CN102364888B - Setting method, setting system, terminal and authentication server for dynamic token key factor - Google Patents
Setting method, setting system, terminal and authentication server for dynamic token key factor Download PDFInfo
- Publication number
- CN102364888B CN102364888B CN201110297061.5A CN201110297061A CN102364888B CN 102364888 B CN102364888 B CN 102364888B CN 201110297061 A CN201110297061 A CN 201110297061A CN 102364888 B CN102364888 B CN 102364888B
- Authority
- CN
- China
- Prior art keywords
- key
- data
- dynamic token
- key factor
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000012795 verification Methods 0.000 claims description 124
- 239000006185 dispersion Substances 0.000 claims description 36
- 238000012015 optical character recognition Methods 0.000 claims description 9
- 238000005336 cracking Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 7
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a setting method, a setting system, a terminal and an authentication server for dynamic token key factors. The method can comprise the following steps that a dynamic token generates key data and key factors are obtained according to the key data; the dynamic token displays the key data through a display device; the authentication server scans the display device of the dynamic token to obtain the key data; and the authentication server obtains the key factors according to the key data. In the invention, the key factors or key factor parameters set on the dynamic token are transmitted to the authentication server by a scanning mode and the limitation of a manual input mode on the digit number of the key factors or the key factor parameters is eliminated, so that the key factors or the key factor parameters with a larger digit number can be set, the difficulty in cracking the key factors is improved, and the safety of the dynamic token is improved.
Description
Technical Field
The invention relates to the field of information security, in particular to a method, a system, a terminal and a verification server for setting a dynamic token key factor.
Background
With the development of information security technology, dynamic tokens are widely applied in the fields of financial securities, electronic commerce, enterprise software and the like. However, in the existing dynamic token, the security parameters are generally set by the manufacturer of the dynamic token terminal device at the time of factory shipment, and both the manufacturer and the issuer will know the security parameters, so that the dynamic token terminal device of the user is easily copied illegally due to leakage of the secret, which causes loss.
It is now common to divide the setting of security parameters into two parts, one part being set by the manufacturer and the other part being set by the issuer or the user. The security parameters input by the issuer or the user are basically input through keys of the dynamic token terminal equipment, and if the input security parameters are too short, such as 8 numbers, the input security parameters are easily cracked by internal staff of the manufacturer, so that the security parameters input by the issuer or the user and the security parameters set by the manufacturer can be obtained, and the dynamic token terminal equipment can also be illegally copied. If the input security parameters are long, although the difficulty of brute force cracking can be improved, the workload of user input is large, and the experience is poor.
Disclosure of Invention
The invention aims to provide a method for setting a key factor of a dynamic token, which improves the security of the dynamic token.
The invention provides a method for setting a dynamic token key factor, which comprises the following steps:
the dynamic token generates key data, and key factors are obtained according to the key data;
the dynamic token displays the key data through a display device;
the authentication server scans the display device of the dynamic token to obtain key data;
the authentication server obtains the key factor from the key data.
Preferably, the key data comprises part or all of a key factor or key factor parameter.
Preferably, the key data is generated in a random manner.
Preferably, the scanning mode is an optical character recognition mode and/or a bar code recognition mode.
Preferably, the step of generating the key data by the dynamic token specifically includes:
the dynamic token generates the key data one or more times.
Preferably, before the step of generating the key data by the dynamic token, the method further includes the steps of:
presetting dispersion parameters and a dispersion algorithm by the dynamic token;
and the dynamic token calculates the dispersion parameters according to a dispersion algorithm to obtain the key factors or the key factor parameters.
Preferably, before the step of generating the key data by the dynamic token, the method further includes the steps of:
the authentication server and the dynamic token preset a distributed key and/or a verification key.
Preferably, before the step of obtaining the key factor according to the key data, the authentication server further includes the steps of:
the verification server verifies the key data by the verification key; the key data further comprises first check data and/or second check data;
the first check data is generated by the check key encryption key factor or key factor parameter, or the check key encryption dynamic token serial number and the key factor or key factor parameter; for verifying the validity and correctness of the key data;
the second check data is generated by the dynamic token according to the key factor or the key factor parameter, or generated according to the dynamic token serial number and the first check data and the key factor or the key factor parameter; for verifying the correctness of the scan.
Preferably, the key data further comprises a serial number of the dynamic token; the distributed key is generated independently for the authentication server and the dynamic token or calculated according to the serial number of the dynamic token.
Preferably, the step of obtaining the key factor by the dynamic token according to the key data and the step of obtaining the key factor by the authentication server according to the key data specifically include:
when the key data comprises part or all of the key factors, the authentication server and the dynamic token store the key factors for generating a dynamic password; or,
and when the key data comprises part or all of the key factor parameters, the verification server and the dynamic token encrypt the key factor parameters by using the distributed keys to obtain key factors for generating dynamic passwords.
The invention also provides a dynamic token terminal, comprising:
the data generating unit is used for generating key data and obtaining a key factor according to the key data;
and the data display unit is used for displaying the key data through a display device.
Preferably, the dynamic token terminal further comprises:
the preset unit is used for presetting a scattered key and/or a verification key; presetting dispersion parameters and a dispersion algorithm; and calculating the dispersion parameters through a data generation unit according to a dispersion algorithm to obtain the key factors or the key factor parameters.
The present invention further provides a verification server, including:
the data acquisition unit is used for scanning a display device of the dynamic token terminal to obtain key data;
and the key generation unit is used for obtaining the key factor according to the key data.
Preferably, the scanning mode is an optical character recognition mode and/or a bar code recognition mode.
Preferably, the authentication server further comprises:
the verification unit verifies the key data according to the verification key; the key data also comprises verification data, and the verification data is generated by encrypting the verification key and verifies the legality and/or correctness of the key data.
The invention also provides a system for setting the dynamic token key factor, which comprises the dynamic token terminal and the verification server.
The invention transmits the key factor or the key factor parameter set by the issuer or the user to the verification server in a scanning mode to remove the limitation of the manual input mode on the number of bits of the key factor or the key factor parameter, thereby setting more bits of the key factor or the key factor parameter, increasing the difficulty of breaking the key factor and improving the safety of the dynamic token.
In addition, by setting the verification data generated and transmitted together with the dynamic token key factor or key factor parameter, the verification server can verify the key factor or key factor parameter, thereby ensuring the legality of the key factor and the correctness of the data in the transmission process.
Drawings
FIG. 1 is a schematic diagram illustrating a workflow of a method for setting a dynamic token key factor according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a workflow of a method for setting a dynamic token key factor according to another embodiment of the present invention;
FIG. 3 is a flowchart illustrating a method for setting a dynamic token key factor according to another embodiment of the present invention;
fig. 4 is a schematic structural diagram of a dynamic token terminal according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of another structure of a dynamic token terminal according to an embodiment of the present invention;
FIG. 6 is a block diagram of an authentication server according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of another structure of an authentication server according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a system for setting a dynamic token key factor according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
Referring to fig. 1, a method for setting a key factor of a dynamic token is provided for a first embodiment of the technical solution of the present invention, so that a process of setting security parameters of the dynamic token is safer, and the method includes the steps of:
s10, generating key data by the dynamic token, and generating key factors according to the key data;
s11, displaying the key data by the dynamic token through a display device;
s12, the display device of the dynamic token is scanned by the verification server to obtain the key data;
and S13, the authentication server generates a key factor according to the key data.
In this embodiment, the authentication server is a server that corresponds to the dynamic token and can authenticate the dynamic password generated by the dynamic token.
As described in step S10, the dynamic token generates key data. The key data may be used to generate a key factor, which may then be used to generate a dynamic password. The generation of the key data can be a one-time generation fixed use; or can be generated for multiple times and replaced for use. The key data may be generated in a random manner.
The dynamic token may generate a key factor based on the key data. The dynamic token may extract the key factor directly from the content of the key data or compute the key factor from the content of the key data, and then may generate the dynamic password by the key factor.
As described in step S11, the dynamic token may display the key data through a display device. The display may be sequential display, that is, the content of the key data may be displayed sequentially at time intervals, for example, a part of the content of the key data is displayed first, and then another part of the content of the key data is displayed. The display device may be a screen for display such as a liquid crystal display screen.
As described in step S12, the authentication server may obtain the key data by scanning the display device of the dynamic token. The authentication server may scan the display devices in sequence according to the sequential display of the display devices to obtain the key data. The scanning method is an optical character recognition method and/or a bar code recognition method.
The authentication server may generate a key factor from the key data, as described in step S13. The authentication server may extract the key factor directly from the content of the key data or calculate the generated key factor from the content of the key data. The key factor may be used to generate a dynamic password for use in verifying the dynamic password generated by the dynamic token to identify the user's identity.
According to the method for setting the key factor of the dynamic token, the key data containing the key factor or the key factor parameter can be transmitted to the verification server from the dynamic token in a scanning mode, the limitation of a manual input mode on the number of bits of the key factor or the key factor parameter is removed, so that more bits of the key factor or the key factor parameter can be set, the difficulty of breaking the key factor is increased, and the safety of the dynamic token is improved.
Referring to fig. 2, in another embodiment of the present invention, a method for setting a dynamic token key factor is provided, which may include the steps of:
s20, verifying server and dynamic token preset checking key;
s21, presetting a dispersion parameter and a dispersion algorithm by the dynamic token, generating a key factor according to the dispersion parameter and the dispersion algorithm, and generating first verification data according to the key factor;
s210, the dynamic token stores the generated key factor;
s22, displaying the key factor and the first verification data by the dynamic token through a display device;
s23, the display device of the dynamic token is scanned by the verification server to obtain the key factor and the first verification data, and the key factor is verified and stored according to the verification key and the first verification data.
The authentication server and the dynamic token may be preset with a verification key for verifying the validity and/or correctness of the key factor, as described in step S20.
The dynamic token may be preset a dispersion parameter and corresponding dispersion algorithm, as described in step S21. The dispersion algorithm may be used to calculate the dispersion parameter, generating a key factor. The key factor and the first verification data may be generated by a user-controlled dynamic token. The key factor is generated by calculating the dispersion parameters by the dynamic token according to a dispersion algorithm; the verification data is generated by the verification key encryption key factor and can be used for verifying the validity and/or correctness of the key factor.
As shown in step S210, the dynamic token stores the generated key factor, and the dynamic password can be generated by the key factor.
As described in step S22, the display device of the dynamic token may display the key factor and the first verification data at a time, or may display the key factor and the first verification data in sequence, and display the key factor and the first verification data separately.
As described in step S23, the authentication server obtains the key factor and the first verification data by scanning the display device of the dynamic token. The scanning can adopt an optical character recognition mode and/or a bar code recognition mode, and the key factor and the first verification data are obtained by scanning the content displayed by the dynamic token display device for one time or multiple times (in a sequential display mode) according to the display mode of the display device for the key factor and the first verification data.
And the verification server verifies the key factor according to the verification key and the first verification data. The verification server verifies the key factor obtained by scanning the dynamic token display device according to the verification key, verifies the validity and/or correctness of the key factor, and stores the key factor after the validity is verified. The key factor may be used to generate a dynamic password for use in verifying the dynamic password generated by the dynamic token, and thus the identity of the user.
In the method for setting the dynamic token key factor of the embodiment, the verification server can verify the key factor by setting the verification data generated and transmitted together with the dynamic token key factor, so that the validity and/or correctness of the key factor are ensured.
Referring to fig. 3, in another embodiment of the present invention, a method for setting a dynamic token key factor is provided, which may include the steps of:
s30, the verification server and the dynamic token preset the dispersed key and the verification key;
s31, generating a key factor parameter, first check data and second check data by the dynamic token, and generating a key factor according to the key factor parameter; the key factor parameter, the first check data and the second check data are generated at one time or twice respectively;
s310, the dynamic token stores the generated key factor;
s32, the dynamic token displays the serial number, the key factor parameter, the first check data and the second check data of the dynamic token through a display device;
s33, the display device of the dynamic token is scanned by the verification server to obtain the key factor parameter, the first verification data and the second verification data, and the key factor parameter is verified according to the verification key, the first verification data and the second verification data;
and S331, the verification server generates and stores the key factor according to the key factor parameter.
As described in step S30, first, the authentication server and the dynamic token preset the distributed key and the verification key. The distributed key may generate a key factor based on a key factor parameter. The key data also comprises first check data, and the first check data is generated by the check key encryption key factor or key factor parameter, or the check key encryption dynamic token serial number and the key factor or key factor parameter; for verifying the validity and correctness of the key data.
The key data also comprises second check data, and the second check data is generated by the dynamic token according to the key factor or the key factor parameter, or generated according to the dynamic token serial number and the first check data and the key factor or the key factor parameter; for verifying the correctness of the scan.
As shown in step S31, the key factor parameter, the first verification data and the second verification data may be generated at one time or multiple times (e.g., twice), for example, the key factor parameter, the first verification data and the second verification data may be generated at two times under the control of the issuer and the user of the dynamic token, respectively. The key factor parameter may be used to generate a key factor.
The dynamic token stores the generated key factor, which can be used to generate the dynamic password, as described in step S310.
The dynamic token may generate the key factor based on the key factor parameter. The dynamic token may encrypt the key factor parameter with a preset distributed key to generate the key factor, and the encryption algorithm may be one or a combination of a DES/3DES algorithm, a HASH algorithm, a DES/3DES algorithm, and a HASH algorithm, or other distributed algorithms familiar to those skilled in the art.
The dynamic token displays the serial number, the key factor parameter, the first verification data and the second verification data of the dynamic token through the display device as described in step S32. The dynamic token adopts a display device to display the serial number, the key factor parameter, the first check data and the second check data of the dynamic token in sequence. The serial number of the dynamic token is used to uniquely identify the dynamic token.
As described in step S33, the display device that scans the dynamic token obtains the serial number, the key factor parameter, and the verification data of the dynamic token. The verification server scans the contents displayed by the display device in sequence by adopting an optical character recognition and/or bar code recognition mode to obtain the serial number, the key factor parameter, the first verification data and the second verification data of the dynamic token.
And the verification server verifies the key factor parameter according to the verification key. The verification server can verify the key factor parameter according to a preset verification key, the first verification data and the second verification data, and verify the validity and the correctness of the key factor parameter.
In step S331, the authentication server generates a key factor according to the verified key factor parameter. The authentication server may encrypt the key factor parameter by a preset distributed key to generate the key factor, and the encryption algorithm may be one or a combination of a DES/3DES algorithm, a HASH algorithm, a DES/3DES algorithm, and a HASH algorithm, or other encryption algorithms familiar to those skilled in the art.
According to the method for setting the dynamic token key factor, the key factor parameter and the verification data which can verify the validity and the correctness of the key factor parameter are set and transmitted to the verification server together, so that the verification server can obtain the validity and the correctness of the key data through the first verification data verification scanning and verify the correctness of the scanning through the second verification data, and the validity and the correctness of the key factor parameter are guaranteed.
Referring to fig. 4, in an embodiment of the present invention, a dynamic token terminal 40 is provided, which may include: a data generation unit 41, a data display unit 42, and the like; the data generating unit 41 is configured to generate key data, and obtain a key factor according to the key data; the data display unit 42 is configured to display the key data through a display device.
The data generation unit 41 described above may generate key data. The key data may be used to generate a key factor, which may then be used to generate a dynamic password. The generation of the key data can be a one-time fixed generation use; or can be generated for multiple times and replaced for use. The data generation unit 41 may also extract a key factor directly from the content of the key data or calculate a generated key factor from the content of the key data, and then may generate a dynamic password by the key factor. The key data may include some or all of the key factor or key factor parameter.
The data display unit 42 may display the key data through a display device provided to the dynamic token terminal 40. The display may be sequential display, that is, the content of the key data may be displayed sequentially at time intervals, for example, a part of the content of the key data is displayed first, and then another part of the content of the key data is displayed. The display device may be a screen for display such as a liquid crystal display screen.
The authentication server may obtain the key data by scanning the display device of the dynamic token terminal 40. The authentication server may scan the display devices in sequence according to the sequential display of the display devices to obtain the key data. The scanning method is an optical character recognition method and/or a bar code recognition method.
The authentication server may generate a key factor based on the key data. The authentication server may extract the key factor directly from the content of the key data or calculate the generated key factor from the content of the key data. The key factor may be used to generate a dynamic password for use in verifying the dynamic password generated by the dynamic token to identify the user's identity.
The dynamic token terminal 40 of this embodiment may transmit the key data including the key factor or the key factor parameter from the dynamic token to the verification server in a scanning manner, and remove the limitation of the number of bits of the key factor or the key factor parameter in a manual input manner, thereby setting more bits of the key factor or the key factor parameter, increasing the difficulty of breaking the key factor, and improving the security of the dynamic token.
Referring to fig. 5, the dynamic token terminal 40 further includes: a presetting unit 43 for presetting a distributed key and/or a verification key; presetting dispersion parameters and a dispersion algorithm; and the data generating unit 41 calculates the dispersion parameters according to the dispersion algorithm to obtain the key factors or key factor parameters.
The dynamic token terminal 40 and the authentication server may preset a verification key for verifying the validity of the key factor. The dynamic token terminal 40 may be preset dispersion parameters and corresponding dispersion algorithms. The dispersion algorithm may be used to calculate the dispersion parameter, generating a key factor. The key factor and the first verification data may be generated by the user controlling the dynamic token terminal 40. The key factor is generated by the dynamic token terminal 40 through calculation of the dispersion parameter according to the dispersion algorithm; the verification data is generated by the verification key encryption key factor and can be used for verifying the legality of the key factor. The dynamic token terminal 40 may store the generated key factor by which the dynamic password may be generated.
Then, the key factor and the first verification data are displayed, so that the authentication server obtains the key factor and the first verification data by scanning the display device of the dynamic token terminal 40. And the authentication server verifies the key factor according to the first verification data. The authentication server verifies the key factor obtained by scanning the display device of the dynamic token terminal 40 according to the verification key, verifies the validity of the key factor, and stores the key factor after the validity is verified. The key factor may be used to generate a dynamic password for use in verifying the dynamic password generated by the dynamic token, and thus the identity of the user.
The dynamic token terminal 40 and the authentication server may be preset with a distributed key and a verification key. The distributed key may generate a key factor based on a key factor parameter.
The key data also comprises first check data, and the first check data is generated by the check key encryption key factor or key factor parameter, or the check key encryption dynamic token serial number and the key factor or key factor parameter; for verifying the validity and correctness of the key data.
The key data also comprises second check data, and the second check data is generated by the dynamic token according to the key factor or the key factor parameter, or generated according to the dynamic token serial number and the first check data and the key factor or the key factor parameter; for verifying the correctness of the scan.
The key factor parameter, the first verification data and the second verification data may be generated at one time or in multiple times (e.g., twice), and may be generated in two times, for example, under the control of the issuer and the user of the dynamic token terminal 40, respectively.
The key data may also include a serial number of the dynamic token terminal 40; the distributed key is generated independently for the authentication server and the dynamic token terminal 40 or calculated according to the serial number of the dynamic token terminal 40.
The dynamic token terminal 40 displays the serial number, the key factor parameter, the first verification data and the second verification data of the dynamic token terminal 40 through a display device, so that the verification server scans the display device of the dynamic token terminal 40 to obtain the serial number, the key factor parameter and the verification data of the dynamic token. The serial number of the dynamic token terminal 40 is used to uniquely identify the dynamic token terminal 40; the authentication server employs optical character recognition and/or bar code recognition.
And the verification server verifies the key factor parameter according to the verification key and verifies the validity and the correctness of the key factor parameter. And the verification server generates a key factor according to the verified key factor parameter.
The dynamic token terminal 40 of this embodiment may transmit the key data including the key factor or the key factor parameter from the dynamic token terminal 40 to the verification server in a scanning manner, and the limitation of the number of bits of the key factor or the key factor parameter by a manual input manner is removed, so that a more-bit key factor or key factor parameter may be set, the difficulty of breaking the key factor is increased, and the security of the dynamic token is improved.
Referring to fig. 6, in an embodiment of the present invention, an authentication server 50 is provided, where the authentication server 50 may include: a data acquisition unit 51 and a key generation unit 52; the data acquisition unit 51 is used for scanning the display device of the dynamic token terminal 40 to obtain the key data; the key generating unit 52 is configured to obtain a key factor according to the key data.
The authentication server 50 may scan the dynamic token terminal 40 by learning a character recognition method to obtain key data. The key data may include some or all of the key factor or key factor parameter. The key data may also include verification data, generated by encrypting a verification key, that verifies the validity and/or correctness of the key data. The key data may also include a serial number of the dynamic token terminal 40.
Referring to fig. 7, the authentication server 50 further includes: and a verification unit 53 for verifying the key data according to the verification key.
In this embodiment, the authentication server 50 may directly obtain the key factor and other related information from the dynamic token terminal 40 through scanning, or may obtain the key factor parameter and other related information that can generate the key factor from the dynamic token terminal 40 through scanning.
For example, the key factor and the first verification data may be generated by the dynamic token terminal 40 and displayed by a display device, so that the authentication server 50 obtains the key factor and the first verification data by scanning the display device of the dynamic token terminal 40. The verification unit of the above-mentioned authentication server 50 verifies the key factor based on the first verification data. The verification server 50 verifies the key factor obtained by scanning the display device of the dynamic token terminal 40 according to the verification key, verifies the validity of the key factor, and stores the key factor after the validity is verified. The key factor may be used to generate a dynamic password for use in verifying the dynamic password generated by the dynamic token, and thus the identity of the user.
Alternatively, the key factor parameter, the first verification data, and the second verification data may be generated by the dynamic token terminal 40, and the serial number, the key factor parameter, the first verification data, and the second verification data of the dynamic token terminal 40 may be displayed by a display device of the dynamic token terminal 40, so that the verification server 50 scans the display device of the dynamic token terminal 40 to obtain the serial number, the key factor parameter, and the verification data of the dynamic token. The serial number of the dynamic token terminal 40 is used to uniquely identify the dynamic token terminal 40.
The verification unit of the verification server 50 verifies the key factor parameter according to the preset verification key, and verifies the validity and correctness of the key factor parameter. The authentication server 50 generates a key factor according to the verified key factor parameter.
The verification server 50 of this embodiment may obtain the key data in a scanning manner, and remove the limitation of the number of bits of the key factor or the key factor parameter in a manual input manner, so that more bits of the key factor or the key factor parameter may be set, the difficulty of breaking the key factor is increased, and the security of the dynamic token is improved.
Referring to fig. 8, a system for setting a dynamic token key factor is provided, which may include a dynamic token terminal 40 and an authentication server 50. The dynamic token terminal 40 may include: a data generation unit 41, a data display unit 42, and the like; the data generating unit 41 is configured to generate key data, and obtain a key factor according to the key data; the data display unit 42 is configured to display the key data through a display device. The authentication server 50 may include: a data acquisition unit 51 and a key generation unit 52; the data acquisition unit 51 is used for scanning the display device of the dynamic token terminal 40 to obtain the key data; the key generating unit 52 is configured to obtain a key factor according to the key data. The dynamic token terminal 40 and the authentication server 50 in this embodiment may be as described in the above embodiments.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (12)
1. A method for setting a dynamic token key factor, comprising the steps of:
the dynamic token generates key data, and key factors are obtained according to the key data;
the dynamic token displays the key data through a display device;
the authentication server scans the display device of the dynamic token to obtain key data;
the authentication server obtains a key factor according to the key data;
the step of obtaining the key factor by the dynamic token according to the key data and the step of obtaining the key factor by the verification server according to the key data are specifically as follows:
when the key data comprises part or all of the key factors, the authentication server and the dynamic token store the key factors for generating a dynamic password; or,
and when the key data comprises part or all of the key factor parameters, the verification server and the dynamic token encrypt the key factor parameters by using the distributed keys to obtain key factors for generating dynamic passwords.
2. The method of claim 1, wherein the key data comprises part or all of the key factors or key factor parameters.
3. The method of claim 2, wherein the key data is generated in a random manner.
4. The method for setting the dynamic token key factor of claim 1, wherein the scanning mode is an optical character recognition mode and/or a bar code recognition mode.
5. The method for setting the key factor of the dynamic token according to claim 1, wherein the step of generating the key data by the dynamic token specifically comprises:
the dynamic token generates the key data one or more times.
6. The method for setting the key factor of the dynamic token according to claim 2, wherein before the step of generating the key data by the dynamic token, the method further comprises the steps of:
presetting dispersion parameters and a dispersion algorithm by the dynamic token;
and the dynamic token calculates the dispersion parameters according to a dispersion algorithm to obtain the key factors or the key factor parameters.
7. The method for setting the key factor of the dynamic token according to claim 3 or 6, wherein before the step of generating the key data by the dynamic token, the method further comprises the steps of:
the authentication server and the dynamic token preset a distributed key and/or a verification key.
8. The method for setting the dynamic token key factor of claim 7, wherein before the step of obtaining the key factor from the key data, the authentication server further comprises the steps of:
the verification server verifies the key data by the verification key; the key data further comprises first check data and/or second check data;
the first check data is generated by the check key encryption key factor or key factor parameter, or the check key encryption dynamic token serial number and the key factor or key factor parameter; for verifying the validity and correctness of the key data;
the second check data is generated by the dynamic token according to the key factor or the key factor parameter, or generated according to the dynamic token serial number and the first check data and the key factor or the key factor parameter; for verifying the correctness of the scan.
9. The method of claim 7, wherein the key data further comprises a serial number of the dynamic token; the distributed key is generated independently for the authentication server and the dynamic token or calculated according to the serial number of the dynamic token.
10. A system for setting a dynamic token key factor, comprising: the system comprises a dynamic token terminal and an authentication server, wherein the authentication server comprises:
the data acquisition unit is used for scanning a display device of the dynamic token terminal to obtain key data;
a key generation unit for obtaining a key factor from the key data;
the dynamic token terminal includes:
the data generating unit is used for generating key data and obtaining a key factor according to the key data;
a data display unit for displaying the key data through a display device;
wherein the dynamic token terminal further comprises:
the preset unit is used for presetting a scattered key and/or a verification key; presetting dispersion parameters and a dispersion algorithm; and calculating the dispersion parameters through a data generation unit according to a dispersion algorithm to obtain the key factors or the key factor parameters.
11. The system for setting up a dynamic token key factor of claim 10, wherein the scanning is performed by optical character recognition and/or bar code recognition.
12. The system for setting a dynamic token key factor of claim 10 or 11, wherein the authentication server further comprises:
the verification unit verifies the key data according to the verification key; the key data also comprises verification data, and the verification data is generated by encrypting the verification key and verifies the legality and/or correctness of the key data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110297061.5A CN102364888B (en) | 2011-09-30 | 2011-09-30 | Setting method, setting system, terminal and authentication server for dynamic token key factor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110297061.5A CN102364888B (en) | 2011-09-30 | 2011-09-30 | Setting method, setting system, terminal and authentication server for dynamic token key factor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102364888A CN102364888A (en) | 2012-02-29 |
| CN102364888B true CN102364888B (en) | 2015-01-07 |
Family
ID=45691440
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110297061.5A Expired - Fee Related CN102364888B (en) | 2011-09-30 | 2011-09-30 | Setting method, setting system, terminal and authentication server for dynamic token key factor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102364888B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102624529A (en) * | 2012-03-12 | 2012-08-01 | 深圳市文鼎创数据科技有限公司 | Setting method and device for key factor of dynamic token |
| CN102739403A (en) * | 2012-06-19 | 2012-10-17 | 深圳市文鼎创数据科技有限公司 | Identity authentication method and device for dynamic token |
| JP6016948B2 (en) * | 2013-01-17 | 2016-10-26 | 日本電信電話株式会社 | Secret calculation system, arithmetic device, secret calculation method, and program |
| CN103186745A (en) * | 2013-03-08 | 2013-07-03 | 陈景辉 | Graphical dynamic password token |
| CN103888243B (en) * | 2014-04-15 | 2017-03-22 | 飞天诚信科技股份有限公司 | Seed key safe transmission method |
| CN106504369B (en) * | 2015-09-07 | 2019-01-22 | 封楠林 | Electronic coding lock system and encryption method |
| CN108923913B (en) * | 2018-06-14 | 2021-09-14 | 温州极客物联网开发实验室有限公司 | Calling type dynamic key algorithm |
| CN113132113B (en) * | 2021-04-06 | 2022-07-01 | 鼎铉商用密码测评技术(深圳)有限公司 | Method, system and equipment for verifying correctness of dynamic token |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101051908A (en) * | 2007-05-21 | 2007-10-10 | 北京飞天诚信科技有限公司 | Dynamic cipher certifying system and method |
| CN101500011A (en) * | 2009-03-13 | 2009-08-05 | 北京华大智宝电子系统有限公司 | Method and system for implementing dynamic password security protection |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4736398B2 (en) * | 2004-10-22 | 2011-07-27 | 日本電気株式会社 | Authentication method between secret terminals, secret information delivery method, apparatus, system, and program |
| US20080148057A1 (en) * | 2006-12-19 | 2008-06-19 | Ohanae, Inc. | Security token |
| CN101719826B (en) * | 2009-05-13 | 2013-01-02 | 北京宏基恒信科技有限责任公司 | Dynamic token having function of updating seed key and updating method for seed key thereof |
| CN102045349B (en) * | 2010-12-03 | 2012-08-08 | 北京航空航天大学 | Time and event based one-time password generation and authentication method |
-
2011
- 2011-09-30 CN CN201110297061.5A patent/CN102364888B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101051908A (en) * | 2007-05-21 | 2007-10-10 | 北京飞天诚信科技有限公司 | Dynamic cipher certifying system and method |
| CN101500011A (en) * | 2009-03-13 | 2009-08-05 | 北京华大智宝电子系统有限公司 | Method and system for implementing dynamic password security protection |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102364888A (en) | 2012-02-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102364888B (en) | Setting method, setting system, terminal and authentication server for dynamic token key factor | |
| CN100459488C (en) | Portable one-time dynamic password generator and security authentication system using the same | |
| CN106796631B (en) | Method and apparatus for logging in a medical device | |
| JP6399382B2 (en) | Authentication system | |
| US9756056B2 (en) | Apparatus and method for authenticating a user via multiple user devices | |
| CN107295011B (en) | Webpage security authentication method and device | |
| CN107248075B (en) | Method and device for realizing bidirectional authentication and transaction of intelligent key equipment | |
| CN101340285A (en) | Method and system for identity authentication by finger print USBkey | |
| CN103078742B (en) | Generation method and system of digital certificate | |
| JP2016063533A (en) | Network authentication method for electronic transactions | |
| CN110930147B (en) | Offline payment method and device, electronic equipment and computer-readable storage medium | |
| CN104426659A (en) | Dynamic password generating method, authentication method, authentication system and corresponding equipment | |
| US10397217B2 (en) | Authentication methods and authentication apparatuses | |
| CN2865145Y (en) | Portable disposable dynamic code generator and safety identification system using this | |
| US20100005519A1 (en) | System and method for authenticating one-time virtual secret information | |
| CN106056419A (en) | Method, system and device for realizing independent transaction by using electronic signature equipment | |
| CN114338201B (en) | Data processing method and device, electronic equipment and storage medium | |
| CN108616359A (en) | A kind of OTP authentication method and systems based on Quick Response Code | |
| CN102571349B (en) | Information updating method for smart key, smart key and system | |
| CN112351043A (en) | Vehicle navigation factory setting password management method and system | |
| US11418960B1 (en) | Secure device pairing | |
| EP2916509A1 (en) | Network authentication method for secure user identity verification | |
| WO2018040881A1 (en) | Method and system for authorizing to clear attack alarm for terminal | |
| CN112822175B (en) | Information access method and device and electronic equipment | |
| CN115883091A (en) | Client authentication method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170330 Address after: 100000 room 703-710, room B3, Huayuan Road, Haidian District, Beijing, 7 Patentee after: Beijing Minghua Alliance Technology Co., Ltd. Address before: 518057 Shenzhen, Guangdong, Nanshan District hi tech Zone, Shenzhen Software Park building, room 4, Room 403 Patentee before: Shenzhen Wendingchuang Data Technology Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150107 Termination date: 20190930 |