CN102202300B - A kind of based on twin-channel dynamic cipher authentication system and method - Google Patents
A kind of based on twin-channel dynamic cipher authentication system and method Download PDFInfo
- Publication number
- CN102202300B CN102202300B CN201110158810.6A CN201110158810A CN102202300B CN 102202300 B CN102202300 B CN 102202300B CN 201110158810 A CN201110158810 A CN 201110158810A CN 102202300 B CN102202300 B CN 102202300B
- Authority
- CN
- China
- Prior art keywords
- client
- transaction
- request
- dynamic
- channel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a kind of based on twin-channel dynamic cipher authentication system and method, for areas of information technology, be stolen carry out the problem of illegal utilization to solve accounts information, it by increasing another passage on the existing basis being realized dynamic password generation and certification by a passage, as the link by user mobile phone client, by using dynamic token, user is made to confirm Transaction Information by second channel client, and according to Transaction Information challenge code, and generate dynamic password according to described challenge code, make user can carry out Net silver operation time, the Transaction Information of oneself can be verified, and adopt this Transaction Information as the challenge factor, generate dynamic authentication password, certification is carried out to certificate server, realize Secure Transaction.The embodiment of the present invention is diversified and complicated by related information, and cell-phone customer terminal challenge token, make user when carrying out logging in or account operates, prevent from transaction movement from being held to change, further enhance fail safe during dynamic cipher verification, improve the fail safe that user uses account, enhance Consumer's Experience.
Description
Technical field
The present invention relates to a kind of areas of information technology, particularly relate to a kind of based on twin-channel dynamic cipher authentication system and method.
Background technology
Along with the development in application of IC cards field, the requirement of user to the application function of smart card is also more and more higher, wishes that smart card can provide increasing application function, to meet people's fail safe in use, convenience and diversified demand.But the networked realization information sharing of information application system and while applying extensively and profoundly, also the problem of Information Security is brought, if there is no enough safety guarantee, information stores on public communication network, share and transmission just likely can by illegal wiretapping, intercept, distort or damage, the development of information technology makes information security issue also be more and more people's concern.
In information network, the most common and simple access control method is the authenticity by confirming user identity to the coupling of static password.But traditional static password exists a lot of defect, such as, password is easily guessed by people or is obtained by approach such as communication engineering sciences, is easily spied on by people during input password.Therefore have and adopt the method for disposal password control static password to be stolen and the situation that causes account to be lost, but though disposal password is strongr than reusable static password, but still there is the weakness be utilized in them, and disposal password is still single factor test certification, instead of powerful user authentication.
A kind of way solving static password fail safe uses dynamic password (One-timePassword-OTP), and it refers to that the password of user is according to time or the continuous dynamic change of access times, and each password only uses once.Dynamic password adopts a kind of specialized hardware being referred to as dynamic password, built-in power, password generating chip and display screen.Password generating chip runs special cryptographic algorithm, generates current password and show on a display screen according to current time or access times.Certificate server adopts identical algorithm to calculate current valid password.Because the password used must be produced by dynamic token at every turn, only have validated user to hold this hardware, as long as so password authentification is passed through, system just can think that the identity of this user is reliable.And the password that user uses is all different at every turn, even if hacker has intercepted and captured a password, the counterfeit validated user identity of this password also cannot be utilized.
Dynamic cipher verification carries out the fail safe of account information access and other operations to a certain degree strengthening user, but still cannot ensure when there is information stealth.Some such as present fishing websites, it is by introducing illegal website by user, the user interface closely similar with regular Web bank website is provided, lure that user just have input the accounts information of user oneself when vigilant not into, as user name password even dynamic authentication password, fishing website arrives regular Net silver website immediately and logs in after obtaining this information, then carry out the operation of Web bank, as transferred accounts or Net silver consumption, cause very large loss to user.
In addition, because the fast development of ecommerce and government utility are to the support paid by mails, various shopping online, group buying websites, government utility payment platform emerges in an endless stream, and along with the development of Third-party payment platform, the agility that online account transfer and shopping pay attracts people to carry out online payment more and more frequently, use internet banking system, user is just more and more subject to the care of banking system and user in the fail safe carrying out Net silver account operation, therefore, the security certification system releasing a kind of strong bank account is just extremely urgent, thus make the use Web bank that user can be relieved.
Summary of the invention
The object of the embodiment of the present invention is the defect existed for present situation and the prior art of information stealth, there is provided a kind of based on twin-channel dynamic cipher authentication system and method, it is by carrying out on the basis of dynamic cipher verification at existing Practical Intelligent card token to certificate server, dynamic token is used in user mobile phone client, make user when transaction request is carried out at Net silver interface, carry out Transaction Information by cell-phone customer terminal to confirm and dynamic password generation, carry out the twin-channel confirmation of Transaction Information and checking, finally arrive certificate server and carry out dynamic cipher verification, realize Secure Transaction.
In order to reach foregoing invention object, the embodiment of the present invention proposes a kind of based on twin-channel dynamic cipher authentication system, and described system is realized by following technical scheme:
A kind of based on twin-channel dynamic cipher authentication system, described system comprises:
First passage client, is used for receiving the transaction request of user, and is cached in bank server;
Second channel client, be used for submitting to the log on request of user to bank server, and after passing through Sign-On authentication, the Transaction Information of described transaction request is obtained to bank server, after the confirmation carrying out described Transaction Information, generate one group of second channel client dynamic password according to the standard time that described Transaction Information and time of disclosure source server obtain, described second channel client dynamic password and Transaction Information are sent to bank server;
Bank server, is used for verifying from the log on request of described second channel client, and according to the second channel client dynamic password received, and obtains and sends described Transaction Information and second channel client dynamic password to certificate server;
Certificate server, is used for receiving the second channel client dynamic password sent from bank server, and according to the dynamic authentication password that self generates, after carrying out dynamic cipher verification, authentication result is returned to bank server.
In order to realize aforementioned invention object, the embodiment of the present invention also proposed a kind of based on twin-channel dynamic cipher authentication method, and described method is achieved through the following technical solutions:
A kind of based on twin-channel dynamic cipher authentication method, described method comprises:
Receive the transaction request that user sends from first passage client, and be cached in bank server;
Second channel client and bank server two-way handshake certification, and set up SSL link;
Second channel client submits to the log on request of user to bank server;
Bank server checking is from the log on request of described second channel client;
Second channel client, by after debarkation authentication, obtains the Transaction Information of described transaction request, and carries out the confirmation of described Transaction Information to bank server;
The standard time that second channel client obtains according to described Transaction Information and time of disclosure source server generates cell-phone customer terminal dynamic password, and described second channel client dynamic password and Transaction Information are sent to bank server;
Bank server, according to the second channel client dynamic password received, obtains and sends described Transaction Information and second channel client dynamic password to certificate server;
Certificate server receives the second channel client dynamic password sent from bank server, and according to the dynamic authentication password that self generates, after carrying out dynamic cipher verification, authentication result is returned to bank server.
Compared with prior art, the embodiment of the present invention based on binary channels realize the dynamic cipher authentication system of Secure Transaction and method by existing to be realized by a passage dynamic password generate and certification basis on increase another passage, as the link that cell-phone customer terminal is set up, adopt dynamic token, user is made to confirm Transaction Information, and generate dynamic password according to Transaction Information, make user can carry out Net silver operation time, the Transaction Information of oneself can be verified, and adopt this Transaction Information as the challenge factor, generate dynamic authentication password, certification is carried out to certificate server, thus user is when carrying out account and operating, the visible confirmation carrying out Transaction Information, increase transaction security, and it is diversified and complicated by related information, transaction movement is prevented to be tampered, certificate server carries out contrast verification to second channel client dynamic password and dynamic authentication password, further enhance fail safe during dynamic cipher verification, improve the fail safe that user uses account, and take full advantage of the function of mobile phone itself, enhance Consumer's Experience.
Accompanying drawing explanation
By the description carried out its exemplary embodiment below in conjunction with accompanying drawing, the above-mentioned feature and advantage of the present invention will become apparent and easy understand.
Fig. 1 is the composition schematic diagram of the embodiment of the present invention 1 one kinds based on twin-channel dynamic cipher authentication system;
Fig. 2 is the information exchange configuration diagram of the embodiment of the present invention 2 one kinds based on twin-channel dynamic cipher authentication system;
Fig. 3 is that the embodiment of the present invention 3 binary channels is concluded the business when the second client is cell-phone customer terminal, the confirmation flow process of cell-phone customer terminal;
Fig. 4 is the composition schematic diagram of the embodiment of the present invention 4 another kind based on twin-channel dynamic cipher authentication system;
Fig. 5 is the composition schematic diagram of the embodiment of the present invention 5 another kind based on twin-channel dynamic cipher authentication system;
Fig. 6 is the composition schematic diagram of the embodiment of the present invention 6 another kind based on twin-channel dynamic cipher authentication system;
Fig. 7 is the embodiment of the present invention 7 one kinds of flow charts based on twin-channel dynamic cipher authentication method;
Fig. 8 is the information flow chart that the embodiment of the present invention 8 realizes money transfer transactions.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in further detail.
As shown in Figure 1, for the embodiment of the present invention 1 one kinds is based on twin-channel dynamic cipher authentication system, described system comprises:
First passage client, is used for receiving the transaction request of user, and is cached in bank server;
Second channel client, be used for submitting to the log on request of user to bank server, and after passing through Sign-On authentication, the Transaction Information of described transaction request is obtained to bank server, after the confirmation carrying out described Transaction Information, generate one group of second channel client dynamic password according to the standard time that described Transaction Information and time of disclosure source server obtain, described second channel client dynamic password and Transaction Information are sent to bank server;
Bank server, is used for verifying from the log on request of described second channel client, and according to the second channel client dynamic password received, and obtains and sends described Transaction Information and second channel client dynamic password to certificate server;
Certificate server, is used for receiving the second channel client dynamic password sent from bank server, and according to the dynamic authentication password that self generates, after carrying out dynamic cipher verification, authentication result is returned to bank server.
Further preferably, described bank server is also submitted to before transaction request in first passage client for authentication of users, according to bank's card number and static password, carries out log on request.
As shown in Figure 2, the embodiment of the present invention 2 is that a kind of information exchange framework based on twin-channel dynamic cipher authentication system is illustrated, with first passage client for WEB client side, second client is cell-phone customer terminal is example, bank server in figure, the connected mode of WEB client side and server, cell-phone customer terminal and certificate server, method for interchanging data are as described below.
User to log in for the first time or follow-up need to carry out other accounts operation as account transfer time, often need input or read account number and static password, but because information stealth means when present network or data communication are a lot, cause the insecurity of information, so be necessary to carry out strong authentication to user profile, lawless person is avoided to steal information and carry out the illegal operation of account's property.
The embodiment of the present invention 2 is except carrying out account login, authentication request by traditional Web bank's WEB client side, and transaction request and this passage of transactional operation dynamic cipher verification, also add second channel client as the acquisition of cell-phone customer terminal to transaction request, the confirmation of Transaction Information, and Transaction Information is generated a cell-phone customer terminal dynamic password as the challenge factor, make the follow-up certification carrying out transactional operation according to this cell-phone customer terminal dynamic password at certificate server.
Therefore, dynamic password generates the information that the factor not only comprises user self, also comprises the information of the account that user's needs proceed to, as proceeded to the account number of account; Also the amount of money proceeded to can be comprised, even comprise temporal information, like this, challenge code is generated according to the above factor, and finally generate dynamic password, carry out the certification of customer transaction information, account transfer action is carried out after avoiding lawless person to steal authentication code, in addition, as need be repeatedly transferred accounts, then each Transaction Information all to be obtained by cell-phone customer terminal by user and confirms, and needs to generate dynamic password according to this Transaction Information and carry out repeatedly certification to certificate server, and such property loss just can avoided because information stealth causes.
Be illustrated in figure 3 the embodiment of the present invention 3 binary channels trade confirmation cell-phone customer terminal flow process.
When user starts cell-phone customer terminal, if first time starts this client, then create PIN code and repeat input validation; Start client if not first time, then directly input PIN identifying code and verify, if failure, return error message and point out retry; If success, then carry out verification process: judge whether to bind card number, if do not bound, user is then pointed out to input card number, password and identification card number, phone number can also be attached verify, if bind card number, then directly input card number and password log in, can also using phone number as check code.
After above debarkation authentication success, then show trade confirmation list to user, and demonstrate detailed Transaction Information, whether user is by second channel client, as correct in cell-phone customer terminal confirmation Transaction Information, if mistake, then carry out error handle, if Transaction Information is correct, then capture the time from time of disclosure source server, generate challenge code union according to Transaction Information and generate dynamic password; After generating dynamic password, user can manually input this mobile phone dynamic password in bank net website, also this dynamic password directly can be submitted to compare to bank server by cell-phone customer terminal backstage, by bank server, second channel client dynamic password is sent to certificate server, after certificate server return authentication result, trade confirmation completes.
Thus, diversified and complicated by related information, transaction movement is prevented to be tampered, certificate server carries out contrast verification to second channel client dynamic password and dynamic authentication password, further enhance fail safe during dynamic cipher verification, improve the fail safe that user uses account, enhance Consumer's Experience.
Further preferably, as shown in Figure 4, described second channel client specifically comprises:
Encryption/decryption module, is used for using enciphering and deciphering algorithm to carry out encryption and decryption operation to needing the information stored;
Trade confirmation module, is used for obtaining and confirms that the Transaction Information the transaction request obtained from bank server confirms process to complete Transaction Information;
Challenge formula dynamic password module, is used for the standard time obtained according to the Transaction Information in described transaction request and time of disclosure source server, generating second channel client dynamic password;
Secure communication module, is used for and between bank server, two-way handshake confirms respective identity, sets up encrypted link, and in link communication process, carries out encryption and decryption to transmission of information.
Further preferably, as shown in Figure 4, further preferably, described second channel client trade confirmation module is also used for, when described transaction request is multiple, concentrating selection one transaction request in trade confirmation module from the transaction record that bank server obtains.
Further preferably, described transaction request comprises transfer request, and further, described Transaction Information comprises account number, transaction journal number, dealing money or other Transaction Information except the amount of money.
User can carry out the repeatedly operation of transaction request by the WEB client side of Web bank, these transaction request comprise the information of transaction, as the transfer information of transfer request, described account transfer information may comprise the other side's account, transfer amounts, and the standard time that time of disclosure source server obtains, these transaction request are kept in by bank server in the mode of transaction record collection, cell-phone customer terminal is by after the debarkation authentication of bank server, obtain this transaction record collection, and therefrom select a transaction needing to carry out, carry out the dynamic cipher verification of concluding the business, add the fail safe of transaction, realize Secure Transaction.
Further preferably, as shown in Figure 5, described bank service implement body comprises:
Receiver module, is used for receiving transaction request, the second channel client dynamic password sent from first passage client, or from log on request, the second channel client dynamic password of second channel client, or from the authentication result that certificate server is sent;
Sign-On authentication module, is used for the log on request that authentication of users sends from first passage client or second channel client;
Cache module, is used for transaction request described in buffer memory;
Sending module, is used for sending described second channel client dynamic password and Transaction Information to described certificate server.
Further preferably, described sending module is also used for sending message to first passage client and/or second channel client according to described authentication result.
Second channel client obtains the result of transaction dynamic cipher verification by bank server, further whether transaction is carried out, and the confirmation of transaction results, owing to adding the validation of information of the cell-phone customer terminal that user passes through, make every single stepping all by user's finding, add fail safe, and add the experience that user uses internet banking system, enhance the confidence of user to Net silver handling safety.
Further preferably, as shown in Figure 6, described authentication service implement body comprises:
Receiver module, is used for receiving the described second channel client dynamic password and Transaction Information sent from bank server;
Dynamic password generation modules, is used for the basis dynamic password generating algorithm identical with second channel client, generates dynamic authentication password;
Authentication module, is used for, according to the dynamic authentication password of self generation, after carrying out dynamic password comparison, authentication result being returned to bank server.
Further preferably, described cell-phone customer terminal is undertaken being connected communication by SSL link with bank server.
The above embodiment of the present invention can carry out various deformation or combination, and one of ordinary skill in the art of the present invention can know, the distortion of any above embodiment or form arbitrarily, all within protection scope of the present invention.
Compared with prior art, the embodiment of the present invention realizes the dynamic cipher authentication system of Secure Transaction by increasing the link of another passage as user mobile phone client on the existing basis being realized dynamic password generation and certification by a passage based on binary channels, and make user confirm Transaction Information by cell-phone customer terminal, dynamic password is generated according to Transaction Information, make user can carry out Net silver operation time, the Transaction Information of oneself can be verified, and adopt this Transaction Information as the challenge factor, generate dynamic authentication password, certification is carried out to certificate server, thus user is when carrying out account and operating, the visible confirmation carrying out Transaction Information, increase transaction security, and it is diversified and complicated by related information, transaction movement is prevented to be tampered, certificate server carries out contrast verification to cell-phone customer terminal dynamic password and dynamic authentication password, further enhance fail safe during dynamic cipher verification, improve the fail safe that user uses account, and take full advantage of the function of mobile phone itself, enhance Consumer's Experience.
As shown in Figure 7, in order to realize aforementioned invention object, the embodiment of the present invention also proposed a kind of based on twin-channel dynamic cipher authentication method, and described method is achieved through the following technical solutions:
A kind of based on twin-channel dynamic cipher authentication method, said method comprising the steps of:
S101. receive the transaction request that user sends from first passage client, and be cached in bank server;
S102. second channel client and bank server two-way handshake certification, and set up SSL link;
S103. second channel client submits to the log on request of user to bank server;
S104. bank server checking is from the log on request of described second channel client;
S105. second channel client is by after debarkation authentication, obtains the Transaction Information of described transaction request, and carry out the confirmation of described Transaction Information to bank server;
S106. the standard time that second channel client obtains according to described Transaction Information and time of disclosure source server generates cell-phone customer terminal dynamic password, and described second channel client dynamic password and Transaction Information are sent to bank server;
S107. bank server is according to the second channel client dynamic password received, and obtains and sends described Transaction Information and second channel client dynamic password to certificate server;
S108. certificate server receives the second channel client dynamic password sent from bank server, and according to the dynamic authentication password that self generates, after carrying out dynamic cipher verification, authentication result is returned to bank server.
Further preferably, described first passage client is Web bank's WEB client side of bank, and described second channel client is cell-phone customer terminal.
Further preferably, described method also comprises: user, before WEB client side submits transaction request to, according to bank's card number and static password, submits log on request by WEB server to bank server.
User to log in for the first time or follow-up need to carry out other accounts operation as account transfer time, often need input or read account number and static password, but because information stealth means when present network or data communication are a lot, cause the insecurity of information, so be necessary to carry out strong authentication to user profile, lawless person is avoided to steal information and carry out the illegal operation of account's property.
Further preferably, described method also comprises, and when described transaction request is multiple, second channel client concentrates selection one transaction request at the transaction record obtained from bank server.
Further preferably, described transaction request comprises transfer request, and further, described Transaction Information comprises account number, transaction journal number, dealing money or other Transaction Information except the amount of money.
User can carry out the repeatedly operation of transaction request by the WEB client side of Web bank, these transaction request comprise the information of transaction, as the transfer information of transfer request, described account transfer information may comprise the other side's account, transfer amounts, and the time of transfer request, these transaction request are kept in by bank server in the mode of transaction record collection, cell-phone customer terminal is by after the debarkation authentication of bank server, obtain this transaction record collection, and therefrom select a transaction needing to carry out, carry out the dynamic cipher verification of concluding the business.
Further preferably, described method also comprises: described bank server also sends message to first passage client or/and second channel client according to described authentication result.
Cell-phone customer terminal obtains the result of transaction dynamic cipher verification by bank server, further whether transaction is carried out, and the confirmation of transaction results, owing to adding the validation of information of the cell-phone customer terminal that user passes through, make every single stepping all by user's finding, add fail safe, and add the experience that user uses internet banking system, enhance the confidence of user to Net silver handling safety.
As shown in Figure 8, the embodiment of the present invention realizes the flow chart of money transfer transactions, describes the embodiment of the present invention in detail in figure, repeats no longer one by one here.
The above embodiment of the present invention can carry out various deformation or combination, and one of ordinary skill in the art of the present invention can know, the distortion of any above embodiment or form arbitrarily, all within protection scope of the present invention.
The above embodiment of the present invention is except passing through traditional passage, as Web bank's WEB client side carries out account login, authentication request, and transaction request and this passage of transactional operation dynamic cipher verification, also add another passage, as by the acquisition of cell-phone customer terminal to transaction request, the confirmation of Transaction Information, and Transaction Information is generated a second channel client dynamic password as the challenge factor, make the follow-up certification carrying out transactional operation according to this second channel client dynamic password at certificate server.
Therefore, dynamic password generates the information that the factor not only comprises user self, also comprises the information of the account that user's needs proceed to, as proceeded to the account number of account; Also the amount of money proceeded to can be comprised, even comprise current time information, like this, dynamic password is generated according to the above factor, carry out the certification of user profile, account transfer action is carried out after avoiding lawless person to steal authentication code, in addition, as need be repeatedly transferred accounts, then each Transaction Information all to be obtained by cell-phone customer terminal by user and confirms, and need to carry out repeatedly certification according to this Transaction Information generation dynamic password to certificate server, and just can avoid the property loss because information stealth causes like this.
Thus, diversified and complicated by related information, transaction movement is prevented to be tampered, certificate server carries out contrast verification to cell-phone customer terminal dynamic password and dynamic authentication password, further enhance fail safe during dynamic cipher verification, improve the fail safe that user uses account, enhance Consumer's Experience.
Compared with prior art, the embodiment of the present invention realizes the dynamic cipher authentication method of Secure Transaction by increasing another passage on the existing basis being realized dynamic password generation and certification by a passage based on binary channels, as the link by cell-phone customer terminal, and make user confirm Transaction Information by cell-phone customer terminal, dynamic password is generated according to Transaction Information, make user can carry out Net silver operation time, the Transaction Information of oneself can be verified, and adopt this Transaction Information as the challenge factor, generate dynamic authentication password, certification is carried out to certificate server, thus user is when carrying out account and operating, the visible confirmation carrying out Transaction Information, increase transaction security, and it is diversified and complicated by related information, transaction movement is prevented to be tampered, certificate server carries out contrast verification to second channel client dynamic password and dynamic authentication password, further enhance fail safe during dynamic cipher verification, improve the fail safe that user uses account, and take full advantage of the function of mobile phone itself, enhance Consumer's Experience.
One of ordinary skill in the art of the present invention are appreciated that; the above embodiment of the present invention is only one of the preferred embodiments of the present invention; above embodiment can make combination in any; for length restriction; here can not all execution modes of particularize; any execution mode that can embody the claims in the present invention technical scheme in the present invention, all in protection scope of the present invention.
It should be noted that; above content is in conjunction with concrete execution mode further description made for the present invention; can not assert that the specific embodiment of the present invention is only limitted to this; under above-mentioned guidance of the present invention; those skilled in the art can carry out various improvement and distortion on the basis of above-described embodiment, and these improve or distortion drops in protection scope of the present invention.
Claims (13)
1. based on a twin-channel dynamic cipher authentication system, it is characterized in that, described system comprises:
First passage client, is used for receiving the transaction request of user, and is cached in bank server;
Second channel client, be used for submitting to the log on request of user to bank server, and after passing through Sign-On authentication, the Transaction Information of described transaction request is obtained to bank server, after the confirmation carrying out described Transaction Information, adopt dynamic token that Transaction Information is generated one group of second channel client dynamic password as the challenge factor according to the standard time that described Transaction Information and time of disclosure source server obtain, described second channel client dynamic password and Transaction Information are sent to bank server;
Bank server, is used for verifying from the log on request of described second channel client, and according to the second channel client dynamic password received, and obtains and sends described Transaction Information and second channel client dynamic password to certificate server;
Certificate server, is used for receiving the second channel client dynamic password sent from bank server, and according to the dynamic authentication password that self generates, after carrying out dynamic cipher verification, authentication result is returned to bank server;
Described first passage client is the WEB client side of Web bank of bank, and described second channel client is cell-phone customer terminal.
2. system according to claim 1, is characterized in that, described bank server is also submitted to before transaction request in first passage client for authentication of users, according to bank's card number and static password, carries out log on request.
3. system according to claim 2, is characterized in that, described second channel client specifically comprises:
Encryption/decryption module, is used for using enciphering and deciphering algorithm to carry out encryption and decryption operation to needing the information stored;
Trade confirmation module, is used for obtaining and confirms that the Transaction Information the transaction request obtained from bank server confirms process to complete Transaction Information;
Challenge formula dynamic password module, is used for the standard time obtained according to the Transaction Information in described transaction request and time of disclosure source server, generating second channel client dynamic password;
Secure communication module, is used for and between bank server, two-way handshake confirms respective identity, sets up encrypted link, and in link communication process, carries out encryption and decryption to transmission of information.
4. system according to claim 3, is characterized in that, described second channel client trade confirmation module is also used for, when described transaction request is multiple, concentrating selection one transaction request in trade confirmation module from the transaction record that bank server obtains.
5. system according to claim 1, is characterized in that, described bank service implement body comprises:
Receiver module, is used for receiving transaction request, the second channel client dynamic password sent from first passage client, or from log on request, the second channel client dynamic password of second channel client, or from the authentication result that certificate server is sent;
Sign-On authentication module, is used for the log on request that authentication of users sends from first passage client or second channel client;
Cache module, is used for transaction request described in buffer memory;
Sending module, is used for sending described second channel client dynamic password and Transaction Information to described certificate server.
6. system according to claim 5, is characterized in that, described sending module is also used for sending message to first passage client and/or second channel client according to described authentication result.
7. system according to claim 1, is characterized in that, described authentication service implement body comprises:
Receiver module, is used for receiving the described second channel client dynamic password and Transaction Information sent from bank server;
Dynamic password generation modules, is used for the basis dynamic password generating algorithm identical with second channel client, generates dynamic authentication password;
Authentication module, is used for, according to the dynamic authentication password of self generation, after carrying out dynamic password comparison, authentication result being returned to bank server.
8. the system according to claim 1 to 7 any one, is characterized in that, described transaction request comprises transfer request, and described Transaction Information comprises account number, transaction journal number, dealing money or other Transaction Information except the amount of money.
9. based on a twin-channel dynamic cipher authentication method, it is characterized in that, described method comprises:
Receive the transaction request that user sends from first passage client, and be cached in bank server;
Second channel client and bank server two-way handshake certification, and set up SSL link;
Second channel client submits to the log on request of user to bank server;
Bank server checking is from the log on request of described second channel client;
Second channel client, by after debarkation authentication, obtains the Transaction Information of described transaction request, and carries out the confirmation of described Transaction Information to bank server;
Second channel client adopts dynamic token to generate cell-phone customer terminal dynamic password according to the standard time that described Transaction Information and time of disclosure source server obtain, and described second channel client dynamic password and Transaction Information are sent to bank server;
Bank server, according to the second channel client dynamic password received, obtains and sends described Transaction Information and second channel client dynamic password to certificate server;
Certificate server receives the second channel client dynamic password sent from bank server, and according to the dynamic authentication password that self generates, after carrying out dynamic cipher verification, authentication result is returned to bank server;
Described first passage client is Web bank's WEB client side of bank, and described second channel client is cell-phone customer terminal.
10. the method according to claim request 9, is characterized in that, described method also comprises: user, before the first client submits transaction request to, according to bank's card number and static password, submits log on request to bank server.
11. methods according to claim request 10, it is characterized in that, described method also comprises, and when described transaction request is multiple, second channel client concentrates selection one transaction request at the transaction record obtained from bank server.
12. methods according to claim request 11, it is characterized in that, described method also comprises: described bank server also sends message to first passage client and/or second channel client according to described authentication result.
13. methods according to claim request 9 to 12 any one, it is characterized in that, described transaction request comprises transfer request, and further, described Transaction Information comprises account number, transaction journal number, dealing money or other Transaction Information except the amount of money.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110158810.6A CN102202300B (en) | 2011-06-14 | 2011-06-14 | A kind of based on twin-channel dynamic cipher authentication system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110158810.6A CN102202300B (en) | 2011-06-14 | 2011-06-14 | A kind of based on twin-channel dynamic cipher authentication system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102202300A CN102202300A (en) | 2011-09-28 |
| CN102202300B true CN102202300B (en) | 2016-01-20 |
Family
ID=44662618
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110158810.6A Active CN102202300B (en) | 2011-06-14 | 2011-06-14 | A kind of based on twin-channel dynamic cipher authentication system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102202300B (en) |
Families Citing this family (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103124252B (en) * | 2011-11-18 | 2016-08-03 | 华为软件技术有限公司 | Client application access authentication treating method and apparatus |
| CN103136881B (en) * | 2011-11-22 | 2016-06-22 | 中国银联股份有限公司 | Method of payment and payment system |
| CN102664736A (en) * | 2012-04-13 | 2012-09-12 | 天地融科技股份有限公司 | Electronic cipher generating method, device and equipment and electronic cipher authentication system |
| CN102982453A (en) * | 2012-11-09 | 2013-03-20 | 江苏乐买到网络科技有限公司 | Internet trading method utilizing dynamic key technology |
| CN103139210B (en) * | 2013-02-06 | 2016-09-14 | 平安银行股份有限公司 | A kind of safety certifying method |
| CN103491090A (en) * | 2013-09-23 | 2014-01-01 | 金蝶软件(中国)有限公司 | Safety authentication method, device and system |
| CN104077690B (en) * | 2014-06-24 | 2020-08-28 | 北京安讯奔科技有限责任公司 | Method and device for generating one-time password, authentication method and authentication system |
| JP6460679B2 (en) * | 2014-08-13 | 2019-01-30 | 株式会社野村総合研究所 | Authentication system, authentication method, and authentication program |
| JP6454493B2 (en) * | 2014-08-13 | 2019-01-16 | 株式会社野村総合研究所 | Authentication system, authentication method, and authentication program |
| CN104156859B (en) * | 2014-08-28 | 2018-09-04 | 上海众人网络安全技术有限公司 | A kind of internet trading system and method based on dynamic password |
| EP3013014A1 (en) * | 2014-10-21 | 2016-04-27 | Gemalto Sa | Method for accessing a service, corresponding first device, second device and system |
| JP6322549B2 (en) * | 2014-10-28 | 2018-05-09 | 株式会社野村総合研究所 | Authentication system, authentication method, and authentication program |
| CN104320422A (en) * | 2014-11-18 | 2015-01-28 | 中国建设银行股份有限公司 | Password management method, related device and system |
| CN107534668A (en) * | 2015-04-17 | 2018-01-02 | 福蒂编码有限公司 | The method and system of transaction security |
| CN106327194A (en) * | 2016-08-24 | 2017-01-11 | 北京信安世纪科技有限公司 | Password generation method and electronic equipment |
| CN106506143B (en) * | 2016-09-27 | 2019-10-22 | 天地融科技股份有限公司 | A kind of dynamic cipher generating method and device |
| DE102016221233B3 (en) * | 2016-10-27 | 2017-09-14 | Volkswagen Aktiengesellschaft | Method for managing a first communication connection, system comprising a first communication partner and a second communication partner and vehicle |
| WO2018108062A1 (en) * | 2016-12-15 | 2018-06-21 | 腾讯科技(深圳)有限公司 | Method and device for identity verification, and storage medium |
| CN107454111A (en) * | 2017-09-29 | 2017-12-08 | 南京中高知识产权股份有限公司 | Safety certificate equipment and its method of work |
| CN107707359B (en) * | 2017-11-09 | 2021-07-06 | 上海众人网络安全技术有限公司 | Method and device for checking electronic cipher device |
