CN102202300B - A kind of based on twin-channel dynamic cipher authentication system and method - Google Patents

A kind of based on twin-channel dynamic cipher authentication system and method Download PDF

Info

Publication number
CN102202300B
CN102202300B CN201110158810.6A CN201110158810A CN102202300B CN 102202300 B CN102202300 B CN 102202300B CN 201110158810 A CN201110158810 A CN 201110158810A CN 102202300 B CN102202300 B CN 102202300B
Authority
CN
China
Prior art keywords
described
client
transaction
request
dynamic
Prior art date
Application number
CN201110158810.6A
Other languages
Chinese (zh)
Other versions
CN102202300A (en
Inventor
谈剑锋
Original Assignee
上海众人网络安全技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
Application filed by 上海众人网络安全技术有限公司 filed Critical 上海众人网络安全技术有限公司
Priority to CN201110158810.6A priority Critical patent/CN102202300B/en
Publication of CN102202300A publication Critical patent/CN102202300A/en
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=44662618&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=CN102202300(B) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application granted granted Critical
Publication of CN102202300B publication Critical patent/CN102202300B/en

Links

Abstract

The invention discloses a kind of based on twin-channel dynamic cipher authentication system and method, for areas of information technology, be stolen carry out the problem of illegal utilization to solve accounts information, it by increasing another passage on the existing basis being realized dynamic password generation and certification by a passage, as the link by user mobile phone client, by using dynamic token, user is made to confirm Transaction Information by second channel client, and according to Transaction Information challenge code, and generate dynamic password according to described challenge code, make user can carry out Net silver operation time, the Transaction Information of oneself can be verified, and adopt this Transaction Information as the challenge factor, generate dynamic authentication password, certification is carried out to certificate server, realize Secure Transaction.The embodiment of the present invention is diversified and complicated by related information, and cell-phone customer terminal challenge token, make user when carrying out logging in or account operates, prevent from transaction movement from being held to change, further enhance fail safe during dynamic cipher verification, improve the fail safe that user uses account, enhance Consumer's Experience.

Description

A kind of based on twin-channel dynamic cipher authentication system and method

Technical field

The present invention relates to a kind of areas of information technology, particularly relate to a kind of based on twin-channel dynamic cipher authentication system and method.

Background technology

Along with the development in application of IC cards field, the requirement of user to the application function of smart card is also more and more higher, wishes that smart card can provide increasing application function, to meet people's fail safe in use, convenience and diversified demand.But the networked realization information sharing of information application system and while applying extensively and profoundly, also the problem of Information Security is brought, if there is no enough safety guarantee, information stores on public communication network, share and transmission just likely can by illegal wiretapping, intercept, distort or damage, the development of information technology makes information security issue also be more and more people's concern.

In information network, the most common and simple access control method is the authenticity by confirming user identity to the coupling of static password.But traditional static password exists a lot of defect, such as, password is easily guessed by people or is obtained by approach such as communication engineering sciences, is easily spied on by people during input password.Therefore have and adopt the method for disposal password control static password to be stolen and the situation that causes account to be lost, but though disposal password is strongr than reusable static password, but still there is the weakness be utilized in them, and disposal password is still single factor test certification, instead of powerful user authentication.

A kind of way solving static password fail safe uses dynamic password (One-timePassword-OTP), and it refers to that the password of user is according to time or the continuous dynamic change of access times, and each password only uses once.Dynamic password adopts a kind of specialized hardware being referred to as dynamic password, built-in power, password generating chip and display screen.Password generating chip runs special cryptographic algorithm, generates current password and show on a display screen according to current time or access times.Certificate server adopts identical algorithm to calculate current valid password.Because the password used must be produced by dynamic token at every turn, only have validated user to hold this hardware, as long as so password authentification is passed through, system just can think that the identity of this user is reliable.And the password that user uses is all different at every turn, even if hacker has intercepted and captured a password, the counterfeit validated user identity of this password also cannot be utilized.

Dynamic cipher verification carries out the fail safe of account information access and other operations to a certain degree strengthening user, but still cannot ensure when there is information stealth.Some such as present fishing websites, it is by introducing illegal website by user, the user interface closely similar with regular Web bank website is provided, lure that user just have input the accounts information of user oneself when vigilant not into, as user name password even dynamic authentication password, fishing website arrives regular Net silver website immediately and logs in after obtaining this information, then carry out the operation of Web bank, as transferred accounts or Net silver consumption, cause very large loss to user.

