user operate the password menu of STK; STK can eject dialog box or input frame; Prompting user's " enter password challenging value or several Transaction Informations ", memory module 75 also is used to store several Transaction Informations of pointing out the user to import the user and/or the information of pointing out the user to enter password challenging value.
Fig. 9 is the structural representation of network system embodiment of the present invention, and as shown in Figure 9, present embodiment comprises; Be provided with the portable terminal 91 of dynamic password generating apparatus 90, and server 92.Wherein, the working mechanism of dynamic password generating apparatus 90 repeats no more at this referring to the description of Fig. 7 or the corresponding embodiment of Fig. 8.
Server 92 is used for the dynamic password according to user's submission, and user's identity is verified.
Portable terminal 91 sends solicited message to dynamic password generating apparatus 90, to obtain the dynamic password that is used for the user is carried out authentication.Afterwards, portable terminal 91 receives the dynamic password that dynamic password apparatus 92 returns, and provides dynamic password to submit dynamic password for the user to server 92 to the user.
Wherein, the user submits to the mode of dynamic password to have two kinds to server 92: the one, and the user directly imports dynamic password on client browser or client transaction software, sent to server 92 by client browser or client transaction software; The 2nd, the user uses portable terminal 91 and submits to server 92 with the short message mode.
The present embodiment network system; When the server prompts user obtains the dynamic password that carries out authentication; After portable terminal sends the solicited message that generates dynamic password to the dynamic password generating apparatus; The dynamic password generating apparatus in time generates dynamic password through personal authentication's information of built-in dynamic password algorithm and user for the user, and offers the user through portable terminal.Therefore, carry mobile terminal user and can obtain the dynamic password that carries out authentication whenever and wherever possible, and use this dynamic password to the request server authentication to carry out safe electronic transaction and secure log, access server.Thereby, satisfied the demand that the user carries out secure electronic transaction and secure log, access server whenever and wherever possible.
What should explain at last is: above embodiment is only in order to technical scheme of the present invention to be described but not limit it; Although the present invention has been carried out detailed explanation with reference to preferred embodiment; Those of ordinary skill in the art is to be understood that: it still can make amendment or be equal to replacement technical scheme of the present invention, also can not make amended technical scheme break away from the spirit and the scope of technical scheme of the present invention and these are revised or be equal to replacement.
Claims (9)
1. a dynamic password formation method is characterized in that, comprising:
Mobile terminal receive sends, acquisition request is used for the user is carried out the solicited message of the dynamic password of authentication; Described request information is after the said user of server prompts submits dynamic password to, when said user triggers said portable terminal and obtains said dynamic password; Said portable terminal sends, and carries dynamic password generation parameter;
Personal authentication's information and said dynamic password according to the said user who stores generate parameter, use the dynamic password generating algorithm that presets, and generate corresponding dynamic password;
Return said dynamic password to said portable terminal, supply said user to use said dynamic password and carry out authentication to said server requests; Said dynamic password generates parameter and comprises the combination in the following information:
When said user triggers said portable terminal and obtains dynamic password, the current system time that said portable terminal obtained;
When said user triggered said portable terminal and obtains dynamic password, said portable terminal received said user password challenging value input, that provide to said user when the said user of said server prompts submits dynamic password to;
When said user triggered said portable terminal and obtains dynamic password, said portable terminal received the said user's of said user's input several authorization informations.
2. dynamic password formation method according to claim 1 is characterized in that, said password challenging value is provided to said user through client browser or client transaction software by said server; Or, provide to said user with the short message form by said server.
3. dynamic password formation method according to claim 1 is characterized in that, said method also comprises:
Download and upgrade said user's personal authentication's information and said dynamic password generating algorithm through the air download passage.
4. dynamic password formation method according to claim 1 is characterized in that, said user uses said dynamic password and carries out authentication to said server requests and comprise:
Said user uses said portable terminal and sends said dynamic password with the short message mode to said server; Or,
Said user submits said dynamic password through client browser or client transaction software to said server.
