Summary of the invention
The present invention is intended to solve one of the problems referred to above at least.
Main purpose of the present invention is to provide a kind of method of remote authorization dynamic password board.
Another object of the present invention is to provide a kind of system of remote authorization dynamic password board.
Another purpose of the present invention is to provide a kind of authorization token.
Another purpose of the present invention is to provide a kind of tokens.
For achieving the above object, technical scheme of the present invention specifically is achieved in that
One aspect of the present invention provides a kind of dynamic password token remote-authorization method, and this method comprises: first authorization token generates first authorization code according to the challenge code and first algorithm that receive at least; Said first authorization code that said tokens receives according to the said challenge code that receives and said first proof of algorithm at least; After checking was passed through, said tokens generated dynamic password according to the said challenge code and second algorithm.
In addition, said authorization token generates before the step of authorization code according to the challenge code that receives and first algorithm at least, and this method also comprises: tokens receives said challenge code, generates authentication code according to said challenge code and algorithm; Authorization token receives said challenge code and said authentication code, verifies said authentication code according to said challenge code and said algorithm; After the authentication verification sign indicating number passes through, carry out authorization token generates authorization code at least according to the challenge code that receives and first algorithm step.
In addition, before the step of said tokens according to said challenge code and second algorithm generation dynamic password, this method also comprises: second authorization token generates second authorization code according to the challenge code and the 4th algorithm that receive at least; Said second authorization code that said tokens receives according to the said challenge code that receives and said the 4th proof of algorithm at least.
In addition, said checking is through comprising: verify that said first authorization code and said second authorization code all pass through.
In addition, the step of said first authorization code that receives according to the said challenge code that receives and said first proof of algorithm at least of said tokens comprises: said tokens is at least according to the said challenge code and said first algorithm computation, the first authority checking sign indicating number that receive; Judge whether the said first authority checking sign indicating number is identical with said first authorization code that receives; If identical, verify that then said first authorization code passes through.
In addition, said authorization token verifies that according to said challenge code and said algorithm the step of said authentication code comprises: said authorization token calculates the authentication verification sign indicating number according to said challenge code and said algorithm; Judge whether said authentication verification sign indicating number is identical with said authentication code; If identical, verify that then said authentication code passes through.
In addition, the step of said second authorization code that receives according to the said challenge code that receives and said the 4th proof of algorithm at least of said tokens comprises: said tokens is at least according to the said challenge code and said the 4th algorithm computation second authority checking sign indicating number that receive; Judge whether the said second authority checking sign indicating number is identical with said second authorization code; If identical, verify that then said second authorization code passes through.
When in addition, said first algorithm was identical with said second algorithm: said first authorization token generated first authorization code according to the challenge code and first algorithm that first authorization token identifies, receives at least; Said first authorization code that said tokens receives according to first authorization token sign, the said challenge code that receives and said first proof of algorithm at least.
In addition; When said first algorithm is identical with said the 4th algorithm, or said first algorithm, said second algorithm and said the 4th algorithm homogeneous phase are simultaneously: said first authorization token generates first authorization code according to the challenge code and first algorithm that first authorization token identifies, receives at least; Said first authorization code that said tokens receives according to first authorization token sign, the said challenge code that receives and said first proof of algorithm at least; Said second authorization token generates second authorization code according to challenge code and the 4th algorithm that second authorization token identifies, receives at least; Said second authorization code that said tokens receives according to second authorization token sign, the said challenge code that receives and said the 4th proof of algorithm at least.
In addition, the step of said first authorization code that receives according to first authorization token sign, the said challenge code that receives and said first proof of algorithm at least of said tokens comprises: said tokens is at least according to said first authorization token sign, the said challenge code and said first algorithm computation, the first authority checking sign indicating number that receive; Judge whether the said first authority checking sign indicating number is identical with said first authorization code that receives; If identical, verify that then said first authorization code passes through.
In addition, the step of said second authorization code that receives according to said second authorization token sign, the said challenge code that receives and said the 4th proof of algorithm at least of said tokens comprises: said tokens is at least according to said second authorization token sign, the said challenge code and said the 4th algorithm computation second authority checking sign indicating number that receive; Judge whether the said second authority checking sign indicating number is identical with said second authorization code; If identical, verify that then said second authorization code passes through.