In addition, because the fast development of ecommerce and government utility are to the support paid by mails, various shopping online, group buying websites, government utility payment platform emerges in an endless stream, and along with the development of Third-party payment platform, the agility that online account transfer and shopping pay attracts people to carry out online payment more and more frequently, use internet banking system, user is just more and more subject to the care of banking system and user in the fail safe carrying out Net silver account operation, therefore, the security certification system releasing a kind of strong bank account is just extremely urgent, thus make the use Web bank that user can be relieved.

Summary of the invention

The object of the embodiment of the present invention is the defect existed for present situation and the prior art of information stealth, there is provided a kind of based on twin-channel dynamic cipher authentication system and method, it is by carrying out on the basis of dynamic cipher verification at existing Practical Intelligent card token to certificate server, dynamic token is used in user mobile phone client, make user when transaction request is carried out at Net silver interface, carry out Transaction Information by cell-phone customer terminal to confirm and dynamic password generation, carry out the twin-channel confirmation of Transaction Information and checking, finally arrive certificate server and carry out dynamic cipher verification, realize Secure Transaction.

In order to reach foregoing invention object, the embodiment of the present invention proposes a kind of based on twin-channel dynamic cipher authentication system, and described system is realized by following technical scheme:

A kind of based on twin-channel dynamic cipher authentication system, described system comprises:

First passage client, is used for receiving the transaction request of user, and is cached in bank server;

Second channel client, be used for submitting to the log on request of user to bank server, and after passing through Sign-On authentication, the Transaction Information of described transaction request is obtained to bank server, after the confirmation carrying out described Transaction Information, generate one group of second channel client dynamic password according to the standard time that described Transaction Information and time of disclosure source server obtain, described second channel client dynamic password and Transaction Information are sent to bank server;

Bank server, is used for verifying from the log on request of described second channel client, and according to the second channel client dynamic password received, and obtains and sends described Transaction Information and second channel client dynamic password to certificate server;

Certificate server, is used for receiving the second channel client dynamic password sent from bank server, and according to the dynamic authentication password that self generates, after carrying out dynamic cipher verification, authentication result is returned to bank server.

In order to realize aforementioned invention object, the embodiment of the present invention also proposed a kind of based on twin-channel dynamic cipher authentication method, and described method is achieved through the following technical solutions:

A kind of based on twin-channel dynamic cipher authentication method, described method comprises:

Receive the transaction request that user sends from first passage client, and be cached in bank server;

Second channel client and bank server two-way handshake certification, and set up SSL link;

Second channel client submits to the log on request of user to bank server;

Bank server checking is from the log on request of described second channel client;

Second channel client, by after debarkation authentication, obtains the Transaction Information of described transaction request, and carries out the confirmation of described Transaction Information to bank server;

The standard time that second channel client obtains according to described Transaction Information and time of disclosure source server generates cell-phone customer terminal dynamic password, and described second channel client dynamic password and Transaction Information are sent to bank server;

Bank server, according to the second channel client dynamic password received, obtains and sends described Transaction Information and second channel client dynamic password to certificate server;

Certificate server receives the second channel client dynamic password sent from bank server, and according to the dynamic authentication password that self generates, after carrying out dynamic cipher verification, authentication result is returned to bank server.

Compared with prior art, the embodiment of the present invention based on binary channels realize the dynamic cipher authentication system of Secure Transaction and method by existing to be realized by a passage dynamic password generate and certification basis on increase another passage, as the link that cell-phone customer terminal is set up, adopt dynamic token, user is made to confirm Transaction Information, and generate dynamic password according to Transaction Information, make user can carry out Net silver operation time, the Transaction Information of oneself can be verified, and adopt this Transaction Information as the challenge factor, generate dynamic authentication password, certification is carried out to certificate server, thus user is when carrying out account and operating, the visible confirmation carrying out Transaction Information, increase transaction security, and it is diversified and complicated by related information, transaction movement is prevented to be tampered, certificate server carries out contrast verification to second channel client dynamic password and dynamic authentication password, further enhance fail safe during dynamic cipher verification, improve the fail safe that user uses account, and take full advantage of the function of mobile phone itself, enhance Consumer's Experience.

Accompanying drawing explanation

By the description carried out its exemplary embodiment below in conjunction with accompanying drawing, the above-mentioned feature and advantage of the present invention will become apparent and easy understand.