5. a dynamic password generating apparatus is characterized in that, comprising:
Receiver module; Be used for solicited message that mobile terminal receive sends, that acquisition request is used for the user is carried out the dynamic password of authentication; Described request information is after the said user of server prompts submits dynamic password to; When said user triggers said portable terminal and obtains said dynamic password, that said portable terminal sends and carry dynamic password and generate parameter;
The dynamic password generation module is used for personal authentication's information and said dynamic password generation parameter according to the said user of storage, uses the dynamic password generating algorithm that presets, and generates corresponding dynamic password; Said dynamic password generates parameter and comprises the combination in the following information: when said user triggers said portable terminal and obtains dynamic password, and the current system time that said portable terminal obtained; When said user triggered said portable terminal and obtains dynamic password, said portable terminal received said user password challenging value input, that provide to said user when the said user of said server prompts submits dynamic password to; When said user triggered said portable terminal and obtains dynamic password, said portable terminal received the said user's of said user's input several authorization informations;
Sending module is used for returning said dynamic password to said portable terminal, supplies said user to use said dynamic password and carries out authentication to said server requests.
6. dynamic password generating apparatus according to claim 5 is characterized in that, also comprises:
Memory module is used to store personal authentication's information of dynamic password generating algorithm and user.
7. dynamic password generating apparatus according to claim 6 is characterized in that, said memory module also is used to store the prompting user and imports said user's several Transaction Informations and/or point out the user to import the information of said password challenging value.
8. dynamic password generating apparatus according to claim 5 is characterized in that, also comprises:
Update module is used for downloading and upgrading through the air download passage said user's personal authentication's information and said dynamic password generating algorithm.
9. network system; It is characterized in that; Comprise: be provided with portable terminal, and be used for the dynamic password submitted to according to said user, the server that said user's identity is verified like each described dynamic password generating apparatus of claim 5 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102368252A CN101699892B (en) | 2009-10-30 | 2009-10-30 | Method and device for generating dynamic passwords and network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102368252A CN101699892B (en) | 2009-10-30 | 2009-10-30 | Method and device for generating dynamic passwords and network system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101699892A CN101699892A (en) | 2010-04-28 |
| CN101699892B true CN101699892B (en) | 2012-06-06 |
Family
ID=42148332
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009102368252A Active CN101699892B (en) | 2009-10-30 | 2009-10-30 | Method and device for generating dynamic passwords and network system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101699892B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102468862B (en) * | 2010-11-15 | 2015-06-03 | 上海合玉科技发展有限公司 | High frequency radio-frequency circuit embedded mobile phone expansion card sticker |
| CN102497354A (en) * | 2011-11-08 | 2012-06-13 | 陈嘉贤 | Method, system and device for identifying user's identity |
| CN102377784B (en) | 2011-11-24 | 2014-06-04 | 飞天诚信科技股份有限公司 | Dynamic password identification method and system |
| CN103152732B (en) * | 2013-03-15 | 2015-01-28 | 汪德嘉 | Cloud password system and operation method thereof |
| CN103580874B (en) * | 2013-11-15 | 2017-01-04 | 清华大学 | Identity identifying method, system and cipher protection apparatus |
| CN103684796A (en) * | 2013-12-27 | 2014-03-26 | 大唐微电子技术有限公司 | SMI (subscriber identity module) card and personal identity authentication method |
| CN106936573B (en) * | 2014-04-21 | 2018-06-01 | 张亚东 | Dynamic password formation method based on integrated mode |
| CN105321069A (en) * | 2014-07-16 | 2016-02-10 | 中兴通讯股份有限公司 | Method and device for realizing remote payment |
| CN104125230B (en) * | 2014-07-31 | 2017-12-15 | 上海动联信息技术股份有限公司 | A kind of short message certification service system and authentication method |
| CN104202162B (en) * | 2014-08-12 | 2017-09-22 | 武汉理工大学 | A kind of system logged in based on mobile phone and login method |
| CN105516104B (en) * | 2015-12-01 | 2018-10-26 | 神州融安科技(北京)有限公司 | A kind of auth method and system of the dynamic password based on TEE |
| CN106953726A (en) * | 2017-02-14 | 2017-07-14 | 上海林果实业股份有限公司 | A kind of message authentication method, message authentication device and host computer |
| CN107294978B (en) * | 2017-06-27 | 2019-11-12 | 北京知道创宇信息技术股份有限公司 | System, equipment, method and the input equipment that the account of user is authenticated |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1731723A (en) * | 2005-08-19 | 2006-02-08 | 上海林果科技有限公司 | Electron/handset token dynamic password identification system |
| CN1764296A (en) * | 2004-10-22 | 2006-04-26 | 北京握奇数据系统有限公司 | Dynamic password identification system and method |
| CN101339677A (en) * | 2008-08-28 | 2009-01-07 | 北京飞天诚信科技有限公司 | Safe authorization method and system |
-
2009
- 2009-10-30 CN CN2009102368252A patent/CN101699892B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1764296A (en) * | 2004-10-22 | 2006-04-26 | 北京握奇数据系统有限公司 | Dynamic password identification system and method |
| CN1731723A (en) * | 2005-08-19 | 2006-02-08 | 上海林果科技有限公司 | Electron/handset token dynamic password identification system |
| CN101339677A (en) * | 2008-08-28 | 2009-01-07 | 北京飞天诚信科技有限公司 | Safe authorization method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101699892A (en) | 2010-04-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101699892B (en) | Method and device for generating dynamic passwords and network system | |
| CN101414909B (en) | System, method and mobile communication terminal for verifying network application user identification | |
| CN103368928B (en) | Account number cipher reset system and method | |
| KR20070048815A (en) | System and method for the one-time password authentication by using a smart card and/or a mobile phone including a smart-card chip | |
| US20100291899A1 (en) | Method and system for delivering a command to a mobile device | |
| CN102542453A (en) | Mobile payment identity verification method | |
| CN101931530B (en) | Generation method, authentication method and device for dynamic password and network system | |
| CN108460597A (en) | A kind of key management system and method | |
| CN109451483B (en) | eSIM data processing method, equipment and readable storage medium | |
| CN101841806A (en) | Service card information processing method, device and system and communication terminal | |
| CN106651366A (en) | Mobile terminal and transaction confirmation method and device thereof, and smart card | |
| CN110766388A (en) | Virtual card generation method and system and electronic equipment | |
| KR101625222B1 (en) | Method for Operating OTP by Seed Combination Mode | |
| CN101667915A (en) | Method for generating dynamic password to execute remote security authentication and mobile communication device thereof | |
| KR20170087073A (en) | Method for Providing Network type OTP by Seed Combination Mode | |
| KR20170088797A (en) | Method for Operating Seed Combination Mode OTP by using Biometrics | |
| KR101625219B1 (en) | Method for Providing Network type OTP of Multiple Code Creation Mode by using Users Medium | |
| KR20100136379A (en) | System and method for settling mobile phone by multiple code creation mode network otp authentication and recording medium | |
| KR20160121791A (en) | Method for Providing Network type OTP by Seed Combination Mode | |
| TWM642404U (en) | System for identity verification applied to financial system | |
| KR102131375B1 (en) | Method for Providing Network type OTP | |
| KR101625218B1 (en) | Method for Providing Network type OTP of Seed Combination Mode by using Users Medium | |
| KR101645558B1 (en) | Method for Operating OTP by using Medium Authentication | |
| KR20130075762A (en) | System for operating network type one time password | |
| KR20170109510A (en) | Method for Providing Service based on Medium Authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: BEIJING QIANDAIBAO NETWORK TECHNOLOGY CO., LTD. Free format text: FORMER NAME: BEIJING SHENZHOUFU E-PAY TECHNOLOGY CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 100088 Beijing City, Haidian District Zhichun Road No. 6 (Jinqiu International Building) No. B03 15 Patentee after: Beijing Bao Bao Network Technology Co., Ltd. Address before: 100088 Beijing City, Haidian District Zhichun Road No. 6 (Jinqiu International Building) No. B03 15 Patentee before: Beijing Shenzhoufu E-pay Technology Co., Ltd. |
|
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: 102300 A-3927 building, building 20, 3 Yongan Road, Shilong Economic Development Zone, Mentougou, Beijing Patentee after: Beijing purse net information technology Co., Ltd. Address before: 100088 Beijing City, Haidian District Zhichun Road No. 6 (Jinqiu International Building) No. B03 15 Patentee before: Beijing Bao Bao Network Technology Co., Ltd. |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20160912 Address after: 100080 Beijing Haidian District North Fourth Ring Road West, No. 9 2106-030 Patentee after: The fast online Science and Technology Ltd. in Beijing three Address before: 102300 A-3927 building, building 20, 3 Yongan Road, Shilong Economic Development Zone, Mentougou, Beijing Patentee before: Beijing purse net information technology Co., Ltd. |