CN102202300A - System and method for dynamic password authentication based on dual channels - Google Patents
System and method for dynamic password authentication based on dual channels Download PDFInfo
- Publication number
- CN102202300A CN102202300A CN2011101588106A CN201110158810A CN102202300A CN 102202300 A CN102202300 A CN 102202300A CN 2011101588106 A CN2011101588106 A CN 2011101588106A CN 201110158810 A CN201110158810 A CN 201110158810A CN 102202300 A CN102202300 A CN 102202300A
- Authority
- CN
- China
- Prior art keywords
- client
- transaction
- request
- dynamic
- channel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a system and method for dynamic password authentication based on dual channels, which are used in the technical field of information in order to solve the problem that account information is stolen and illegally used. According to the invention, another channel, such as a link of a user cell phone client or a dynamic token, is added on the basis that dynamic password generation and authentication is realized via one channel in the prior art, so as to ensure that a user confirms transaction information through the second channel client; a challenge code is generated according to the transaction information, a dynamic password is generated according to the challenge code, as a result, the user can validate personal transaction information when conducting e-banking-related operations; and the transaction information is used as a challenge factor to generate a dynamic authentication password, and the dynamic authentication password is authenticated through an authentication server to realize safe transaction. In the embodiment of the invention, by means of diversified and complex association information and a challenge token at the cell phone client, the transaction action is prevented from falsification when a user logs in or performs account-related operations, thereby the safety during dynamic password authentication is further reinforced, the account using safety for users is increased and the user experience is enhanced.
Description
Technical field
The present invention relates to a kind of areas of information technology, relate in particular to a kind of based on twin-channel dynamic cipher authentication system and method.
Background technology
Along with the development in application of IC cards field, the user is also more and more higher to the requirement of the application function of smart card, wishes that smart card can provide increasing application function, to satisfy people's fail safe, convenience and diversified demand in use.But the networking of information application system realizes information sharing and extensively and profoundly application the time, also brought the problem of Information Security, if there are not enough safety guarantee, information stores on public communication network, share and transmission just might be by illegal wiretapping, intercept, distort or damage, the development of information technology makes that information security issue also more and more is people's concern.
The most common and simple access control method is by the coupling of static password being confirmed the authenticity of user identity in information network.Yet there are a lot of defectives in traditional static password, and for example, password is guessed by the people easily or obtained by approach such as communication engineering sciences, is spied on by the people easily during the input password etc.Therefore the situation that has the method control static password that adopts disposal password to be stolen and cause account to be lost, though yet disposal password is strongr than reusable static password, but still there is the weakness that is utilized in they, and disposal password still is single factor authentication, rather than powerful authentification of user.
A kind of way that solves the static password fail safe is to use dynamic password (One-time Password-OTP), and it refers to user's password according to time or the continuous dynamic change of access times, and each password only uses once.Dynamic password adopts a kind of specialized hardware that is referred to as dynamic password, and built-in power, password generate chip and display screen.Password generates the special cryptographic algorithm of chip operation, generates current password and is presented on the display screen according to current time or access times.Certificate server adopts the identical current valid password of algorithm computation.Because each password that uses must be produced by dynamic token, has only validated user to hold this hardware, as long as password authentification is passed through, system just can think that this user's identity is reliable.And the each password that uses of user is all different, even the hacker has intercepted and captured password one time, also can't utilize the counterfeit validated user identity of this password.
Dynamic cipher verification carries out the fail safe of account information access and other operations to a certain degree having strengthened the user, but still can't guarantee when existing information to steal.Some for example present fishing websites, it is by introducing the illegal website with the user, the closely similar user interface in website with regular Web bank is provided, lure that the user has just imported user's oneself accounts information under vigilant inadequately situation, as user name password even dynamic authentication password, fishing website is logined to regular Net silver website after obtaining this information immediately, carries out the operation of Web bank then, as transfer accounts or Net silver consumption, caused very big loss to the user.
In addition, because the fast development of ecommerce and government utility support to paying by mails, various shoppings online, group buying websites, the government utility payment platform emerges in an endless stream, and along with the development of third party's payment platform, the agility of online account transfer and shopping payment attract people more and more frequent carry out online payment, use the Net silver system, the user just more and more is subjected to banking system and user's care in the fail safe of carrying out Net silver account operation, therefore, the security certification system of releasing a kind of strong bank account is just extremely urgent, thereby makes the use Web bank that the user can be relieved.
Summary of the invention
The purpose of the embodiment of the invention is the defective that the present situation stolen at information and prior art exist, provide a kind of based on twin-channel dynamic cipher authentication system and method, it is by carrying out on the basis of dynamic cipher verification at existing practical smart card token to certificate server, use dynamic token in user mobile phone client, when making the user carry out transaction request at the Net silver interface, carry out Transaction Information affirmation and dynamic password generation by cell-phone customer terminal, carry out twin-channel affirmation of Transaction Information and checking, carry out dynamic cipher verification to certificate server at last, realize Secure Transaction.
