Authorization token, tokens, dynamic password token remote-authorization method and system
Technical field
The present invention relates to a kind of electronic technology field, particularly relate to a kind of tokens, authorization token, E-token dynamic password card remote-authorization method and system.
Background technology
At present, in order to ensure the fail safe of bank transaction and online trading information, usually need to carry out certification to user identity.Dynamic password token, as a kind of method of authentication, must get more and more in the applications such as bank transaction, online transaction.Dynamic password is also called one-time password (OTP, OneTimePassword), according to the difference of generating mode, dynamic password can be further divided into time-based dynamic password and the dynamic password based on challenge-response.
Mode conventional is at present the dynamic password based on challenge-response.Token and bank authentication server preserve identical algorithm, and when needs carry out certification to user, certificate server sends a challenge code to user, after user obtains this challenge code, is entered in token; Token utilizes algorithm and challenge code Production development password, and is shown to user; After user knows dynamic password, be entered in transaction terminal, dynamic password sends to bank authentication server to carry out certification by transaction terminal.
But no matter be personal user or enterprise customer at present, the dynamic password token of corresponding account all only has one, and therefore, existing enterprise dynamic password token at least exists following problem:
(1) enterprise dynamic password token and token password are by same person keeping, therefore there is the potential safety hazard that corporation account transfers accounts by this custodian privately.
(2) enterprise dynamic password token is uniquely and only by people's keeping, then, when each enterprise carries out electronic transaction, this custodian must be on the scene, otherwise cannot complete this time transaction, brings great inconvenience to enterprise.
Summary of the invention
The present invention is intended to solve at least one of the problems referred to above.
Main purpose of the present invention is a kind of method providing remote authorization E-token dynamic password card.
Another object of the present invention is to the system that a kind of remote authorization E-token dynamic password card is provided.
Another object of the present invention is to provide a kind of authorization token.
Another object of the present invention is to provide a kind of tokens.
For achieving the above object, technical scheme of the present invention is specifically achieved in that
One aspect of the present invention provides a kind of dynamic password token remote-authorization method, and the method comprises: the first authorization token at least generates the first authorization code according to the challenge code received and the first algorithm; Described tokens is at least according to described first authorization code that the described challenge code received and described first proof of algorithm receive; After being verified, described tokens generates dynamic password according to described challenge code and the second algorithm.
In addition, before described authorization token at least generates the step of authorization code according to the challenge code received and the first algorithm, the method also comprises: tokens receives described challenge code, generates authentication code according to described challenge code and the 3rd algorithm; Authorization token receives described challenge code and described authentication code, authentication code according to described challenge code and described 3rd proof of algorithm; After authentication verification code passes through, perform authorization token at least generates authorization code step according to the challenge code received and the first algorithm.
In addition, before described tokens generates the step of dynamic password according to described challenge code and the second algorithm, the method also comprises: the second authorization token at least generates the second authorization code according to the challenge code received and the 4th algorithm; Described tokens is at least according to described second authorization code that the described challenge code received and described 4th proof of algorithm receive.
In addition, be verified described in and comprise: verify that described first authorization code and described second authorization code all pass through.
In addition, the step of described first authorization code that described tokens at least receives according to the described challenge code that receives and described first proof of algorithm comprises: described tokens at least calculates the first authority checking code according to the described challenge code received and described first algorithm; Judge that whether described first authority checking code is identical with described first authorization code received; If identical, then verify that described first authorization code passes through.
In addition, the step of described authorization token authentication code according to described challenge code and described 3rd proof of algorithm comprises: described authorization token calculates authentication verification code according to described challenge code and described 3rd algorithm; Judge that whether described authentication verification code is identical with described authentication code; If identical, then verify that described authentication code passes through.
In addition, the step of described second authorization code that described tokens at least receives according to the described challenge code that receives and described 4th proof of algorithm comprises: described tokens at least calculates the second authority checking code according to the described challenge code received and described 4th algorithm; Judge that whether described second authority checking code is identical with described second authorization code; If identical, then verify that described second authorization code passes through.
In addition, when described first algorithm is identical with described second algorithm: described first authorization token at least generates the first authorization code according to the first authorization token mark, the challenge code received and the first algorithm; Described tokens is at least according to described first authorization code that the first authorization token mark, the described challenge code received and described first proof of algorithm receive.
In addition, when described first algorithm is identical with described 4th algorithm, or described first algorithm, described second algorithm and described 4th algorithm homogeneous phase are simultaneously: described first authorization token at least generates the first authorization code according to the first authorization token mark, the challenge code received and the first algorithm; Described tokens is at least according to described first authorization code that the first authorization token mark, the described challenge code received and described first proof of algorithm receive; Described second authorization token at least generates the second authorization code according to the second authorization token mark, the challenge code received and the 4th algorithm; Described tokens is at least according to described second authorization code that the second authorization token mark, the described challenge code received and described 4th proof of algorithm receive.
In addition, the step of described first authorization code that described tokens at least receives according to the first authorization token mark, the described challenge code that receives and described first proof of algorithm comprises: described tokens at least calculates the first authority checking code according to described first authorization token mark, the described challenge code received and described first algorithm; Judge that whether described first authority checking code is identical with described first authorization code received; If identical, then verify that described first authorization code passes through.
In addition, the step of described second authorization code that described tokens at least receives according to described second authorization token mark, the described challenge code that receives and described 4th proof of algorithm comprises: described tokens at least calculates the second authority checking code according to described second authorization token mark, the described challenge code received and described 4th algorithm; Judge that whether described second authority checking code is identical with described second authorization code; If identical, then verify that described second authorization code passes through.
Another aspect of the invention provides a kind of authorization token, and this authorization token comprises: memory module, for storing authorization code generating algorithm; Receiver module, for receiving challenge code; Authorization code generation module, the described authorization code generating algorithm stored for the described challenge code that at least receives according to described receiver module and described memory module generates authorization code.
In addition, described memory module is authentication storage code generating algorithm also, and described receiver module also receives authentication code; Described authorization token also comprises: authentication module, and the described authentication code generating algorithm stored for the described challenge code that receives according to described receiver module and described memory module verifies the described authentication code that described receiver module receives.
In addition, described memory module also stores authorization token mark; Authorization code generation module, the described challenge code received for the authorization token mark at least stored according to described memory module, described authorization code generating algorithm and described receiver module generates authorization code.
Another aspect of the invention provides a kind of tokens, and this tokens comprises: memory module, for storing authorization code generating algorithm and dynamic password generating algorithm; Receiver module, for receiving challenge code and authorization code; Authentication module, the described authorization code generating algorithm stored for the described challenge code that at least receives according to described receiver module and described memory module verifies the described authorization code that described receiver module receives; Dynamic password generation module, for after described authentication module is verified, the described dynamic password generating algorithm that the described challenge code received according to described receiver module and described memory module store generates dynamic password.
In addition, described memory module also authentication storage code generating algorithm; Described tokens also comprises: authentication code generation module, and the described authentication code generating algorithm stored for the described challenge code that receives according to described receiver module and described memory module generates authentication code.
In addition, described memory module also stores authorization token mark, and described receiver module also receives described authorization code; Described authentication module, the described challenge code received for the authorization token mark at least stored according to described memory module, described authorization code generating algorithm and described receiver module verifies the described authorization code that described receiver module receives.
Another aspect of the invention provides a kind of dynamic password token remote authorization system, and this system comprises: above-mentioned tokens, and at least one above-mentioned authorization token.
In addition, described authorization token is at least two, and after described tokens verifies that authorization code that whole authorization token generates all passes through, described tokens generates dynamic password according to challenge code and dynamic password generating algorithm.
As seen from the above technical solution provided by the invention, the invention provides a kind of authorization token, tokens, dynamic password token remote-authorization method and system, at least one authorization token can be adopted to authorize tokens, can guarantee that tokens custodian can not carry out electronic transaction or operation of transferring accounts privately, simultaneously, when carrying out electronic transaction, authorization token holder can not be at the scene, meet the demand of remote authorization token, thus improve fail safe and the convenience of business-electronic transaction.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
The flow chart of the dynamic password token remote-authorization method that Fig. 1 provides for the embodiment of the present invention 1;
The authorization token structural representation that Fig. 2 provides for the embodiment of the present invention 1;
The tokens structural representation that Fig. 3 provides for the embodiment of the present invention 1;
The dynamic password token remote authorization system configuration schematic diagram that Fig. 4 provides for the embodiment of the present invention 1;
The flow chart of another dynamic password token remote-authorization method that Fig. 5 provides for the embodiment of the present invention 2;
The authorization token structural representation that Fig. 6 provides for the embodiment of the present invention 2;
The tokens structural representation that Fig. 7 provides for the embodiment of the present invention 2;
The dynamic password token remote authorization system configuration schematic diagram that Fig. 8 provides for the embodiment of the present invention 2;
The flow chart of another dynamic password token remote-authorization method that Fig. 9 provides for the embodiment of the present invention 3;
The authorization token structural representation that Figure 10 provides for the embodiment of the present invention 3;
The tokens structural representation that Figure 11 provides for the embodiment of the present invention 3;
The dynamic password token remote authorization system configuration schematic diagram that Figure 12 provides for the embodiment of the present invention 3;
The flow chart of another dynamic password token remote-authorization method that Figure 13 provides for the embodiment of the present invention 4;
The authorization token structural representation that Figure 14 provides for the embodiment of the present invention 4;
The tokens structural representation that Figure 15 provides for the embodiment of the present invention 4;
The dynamic password token remote authorization system configuration schematic diagram that Figure 16 provides for the embodiment of the present invention 4;
The dynamic password token remote authorization system configuration schematic diagram that Figure 17 provides for the embodiment of the present invention 5.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on embodiments of the invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to protection scope of the present invention.
In describing the invention, it will be appreciated that, term " " center ", " longitudinal direction ", " transverse direction ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of the instruction such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, instead of indicate or imply that the device of indication or element must have specific orientation, with specific azimuth configuration and operation, therefore limitation of the present invention can not be interpreted as.In addition, term " first ", " second " only for describing object, and can not be interpreted as instruction or hint relative importance or quantity or position.
In describing the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be interpreted broadly, and such as, can be fixedly connected with, also can be removably connect, or connect integratedly; Can be mechanical connection, also can be electrical connection; Can be directly be connected, also indirectly can be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, concrete condition above-mentioned term concrete meaning in the present invention can be understood.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Embodiment 1
Fig. 1 illustrates the flow chart of dynamic password token remote-authorization method, and see Fig. 1, dynamic password token remote-authorization method of the present invention comprises:
Step S101, authorization token generates authorization code according to the challenge code received and authorization code generating algorithm.
Concrete, authorization token is the token that donor holds, and tokens is the token that the operator specifically carrying out concluding the business (or transferring accounts) holds, tokens for generating dynamic password, to guarantee to conclude the business.
When operator needs authorized transaction, this challenge code of concluding the business is informed donor by operator, after donor obtains challenge code, challenge code is inputed in authorization token, or this challenge code of concluding the business is sent to authorization token by wired or wireless mode by tokens, authorization token calculates authorized access code according to the challenge code received and its authorization code generating algorithm stored.Wherein, challenge code can comprise Transaction Information, at least comprises following information: account and the amount of money, thus guarantees that donor knows Transaction Information, to authorize.
Step S102, tokens verifies according to the challenge code received and authorization code generating algorithm the authorization code received.
Particularly, after the authorization token generation authorization code that donor holds, donor is by this authorization code teaching process people, challenge code and authorization code input in tokens by operator respectively, or authorization code is sent to tokens by wired or wireless mode by authorization token, tokens can calculate authority checking code according to the challenge code received and its authorization code generating algorithm stored; And the authorization code of the authority checking code generated and input is judged, judge that whether authority checking code is identical with authorization code; If identical, then verify that authorization code passes through.Thus, operator can verify the correctness of authorization code, and after guarantee checking authorization code passes through, the dynamic password systematic function of open operation token.
Step S103, after checking authorization code passes through, tokens generates dynamic password according to challenge code and dynamic password generating algorithm.
Concrete, tokens calculates acquisition dynamic password according to the dynamic password generating algorithm of the challenge code inputted in step S102 and storage.Owing to needing to generate authorization code through authorization token to this challenge code of concluding the business, and open dynamic password systematic function by tokens to after the checking of authorization code, the only property of the challenge code generating dynamic password can be ensured, ensure that the fail safe of transaction.
The another aspect of the present embodiment provides a kind of authorization token 10, and see Fig. 2, this authorization token comprises:
Memory module 101, for storing authorization code generating algorithm;
Receiver module 102, for receiving challenge code;
Authorization code generation module 103, the authorization code generating algorithm stored for the challenge code that receives according to receiver module 102 and memory module 101 generates authorization code.
Thus, the challenge code that authorization token 10 can be informed according to operator generates authorization code, or the challenge code receiving tokens transmission generates authorization code, to guarantee to authorize for this transaction.
The another aspect of the present embodiment provides a kind of tokens 20, and see Fig. 3, this tokens comprises:
Memory module 201, for storing authorization code generating algorithm and dynamic password generating algorithm;
Receiver module 202, for receiving challenge code and authorization code;
Authentication module 203, the authorization code that the authorization code generating algorithm checking receiver module 202 stored for the challenge code that receives according to receiver module 202 and memory module 201 receives;
Dynamic password generation module 204, for after authentication module 203 verifies that authorization code passes through, the dynamic password generating algorithm that the challenge code received according to receiver module 202 and memory module 201 store generates dynamic password.
Thus, tokens 20 can be verified the authorization code of this transaction, and opens the dynamic password systematic function of this transaction, to guarantee that each transaction can only be carried out calculating for the challenge code of this transaction and generate dynamic password, ensure that the fail safe of transaction.
The another aspect of the present embodiment provides a kind of dynamic password token remote authorization system, and see Fig. 4, this system comprises: above-mentioned authorization token 10, and above-mentioned tokens 20.
The dynamic password token remote-authorization method provided as can be seen from above-described embodiment and system, authorization token is adopted to authorize tokens, can guarantee that tokens custodian can not carry out electronic transaction or operation of transferring accounts privately, simultaneously, when carrying out electronic transaction, authorization token holder at the scene, can not meet the demand of remote authorization token, thus improves fail safe and the convenience of business-electronic transaction.
Further, ensure that the challenge code this can only concluded the business generates dynamic password, ensure that the fail safe of transaction.
Above-described authorization code generating algorithm and dynamic password generating algorithm all can adopt any one following algorithm to calculate:
(1) cryptographic algorithm: DES, 3DES or AES;
(2) MAC algorithm:
Symmetrical MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, other standard compliant algorithms can also be adopted, or adopt other algorithms that are international or national regulation.
Embodiment 2
The present embodiment is with the difference implementing 1, and before authorization token generates authorization code according to the challenge code received and authorization code generating algorithm, authorization token is first according to challenge code and authentication code generating algorithm authentication verification code, thus the identity of verification operation token.
Fig. 5 illustrates the flow chart of another dynamic password token remote-authorization method, and see Fig. 5, dynamic password token remote-authorization method of the present invention comprises:
Step S201, tokens receives challenge code, generates authentication code according to challenge code and authentication code generating algorithm.
Concrete, this challenge code of concluding the business inputs in tokens by operator, tokens generates authentication code according to challenge code and authentication code generating algorithm, and authentication code and challenge code are informed donor by operator, so that authentication code and challenge code input in authorization token by donor; Or authentication code and challenge code are sent to authorization token by tokens.
Step S202, authorization token receives challenge code and authentication code, according to challenge code and authentication code generating algorithm authentication verification code.
Particularly, the authentication code that operator informs by donor and challenge code input in authorization token respectively, or authorization token receives authentication code and the challenge code of tokens transmission, and authorization token calculates authentication verification code according to challenge code and authentication code generating algorithm; And the authentication code of the authentication verification code generated and input is judged, judge that whether authentication verification code is identical with authentication code; If identical, then authentication verification code passes through.Thus, authorization token can the correctness of authentication verification code, guarantees that the identity of operator is credible.
Step S203, after authentication verification code passes through, authorization token generates authorization code according to the challenge code received and authorization code generating algorithm;
Step S204, tokens verifies according to the challenge code received and authorization code generating algorithm the authorization code received;
Particularly, tokens calculates authority checking code according to the challenge code received and authorization code generating algorithm; Judge that whether authority checking code is identical with the authorization code received; If identical, then verify that authorization code passes through.
Step S205, after checking authorization code passes through, tokens generates dynamic password according to challenge code and dynamic password generating algorithm.
Before authorizing, carry out the checking of tokens, ensure that the correctness of authorization object, improve the fail safe of transaction.
The another aspect of the present embodiment provides a kind of authorization token 30, and see Fig. 6, this authorization token comprises:
Memory module 301, for storing authorization code generating algorithm and authentication code generating algorithm;
Receiver module 302, for receiving challenge code and authentication code;
Authentication module 303, the authentication code that the authentication code generating algorithm checking receiver module 302 stored for the challenge code that receives according to receiver module 302 and memory module 301 receives;
Authorization code generation module 304, for after authentication module 303 authentication verification code passes through, the authorization code generating algorithm that the challenge code received according to receiver module 302 and memory module 301 store generates authorization code.
Before mandate, carry out authorization token verify tokens, ensure that the correctness of authorization object, improve the fail safe of transaction.
The another aspect of the present embodiment provides a kind of tokens 40, and see Fig. 7, this tokens comprises:
Memory module 401, for storing authorization code generating algorithm, dynamic password generating algorithm and authentication code generating algorithm;
Receiver module 402, for receiving challenge code and authorization code;
Authentication code generation module 403, the authentication code generating algorithm stored for the challenge code that receives according to receiver module 402 and memory module 401 generates authentication code;
Authentication module 404, the authorization code that the authorization code generating algorithm checking receiver module 402 stored for the challenge code that receives according to receiver module 402 and memory module 401 receives;
Dynamic password generation module 405, for after authentication module 404 verifies that authorization code passes through, generates dynamic password according to the dynamic password generating algorithm that challenge code and memory module 401 store.
Tokens generates authentication code, so that authorization token is verified tokens, ensure that the correctness of authorization object, improves the fail safe of transaction.
The another aspect of the present embodiment provides a kind of dynamic password token remote authorization system, and see Fig. 8, this system comprises: above-mentioned authorization token 30, and above-mentioned tokens 40.
The dynamic password token remote-authorization method provided as can be seen from above-described embodiment and system, authorization token is adopted to authorize tokens, can guarantee that tokens custodian can not carry out electronic transaction or operation of transferring accounts privately, simultaneously, when carrying out electronic transaction, authorization token holder at the scene, can not meet the demand of remote authorization token, thus improves fail safe and the convenience of business-electronic transaction.
In addition, authorization token, before generation authorization code, needs authentication verification code with the identity of verification operation token, thus more improves the fail safe of electronic transaction.
Wherein, authentication code generating algorithm, authorization code generating algorithm and dynamic password generating algorithm all can adopt any one following algorithm to calculate:
(1) cryptographic algorithm: DES, 3DES or AES;
(2) MAC algorithm:
Symmetrical MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, other standard compliant algorithms can also be adopted, or adopt other algorithms that are international or national regulation.
Embodiment 3
The present embodiment is with the difference implementing 1, when authorization code generating algorithm is identical with dynamic password generating algorithm, is each authorization token setting identification, and authorization token generates authorization code according to authorization token mark, the challenge code received and authorization code generating algorithm; Tokens verifies according to authorization token mark, the challenge code received and authorization code generating algorithm the authorization code received.
Fig. 9 illustrates the flow chart of another dynamic password token remote-authorization method, and see Fig. 9, dynamic password token remote-authorization method of the present invention comprises:
Step S301, authorization token generates authorization code according to authorization token mark, the challenge code received and authorization code generating algorithm;
Wherein, authorization token mark is used for identifying the identity of authorization token, to ensure its correctness and uniqueness.
Step S302, tokens verifies according to authorization token mark, the challenge code received and authorization code generating algorithm the authorization code received;
Particularly, tokens calculates authority checking code according to authorization token mark, the challenge code received and authorization code generating algorithm; Judge that whether authority checking code is identical with the authorization code received; If identical, then verify that authorization code passes through.
Step S303, after being verified, tokens generates dynamic password according to challenge code and dynamic password generating algorithm.
The another aspect of the present embodiment provides a kind of authorization token 50, and see Figure 10, this authorization token comprises:
Memory module 501, for storing authorization code generating algorithm and authorization token mark;
Receiver module 502, for receiving challenge code;
Authorization code generation module 503, the authorization token mark stored for the challenge code that receives according to receiver module 502 and memory module 501, authorization code generating algorithm generate authorization code.
The another aspect of the present embodiment provides a kind of tokens 60, and see Figure 11, this tokens comprises:
Memory module 601, for storing authorization code generating algorithm, dynamic password generating algorithm and authorization token mark;
Receiver module 602, for receiving challenge code and authorization code;
Authentication module 603, the authorization token mark stored for the challenge code that at least receives according to receiver module 602 and memory module 601 and authorization code generating algorithm verify the authorization code received that receiver module 602 receives;
Dynamic password generation module 604, for after authentication module 603 is verified, the dynamic password generating algorithm that the challenge code received according to receiver module 602 and memory module 601 store generates dynamic password.
The another aspect of the present embodiment provides a kind of dynamic password token remote authorization system, and see Figure 12, this system comprises: above-mentioned authorization token 50, and above-mentioned tokens 60.
The dynamic password token remote-authorization method provided as can be seen from above-described embodiment and system, authorization token is adopted to authorize tokens, can guarantee that tokens custodian can not carry out electronic transaction or operation of transferring accounts privately, simultaneously, when carrying out electronic transaction, authorization token holder at the scene, can not meet the demand of remote authorization token, thus improves fail safe and the convenience of business-electronic transaction.
In addition, when authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, can ensure that the authorization code generated is different with generation dynamic password by authorization token mark, both ensure that the checking to authorization code, also ensure that the safety of transaction, meanwhile, when authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, taking of the space of storage algorithm can be reduced.
Above-described authorization code generating algorithm and dynamic password generating algorithm all can adopt any one following algorithm to calculate:
(1) cryptographic algorithm: DES, 3DES or AES;
(2) MAC algorithm:
Symmetrical MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, other standard compliant algorithms can also be adopted, or adopt other algorithms that are international or national regulation.
Embodiment 4
The present embodiment is with the difference implementing 2, when authorization code generating algorithm is identical with dynamic password generating algorithm, is each authorization token setting identification, and authorization token generates authorization code according to authorization token mark, the challenge code received and authorization code generating algorithm; Tokens verifies according to authorization token mark, the challenge code received and authorization code generating algorithm the authorization code received.
Figure 13 illustrates the flow chart of another dynamic password token remote-authorization method, and see Figure 13, dynamic password token remote-authorization method of the present invention comprises:
Step S401, tokens receives challenge code, generates authentication code according to challenge code and authentication code generating algorithm;
Step S402, authorization token receives challenge code and authentication code, according to challenge code and authentication code generating algorithm authentication verification code;
Particularly, authorization token calculates authentication verification code according to challenge code and authentication code generating algorithm; Judge that whether authentication verification code is identical with authentication code; If identical, then authentication verification code passes through.
Step S403, after authentication verification code passes through, authorization token generates authorization code according to authorization token mark, the challenge code received and authorization code generating algorithm;
Wherein, authorization token mark is used for identifying the identity of authorization token, to ensure its correctness and uniqueness.
Step S404, tokens verifies according to authorization token mark, the challenge code received and authorization code generating algorithm the authorization code received;
Particularly, tokens calculates authority checking code according to authorization token mark, the challenge code received and authorization code generating algorithm; Judge that whether authority checking code is identical with the authorization code received; If identical, then verify that authorization code passes through.
Step S405, after checking authorization code passes through, tokens generates dynamic password according to challenge code and dynamic password generating algorithm.
The another aspect of the present embodiment provides a kind of authorization token 70, and see Figure 14, this authorization token comprises:
Memory module 701, for storing authorization code generating algorithm, authentication code generating algorithm and authorization token mark;
Receiver module 702, for receiving challenge code and authentication code;
Authentication module 703, the authentication code that the authentication code generating algorithm checking receiver module 702 stored for the challenge code that receives according to receiver module 702 and memory module 701 receives;
Authorization code generation module 704, for after authentication module 703 authentication verification code passes through, the challenge code generating algorithm that the authorization token mark stored according to memory module 701, authorization code generating algorithm and receiver module 702 receive generates authorization code.
The another aspect of the present embodiment provides a kind of tokens 80, and see Figure 15, this tokens comprises:
Memory module 801, for storing authorization code generating algorithm, dynamic password generating algorithm, authorization token mark and authentication code generating algorithm;
Receiver module 802, for receiving challenge code and authorization code;
Authentication code generation module 803, the authentication code generating algorithm stored for the challenge code that receives according to receiver module 802 and memory module 801 generates authentication code;
Authentication module 804, the authorization code that the authorization token mark stored for the challenge code that receives according to receiver module 802 and memory module 801, authorization code generating algorithm checking receiver module 802 receive;
Dynamic password generation module 805, for after authentication module 804 verifies that authorization code passes through, generates dynamic password according to the dynamic password generating algorithm that challenge code and memory module 801 store.
The another aspect of the present embodiment provides a kind of dynamic password token remote authorization system, and see Figure 16, this system comprises: above-mentioned authorization token 70, and above-mentioned tokens 80.
The dynamic password token remote-authorization method provided as can be seen from above-described embodiment and system, authorization token is adopted to authorize tokens, can guarantee that tokens custodian can not carry out electronic transaction or operation of transferring accounts privately, simultaneously, when carrying out electronic transaction, authorization token holder at the scene, can not meet the demand of remote authorization token, thus improves fail safe and the convenience of business-electronic transaction.
In addition, when authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, can ensure that the authorization code generated is different with generation dynamic password by authorization token mark, both ensure that the checking to authorization code, also ensure that the safety of transaction, meanwhile, when authorization code generating algorithm and dynamic password generating algorithm are identical algorithm, taking of the space of storage algorithm can be reduced.
Above-described authentication code generating algorithm, authorization code generating algorithm and dynamic password generating algorithm all can adopt any one following algorithm to calculate:
(1) cryptographic algorithm: DES, 3DES or AES;
(2) MAC algorithm:
Symmetrical MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;
HASH algorithm: MD5, SHA1;
Hmac algorithm: HMAC-MD5, HMAC-SHA1.
Certainly, other standard compliant algorithms can also be adopted, or adopt other algorithms that are international or national regulation.
Embodiment 5
Present embodiments provide another dynamic password token remote-authorization method and system, see Figure 17, wherein authorization token can be two, first authorization token 70 and the second authorization token 90, after tokens 80 needs to verify that authorization code that whole authorization token generates all passes through, tokens just generates dynamic password according to challenge code and dynamic password generating algorithm.
In addition, when authorization token is two, the authorization code generating algorithm of different authorization token can be identical, authorization token generates different authorization codes respectively according to its respective authorization token mark, the challenge code that receives, after tokens needs to verify that authorization code that whole authorization token generates all passes through, tokens just generates dynamic password according to challenge code and dynamic password generating algorithm.
Authorization token can be two or more in the present system, and its authorization method can be released from above describing, and no longer goes to live in the household of one's in-laws on getting married herein and chats.
The dynamic password token remote-authorization method adopting embodiment 5 to provide and system, can be authorized tokens by multiple authorization token simultaneously, thus further increase the fail safe of electronic transaction.
Describe and can be understood in flow chart or in this any process otherwise described or method, represent and comprise one or more for realizing the module of the code of the executable instruction of the step of specific logical function or process, fragment or part, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can not according to order that is shown or that discuss, comprise according to involved function by the mode while of basic or by contrary order, carry out n-back test, this should understand by embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple step or method can with to store in memory and the software performed by suitable instruction execution system or firmware realize.Such as, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: the discrete logic with the logic gates for realizing logic function to data-signal, there is the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is that the hardware that can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, this program perform time, step comprising embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, also can be that the independent physics of unit exists, also can be integrated in a module by two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and the form of software function module also can be adopted to realize.If described integrated module using the form of software function module realize and as independently production marketing or use time, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
In the description of this specification, specific features, structure, material or feature that the description of reference term " embodiment ", " some embodiments ", " example ", " concrete example " or " some examples " etc. means to describe in conjunction with this embodiment or example are contained at least one embodiment of the present invention or example.In this manual, identical embodiment or example are not necessarily referred to the schematic representation of above-mentioned term.And the specific features of description, structure, material or feature can combine in an appropriate manner in any one or more embodiment or example.
Although illustrate and describe embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention when not departing from principle of the present invention and aim, revising, replacing and modification.Scope of the present invention is by claims extremely equivalency.