CN102843237B - Authorization token, tokens, dynamic password token remote-authorization method and system - Google Patents

Authorization token, tokens, dynamic password token remote-authorization method and system Download PDF

Info

Publication number
CN102843237B
CN102843237B CN201210340218.2A CN201210340218A CN102843237B CN 102843237 B CN102843237 B CN 102843237B CN 201210340218 A CN201210340218 A CN 201210340218A CN 102843237 B CN102843237 B CN 102843237B
Authority
CN
China
Prior art keywords
code
authorization
algorithm
tokens
token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210340218.2A
Other languages
Chinese (zh)
Other versions
CN102843237A (en
Inventor
李东声
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Technology Co Ltd
Original Assignee
Tendyron Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tendyron Technology Co Ltd filed Critical Tendyron Technology Co Ltd
Priority to CN201210340218.2A priority Critical patent/CN102843237B/en
Publication of CN102843237A publication Critical patent/CN102843237A/en
Priority to HK13106937.8A priority patent/HK1179444A1/en
Priority to PCT/CN2013/077239 priority patent/WO2014040436A1/en
Application granted granted Critical
Publication of CN102843237B publication Critical patent/CN102843237B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention a kind of authorization token, tokens, dynamic password token remote-authorization method and system, the method comprises: the first authorization token at least generates the first authorization code according to the challenge code received and the first algorithm; Described tokens is at least according to described first authorization code that the described challenge code received and described first proof of algorithm receive; After being verified, described tokens generates dynamic password according to described challenge code and the second algorithm.At least one authorization token is adopted to authorize tokens, can guarantee that tokens custodian can not carry out electronic transaction or operation of transferring accounts privately, simultaneously, when carrying out electronic transaction, authorization token holder can not be at the scene, meet the demand of remote authorization token, thus improve fail safe and the convenience of business-electronic transaction.

Description

Authorization token, tokens, dynamic password token remote-authorization method and system
Technical field
The present invention relates to a kind of electronic technology field, particularly relate to a kind of tokens, authorization token, E-token dynamic password card remote-authorization method and system.
Background technology
At present, in order to ensure the fail safe of bank transaction and online trading information, usually need to carry out certification to user identity.Dynamic password token, as a kind of method of authentication, must get more and more in the applications such as bank transaction, online transaction.Dynamic password is also called one-time password (OTP, OneTimePassword), according to the difference of generating mode, dynamic password can be further divided into time-based dynamic password and the dynamic password based on challenge-response.
Mode conventional is at present the dynamic password based on challenge-response.Token and bank authentication server preserve identical algorithm, and when needs carry out certification to user, certificate server sends a challenge code to user, after user obtains this challenge code, is entered in token; Token utilizes algorithm and challenge code Production development password, and is shown to user; After user knows dynamic password, be entered in transaction terminal, dynamic password sends to bank authentication server to carry out certification by transaction terminal.
But no matter be personal user or enterprise customer at present, the dynamic password token of corresponding account all only has one, and therefore, existing enterprise dynamic password token at least exists following problem:
(1) enterprise dynamic password token and token password are by same person keeping, therefore there is the potential safety hazard that corporation account transfers accounts by this custodian privately.
(2) enterprise dynamic password token is uniquely and only by people's keeping, then, when each enterprise carries out electronic transaction, this custodian must be on the scene, otherwise cannot complete this time transaction, brings great inconvenience to enterprise.
Summary of the invention
The present invention is intended to solve at least one of the problems referred to above.
Main purpose of the present invention is a kind of method providing remote authorization E-token dynamic password card.
Another object of the present invention is to the system that a kind of remote authorization E-token dynamic password card is provided.
Another object of the present invention is to provide a kind of authorization token.
Another object of the present invention is to provide a kind of tokens.
For achieving the above object, technical scheme of the present invention is specifically achieved in that
One aspect of the present invention provides a kind of dynamic password token remote-authorization method, and the method comprises: the first authorization token at least generates the first authorization code according to the challenge code received and the first algorithm; Described tokens is at least according to described first authorization code that the described challenge code received and described first proof of algorithm receive; After being verified, described tokens generates dynamic password according to described challenge code and the second algorithm.
In addition, before described authorization token at least generates the step of authorization code according to the challenge code received and the first algorithm, the method also comprises: tokens receives described challenge code, generates authentication code according to described challenge code and the 3rd algorithm; Authorization token receives described challenge code and described authentication code, authentication code according to described challenge code and described 3rd proof of algorithm; After authentication verification code passes through, perform authorization token at least generates authorization code step according to the challenge code received and the first algorithm.
In addition, before described tokens generates the step of dynamic password according to described challenge code and the second algorithm, the method also comprises: the second authorization token at least generates the second authorization code according to the challenge code received and the 4th algorithm; Described tokens is at least according to described second authorization code that the described challenge code received and described 4th proof of algorithm receive.
In addition, be verified described in and comprise: verify that described first authorization code and described second authorization code all pass through.
In addition, the step of described first authorization code that described tokens at least receives according to the described challenge code that receives and described first proof of algorithm comprises: described tokens at least calculates the first authority checking code according to the described challenge code received and described first algorithm; Judge that whether described first authority checking code is identical with described first authorization code received; If identical, then verify that described first authorization code passes through.
In addition, the step of described authorization token authentication code according to described challenge code and described 3rd proof of algorithm comprises: described authorization token calculates authentication verification code according to described challenge code and described 3rd algorithm; Judge that whether described authentication verification code is identical with described authentication code; If identical, then verify that described authentication code passes through.
In addition, the step of described second authorization code that described tokens at least receives according to the described challenge code that receives and described 4th proof of algorithm comprises: described tokens at least calculates the second authority checking code according to the described challenge code received and described 4th algorithm; Judge that whether described second authority checking code is identical with described second authorization code; If identical, then verify that described second authorization code passes through.
In addition, when described first algorithm is identical with described second algorithm: described first authorization token at least generates the first authorization code according to the first authorization token mark, the challenge code received and the first algorithm; Described tokens is at least according to described first authorization code that the first authorization token mark, the described challenge code received and described first proof of algorithm receive.
In addition, when described first algorithm is identical with described 4th algorithm, or described first algorithm, described second algorithm and described 4th algorithm homogeneous phase are simultaneously: described first authorization token at least generates the first authorization code according to the first authorization token mark, the challenge code received and the first algorithm; Described tokens is at least according to described first authorization code that the first authorization token mark, the described challenge code received and described first proof of algorithm receive; Described second authorization token at least generates the second authorization code according to the second authorization token mark, the challenge code received and the 4th algorithm; Described tokens is at least according to described second authorization code that the second authorization token mark, the described challenge code received and described 4th proof of algorithm receive.
In addition, the step of described first authorization code that described tokens at least receives according to the first authorization token mark, the described challenge code that receives and described first proof of algorithm comprises: described tokens at least calculates the first authority checking code according to described first authorization token mark, the described challenge code received and described first algorithm; Judge that whether described first authority checking code is identical with described first authorization code received; If identical, then verify that described first authorization code passes through.
In addition, the step of described second authorization code that described tokens at least receives according to described second authorization token mark, the described challenge code that receives and described 4th proof of algorithm comprises: described tokens at least calculates the second authority checking code according to described second authorization token mark, the described challenge code received and described 4th algorithm; Judge that whether described second authority checking code is identical with described second authorization code; If identical, then verify that described second authorization code passes through.
Another aspect of the invention provides a kind of authorization token, and this authorization token comprises: memory module, for storing authorization code generating algorithm; Receiver module, for receiving challenge code; Authorization code generation module, the described authorization code generating algorithm stored for the described challenge code that at least receives according to described receiver module and described memory module generates authorization code.
In addition, described memory module is authentication storage code generating algorithm also, and described receiver module also receives authentication code; Described authorization token also comprises: authentication module, and the described authentication code generating algorithm stored for the described challenge code that receives according to described receiver module and described memory module verifies the described authentication code that described receiver module receives.
In addition, described memory module also stores authorization token mark; Authorization code generation module, the described challenge code received for the authorization token mark at least stored according to described memory module, described authorization code generating algorithm and described receiver module generates authorization code.
Another aspect of the invention provides a kind of tokens, and this tokens comprises: memory module, for storing authorization code generating algorithm and dynamic password generating algorithm; Receiver module, for receiving challenge code and authorization code; Authentication module, the described authorization code generating algorithm stored for the described challenge code that at least receives according to described receiver module and described memory module verifies the described authorization code that described receiver module receives; Dynamic password generation module, for after described authentication module is verified, the described dynamic password generating algorithm that the described challenge code received according to described receiver module and described memory module store generates dynamic password.
In addition, described memory module also authentication storage code generating algorithm; Described tokens also comprises: authentication code generation module, and the described authentication code generating algorithm stored for the described challenge code that receives according to described receiver module and described memory module generates authentication code.
In addition, described memory module also stores authorization token mark, and described receiver module also receives described authorization code; Described authentication module, the described challenge code received for the authorization token mark at least stored according to described memory module, described authorization code generating algorithm and described receiver module verifies the described authorization code that described receiver module receives.
Another aspect of the invention provides a kind of dynamic password token remote authorization system, and this system comprises: above-mentioned tokens, and at least one above-mentioned authorization token.
In addition, described authorization token is at least two, and after described tokens verifies that authorization code that whole authorization token generates all passes through, described tokens generates dynamic password according to challenge code and dynamic password generating algorithm.
As seen from the above technical solution provided by the invention, the invention provides a kind of authorization token, tokens, dynamic password token remote-authorization method and system, at least one authorization token can be adopted to authorize tokens, can guarantee that tokens custodian can not carry out electronic transaction or operation of transferring accounts privately, simultaneously, when carrying out electronic transaction, authorization token holder can not be at the scene, meet the demand of remote authorization token, thus improve fail safe and the convenience of business-electronic transaction.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
The flow chart of the dynamic password token remote-authorization method that Fig. 1 provides for the embodiment of the present invention 1;
The authorization token structural representation that Fig. 2 provides for the embodiment of the present invention 1;
The tokens structural representation that Fig. 3 provides for the embodiment of the present invention 1;
The dynamic password token remote authorization system configuration schematic diagram that Fig. 4 provides for the embodiment of the present invention 1;
The flow chart of another dynamic password token remote-authorization method that Fig. 5 provides for the embodiment of the present invention 2;
The authorization token structural representation that Fig. 6 provides for the embodiment of the present invention 2;
The tokens structural representation that Fig. 7 provides for the embodiment of the present invention 2;
The dynamic password token remote authorization system configuration schematic diagram that Fig. 8 provides for the embodiment of the present invention 2;
The flow chart of another dynamic password token remote-authorization method that Fig. 9 provides for the embodiment of the present invention 3;
The authorization token structural representation that Figure 10 provides for the embodiment of the present invention 3;
The tokens structural representation that Figure 11 provides for the embodiment of the present invention 3;
The dynamic password token remote authorization system configuration schematic diagram that Figure 12 provides for the embodiment of the present invention 3;
The flow chart of another dynamic password token remote-authorization method that Figure 13 provides for the embodiment of the present invention 4;
The authorization token structural representation that Figure 14 provides for the embodiment of the present invention 4;
The tokens structural representation that Figure 15 provides for the embodiment of the present invention 4;
The dynamic password token remote authorization system configuration schematic diagram that Figure 16 provides for the embodiment of the present invention 4;
The dynamic password token remote authorization system configuration schematic diagram that Figure 17 provides for the embodiment of the present invention 5.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on embodiments of the invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to protection scope of the present invention.
In describing the invention, it will be appreciated that, term " " center ", " longitudinal direction ", " transverse direction ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of the instruction such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, instead of indicate or imply that the device of indication or element must have specific orientation, with specific azimuth configuration and operation, therefore limitation of the present invention can not be interpreted as.In addition, term " first ", " second " only for describing object, and can not be interpreted as instruction or hint relative importance or quantity or position.
In describing the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be interpreted broadly, and such as, can be fixedly connected with, also can be removably connect, or connect integratedly; Can be mechanical connection, also can be electrical connection; Can be directly be connected, also indirectly can be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, concrete condition above-mentioned term concrete meaning in the present invention can be understood.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Embodiment 1
Fig. 1 illustrates the flow chart of dynamic password token remote-authorization method, and see Fig. 1, dynamic password token remote-authorization method of the present invention comprises:
Step S101, authorization token generates authorization code according to the challenge code received and authorization code generating algorithm.
Concrete, authorization token is the token that donor holds, and tokens is the token that the operator specifically carrying out concluding the business (or transferring accounts) holds, tokens for generating dynamic password, to guarantee to conclude the business.
When operator needs authorized transaction, this challenge code of concluding the business is informed donor by operator, after donor obtains challenge code, challenge code is inputed in authorization token, or this challenge code of concluding the business is sent to authorization token by wired or wireless mode by tokens, authorization token calculates authorized access code according to the challenge code received and its authorization code generating algorithm stored.Wherein, challenge code can comprise Transaction Information, at least comprises following information: account and the amount of money, thus guarantees that donor knows Transaction Information, to authorize.
Step S102, tokens verifies according to the challenge code received and authorization code generating algorithm the authorization code received.
Particularly, after the authorization token generation authorization code that donor holds, donor is by this authorization code teaching process people, challenge code and authorization code input in tokens by operator respectively, or authorization code is sent to tokens by wired or wireless mode by authorization token, tokens can calculate authority checking code according to the challenge code received and its authorization code generating algorithm stored; And the authorization code of the authority checking code generated and input is judged, judge that whether authority checking code is identical with authorization code; If identical, then verify that authorization code passes through.Thus, operator can verify the correctness of authorization code, and after guarantee checking authorization code passes through, the dynamic password systematic function of open operation token.
Step S103, after checking authorization code passes through, tokens generates dynamic password according to challenge code and dynamic password generating algorithm.
Concrete, tokens calculates acquisition dynamic password according to the dynamic password generating algorithm of the challenge code inputted in step S102 and storage.Owing to needing to generate authorization code through authorization token to this challenge code of concluding the business, and open dynamic password systematic function by tokens to after the checking of authorization code, the only property of the challenge code generating dynamic password can be ensured, ensure that the fail safe of transaction.
The another aspect of the present embodiment provides a kind of authorization token 10, and see Fig. 2, this authorization token comprises:
Memory module 101, for storing authorization code generating algorithm;
Receiver module 102, for receiving challenge code;
Authorization code generation module 103, the authorization code generating algorithm stored for the challenge code that receives according to receiver module 102 and memory module 101 generates authorization code.
Thus, the challenge code that authorization token 10 can be informed according to operator generates authorization code, or the challenge code receiving tokens transmission generates authorization code, to guarantee to authorize for this transaction.
The another aspect of the present embodiment provides a kind of tokens 20, and see Fig. 3, this tokens comprises:
Memory module 201, for storing authorization code generating algorithm and dynamic password generating algorithm;
Receiver module 202, for receiving challenge code and authorization code;
Authentication module 203, the authorization code that the authorization code generating algorithm checking receiver module 202 stored for the challenge code that receives according to receiver module 202 and memory module 201 receives;
Dynamic password generation module 204, for after authentication module 203 verifies that authorization code passes through, the dynamic password generating algorithm that the challenge code received according to receiver module 202 and memory module 201 store generates dynamic password.
Thus, tokens 20 can be verified the authorization code of this transaction, and opens the dynamic password systematic function of this transaction, to guarantee that each transaction can only be carried out calculating for the challenge code of this transaction and generate dynamic password, ensure that the fail safe of transaction.
The another aspect of the present embodiment provides a kind of dynamic password token remote authorization system, and see Fig. 4, this system comprises: above-mentioned authorization token 10, and above-mentioned tokens 20.
The dynamic password token remote-authorization method provided as can be seen from above-described embodiment and system, authorization token is adopted to authorize tokens, can guarantee that tokens custodian can not carry out electronic transaction or operation of transferring accounts privately, simultaneously, when carrying out electronic transaction, authorization token holder at the scene, can not meet the demand of remote authorization token, thus improves fail safe and the convenience of business-electronic transaction.
Further, ensure that the challenge code this can only concluded the business generates dynamic password, ensure that the fail safe of transaction.
Above-described authorization code generating algorithm and dynamic password generating algorithm all can adopt any one following algorithm to calculate:
(1) cryptographic algorithm: DES, 3DES or AES;
(2) MAC algorithm:
Symmetrical MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, other standard compliant algorithms can also be adopted, or adopt other algorithms that are international or national regulation.
Embodiment 2
The present embodiment is with the difference implementing 1, and before authorization token generates authorization code according to the challenge code received and authorization code generating algorithm, authorization token is first according to challenge code and authentication code generating algorithm authentication verification code, thus the identity of verification operation token.
Fig. 5 illustrates the flow chart of another dynamic password token remote-authorization method, and see Fig. 5, dynamic password token remote-authorization method of the present invention comprises:
Step S201, tokens receives challenge code, generates authentication code according to challenge code and authentication code generating algorithm.
Concrete, this challenge code of concluding the business inputs in tokens by operator, tokens generates authentication code according to challenge code and authentication code generating algorithm, and authentication code and challenge code are informed donor by operator, so that authentication code and challenge code input in authorization token by donor; Or authentication code and challenge code are sent to authorization token by tokens.
Step S202, authorization token receives challenge code and authentication code, according to challenge code and authentication code generating algorithm authentication verification code.
Particularly, the authentication code that operator informs by donor and challenge code input in authorization token respectively, or authorization token receives authentication code and the challenge code of tokens transmission, and authorization token calculates authentication verification code according to challenge code and authentication code generating algorithm; And the authentication code of the authentication verification code generated and input is judged, judge that whether authentication verification code is identical with authentication code; If identical, then authentication verification code passes through.Thus, authorization token can the correctness of authentication verification code, guarantees that the identity of operator is credible.
Step S203, after authentication verification code passes through, authorization token generates authorization code according to the challenge code received and authorization code generating algorithm;
Step S204, tokens verifies according to the challenge code received and authorization code generating algorithm the authorization code received;
Particularly, tokens calculates authority checking code according to the challenge code received and authorization code generating algorithm; Judge that whether authority checking code is identical with the authorization code received; If identical, then verify that authorization code passes through.
Step S205, after checking authorization code passes through, tokens generates dynamic password according to challenge code and dynamic password generating algorithm.
Before authorizing, carry out the checking of tokens, ensure that the correctness of authorization object, improve the fail safe of transaction.
The another aspect of the present embodiment provides a kind of authorization token 30, and see Fig. 6, this authorization token comprises:
Memory module 301, for storing authorization code generating algorithm and authentication code generating algorithm;
Receiver module 302, for receiving challenge code and authentication code;
Authentication module 303, the authentication code that the authentication code generating algorithm checking receiver module 302 stored for the challenge code that receives according to receiver module 302 and memory module 301 receives;
Authorization code generation module 304, for after authentication module 303 authentication verification code passes through, the authorization code generating algorithm that the challenge code received according to receiver module 302 and memory module 301 store generates authorization code.
Before mandate, carry out authorization token verify tokens, ensure that the correctness of authorization object, improve the fail safe of transaction.
The another aspect of the present embodiment provides a kind of tokens 40, and see Fig. 7, this tokens comprises:
Memory module 401, for storing authorization code generating algorithm, dynamic password generating algorithm and authentication code generating algorithm;
Receiver module 402, for receiving challenge code and authorization code;
Authentication code generation module 403, the authentication code generating algorithm stored for the challenge code that receives according to receiver module 402 and memory module 401 generates authentication code;
Authentication module 404, the authorization code that the authorization code generating algorithm checking receiver module 402 stored for the challenge code that receives according to receiver module 402 and memory module 401 receives;
Dynamic password generation module 405, for after authentication module 404 verifies that authorization code passes through, generates dynamic password according to the dynamic password generating algorithm that challenge code and memory module 401 store.
Tokens generates authentication code, so that authorization token is verified tokens, ensure that the correctness of authorization object, improves the fail safe of transaction.
The another aspect of the present embodiment provides a kind of dynamic password token remote authorization system, and see Fig. 8, this system comprises: above-mentioned authorization token 30, and above-mentioned tokens 40.
The dynamic password token remote-authorization method provided as can be seen from above-described embodiment and system, authorization token is adopted to authorize tokens, can guarantee that tokens custodian can not carry out electronic transaction or operation of transferring accounts privately, simultaneously, when carrying out electronic transaction, authorization token holder at the scene, can not meet the demand of remote authorization token, thus improves fail safe and the convenience of business-electronic transaction.
In addition, authorization token, before generation authorization code, needs authentication verification code with the identity of verification operation token, thus more improves the fail safe of electronic transaction.
Wherein, authentication code generating algorithm, authorization code generating algorithm and dynamic password generating algorithm all can adopt any one following algorithm to calculate:
(1) cryptographic algorithm: DES, 3DES or AES;
(2) MAC algorithm:
Symmetrical MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, other standard compliant algorithms can also be adopted, or adopt other algorithms that are international or national regulation.
Embodiment 3
The present embodiment is with the difference implementing 1, when authorization code generating algorithm is identical with dynamic password generating algorithm, is each authorization token setting identification, and authorization token generates authorization code according to authorization token mark, the challenge code received and authorization code generating algorithm; Tokens verifies according to authorization token mark, the challenge code received and authorization code generating algorithm the authorization code received.
Fig. 9 illustrates the flow chart of another dynamic password token remote-authorization method, and see Fig. 9, dynamic password token remote-authorization method of the present invention comprises:
Step S301, authorization token generates authorization code according to authorization token mark, the challenge code received and authorization code generating algorithm;
Wherein, authorization token mark is used for identifying the identity of authorization token, to ensure its correctness and uniqueness.
Step S302, tokens verifies according to authorization token mark, the challenge code received and authorization code generating algorithm the authorization code received;
Particularly, tokens calculates authority checking code according to authorization token mark, the challenge code received and authorization code generating algorithm; Judge that whether authority checking code is identical with the authorization code received; If identical, then verify that authorization code passes through.
Step S303, after being verified, tokens generates dynamic password according to challenge code and dynamic password generating algorithm.
The another aspect of the present embodiment provides a kind of authorization token 50, and see Figure 10, this authorization token comprises:
Memory module 501, for storing authorization code generating algorithm and authorization token mark;
Receiver module 502, for receiving challenge code;
Authorization code generation module 503, the authorization token mark stored for the challenge code that receives according to receiver module 502 and memory module 501, authorization code generating algorithm generate authorization code.
The another aspect of the present embodiment provides a kind of tokens 60, and see Figure 11, this tokens comprises:
Memory module 601, for storing authorization code generating algorithm, dynamic password generating algorithm and authorization token mark;
Receiver module 602, for receiving challenge code and authorization code;
Authentication module 603, the authorization token mark stored for the challenge code that at least receives according to receiver module 602 and memory module 601 and authorization code generating algorithm verify the authorization code received that receiver module 602 receives;
Dynamic password generation module 604, for after authentication module 603 is verified, the dynamic password generating algorithm that the challenge code received according to receiver module 602 and memory module 601 store generates dynamic password.
The another aspect of the present embodiment provides a kind of dynamic password token remote authorization system, and see Figure 12, this system comprises: above-mentioned authorization token 50, and above-mentioned tokens 60.
The dynamic password token remote-authorization method provided as can be seen from above-described embodiment and system, authorization token is adopted to authorize tokens, can guarantee that tokens custodian can not carry out electronic transaction or operation of transferring accounts privately, simultaneously, when carrying out electronic transaction, authorization token holder at the scene, can not meet the demand of remote authorization token, thus improves fail safe and the convenience of business-electronic transaction.
In addition, when authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, can ensure that the authorization code generated is different with generation dynamic password by authorization token mark, both ensure that the checking to authorization code, also ensure that the safety of transaction, meanwhile, when authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, taking of the space of storage algorithm can be reduced.
Above-described authorization code generating algorithm and dynamic password generating algorithm all can adopt any one following algorithm to calculate:
(1) cryptographic algorithm: DES, 3DES or AES;
(2) MAC algorithm:
Symmetrical MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, other standard compliant algorithms can also be adopted, or adopt other algorithms that are international or national regulation.
Embodiment 4
The present embodiment is with the difference implementing 2, when authorization code generating algorithm is identical with dynamic password generating algorithm, is each authorization token setting identification, and authorization token generates authorization code according to authorization token mark, the challenge code received and authorization code generating algorithm; Tokens verifies according to authorization token mark, the challenge code received and authorization code generating algorithm the authorization code received.
Figure 13 illustrates the flow chart of another dynamic password token remote-authorization method, and see Figure 13, dynamic password token remote-authorization method of the present invention comprises:
Step S401, tokens receives challenge code, generates authentication code according to challenge code and authentication code generating algorithm;
Step S402, authorization token receives challenge code and authentication code, according to challenge code and authentication code generating algorithm authentication verification code;
Particularly, authorization token calculates authentication verification code according to challenge code and authentication code generating algorithm; Judge that whether authentication verification code is identical with authentication code; If identical, then authentication verification code passes through.
Step S403, after authentication verification code passes through, authorization token generates authorization code according to authorization token mark, the challenge code received and authorization code generating algorithm;
Wherein, authorization token mark is used for identifying the identity of authorization token, to ensure its correctness and uniqueness.
Step S404, tokens verifies according to authorization token mark, the challenge code received and authorization code generating algorithm the authorization code received;
Particularly, tokens calculates authority checking code according to authorization token mark, the challenge code received and authorization code generating algorithm; Judge that whether authority checking code is identical with the authorization code received; If identical, then verify that authorization code passes through.
Step S405, after checking authorization code passes through, tokens generates dynamic password according to challenge code and dynamic password generating algorithm.
The another aspect of the present embodiment provides a kind of authorization token 70, and see Figure 14, this authorization token comprises:
Memory module 701, for storing authorization code generating algorithm, authentication code generating algorithm and authorization token mark;
Receiver module 702, for receiving challenge code and authentication code;
Authentication module 703, the authentication code that the authentication code generating algorithm checking receiver module 702 stored for the challenge code that receives according to receiver module 702 and memory module 701 receives;
Authorization code generation module 704, for after authentication module 703 authentication verification code passes through, the challenge code generating algorithm that the authorization token mark stored according to memory module 701, authorization code generating algorithm and receiver module 702 receive generates authorization code.
The another aspect of the present embodiment provides a kind of tokens 80, and see Figure 15, this tokens comprises:
Memory module 801, for storing authorization code generating algorithm, dynamic password generating algorithm, authorization token mark and authentication code generating algorithm;
Receiver module 802, for receiving challenge code and authorization code;
Authentication code generation module 803, the authentication code generating algorithm stored for the challenge code that receives according to receiver module 802 and memory module 801 generates authentication code;
Authentication module 804, the authorization code that the authorization token mark stored for the challenge code that receives according to receiver module 802 and memory module 801, authorization code generating algorithm checking receiver module 802 receive;
Dynamic password generation module 805, for after authentication module 804 verifies that authorization code passes through, generates dynamic password according to the dynamic password generating algorithm that challenge code and memory module 801 store.
The another aspect of the present embodiment provides a kind of dynamic password token remote authorization system, and see Figure 16, this system comprises: above-mentioned authorization token 70, and above-mentioned tokens 80.
The dynamic password token remote-authorization method provided as can be seen from above-described embodiment and system, authorization token is adopted to authorize tokens, can guarantee that tokens custodian can not carry out electronic transaction or operation of transferring accounts privately, simultaneously, when carrying out electronic transaction, authorization token holder at the scene, can not meet the demand of remote authorization token, thus improves fail safe and the convenience of business-electronic transaction.
In addition, when authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, can ensure that the authorization code generated is different with generation dynamic password by authorization token mark, both ensure that the checking to authorization code, also ensure that the safety of transaction, meanwhile, when authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, taking of the space of storage algorithm can be reduced.
Above-described authentication code generating algorithm, authorization code generating algorithm and dynamic password generating algorithm all can adopt any one following algorithm to calculate:
(1) cryptographic algorithm: DES, 3DES or AES;
(2) MAC algorithm:
Symmetrical MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, other standard compliant algorithms can also be adopted, or adopt other algorithms that are international or national regulation.
Embodiment 5
Present embodiments provide another dynamic password token remote-authorization method and system, see Figure 17, wherein authorization token can be two, first authorization token 70 and the second authorization token 90, after tokens 80 needs to verify that authorization code that whole authorization token generates all passes through, tokens just generates dynamic password according to challenge code and dynamic password generating algorithm.
In addition, when authorization token is two, the authorization code generating algorithm of different authorization token can be identical, authorization token generates different authorization codes respectively according to its respective authorization token mark, the challenge code that receives, after tokens needs to verify that authorization code that whole authorization token generates all passes through, tokens just generates dynamic password according to challenge code and dynamic password generating algorithm.
Authorization token can be two or more in the present system, and its authorization method can be released from above describing, and no longer goes to live in the household of one's in-laws on getting married herein and chats.
The dynamic password token remote-authorization method adopting embodiment 5 to provide and system, can be authorized tokens by multiple authorization token simultaneously, thus further increase the fail safe of electronic transaction.
Describe and can be understood in flow chart or in this any process otherwise described or method, represent and comprise one or more for realizing the module of the code of the executable instruction of the step of specific logical function or process, fragment or part, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can not according to order that is shown or that discuss, comprise according to involved function by the mode while of basic or by contrary order, carry out n-back test, this should understand by embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple step or method can with to store in memory and the software performed by suitable instruction execution system or firmware realize.Such as, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: the discrete logic with the logic gates for realizing logic function to data-signal, there is the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is that the hardware that can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, this program perform time, step comprising embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, also can be that the independent physics of unit exists, also can be integrated in a module by two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and the form of software function module also can be adopted to realize.If described integrated module using the form of software function module realize and as independently production marketing or use time, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
In the description of this specification, specific features, structure, material or feature that the description of reference term " embodiment ", " some embodiments ", " example ", " concrete example " or " some examples " etc. means to describe in conjunction with this embodiment or example are contained at least one embodiment of the present invention or example.In this manual, identical embodiment or example are not necessarily referred to the schematic representation of above-mentioned term.And the specific features of description, structure, material or feature can combine in an appropriate manner in any one or more embodiment or example.
Although illustrate and describe embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention when not departing from principle of the present invention and aim, revising, replacing and modification.Scope of the present invention is by claims extremely equivalency.

Claims (16)

1. a dynamic password token remote-authorization method, is characterized in that, the method comprises:
First authorization token at least generates the first authorization code according to the challenge code received and the first algorithm;
Tokens is at least according to described first authorization code that the described challenge code received and described first proof of algorithm receive;
After being verified, described tokens generates dynamic password according to described challenge code and the second algorithm;
Wherein: described challenge code comprises Transaction Information;
Before described authorization token at least generates the step of authorization code according to the challenge code received and the first algorithm, the method also comprises:
Tokens receives described challenge code, generates authentication code according to described challenge code and the 3rd algorithm;
Authorization token receives described challenge code and described authentication code, authentication code according to described challenge code and described 3rd proof of algorithm;
After authentication verification code passes through, perform authorization token at least generates authorization code step according to the challenge code received and the first algorithm.
2. method according to claim 1, is characterized in that, before described tokens generates the step of dynamic password according to described challenge code and the second algorithm, the method comprises:
Second authorization token at least generates the second authorization code according to the challenge code received and the 4th algorithm;
Described tokens is at least according to described second authorization code that the described challenge code received and described 4th proof of algorithm receive.
3. method according to claim 2, is characterized in that, described in be verified and comprise:
Verify that described first authorization code and described second authorization code all pass through.
4. method according to claim 1, is characterized in that, the step of described first authorization code that described tokens at least receives according to the described challenge code that receives and described first proof of algorithm comprises:
Described tokens at least calculates the first authority checking code according to the described challenge code received and described first algorithm;
Judge that whether described first authority checking code is identical with described first authorization code received;
If identical, then verify that described first authorization code passes through.
5. method according to claim 1, is characterized in that, the step of described authorization token authentication code according to described challenge code and described 3rd proof of algorithm comprises:
Described authorization token calculates authentication verification code according to described challenge code and described 3rd algorithm;
Judge that whether described authentication verification code is identical with described authentication code;
If identical, then verify that described authentication code passes through.
6. method according to claim 2, is characterized in that, the step of described second authorization code that described tokens at least receives according to the described challenge code that receives and described 4th proof of algorithm comprises:
Described tokens at least calculates the second authority checking code according to the described challenge code received and described 4th algorithm;
Judge that whether described second authority checking code is identical with described second authorization code;
If identical, then verify that described second authorization code passes through.
7. method according to claim 1, is characterized in that, when described first algorithm is identical with described second algorithm:
Described first authorization token at least generates the first authorization code according to the first authorization token mark, the challenge code received and the first algorithm;
Described tokens is at least according to described first authorization code that the first authorization token mark, the described challenge code received and described first proof of algorithm receive.
8. method according to claim 3, is characterized in that, when described first algorithm is identical with described 4th algorithm, or described first algorithm, described second algorithm and described 4th algorithm homogeneous phase are simultaneously:
Described first authorization token at least generates the first authorization code according to the first authorization token mark, the challenge code received and the first algorithm;
Described tokens is at least according to described first authorization code that the first authorization token mark, the described challenge code received and described first proof of algorithm receive;
Described second authorization token at least generates the second authorization code according to the second authorization token mark, the challenge code received and the 4th algorithm;
Described tokens is at least according to described second authorization code that the second authorization token mark, the described challenge code received and described 4th proof of algorithm receive.
9. the method according to claim 7 or 8, is characterized in that, the step of described first authorization code that described tokens at least receives according to the first authorization token mark, the described challenge code that receives and described first proof of algorithm comprises:
Described tokens at least calculates the first authority checking code according to described first authorization token mark, the described challenge code received and described first algorithm;
Judge that whether described first authority checking code is identical with described first authorization code received;
If identical, then verify that described first authorization code passes through.
10. method according to claim 8, is characterized in that, the step of described second authorization code that described tokens at least receives according to described second authorization token mark, the described challenge code that receives and described 4th proof of algorithm comprises:
Described tokens at least calculates the second authority checking code according to described second authorization token mark, the described challenge code received and described 4th algorithm;
Judge that whether described second authority checking code is identical with described second authorization code;
If identical, then verify that described second authorization code passes through.
11. 1 kinds of authorization token, is characterized in that, this authorization token comprises:
Memory module, for storing authorization code generating algorithm;
Receiver module, for receiving challenge code;
Authorization code generation module, the described authorization code generating algorithm stored for the described challenge code that at least receives according to described receiver module and described memory module generates authorization code;
Wherein: described challenge code comprises Transaction Information;
Described memory module is authentication storage code generating algorithm also, and described receiver module also receives authentication code;
Described authorization token also comprises: authentication module, and the described authentication code generating algorithm stored for the described challenge code that receives according to described receiver module and described memory module verifies the described authentication code that described receiver module receives.
12. authorization token according to claim 11, is characterized in that, described memory module also stores authorization token mark;
Authorization code generation module, the described challenge code received for the authorization token mark at least stored according to described memory module, described authorization code generating algorithm and described receiver module generates authorization code.
13. 1 kinds of tokens, is characterized in that, this tokens comprises:
Memory module, for storing authorization code generating algorithm and dynamic password generating algorithm;
Receiver module, for receiving challenge code and authorization code;
Authentication module, the described authorization code generating algorithm stored for the described challenge code that at least receives according to described receiver module and described memory module verifies the described authorization code that described receiver module receives;
Dynamic password generation module, for after described authentication module is verified, the described dynamic password generating algorithm that the described challenge code received according to described receiver module and described memory module store generates dynamic password;
Wherein: described challenge code comprises Transaction Information;
Described memory module is authentication storage code generating algorithm also;
Described tokens also comprises: authentication code generation module, and the described authentication code generating algorithm stored for the described challenge code that receives according to described receiver module and described memory module generates authentication code.
14. tokens according to claim 13, is characterized in that, described memory module also stores authorization token mark;
Described authentication module, the described challenge code received for the authorization token mark at least stored according to described memory module, described authorization code generating algorithm and described receiver module verifies the described authorization code that described receiver module receives.
15. 1 kinds of dynamic password token remote authorization systems, it is characterized in that, this system comprises: the tokens as described in any one of claim 13-14, and at least one authorization token as described in any one of claim 11-12.
16. systems according to claim 15, it is characterized in that, described authorization token is at least two, and after described tokens verifies that authorization code that whole authorization token generates all passes through, described tokens generates dynamic password according to challenge code and dynamic password generating algorithm.
CN201210340218.2A 2012-09-13 2012-09-13 Authorization token, tokens, dynamic password token remote-authorization method and system Active CN102843237B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201210340218.2A CN102843237B (en) 2012-09-13 2012-09-13 Authorization token, tokens, dynamic password token remote-authorization method and system
HK13106937.8A HK1179444A1 (en) 2012-09-13 2013-06-11 Remote authorization method and system for authorization token, operation token, and dynamic password token
PCT/CN2013/077239 WO2014040436A1 (en) 2012-09-13 2013-06-14 Authorization token, operation token, and method and system for remotely authorizing dynamic password token

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210340218.2A CN102843237B (en) 2012-09-13 2012-09-13 Authorization token, tokens, dynamic password token remote-authorization method and system

Publications (2)

Publication Number Publication Date
CN102843237A CN102843237A (en) 2012-12-26
CN102843237B true CN102843237B (en) 2016-02-17

Family

ID=47370316

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210340218.2A Active CN102843237B (en) 2012-09-13 2012-09-13 Authorization token, tokens, dynamic password token remote-authorization method and system

Country Status (3)

Country Link
CN (1) CN102843237B (en)
HK (1) HK1179444A1 (en)
WO (1) WO2014040436A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102843237B (en) * 2012-09-13 2016-02-17 天地融科技股份有限公司 Authorization token, tokens, dynamic password token remote-authorization method and system
CN107392001B (en) * 2016-09-09 2020-03-24 天地融科技股份有限公司 Authorization method, system and card
CN106878007B (en) * 2017-02-08 2019-11-15 飞天诚信科技股份有限公司 A kind of authorization method and system
CN110611598B (en) * 2019-10-15 2022-03-18 浙江齐治科技股份有限公司 Method, device and system for realizing challenge code

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101339677A (en) * 2008-08-28 2009-01-07 北京飞天诚信科技有限公司 Safe authorization method and system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5481611A (en) * 1993-12-09 1996-01-02 Gte Laboratories Incorporated Method and apparatus for entity authentication
CN100561913C (en) * 2004-12-31 2009-11-18 联想(北京)有限公司 A kind of method of access code equipment
CN101645775A (en) * 2008-08-05 2010-02-10 北京灵创科新科技有限公司 Over-the-air download-based dynamic password identity authentication system
CN102123148B (en) * 2011-03-02 2014-01-15 天地融科技股份有限公司 Authentication method, system and device based on dynamic password
CN102158488B (en) * 2011-04-06 2014-03-12 天地融科技股份有限公司 Dynamic countersign generation method and device and authentication method and system
CN102843237B (en) * 2012-09-13 2016-02-17 天地融科技股份有限公司 Authorization token, tokens, dynamic password token remote-authorization method and system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101339677A (en) * 2008-08-28 2009-01-07 北京飞天诚信科技有限公司 Safe authorization method and system

Also Published As

Publication number Publication date
WO2014040436A1 (en) 2014-03-20
HK1179444A1 (en) 2013-09-27
CN102843237A (en) 2012-12-26

Similar Documents

Publication Publication Date Title
US11714633B2 (en) Method for providing a firmware update of a device
CN103220145B (en) Method and system for electronic signature token to respond to operation request, and electronic signature token
US10305887B2 (en) Method and system for hand held terminal security
US8782401B2 (en) Enhanced privacy ID based platform attestation
BR112016011293B1 (en) TERMINAL, MOBILE DEVICE, AND METHOD FOR CONDUCTING A CONVENIENT AND SECURE MOBILE TRANSACTION USING A TERMINAL AND A MOBILE DEVICE
US9332007B2 (en) Method for secure, entryless login using internet connected device
US20140282895A1 (en) Secondary device as key for authorizing access to resources
CN103220148B (en) The method of electronic signature token operation response request, system and electronic signature token
US10229291B2 (en) Method and system for cryptographically enabling and disabling lockouts for critical operations in a smart grid network
CN103269271A (en) Method and system for back-upping private key in electronic signature token
CN101841525A (en) Secure access method, system and client
CN102843237B (en) Authorization token, tokens, dynamic password token remote-authorization method and system
CN102571347A (en) Method and device for checking field replaceable unit, and communication equipment
US20160105286A1 (en) Method and system for backing up private key of electronic signature token
CN103326859A (en) System and method for safety certification based on catalog
US8812857B1 (en) Smart card renewal
CN104835038A (en) Networking payment device and networking payment method
CN115943381A (en) Data encryption and decryption method and device
CN112367664B (en) Method and device for safely accessing external equipment into intelligent ammeter
EP2948893A1 (en) Automated content signing for point-of-sale applications in fuel dispensing environments
CN105391555A (en) Method for accessing SAM device, background, and system for accessing SAM device
CN103248490B (en) A kind of back up the method and system of information in electronic signature token
CN103107884A (en) Authentication method and authentication device based on financial self-service equipment
KR101581663B1 (en) Authentication and non-repudiation method and system using trusted third party
CN111988146B (en) Identity verification method, device, equipment and machine readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C53 Correction of patent for invention or patent application
CB02 Change of applicant information

Address after: 100083 Beijing, Haidian District Road, No. 38, B block, 1810

Applicant after: Tendyron Technology Co., Ltd.

Address before: 100083, B, block 17, golden building, No. 1810 Qinghua East Road, Beijing, Haidian District

Applicant before: Tendyron Technology Co., Ltd.

REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1179444

Country of ref document: HK

C14 Grant of patent or utility model
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: GR

Ref document number: 1179444

Country of ref document: HK