CN102843237A - Authorization token, operation token, and method and system for remotely authorizing dynamic password token - Google Patents
Authorization token, operation token, and method and system for remotely authorizing dynamic password token Download PDFInfo
- Publication number
- CN102843237A CN102843237A CN2012103402182A CN201210340218A CN102843237A CN 102843237 A CN102843237 A CN 102843237A CN 2012103402182 A CN2012103402182 A CN 2012103402182A CN 201210340218 A CN201210340218 A CN 201210340218A CN 102843237 A CN102843237 A CN 102843237A
- Authority
- CN
- China
- Prior art keywords
- code
- authorization
- algorithm
- token
- receives
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention relates to an authorization token, an operation token, and a method and a system for remotely authorizing a dynamic password token. The method comprises the following steps that: a first authorization token generates a first authorization code at least according to the received challenge code and a first algorithm; the operation token verifies the received first authorization code at least according to the received challenge code and the first algorithm; and after verification is passed, the operation token generates a dynamic password according to the challenge code and a second algorithm. At least one authorization token authorizes the operation token so as to ensure that an operation token keeper cannot perform electronic transaction or bank transfer privately; when the electronic transaction is performed, an authorization token holder can be absent, so the requirement of remotely authorizing the tokens can be met and the safety and the convenience of electronic transaction of enterprises are improved.
Description
Technical field
The present invention relates to a kind of electronic technology field, relate in particular to a kind of tokens, authorization token, dynamic password board remote-authorization method and system.
Background technology
At present, in order to ensure the fail safe of bank transaction and online trading information, need carry out authentication to user identity usually.Dynamic password token must get more and more in applications such as bank transaction, online transactions as a kind of method of authentication.Dynamic password is called one-time password (OTP, One Time Password) again, according to the difference of generating mode, can dynamic password further be divided into time-based dynamic password and based on the dynamic password of challenge-response.
Mode commonly used at present is the dynamic password based on challenge-response.Token is preserved identical algorithm with the bank certificate server, and when needs carried out authentication to the user, certificate server sent a challenge code to the user, after the user obtains this challenge code, was entered in the token; Token utilizes algorithm and challenge code to produce dynamic password, and is shown to the user; After the user is known dynamic password, be entered in the transaction terminal, transaction terminal sends to bank's certificate server with dynamic password and carries out authentication.
But no matter be personal user or enterprise customer at present, the dynamic password token of corresponding account all has only one, and therefore, there is following problem at least in existing enterprise dynamic password token:
(1) enterprise dynamic password token and token password are by same individual's keeping, the potential safety hazard that therefore exists this custodian privately corporation account to be transferred accounts.
(2) enterprise dynamic password token is unique and only by people keeping, when then each enterprise carried out electronic transaction, this custodian must be on the scene, otherwise can't accomplish transaction this time, brings great inconvenience to enterprise.
Summary of the invention
The present invention is intended to solve one of the problems referred to above at least.
Main purpose of the present invention is to provide a kind of method of remote authorization dynamic password board.
Another object of the present invention is to provide a kind of system of remote authorization dynamic password board.
Another purpose of the present invention is to provide a kind of authorization token.
Another purpose of the present invention is to provide a kind of tokens.
For achieving the above object, technical scheme of the present invention specifically is achieved in that
One aspect of the present invention provides a kind of dynamic password token remote-authorization method, and this method comprises: first authorization token generates first authorization code according to the challenge code and first algorithm that receive at least; Said first authorization code that said tokens receives according to the said challenge code that receives and said first proof of algorithm at least; After checking was passed through, said tokens generated dynamic password according to the said challenge code and second algorithm.
In addition, said authorization token generates before the step of authorization code according to the challenge code that receives and first algorithm at least, and this method also comprises: tokens receives said challenge code, generates authentication code according to said challenge code and algorithm; Authorization token receives said challenge code and said authentication code, verifies said authentication code according to said challenge code and said algorithm; After the authentication verification sign indicating number passes through, carry out authorization token generates authorization code at least according to the challenge code that receives and first algorithm step.
In addition, before the step of said tokens according to said challenge code and second algorithm generation dynamic password, this method also comprises: second authorization token generates second authorization code according to the challenge code and the 4th algorithm that receive at least; Said second authorization code that said tokens receives according to the said challenge code that receives and said the 4th proof of algorithm at least.
In addition, said checking is through comprising: verify that said first authorization code and said second authorization code all pass through.
In addition, the step of said first authorization code that receives according to the said challenge code that receives and said first proof of algorithm at least of said tokens comprises: said tokens is at least according to the said challenge code and said first algorithm computation, the first authority checking sign indicating number that receive; Judge whether the said first authority checking sign indicating number is identical with said first authorization code that receives; If identical, verify that then said first authorization code passes through.
In addition, said authorization token verifies that according to said challenge code and said algorithm the step of said authentication code comprises: said authorization token calculates the authentication verification sign indicating number according to said challenge code and said algorithm; Judge whether said authentication verification sign indicating number is identical with said authentication code; If identical, verify that then said authentication code passes through.
In addition, the step of said second authorization code that receives according to the said challenge code that receives and said the 4th proof of algorithm at least of said tokens comprises: said tokens is at least according to the said challenge code and said the 4th algorithm computation second authority checking sign indicating number that receive; Judge whether the said second authority checking sign indicating number is identical with said second authorization code; If identical, verify that then said second authorization code passes through.
When in addition, said first algorithm was identical with said second algorithm: said first authorization token generated first authorization code according to the challenge code and first algorithm that first authorization token identifies, receives at least; Said first authorization code that said tokens receives according to first authorization token sign, the said challenge code that receives and said first proof of algorithm at least.
In addition; When said first algorithm is identical with said the 4th algorithm, or said first algorithm, said second algorithm and said the 4th algorithm homogeneous phase are simultaneously: said first authorization token generates first authorization code according to the challenge code and first algorithm that first authorization token identifies, receives at least; Said first authorization code that said tokens receives according to first authorization token sign, the said challenge code that receives and said first proof of algorithm at least; Said second authorization token generates second authorization code according to challenge code and the 4th algorithm that second authorization token identifies, receives at least; Said second authorization code that said tokens receives according to second authorization token sign, the said challenge code that receives and said the 4th proof of algorithm at least.
In addition, the step of said first authorization code that receives according to first authorization token sign, the said challenge code that receives and said first proof of algorithm at least of said tokens comprises: said tokens is at least according to said first authorization token sign, the said challenge code and said first algorithm computation, the first authority checking sign indicating number that receive; Judge whether the said first authority checking sign indicating number is identical with said first authorization code that receives; If identical, verify that then said first authorization code passes through.
In addition, the step of said second authorization code that receives according to said second authorization token sign, the said challenge code that receives and said the 4th proof of algorithm at least of said tokens comprises: said tokens is at least according to said second authorization token sign, the said challenge code and said the 4th algorithm computation second authority checking sign indicating number that receive; Judge whether the said second authority checking sign indicating number is identical with said second authorization code; If identical, verify that then said second authorization code passes through.
Another aspect of the invention provides a kind of authorization token, and this authorization token comprises: memory module is used to store the authorization code generating algorithm; Receiver module is used to receive challenge code; The authorization code generation module, the said challenge code that is used at least receiving according to said receiver module and the said authorization code generating algorithm of said memory module storage generate authorization code.
In addition, said memory module is authentication storage sign indicating number generating algorithm also, and said receiver module also receives authentication code; Said authorization token also comprises: authentication module, the said authentication code generating algorithm of said challenge code that is used for receiving according to said receiver module and the storage of said memory module is verified the said authentication code that said receiver module receives.
In addition, said memory module is also stored the authorization token sign; The authorization code generation module, the said challenge code that is used for receiving according to said memory module stored authorized token sign, said authorization code generating algorithm and said receiver module at least generates authorization code.
Another aspect of the invention provides a kind of tokens, and this tokens comprises: memory module is used to store authorization code generating algorithm and dynamic password generating algorithm; Receiver module is used to receive challenge code and authorization code; Authentication module, the said challenge code that is used at least receiving according to said receiver module and the said authorization code generating algorithm of said memory module storage are verified the said authorization code that said receiver module receives; The dynamic password generation module is used for after the checking of said authentication module is passed through, and the said challenge code that receives according to said receiver module and the said dynamic password generating algorithm of said memory module storage generate dynamic password.
In addition, said memory module authentication storage sign indicating number generating algorithm also; Said tokens also comprises: the authentication code generation module, the said authentication code generating algorithm of said challenge code that is used for receiving according to said receiver module and the storage of said memory module generates authentication code.
In addition, said memory module is also stored the authorization token sign, and said receiver module also receives said authorization code; Said authentication module, the said challenge code that is used for receiving according to said memory module stored authorized token sign, said authorization code generating algorithm and said receiver module is at least verified the said authorization code that said receiver module receives.
Another aspect of the invention provides a kind of dynamic password token remote authorization system, and this system comprises: above-mentioned tokens, and at least one above-mentioned authorization token.
In addition, said authorization token is at least two, and after said tokens verified that the authorization code of whole authorization token generations all passes through, said tokens generated dynamic password according to challenge code and dynamic password generating algorithm.
Technical scheme by the invention described above provides can be found out; The invention provides a kind of authorization token, tokens, dynamic password token remote-authorization method and system; Can adopt at least one authorization token that tokens is authorized, can guarantee that the tokens custodian can not carry out electronic transaction or the operation of transferring accounts privately, simultaneously; When carrying out electronic transaction; The authorization token holder can satisfy the demand of remote authorization token not at the scene, thereby has improved the fail safe and the convenience of enterprise's electronic transaction.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the invention; The accompanying drawing of required use is done to introduce simply in will describing embodiment below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skill in the art; Under the prerequisite of not paying creative work, can also obtain other accompanying drawings according to these accompanying drawings.
The flow chart of the dynamic password token remote-authorization method that Fig. 1 provides for the embodiment of the invention 1;
The authorization token structural representation that Fig. 2 provides for the embodiment of the invention 1;
The tokens structural representation that Fig. 3 provides for the embodiment of the invention 1;
The dynamic password token remote authorization system configuration sketch map that Fig. 4 provides for the embodiment of the invention 1;
The flow chart of another dynamic password token remote-authorization method that Fig. 5 provides for the embodiment of the invention 2;
The authorization token structural representation that Fig. 6 provides for the embodiment of the invention 2;
The tokens structural representation that Fig. 7 provides for the embodiment of the invention 2;
The dynamic password token remote authorization system configuration sketch map that Fig. 8 provides for the embodiment of the invention 2;
The flow chart of another dynamic password token remote-authorization method that Fig. 9 provides for the embodiment of the invention 3;
The authorization token structural representation that Figure 10 provides for the embodiment of the invention 3;
The tokens structural representation that Figure 11 provides for the embodiment of the invention 3;
The dynamic password token remote authorization system configuration sketch map that Figure 12 provides for the embodiment of the invention 3;
The flow chart of another dynamic password token remote-authorization method that Figure 13 provides for the embodiment of the invention 4;
The authorization token structural representation that Figure 14 provides for the embodiment of the invention 4;
The tokens structural representation that Figure 15 provides for the embodiment of the invention 4;
The dynamic password token remote authorization system configuration sketch map that Figure 16 provides for the embodiment of the invention 4;
The dynamic password token remote authorization system configuration sketch map that Figure 17 provides for the embodiment of the invention 5.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on embodiments of the invention, those of ordinary skills belong to protection scope of the present invention not making the every other embodiment that is obtained under the creative work prerequisite.
In description of the invention; It will be appreciated that; The orientation of indications such as term " " center ", " vertically ", " laterally ", " on ", D score, " preceding ", " back ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", " outward " or position relation are for based on orientation shown in the drawings or position relation; only be to describe with simplifying for the ease of describing the present invention; rather than the device or the element of indication or hint indication must have specific orientation, with specific azimuth configuration and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " only are used to describe purpose, and can not be interpreted as indication or hint relative importance or quantity or position.
In description of the invention, need to prove that only if clear and definite regulation and qualification are arranged in addition, term " installation ", " linking to each other ", " connection " should be done broad understanding, for example, can be to be fixedly connected, also can be to removably connect, or connect integratedly; Can be mechanical connection, also can be to be electrically connected; Can be directly to link to each other, also can link to each other indirectly through intermediary, can be the connection of two element internals.For those of ordinary skill in the art, can concrete condition understand above-mentioned term concrete implication in the present invention.
To combine accompanying drawing that the embodiment of the invention is done to describe in detail further below.
Embodiment 1
Fig. 1 has shown the flow chart of dynamic password token remote-authorization method, and referring to Fig. 1, dynamic password token remote-authorization method of the present invention comprises:
Step S101, authorization token generates authorization code according to challenge code that receives and authorization code generating algorithm.
Concrete, the token that authorization token is held for the donor, tokens is the token that the operator of (or transferring accounts) holds of specifically concluding the business, tokens is used to generate dynamic password, concludes the business guaranteeing.
When the operator need be authorized to conclude the business; The operator informs the donor with the challenge code of this transaction; After the donor obtains challenge code; Challenge code is inputed in the authorization token, and perhaps tokens is sent to authorization token with the challenge code of this transaction through wired or wireless mode, and authorization token calculates authorized access code according to the challenge code that receives and its stored authorized sign indicating number generating algorithm.Wherein, challenge code can comprise Transaction Information, comprises following information at least: the number of the account and the amount of money, thus guarantee that the donor knows Transaction Information, so that authorize.
Step S102, tokens is verified the authorization code that receives according to challenge code that receives and authorization code generating algorithm.
Particularly; After the authorization token that the donor holds generates authorization code; The donor informs the operator with this authorization code; The operator inputs to challenge code and authorization code respectively in the tokens, and perhaps authorization token is sent to tokens with authorization code through wired or wireless mode, and tokens can be calculated the authority checking sign indicating number according to the challenge code that receives and its stored authorized sign indicating number generating algorithm; And the authority checking sign indicating number that generates and the authorization code of input judged, judge whether the authority checking sign indicating number is identical with authorization code; If identical, verify that then authorization code passes through.Thus, the operator can verify the correctness of authorization code, and after guaranteeing that the checking authorization code passes through, the dynamic password systematic function of open operation token.
Step S103, after the checking authorization code passed through, tokens generated dynamic password according to challenge code and dynamic password generating algorithm.
Concrete, tokens is calculated according to the dynamic password generating algorithm of challenge code of importing among the step S102 and storage and is obtained dynamic password.Owing to need the challenge code of this transaction to be generated authorization code, and open the dynamic password systematic function after to the checking of authorization code, can guarantee to generate the only property of the challenge code of dynamic password, guaranteed the fail safe of transaction through tokens through authorization token.
The another aspect of present embodiment provides a kind of authorization token 10, and referring to Fig. 2, this authorization token comprises:
Memory module 101 is used to store the authorization code generating algorithm;
Receiver module 102 is used to receive challenge code;
Authorization code generation module 103, the challenge code and the memory module 101 stored authorized sign indicating number generating algorithms that are used for receiving according to receiver module 102 generate authorization code.
Thus, authorization token 10 can generate authorization code according to the challenge code that the operator informs, perhaps receives the challenge code generation authorization code that tokens is sent, to guarantee that being directed against this transaction authorizes.
The another aspect of present embodiment provides a kind of tokens 20, and referring to Fig. 3, this tokens comprises:
Memory module 201 is used to store authorization code generating algorithm and dynamic password generating algorithm;
Receiver module 202 is used to receive challenge code and authorization code;
Authentication module 203, the challenge code and the memory module 201 stored authorized sign indicating number generating algorithms that are used for receiving according to receiver module 202 are verified the authorization code that receiver module 202 receives;
Dynamic password generation module 204 is used for after authentication module 203 checking authorization codes pass through, the challenge code that receives according to receiver module 202 and the dynamic password generating algorithm generation dynamic password of memory module 201 storages.
Thus, tokens 20 can verify the authorization code of this transaction, and opens the dynamic password systematic function of this transaction, can only calculate the generation dynamic password to the challenge code of this transaction to guarantee each transaction, guaranteed the fail safe of transaction.
The another aspect of present embodiment provides a kind of dynamic password token remote authorization system, and referring to Fig. 4, this system comprises: above-mentioned authorization token 10 and above-mentioned tokens 20.
The dynamic password token remote-authorization method and the system that are provided by the foregoing description can find out; Adopt authorization token that tokens is authorized, can guarantee that the tokens custodian can not carry out electronic transaction or the operation of transferring accounts privately, simultaneously; When carrying out electronic transaction; The authorization token holder can satisfy the demand of remote authorization token not at the scene, thereby has improved the fail safe and the convenience of enterprise's electronic transaction.
Further, guaranteed and can only the challenge code of this transaction have been generated dynamic password, guaranteed the fail safe of transaction.
Above-described authorization code generating algorithm and dynamic password generating algorithm all can adopt any following algorithm to calculate:
(1) AES: DES, 3DES or AES;
(2) MAC algorithm:
Symmetry MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, can also adopt other standard compliant algorithms, perhaps adopt other algorithms of international or national regulation.
Embodiment 2
Present embodiment is that with the difference of implementing 1 before authorization token was according to challenge code that receives and authorization code generating algorithm generation authorization code, authorization token was earlier according to challenge code and authentication code generating algorithm authentication verification sign indicating number, thus the identity of verification operation token.
Fig. 5 has shown the flow chart of another dynamic password token remote-authorization method, and referring to Fig. 5, dynamic password token remote-authorization method of the present invention comprises:
Step S201, tokens receives challenge code, generates authentication code according to challenge code and authentication code generating algorithm.
Concrete; The operator inputs to the challenge code of this transaction in the tokens; Tokens generates authentication code according to challenge code and authentication code generating algorithm, and the operator informs the donor with authentication code and challenge code, so that the donor inputs to authentication code and challenge code in the authorization token; Perhaps tokens is sent to authorization token with authentication code and challenge code.
Step S202, authorization token receives challenge code and authentication code, according to challenge code and authentication code generating algorithm authentication verification sign indicating number.
Particularly, the donor inputs to authentication code and the challenge code that the operator informs respectively in the authorization token, and perhaps authorization token receives authentication code and the challenge code that tokens is sent, and authorization token calculates the authentication verification sign indicating number according to challenge code and authentication code generating algorithm; And the authentication verification sign indicating number that generates and the authentication code of input judged, judge whether the authentication verification sign indicating number is identical with authentication code; If identical, then the authentication verification sign indicating number passes through.Thus, the correctness that authorization token can the authentication verification sign indicating number guarantees that operator's identity is credible.
Step S203, after the authentication verification sign indicating number passed through, authorization token generated authorization code according to challenge code that receives and authorization code generating algorithm;
Step S204, tokens is verified the authorization code that receives according to challenge code that receives and authorization code generating algorithm;
Particularly, tokens is calculated the authority checking sign indicating number according to challenge code that receives and authorization code generating algorithm; Judge whether the authority checking sign indicating number is identical with the authorization code that receives; If identical, verify that then authorization code passes through.
Step S205, after the checking authorization code passed through, tokens generated dynamic password according to challenge code and dynamic password generating algorithm.
Before authorizing, carry out the checking of tokens, guaranteed the correctness of authorization object, improved the fail safe of transaction.
The another aspect of present embodiment provides a kind of authorization token 30, and referring to Fig. 6, this authorization token comprises:
Memory module 301 is used to store authorization code generating algorithm and authentication code generating algorithm;
Receiver module 302 is used to receive challenge code and authentication code;
Authentication module 303, the authentication code that the authentication code generating algorithm checking receiver module 302 of challenge code that is used for receiving according to receiver module 302 and memory module 301 storages receives;
Authorization code generation module 304 is used for after authentication module 303 authentication verification sign indicating numbers pass through, and the challenge code and the memory module 301 stored authorized sign indicating number generating algorithms that receive according to receiver module 302 generate authorization code.
Before authorizing, carry out authorization token tokens is verified, guaranteed the correctness of authorization object, improved the fail safe of transaction.
The another aspect of present embodiment provides a kind of tokens 40, and referring to Fig. 7, this tokens comprises:
Memory module 401 is used to store authorization code generating algorithm, dynamic password generating algorithm and authentication code generating algorithm;
Receiver module 402 is used to receive challenge code and authorization code;
Authentication code generation module 403, the authentication code generating algorithm of challenge code that is used for receiving according to receiver module 402 and memory module 401 storages generates authentication code;
Authentication module 404, the challenge code and the memory module 401 stored authorized sign indicating number generating algorithms that are used for receiving according to receiver module 402 are verified the authorization code that receiver module 402 receives;
Dynamic password generation module 405 is used for after authentication module 404 checking authorization codes pass through, according to the dynamic password generating algorithm generation dynamic password of challenge code and memory module 401 storages.
Tokens generates authentication code, so that authorization token verifies tokens, has guaranteed the correctness of authorization object, has improved the fail safe of transaction.
The another aspect of present embodiment provides a kind of dynamic password token remote authorization system, and referring to Fig. 8, this system comprises: above-mentioned authorization token 30 and above-mentioned tokens 40.
The dynamic password token remote-authorization method and the system that are provided by the foregoing description can find out; Adopt authorization token that tokens is authorized, can guarantee that the tokens custodian can not carry out electronic transaction or the operation of transferring accounts privately, simultaneously; When carrying out electronic transaction; The authorization token holder can satisfy the demand of remote authorization token not at the scene, thereby has improved the fail safe and the convenience of enterprise's electronic transaction.
In addition, authorization token needed the identity of authentication verification sign indicating number with the verification operation token, thereby has improved the fail safe of electronic transaction more before generating authorization code.
Wherein, authentication code generating algorithm, authorization code generating algorithm and dynamic password generating algorithm all can adopt any following algorithm to calculate:
(1) AES: DES, 3DES or AES;
(2) MAC algorithm:
Symmetry MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, can also adopt other standard compliant algorithms, perhaps adopt other algorithms of international or national regulation.
Embodiment 3
Present embodiment is with the difference of implementing 1, when the authorization code generating algorithm is identical with the dynamic password generating algorithm, is each authorization token setting identification, and authorization token generates authorization code according to authorization token sign, the challenge code that receives and authorization code generating algorithm; The authorization code that tokens receives according to authorization token sign, the challenge code that receives and the checking of authorization code generating algorithm.
Fig. 9 has shown the flow chart of another dynamic password token remote-authorization method, and referring to Fig. 9, dynamic password token remote-authorization method of the present invention comprises:
Step S301, authorization token generates authorization code according to authorization token sign, the challenge code that receives and authorization code generating algorithm;
Wherein, the authorization token sign is used for the identity of authorization token is identified, to guarantee its correctness and uniqueness.
Step S302, the authorization code that tokens receives according to authorization token sign, the challenge code that receives and the checking of authorization code generating algorithm;
Particularly, tokens is calculated the authority checking sign indicating number according to authorization token sign, the challenge code that receives and authorization code generating algorithm; Judge whether the authority checking sign indicating number is identical with the authorization code that receives; If identical, verify that then authorization code passes through.
Step S303, after checking was passed through, tokens generated dynamic password according to challenge code and dynamic password generating algorithm.
The another aspect of present embodiment provides a kind of authorization token 50, and referring to Figure 10, this authorization token comprises:
Memory module 501 is used to store authorization code generating algorithm and authorization token sign;
Receiver module 502 is used to receive challenge code;
Authorization code generation module 503, the challenge code and memory module 501 stored authorized tokens sign, the authorization code generating algorithm that are used for receiving according to receiver module 502 generate authorization code.
The another aspect of present embodiment provides a kind of tokens 60, and referring to Figure 11, this tokens comprises:
Memory module 601 is used to store authorization code generating algorithm, dynamic password generating algorithm and authorization token sign;
Receiver module 602 is used to receive challenge code and authorization code;
Authentication module 603, the challenge code and the memory module 601 stored authorized tokens sign that are used at least receiving according to receiver module 602 are verified the authorization code that receives that receiver module 602 receives with the authorization code generating algorithm;
Dynamic password generation module 604 is used for after authentication module 603 checking is passed through, the challenge code that receives according to receiver module 602 and the dynamic password generating algorithm generation dynamic password of memory module 601 storages.
The another aspect of present embodiment provides a kind of dynamic password token remote authorization system, and referring to Figure 12, this system comprises: above-mentioned authorization token 50 and above-mentioned tokens 60.
The dynamic password token remote-authorization method and the system that are provided by the foregoing description can find out; Adopt authorization token that tokens is authorized, can guarantee that the tokens custodian can not carry out electronic transaction or the operation of transferring accounts privately, simultaneously; When carrying out electronic transaction; The authorization token holder can satisfy the demand of remote authorization token not at the scene, thereby has improved the fail safe and the convenience of enterprise's electronic transaction.
In addition; When authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, can guarantee that the authorization code that generates is different with the generation dynamic password through the authorization token sign, both guaranteed checking to authorization code; Also guaranteed the safety of transaction; Simultaneously, when authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, can reduce the taking of space of storage algorithm.
Above-described authorization code generating algorithm and dynamic password generating algorithm all can adopt any following algorithm to calculate:
(1) AES: DES, 3DES or AES;
(2) MAC algorithm:
Symmetry MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, can also adopt other standard compliant algorithms, perhaps adopt other algorithms of international or national regulation.
Embodiment 4
Present embodiment is with the difference of implementing 2, when the authorization code generating algorithm is identical with the dynamic password generating algorithm, is each authorization token setting identification, and authorization token generates authorization code according to authorization token sign, the challenge code that receives and authorization code generating algorithm; The authorization code that tokens receives according to authorization token sign, the challenge code that receives and the checking of authorization code generating algorithm.
Figure 13 has shown the flow chart of another dynamic password token remote-authorization method, and referring to Figure 13, dynamic password token remote-authorization method of the present invention comprises:
Step S401, tokens receives challenge code, generates authentication code according to challenge code and authentication code generating algorithm;
Step S402, authorization token receives challenge code and authentication code, according to challenge code and authentication code generating algorithm authentication verification sign indicating number;
Particularly, authorization token calculates the authentication verification sign indicating number according to challenge code and authentication code generating algorithm; Judge whether the authentication verification sign indicating number is identical with authentication code; If identical, then the authentication verification sign indicating number passes through.
Step S403, after the authentication verification sign indicating number passed through, authorization token generated authorization code according to authorization token sign, the challenge code that receives and authorization code generating algorithm;
Wherein, the authorization token sign is used for the identity of authorization token is identified, to guarantee its correctness and uniqueness.
Step S404, the authorization code that tokens receives according to authorization token sign, the challenge code that receives and the checking of authorization code generating algorithm;
Particularly, tokens is calculated the authority checking sign indicating number according to authorization token sign, the challenge code that receives and authorization code generating algorithm; Judge whether the authority checking sign indicating number is identical with the authorization code that receives; If identical, verify that then authorization code passes through.
Step S405, after the checking authorization code passed through, tokens generated dynamic password according to challenge code and dynamic password generating algorithm.
The another aspect of present embodiment provides a kind of authorization token 70, and referring to Figure 14, this authorization token comprises:
Memory module 701 is used to store authorization code generating algorithm, authentication code generating algorithm and authorization token sign;
Receiver module 702 is used to receive challenge code and authentication code;
Authentication module 703, the authentication code that the authentication code generating algorithm checking receiver module 702 of challenge code that is used for receiving according to receiver module 702 and memory module 701 storages receives;
Authorization code generation module 704 is used for after authentication module 703 authentication verification sign indicating numbers pass through, and the challenge code generating algorithm that receives according to memory module 701 stored authorized tokens sign, authorization code generating algorithm and receiver module 702 generates authorization code.
The another aspect of present embodiment provides a kind of tokens 80, and referring to Figure 15, this tokens comprises:
Memory module 801 is used to store authorization code generating algorithm, dynamic password generating algorithm, authorization token sign and authentication code generating algorithm;
Receiver module 802 is used to receive challenge code and authorization code;
Authentication code generation module 803, the authentication code generating algorithm of challenge code that is used for receiving according to receiver module 802 and memory module 801 storages generates authentication code;
Authentication module 804, the challenge code and memory module 801 stored authorized tokens sign, the authorization code generating algorithm that are used for receiving according to receiver module 802 are verified the authorization code that receiver module 802 receives;
Dynamic password generation module 805 is used for after authentication module 804 checking authorization codes pass through, according to the dynamic password generating algorithm generation dynamic password of challenge code and memory module 801 storages.
The another aspect of present embodiment provides a kind of dynamic password token remote authorization system, and referring to Figure 16, this system comprises: above-mentioned authorization token 70 and above-mentioned tokens 80.
The dynamic password token remote-authorization method and the system that are provided by the foregoing description can find out; Adopt authorization token that tokens is authorized, can guarantee that the tokens custodian can not carry out electronic transaction or the operation of transferring accounts privately, simultaneously; When carrying out electronic transaction; The authorization token holder can satisfy the demand of remote authorization token not at the scene, thereby has improved the fail safe and the convenience of enterprise's electronic transaction.
In addition; When authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, can guarantee that the authorization code that generates is different with the generation dynamic password through the authorization token sign, both guaranteed checking to authorization code; Also guaranteed the safety of transaction; Simultaneously, when authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, can reduce the taking of space of storage algorithm.
Above-described authentication code generating algorithm, authorization code generating algorithm and dynamic password generating algorithm all can adopt any following algorithm to calculate:
(1) AES: DES, 3DES or AES;
(2) MAC algorithm:
Symmetry MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, can also adopt other standard compliant algorithms, perhaps adopt other algorithms of international or national regulation.
Embodiment 5
Present embodiment provides another dynamic password token remote-authorization method and system; Referring to Figure 17; Wherein authorization token can be two; First authorization token 70 and second authorization token 90, after the authorization code that tokens 80 needs the whole authorization token of checking to generate all passed through, tokens just generated dynamic password according to challenge code and dynamic password generating algorithm.
In addition; When authorization token is two; The authorization code generating algorithm of different authorisation token can be identical; Authorization token generates the different authorisation sign indicating number respectively according to the challenge code that its authorization token separately identifies, receives, and after tokens need verify that the authorization code of whole authorization token generations all passes through, tokens just generated dynamic password according to challenge code and dynamic password generating algorithm.
Authorization token can be for more than two in native system, and its authorization method can be released from above narration, no longer superfluous here chatting.
The dynamic password token remote-authorization method and the system that adopt embodiment 5 to provide can be authorized tokens by a plurality of authorization token simultaneously, thereby have further improved the fail safe of electronic transaction.
Describe and to be understood that in the flow chart or in this any process otherwise described or method; Expression comprises module, fragment or the part of code of the executable instruction of the step that one or more is used to realize specific logical function or process; And the scope of preferred implementation of the present invention comprises other realization; Wherein can be not according to order shown or that discuss; Comprise according to related function and to carry out function by the mode of basic while or by opposite order, this should be understood by the embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can use hardware, software, firmware or their combination to realize.In the above-described embodiment, a plurality of steps or method can realize with being stored in the memory and by software or firmware that suitable instruction execution system is carried out.For example; If realize with hardware; The same in another embodiment, each in the available following technology well known in the art or their combination realize: have the discrete logic that is used for data-signal is realized the logic gates of logic function, have the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit; Programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that and realize that all or part of step that the foregoing description method is carried is to instruct relevant hardware to accomplish through program; Described program can be stored in a kind of computer-readable recording medium; This program comprises one of step or its combination of method embodiment when carrying out.
In addition, each functional unit in each embodiment of the present invention can be integrated in the processing module, also can be that the independent physics in each unit exists, and also can be integrated in the module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, also can adopt the form of software function module to realize.If said integrated module realizes with the form of software function module and during as independently production marketing or use, also can be stored in the computer read/write memory medium.
The above-mentioned storage medium of mentioning can be a read-only memory, disk or CD etc.
In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means the concrete characteristic, structure, material or the characteristics that combine this embodiment or example to describe and is contained at least one embodiment of the present invention or the example.In this manual, the schematic statement to above-mentioned term not necessarily refers to identical embodiment or example.And concrete characteristic, structure, material or the characteristics of description can combine with suitable manner in any one or more embodiment or example.
Although illustrated and described embodiments of the invention above; It is understandable that; The foregoing description is exemplary; Can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change the foregoing description under the situation that does not break away from principle of the present invention and aim within the scope of the invention, modification, replacement and modification.Scope of the present invention extremely is equal to accompanying claims and limits.
Claims (19)
1. a dynamic password token remote-authorization method is characterized in that, this method comprises:
First authorization token generates first authorization code according to the challenge code and first algorithm that receive at least;
Said first authorization code that said tokens receives according to the said challenge code that receives and said first proof of algorithm at least;
After checking was passed through, said tokens generated dynamic password according to the said challenge code and second algorithm.
2. method according to claim 1 is characterized in that, said authorization token generates before the step of authorization code according to the challenge code that receives and first algorithm at least, and this method also comprises:
Tokens receives said challenge code, generates authentication code according to said challenge code and algorithm;
Authorization token receives said challenge code and said authentication code, verifies said authentication code according to said challenge code and said algorithm;
After the authentication verification sign indicating number passes through, carry out authorization token generates authorization code at least according to the challenge code that receives and first algorithm step.
3. method according to claim 1 and 2 is characterized in that, before the step of said tokens according to said challenge code and second algorithm generation dynamic password, this method comprises:
Second authorization token generates second authorization code according to the challenge code and the 4th algorithm that receive at least;
Said second authorization code that said tokens receives according to the said challenge code that receives and said the 4th proof of algorithm at least.
4. method according to claim 3 is characterized in that, said checking is through comprising:
Verify that said first authorization code and said second authorization code all pass through.
5. method according to claim 1 is characterized in that, the step of said first authorization code that said tokens receives according to the said challenge code that receives and said first proof of algorithm at least comprises:
Said tokens is at least according to the said challenge code and said first algorithm computation, the first authority checking sign indicating number that receive;
Judge whether the said first authority checking sign indicating number is identical with said first authorization code that receives;
If identical, verify that then said first authorization code passes through.
6. method according to claim 2 is characterized in that, said authorization token verifies that according to said challenge code and said algorithm the step of said authentication code comprises:
Said authorization token calculates the authentication verification sign indicating number according to said challenge code and said algorithm;
Judge whether said authentication verification sign indicating number is identical with said authentication code;
If identical, verify that then said authentication code passes through.
7. method according to claim 3 is characterized in that, the step of said second authorization code that said tokens receives according to the said challenge code that receives and said the 4th proof of algorithm at least comprises:
Said tokens is at least according to the said challenge code and said the 4th algorithm computation second authority checking sign indicating number that receive;
Judge whether the said second authority checking sign indicating number is identical with said second authorization code;
If identical, verify that then said second authorization code passes through.
8. method according to claim 1 is characterized in that, when said first algorithm is identical with said second algorithm:
Said first authorization token generates first authorization code according to the challenge code and first algorithm that first authorization token identifies, receives at least;
Said first authorization code that said tokens receives according to first authorization token sign, the said challenge code that receives and said first proof of algorithm at least.
9. method according to claim 4 is characterized in that, when said first algorithm is identical with said the 4th algorithm, or said first algorithm, said second algorithm and said the 4th algorithm homogeneous phase are simultaneously:
Said first authorization token generates first authorization code according to the challenge code and first algorithm that first authorization token identifies, receives at least;
Said first authorization code that said tokens receives according to first authorization token sign, the said challenge code that receives and said first proof of algorithm at least;
Said second authorization token generates second authorization code according to challenge code and the 4th algorithm that second authorization token identifies, receives at least;
Said second authorization code that said tokens receives according to second authorization token sign, the said challenge code that receives and said the 4th proof of algorithm at least.
10. according to Claim 8 or 9 described methods, it is characterized in that the step of said first authorization code that said tokens receives according to first authorization token sign, the said challenge code that receives and said first proof of algorithm at least comprises:
Said challenge code and said first algorithm computation, the first authority checking sign indicating number that said tokens identifies, receives according to said first authorization token at least;
Judge whether the said first authority checking sign indicating number is identical with said first authorization code that receives;
If identical, verify that then said first authorization code passes through.
11. according to Claim 8 or 9 described methods, it is characterized in that the step of said second authorization code that said tokens receives according to said second authorization token sign, the said challenge code that receives and said the 4th proof of algorithm at least comprises:
Said challenge code and said the 4th algorithm computation second authority checking sign indicating number that said tokens identifies, receives according to said second authorization token at least;
Judge whether the said second authority checking sign indicating number is identical with said second authorization code;
If identical, verify that then said second authorization code passes through.
12. an authorization token is characterized in that, this authorization token comprises:
Memory module is used to store the authorization code generating algorithm;
Receiver module is used to receive challenge code;
The authorization code generation module, the said challenge code that is used at least receiving according to said receiver module and the said authorization code generating algorithm of said memory module storage generate authorization code.
13. authorization token according to claim 12 is characterized in that, said memory module is authentication storage sign indicating number generating algorithm also, and said receiver module also receives authentication code;
Said authorization token also comprises: authentication module, the said authentication code generating algorithm of said challenge code that is used for receiving according to said receiver module and the storage of said memory module is verified the said authentication code that said receiver module receives.
14., it is characterized in that said memory module is also stored the authorization token sign according to claim 12 or 13 described authorization token;
The authorization code generation module, the said challenge code that is used for receiving according to said memory module stored authorized token sign, said authorization code generating algorithm and said receiver module at least generates authorization code.
15. a tokens is characterized in that, this tokens comprises:
Memory module is used to store authorization code generating algorithm and dynamic password generating algorithm;
Receiver module is used to receive challenge code and authorization code;
Authentication module, the said challenge code that is used at least receiving according to said receiver module and the said authorization code generating algorithm of said memory module storage are verified the said authorization code that said receiver module receives;
The dynamic password generation module is used for after the checking of said authentication module is passed through, and the said challenge code that receives according to said receiver module and the said dynamic password generating algorithm of said memory module storage generate dynamic password.
16. tokens according to claim 15 is characterized in that, said memory module is authentication storage sign indicating number generating algorithm also;
Said tokens also comprises: the authentication code generation module, the said authentication code generating algorithm of said challenge code that is used for receiving according to said receiver module and the storage of said memory module generates authentication code.
17., it is characterized in that said memory module is also stored the authorization token sign according to claim 15 or 16 described tokens;
Said authentication module, the said challenge code that is used for receiving according to said memory module stored authorized token sign, said authorization code generating algorithm and said receiver module is at least verified the said authorization code that said receiver module receives.
18. a dynamic password token remote authorization system is characterized in that this system comprises: like each described tokens of claim 15-17, and at least one is like each described authorization token of claim 12-14.
19. system according to claim 18; It is characterized in that; Said authorization token is at least two, and after said tokens verified that the authorization code of whole authorization token generations all passes through, said tokens generated dynamic password according to challenge code and dynamic password generating algorithm.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210340218.2A CN102843237B (en) | 2012-09-13 | 2012-09-13 | Authorization token, tokens, dynamic password token remote-authorization method and system |
| HK13106937.8A HK1179444A1 (en) | 2012-09-13 | 2013-06-11 | Remote authorization method and system for authorization token, operation token, and dynamic password token |
| PCT/CN2013/077239 WO2014040436A1 (en) | 2012-09-13 | 2013-06-14 | Authorization token, operation token, and method and system for remotely authorizing dynamic password token |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210340218.2A CN102843237B (en) | 2012-09-13 | 2012-09-13 | Authorization token, tokens, dynamic password token remote-authorization method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102843237A true CN102843237A (en) | 2012-12-26 |
| CN102843237B CN102843237B (en) | 2016-02-17 |
Family
ID=47370316
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210340218.2A Active CN102843237B (en) | 2012-09-13 | 2012-09-13 | Authorization token, tokens, dynamic password token remote-authorization method and system |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN102843237B (en) |
| HK (1) | HK1179444A1 (en) |
| WO (1) | WO2014040436A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014040436A1 (en) * | 2012-09-13 | 2014-03-20 | 天地融科技股份有限公司 | Authorization token, operation token, and method and system for remotely authorizing dynamic password token |
| CN106878007A (en) * | 2017-02-08 | 2017-06-20 | 飞天诚信科技股份有限公司 | A kind of authorization method and system |
| CN107392001A (en) * | 2016-09-09 | 2017-11-24 | 天地融科技股份有限公司 | A kind of authorization method, system and card |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110611598B (en) * | 2019-10-15 | 2022-03-18 | 浙江齐治科技股份有限公司 | Method, device and system for realizing challenge code |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5481611A (en) * | 1993-12-09 | 1996-01-02 | Gte Laboratories Incorporated | Method and apparatus for entity authentication |
| CN1801699A (en) * | 2004-12-31 | 2006-07-12 | 联想(北京)有限公司 | Method for accessing cipher device |
| CN101339677A (en) * | 2008-08-28 | 2009-01-07 | 北京飞天诚信科技有限公司 | Safe authorization method and system |
| CN101645775A (en) * | 2008-08-05 | 2010-02-10 | 北京灵创科新科技有限公司 | Over-the-air download-based dynamic password identity authentication system |
| CN102158488A (en) * | 2011-04-06 | 2011-08-17 | 北京天地融科技有限公司 | Dynamic countersign generation method and device and authentication method and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102123148B (en) * | 2011-03-02 | 2014-01-15 | 天地融科技股份有限公司 | Authentication method, system and device based on dynamic password |
| CN102843237B (en) * | 2012-09-13 | 2016-02-17 | 天地融科技股份有限公司 | Authorization token, tokens, dynamic password token remote-authorization method and system |
-
2012
- 2012-09-13 CN CN201210340218.2A patent/CN102843237B/en active Active
-
2013
- 2013-06-11 HK HK13106937.8A patent/HK1179444A1/en unknown
- 2013-06-14 WO PCT/CN2013/077239 patent/WO2014040436A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5481611A (en) * | 1993-12-09 | 1996-01-02 | Gte Laboratories Incorporated | Method and apparatus for entity authentication |
| CN1801699A (en) * | 2004-12-31 | 2006-07-12 | 联想(北京)有限公司 | Method for accessing cipher device |
| CN101645775A (en) * | 2008-08-05 | 2010-02-10 | 北京灵创科新科技有限公司 | Over-the-air download-based dynamic password identity authentication system |
| CN101339677A (en) * | 2008-08-28 | 2009-01-07 | 北京飞天诚信科技有限公司 | Safe authorization method and system |
| CN102158488A (en) * | 2011-04-06 | 2011-08-17 | 北京天地融科技有限公司 | Dynamic countersign generation method and device and authentication method and system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014040436A1 (en) * | 2012-09-13 | 2014-03-20 | 天地融科技股份有限公司 | Authorization token, operation token, and method and system for remotely authorizing dynamic password token |
| CN107392001A (en) * | 2016-09-09 | 2017-11-24 | 天地融科技股份有限公司 | A kind of authorization method, system and card |
| CN107392001B (en) * | 2016-09-09 | 2020-03-24 | 天地融科技股份有限公司 | Authorization method, system and card |
| CN106878007A (en) * | 2017-02-08 | 2017-06-20 | 飞天诚信科技股份有限公司 | A kind of authorization method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| HK1179444A1 (en) | 2013-09-27 |
| WO2014040436A1 (en) | 2014-03-20 |
| CN102843237B (en) | 2016-02-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107888382B (en) | A kind of methods, devices and systems of the digital identity verifying based on block chain | |
| US10430616B2 (en) | Systems and methods for secure processing with embedded cryptographic unit | |
| CN105144626B (en) | The method and apparatus of safety is provided | |
| KR101418799B1 (en) | System for providing mobile OTP service | |
| WO2020192406A1 (en) | Method and apparatus for data storage and verification | |
| CN106063182B (en) | Electric endorsement method, system and equipment | |
| US20210182806A1 (en) | Digital currency minting in a system of network nodes implementing a distributed ledger | |
| US9332007B2 (en) | Method for secure, entryless login using internet connected device | |
| CN110677376B (en) | Authentication method, related device and system and computer readable storage medium | |
| AU2023266302A1 (en) | One-tap payment using a contactless card | |
| US8745390B1 (en) | Mutual authentication and key exchange for inter-application communication | |
| US9256210B2 (en) | Safe method for card issuing, card issuing device and system | |
| US11228421B1 (en) | Secure secrets to mitigate against attacks on cryptographic systems | |
| CN102667802A (en) | Provisioning, upgrading, and/or changing of hardware | |
| CN103716292A (en) | Cross-domain single-point login method and device thereof | |
| CN103269271A (en) | Method and system for back-upping private key in electronic signature token | |
| CN105893837B (en) | Application program installation method, security encryption chip and terminal | |
| US20130218779A1 (en) | Dual factor digital certificate security algorithms | |
| CN105939194A (en) | Backup method and backup system for private key of electronic key device | |
| US11520859B2 (en) | Display of protected content using trusted execution environment | |
| US8812857B1 (en) | Smart card renewal | |
| US20200372513A1 (en) | System and method for payment authentication | |
| CN102843237A (en) | Authorization token, operation token, and method and system for remotely authorizing dynamic password token | |
| US8549619B2 (en) | Removable hard disk with embedded security card | |
| CN111988146B (en) | Identity verification method, device, equipment and machine readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 100083 Beijing, Haidian District Road, No. 38, B block, 1810 Applicant after: Tendyron Technology Co., Ltd. Address before: 100083, B, block 17, golden building, No. 1810 Qinghua East Road, Beijing, Haidian District Applicant before: Tendyron Technology Co., Ltd. |
|
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1179444 Country of ref document: HK |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: GR Ref document number: 1179444 Country of ref document: HK |