In order to reach the foregoing invention purpose, the embodiment of the invention has proposed a kind of based on twin-channel dynamic cipher authentication system, and described system realizes by following technical scheme:
A kind of based on twin-channel dynamic cipher authentication system, described system comprises:
The first passage client is used for receiving user's transaction request, and is cached in the bank server;
The second channel client, be used for submitting to user's the request of landing to give bank server, and by after landing checking, obtain the Transaction Information of described transaction request to bank server, after the affirmation of carrying out described Transaction Information, the standard time of obtaining according to described Transaction Information and time of disclosure source server generates one group of second channel client dynamic password, and described second channel client dynamic password and Transaction Information are sent to bank server;
Bank server is used for verifying the request of landing from described second channel client, and according to the second channel client dynamic password that receives, obtains and send described Transaction Information and second channel client dynamic password to certificate server;
Certificate server is used for receiving the second channel client dynamic password that sends from bank server, and according to the dynamic authentication password that self generates, carry out dynamic cipher verification after, authentication result is returned to bank server.
In order to realize aforementioned goal of the invention, the embodiment of the invention has also proposed a kind of based on twin-channel dynamic cipher authentication method, and described method is achieved through the following technical solutions:
A kind of based on twin-channel dynamic cipher authentication method, described method comprises:
Receive the transaction request that the user sends from the first passage client, and be cached in the bank server;
Second channel client and bank server two-way handshake authentication, and set up the SSL link;
The second channel client submits to user's the request of landing to give bank server;
The bank server checking is from the request of landing of described second channel client;
The second channel client is obtained the Transaction Information of described transaction request to bank server, and is carried out the affirmation of described Transaction Information by behind the debarkation authentication;
The second channel client generates the cell-phone customer terminal dynamic password according to the standard time that described Transaction Information and time of disclosure source server obtain, and described second channel client dynamic password and Transaction Information are sent to bank server;
Bank server obtains and sends described Transaction Information and second channel client dynamic password to certificate server according to the second channel client dynamic password that receives;
Certificate server receives the second channel client dynamic password that sends from bank server, and according to the dynamic authentication password that self generates, carry out dynamic cipher verification after, authentication result is returned to bank server.
Compared with prior art, the embodiment of the invention is passed through to increase another passage on the existing basis of realizing the dynamic password generation by a passage and authenticating based on the dynamic cipher authentication system and the method for binary channels realization Secure Transaction, link as cell-phone customer terminal foundation, adopt dynamic token, make the user confirm Transaction Information, and according to Transaction Information generation dynamic password, make that the user can be when carrying out the Net silver operation, can verify the Transaction Information of oneself, and adopt this Transaction Information as the challenge factor, generate the dynamic authentication password, authenticate to certificate server, thereby the user is carrying out the account when operating, the visible affirmation of carrying out Transaction Information, increase transaction security, and by related information variation and complicated, prevent that transaction movement from being distorted, certificate server compares checking to second channel client dynamic password and dynamic authentication password, fail safe when further having strengthened dynamic cipher verification, improve the user and used account's fail safe, and made full use of the function of mobile phone itself, strengthened user experience.
Description of drawings
By the description of its exemplary embodiment being carried out below in conjunction with accompanying drawing, the above-mentioned feature and advantage of the present invention will become apparent and understand easily.
Fig. 1 is 1 one kinds of composition schematic diagrames based on twin-channel dynamic cipher authentication system of the embodiment of the invention;
Fig. 2 is 2 one kinds of information exchange configuration diagram based on twin-channel dynamic cipher authentication system of the embodiment of the invention;
Fig. 3 concludes the business when second client is cell-phone customer terminal the affirmation flow process of cell-phone customer terminal for the embodiment of the invention 3 binary channels;
Fig. 4 is the composition schematic diagrames of the embodiment of the invention 4 another kinds based on twin-channel dynamic cipher authentication system;
Fig. 5 is the composition schematic diagrames of the embodiment of the invention 5 another kinds based on twin-channel dynamic cipher authentication system;
Fig. 6 is the composition schematic diagrames of the embodiment of the invention 6 another kinds based on twin-channel dynamic cipher authentication system;
Fig. 7 is 7 one kinds of flow charts based on twin-channel dynamic cipher authentication method of the embodiment of the invention;
Fig. 8 is the information flow chart that the embodiment of the invention 8 realizes money transfer transactions.
Embodiment
Below in conjunction with accompanying drawing the present invention is described in further detail.
As shown in Figure 1, for 1 one kinds of the embodiment of the invention based on twin-channel dynamic cipher authentication system, described system comprises:
The first passage client is used for receiving user's transaction request, and is cached in the bank server;
The second channel client, be used for submitting to user's the request of landing to give bank server, and by after landing checking, obtain the Transaction Information of described transaction request to bank server, after the affirmation of carrying out described Transaction Information, the standard time of obtaining according to described Transaction Information and time of disclosure source server generates one group of second channel client dynamic password, and described second channel client dynamic password and Transaction Information are sent to bank server;
Bank server is used for verifying the request of landing from described second channel client, and according to the second channel client dynamic password that receives, obtains and send described Transaction Information and second channel client dynamic password to certificate server;
Certificate server is used for receiving the second channel client dynamic password that sends from bank server, and according to the dynamic authentication password that self generates, carry out dynamic cipher verification after, authentication result is returned to bank server.
Further preferably, described bank server is used to also verify that the user before the first passage client is submitted transaction request to, according to bank's card number and static password, lands request.
As shown in Figure 2, the embodiment of the invention 2 is a kind of information exchange framework signal based on twin-channel dynamic cipher authentication system, with the first passage client is the WEB client, second client is that cell-phone customer terminal is an example, bank server among the figure, the connected mode of WEB client and server, cell-phone customer terminal and certificate server, method for interchanging data are as described below.
The user is landing or follow-up needs when carrying out other accounts' operations as account transfer for the first time, often need input or read account number and static password, but it is a lot of that the information during owing to network or data communication is now stolen means, cause the insecurity of information, so be necessary user profile is carried out strong authentication, avoid the lawless person to steal information and carry out the illegal operation of account's property.
The account lands the embodiment of the invention 2, authentication request except being undertaken by the traditional WEB of Web bank client, and transaction request and this passage of transaction operation dynamic cipher verification, also increased the affirmation of second channel client such as cell-phone customer terminal to the obtaining of transaction request, Transaction Information, and with Transaction Information as the challenge factor generate a cell-phone customer terminal dynamic password, make follow-up according to this cell-phone customer terminal dynamic password certificate server conclude the business the operation authentication.
Therefore, dynamic password generates the information that the factor not only comprises user self, also comprises the account's that the user need change over to information, as changes account's account number over to; Also can comprise the amount of money that changes over to, even comprise temporal information, like this, generate challenge code according to the above factor, and finally generate dynamic password, carry out the authentication of customer transaction information, avoid the lawless person to steal the action of transferring accounts behind the authentication code, in addition, repeatedly transfer accounts as need, then each Transaction Information is all obtained by cell-phone customer terminal by the user and confirms, and need repeatedly authenticate to certificate server according to this Transaction Information generation dynamic password, and just can avoid stealing the property loss that causes because of information like this.
Be illustrated in figure 3 as the embodiment of the invention 3 binary channels trade confirmation cell-phone customer terminal flow processs.
When the user starts cell-phone customer terminal,, then create PIN code and repeat input validation if start this client for the first time; If not for the first time starting client, then directly import the PIN identifying code and verify, if failure then return error message and point out retry; If success, then carry out verification process: judge whether to bind card number, if not binding, then point out the user to input card number, password and identification card number, can also attach phone number and carry out verification, if bound card number, then directly input card number and password lands, can also be with phone number as check code.
After the above debarkation authentication success, show that then trade confirmation tabulates to the user, and demonstrate detailed Transaction Information, the user confirms as cell-phone customer terminal whether Transaction Information is correct, if mistake by the second channel client, then carry out fault processing, if Transaction Information is correct, then grasp the time from the time of disclosure source server, generate the challenge code union according to Transaction Information and generate dynamic password; After generating dynamic password, the user can manually import this mobile phone dynamic password in the bank net website, also can directly submit to this dynamic password to bank server to compare by the cell-phone customer terminal backstage, by bank server second channel client dynamic password is sent to certificate server, behind the certificate server return authentication result, trade confirmation is finished.
Thus, by related information variation and complicated, prevented that transaction movement from being distorted, certificate server compares checking to second channel client dynamic password and dynamic authentication password, fail safe when further having strengthened dynamic cipher verification, improve the user and used account's fail safe, strengthened user experience.
Further preferably, as shown in Figure 4, described second channel client specifically comprises:
The encryption and decryption module is used for using enciphering and deciphering algorithm that the needs canned data is carried out the encryption and decryption operation;
The trade confirmation module is used for obtaining and confirms that the Transaction Information from the transaction request that bank server obtains confirms process to finish Transaction Information;
Challenge formula dynamic password module is used for standard time of obtaining according to the Transaction Information in the described transaction request and time of disclosure source server generating second channel client dynamic password;
The secure communication module, be used for and bank server between two-way handshake confirm identity separately, set up encrypted link, and in the link communication process, transmission information carried out encryption and decryption.
Further preferably, as shown in Figure 4, further preferably, described second channel client trade confirmation module also is used for when described transaction request when being a plurality of, and the transaction record that obtains from bank server in the trade confirmation module is concentrated and selected a transaction request.
Further preferably, described transaction request comprises transfer request, and further, described Transaction Information comprises the other side's account number, transaction journal number, dealing money or other Transaction Information except that the amount of money.
The user may carry out the repeatedly operation of transaction request by the WEB client of Web bank, these transaction request comprise the information of transaction, the information of transferring accounts as transfer request, described account transfer information may comprise the other side's number of the account, the amount of money of transferring accounts, and time of disclosure source server standard time of obtaining, these transaction request are kept in by bank server in the mode of transaction record collection, cell-phone customer terminal is by behind the debarkation authentication of bank server, obtain this transaction record collection, and therefrom select the transaction that to carry out, the dynamic cipher verification of concluding the business has increased the fail safe of transaction, realizes Secure Transaction.
Further preferably, as shown in Figure 5, described bank service implement body comprises:
Receiver module is used for receiving transaction request, the second channel client dynamic password of sending from the first passage client, or from the request of landing, the second channel client dynamic password of second channel client, or the authentication result of sending from certificate server;
Land authentication module, be used for verifying the request of landing that the user sends from first passage client or second channel client;
Cache module is used for the described transaction request of buffer memory;
Sending module is used for sending described second channel client dynamic password and Transaction Information to described certificate server.
Further preferably, described sending module also is used for sending message to first passage client and/or second channel client according to described authentication result.
The second channel client can be obtained the result of transaction dynamic cipher verification by bank server, further whether transaction is carried out, and the affirmation of transaction results, owing to increased the validation of information of the cell-phone customer terminal that the user passes through, make each step operation all by user's finding, increased fail safe, and increased the experience that the user uses the Net silver system, strengthened the confidence of user the Net silver handling safety.
Further preferably, as shown in Figure 6, described authentication service implement body comprises:
Receiver module is used for receiving described second channel client dynamic password and the Transaction Information of sending from bank server;
Dynamic password generation modules is used for the basis dynamic password generating algorithm identical with the second channel client, generates the dynamic authentication password;
Authentication module is used for the dynamic authentication password that generates according to self, carry out the dynamic password comparison after, authentication result is returned to bank server.
Further preferably, described cell-phone customer terminal is connected communication with bank server by the SSL link.
The above embodiment of the present invention can carry out various deformation or combination, and one of ordinary skill in the art of the present invention can know that the distortion of any above embodiment or any composition are all within protection scope of the present invention.
Compared with prior art, the embodiment of the invention realizes that based on binary channels the dynamic cipher authentication system of Secure Transaction passes through to increase the link of another passage such as user mobile phone client on the existing basis that generates and authenticate by passage realization dynamic password, and make the user confirm Transaction Information by cell-phone customer terminal, generate dynamic password according to Transaction Information, make that the user can be when carrying out the Net silver operation, can verify the Transaction Information of oneself, and adopt this Transaction Information as the challenge factor, generate the dynamic authentication password, authenticate to certificate server, thereby the user is carrying out the account when operating, the visible affirmation of carrying out Transaction Information, increase transaction security, and by related information variation and complicated, prevent that transaction movement from being distorted, certificate server compares checking to cell-phone customer terminal dynamic password and dynamic authentication password, fail safe when further having strengthened dynamic cipher verification, improve the user and used account's fail safe, and made full use of the function of mobile phone itself, strengthened user experience.
As shown in Figure 7, in order to realize aforementioned goal of the invention, the embodiment of the invention has also proposed a kind of based on twin-channel dynamic cipher authentication method, and described method is achieved through the following technical solutions:
A kind of based on twin-channel dynamic cipher authentication method, said method comprising the steps of:
S101. receive the transaction request that the user sends from the first passage client, and be cached in the bank server;
S102. second channel client and bank server two-way handshake authentication, and set up the SSL link;
S103. the second channel client submits to user's the request of landing to give bank server;
S104. the bank server checking is from the request of landing of described second channel client;
S105. the second channel client is obtained the Transaction Information of described transaction request to bank server, and is carried out the affirmation of described Transaction Information by behind the debarkation authentication;
S106. the second channel client generates the cell-phone customer terminal dynamic password according to the standard time that described Transaction Information and time of disclosure source server obtain, and described second channel client dynamic password and Transaction Information are sent to bank server;
S107. bank server obtains and sends described Transaction Information and second channel client dynamic password to certificate server according to the second channel client dynamic password that receives;
S108. certificate server receives the second channel client dynamic password that sends from bank server, and according to the dynamic authentication password that self generates, carry out dynamic cipher verification after, authentication result is returned to bank server.
Further preferably, the WEB of the Web bank client that described first passage client is a bank, described second channel client is a cell-phone customer terminal.
Further preferably, described method also comprises: the user according to bank's card number and static password, submits the request of landing by the WEB server to bank server before the WEB client is submitted transaction request to.
The user is landing or follow-up needs when carrying out other accounts' operations as account transfer for the first time, often need input or read account number and static password, but it is a lot of that the information during owing to network or data communication is now stolen means, cause the insecurity of information, so be necessary user profile is carried out strong authentication, avoid the lawless person to steal information and carry out the illegal operation of account's property.
Further preferably, described method also comprises, when described transaction request when being a plurality of, the second channel client is concentrated at the transaction record that obtains from bank server and selected a transaction request.
Further preferably, described transaction request comprises transfer request, and further, described Transaction Information comprises the other side's account number, transaction journal number, dealing money or other Transaction Information except that the amount of money.
The user may carry out the repeatedly operation of transaction request by the WEB client of Web bank, these transaction request comprise the information of transaction, the information of transferring accounts as transfer request, described account transfer information may comprise the other side's number of the account, the amount of money of transferring accounts, and the time of transfer request, these transaction request are kept in by bank server in the mode of transaction record collection, cell-phone customer terminal is by behind the debarkation authentication of bank server, obtain this transaction record collection, and therefrom select the transaction that to carry out, the dynamic cipher verification of concluding the business.
Further preferably, described method also comprises: described bank server also according to described authentication result send message to the first passage client or/and the second channel client.
Cell-phone customer terminal can obtain the result of transaction dynamic cipher verification by bank server, further whether transaction is carried out, and the affirmation of transaction results, owing to increased the validation of information of the cell-phone customer terminal that the user passes through, make each step operation all by user's finding, increased fail safe, and increased the experience that the user uses the Net silver system, strengthened the confidence of user the Net silver handling safety.
As shown in Figure 8, the embodiment of the invention realizes the flow chart of money transfer transactions, has described the embodiment of the invention among the figure in detail, gives unnecessary details no longer one by one here.
The above embodiment of the present invention can carry out various deformation or combination, and one of ordinary skill in the art of the present invention can know that the distortion of any above embodiment or any composition are all within protection scope of the present invention.
The above embodiment of the present invention is except passing through traditional passage, carry out as the WEB of Web bank client that the account lands, authentication request, and transaction request and this passage of transaction operation dynamic cipher verification, also increased another passage, as by the affirmation of cell-phone customer terminal to the obtaining of transaction request, Transaction Information, and with Transaction Information as the challenge factor generate a second channel client dynamic password, make follow-up according to this second channel client dynamic password certificate server conclude the business the operation authentication.
Therefore, dynamic password generates the information that the factor not only comprises user self, also comprises the account's that the user need change over to information, as changes account's account number over to; Also can comprise the amount of money that changes over to, even comprise current time information, like this, generate dynamic password according to the above factor, carry out the authentication of user profile, avoid the lawless person to steal the action of transferring accounts behind the authentication code, in addition, repeatedly transfer accounts as need, then each Transaction Information is all obtained by cell-phone customer terminal by the user and confirms, and need generate dynamic password according to this Transaction Information and repeatedly authenticate, and just can avoid stealing the property loss that causes like this because of information to certificate server.
Thus, by related information variation and complicated, prevented that transaction movement from being distorted, certificate server compares checking to cell-phone customer terminal dynamic password and dynamic authentication password, fail safe when further having strengthened dynamic cipher verification, improve the user and used account's fail safe, strengthened user experience.
Compared with prior art, the embodiment of the invention realizes that based on binary channels the dynamic cipher authentication method of Secure Transaction passes through to increase another passage on the existing basis that generates and authenticate by a passage realization dynamic password, as link by cell-phone customer terminal, and make the user confirm Transaction Information by cell-phone customer terminal, generate dynamic password according to Transaction Information, make that the user can be when carrying out the Net silver operation, can verify the Transaction Information of oneself, and adopt this Transaction Information as the challenge factor, generate the dynamic authentication password, authenticate to certificate server, thereby the user is carrying out the account when operating, the visible affirmation of carrying out Transaction Information, increase transaction security, and by related information variation and complicated, prevent that transaction movement from being distorted, certificate server compares checking to second channel client dynamic password and dynamic authentication password, fail safe when further having strengthened dynamic cipher verification, improve the user and used account's fail safe, and made full use of the function of mobile phone itself, strengthened user experience.
One of ordinary skill in the art of the present invention are appreciated that; the above embodiment of the present invention only is one of the preferred embodiments of the present invention; above embodiment can make combination in any; be the length restriction; here can not all execution modes of particularize; anyly can embody the execution mode of claim technical scheme of the present invention, all in protection scope of the present invention in the present invention.
It should be noted that; above content is to further describing that the present invention did in conjunction with concrete execution mode; can not assert that the specific embodiment of the present invention only limits to this; under above-mentioned guidance of the present invention; those skilled in the art can carry out various improvement and distortion on the basis of the foregoing description, and these improvement or distortion drop in protection scope of the present invention.
Claims (15)
1. one kind based on twin-channel dynamic cipher authentication system, it is characterized in that described system comprises:
The first passage client is used for receiving user's transaction request, and is cached in the bank server;
The second channel client, be used for submitting to user's the request of landing to give bank server, and by after landing checking, obtain the Transaction Information of described transaction request to bank server, after the affirmation of carrying out described Transaction Information, the standard time of obtaining according to described Transaction Information and time of disclosure source server generates one group of second channel client dynamic password, and described second channel client dynamic password and Transaction Information are sent to bank server;
Bank server is used for verifying the request of landing from described second channel client, and according to the second channel client dynamic password that receives, obtains and send described Transaction Information and second channel client dynamic password to certificate server;
Certificate server is used for receiving the second channel client dynamic password that sends from bank server, and according to the dynamic authentication password that self generates, carry out dynamic cipher verification after, authentication result is returned to bank server.
2. system according to claim 1 is characterized in that, described bank server is used to also verify that the user before the first passage client is submitted transaction request to, according to bank's card number and static password, lands request.
3. system according to claim 2 is characterized in that, described second channel client specifically comprises:
The encryption and decryption module is used for using enciphering and deciphering algorithm that the needs canned data is carried out the encryption and decryption operation;
The trade confirmation module is used for obtaining and confirms that the Transaction Information from the transaction request that bank server obtains confirms process to finish Transaction Information;
Challenge formula dynamic password module is used for standard time of obtaining according to the Transaction Information in the described transaction request and time of disclosure source server generating second channel client dynamic password;
The secure communication module, be used for and bank server between two-way handshake confirm identity separately, set up encrypted link, and in the link communication process, transmission information carried out encryption and decryption.
4. system according to claim 3 is characterized in that, described second channel client trade confirmation module also is used for when described transaction request when being a plurality of, and the transaction record that obtains from bank server in the trade confirmation module is concentrated and selected a transaction request.
5. system according to claim 1 is characterized in that, described bank service implement body comprises:
Receiver module is used for receiving transaction request, the second channel client dynamic password of sending from the first passage client, or from the request of landing, the second channel client dynamic password of second channel client, or the authentication result of sending from certificate server;
Land authentication module, be used for verifying the request of landing that the user sends from first passage client or second channel client;
Cache module is used for the described transaction request of buffer memory;
Sending module is used for sending described second channel client dynamic password and Transaction Information to described certificate server.
6. system according to claim 5 is characterized in that, described sending module also is used for sending message to first passage client and/or second channel client according to described authentication result.
7. system according to claim 1 is characterized in that, described authentication service implement body comprises:
Receiver module is used for receiving described second channel client dynamic password and the Transaction Information of sending from bank server;
Dynamic password generation modules is used for the basis dynamic password generating algorithm identical with the second channel client, generates the dynamic authentication password;
Authentication module is used for the dynamic authentication password that generates according to self, carry out the dynamic password comparison after, authentication result is returned to bank server.
8. according to any described system of claim 1 to 7, it is characterized in that described transaction request comprises transfer request, described Transaction Information comprises the other side's account number, transaction journal number, dealing money or other Transaction Information except that the amount of money.
9. according to any described system of claim 1 to 8, it is characterized in that, the WEB client that described first passage client is a Web bank of bank, described second channel client is a cell-phone customer terminal.
10. one kind based on twin-channel dynamic cipher authentication method, it is characterized in that described method comprises:
Receive the transaction request that the user sends from the first passage client, and be cached in the bank server;
Second channel client and bank server two-way handshake authentication, and set up the SSL link;
The second channel client submits to user's the request of landing to give bank server;
The bank server checking is from the request of landing of described second channel client;
The second channel client is obtained the Transaction Information of described transaction request to bank server, and is carried out the affirmation of described Transaction Information by behind the debarkation authentication;
The second channel client generates the cell-phone customer terminal dynamic password according to the standard time that described Transaction Information and time of disclosure source server obtain, and described second channel client dynamic password and Transaction Information are sent to bank server;
Bank server obtains and sends described Transaction Information and second channel client dynamic password to certificate server according to the second channel client dynamic password that receives;
Certificate server receives the second channel client dynamic password that sends from bank server, and according to the dynamic authentication password that self generates, carry out dynamic cipher verification after, authentication result is returned to bank server.
11. according to claim request 10 described methods, it is characterized in that described method also comprises: the user according to bank's card number and static password, submits the request of landing to bank server before first client is submitted transaction request to.
12., it is characterized in that described method also comprises according to claim request 11 described methods, when described transaction request when being a plurality of, the second channel client is concentrated at the transaction record that obtains from bank server and is selected a transaction request.
13. according to claim request 12 described methods, it is characterized in that described method also comprises: described bank server also sends message to first passage client and/or second channel client according to described authentication result.
14. according to claim request 10 to 13 any described methods, it is characterized in that, described transaction request comprises transfer request, and further, described Transaction Information comprises the other side's account number, transaction journal number, dealing money or other Transaction Information except that the amount of money.
15. according to claim request 10 to 14 any described methods, it is characterized in that, the WEB of the Web bank client that described first passage client is a bank, described second channel client is a cell-phone customer terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110158810.6A CN102202300B (en) | 2011-06-14 | 2011-06-14 | A kind of based on twin-channel dynamic cipher authentication system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110158810.6A CN102202300B (en) | 2011-06-14 | 2011-06-14 | A kind of based on twin-channel dynamic cipher authentication system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102202300A true CN102202300A (en) | 2011-09-28 |
| CN102202300B CN102202300B (en) | 2016-01-20 |
Family
ID=44662618
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110158810.6A Active CN102202300B (en) | 2011-06-14 | 2011-06-14 | A kind of based on twin-channel dynamic cipher authentication system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102202300B (en) |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102664736A (en) * | 2012-04-13 | 2012-09-12 | 天地融科技股份有限公司 | Electronic cipher generating method, device and equipment and electronic cipher authentication system |
| CN102982453A (en) * | 2012-11-09 | 2013-03-20 | 江苏乐买到网络科技有限公司 | Internet trading method utilizing dynamic key technology |
| CN103124252A (en) * | 2011-11-18 | 2013-05-29 | 华为软件技术有限公司 | Client application access authentication processing method and device |
| CN103139210A (en) * | 2013-02-06 | 2013-06-05 | 平安银行股份有限公司 | Method of safety authentication |
| CN103136881A (en) * | 2011-11-22 | 2013-06-05 | 中国银联股份有限公司 | Payment method and payment system |
| CN103491090A (en) * | 2013-09-23 | 2014-01-01 | 金蝶软件(中国)有限公司 | Safety authentication method, device and system |
| CN104077690A (en) * | 2014-06-24 | 2014-10-01 | 北京安讯奔科技有限责任公司 | One-time password generation method and device, authentication method and authentication system |
| CN104156859A (en) * | 2014-08-28 | 2014-11-19 | 上海众人科技有限公司 | Network transaction system and method based on dynamic passwords |
| CN104320422A (en) * | 2014-11-18 | 2015-01-28 | 中国建设银行股份有限公司 | Password management method, related device and system |
| JP2016042211A (en) * | 2014-08-13 | 2016-03-31 | 株式会社野村総合研究所 | Authentication system, authentication method, and authentication program |
| JP2016042210A (en) * | 2014-08-13 | 2016-03-31 | 株式会社野村総合研究所 | Authentication system, authentication method, and authentication program |
| JP2016086328A (en) * | 2014-10-28 | 2016-05-19 | 株式会社野村総合研究所 | Authentication system, authentication method and authentication program |
| CN106327194A (en) * | 2016-08-24 | 2017-01-11 | 北京信安世纪科技有限公司 | Password generation method and electronic equipment |
| CN106506143A (en) * | 2016-09-27 | 2017-03-15 | 天地融科技股份有限公司 | A kind of dynamic cipher generating method and device |
| JP2017536030A (en) * | 2014-10-21 | 2017-11-30 | ジェムアルト エスアー | Method for accessing services, corresponding first device, second device and system |
| CN107454111A (en) * | 2017-09-29 | 2017-12-08 | 南京中高知识产权股份有限公司 | Safety certificate equipment and its method of work |
| CN107534668A (en) * | 2015-04-17 | 2018-01-02 | 福蒂编码有限公司 | The method and system of transaction security |
| CN107707359A (en) * | 2017-11-09 | 2018-02-16 | 上海众人网络安全技术有限公司 | The method of calibration and device of a kind of electronic cipher device |
| WO2018108062A1 (en) * | 2016-12-15 | 2018-06-21 | 腾讯科技(深圳)有限公司 | Method and device for identity verification, and storage medium |
| CN108648286A (en) * | 2018-04-26 | 2018-10-12 | 常州信息职业技术学院 | A kind of parking charge system and its working method |
| CN109034822A (en) * | 2018-07-13 | 2018-12-18 | 广东深海信息科技有限公司 | A kind of password of the online bank verification method |
| CN109660549A (en) * | 2018-12-29 | 2019-04-19 | 贵阳朗玛信息技术股份有限公司 | A kind of video requency frame data packet sending, receiving method and device |
| CN115277118A (en) * | 2016-10-27 | 2022-11-01 | 大众汽车有限公司 | Method for managing communication connection, communication device, system and vehicle |
| CN115955364A (en) * | 2023-03-13 | 2023-04-11 | 长沙市中智信息技术开发有限公司 | User identity information confidentiality method and system of network bidding transaction system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222333A (en) * | 2007-12-24 | 2008-07-16 | 北京握奇数据系统有限公司 | Data transaction processing method and apparatus |
| US20090210720A1 (en) * | 2008-02-20 | 2009-08-20 | Tatung Company | Method for generating one-time password |
| CN101577917A (en) * | 2009-06-16 | 2009-11-11 | 深圳市星龙基电子技术有限公司 | Safe dynamic password authentication method based on mobile phone |
| CN101651675A (en) * | 2009-08-27 | 2010-02-17 | 北京飞天诚信科技有限公司 | Method and system for enhancing security of network transactions |
| CN101901306A (en) * | 2009-06-01 | 2010-12-01 | 北京焜安信息技术有限公司 | Network transaction encryption method and dynamic password equipment used by same |
-
2011
- 2011-06-14 CN CN201110158810.6A patent/CN102202300B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222333A (en) * | 2007-12-24 | 2008-07-16 | 北京握奇数据系统有限公司 | Data transaction processing method and apparatus |
| US20090210720A1 (en) * | 2008-02-20 | 2009-08-20 | Tatung Company | Method for generating one-time password |
| CN101901306A (en) * | 2009-06-01 | 2010-12-01 | 北京焜安信息技术有限公司 | Network transaction encryption method and dynamic password equipment used by same |
| CN101577917A (en) * | 2009-06-16 | 2009-11-11 | 深圳市星龙基电子技术有限公司 | Safe dynamic password authentication method based on mobile phone |
| CN101651675A (en) * | 2009-08-27 | 2010-02-17 | 北京飞天诚信科技有限公司 | Method and system for enhancing security of network transactions |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103124252B (en) * | 2011-11-18 | 2016-08-03 | 华为软件技术有限公司 | Client application access authentication treating method and apparatus |
| CN103124252A (en) * | 2011-11-18 | 2013-05-29 | 华为软件技术有限公司 | Client application access authentication processing method and device |
| CN103136881A (en) * | 2011-11-22 | 2013-06-05 | 中国银联股份有限公司 | Payment method and payment system |
| WO2013152735A1 (en) * | 2012-04-13 | 2013-10-17 | 天地融科技股份有限公司 | Electronic cipher generation method, apparatus and device, and electronic cipher authentication system |
| CN102664736A (en) * | 2012-04-13 | 2012-09-12 | 天地融科技股份有限公司 | Electronic cipher generating method, device and equipment and electronic cipher authentication system |
| CN102982453A (en) * | 2012-11-09 | 2013-03-20 | 江苏乐买到网络科技有限公司 | Internet trading method utilizing dynamic key technology |
| CN103139210A (en) * | 2013-02-06 | 2013-06-05 | 平安银行股份有限公司 | Method of safety authentication |
| CN103139210B (en) * | 2013-02-06 | 2016-09-14 | 平安银行股份有限公司 | A kind of safety certifying method |
| CN103491090A (en) * | 2013-09-23 | 2014-01-01 | 金蝶软件(中国)有限公司 | Safety authentication method, device and system |
| CN104077690A (en) * | 2014-06-24 | 2014-10-01 | 北京安讯奔科技有限责任公司 | One-time password generation method and device, authentication method and authentication system |
| CN104077690B (en) * | 2014-06-24 | 2020-08-28 | 北京安讯奔科技有限责任公司 | Method and device for generating one-time password, authentication method and authentication system |
| JP2016042211A (en) * | 2014-08-13 | 2016-03-31 | 株式会社野村総合研究所 | Authentication system, authentication method, and authentication program |
| JP2016042210A (en) * | 2014-08-13 | 2016-03-31 | 株式会社野村総合研究所 | Authentication system, authentication method, and authentication program |
| CN104156859B (en) * | 2014-08-28 | 2018-09-04 | 上海众人网络安全技术有限公司 | A kind of internet trading system and method based on dynamic password |
| CN104156859A (en) * | 2014-08-28 | 2014-11-19 | 上海众人科技有限公司 | Network transaction system and method based on dynamic passwords |
| JP2017536030A (en) * | 2014-10-21 | 2017-11-30 | ジェムアルト エスアー | Method for accessing services, corresponding first device, second device and system |
| JP2016086328A (en) * | 2014-10-28 | 2016-05-19 | 株式会社野村総合研究所 | Authentication system, authentication method and authentication program |
| CN104320422A (en) * | 2014-11-18 | 2015-01-28 | 中国建设银行股份有限公司 | Password management method, related device and system |
| CN107534668A (en) * | 2015-04-17 | 2018-01-02 | 福蒂编码有限公司 | The method and system of transaction security |
| CN106327194A (en) * | 2016-08-24 | 2017-01-11 | 北京信安世纪科技有限公司 | Password generation method and electronic equipment |
| CN106506143A (en) * | 2016-09-27 | 2017-03-15 | 天地融科技股份有限公司 | A kind of dynamic cipher generating method and device |
| CN106506143B (en) * | 2016-09-27 | 2019-10-22 | 天地融科技股份有限公司 | A kind of dynamic cipher generating method and device |
| CN115277118A (en) * | 2016-10-27 | 2022-11-01 | 大众汽车有限公司 | Method for managing communication connection, communication device, system and vehicle |
| WO2018108062A1 (en) * | 2016-12-15 | 2018-06-21 | 腾讯科技(深圳)有限公司 | Method and device for identity verification, and storage medium |
| CN107454111A (en) * | 2017-09-29 | 2017-12-08 | 南京中高知识产权股份有限公司 | Safety certificate equipment and its method of work |
| CN107707359A (en) * | 2017-11-09 | 2018-02-16 | 上海众人网络安全技术有限公司 | The method of calibration and device of a kind of electronic cipher device |
| CN107707359B (en) * | 2017-11-09 | 2021-07-06 | 上海众人网络安全技术有限公司 | Method and device for checking electronic cipher device |
| CN108648286A (en) * | 2018-04-26 | 2018-10-12 | 常州信息职业技术学院 | A kind of parking charge system and its working method |
| CN109034822A (en) * | 2018-07-13 | 2018-12-18 | 广东深海信息科技有限公司 | A kind of password of the online bank verification method |
| CN109660549A (en) * | 2018-12-29 | 2019-04-19 | 贵阳朗玛信息技术股份有限公司 | A kind of video requency frame data packet sending, receiving method and device |
| CN115955364A (en) * | 2023-03-13 | 2023-04-11 | 长沙市中智信息技术开发有限公司 | User identity information confidentiality method and system of network bidding transaction system |
| CN115955364B (en) * | 2023-03-13 | 2023-06-02 | 长沙市中智信息技术开发有限公司 | User identity information confidentiality method and system of network bidding transaction system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102202300B (en) | 2016-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102202300B (en) | A kind of based on twin-channel dynamic cipher authentication system and method | |
| CN104838629B (en) | Use mobile device and the method and system that are authenticated by means of certificate to user | |
| CN101222333B (en) | Data transaction processing method and apparatus | |
| CN103873244B (en) | Identity authentication method and system in mobile payment based on fingerprint identification | |
| US20090172402A1 (en) | Multi-factor authentication and certification system for electronic transactions | |
| CN103501191B (en) | A kind of mobile payment device based on NFC technology and method thereof | |
| CN102880960B (en) | Based on the payment by using short messages method and system of fingerprint recognition mobile phone | |
| US20160117673A1 (en) | System and method for secured transactions using mobile devices | |
| US20110103586A1 (en) | System, Method and Device To Authenticate Relationships By Electronic Means | |
| CN202210326U (en) | Personal payment terminal provided with keyboard | |
| CN104464117B (en) | Based on dynamic two-dimension code ATM (automatic teller machine) withdrawal method and system | |
| CN107784499B (en) | Secure payment system and method of near field communication mobile terminal | |
| CN101770619A (en) | Multiple-factor authentication method for online payment and authentication system | |
| TWI591553B (en) | Systems and methods for mobile devices to trade financial documents | |
| CN101340294A (en) | Cipher keyboard apparatus and implementing method thereof | |
| TWI775288B (en) | Payment token application method, equipment, system and server | |
| CN101561956A (en) | Method and system for information interaction | |
| WO2015135392A1 (en) | O2o secure payment method and system | |
| CN110278180A (en) | Exchange method, device, equipment and the storage medium of Financial Information | |
| CN102073803A (en) | Device, method and system for enhancing safety of USBKEY | |
| KR20120093596A (en) | System and method for transferring money using otp and qr-code | |
| CN107609878A (en) | A kind of safety certifying method and system of shared automobile | |
| EP2533486A1 (en) | Method to validate a transaction between a user and a service provider | |
| CN101901306A (en) | Network transaction encryption method and dynamic password equipment used by same | |
| CN102609842B (en) | A kind of payment cipher device based on hardware signature equipment and application process thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |