CN103647647B - Automatic correction method for time migration of dynamic password at server side - Google Patents
Automatic correction method for time migration of dynamic password at server side Download PDFInfo
- Publication number
- CN103647647B CN103647647B CN201310655442.5A CN201310655442A CN103647647B CN 103647647 B CN103647647 B CN 103647647B CN 201310655442 A CN201310655442 A CN 201310655442A CN 103647647 B CN103647647 B CN 103647647B
- Authority
- CN
- China
- Prior art keywords
- dynamic password
- time
- server
- current
- authenticated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000005012 migration Effects 0.000 title claims abstract description 23
- 238000013508 migration Methods 0.000 title claims abstract description 23
- 238000012937 correction Methods 0.000 title claims abstract description 20
- 238000000205 computational method Methods 0.000 abstract 1
- 239000013078 crystal Substances 0.000 description 12
- 230000008569 process Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 239000010453 quartz Substances 0.000 description 3
- VYPSYNLAJGMNEJ-UHFFFAOYSA-N silicon dioxide Inorganic materials O=[Si]=O VYPSYNLAJGMNEJ-UHFFFAOYSA-N 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 230000002123 temporal effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000010355 oscillation Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of Automatic correction method for time migration of dynamic password at server side, whether certification is successful for the dynamic password that the time that receives decision token device according to dynamic password sends, described method includes, when upper once dynamic password authentication success, preserve last dynamic password authentication time T1 and last dynamic password time off-set T 2, when receiving current dynamic password, according to T1, T2 and current dynamic password authentication time T3 calculates current dynamic password time off-set T 4, according to the authenticated time window that T4 and server preset, calculate the authenticated time scope of current dynamic password, according to server receive time of current dynamic password whether drop within the scope of described authenticated time time, determine that whether current dynamic password authentication is successful。The method of the present invention, according to the time migration trend between certificate server and token device, has unified the time migration computational methods of dynamic password, and automaticity is high, highly reliable。
Description
Technical field
The present invention relates to digital certificate field, particularly relate to a kind of Automatic correction method for time migration of dynamic password at server side。
Background technology
Dynamic password authentication mode has event mode and time type two kinds。Event mode token is to produce different password by button, it is authenticated at server end, time type token is then that token device and server interval over time (30 seconds, 60 seconds etc.) synchronize to produce dynamic password according to identical dynamic password seed and dynamic password generating algorithm, server judges that whether the dynamic password that the dynamic password received is from a locally generated is identical, to carry out the certification of dynamic password。
For time type dynamic password authentication mode, no matter using handset token or hardware token, the acquisition time is all obtain from the hardware module of each self terminal。But there will be temporal inconsistent between token device and certificate server, thus causing the dynamic password of generation inconsistent, cause authentification failure。And once certification both sides' time unmatched situation occur in current dynamic password authentication process, mainly prompting user carries out token time synchronizing process, and this process is static, dead method, is a fixing side-play amount。When carrying out token device and synchronizing, certificate server calculates a temporal side-play amount, will increase or reduce this side-play amount, to reach the coupling of time when then having arrived certification on current time quantum。But this method has a fatal shortcoming, be exactly this side-play amount it is fixing, and the time offset of token device and certificate server is not a fixed value, but certain trend amount, thus causing token device to carry out the time synchronized of dynamic password with certificate server frequently。The authentication mode of this frequent lock in time not only bothers, and has security breaches, increases the probability made mistakes, it is also possible to cause the instability of server。
Therefore, needs one is easy and simple to handle, calculate Automatic correction method for time migration of dynamic password at server side accurately, it is no longer the time synchronized correction frequently carrying out token device and certificate server, but uses fixing algorithm to carry out time certification, improve the Stability and veracity of certificate server。
Summary of the invention
The technical problem of time synchronized is frequently carried out for existing Automatic correction method for time migration of dynamic password at server side, the invention provides a kind of Automatic correction method for time migration of dynamic password at server side, undying calculating need not be repeated, but the time migration trend according to token device and certificate server, calculate the time offset of each dynamic password, the offset problem of dynamic password is solved in conjunction with time window scope, the algorithm of the present invention is simple, logicality is strong, decrease the computing load of certificate server, improve stability and the automaticity of certificate server。
To achieve these goals, the invention provides a kind of Automatic correction method for time migration of dynamic password at server side, the reception time according to dynamic password determines described dynamic password, and whether certification is successful, described dynamic password is sent by token device, described method includes, when upper once dynamic password authentication success, preserve the authenticated time T1 of last dynamic password and the time off-set T 2 of last dynamic password;When receiving current dynamic password, calculate the time off-set T 4 of current dynamic password according to the authenticated time T3 of T1, T2 and current dynamic password;According to the authenticated time window that T4 and server preset, calculate the authenticated time scope of current dynamic password;Server receives time of current dynamic password when dropping within the scope of described authenticated time, determines the success of current dynamic password authentication, otherwise determines the failure of current dynamic password authentication;Wherein, the time offset of dynamic password is that server receives the dynamic password time and token device sends the side-play amount between the dynamic password time, and the authenticated time of dynamic password is the time that token device generates dynamic password;Wherein, when upper once dynamic password authentication success, server is derived token device according to the timeliness of dynamic password and is sent the time of dynamic password, to calculate the time off-set T 2 of last dynamic password。
Alternatively, the described computing formula according to the authenticated time T3 of T1, T2 and the current dynamic password time off-set T 4 calculating current dynamic password is (T3-T1)/T3=T4/ (T4+T2)。
Alternatively, the authenticated time window that described server is preset is 60 seconds。
Alternatively, described server includes memorizer, when upper once dynamic password authentication success, preserves the authenticated time T1 of last dynamic password and the time off-set T 2 of last dynamic password。
Alternatively, described token device is handset token, and described server is Cloud Server。
Due to the fact that and have employed technique scheme, thus having the advantage that the Automatic correction method for time migration of dynamic password at server side of the present invention, transform the server frequent and different time offset computation schema to each dynamic password in prior art, time migration trend according to token device and certificate server, calculate the time offset of each dynamic password, decrease amount of calculation and the calculating time of certificate server, decrease the waiting time of certification user simultaneously, improve the safety and reliability of dynamic password authentication system。
Accompanying drawing explanation
Fig. 1 is the method flow diagram of a kind of Automatic correction method for time migration of dynamic password at server side of the present invention;
Fig. 2 is the authentication principles schematic diagram of a kind of Automatic correction method for time migration of dynamic password at server side of the present invention;
Fig. 3 is the structural representation of the dynamic password server using a kind of Automatic correction method for time migration of dynamic password at server side of the present invention。
Detailed description of the invention
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in detail。
First, refer to the method flow diagram that Fig. 1, Fig. 1 are a kind of Automatic correction method for time migration of dynamic password at server side of the present invention, whether certification is successful to determine described dynamic password according to the reception time of dynamic password, described dynamic password is sent by token device, and described method comprises the following steps:
Step 101: when upper once dynamic password authentication success, preserves the authenticated time T1 of last dynamic password and the time off-set T 2 of last dynamic password;
Step 102: when receiving current dynamic password, calculates the time off-set T 4 of current dynamic password according to the authenticated time T3 of T1, T2 and current dynamic password;
Step 103: the authenticated time window preset according to T4 and server, calculates the authenticated time scope of current dynamic password;
Step 104: server receives time of current dynamic password when dropping within the scope of described authenticated time, determines the success of current dynamic password authentication, otherwise determines the failure of current dynamic password authentication;
Wherein, the time offset of dynamic password is that server receives the dynamic password time and token device sends the side-play amount between the dynamic password time, and the authenticated time of dynamic password is the time that token device generates dynamic password;When upper once dynamic password authentication success, server is derived token device according to the timeliness of dynamic password and is sent the time of dynamic password, to calculate the time off-set T 2 of last dynamic password。
Wherein, the described computing formula according to the authenticated time T3 of T1, T2 and the current dynamic password time off-set T 4 calculating current dynamic password is (T3-T1)/T3=T4/ (T4+T2)。
Wherein, the authenticated time window that described server is preset is 60 seconds, described server includes memorizer, when upper once dynamic password authentication success, preserve the authenticated time T1 of last dynamic password and the time off-set T 2 of last dynamic password, described token device is handset token, and described server is Cloud Server。
Additionally, here the reason producing time offset between server and token device is illustrated, usually, time offset during dynamic password authentication comes from following reason: 1) time of token device is produced by crystal oscillator module, there is deviation in crystal oscillator module, although the amplitude of crystal oscillator module deviation is different, but the deviation of this part is all forward;2) user inputs dynamic password and is received by server to dynamic password, there is also time deviation between this。The time deviation of this part is mainly caused by user's input delay, Network Transmission Delays。Based on these factors, as long as solving time deviation problem, the problem that just can solve dynamic password skew in conjunction with time window scope。
It addition, crystal oscillator, it it is crystal oscillator。In crystal oscillator, quartz oscillator uses the most general, quartz oscillator is the agitator of a kind of high accuracy and high stability, it is widely used in all kinds of oscillating circuits such as colour TV, computer, remote controller, mobile terminal, and communication system is used for frequency generator, produces clock signal for data handling equipment and provide reference signal for particular system。Quartz oscillator is divided into 4 classes by International Electrotechnical Commission (IEC): common crystal vibration (SPXO), voltage type crystal oscillator (VCXO), Temperature Compensated Crystal vibration (TCXO), thermostatic control formula crystal oscillation (OCXO)。Developing at present also have digit compensated crystal oscillator (DCXO) microcomputer compensation crystal oscillator (MCXO) etc.。
Then, with reference to Fig. 2 continuation, the present invention will be described, Fig. 2 is the authentication principles schematic diagram of a kind of Automatic correction method for time migration of dynamic password at server side of the present invention, and time certification computing formula (the T3-T1)/T3=T4/ (T4+T2) of the present invention is illustrated by described authentication principles。The process of individual time adjustment will be had during due to each server authentication。The process of time adjustment is exactly one time offset of plus-minus on the normal time in fact, and this side-play amount is to be derived by right angled triangle similarity theorem。In Fig. 2, A, B are dynamic password, and X-axis represents authenticated time, Y-axis express time side-play amount。Dotted line AE and dotted line BD represents the time offset of this dynamic password authentication respectively。So during first time effectively certification, the time offset of dynamic password is exactly AE, and the time offset of second time certification is BD+DC, BD represents new side-play amount, and the side-play amount that DC is when being last success identity, so just can calculate the side-play amount BD made new advances according to right angled triangle similarity principle, formula is AD/ (OE+EC)=BD/ (BD+DC)。Wherein, AD is that current time deducts last success identity time, OE+EC current time, and BD is new compensation dosage, and DC is the side-play amount of last record。Here, AD and T3-T1, OE+EC and T3, time off-set T 4, BD+DC that namely BD to calculate and T4+T2。Here formula is a formula calculating time offset, is not to say that when certification and directly simply adds and subtracts this side-play amount in current time。In order to ensure the success rate of certification, it is also contemplated that the size of time window that server is preset when server authentication dynamic password。If time window be sized to 60 seconds, then it is all effective for adding and subtracting the dynamic password received in the scope of next minute upper after this side-play amount in current time。
Finally, with reference to Fig. 3, the present invention will be described, and Fig. 3 is the structural representation of the dynamic password server using a kind of Automatic correction method for time migration of dynamic password at server side of the present invention。Server is dynamic password server 1, described dynamic password server 1 includes processor 11, memorizer 12 and communication interface 13, processor 11 and memorizer 12, communication interface 13 connect respectively, and described dynamic password server 1 carries out data interaction by the token device 2 that communication interface 13 is hand-held with user。
Those skilled in the art will recognize that; above-mentioned detailed description of the invention is illustrative of; it is to enable those skilled in the art to be better understood from this patent content; should not be understood as the restriction to this patent protection domain; as long as any equivalent change made according to the disclosed spirit of this patent or modification, each fall within this patent protection domain。
Claims (4)
1. an Automatic correction method for time migration of dynamic password at server side, whether certification is successful to determine described dynamic password according to the reception time of dynamic password, and described dynamic password is sent by token device, it is characterised in that described method includes:
When upper once dynamic password authentication success, preserve the authenticated time T1 of last dynamic password and the time off-set T 2 of last dynamic password;
When receiving current dynamic password, calculate the time off-set T 4 of current dynamic password according to the authenticated time T3 of T1, T2 and current dynamic password;
The described computing formula according to the authenticated time T3 of T1, T2 and the current dynamic password time off-set T 4 calculating current dynamic password is (T3-T1)/T3=T4/ (T4+T2);
According to the authenticated time window that current time, T4 and server are preset, calculate the authenticated time scope of current dynamic password;
Server receives time of current dynamic password when dropping within the scope of described authenticated time, determines the success of current dynamic password authentication, otherwise determines the failure of current dynamic password authentication;
Wherein, the time offset of dynamic password is that server receives the dynamic password time and token device sends the side-play amount between the dynamic password time, and the authenticated time of dynamic password is the time that token device generates dynamic password;
Wherein, when upper once dynamic password authentication success, server is derived token device according to the timeliness of dynamic password and is sent the time of dynamic password, to calculate the time off-set T 2 of last dynamic password。
2. Automatic correction method for time migration of dynamic password at server side according to claim 1, it is characterised in that:
The authenticated time window that described server is preset is 60 seconds。
3. Automatic correction method for time migration of dynamic password at server side according to claim 1, it is characterised in that:
Described server includes memorizer, when upper once dynamic password authentication success, preserves the authenticated time T1 of last dynamic password and the time off-set T 2 of last dynamic password。
4. Automatic correction method for time migration of dynamic password at server side according to claim 1, it is characterised in that:
Described token device is handset token, and described server is Cloud Server。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310655442.5A CN103647647B (en) | 2013-12-06 | 2013-12-06 | Automatic correction method for time migration of dynamic password at server side |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310655442.5A CN103647647B (en) | 2013-12-06 | 2013-12-06 | Automatic correction method for time migration of dynamic password at server side |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103647647A CN103647647A (en) | 2014-03-19 |
| CN103647647B true CN103647647B (en) | 2016-06-22 |
Family
ID=50252808
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310655442.5A Active CN103647647B (en) | 2013-12-06 | 2013-12-06 | Automatic correction method for time migration of dynamic password at server side |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103647647B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104618112B (en) * | 2015-01-19 | 2017-02-22 | 北京海泰方圆科技股份有限公司 | Method for verifying dynamic password of dynamic token |
| CN106603574B (en) * | 2017-01-23 | 2018-05-08 | 北京海泰方圆科技股份有限公司 | Dynamic password generates and authentication method and device |
| CN109166218B (en) * | 2018-09-03 | 2020-12-08 | 北京航空航天大学 | Automobile key communication method based on time encryption |
| CN111586024B (en) * | 2020-04-30 | 2022-06-14 | 广州市百果园信息技术有限公司 | Authentication method, authentication equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101741567A (en) * | 2009-12-31 | 2010-06-16 | 北京飞天诚信科技有限公司 | Dynamic password-based authentication method and device |
| CN102307182A (en) * | 2011-04-27 | 2012-01-04 | 上海动联信息技术有限公司 | Intelligent time compensation method for dynamic password authentication server |
| CN102323742A (en) * | 2011-04-19 | 2012-01-18 | 上海众人网络安全技术有限公司 | Clock calibration system and method for dynamic password token |
| CN102487322A (en) * | 2010-12-03 | 2012-06-06 | 腾讯科技(深圳)有限公司 | Registering method, device and system for realizing dynamic password authentication |
| CN102684881A (en) * | 2012-05-03 | 2012-09-19 | 飞天诚信科技股份有限公司 | Authentication method and authentication device of dynamic password |
| CN102868529A (en) * | 2012-08-31 | 2013-01-09 | 飞天诚信科技股份有限公司 | Method for identifying and calibrating time |
| US8452980B1 (en) * | 2010-03-29 | 2013-05-28 | Emc Corporation | Defeating real-time trojan login attack with delayed interaction with fraudster |
-
2013
- 2013-12-06 CN CN201310655442.5A patent/CN103647647B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101741567A (en) * | 2009-12-31 | 2010-06-16 | 北京飞天诚信科技有限公司 | Dynamic password-based authentication method and device |
| US8452980B1 (en) * | 2010-03-29 | 2013-05-28 | Emc Corporation | Defeating real-time trojan login attack with delayed interaction with fraudster |
| CN102487322A (en) * | 2010-12-03 | 2012-06-06 | 腾讯科技(深圳)有限公司 | Registering method, device and system for realizing dynamic password authentication |
| CN102323742A (en) * | 2011-04-19 | 2012-01-18 | 上海众人网络安全技术有限公司 | Clock calibration system and method for dynamic password token |
| CN102307182A (en) * | 2011-04-27 | 2012-01-04 | 上海动联信息技术有限公司 | Intelligent time compensation method for dynamic password authentication server |
| CN102684881A (en) * | 2012-05-03 | 2012-09-19 | 飞天诚信科技股份有限公司 | Authentication method and authentication device of dynamic password |
| CN102868529A (en) * | 2012-08-31 | 2013-01-09 | 飞天诚信科技股份有限公司 | Method for identifying and calibrating time |
Non-Patent Citations (1)
| Title |
|---|
| 基于时间同步的动态口令身份认证的研究;苏武;《计算机与现代化》;20091015(第10期);第185-187页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103647647A (en) | 2014-03-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103647647B (en) | Automatic correction method for time migration of dynamic password at server side | |
| US10812473B2 (en) | Auto inline enrollment of time-based one-time password (TOTP) for multi-factor authentication | |
| US20200274859A1 (en) | User authentication system with self-signed certificate and identity verification with offline root certificate storage | |
| US20200287886A1 (en) | Establishing a trusted login procedure | |
| US9043605B1 (en) | Online and offline validation of tokencodes | |
| US10063367B1 (en) | Optical clock recovery using feedback phase rotator with non-linear compensation | |
| US11283793B2 (en) | Securing user sessions | |
| US9071424B1 (en) | Token-based key generation | |
| US10739814B2 (en) | Time-synchronizing a group of nodes | |
| US9106645B1 (en) | Automatic reset for time-based credentials on a mobile device | |
| TWI484318B (en) | Clock data recovery circuit module and method for generating data recovery clock | |
| US8559581B2 (en) | CDR circuit, reception apparatus, and communication system | |
| CN103858379A (en) | Authenticating device users | |
| TWI357721B (en) | Oscillation tuning circuit and method | |
| US8196192B2 (en) | Setting a preliminary time on a network appliance using a digital certificate | |
| US20130262909A1 (en) | Clock recovery, receiver, and communication system for multiple channels | |
| CN102323742B (en) | Clock calibration system and method for dynamic password token | |
| Bueno et al. | Modeling and filtering double-frequency jitter in one-way master–slave chain networks | |
| CN103580856A (en) | Method for synchronizing token device according to sizes of certification windows | |
| CN104584436A (en) | System for producing a system clock and temperature gradient detection system | |
| Han et al. | Analysis of a frequency acquisition technique with a stochastic reference clock generator | |
| EP2987349B1 (en) | Apparatus and method for generating key hierarchy in wireless network | |
| WO2012058921A1 (en) | Apparatus and method for rapidly tracking frequency offset | |
| US8724680B2 (en) | Transceiver without using a crystal oscillator | |
| CN102739387B (en) | For the method and apparatus controlling Frequency Synchronization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240627 Address after: Room 503, Building 3, No. 6, Xicheng Xi'an North Road, Xinluo District, Longyan City, Fujian Province, 364000 Patentee after: Xie Xinyong Country or region after: China Address before: 201821 211 rooms, No. 1411, Yecheng Road, Jiading District, Shanghai Patentee before: SHANGHAI PEOPLENET SECURITY TECHNOLOGY Co.,Ltd. Country or region before: China |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240717 Address after: 442300, 8 sets including No. 420-1, Eshan Avenue, Chengguan Town, Zhuxi County, Shiyan City, Hubei Province Patentee after: Shiyan Xindao Talent Service Co.,Ltd. Country or region after: China Address before: Room 503, Building 3, No. 6, Xicheng Xi'an North Road, Xinluo District, Longyan City, Fujian Province, 364000 Patentee before: Xie Xinyong Country or region before: China |
|
| TR01 | Transfer of patent right |