Another aspect of the invention provides a kind of authorization token, and this authorization token comprises: memory module is used to store the authorization code generating algorithm; Receiver module is used to receive challenge code; The authorization code generation module, the said challenge code that is used at least receiving according to said receiver module and the said authorization code generating algorithm of said memory module storage generate authorization code.
In addition, said memory module is authentication storage sign indicating number generating algorithm also, and said receiver module also receives authentication code; Said authorization token also comprises: authentication module, the said authentication code generating algorithm of said challenge code that is used for receiving according to said receiver module and the storage of said memory module is verified the said authentication code that said receiver module receives.
In addition, said memory module is also stored the authorization token sign; The authorization code generation module, the said challenge code that is used for receiving according to said memory module stored authorized token sign, said authorization code generating algorithm and said receiver module at least generates authorization code.
Another aspect of the invention provides a kind of tokens, and this tokens comprises: memory module is used to store authorization code generating algorithm and dynamic password generating algorithm; Receiver module is used to receive challenge code and authorization code; Authentication module, the said challenge code that is used at least receiving according to said receiver module and the said authorization code generating algorithm of said memory module storage are verified the said authorization code that said receiver module receives; The dynamic password generation module is used for after the checking of said authentication module is passed through, and the said challenge code that receives according to said receiver module and the said dynamic password generating algorithm of said memory module storage generate dynamic password.
In addition, said memory module authentication storage sign indicating number generating algorithm also; Said tokens also comprises: the authentication code generation module, the said authentication code generating algorithm of said challenge code that is used for receiving according to said receiver module and the storage of said memory module generates authentication code.
In addition, said memory module is also stored the authorization token sign, and said receiver module also receives said authorization code; Said authentication module, the said challenge code that is used for receiving according to said memory module stored authorized token sign, said authorization code generating algorithm and said receiver module is at least verified the said authorization code that said receiver module receives.
Another aspect of the invention provides a kind of dynamic password token remote authorization system, and this system comprises: above-mentioned tokens, and at least one above-mentioned authorization token.
In addition, said authorization token is at least two, and after said tokens verified that the authorization code of whole authorization token generations all passes through, said tokens generated dynamic password according to challenge code and dynamic password generating algorithm.
Technical scheme by the invention described above provides can be found out; The invention provides a kind of authorization token, tokens, dynamic password token remote-authorization method and system; Can adopt at least one authorization token that tokens is authorized, can guarantee that the tokens custodian can not carry out electronic transaction or the operation of transferring accounts privately, simultaneously; When carrying out electronic transaction; The authorization token holder can satisfy the demand of remote authorization token not at the scene, thereby has improved the fail safe and the convenience of enterprise's electronic transaction.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on embodiments of the invention, those of ordinary skills belong to protection scope of the present invention not making the every other embodiment that is obtained under the creative work prerequisite.
In description of the invention; It will be appreciated that; The orientation of indications such as term " " center ", " vertically ", " laterally ", " on ", D score, " preceding ", " back ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", " outward " or position relation are for based on orientation shown in the drawings or position relation; only be to describe with simplifying for the ease of describing the present invention; rather than the device or the element of indication or hint indication must have specific orientation, with specific azimuth configuration and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " only are used to describe purpose, and can not be interpreted as indication or hint relative importance or quantity or position.
In description of the invention, need to prove that only if clear and definite regulation and qualification are arranged in addition, term " installation ", " linking to each other ", " connection " should be done broad understanding, for example, can be to be fixedly connected, also can be to removably connect, or connect integratedly; Can be mechanical connection, also can be to be electrically connected; Can be directly to link to each other, also can link to each other indirectly through intermediary, can be the connection of two element internals.For those of ordinary skill in the art, can concrete condition understand above-mentioned term concrete implication in the present invention.
To combine accompanying drawing that the embodiment of the invention is done to describe in detail further below.
Embodiment 1
Fig. 1 has shown the flow chart of dynamic password token remote-authorization method, and referring to Fig. 1, dynamic password token remote-authorization method of the present invention comprises:
Step S101, authorization token generates authorization code according to challenge code that receives and authorization code generating algorithm.
Concrete, the token that authorization token is held for the donor, tokens is the token that the operator of (or transferring accounts) holds of specifically concluding the business, tokens is used to generate dynamic password, concludes the business guaranteeing.
When the operator need be authorized to conclude the business; The operator informs the donor with the challenge code of this transaction; After the donor obtains challenge code; Challenge code is inputed in the authorization token, and perhaps tokens is sent to authorization token with the challenge code of this transaction through wired or wireless mode, and authorization token calculates authorized access code according to the challenge code that receives and its stored authorized sign indicating number generating algorithm.Wherein, challenge code can comprise Transaction Information, comprises following information at least: the number of the account and the amount of money, thus guarantee that the donor knows Transaction Information, so that authorize.
Step S102, tokens is verified the authorization code that receives according to challenge code that receives and authorization code generating algorithm.
Particularly; After the authorization token that the donor holds generates authorization code; The donor informs the operator with this authorization code; The operator inputs to challenge code and authorization code respectively in the tokens, and perhaps authorization token is sent to tokens with authorization code through wired or wireless mode, and tokens can be calculated the authority checking sign indicating number according to the challenge code that receives and its stored authorized sign indicating number generating algorithm; And the authority checking sign indicating number that generates and the authorization code of input judged, judge whether the authority checking sign indicating number is identical with authorization code; If identical, verify that then authorization code passes through.Thus, the operator can verify the correctness of authorization code, and after guaranteeing that the checking authorization code passes through, the dynamic password systematic function of open operation token.
Step S103, after the checking authorization code passed through, tokens generated dynamic password according to challenge code and dynamic password generating algorithm.
Concrete, tokens is calculated according to the dynamic password generating algorithm of challenge code of importing among the step S102 and storage and is obtained dynamic password.Owing to need the challenge code of this transaction to be generated authorization code, and open the dynamic password systematic function after to the checking of authorization code, can guarantee to generate the only property of the challenge code of dynamic password, guaranteed the fail safe of transaction through tokens through authorization token.
The another aspect of present embodiment provides a kind of authorization token 10, and referring to Fig. 2, this authorization token comprises:
Memory module 101 is used to store the authorization code generating algorithm;
Receiver module 102 is used to receive challenge code;
Authorization code generation module 103, the challenge code and the memory module 101 stored authorized sign indicating number generating algorithms that are used for receiving according to receiver module 102 generate authorization code.
Thus, authorization token 10 can generate authorization code according to the challenge code that the operator informs, perhaps receives the challenge code generation authorization code that tokens is sent, to guarantee that being directed against this transaction authorizes.
The another aspect of present embodiment provides a kind of tokens 20, and referring to Fig. 3, this tokens comprises:
Memory module 201 is used to store authorization code generating algorithm and dynamic password generating algorithm;
Receiver module 202 is used to receive challenge code and authorization code;
Authentication module 203, the challenge code and the memory module 201 stored authorized sign indicating number generating algorithms that are used for receiving according to receiver module 202 are verified the authorization code that receiver module 202 receives;
Dynamic password generation module 204 is used for after authentication module 203 checking authorization codes pass through, the challenge code that receives according to receiver module 202 and the dynamic password generating algorithm generation dynamic password of memory module 201 storages.
Thus, tokens 20 can verify the authorization code of this transaction, and opens the dynamic password systematic function of this transaction, can only calculate the generation dynamic password to the challenge code of this transaction to guarantee each transaction, guaranteed the fail safe of transaction.
The another aspect of present embodiment provides a kind of dynamic password token remote authorization system, and referring to Fig. 4, this system comprises: above-mentioned authorization token 10 and above-mentioned tokens 20.
The dynamic password token remote-authorization method and the system that are provided by the foregoing description can find out; Adopt authorization token that tokens is authorized, can guarantee that the tokens custodian can not carry out electronic transaction or the operation of transferring accounts privately, simultaneously; When carrying out electronic transaction; The authorization token holder can satisfy the demand of remote authorization token not at the scene, thereby has improved the fail safe and the convenience of enterprise's electronic transaction.
Further, guaranteed and can only the challenge code of this transaction have been generated dynamic password, guaranteed the fail safe of transaction.
Above-described authorization code generating algorithm and dynamic password generating algorithm all can adopt any following algorithm to calculate:
(1) AES: DES, 3DES or AES;
(2) MAC algorithm:
Symmetry MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, can also adopt other standard compliant algorithms, perhaps adopt other algorithms of international or national regulation.
Embodiment 2
Present embodiment is that with the difference of implementing 1 before authorization token was according to challenge code that receives and authorization code generating algorithm generation authorization code, authorization token was earlier according to challenge code and authentication code generating algorithm authentication verification sign indicating number, thus the identity of verification operation token.
Fig. 5 has shown the flow chart of another dynamic password token remote-authorization method, and referring to Fig. 5, dynamic password token remote-authorization method of the present invention comprises:
Step S201, tokens receives challenge code, generates authentication code according to challenge code and authentication code generating algorithm.
Concrete; The operator inputs to the challenge code of this transaction in the tokens; Tokens generates authentication code according to challenge code and authentication code generating algorithm, and the operator informs the donor with authentication code and challenge code, so that the donor inputs to authentication code and challenge code in the authorization token; Perhaps tokens is sent to authorization token with authentication code and challenge code.
Step S202, authorization token receives challenge code and authentication code, according to challenge code and authentication code generating algorithm authentication verification sign indicating number.
Particularly, the donor inputs to authentication code and the challenge code that the operator informs respectively in the authorization token, and perhaps authorization token receives authentication code and the challenge code that tokens is sent, and authorization token calculates the authentication verification sign indicating number according to challenge code and authentication code generating algorithm; And the authentication verification sign indicating number that generates and the authentication code of input judged, judge whether the authentication verification sign indicating number is identical with authentication code; If identical, then the authentication verification sign indicating number passes through.Thus, the correctness that authorization token can the authentication verification sign indicating number guarantees that operator's identity is credible.
Step S203, after the authentication verification sign indicating number passed through, authorization token generated authorization code according to challenge code that receives and authorization code generating algorithm;
Step S204, tokens is verified the authorization code that receives according to challenge code that receives and authorization code generating algorithm;
Particularly, tokens is calculated the authority checking sign indicating number according to challenge code that receives and authorization code generating algorithm; Judge whether the authority checking sign indicating number is identical with the authorization code that receives; If identical, verify that then authorization code passes through.
Step S205, after the checking authorization code passed through, tokens generated dynamic password according to challenge code and dynamic password generating algorithm.
Before authorizing, carry out the checking of tokens, guaranteed the correctness of authorization object, improved the fail safe of transaction.
The another aspect of present embodiment provides a kind of authorization token 30, and referring to Fig. 6, this authorization token comprises:
Memory module 301 is used to store authorization code generating algorithm and authentication code generating algorithm;
Receiver module 302 is used to receive challenge code and authentication code;
Authentication module 303, the authentication code that the authentication code generating algorithm checking receiver module 302 of challenge code that is used for receiving according to receiver module 302 and memory module 301 storages receives;
Authorization code generation module 304 is used for after authentication module 303 authentication verification sign indicating numbers pass through, and the challenge code and the memory module 301 stored authorized sign indicating number generating algorithms that receive according to receiver module 302 generate authorization code.
Before authorizing, carry out authorization token tokens is verified, guaranteed the correctness of authorization object, improved the fail safe of transaction.
The another aspect of present embodiment provides a kind of tokens 40, and referring to Fig. 7, this tokens comprises:
Memory module 401 is used to store authorization code generating algorithm, dynamic password generating algorithm and authentication code generating algorithm;
Receiver module 402 is used to receive challenge code and authorization code;
Authentication code generation module 403, the authentication code generating algorithm of challenge code that is used for receiving according to receiver module 402 and memory module 401 storages generates authentication code;
Authentication module 404, the challenge code and the memory module 401 stored authorized sign indicating number generating algorithms that are used for receiving according to receiver module 402 are verified the authorization code that receiver module 402 receives;
Dynamic password generation module 405 is used for after authentication module 404 checking authorization codes pass through, according to the dynamic password generating algorithm generation dynamic password of challenge code and memory module 401 storages.
Tokens generates authentication code, so that authorization token verifies tokens, has guaranteed the correctness of authorization object, has improved the fail safe of transaction.
The another aspect of present embodiment provides a kind of dynamic password token remote authorization system, and referring to Fig. 8, this system comprises: above-mentioned authorization token 30 and above-mentioned tokens 40.
The dynamic password token remote-authorization method and the system that are provided by the foregoing description can find out; Adopt authorization token that tokens is authorized, can guarantee that the tokens custodian can not carry out electronic transaction or the operation of transferring accounts privately, simultaneously; When carrying out electronic transaction; The authorization token holder can satisfy the demand of remote authorization token not at the scene, thereby has improved the fail safe and the convenience of enterprise's electronic transaction.
In addition, authorization token needed the identity of authentication verification sign indicating number with the verification operation token, thereby has improved the fail safe of electronic transaction more before generating authorization code.
Wherein, authentication code generating algorithm, authorization code generating algorithm and dynamic password generating algorithm all can adopt any following algorithm to calculate:
(1) AES: DES, 3DES or AES;
(2) MAC algorithm:
Symmetry MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, can also adopt other standard compliant algorithms, perhaps adopt other algorithms of international or national regulation.
Embodiment 3
Present embodiment is with the difference of implementing 1, when the authorization code generating algorithm is identical with the dynamic password generating algorithm, is each authorization token setting identification, and authorization token generates authorization code according to authorization token sign, the challenge code that receives and authorization code generating algorithm; The authorization code that tokens receives according to authorization token sign, the challenge code that receives and the checking of authorization code generating algorithm.
Fig. 9 has shown the flow chart of another dynamic password token remote-authorization method, and referring to Fig. 9, dynamic password token remote-authorization method of the present invention comprises:
Step S301, authorization token generates authorization code according to authorization token sign, the challenge code that receives and authorization code generating algorithm;
Wherein, the authorization token sign is used for the identity of authorization token is identified, to guarantee its correctness and uniqueness.
Step S302, the authorization code that tokens receives according to authorization token sign, the challenge code that receives and the checking of authorization code generating algorithm;
Particularly, tokens is calculated the authority checking sign indicating number according to authorization token sign, the challenge code that receives and authorization code generating algorithm; Judge whether the authority checking sign indicating number is identical with the authorization code that receives; If identical, verify that then authorization code passes through.
Step S303, after checking was passed through, tokens generated dynamic password according to challenge code and dynamic password generating algorithm.
The another aspect of present embodiment provides a kind of authorization token 50, and referring to Figure 10, this authorization token comprises:
Memory module 501 is used to store authorization code generating algorithm and authorization token sign;
Receiver module 502 is used to receive challenge code;
Authorization code generation module 503, the challenge code and memory module 501 stored authorized tokens sign, the authorization code generating algorithm that are used for receiving according to receiver module 502 generate authorization code.
The another aspect of present embodiment provides a kind of tokens 60, and referring to Figure 11, this tokens comprises:
Memory module 601 is used to store authorization code generating algorithm, dynamic password generating algorithm and authorization token sign;
Receiver module 602 is used to receive challenge code and authorization code;
Authentication module 603, the challenge code and the memory module 601 stored authorized tokens sign that are used at least receiving according to receiver module 602 are verified the authorization code that receives that receiver module 602 receives with the authorization code generating algorithm;
Dynamic password generation module 604 is used for after authentication module 603 checking is passed through, the challenge code that receives according to receiver module 602 and the dynamic password generating algorithm generation dynamic password of memory module 601 storages.
The another aspect of present embodiment provides a kind of dynamic password token remote authorization system, and referring to Figure 12, this system comprises: above-mentioned authorization token 50 and above-mentioned tokens 60.
The dynamic password token remote-authorization method and the system that are provided by the foregoing description can find out; Adopt authorization token that tokens is authorized, can guarantee that the tokens custodian can not carry out electronic transaction or the operation of transferring accounts privately, simultaneously; When carrying out electronic transaction; The authorization token holder can satisfy the demand of remote authorization token not at the scene, thereby has improved the fail safe and the convenience of enterprise's electronic transaction.
In addition; When authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, can guarantee that the authorization code that generates is different with the generation dynamic password through the authorization token sign, both guaranteed checking to authorization code; Also guaranteed the safety of transaction; Simultaneously, when authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, can reduce the taking of space of storage algorithm.
Above-described authorization code generating algorithm and dynamic password generating algorithm all can adopt any following algorithm to calculate:
(1) AES: DES, 3DES or AES;
(2) MAC algorithm:
Symmetry MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, can also adopt other standard compliant algorithms, perhaps adopt other algorithms of international or national regulation.
Embodiment 4
Present embodiment is with the difference of implementing 2, when the authorization code generating algorithm is identical with the dynamic password generating algorithm, is each authorization token setting identification, and authorization token generates authorization code according to authorization token sign, the challenge code that receives and authorization code generating algorithm; The authorization code that tokens receives according to authorization token sign, the challenge code that receives and the checking of authorization code generating algorithm.
Figure 13 has shown the flow chart of another dynamic password token remote-authorization method, and referring to Figure 13, dynamic password token remote-authorization method of the present invention comprises:
Step S401, tokens receives challenge code, generates authentication code according to challenge code and authentication code generating algorithm;
Step S402, authorization token receives challenge code and authentication code, according to challenge code and authentication code generating algorithm authentication verification sign indicating number;
Particularly, authorization token calculates the authentication verification sign indicating number according to challenge code and authentication code generating algorithm; Judge whether the authentication verification sign indicating number is identical with authentication code; If identical, then the authentication verification sign indicating number passes through.
Step S403, after the authentication verification sign indicating number passed through, authorization token generated authorization code according to authorization token sign, the challenge code that receives and authorization code generating algorithm;
Wherein, the authorization token sign is used for the identity of authorization token is identified, to guarantee its correctness and uniqueness.
Step S404, the authorization code that tokens receives according to authorization token sign, the challenge code that receives and the checking of authorization code generating algorithm;
Particularly, tokens is calculated the authority checking sign indicating number according to authorization token sign, the challenge code that receives and authorization code generating algorithm; Judge whether the authority checking sign indicating number is identical with the authorization code that receives; If identical, verify that then authorization code passes through.
Step S405, after the checking authorization code passed through, tokens generated dynamic password according to challenge code and dynamic password generating algorithm.
The another aspect of present embodiment provides a kind of authorization token 70, and referring to Figure 14, this authorization token comprises:
Memory module 701 is used to store authorization code generating algorithm, authentication code generating algorithm and authorization token sign;
Receiver module 702 is used to receive challenge code and authentication code;
Authentication module 703, the authentication code that the authentication code generating algorithm checking receiver module 702 of challenge code that is used for receiving according to receiver module 702 and memory module 701 storages receives;
Authorization code generation module 704 is used for after authentication module 703 authentication verification sign indicating numbers pass through, and the challenge code generating algorithm that receives according to memory module 701 stored authorized tokens sign, authorization code generating algorithm and receiver module 702 generates authorization code.
The another aspect of present embodiment provides a kind of tokens 80, and referring to Figure 15, this tokens comprises:
Memory module 801 is used to store authorization code generating algorithm, dynamic password generating algorithm, authorization token sign and authentication code generating algorithm;
Receiver module 802 is used to receive challenge code and authorization code;
Authentication code generation module 803, the authentication code generating algorithm of challenge code that is used for receiving according to receiver module 802 and memory module 801 storages generates authentication code;
Authentication module 804, the challenge code and memory module 801 stored authorized tokens sign, the authorization code generating algorithm that are used for receiving according to receiver module 802 are verified the authorization code that receiver module 802 receives;
Dynamic password generation module 805 is used for after authentication module 804 checking authorization codes pass through, according to the dynamic password generating algorithm generation dynamic password of challenge code and memory module 801 storages.
The another aspect of present embodiment provides a kind of dynamic password token remote authorization system, and referring to Figure 16, this system comprises: above-mentioned authorization token 70 and above-mentioned tokens 80.
The dynamic password token remote-authorization method and the system that are provided by the foregoing description can find out; Adopt authorization token that tokens is authorized, can guarantee that the tokens custodian can not carry out electronic transaction or the operation of transferring accounts privately, simultaneously; When carrying out electronic transaction; The authorization token holder can satisfy the demand of remote authorization token not at the scene, thereby has improved the fail safe and the convenience of enterprise's electronic transaction.
In addition; When authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, can guarantee that the authorization code that generates is different with the generation dynamic password through the authorization token sign, both guaranteed checking to authorization code; Also guaranteed the safety of transaction; Simultaneously, when authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, can reduce the taking of space of storage algorithm.
Above-described authentication code generating algorithm, authorization code generating algorithm and dynamic password generating algorithm all can adopt any following algorithm to calculate:
(1) AES: DES, 3DES or AES;
(2) MAC algorithm:
Symmetry MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, can also adopt other standard compliant algorithms, perhaps adopt other algorithms of international or national regulation.
Embodiment 5
Present embodiment provides another dynamic password token remote-authorization method and system; Referring to Figure 17; Wherein authorization token can be two; First authorization token 70 and second authorization token 90, after the authorization code that tokens 80 needs the whole authorization token of checking to generate all passed through, tokens just generated dynamic password according to challenge code and dynamic password generating algorithm.
In addition; When authorization token is two; The authorization code generating algorithm of different authorisation token can be identical; Authorization token generates the different authorisation sign indicating number respectively according to the challenge code that its authorization token separately identifies, receives, and after tokens need verify that the authorization code of whole authorization token generations all passes through, tokens just generated dynamic password according to challenge code and dynamic password generating algorithm.
Authorization token can be for more than two in native system, and its authorization method can be released from above narration, no longer superfluous here chatting.
The dynamic password token remote-authorization method and the system that adopt embodiment 5 to provide can be authorized tokens by a plurality of authorization token simultaneously, thereby have further improved the fail safe of electronic transaction.
Describe and to be understood that in the flow chart or in this any process otherwise described or method; Expression comprises module, fragment or the part of code of the executable instruction of the step that one or more is used to realize specific logical function or process; And the scope of preferred implementation of the present invention comprises other realization; Wherein can be not according to order shown or that discuss; Comprise according to related function and to carry out function by the mode of basic while or by opposite order, this should be understood by the embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can use hardware, software, firmware or their combination to realize.In the above-described embodiment, a plurality of steps or method can realize with being stored in the memory and by software or firmware that suitable instruction execution system is carried out.For example; If realize with hardware; The same in another embodiment, each in the available following technology well known in the art or their combination realize: have the discrete logic that is used for data-signal is realized the logic gates of logic function, have the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit; Programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that and realize that all or part of step that the foregoing description method is carried is to instruct relevant hardware to accomplish through program; Described program can be stored in a kind of computer-readable recording medium; This program comprises one of step or its combination of method embodiment when carrying out.
In addition, each functional unit in each embodiment of the present invention can be integrated in the processing module, also can be that the independent physics in each unit exists, and also can be integrated in the module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, also can adopt the form of software function module to realize.If said integrated module realizes with the form of software function module and during as independently production marketing or use, also can be stored in the computer read/write memory medium.
The above-mentioned storage medium of mentioning can be a read-only memory, disk or CD etc.
In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means the concrete characteristic, structure, material or the characteristics that combine this embodiment or example to describe and is contained at least one embodiment of the present invention or the example.In this manual, the schematic statement to above-mentioned term not necessarily refers to identical embodiment or example.And concrete characteristic, structure, material or the characteristics of description can combine with suitable manner in any one or more embodiment or example.
Although illustrated and described embodiments of the invention above; It is understandable that; The foregoing description is exemplary; Can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change the foregoing description under the situation that does not break away from principle of the present invention and aim within the scope of the invention, modification, replacement and modification.Scope of the present invention extremely is equal to accompanying claims and limits.