CN101826957A - Dynamic token seed key injection method - Google Patents
Dynamic token seed key injection method Download PDFInfo
- Publication number
- CN101826957A CN101826957A CN201010001029A CN201010001029A CN101826957A CN 101826957 A CN101826957 A CN 101826957A CN 201010001029 A CN201010001029 A CN 201010001029A CN 201010001029 A CN201010001029 A CN 201010001029A CN 101826957 A CN101826957 A CN 101826957A
- Authority
- CN
- China
- Prior art keywords
- token
- tac
- seed
- tik
- dynamic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a dynamic token seed key injection method and relates to a dynamic password processing method for a computer system. The method comprises the following steps of: (I) dividing the seeds in a token into a TIK file and a TAC file by using a dynamic password system of a server, distributing the TIK to token manufacturers and storing the TAC into a database of the server; (II) printing information sequence numbers on the token and writing the corresponding TIK into the token by the token manufacturers; (III) distributing the tokens and the corresponding TAC to users, wherein the TAC is not distributed by the token manufacturers; and (IV) when a user uses the token for the first time, injecting the TAC by using a user terminal and combining the TAC and the TIK into a seed file. The seed injection method has the advantages of injecting necessary seeds into a manufacturing shop and ensuring the safety of the token seeds.
Description
Technical field
The present invention relates to a kind of dynamic password processing method of computer system.
Background technology
Along with the develop rapidly of application systems such as ecommerce, E-Government, the dynamic password technology is the effective means of static password as an alternative, because it is easy to use, fail safe good, makes dynamic cipher system also obtain extensive use.
Dynamic password also claims disposal password, and it refers to user's password according to time or the continuous dynamic change of access times, and each password only uses once.Dynamic password adopts a kind of specialized hardware that is referred to as dynamic token, and built-in power, password generate chip and display screen.Can attach keyboard input PIN, also can not have keyboard, can carry out authentication according to the password that produces safety.Because the aggravation of network security threats, dynamic token have become the main tool that realizes the secure network authentication.
Dynamic cipher system generally is made up of the two large divisions, and a part is a dynamic token, i.e. the terminal equipment of holding in user's hand, and another part is the background system that is used to verify dynamic password.Dynamic token is made up of liquid crystal display screen, power supply, MCU, grouting socket and dynamic token relative program and data etc., and the partial dynamic token also has input keyboard.Generally, dynamic token is by the one-shot forming of token manufactory, and the input related data, and the token seed that is produced by server is also by pouring into token on the makers' production line.Because the device fabrication link is numerous, so the injection of the seed of dynamic token exists security hidden trouble can not be ignored.
Summary of the invention
The purpose of this invention is to provide a kind of dynamic token seed key injection method, the seed that the invention solves dynamic token injects and has security hidden trouble.The present invention realizes and can inject necessary seed at workshop, can guarantee the seed method for implanting of the fail safe of token seed again.
A kind of dynamic token seed key injection method of the present invention may further comprise the steps:
(1) dynamic cipher system by server is divided into TIK and two files of TAC with the seed in the token, and TIK is distributed to token production firm, and TAC is kept in the data in server storehouse;
(2) token production firm is printed on message sequence number on the token, and the TIK of correspondence is write token;
(3) token is distributed in user's hand, and the user also will obtain corresponding TAC simultaneously, and the distribution of TAC is without token production firm;
(4) user uses subscriber terminal equipment to inject TAC, with TAC and TIK syndeme subfile when using token for the first time.
Further, a kind of dynamic token seed key injection method of the present invention also has following characteristics: in (four) step, the used terminal equipment of user comprises:
Microcomputer, the processor with cryptographic calculations ability, inside has the RAM memory, is used for stored program and seed data;
Display is used for display password and information;
Keyboard connects microcomputer, and input information;
Flow into interface, connect microcomputer, be used for carrying out the disposable interface of system initialization and seed injection, after initialization was finished, this interface was closed;
Real-time clock provides pulse signal by the high-precision quartz crystal, as clock, keeps the time synchronized with server end.
A kind of dynamic token seed key injection method of invention, dynamic cipher system is with the seed in the token (Seed) separated into two parts (TIK and TAC), TIK injects on token manufacturer streamline, and TAC is in the input of token distribution terminal, at the inner synthetic complete seed of token device.
In order to obtain seed, the TIK of manufactory's injection and the TAC of user's injection are done following computing:
Seed=COMPOSE(TAC,TIK)
Seed composition algorithm of the present invention can use multiple algorithm, and the present invention is not limited to specific algorithm.
Owing to adopted such scheme, the fail safe that key is injected is higher, even the data victim of manufacturer is stolen, because the assailant lacks the TAC data of bank inside, can't implement effectively to attack to token.Simultaneously, even the business personnel of token distribution terminal has write down the TAC of User Token, but do not know to cause security threat to token by TIK.
For the token of subsidiary keyboard, can realize injection measure of the present invention by token keyboard input TAC, more simple and efficient than using cable connection token to inject, and also cost is lower.
Description of drawings
Fig. 1 is the flow chart of dynamic token seed injection process of the present invention;
Fig. 2 is a ustomer premises access equipment connection diagram of the present invention.
Embodiment
Below in conjunction with accompanying drawing and with illustrated embodiments the present invention is done detailed explanation.
Consult Fig. 1, a kind of dynamic token seed key injection method may further comprise the steps:
(1) dynamic cipher system by server is divided into TIK and two files of TAC with the seed in the token, and TIK is distributed to token production firm, and TAC is kept in the data in server storehouse, synthesizes seed file according to hmac algorithm then and is saved in the database;
(2) token production firm is printed on message sequence number on the token, and the TIK of correspondence is write token, and token has just been made and finished like this;
(3) token is distributed in user's hand, and the user also will obtain corresponding TAC simultaneously, and the distribution of TAC is without token production firm;
(4) user uses subscriber terminal equipment to inject TAC when using token for the first time, with TAC and TIK syndeme subfile, produces real token seed.
Consult Fig. 2, a kind of dynamic token seed key injection method, in (four) step, the used terminal equipment of user comprises:
Microcomputer (MCU), the processor with cryptographic calculations ability, inside has the RAM memory, is used for stored program and seed data;
Display is used for display password and information;
Keyboard connects microcomputer, and input information, comprises numerical key, function key and power key;
Flow into interface, connect microcomputer, be used for carrying out the disposable interface of system initialization and seed injection, after initialization was finished, this interface was closed;
Real-time clock provides pulse signal by the high-precision quartz crystal, as clock, keeps the time synchronized with server end;
Power supply, the high power capacity lithium battery provides electric power.
Following HMAC-SHA-SHA1 is that example is described specific implementation method of the present invention in detail.Dynamic cipher system is with the seed in the token (Seed) separated into two parts (TIK and TAC), and TIK injects on token manufacturer streamline.Token is distributed to each token distribution terminal, when the user applies to get token, personnel import TAC in token distribution terminal by token distribution terminal traffic, carry out following computing in token device inside and synthesize complete seed: with TAC as key, TIK is as message, (TAC TIK) is kept at seed in the memory block of token then to calculate seed seed=HMAC-SHA-SHA1.Carry out the seed of computing as later token.
The detailed process of HMAC-SHA-1 is as follows: 1) if the length of TAC surpasses 64 bytes, earlier TAC is hash computing SHA-1, obtains K, otherwise directly with TAC as K, 1) 0x36 with K and 64 bytes does XOR, and TIK is gone up in splicing then, does the hash computing again and obtains hash H1 as a result; 2) 0x5C of K and 64 bytes does XOR, and H1 is gone up in splicing then, do again the hash computing obtain the hash result be exactly the result of HMAC-SHA-XXX be exactly Seed.
The foregoing description only is a preferred embodiment of the present invention, and in essence intention scope of the present invention, the algorithm that the present invention adopts can have many variations or replacement, and the variation of these algorithms or replacement should not got rid of outside protection scope of the present invention.
Claims (2)
1. a dynamic token seed key injection method is characterized in that, may further comprise the steps:
(1) dynamic cipher system by server is divided into TIK and two files of TAC with the seed in the token, and TIK is distributed to token production firm, and TAC is kept in the data in server storehouse;
(2) token production firm is printed on message sequence number on the token, and the TIK of correspondence is write token;
(3) token is distributed in user's hand, and the user also will obtain corresponding TAC simultaneously, and the distribution of TAC is without token production firm;
(4) user uses subscriber terminal equipment to inject TAC, with TAC and TIK syndeme subfile when using token for the first time.
2. a kind of dynamic token seed key injection method as claimed in claim 1 is characterized in that: in (four) step, the used terminal equipment of user comprises:
Microcomputer, the processor with cryptographic calculations ability, inside has the RAM memory, is used for stored program and seed data;
Display is used for display password and information;
Keyboard connects microcomputer, and input information;
Flow into interface, connect microcomputer, be used for carrying out the disposable interface of system initialization and seed injection, after initialization was finished, this interface was closed;
Real-time clock provides pulse signal by the high-precision quartz crystal, as clock, keeps the time synchronized with server end.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010001029A CN101826957A (en) | 2010-01-19 | 2010-01-19 | Dynamic token seed key injection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010001029A CN101826957A (en) | 2010-01-19 | 2010-01-19 | Dynamic token seed key injection method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101826957A true CN101826957A (en) | 2010-09-08 |
Family
ID=42690679
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201010001029A Pending CN101826957A (en) | 2010-01-19 | 2010-01-19 | Dynamic token seed key injection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101826957A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102307095A (en) * | 2011-04-27 | 2012-01-04 | 上海动联信息技术有限公司 | Injection and deformation method for seed key of dynamic token |
CN104660410A (en) * | 2014-05-23 | 2015-05-27 | 北京集联网络技术有限公司 | Token parameter filling equipment, filling data processing equipment and filling method |
CN108400868A (en) * | 2018-01-17 | 2018-08-14 | 深圳市文鼎创数据科技有限公司 | Storage method, device and the mobile terminal of seed key |
-
2010
- 2010-01-19 CN CN201010001029A patent/CN101826957A/en active Pending
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102307095A (en) * | 2011-04-27 | 2012-01-04 | 上海动联信息技术有限公司 | Injection and deformation method for seed key of dynamic token |
WO2012145873A1 (en) * | 2011-04-27 | 2012-11-01 | 上海动联信息技术有限公司 | Dynamic token seed key injection and deformation method |
CN104660410A (en) * | 2014-05-23 | 2015-05-27 | 北京集联网络技术有限公司 | Token parameter filling equipment, filling data processing equipment and filling method |
CN104660410B (en) * | 2014-05-23 | 2018-03-30 | 北京集联网络技术有限公司 | A kind of token parameter filling apparatus, filling data processing equipment |
CN108400868A (en) * | 2018-01-17 | 2018-08-14 | 深圳市文鼎创数据科技有限公司 | Storage method, device and the mobile terminal of seed key |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111130757B (en) | Multi-cloud CP-ABE access control method based on block chain | |
CN102625939B (en) | System and method for managing electronic assets | |
CN100464549C (en) | Method for realizing data safety storing business | |
CN102685093A (en) | Mobile-terminal-based identity authentication system and method | |
CN107948156A (en) | The closed key management method and system of a kind of identity-based | |
CN102945356B (en) | The access control method of search engine under cloud environment and system | |
CN105117658B (en) | A kind of cryptosecurity management method and equipment based on finger print identifying | |
CN103927462B (en) | The remote calibration method of real-time time in software protecting equipment | |
CN105915338A (en) | Key generation method and key generation system | |
CN101741565A (en) | Method and system for transmitting IC (integrated circuit)-card application data | |
CN206611427U (en) | A kind of key storage management system based on trust computing device | |
CN107609410A (en) | Android system data guard method, terminal device and storage medium based on HOOK | |
CN106936588A (en) | A kind of trustship method, the apparatus and system of hardware controls lock | |
CN105553667A (en) | Dynamic password generating method | |
CN113344222A (en) | Safe and credible federal learning mechanism based on block chain | |
CN113593085A (en) | Door lock temporary password generation method, system, equipment and storage medium | |
CN101826957A (en) | Dynamic token seed key injection method | |
CN103384249B (en) | Network access verifying method, Apparatus and system, certificate server | |
CN107733936B (en) | Encryption method for mobile data | |
CN104468491A (en) | Virtual desktop system and method based on secure channel | |
CN102315943A (en) | Dynamic token possessing seed automation deformation, dynamic password authentication system and method thereof | |
CN105471577A (en) | Anti-leakage key encryption method based on 3D modeling | |
CN101127013A (en) | Enciphered mobile storage apparatus and its data access method | |
CN104410498A (en) | Dynamic password authentication method and system | |
CN117097526A (en) | Block chain-based data security sharing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20100908 |