Background technology
Dynamic password is a kind of disposal password, and each password can only use once.Dynamic password can be in time, number of times and challenge information and change.Dynamic password has good fail safe, adaptable across the various information system.Dynamic token is a kind of encryption device, is used to produce dynamic password.
A kind of specialized hardware that is referred to as dynamic token of the general employing of better dynamic password product at present, sizableness is in a flash disk (or different shape), and display mode is similar to electronic watch, and its built-in power, password generate chip and display screen.Password generates the special cryptographic algorithm of chip operation, generates current password and is presented on the display screen according to current time or access times.In actual dynamic token production and using, because the deviation of token production technology, useful life and the timing of dynamic token crystal oscillator proposes very high request to dynamic token time synchronized mechanism.
Because the time synchronized mechanism of common dynamic token is dynamically to calculate string number with time value as parameter to be uploaded to central server, so it requires token and central server to keep consistency in time at every turn.Though the error that can set certain limit improves the percent of pass of system login, actual conditions are to be difficult to very much on the regular hour point, guarantee consistency, so just bring potential safety hazard and unreliability.
Under above-mentioned situation, guarantee token time synchronized mechanism, stopping the token step-out becomes the problem that this area is needed solution badly.Especially the token consumption is especially big and use is frequent finance, security and ecommerce class client, very responsive to the token time synchronized, very worry to occur the token step-out.In case take place, will cause adverse consequences and client's user satisfaction to lower, influence the client and normally use, must ensure the synchronous of token time through technological means.
Summary of the invention
The present invention is directed to the existing in prior technology problem, its technical issues that need to address are to prevent the token step-out, promote the time accuracy of token.
In order to address the above problem, the present invention adopts following technical scheme:
A kind of dynamic token intelligence time compensating method, this compensation method comprises the steps:
(1) the crystal oscillator time deviation of measurement dynamic token is through periodically observing the dynamic token time deviation;
(2), draw dynamic token timing intelligent compensation straggling parameter value according to the periodic Changing Pattern of dynamic token time deviation;
(3) dynamic token is adjusted the crystal oscillator time deviation time of dynamic token according to the dynamic token timing intelligent compensation straggling parameter value of step (2) acquisition when generating dynamic password;
(4) dynamic token carries out cryptographic calculation with adjusted time and seed key, generates dynamic password.
In one embodiment of this invention, said dynamic token timing intelligent compensation straggling parameter value obtains through following steps:
(a) periodically send sync message through UTC, and obtain side-play amount cycle time of dynamic token, the time that promptly need compensate with this;
(b) calculate dynamic token timing intelligent compensation straggling parameter value through following formula:
k=X×F/(X×F-1000×Y″)
Wherein, k is a dynamic token timing intelligent compensation straggling parameter value;
X is the cycle that UTC sends sync message;
F is the per second calculated rate;
Y " is side-play amount cycle time of dynamic token.
In one embodiment of this invention, dynamic token with the operation result brachymemma and convert into and can show number, generates 6 or 8 dynamic password with this behind cryptographic calculation in the said step (4).
Dynamic token intelligence time bias mode provided by the invention is to be the basis with certain algorithm, so can promote the time accuracy of token greatly, stops the token step-out.
Dynamic token intelligence time compensating method adopts the timing intelligent compensation parameter of science to obtain correct dynamic password, promotes the time accuracy of token.
Embodiment
For technological means, creation characteristic that the present invention is realized, reach purpose and effect and be easy to understand and understand, below in conjunction with concrete diagram, further set forth the present invention.
Referring to Fig. 1, the process that the present invention carries out dynamic token intelligence time bias is following:
(1) in the dynamic token production process, through measuring the crystal oscillator time deviation of dynamic token, through periodically observing the dynamic token time deviation.
(2), and obtain dynamic token timing intelligent compensation straggling parameter value with this according to the periodic Changing Pattern of dynamic token time deviation.
(3) dynamic token is adjusted the crystal oscillator time deviation time of dynamic token according to the dynamic token timing intelligent compensation straggling parameter value of step (2) acquisition when generating dynamic password.
(4) time and the seed key of dynamic token after with compensation adjustment carries out cryptographic calculation, with the operation result brachymemma and convert into and can show number, generates 6 or 8 dynamic password with this.
(5) user uses this dynamic password to carry out password authentication.
The realization principle of step 2 is following among the present invention:
Referring to Fig. 3, realize the synchronous of two clocks, the one, the count value of clock is identical, and the 2nd, the counting rate of rise is identical.
Under the synchronous situation of dynamic token clock and UTC; If the frequency of UTC clock is f; Token clock is Y at n-1 to the n time period, and a+b=d is the time of delay of sync message from the UTC clock to token clock, can adopt back-and-forth method to measure through the Time delay measurement frame; This value d can think constant, has so:
X=Y+d (1)
Wherein, X is the cycle time that UTC sends sync message.
If the dynamic token clock is asynchronous with UTC, wherein, Y ' be token clock at n-1 to n time period token counts time, Y " to be token clock arrive the time deviation of n time period at n-1, and the intelligent time bias of needs has so:
Y″=Y-Y′(2)
Because the UTC clock is periodically to send sync message, is the per second calculated rate if adopt 128HZ.Can get by formula (1) and (2):
k=X×128/(X×128-1000×Y″)
K is exactly a dynamic token timing intelligent compensation straggling parameter value.Can calculate the compensate parameter value in each synchronizing cycle, realize frequency adjustment through the relevant hardware circuit then.
Because middle result of calculation will be passed through certain clock cycle, so the crystal oscillator cycle that the latch signal of compensate parameter value k will be delayed time certain.Adopting 128HZ in the present invention is the per second calculated rate, promptly under the situation of<1ms, just can obtain the dynamic token intelligent compensation time.
Dynamic token intelligence time compensating method can intelligence the deviation of crystal oscillator timing of rectification dynamic token, guarantee the time accuracy of token, stop the token step-out.
Based on such scheme, practical implementation of the present invention is following:
1, in the dynamic token production process, through measuring the crystal oscillator time deviation of dynamic token, the line period property of going forward side by side observation dynamic token time deviation obtains the periodic Changing Pattern of dynamic token time deviation.
2,, draw dynamic token timing intelligent compensation straggling parameter value according to the periodic Changing Pattern of dynamic token time deviation.
3, dynamic token generated in the dynamic password process in the later stage, and dynamic token intelligence time bias mode intelligence is adjusted the crystal oscillator time deviation time, guarantees the time synchronized of dynamic token.
In this step, dynamic token just directly adopts compensate parameter value k when Practical Calculation self system time, and under the ordering about of each k signal, dynamic token compensates Y automatically " is corresponding intelligent compensation time time period of compensate parameter value k.
4, dynamic token is through carrying out cryptographic calculation acquisition dynamic password (it is a prior art, does not give unnecessary details) here to adjusted time and seed.
5, the user uses this dynamic password to carry out dynamic cipher verification.
Adjust the crystal oscillator time deviation time with dynamic token intelligence time bias mode intelligence in the 3rd step among this embodiment, thereby guarantee the time synchronized of dynamic token.
The present invention can be as accurate as 1ppm if adopting 128HZ is the per second calculated rate.
More than show and described basic principle of the present invention, principal character and advantage of the present invention.The technical staff of the industry should understand; The present invention is not restricted to the described embodiments; That describes in the foregoing description and the specification just explains principle of the present invention; Under the prerequisite that does not break away from spirit and scope of the invention, the present invention also has various changes and modifications, and these variations and improvement all fall in the scope of the invention that requires protection.The present invention requires protection range to be defined by appending claims and equivalent thereof.