Fig. 1 is the composition schematic diagram of the embodiment of the present invention 1 one kinds based on twin-channel dynamic cipher authentication system;

Fig. 2 is the information exchange configuration diagram of the embodiment of the present invention 2 one kinds based on twin-channel dynamic cipher authentication system;

Fig. 3 is that the embodiment of the present invention 3 binary channels is concluded the business when the second client is cell-phone customer terminal, the confirmation flow process of cell-phone customer terminal;

Fig. 4 is the composition schematic diagram of the embodiment of the present invention 4 another kind based on twin-channel dynamic cipher authentication system;

Fig. 5 is the composition schematic diagram of the embodiment of the present invention 5 another kind based on twin-channel dynamic cipher authentication system;

Fig. 6 is the composition schematic diagram of the embodiment of the present invention 6 another kind based on twin-channel dynamic cipher authentication system;

Fig. 7 is the embodiment of the present invention 7 one kinds of flow charts based on twin-channel dynamic cipher authentication method;

Fig. 8 is the information flow chart that the embodiment of the present invention 8 realizes money transfer transactions.

Embodiment

Below in conjunction with accompanying drawing, the present invention is described in further detail.

As shown in Figure 1, for the embodiment of the present invention 1 one kinds is based on twin-channel dynamic cipher authentication system, described system comprises:

First passage client, is used for receiving the transaction request of user, and is cached in bank server;

Second channel client, be used for submitting to the log on request of user to bank server, and after passing through Sign-On authentication, the Transaction Information of described transaction request is obtained to bank server, after the confirmation carrying out described Transaction Information, generate one group of second channel client dynamic password according to the standard time that described Transaction Information and time of disclosure source server obtain, described second channel client dynamic password and Transaction Information are sent to bank server;

Bank server, is used for verifying from the log on request of described second channel client, and according to the second channel client dynamic password received, and obtains and sends described Transaction Information and second channel client dynamic password to certificate server;

Certificate server, is used for receiving the second channel client dynamic password sent from bank server, and according to the dynamic authentication password that self generates, after carrying out dynamic cipher verification, authentication result is returned to bank server.

Further preferably, described bank server is also submitted to before transaction request in first passage client for authentication of users, according to bank's card number and static password, carries out log on request.

As shown in Figure 2, the embodiment of the present invention 2 is that a kind of information exchange framework based on twin-channel dynamic cipher authentication system is illustrated, with first passage client for WEB client side, second client is cell-phone customer terminal is example, bank server in figure, the connected mode of WEB client side and server, cell-phone customer terminal and certificate server, method for interchanging data are as described below.

User to log in for the first time or follow-up need to carry out other accounts operation as account transfer time, often need input or read account number and static password, but because information stealth means when present network or data communication are a lot, cause the insecurity of information, so be necessary to carry out strong authentication to user profile, lawless person is avoided to steal information and carry out the illegal operation of account's property.

The embodiment of the present invention 2 is except carrying out account login, authentication request by traditional Web bank's WEB client side, and transaction request and this passage of transactional operation dynamic cipher verification, also add second channel client as the acquisition of cell-phone customer terminal to transaction request, the confirmation of Transaction Information, and Transaction Information is generated a cell-phone customer terminal dynamic password as the challenge factor, make the follow-up certification carrying out transactional operation according to this cell-phone customer terminal dynamic password at certificate server.

Therefore, dynamic password generates the information that the factor not only comprises user self, also comprises the information of the account that user's needs proceed to, as proceeded to the account number of account; Also the amount of money proceeded to can be comprised, even comprise temporal information, like this, challenge code is generated according to the above factor, and finally generate dynamic password, carry out the certification of customer transaction information, account transfer action is carried out after avoiding lawless person to steal authentication code, in addition, as need be repeatedly transferred accounts, then each Transaction Information all to be obtained by cell-phone customer terminal by user and confirms, and needs to generate dynamic password according to this Transaction Information and carry out repeatedly certification to certificate server, and such property loss just can avoided because information stealth causes.

Be illustrated in figure 3 the embodiment of the present invention 3 binary channels trade confirmation cell-phone customer terminal flow process.

When user starts cell-phone customer terminal, if first time starts this client, then create PIN code and repeat input validation; Start client if not first time, then directly input PIN identifying code and verify, if failure, return error message and point out retry; If success, then carry out verification process: judge whether to bind card number, if do not bound, user is then pointed out to input card number, password and identification card number, phone number can also be attached verify, if bind card number, then directly input card number and password log in, can also using phone number as check code.