| CN108648286B (en) * | 2018-04-26 | 2021-04-20 | 常州信息职业技术学院 | Parking lot charging system and working method thereof |
| CN109034822A (en) * | 2018-07-13 | 2018-12-18 | 广东深海信息科技有限公司 | A kind of password of the online bank verification method |
| CN109660549A (en) * | 2018-12-29 | 2019-04-19 | 贵阳朗玛信息技术股份有限公司 | A kind of video requency frame data packet sending, receiving method and device |
| CN115955364B (en) * | 2023-03-13 | 2023-06-02 | 长沙市中智信息技术开发有限公司 | User identity information confidentiality method and system of network bidding transaction system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222333A (en) * | 2007-12-24 | 2008-07-16 | 北京握奇数据系统有限公司 | Data transaction processing method and apparatus |
| CN101651675A (en) * | 2009-08-27 | 2010-02-17 | 北京飞天诚信科技有限公司 | Method and system for enhancing security of network transactions |
| CN101901306A (en) * | 2009-06-01 | 2010-12-01 | 北京焜安信息技术有限公司 | Network transaction encryption method and dynamic password equipment used by same |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200937928A (en) * | 2008-02-20 | 2009-09-01 | Tatung Co | Method for generating one-time-password |
| CN101577917A (en) * | 2009-06-16 | 2009-11-11 | 深圳市星龙基电子技术有限公司 | Safe dynamic password authentication method based on mobile phone |
-
2011
- 2011-06-14 CN CN201110158810.6A patent/CN102202300B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222333A (en) * | 2007-12-24 | 2008-07-16 | 北京握奇数据系统有限公司 | Data transaction processing method and apparatus |
| CN101901306A (en) * | 2009-06-01 | 2010-12-01 | 北京焜安信息技术有限公司 | Network transaction encryption method and dynamic password equipment used by same |
| CN101651675A (en) * | 2009-08-27 | 2010-02-17 | 北京飞天诚信科技有限公司 | Method and system for enhancing security of network transactions |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102202300A (en) | 2011-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102202300B (en) | A kind of based on twin-channel dynamic cipher authentication system and method | |
| CN104838629B (en) | Use mobile device and the method and system that are authenticated by means of certificate to user | |
| CN104464117B (en) | Based on dynamic two-dimension code ATM (automatic teller machine) withdrawal method and system | |
| CN101222333B (en) | Data transaction processing method and apparatus | |
| US20090172402A1 (en) | Multi-factor authentication and certification system for electronic transactions | |
| US20110103586A1 (en) | System, Method and Device To Authenticate Relationships By Electronic Means | |
| CN103903140B (en) | A kind of O2O safe payment methods, system and a kind of secure payment backstage | |
| CN101340294A (en) | Cipher keyboard apparatus and implementing method thereof | |
| CN105407079A (en) | Novel terminal safety soft secret key management method | |
| CN104599408A (en) | Third-party account ATM (automatic teller machine) withdrawing method and system based on dynamic two-dimension codes | |
| CN101770619A (en) | Multiple-factor authentication method for online payment and authentication system | |
| TWI591553B (en) | Systems and methods for mobile devices to trade financial documents | |
| US20130121490A1 (en) | Method and apparatus for trust based data scanning, capture, and transfer | |
| TWI775288B (en) | Payment token application method, equipment, system and server | |
| WO2015135392A1 (en) | O2o secure payment method and system | |
| CN101304569A (en) | Mobile authentication system based on intelligent mobile phone | |
| CN101790166A (en) | Digital signing method based on mobile phone intelligent card | |
| CN104408622A (en) | System and method for confirming electronic trade based on independent password equipment | |
| CN103268436A (en) | Method and system for touch-screen based graphical password authentication in mobile payment | |
| CN105741116A (en) | Fast payment method, apparatus and system | |
| CN101521576B (en) | Method and system for identity authentication of internet user | |
| CN102811203B (en) | Method for identifying ID, system and user terminal in the Internet | |
| CN102542503A (en) | System and method for realizing bank security transaction by mobile communication terminal | |
| CN102609842B (en) | A kind of payment cipher device based on hardware signature equipment and application process thereof | |
| CN104103132A (en) | Mobile uKey [USB (universal serial bus) Key] and card-less cash withdrawal System and mobile uKey and card-less cash withdrawal method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |