CN103491090A - Safety authentication method, device and system - Google Patents
Safety authentication method, device and system Download PDFInfo
- Publication number
- CN103491090A CN103491090A CN201310436852.0A CN201310436852A CN103491090A CN 103491090 A CN103491090 A CN 103491090A CN 201310436852 A CN201310436852 A CN 201310436852A CN 103491090 A CN103491090 A CN 103491090A
- Authority
- CN
- China
- Prior art keywords
- dynamic password
- authenticating device
- current dynamic
- authentication
- bank server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the invention discloses a safety authentication method, device and system. Trade information and current dynamic passwords are mainly displayed through an authentication device, after a user determines the trade information, the current dynamic passwords and a digital certificate are together sent to a bank server for safety authentication, and in addition, the current dynamic passwords include generation time and hardware identification of the authentication device; after the bank server receives the current dynamic passwords and the digital certificate, whether the digital certificate is valid or not is judged, if yes, authentication dynamic passwords are generated with an algorithm equal to that of the current dynamic passwords according to the generation time of the current dynamic passwords and the hardware identification of the authentication device, if the authentication dynamic passwords are identical with the current dynamic passwords, authentication passes, and authentication determining information is sent. According to the safety authentication method, the current dynamic passwords are one-time passwords, a hacker can be prevented from intercepting the current dynamic passwords to perform illegal dealing, and safety of dealing of users is improved.
Description
Technical field
The present invention relates to field of information security technology, be specifically related to a kind of safety certifying method, equipment and system.
Background technology
The USB KEY that bank is used at present is a kind of safer Web bank's Verification System, but still has some risk, and for example the hacker can, by certain method, steal the fund of bank-user.
First generation USB KEY as China Merchants Bank's use, physical button is not set on USB KEY, and user's ordinary practice is in inserting USB KEY on computers, if user's computer is kidnapped and controlled by the hacker, the hacker just can send instruction to USB KEY secretly, completes signature authorises work.Even the user only inserts USB KEY in transaction, if user computer is kidnapped by wooden horse, once user USB KEY inserts computer, the hacker just can remote monitoring on the computer of oneself, when closing the transaction, the hacker just can utilize USB KEY also by the user, not pulled up the next time difference, logs in rapidly the other side's Net silver, and money is transferred.
The U shield of take used as industrial and commercial bank has solved the safety problem of the first product by the mode that increases display screen and acknowledgement key as main second generation USB KEY, after increasing display screen, the amount of money of customer transaction can be in the demonstration screen display of U shield, could signature authorises conclude the business after the user presses acknowledgement key on the U shield, thereby reduce the hacker, kidnap the possibility that the control computer carries out illegal authorized transactions.
Although above-mentioned second generation USB KEY can reduce the possibility that first generation USB KEY is kidnapped by the hacker to a certain extent, but second generation USB KEY also needs install driver on computers to use, so the hacker can be goal displacement to attacking driver, once driver is cracked, the hacker can fictionalize confirmation by computer, completes illegal authorized transactions.
Summary of the invention
For above-mentioned defect, the embodiment of the present invention provides a kind of safety certifying method, equipment and system, for improving the fail safe of customer transaction.
First aspect present invention provides a kind of safety certifying method, comprising:
Authenticating device shows current dynamic password and Transaction Information, and described current dynamic password includes the hardware identifier of rise time and described authenticating device;
After described authenticating device obtains the confirmation information of user to described Transaction Information, send to bank server to carry out safety certification described current dynamic password and digital certificate.
In an embodiment, described authenticating device, according to current time and the hardware identifier of self, generates current dynamic password according to the algorithm with described bank server negotiation.
In an embodiment, described authenticating device is provided with counter, also comprises:
Start counting by described counter after generating described current dynamic password, when the count value of described counter is predetermined value effective time, and while not obtaining the user to the confirmation information of described Transaction Information, generate new current dynamic password, replace shown current dynamic password.
In an embodiment, described authenticating device, when using first, sends to described bank server by the hardware identifier of self, with described bank server, sets up corresponding relation, simultaneously and described bank server proof time, make the time synchronized of self and described bank server time.
In an embodiment, described authenticating device and described bank server are consulted the generating algorithm of dynamic password.
Second aspect present invention provides a kind of safety certifying method, comprising:
Receive current dynamic password and digital certificate that authenticating device sends, described current dynamic password includes the hardware identifier of rise time and described authenticating device;
Judge that whether described digital certificate is effective, when definite described digital certificate is effective, the rise time comprised according to described current dynamic password and the hardware identifier of described authenticating device generate the authentication dynamic password; The generating algorithm of described authentication dynamic password is identical with the generating algorithm of described current dynamic password;
Judge that whether described authentication dynamic password is consistent with described current dynamic password, if consistent, send authenticate-acknowledge information; If inconsistent, send authentication failure message.
In an embodiment, the hardware identifier of the described rise time comprised according to described current dynamic password and described authenticating device generates the authentication dynamic password and comprises:
Judge whether described current dynamic password is valid password, if, according to rise time and current time in described current dynamic password, judge that described current dynamic password is whether within effective authentication phase, if the rise time comprised according to described current dynamic password and the hardware identifier of described authenticating device generate the authentication dynamic password.
In an embodiment, receive the hardware identifier that described authenticating device sends, with described authenticating device, set up corresponding relation, simultaneously and described authenticating device proof time, make the time synchronized of self and described authenticating device time.
In an embodiment, with the generating algorithm of described authenticating device negotiation dynamic password;
And then the described generation of the hardware identifier according to described rise time and described authenticating device authentication dynamic password comprises:
Generate described authentication dynamic password according to the algorithm with described authenticating device negotiation.
Third aspect present invention provides a kind of authenticating device, comprising:
Information display unit, for showing current dynamic password and Transaction Information, described current dynamic password includes the hardware identifier of rise time and described authenticating device;
The authentication information transmitting element, after obtaining the confirmation information of user to described Transaction Information, send to bank server to carry out safety certification described current dynamic password and digital certificate.
In an embodiment, current dynamic password generation unit, according to current time and the hardware identifier of self, generate current dynamic password according to the algorithm with described bank server negotiation for described authenticating device.
In an embodiment, described authenticating device is provided with counter, and described current dynamic password generation unit comprises:
The first dynamic password generation unit, for after generating described current dynamic password, by described counter, starting counting, when the count value of described counter is predetermined value effective time, and while not obtaining the user to the confirmation information of described Transaction Information, generate new current dynamic password, replace shown current dynamic password.
In an embodiment, also comprise the first initialization unit, for when using first, the hardware identifier of self is sent to described bank server, set up corresponding relation with described bank server, simultaneously and described bank server proof time, make the time synchronized of self and described bank server time.
In an embodiment, also comprise the first negotiation element, for generating algorithm and the effective time with described bank server negotiation dynamic password.
Fourth aspect present invention provides a kind of bank server, comprising:
Information receiving unit, the current dynamic password and the digital certificate that for receiving authenticating device, send, described current dynamic password includes the hardware identifier of rise time and described authenticating device;
The judgement processing unit, whether effective for judging described digital certificate, with whether judge described authentication dynamic password consistent with described current dynamic password.
Authentication dynamic password generation unit, for when definite described digital certificate is effective, the rise time comprised according to described current dynamic password and the generation of the hardware identifier of described authenticating device authenticate dynamic password; The generating algorithm of described authentication dynamic password is identical with the generating algorithm of described current dynamic password;
The authentication information transmitting element, for when described authentication dynamic password is consistent with the described current dynamic password received, send authenticate-acknowledge information; When described authentication dynamic password and the described current dynamic password received are inconsistent, send authentication failure message.
In an embodiment, describedly judge that processing unit is also for judging whether described current dynamic password is valid password; With rise time and the current time according in described current dynamic password, judge that described current dynamic password is whether within effective authentication phase.
In an embodiment, also comprise the second initialization unit, the hardware identifier sent for receiving described authenticating device, set up corresponding relation with described authenticating device, simultaneously and described authenticating device proof time, make the time synchronized of self and described authenticating device time.
In an embodiment, also comprise the second negotiation element, for the generating algorithm with described authenticating device negotiation dynamic password; And described authentication dynamic password generation unit comprises the second dynamic password generation unit, for the algorithm according to described authenticating device negotiation, generate described authentication dynamic password.
Fifth aspect present invention provides a kind of security certification system, the bank server that the authenticating device that provides as the third aspect is provided and provides as fourth aspect.
As can be seen from the above technical solutions, the embodiment of the present invention has the following advantages:
The embodiment of the present invention shows Transaction Information and current dynamic password by authenticating device, check the Transaction Information of authenticating device demonstration by the user after, this Transaction Information is confirmed, authenticating device sends to bank server to carry out safety certification current dynamic password together with digital certificate afterwards, and this current dynamic password includes the hardware identifier of rise time and described authenticating device; Bank server is after receiving current dynamic password and digital certificate, judge that whether this digital certificate is effective, when definite this digital certificate is effective, according to the hardware identifier of the rise time in current dynamic password and authenticating device, use the algorithm identical with this current dynamic password to generate the authentication dynamic password, if the authentication dynamic password is consistent with this current dynamic password, authentication is passed through, and sends authenticate-acknowledge information, if inconsistent, authentification failure, send authentication failure message.The present invention compared with prior art, without the activation bit of authenticating device is installed on client, and adopts current dynamic authentication password, and this password has disposable, can prevent that the hacker from tackling current dynamic password, improves the fail safe of customer transaction.
The accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below will the accompanying drawing of required use in the embodiment of the present invention be briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The schematic flow sheet of a kind of safety certifying method that Fig. 1 provides for the embodiment of the present invention;
The schematic flow sheet of a kind of safety certifying method that Fig. 2 provides for the embodiment of the present invention;
Another schematic flow sheet of a kind of safety certifying method that Fig. 3 provides for the embodiment of the present invention;
The structural representation of a kind of authenticating device that Fig. 4 provides for the embodiment of the present invention;
The result schematic diagram of a kind of bank server that Fig. 5 provides for the embodiment of the present invention;
The structural representation of a kind of security certification system that Fig. 6-a provides for the embodiment of the present invention;
Another structural representation of a kind of security certification system that Fig. 6-b provides for the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing of the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making under the creative work prerequisite the every other embodiment obtained, belong to the scope of protection of the invention.
The embodiment of the present invention provides a kind of safety certifying method, equipment and system, for improving the fail safe of customer transaction.
Below will at length introduce technical scheme of the present invention.
As shown in Figure 1, a kind of safety certifying method, can comprise the steps:
Step S110, authenticating device show current dynamic password and Transaction Information, and described current dynamic password includes the hardware identifier of rise time and described authenticating device;
After step S120, described authenticating device obtain the confirmation information of user to described Transaction Information, send to bank server to carry out safety certification described current dynamic password and digital certificate.
Technical scheme provided by the present invention can be applicable to the security certification system of bank, and this security certification system can comprise authenticating device and bank server.Wherein, above-mentioned steps 110 and 120 executive agent are authenticating device.
Adopt the dynamic token technology without driver in authenticating device, can generate dynamic password, the dynamic password generated belongs to disposable, is provided with in addition display screen on authenticating device.Authenticating device shows after getting the Transaction Information of user input, also will show current dynamic password simultaneously on display screen.
Preferably, Transaction Information can comprise user account and dealing money; To be authenticating device generate according to the hardware identifier of self and current time current dynamic password, and then the current dynamic password after generating includes rise time and hardware identifier, and hardware identifier is the identify label of authenticating device.
Authenticating device sends to bank server by current dynamic password and digital certificate afterwards, bank server can know that this current dynamic password is which authenticating device generates by the hardware identifier in current dynamic password, and digital certificate is used for the authority of authenticated user.
In the embodiment of the present invention, the authenticating device side shows by Transaction Information and the current dynamic password obtained, so that the user can confirm shown Transaction Information, after receiving the confirmation information of user to Transaction Information, current dynamic password and digital certificate are sent to bank server, authenticated by bank server.The present invention, by using current dynamic password and bank server to be authenticated, can improve the fail safe of customer transaction.
For instance, above-mentioned authenticating device can be USB KEY, in USB KEY, is provided with counter, and this counter is used for the effective time of calculating current dynamic password.When using this USB KEY first, first this USB KEY is carried out to initialization, be about to hardware identifier and send to bank server, so that bank server stores this hardware identifier, thereby this USB KEY and bank server are set up to corresponding relation.Transmitting time is synchronously proofreaded request simultaneously, will proofread the time synchronized with bank server the time.
Further, the present invention adopts current dynamic cipher verification, and bank server must know that USB KEY generates the algorithm of current dynamic password, so, at USB KEY initial phase, can also consult with bank server the generating algorithm of current dynamic password, such as adopting common hash algorithm.
After completing initialization, USB KEY adopts the algorithm of consulting with bank server, generates current dynamic password according to self hardware device and current time, simultaneously, starts counter.If give current dynamic password predetermined effective time, when the rolling counters forward value for this predetermined effective time while being worth, remove the count value of this counter, and USB KEY generates another current dynamic password according to current time and hardware identifier, counter starts again to count simultaneously; When the rolling counters forward value, for this predetermined effective time, while being worth, the count value of counter is removed, USB KEY is according to current time and another current dynamic password of hardware identifier regeneration, and counter starts again to count simultaneously, so repeatedly carries out.
Preferably, can be set as to 60 seconds predetermined effective time.
When the user need to carry out bank transaction, by USB KEY access computer, to on the display screen of USBKEY, show current dynamic password so, and after the rolling counters forward value is predetermined effective time, will regenerate new current dynamic password and replace the current dynamic password on display screen.After if authenticating device gets the Transaction Information of user's input, and this Transaction Information is shown on display screen, if the user confirms that this Transaction Information is errorless, current dynamic password on the input panel curtain so on computers, after click completes, USB KEY sends to bank server after also having Transaction Information to encrypt current dynamic password, digital certificate together.Owing to adopting current dynamic password, even intercepted and captured by the hacker, but, when using next time, at this current dynamic password of bank server, surpassed the authentication term of validity, it is invalid by bank server, to be considered as, thereby has improved the fail safe of bank transaction.
For instance, above-mentioned authenticating device can also be mobile terminal, as smart mobile phone, IPAD etc.The user is in when transaction, without mobile terminal is accessed to computer, and can be convenient.At first, disposable dynamic token technical program is installed on mobile terminal, afterwards mobile terminal is carried out to initialization, concrete operations, as the initialization step of above-mentioned authenticating device, do not repeat them here.
Also be provided with counter in mobile terminal, according to the count value of counter, repeatedly upgrade current dynamic password.After the Transaction Information that obtains the user, Transaction Information is shown to the user together with current dynamic password, after the user confirms, Transaction Information, current dynamic password are encrypted and sent to bank server together with digital certificate.Owing to adopting current dynamic password, even intercepted and captured by the hacker, but, when using next time, at this current dynamic password of bank server, surpassed the authentication term of validity, it is invalid by bank server, to be considered as, thereby has improved the fail safe of bank transaction.
As shown in Figure 2, a kind of safety certifying method can comprise:
Current dynamic password and digital certificate that step S210, reception authenticating device send, described current dynamic password includes the hardware identifier of rise time and described authenticating device;
Wherein, bank server receives current dynamic password and digital certificate from authenticating device, and received current dynamic password gathers the hardware identifier that includes rise time and authenticating device.
Step S220, judge that whether described digital certificate is effective;
Wherein, bank server judges according to digital certificate whether user account belongs to the authorization identifying user, and the authentication of digital certificate is prior art, does not repeat them here.
Step S230, when definite described digital certificate is effective, the rise time comprised according to described current dynamic password and the hardware identifier of described authenticating device generate the authentication dynamic password; The generating algorithm of described authentication dynamic password is identical with the generating algorithm of described current dynamic password;
Wherein, after bank server confirms that the digital certificate received is effective, will generate according to the hardware identifier of rise time and authenticating device in current dynamic password the authentication dynamic password.Be understandable that, when the authenticating device initialization, with bank server, consulted generating algorithm, bank server, in institute's canned data, finds the hardware identifier of this authenticating device, after obtaining the cryptographic algorithm of its negotiation, generates the authentication dynamic password.
Step S240, judge that whether described authentication dynamic password is consistent with described current dynamic password; If consistent, turn to step S250; If inconsistent, turn to step S260;
Step S250, to authenticating device, send authenticate-acknowledge information;
Step S260, to authenticating device, send authentication failure message.
Wherein, whether bank server authenticates dynamic password by judgement consistent with current dynamic password, if consistent, illustrates that so current dynamic password is that effectively authentication can be passed through.
The current dynamic password and the digital certificate that in the embodiment of the present invention, by the bank server side, by receiving certificate server, are sent, judge that afterwards whether this digital certificate is effective, when definite digital certificate is effective, according to the rise time of current dynamic password and the hardware identifier generation authentication dynamic password of authenticating device, with this authentication dynamic password and current dynamic password, contrasted, if consistent, prove that this current dynamic password is effective, authentication is passed through, if inconsistent, authentification failure.The embodiment of the present invention adopts the dynamic password technology, improves the fail safe of customer transaction, prevents that being intercepted password by the hacker carries out illegal transaction.
Be understandable that, when the initial phase of authenticating device, can receive the hardware identifier that authenticating device sends, simultaneously also will with the authenticating device proof time, temporal synchronous to realize.
In addition, in order to carry out better the authentication of current dynamic password, also will carry out with authenticating device the negotiation of generating algorithm, such as adopting common hash algorithm etc.
After authentication initialization success, bank server will and authenticating device between set up corresponding relation, and the generating algorithm of the hardware identifier of authenticating device and current dynamic password is preserved, give received current dynamic password simultaneously and set an authentication term of validity.This authentication term of validity just means that current dynamic password started to calculate in the rise time, within the some time, just can authenticate, and surpasses this time directly to be judged as invalid password.Certainly, what adopt due to the embodiment of the present invention is dynamic password, and dynamic password has disposable effectiveness, if current dynamic password is non-while using for the first time, it is invalid also directly to be judged as.
For instance, above-mentioned authenticating device can be USB KEY, below will the embodiment of above-mentioned bank server be described further, and as shown in Figure 3, a kind of safety certifying method specifically can comprise:
Current dynamic password and digital certificate that step S310, reception USB KEY send, described current dynamic password includes the hardware identifier of rise time and described USB KEY;
Wherein, include the unique hardware sign of USB KEY in current dynamic password, simultaneously, also include the rise time in current dynamic password, so that bank server can effectively judge current dynamic password simply according to rise time and current time.
Step S320, judge that whether the digital certificate of described UEB KEY is effective, if turn to step S330; If not, turn to step S380;
Wherein, with above-mentioned steps, S220 is identical, does not repeat them here.
Step S330, judge that whether described current dynamic password is used for the first time, if turn to step S340; If not, turn to step S380;
Wherein, due to what adopt, be dynamic password, can only use once.At USB KEY, send in the process of current dynamic password, suppose to be intercepted and captured by the hacker, and then for the second time this current dynamic password is sent to bank server, bank server can directly confirm that the current dynamic password received for the second time is invalid, prevents from carrying out illegal transaction after the hacker from intercepting and capturing.
Step S340, according to rise time and current time in described current dynamic password, judge that described current dynamic password is whether within effective authentication phase, if turn to step S350; If not, turn to step S380;
Wherein, current time in bank server deducts the rise time in the current dynamic password received and obtains a time period, with this time period with give the predetermined authentication term of validity of current dynamic password and compare, when the time period surpasses the authentication term of validity, directly judge that this current dynamic password is invalid.
Preferably, if be 60 seconds the effective time of predetermined current dynamic password, the authentication term of validity of current dynamic password can be predefined for to 120 seconds so.
The hardware identifier of step S350, the rise time comprised according to described current dynamic password and described UEB KEY, adopt the algorithm of consulting with described USB KEY to generate the authentication dynamic password;
Step S360, judge that whether described authentication dynamic password is consistent with described current dynamic password, if consistent, turn to step S370; If inconsistent, turn to step S380;
Step S370, to USB KEY, send authenticate-acknowledge information;
Step S380, to USB EKY, send authentication failure message.
In embodiments of the present invention, bank server judged the access times of the current dynamic password that receives, not being while using for the first time, can directly judge that it is invalid; The authentication term of validity of this current dynamic password is judged, if surpass the authentication term of validity, also directly the judgement is invalid again; If use for the first time, and do not surpass the authentication term of validity, to generate an authentication dynamic password according to the rise time of current dynamic password and the hardware device of USB KEY so, with this current dynamic password, compare, if consistent, prove that this current dynamic password is effective, to USB KEY, send authenticate-acknowledge information; If inconsistent, it is invalid to authenticate, and to USB KEY, sends authentication failure message, the fail safe that has effectively improved customer transaction.
The embodiment of the present invention also provides a kind of authenticating device 400, as shown in Figure 4, can comprise:
Authentication information transmitting element 420, after obtaining the confirmation information of user to described Transaction Information, send to bank server to carry out safety certification described current dynamic password and digital certificate.
Further, this authenticating device also comprises current dynamic password generation unit, for described authenticating device, according to current time and the hardware identifier of self, according to the algorithm with described bank server negotiation, generates current dynamic password.
Wherein, in this authenticating device, counter can be set, and then can also comprise:
The first dynamic password generation unit, for after generating described current dynamic password, by described counter, starting counting, when the count value of described counter is predetermined value effective time, and while not obtaining the user to the confirmation information of described Transaction Information, generate new current dynamic password, replace shown current dynamic password.
Further, this authenticating device can also comprise the first initialization unit, for when using first, the hardware identifier of self is sent to described bank server, set up corresponding relation with described bank server, simultaneously and described bank server proof time, make the time synchronized of self and described bank server time.
Further, the first negotiation element, for generating algorithm and the effective time with described bank server negotiation dynamic password.
Preferably, above-mentioned authenticating device can be USB KEY, can be also that mobile terminal is as smart mobile phone etc., in USB KEY and mobile terminal, install without driving the dynamic token technology, USB KEY or mobile terminal are carried out to initialization, mainly complete the corresponding of USB KEY or mobile terminal and bank server, time synchronous, also have the negotiation of algorithm.
As shown in Figure 5, the embodiment of the present invention also provides a kind of bank server 500, can comprise:
Authentication dynamic password generation unit 530, for when definite described digital certificate is effective, the rise time comprised according to described current dynamic password and the generation of the hardware identifier of described authenticating device authenticate dynamic password; The generating algorithm of described authentication dynamic password is identical with the generating algorithm of described current dynamic password;
Authentication information transmitting element 540, for when described authentication dynamic password is consistent with the described current dynamic password received, send authenticate-acknowledge information; When described authentication dynamic password and the described current dynamic password received are inconsistent, send authentication failure message.
Further, above-mentionedly judge that processing unit 520 is also for judging whether described current dynamic password is valid password; With rise time and the current time according in described current dynamic password, judge that described current dynamic password is whether within effective authentication phase.
Further, above-mentioned bank server 500 can also comprise the second initialization unit, and the hardware identifier sent for receiving described authenticating device, set up corresponding relation with described authenticating device, simultaneously and described authenticating device proof time, make the time synchronized of self and described authenticating device time.
Further, above-mentioned bank server 500 can also comprise the second negotiation element, for the generating algorithm with described authenticating device negotiation dynamic password;
Further, above-mentioned authentication dynamic password generation unit 530 can comprise: the second dynamic password generation unit generates described authentication dynamic password for the algorithm according to described authenticating device negotiation.
In addition, as shown in Fig. 6-a and 6-b, the embodiment of the present invention also provides a kind of complete Verification System 600, can comprise authenticating device 400 and bank server as shown in Figure 5 500 as shown in Figure 4;
Wherein, authenticating device shown in 400 can comprise:
Authentication information transmitting element 420, after obtaining the confirmation information of user to described Transaction Information, send to bank server to carry out safety certification described current dynamic password and digital certificate.
Further, this authenticating device also comprises current dynamic password generation unit, for described authenticating device, according to current time and the hardware identifier of self, according to the algorithm with described bank server negotiation, generates current dynamic password.
Wherein, in this authenticating device, counter can be set, and then can also comprise:
The first dynamic password generation unit, for after generating described current dynamic password, by described counter, starting counting, when the count value of described counter is predetermined value effective time, and while not obtaining the user to the confirmation information of described Transaction Information, generate new current dynamic password, replace shown current dynamic password.
Further, this authenticating device can also comprise the first initialization unit, for when using first, the hardware identifier of self is sent to described bank server, set up corresponding relation with described bank server, simultaneously and described bank server proof time, make the time synchronized of self and described bank server time.
Further, the first negotiation element, for generating algorithm and the effective time with described bank server negotiation dynamic password.
For instance, above-mentioned authenticating device can be USB KEY, can be also that mobile terminal is as smart mobile phone etc., in USB KEY and mobile terminal, install without driving the dynamic token technology, USB KEY or mobile terminal are carried out to initialization, mainly complete the corresponding of USB KEY or mobile terminal and bank server, time synchronous, also have the negotiation of algorithm.
Described bank server 500 can comprise:
Authentication dynamic password generation unit 530, for when definite described digital certificate is effective, the rise time comprised according to described current dynamic password and the generation of the hardware identifier of described authenticating device authenticate dynamic password; The generating algorithm of described authentication dynamic password is identical with the generating algorithm of described current dynamic password;
Authentication information transmitting element 540, for when described authentication dynamic password is consistent with the described current dynamic password received, send authenticate-acknowledge information; When described authentication dynamic password and the described current dynamic password received are inconsistent, send authentication failure message.
Further, above-mentionedly judge that processing unit 520 is also for judging whether described current dynamic password is valid password; With rise time and the current time according in described current dynamic password, judge that described current dynamic password is whether within effective authentication phase.
Further, above-mentioned bank server 500 can also comprise the second initialization unit, and the hardware identifier sent for receiving described authenticating device, set up corresponding relation with described authenticating device, simultaneously and described authenticating device proof time, make the time synchronized of self and described authenticating device time.
Further, above-mentioned bank server 500 can also comprise the second negotiation element, for the generating algorithm with described authenticating device negotiation dynamic password;
Further, above-mentioned authentication dynamic password generation unit 530 can comprise: the second dynamic password generation unit generates described authentication dynamic password for the algorithm according to described authenticating device negotiation.
For instance, above-mentioned authenticating device can be USB KEY, can be also that mobile terminal is as smart mobile phone etc., in USB KEY and mobile terminal, install without driving the dynamic token technology, USB KEY or mobile terminal are carried out to initialization, mainly complete the corresponding of USB KEY or mobile terminal and bank server, time synchronous, also have the negotiation of algorithm.By adopt the dynamic technique of current dynamic password in USB KEY or mobile terminal, can prevent that the hacker from intercepting and capturing password and carrying out illegal transaction, improve the fail safe of transaction.
One of ordinary skill in the art will appreciate that all or part of step realized in above-described embodiment method is to come the hardware that instruction is relevant to complete by program, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.
Above a kind of safety certifying method provided by the present invention, equipment and system are described in detail, for one of ordinary skill in the art, thought according to the embodiment of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (19)
1. a safety certifying method, is characterized in that, comprising:
Authenticating device shows current dynamic password and Transaction Information, and described current dynamic password includes the hardware identifier of rise time and described authenticating device;
After described authenticating device obtains the confirmation information of user to described Transaction Information, send to bank server to carry out safety certification described current dynamic password and digital certificate.
2. method according to claim 1, is characterized in that, also comprises:
Described authenticating device, according to current time and the hardware identifier of self, generates current dynamic password according to the algorithm with described bank server negotiation.
3. method according to claim 1 and 2, is characterized in that, described authenticating device is provided with counter, also comprises:
Start counting by described counter after generating described current dynamic password, when the count value of described counter is predetermined value effective time, and while not obtaining the user to the confirmation information of described Transaction Information, generate new current dynamic password, replace shown current dynamic password.
4. method according to claim 1 and 2, is characterized in that, also comprises:
Described authenticating device is when being used first, the hardware identifier of self is sent to described bank server, set up corresponding relation with described bank server, simultaneously and described bank server proof time, make the time synchronized of self and described bank server time.
5. method according to claim 4, is characterized in that, also comprises:
Described authenticating device and described bank server are consulted the generating algorithm of dynamic password.
6. a safety certifying method, is characterized in that, comprising:
Receive current dynamic password and digital certificate that authenticating device sends, described current dynamic password includes the hardware identifier of rise time and described authenticating device;
Judge that whether described digital certificate is effective, when definite described digital certificate is effective, the rise time comprised according to described current dynamic password and the hardware identifier of described authenticating device generate the authentication dynamic password; The generating algorithm of described authentication dynamic password is identical with the generating algorithm of described current dynamic password;
Judge that whether described authentication dynamic password is consistent with described current dynamic password, if consistent, send authenticate-acknowledge information; If inconsistent, send authentication failure message.
7. method according to claim 6, is characterized in that, the hardware identifier of the described rise time comprised according to described current dynamic password and described authenticating device generates the authentication dynamic password and comprises:
Judge whether described current dynamic password is valid password, if, according to rise time and current time in described current dynamic password, judge that described current dynamic password is whether within effective authentication phase, if the rise time comprised according to described current dynamic password and the hardware identifier of described authenticating device generate the authentication dynamic password.
8. according to the described method of claim 6 or 7, it is characterized in that, also comprise:
Receive the hardware identifier that described authenticating device sends, with described authenticating device, set up corresponding relation, simultaneously and described authenticating device proof time, make the time synchronized of self and described authenticating device time.
9. according to the described method of claim 6 or 7, it is characterized in that, also comprise:
Generating algorithm with described authenticating device negotiation dynamic password;
And then the described generation of the hardware identifier according to described rise time and described authenticating device authentication dynamic password comprises:
Generate described authentication dynamic password according to the algorithm with described authenticating device negotiation.
10. an authenticating device, is characterized in that, comprising:
Information display unit, for showing current dynamic password and Transaction Information, described current dynamic password includes the hardware identifier of rise time and described authenticating device;
The authentication information transmitting element, after obtaining the confirmation information of user to described Transaction Information, send to bank server to carry out safety certification described current dynamic password and digital certificate.
11. authenticating device according to claim 10, is characterized in that, also comprises:
Current dynamic password generation unit, according to current time and the hardware identifier of self, generate current dynamic password according to the algorithm with described bank server negotiation for described authenticating device.
12. according to the described authenticating device of claim 10 or 11, it is characterized in that, described authenticating device is provided with counter, described current dynamic password generation unit comprises:
The first dynamic password generation unit, for after generating described current dynamic password, by described counter, starting counting, when the count value of described counter is predetermined value effective time, and while not obtaining the user to the confirmation information of described Transaction Information, generate new current dynamic password, replace shown current dynamic password.
13. according to the described authenticating device of claim 10 or 11, it is characterized in that, also comprise:
The first initialization unit, for when using first, the hardware identifier of self is sent to described bank server, set up corresponding relation with described bank server, simultaneously and described bank server proof time, make the time synchronized of self and described bank server time.
14. according to the described authenticating device of claim 10 or 11, it is characterized in that, also comprise:
The first negotiation element, for generating algorithm and the effective time with described bank server negotiation dynamic password.
15. a bank server, is characterized in that, comprising:
Information receiving unit, the current dynamic password and the digital certificate that for receiving authenticating device, send, described current dynamic password includes the hardware identifier of rise time and described authenticating device;
The judgement processing unit, whether effective for judging described digital certificate, with whether judge described authentication dynamic password consistent with described current dynamic password.
Authentication dynamic password generation unit, for when definite described digital certificate is effective, the rise time comprised according to described current dynamic password and the generation of the hardware identifier of described authenticating device authenticate dynamic password; The generating algorithm of described authentication dynamic password is identical with the generating algorithm of described current dynamic password;
The authentication information transmitting element, for when described authentication dynamic password is consistent with the described current dynamic password received, send authenticate-acknowledge information; When described authentication dynamic password and the described current dynamic password received are inconsistent, send authentication failure message.
16. bank server according to claim 15, is characterized in that, describedly judges that processing unit is also for judging whether described current dynamic password is valid password; With rise time and the current time according in described current dynamic password, judge that described current dynamic password is whether within effective authentication phase.
17. according to the described bank server of claim 15 or 16, it is characterized in that, also comprise:
The second initialization unit, the hardware identifier sent for receiving described authenticating device, set up corresponding relation with described authenticating device, simultaneously and described authenticating device proof time, makes the time synchronized of self and described authenticating device time.
18. according to the described bank server of claim 15 or 16, it is characterized in that, also comprise:
The second negotiation element, for the generating algorithm with described authenticating device negotiation dynamic password;
And then described authentication dynamic password generation unit comprises:
The second dynamic password generation unit, generate described authentication dynamic password for the algorithm according to described authenticating device negotiation.
19. a security certification system, is characterized in that, comprises authenticating device as described as claim 10~14 any one and the described bank server of claim 15~18 any one.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310436852.0A CN103491090A (en) | 2013-09-23 | 2013-09-23 | Safety authentication method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310436852.0A CN103491090A (en) | 2013-09-23 | 2013-09-23 | Safety authentication method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103491090A true CN103491090A (en) | 2014-01-01 |
Family
ID=49831049
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310436852.0A Pending CN103491090A (en) | 2013-09-23 | 2013-09-23 | Safety authentication method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103491090A (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104253693A (en) * | 2014-06-19 | 2014-12-31 | 于甫 | Interactive dynamic password verification method |
| CN104683355A (en) * | 2015-03-26 | 2015-06-03 | 上海众人网络安全技术有限公司 | Anti-repudiation dynamic password generating method and dynamic password verification system |
| CN104836660A (en) * | 2014-02-12 | 2015-08-12 | 中国银联股份有限公司 | Password management method and system |
| CN105391556A (en) * | 2015-11-27 | 2016-03-09 | 厦门雅迅网络股份有限公司 | Method and apparatus for generating dynamic password, authentication method and system |
| CN105528695A (en) * | 2014-09-28 | 2016-04-27 | 中国银联股份有限公司 | Tag-based mobile payment method and mobile payment system |
| CN105656635A (en) * | 2016-03-04 | 2016-06-08 | 赫季芬 | Dynamic password generation method and device and authentication method and system |
| CN108027920A (en) * | 2015-06-14 | 2018-05-11 | 滕德尔阿莫尔有限责任公司 | Security measures for electronic transactions and user authentication |
| CN108777615A (en) * | 2018-09-17 | 2018-11-09 | 上海并擎软件科技有限公司 | Dynamic password authentication method and device |
| CN110830413A (en) * | 2018-08-07 | 2020-02-21 | 京东数字科技控股有限公司 | Communication method, client, server, communication device and system |
| CN111523109A (en) * | 2020-07-03 | 2020-08-11 | 支付宝(杭州)信息技术有限公司 | Method and device for verifying electronic equipment application |
| CN112507325A (en) * | 2020-12-03 | 2021-03-16 | 深圳天地宽视信息科技有限公司 | Method, device, equipment and storage medium for managing equipment access authority |
| CN112600865A (en) * | 2021-03-08 | 2021-04-02 | 南京怡晟安全技术研究院有限公司 | Reliable identity and version information authentication method for Internet of things equipment |
| CN112652096A (en) * | 2020-12-14 | 2021-04-13 | 珠海格力电器股份有限公司 | NB door lock information synchronization method, device, equipment and medium |
| CN115622687A (en) * | 2022-12-19 | 2023-01-17 | 深圳昂楷科技有限公司 | Dynamic password generation method, device, computer equipment and medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101651675A (en) * | 2009-08-27 | 2010-02-17 | 北京飞天诚信科技有限公司 | Method and system for enhancing security of network transactions |
| CN102034307A (en) * | 2010-12-31 | 2011-04-27 | 上海众人网络安全技术有限公司 | Electronic wallet-based dynamic password authentication system and method |
| CN102075522A (en) * | 2010-12-22 | 2011-05-25 | 北京航空航天大学 | Secure certification and transaction method with combination of digital certificate and one-time password |
| CN102202300A (en) * | 2011-06-14 | 2011-09-28 | 上海众人网络安全技术有限公司 | System and method for dynamic password authentication based on dual channels |
| CN102684880A (en) * | 2012-05-03 | 2012-09-19 | 林顺来 | Method and system for authenticating USB (universal serial bus) challenge-response token |
| CN203180940U (en) * | 2013-03-29 | 2013-09-04 | 国民技术股份有限公司 | Dynamic password card |
-
2013
- 2013-09-23 CN CN201310436852.0A patent/CN103491090A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101651675A (en) * | 2009-08-27 | 2010-02-17 | 北京飞天诚信科技有限公司 | Method and system for enhancing security of network transactions |
| CN102075522A (en) * | 2010-12-22 | 2011-05-25 | 北京航空航天大学 | Secure certification and transaction method with combination of digital certificate and one-time password |
| CN102034307A (en) * | 2010-12-31 | 2011-04-27 | 上海众人网络安全技术有限公司 | Electronic wallet-based dynamic password authentication system and method |
| CN102202300A (en) * | 2011-06-14 | 2011-09-28 | 上海众人网络安全技术有限公司 | System and method for dynamic password authentication based on dual channels |
| CN102684880A (en) * | 2012-05-03 | 2012-09-19 | 林顺来 | Method and system for authenticating USB (universal serial bus) challenge-response token |
| CN203180940U (en) * | 2013-03-29 | 2013-09-04 | 国民技术股份有限公司 | Dynamic password card |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104836660A (en) * | 2014-02-12 | 2015-08-12 | 中国银联股份有限公司 | Password management method and system |
| CN104253693A (en) * | 2014-06-19 | 2014-12-31 | 于甫 | Interactive dynamic password verification method |
| CN105528695B (en) * | 2014-09-28 | 2019-12-24 | 中国银联股份有限公司 | Mobile payment method and mobile payment system based on marks |
| CN105528695A (en) * | 2014-09-28 | 2016-04-27 | 中国银联股份有限公司 | Tag-based mobile payment method and mobile payment system |
| CN104683355A (en) * | 2015-03-26 | 2015-06-03 | 上海众人网络安全技术有限公司 | Anti-repudiation dynamic password generating method and dynamic password verification system |
| CN108027920A (en) * | 2015-06-14 | 2018-05-11 | 滕德尔阿莫尔有限责任公司 | Security measures for electronic transactions and user authentication |
| CN105391556A (en) * | 2015-11-27 | 2016-03-09 | 厦门雅迅网络股份有限公司 | Method and apparatus for generating dynamic password, authentication method and system |
| CN105656635A (en) * | 2016-03-04 | 2016-06-08 | 赫季芬 | Dynamic password generation method and device and authentication method and system |
| CN110830413A (en) * | 2018-08-07 | 2020-02-21 | 京东数字科技控股有限公司 | Communication method, client, server, communication device and system |
| CN110830413B (en) * | 2018-08-07 | 2023-09-26 | 京东科技控股股份有限公司 | Communication method, client, server, communication device and system |
| CN108777615A (en) * | 2018-09-17 | 2018-11-09 | 上海并擎软件科技有限公司 | Dynamic password authentication method and device |
| CN111523109A (en) * | 2020-07-03 | 2020-08-11 | 支付宝(杭州)信息技术有限公司 | Method and device for verifying electronic equipment application |
| TWI777520B (en) * | 2020-07-03 | 2022-09-11 | 大陸商支付寶(杭州)信息技術有限公司 | Calibration method and device for electronic equipment insurance |
| CN112507325A (en) * | 2020-12-03 | 2021-03-16 | 深圳天地宽视信息科技有限公司 | Method, device, equipment and storage medium for managing equipment access authority |
| CN112652096A (en) * | 2020-12-14 | 2021-04-13 | 珠海格力电器股份有限公司 | NB door lock information synchronization method, device, equipment and medium |
| CN112600865A (en) * | 2021-03-08 | 2021-04-02 | 南京怡晟安全技术研究院有限公司 | Reliable identity and version information authentication method for Internet of things equipment |
| CN115622687A (en) * | 2022-12-19 | 2023-01-17 | 深圳昂楷科技有限公司 | Dynamic password generation method, device, computer equipment and medium |
| CN115622687B (en) * | 2022-12-19 | 2023-10-20 | 深圳昂楷科技有限公司 | Dynamic password generation method, device, computer equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103491090A (en) | Safety authentication method, device and system | |
| US20210350013A1 (en) | Security systems and methods for continuous authorized access to restricted access locations | |
| CN106575416B (en) | System and method for authenticating a client to a device | |
| US10650632B2 (en) | Systems and methods for provisioning digital identities to authenticate users | |
| US9838205B2 (en) | Network authentication method for secure electronic transactions | |
| TWI522836B (en) | Network authentication method and system for secure electronic transaction | |
| CN106797311B (en) | System, method and storage medium for secure password generation | |
| US9762590B2 (en) | System and method for an integrity focused authentication service | |
| CN106464673B (en) | Enhanced security for authenticating device registration | |
| KR101895243B1 (en) | Integration of payment capability into secure elements of computers | |
| KR101544722B1 (en) | Method for performing non-repudiation, payment managing server and user device therefor | |
| US9218493B2 (en) | Key camouflaging using a machine identifier | |
| CN109474437B (en) | Method for applying digital certificate based on biological identification information | |
| CN103685311A (en) | Log-in validation method and device | |
| CN113711560A (en) | System and method for efficient challenge-response verification | |
| WO2013059866A1 (en) | Remote device authentication system and method | |
| US9871890B2 (en) | Network authentication method using a card device | |
| KR101498120B1 (en) | Digital certificate system for cloud-computing environment and method thereof | |
| KR20140063256A (en) | Payment method and system | |
| CN114631109A (en) | System and method for cross-coupling risk analysis and one-time passwords | |
| CN105205667A (en) | Safety payment verification method, device and system | |
| TWM578432U (en) | System for assisting a financial card holder in setting password for the first time | |
| EP3116159A1 (en) | Method and apparatus for securing data transmission | |
| CN114830092A (en) | System and method for protecting against malicious program code injection | |
| TW202022761A (en) | System for assisting a financial card holder in setting password for the first time and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| ASS | Succession or assignment of patent right |
Owner name: SHENZHEN JINDIE YOUSHANG ELECTRONIC COMMERCE SERVI Free format text: FORMER OWNER: KINGDEE SOFTWARE (CHINA) COMPANY LTD. Effective date: 20150629 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20150629 Address after: 518057, Shenzhen, Guangdong science and Technology Park, Nanshan District science and technology twelve South Road 2 Kingdee Software Park, A, 3 South Zone Applicant after: Shenzhen Jindie Youshang E-Business Service Co., Ltd. Address before: 518057 Guangdong city of Shenzhen province science and technology science and Technology Park of Nanshan District twelve South Road No. 2, Kingdee Software Park A block 1-8 Applicant before: Kingdee Software (China) Co., Ltd. |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 518057, Shenzhen, Guangdong science and Technology Park, Nanshan District science and technology twelve South Road 2 Kingdee Software Park, A, 3 South Zone Applicant after: Shenzhen Kingdee fine fighting cloud Network Technology Co., Ltd. Address before: 518057, Shenzhen, Guangdong science and Technology Park, Nanshan District science and technology twelve South Road 2 Kingdee Software Park, A, 3 South Zone Applicant before: Shenzhen Jindie Youshang E-Business Service Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140101 |
|
| RJ01 | Rejection of invention patent application after publication |