After above debarkation authentication success, then show trade confirmation list to user, and demonstrate detailed Transaction Information, whether user is by second channel client, as correct in cell-phone customer terminal confirmation Transaction Information, if mistake, then carry out error handle, if Transaction Information is correct, then capture the time from time of disclosure source server, generate challenge code union according to Transaction Information and generate dynamic password; After generating dynamic password, user can manually input this mobile phone dynamic password in bank net website, also this dynamic password directly can be submitted to compare to bank server by cell-phone customer terminal backstage, by bank server, second channel client dynamic password is sent to certificate server, after certificate server return authentication result, trade confirmation completes.

Thus, diversified and complicated by related information, transaction movement is prevented to be tampered, certificate server carries out contrast verification to second channel client dynamic password and dynamic authentication password, further enhance fail safe during dynamic cipher verification, improve the fail safe that user uses account, enhance Consumer's Experience.

Further preferably, as shown in Figure 4, described second channel client specifically comprises:

Encryption/decryption module, is used for using enciphering and deciphering algorithm to carry out encryption and decryption operation to needing the information stored;

Trade confirmation module, is used for obtaining and confirms that the Transaction Information the transaction request obtained from bank server confirms process to complete Transaction Information;

Challenge formula dynamic password module, is used for the standard time obtained according to the Transaction Information in described transaction request and time of disclosure source server, generating second channel client dynamic password;

Secure communication module, is used for and between bank server, two-way handshake confirms respective identity, sets up encrypted link, and in link communication process, carries out encryption and decryption to transmission of information.

Further preferably, as shown in Figure 4, further preferably, described second channel client trade confirmation module is also used for, when described transaction request is multiple, concentrating selection one transaction request in trade confirmation module from the transaction record that bank server obtains.

Further preferably, described transaction request comprises transfer request, and further, described Transaction Information comprises account number, transaction journal number, dealing money or other Transaction Information except the amount of money.

User can carry out the repeatedly operation of transaction request by the WEB client side of Web bank, these transaction request comprise the information of transaction, as the transfer information of transfer request, described account transfer information may comprise the other side's account, transfer amounts, and the standard time that time of disclosure source server obtains, these transaction request are kept in by bank server in the mode of transaction record collection, cell-phone customer terminal is by after the debarkation authentication of bank server, obtain this transaction record collection, and therefrom select a transaction needing to carry out, carry out the dynamic cipher verification of concluding the business, add the fail safe of transaction, realize Secure Transaction.

Further preferably, as shown in Figure 5, described bank service implement body comprises:

Receiver module, is used for receiving transaction request, the second channel client dynamic password sent from first passage client, or from log on request, the second channel client dynamic password of second channel client, or from the authentication result that certificate server is sent;

Sign-On authentication module, is used for the log on request that authentication of users sends from first passage client or second channel client;

Cache module, is used for transaction request described in buffer memory;

Sending module, is used for sending described second channel client dynamic password and Transaction Information to described certificate server.

Further preferably, described sending module is also used for sending message to first passage client and/or second channel client according to described authentication result.

Second channel client obtains the result of transaction dynamic cipher verification by bank server, further whether transaction is carried out, and the confirmation of transaction results, owing to adding the validation of information of the cell-phone customer terminal that user passes through, make every single stepping all by user's finding, add fail safe, and add the experience that user uses internet banking system, enhance the confidence of user to Net silver handling safety.

Further preferably, as shown in Figure 6, described authentication service implement body comprises:

Receiver module, is used for receiving the described second channel client dynamic password and Transaction Information sent from bank server;

Dynamic password generation modules, is used for the basis dynamic password generating algorithm identical with second channel client, generates dynamic authentication password;

Authentication module, is used for, according to the dynamic authentication password of self generation, after carrying out dynamic password comparison, authentication result being returned to bank server.

Further preferably, described cell-phone customer terminal is undertaken being connected communication by SSL link with bank server.

The above embodiment of the present invention can carry out various deformation or combination, and one of ordinary skill in the art of the present invention can know, the distortion of any above embodiment or form arbitrarily, all within protection scope of the present invention.

Compared with prior art, the embodiment of the present invention realizes the dynamic cipher authentication system of Secure Transaction by increasing the link of another passage as user mobile phone client on the existing basis being realized dynamic password generation and certification by a passage based on binary channels, and make user confirm Transaction Information by cell-phone customer terminal, dynamic password is generated according to Transaction Information, make user can carry out Net silver operation time, the Transaction Information of oneself can be verified, and adopt this Transaction Information as the challenge factor, generate dynamic authentication password, certification is carried out to certificate server, thus user is when carrying out account and operating, the visible confirmation carrying out Transaction Information, increase transaction security, and it is diversified and complicated by related information, transaction movement is prevented to be tampered, certificate server carries out contrast verification to cell-phone customer terminal dynamic password and dynamic authentication password, further enhance fail safe during dynamic cipher verification, improve the fail safe that user uses account, and take full advantage of the function of mobile phone itself, enhance Consumer's Experience.

As shown in Figure 7, in order to realize aforementioned invention object, the embodiment of the present invention also proposed a kind of based on twin-channel dynamic cipher authentication method, and described method is achieved through the following technical solutions:

A kind of based on twin-channel dynamic cipher authentication method, said method comprising the steps of:

S101. receive the transaction request that user sends from first passage client, and be cached in bank server;

S102. second channel client and bank server two-way handshake certification, and set up SSL link;

S103. second channel client submits to the log on request of user to bank server;

S104. bank server checking is from the log on request of described second channel client;

S105. second channel client is by after debarkation authentication, obtains the Transaction Information of described transaction request, and carry out the confirmation of described Transaction Information to bank server;

S106. the standard time that second channel client obtains according to described Transaction Information and time of disclosure source server generates cell-phone customer terminal dynamic password, and described second channel client dynamic password and Transaction Information are sent to bank server;

S107. bank server is according to the second channel client dynamic password received, and obtains and sends described Transaction Information and second channel client dynamic password to certificate server;

S108. certificate server receives the second channel client dynamic password sent from bank server, and according to the dynamic authentication password that self generates, after carrying out dynamic cipher verification, authentication result is returned to bank server.

Further preferably, described first passage client is Web bank's WEB client side of bank, and described second channel client is cell-phone customer terminal.

Further preferably, described method also comprises: user, before WEB client side submits transaction request to, according to bank's card number and static password, submits log on request by WEB server to bank server.

User to log in for the first time or follow-up need to carry out other accounts operation as account transfer time, often need input or read account number and static password, but because information stealth means when present network or data communication are a lot, cause the insecurity of information, so be necessary to carry out strong authentication to user profile, lawless person is avoided to steal information and carry out the illegal operation of account's property.

Further preferably, described method also comprises, and when described transaction request is multiple, second channel client concentrates selection one transaction request at the transaction record obtained from bank server.

Further preferably, described transaction request comprises transfer request, and further, described Transaction Information comprises account number, transaction journal number, dealing money or other Transaction Information except the amount of money.

User can carry out the repeatedly operation of transaction request by the WEB client side of Web bank, these transaction request comprise the information of transaction, as the transfer information of transfer request, described account transfer information may comprise the other side's account, transfer amounts, and the time of transfer request, these transaction request are kept in by bank server in the mode of transaction record collection, cell-phone customer terminal is by after the debarkation authentication of bank server, obtain this transaction record collection, and therefrom select a transaction needing to carry out, carry out the dynamic cipher verification of concluding the business.

Further preferably, described method also comprises: described bank server also sends message to first passage client or/and second channel client according to described authentication result.

Cell-phone customer terminal obtains the result of transaction dynamic cipher verification by bank server, further whether transaction is carried out, and the confirmation of transaction results, owing to adding the validation of information of the cell-phone customer terminal that user passes through, make every single stepping all by user's finding, add fail safe, and add the experience that user uses internet banking system, enhance the confidence of user to Net silver handling safety.

As shown in Figure 8, the embodiment of the present invention realizes the flow chart of money transfer transactions, describes the embodiment of the present invention in detail in figure, repeats no longer one by one here.

The above embodiment of the present invention can carry out various deformation or combination, and one of ordinary skill in the art of the present invention can know, the distortion of any above embodiment or form arbitrarily, all within protection scope of the present invention.

The above embodiment of the present invention is except passing through traditional passage, as Web bank's WEB client side carries out account login, authentication request, and transaction request and this passage of transactional operation dynamic cipher verification, also add another passage, as by the acquisition of cell-phone customer terminal to transaction request, the confirmation of Transaction Information, and Transaction Information is generated a second channel client dynamic password as the challenge factor, make the follow-up certification carrying out transactional operation according to this second channel client dynamic password at certificate server.

Therefore, dynamic password generates the information that the factor not only comprises user self, also comprises the information of the account that user's needs proceed to, as proceeded to the account number of account; Also the amount of money proceeded to can be comprised, even comprise current time information, like this, dynamic password is generated according to the above factor, carry out the certification of user profile, account transfer action is carried out after avoiding lawless person to steal authentication code, in addition, as need be repeatedly transferred accounts, then each Transaction Information all to be obtained by cell-phone customer terminal by user and confirms, and need to carry out repeatedly certification according to this Transaction Information generation dynamic password to certificate server, and just can avoid the property loss because information stealth causes like this.

Thus, diversified and complicated by related information, transaction movement is prevented to be tampered, certificate server carries out contrast verification to cell-phone customer terminal dynamic password and dynamic authentication password, further enhance fail safe during dynamic cipher verification, improve the fail safe that user uses account, enhance Consumer's Experience.

Compared with prior art, the embodiment of the present invention realizes the dynamic cipher authentication method of Secure Transaction by increasing another passage on the existing basis being realized dynamic password generation and certification by a passage based on binary channels, as the link by cell-phone customer terminal, and make user confirm Transaction Information by cell-phone customer terminal, dynamic password is generated according to Transaction Information, make user can carry out Net silver operation time, the Transaction Information of oneself can be verified, and adopt this Transaction Information as the challenge factor, generate dynamic authentication password, certification is carried out to certificate server, thus user is when carrying out account and operating, the visible confirmation carrying out Transaction Information, increase transaction security, and it is diversified and complicated by related information, transaction movement is prevented to be tampered, certificate server carries out contrast verification to second channel client dynamic password and dynamic authentication password, further enhance fail safe during dynamic cipher verification, improve the fail safe that user uses account, and take full advantage of the function of mobile phone itself, enhance Consumer's Experience.

One of ordinary skill in the art of the present invention are appreciated that; the above embodiment of the present invention is only one of the preferred embodiments of the present invention; above embodiment can make combination in any; for length restriction; here can not all execution modes of particularize; any execution mode that can embody the claims in the present invention technical scheme in the present invention, all in protection scope of the present invention.

It should be noted that; above content is in conjunction with concrete execution mode further description made for the present invention; can not assert that the specific embodiment of the present invention is only limitted to this; under above-mentioned guidance of the present invention; those skilled in the art can carry out various improvement and distortion on the basis of above-described embodiment, and these improve or distortion drops in protection scope of the present invention.

Claims (13)

1. based on a twin-channel dynamic cipher authentication system, it is characterized in that, described system comprises:
First passage client, is used for receiving the transaction request of user, and is cached in bank server;
Second channel client, be used for submitting to the log on request of user to bank server, and after passing through Sign-On authentication, the Transaction Information of described transaction request is obtained to bank server, after the confirmation carrying out described Transaction Information, adopt dynamic token that Transaction Information is generated one group of second channel client dynamic password as the challenge factor according to the standard time that described Transaction Information and time of disclosure source server obtain, described second channel client dynamic password and Transaction Information are sent to bank server;
Bank server, is used for verifying from the log on request of described second channel client, and according to the second channel client dynamic password received, and obtains and sends described Transaction Information and second channel client dynamic password to certificate server;
Certificate server, is used for receiving the second channel client dynamic password sent from bank server, and according to the dynamic authentication password that self generates, after carrying out dynamic cipher verification, authentication result is returned to bank server;
Described first passage client is the WEB client side of Web bank of bank, and described second channel client is cell-phone customer terminal.
2. system according to claim 1, is characterized in that, described bank server is also submitted to before transaction request in first passage client for authentication of users, according to bank's card number and static password, carries out log on request.
3. system according to claim 2, is characterized in that, described second channel client specifically comprises:
Encryption/decryption module, is used for using enciphering and deciphering algorithm to carry out encryption and decryption operation to needing the information stored;
Trade confirmation module, is used for obtaining and confirms that the Transaction Information the transaction request obtained from bank server confirms process to complete Transaction Information;
Challenge formula dynamic password module, is used for the standard time obtained according to the Transaction Information in described transaction request and time of disclosure source server, generating second channel client dynamic password;
Secure communication module, is used for and between bank server, two-way handshake confirms respective identity, sets up encrypted link, and in link communication process, carries out encryption and decryption to transmission of information.
4. system according to claim 3, is characterized in that, described second channel client trade confirmation module is also used for, when described transaction request is multiple, concentrating selection one transaction request in trade confirmation module from the transaction record that bank server obtains.
5. system according to claim 1, is characterized in that, described bank service implement body comprises:
Receiver module, is used for receiving transaction request, the second channel client dynamic password sent from first passage client, or from log on request, the second channel client dynamic password of second channel client, or from the authentication result that certificate server is sent;
Sign-On authentication module, is used for the log on request that authentication of users sends from first passage client or second channel client;
Cache module, is used for transaction request described in buffer memory;
Sending module, is used for sending described second channel client dynamic password and Transaction Information to described certificate server.
6. system according to claim 5, is characterized in that, described sending module is also used for sending message to first passage client and/or second channel client according to described authentication result.
7. system according to claim 1, is characterized in that, described authentication service implement body comprises:
Receiver module, is used for receiving the described second channel client dynamic password and Transaction Information sent from bank server;
Dynamic password generation modules, is used for the basis dynamic password generating algorithm identical with second channel client, generates dynamic authentication password;
Authentication module, is used for, according to the dynamic authentication password of self generation, after carrying out dynamic password comparison, authentication result being returned to bank server.
8. the system according to claim 1 to 7 any one, is characterized in that, described transaction request comprises transfer request, and described Transaction Information comprises account number, transaction journal number, dealing money or other Transaction Information except the amount of money.
9. based on a twin-channel dynamic cipher authentication method, it is characterized in that, described method comprises:
Receive the transaction request that user sends from first passage client, and be cached in bank server;
Second channel client and bank server two-way handshake certification, and set up SSL link;
Second channel client submits to the log on request of user to bank server;
Bank server checking is from the log on request of described second channel client;
Second channel client, by after debarkation authentication, obtains the Transaction Information of described transaction request, and carries out the confirmation of described Transaction Information to bank server;
Second channel client adopts dynamic token to generate cell-phone customer terminal dynamic password according to the standard time that described Transaction Information and time of disclosure source server obtain, and described second channel client dynamic password and Transaction Information are sent to bank server;
Bank server, according to the second channel client dynamic password received, obtains and sends described Transaction Information and second channel client dynamic password to certificate server;
Certificate server receives the second channel client dynamic password sent from bank server, and according to the dynamic authentication password that self generates, after carrying out dynamic cipher verification, authentication result is returned to bank server;
Described first passage client is Web bank's WEB client side of bank, and described second channel client is cell-phone customer terminal.
10. the method according to claim request 9, is characterized in that, described method also comprises: user, before the first client submits transaction request to, according to bank's card number and static password, submits log on request to bank server.
11. methods according to claim request 10, it is characterized in that, described method also comprises, and when described transaction request is multiple, second channel client concentrates selection one transaction request at the transaction record obtained from bank server.
12. methods according to claim request 11, it is characterized in that, described method also comprises: described bank server also sends message to first passage client and/or second channel client according to described authentication result.
13. methods according to claim request 9 to 12 any one, it is characterized in that, described transaction request comprises transfer request, and further, described Transaction Information comprises account number, transaction journal number, dealing money or other Transaction Information except the amount of money.
CN201110158810.6A 2011-06-14 2011-06-14 A kind of based on twin-channel dynamic cipher authentication system and method CN102202300B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110158810.6A CN102202300B (en) 2011-06-14 2011-06-14 A kind of based on twin-channel dynamic cipher authentication system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110158810.6A CN102202300B (en) 2011-06-14 2011-06-14 A kind of based on twin-channel dynamic cipher authentication system and method

Publications (2)

Publication Number Publication Date
CN102202300A CN102202300A (en) 2011-09-28
CN102202300B true CN102202300B (en) 2016-01-20

Family

ID=44662618

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110158810.6A CN102202300B (en) 2011-06-14 2011-06-14 A kind of based on twin-channel dynamic cipher authentication system and method

Country Status (1)

Country Link
CN (1) CN102202300B (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103124252B (en) * 2011-11-18 2016-08-03 华为软件技术有限公司 Client application access authentication treating method and apparatus
CN103136881B (en) * 2011-11-22 2016-06-22 中国银联股份有限公司 Method of payment and payment system
CN102664736A (en) * 2012-04-13 2012-09-12 天地融科技股份有限公司 Electronic cipher generating method, device and equipment and electronic cipher authentication system
CN102982453A (en) * 2012-11-09 2013-03-20 江苏乐买到网络科技有限公司 Internet trading method utilizing dynamic key technology
CN103139210B (en) * 2013-02-06 2016-09-14 平安银行股份有限公司 A kind of safety certifying method
CN103491090A (en) * 2013-09-23 2014-01-01 金蝶软件(中国)有限公司 Safety authentication method, device and system
CN104077690A (en) * 2014-06-24 2014-10-01 北京安讯奔科技有限责任公司 One-time password generation method and device, authentication method and authentication system
JP6460679B2 (en) * 2014-08-13 2019-01-30 株式会社野村総合研究所 Authentication system, authentication method, and authentication program
JP6454493B2 (en) * 2014-08-13 2019-01-16 株式会社野村総合研究所 Authentication system, authentication method, and authentication program
CN104156859B (en) * 2014-08-28 2018-09-04 上海众人网络安全技术有限公司 A kind of internet trading system and method based on dynamic password
EP3013014A1 (en) * 2014-10-21 2016-04-27 Gemalto Sa Method for accessing a service, corresponding first device, second device and system
JP6322549B2 (en) * 2014-10-28 2018-05-09 株式会社野村総合研究所 Authentication system, authentication method, and authentication program
CN104320422A (en) * 2014-11-18 2015-01-28 中国建设银行股份有限公司 Password management method, related device and system
CA2982865A1 (en) * 2015-04-17 2016-10-20 Forticode Limited Method and system for transaction security
CN106327194A (en) * 2016-08-24 2017-01-11 北京信安世纪科技有限公司 Password generation method and electronic equipment
CN106506143B (en) * 2016-09-27 2019-10-22 天地融科技股份有限公司 A kind of dynamic cipher generating method and device
WO2018108062A1 (en) * 2016-12-15 2018-06-21 腾讯科技(深圳)有限公司 Method and device for identity verification, and storage medium
CN107454111A (en) * 2017-09-29 2017-12-08 南京中高知识产权股份有限公司 Safety certificate equipment and its method of work
CN107707359A (en) * 2017-11-09 2018-02-16 上海众人网络安全技术有限公司 The method of calibration and device of a kind of electronic cipher device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222333A (en) * 2007-12-24 2008-07-16 北京握奇数据系统有限公司 Data transaction processing method and apparatus
CN101651675A (en) * 2009-08-27 2010-02-17 北京飞天诚信科技有限公司 Method and system for enhancing security of network transactions
CN101901306A (en) * 2009-06-01 2010-12-01 北京焜安信息技术有限公司 Network transaction encryption method and dynamic password equipment used by same

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200937928A (en) * 2008-02-20 2009-09-01 Tatung Co Method for generating one-time-password
CN101577917A (en) * 2009-06-16 2009-11-11 深圳市星龙基电子技术有限公司 Safe dynamic password authentication method based on mobile phone

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222333A (en) * 2007-12-24 2008-07-16 北京握奇数据系统有限公司 Data transaction processing method and apparatus
CN101901306A (en) * 2009-06-01 2010-12-01 北京焜安信息技术有限公司 Network transaction encryption method and dynamic password equipment used by same
CN101651675A (en) * 2009-08-27 2010-02-17 北京飞天诚信科技有限公司 Method and system for enhancing security of network transactions

Also Published As

Publication number Publication date
CN102202300A (en) 2011-09-28

Similar Documents

Publication Publication Date Title
US10043186B2 (en) Secure authentication system and method
RU2648944C2 (en) Methods, devices, and systems for secure provisioning, transmission and authentication of payment data
US20170249633A1 (en) One-Time Use Password Systems And Methods
US9904919B2 (en) Verification of portable consumer devices
AU2013272182B2 (en) Enterprise triggered 2CHK association
US9280765B2 (en) Multiple tokenization for authentication
AU2013272184B2 (en) Enhanced 2CHK authentication security with query transactions
CA2748481C (en) System and method for initiating transactions on a mobile device
RU2638741C2 (en) Method and user authentication system through mobile device with usage of certificates
CN103259667B (en) The method and system of eID authentication on mobile terminal
US9864983B2 (en) Payment method, payment server performing the same and payment system performing the same
US9112842B1 (en) Secure authentication and transaction system and method
Tiwari et al. A multi-factor security protocol for wireless payment-secure web authentication using mobile devices
CN102737311B (en) Internet bank security authentication method and system
AU2010315111B2 (en) Verification of portable consumer devices for 3-D secure services
US8407463B2 (en) Method of authentication of users in data processing systems
CA2760938C (en) Verification of portable consumer devices
US7606560B2 (en) Authentication services using mobile device
US7003497B2 (en) System and method for confirming electronic transactions
US20130226813A1 (en) Cyberspace Identification Trust Authority (CITA) System and Method
US20150135279A1 (en) Personal identity control
JP5601729B2 (en) How to log into a mobile radio network
CN103714458B (en) Mobile terminal transaction encryption method based on Quick Response Code
CA2701055C (en) Method of providing assured transactions using secure transaction appliance and watermark verification
CN102880960B (en) Based on the payment by using short messages method and system of fingerprint recognition mobile phone

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant