CN103888470B - Dynamic token synchronizing method and system - Google Patents
Dynamic token synchronizing method and system Download PDFInfo
- Publication number
- CN103888470B CN103888470B CN201410131504.7A CN201410131504A CN103888470B CN 103888470 B CN103888470 B CN 103888470B CN 201410131504 A CN201410131504 A CN 201410131504A CN 103888470 B CN103888470 B CN 103888470B
- Authority
- CN
- China
- Prior art keywords
- dynamic token
- factor
- time
- certificate server
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Synchronisation In Digital Transmission Systems (AREA)
Abstract
The invention discloses a dynamic token synchronizing method and system. The dynamic token synchronizing method and system are applied to a system comprising a dynamic token, a host and an authentication server. The authentication server generates a random number and stores the random number as a challenge code corresponding to the dynamic token, the dynamic token obtains the random number generated by the authentication server and generates a synchronous code according to the random number, the authentication server verifies the synchronous code generated by the dynamic token through the stored challenge code corresponding to the dynamic token, displacement amount of the token stored in the authentication server is updated after the synchronous code passes through verification, the synchronizing success rate is improved, and malicious synchronization caused by mistaken or delayed synchronous code is prevented.
Description
Technical field
The present invention relates to information security field, more particularly to a kind of synchronous method of dynamic token and system.
Background technology
Dynamic token is a kind of equipment for generating dynamic password, is widely used in Net silver, telecom operators and electronics
The applications such as government affairs.The dynamic password that dynamic token is generated can be used for authentication, can effectively improve authentication
Safety.
Because dynamic token generates dynamic password according to the dynamic factor itself preserving, certificate server preserves according to itself
Dynamic factor, the dynamic password that dynamic token is generated is authenticated, when dynamic factor and the certification that dynamic token preserves takes
When difference between the dynamic factor that business device preserves is more than authentication window, the dynamic password of dynamic token will be by recognizing
Card, needs the dynamic factor that dynamic token is preserved and the dynamic factor of certificate server preservation to synchronize.
In prior art, dynamic token generates synchronous code according to the dynamic factor of itself, and certificate server obtains this synchronization
After code, synchronized according to this synchronous code.
Inventor, during realizing the present invention, finds that prior art at least has a following defect:
In existing simultaneously operating flow process, dynamic token needs to generate two synchronous codes, and user needs to input respectively above-mentioned
Two synchronous codes, easily produce input error and time delay, lead to synchronous code to exceed the scope of synchronous window, cause synchronous mistake
Lose.
Content of the invention
The invention provides a kind of synchronous method of dynamic token and system, to solve lacking of synchronization failure in prior art
Fall into.
The invention provides a kind of synchronous method of dynamic token, comprise the following steps:
S1, certificate server receive the synchronization request from main frame, obtain the sequence of dynamic token from described synchronization request
Row number, and generate random number, described random number is saved as challenge code corresponding with the serial number of described dynamic token, will be described
Random number returns to described main frame and is shown;
S2, described dynamic token obtain described random number, according to dynamic in described random number and described dynamic token
The factor and seed key, generate answer back code, and generate synchronizing information according to described answer back code and described dynamic factor;
Described synchronizing information and described answer back code are combined into synchronous code by s3, described dynamic token, and to described synchronous code
Shown;
S4, described certificate server obtain the serial number of described synchronous code and described dynamic token;
S5, described certificate server obtain described answer back code and described synchronizing information from described synchronous code, according to described
The serial number of dynamic token inquires about seed key corresponding with described dynamic token and challenge code;
S6, described certificate server are obtained using the seed key inquiring and challenge code, and from described synchronous code
Described synchronizing information, to from described synchronous code obtain answer back code verify, if the verification passes, then execution step
s8;Otherwise, execution step s7;
S7, described certificate server send synchronization failure message to described main frame;
S8, described certificate server are according to the described synchronizing information obtaining from described synchronous code and described authentication service
Dynamic factor in device, updates token side-play amount corresponding with described dynamic token in described certificate server.
Present invention also offers a kind of synchronization system of dynamic token, including dynamic token, main frame and certificate server;
Wherein, described dynamic token includes:
First acquisition module, for obtaining the random number that described certificate server generates;
First generation module, for the described random number that got according to described first acquisition module and described dynamic order
Dynamic factor in board and seed key, generate answer back code;
Second generation module, gives birth to for the described answer back code generating and described dynamic factor according to described first generation module
Become synchronizing information;
Composite module, described synchronizing information and described first generation module for generating described second generation module are given birth to
The described answer back code becoming is combined into synchronous code;
Display module, the described synchronous code for obtaining to the combination of described composite module shows;
Described certificate server, comprising:
Receiver module, for receiving the synchronization request from described main frame;
Second acquisition module, obtains described dynamic token in the described synchronization request that receives from described receiver module
Serial number;
3rd generation module, after receiving described synchronization request in described receiver module, generates random number, by institute
State the corresponding described challenge code of serial number of the described dynamic token that random number saves as with described second acquisition module gets;
3rd acquisition module, for obtaining the described synchronous code of described dynamic token generation and the sequence of described dynamic token
Number;
4th acquisition module, for obtaining described answer back code from the described synchronous code that described 3rd acquisition module gets
With described synchronizing information;
Enquiry module, the serial number of the described dynamic token for being got according to described 3rd acquisition module is inquired about and institute
State the corresponding seed key of dynamic token and challenge code;
Authentication module, for the seed key that inquired using described enquiry module and challenge code, and the described 4th obtains
The described synchronizing information that delivery block obtains from described synchronous code, verifies to the answer back code obtaining from described synchronous code;
Update module, for when described authentication module is verified to described answer back code, according to the described 4th acquisition mould
Dynamic factor in described synchronizing information that block obtains from described synchronous code and described certificate server, updates described certification
Token side-play amount corresponding with described dynamic token in server;
Sending module, the described random number for generating described 3rd generation module returns to described main frame and is shown
Show, and when described authentication module does not pass through to the checking of described answer back code, send synchronization failure message to described main frame.
The beneficial effect that the present invention reaches: certificate server generates random number, and this random number is saved as and dynamically makes
The corresponding challenge code of board;Dynamic token obtains the random number that certificate server generates, and according to one synchronization of this generating random number
Code, certificate server uses the challenge code corresponding with this dynamic token itself preserving, and the synchronous code that dynamic token is generated is entered
Row checking, the token side-play amount after being verified, itself being preserved is updated, thus improve synchronous success rate, prevents
The malevolent sync being caused due to the synchronous code using wrong or delay.
Brief description
Fig. 1 is the synchronous method flow chart of one of embodiment of the present invention dynamic token;
Fig. 2 is the method flow diagram that one of embodiment of the present invention updates token shift time;
Fig. 3 is that one of embodiment of the present invention updates the method flow diagram that token offsets number of times;
Fig. 4 is the structural representation of one of the embodiment of the present invention synchronization system of dynamic token;
Fig. 5 is the structural representation of one of embodiment of the present invention update module;
Fig. 6 is the structural representation of another kind of update module in the embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation description is it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of not making creative work
Embodiment, broadly falls into the scope of protection of the invention.
As shown in figure 1, for the synchronous method flow chart of one of embodiment of the present invention dynamic token, it is applied to including recognizing
In the system of card server, main frame and dynamic token, the method comprises the following steps:
Step 101, main frame obtains the serial number of the dynamic token of user input, and the serial number according to dynamic token generates same
Step request, this synchronization request is sent to certificate server.
Wherein, the serial number of dynamic token can be comprised in synchronization request.
For example, main frame obtains the serial number " 5740000006 " of the dynamic token of user input, according to the sequence of dynamic token
Row number " 5740000006 " generates synchronization request.
Step 102, certificate server obtains the serial number of dynamic token from the synchronization request receiving, and generates random
Number, this random number is saved as challenge code corresponding with the serial number of above-mentioned dynamic token, and when recording the generation of this random number
Between, the generation time of this random number is saved as the generation time of challenge code corresponding with the serial number of above-mentioned dynamic token, will
This random number returns to main frame.
For example, certificate server obtains the serial number " 5740000006 " of dynamic token, generates random number " 1234 ", will
" 1234 " save as challenge code corresponding with " 5740000006 ", and the generation time " 1390445039 " of record " 1234 " is (quite
43 points and 59 seconds when natural time 23 days 2 January in 2014), " 1390445039 " are saved as corresponding with " 5740000006 "
The generation time of challenge code, and return " 1234 " to main frame.
Step 103, main frame shows to the random number receiving.
For example, main frame display random number " 1234 ".
Step 104, dynamic token obtains the random number of user input, and according to dynamic in this random number and dynamic token
The state factor and seed key, generate answer back code.
Wherein, the dynamic factor in dynamic token can be time factor;Correspondingly, dynamic token can be protected using itself
The seed key deposited, carries out data processing to the random number of the time factor in dynamic token and user input, obtains answer back code.
Dynamic factor in dynamic token can also be event factor;Correspondingly, dynamic token can be preserved using itself
Seed key, data processing is carried out to the random number of the event factor in dynamic token and user input, obtains answer back code.
In the present embodiment, the random number of user input can be the random number of certificate server generation in step 102.
For example, the random number of the user input that dynamic token gets is " 1234 ", and the dynamic factor in dynamic token is
Time factor " 1390445154 " (45 points 54 seconds when being equivalent to natural time 23 days 2 January in 2014), dynamic token is according to should be with
The seed key that machine number " 1234 ", time factor " 1390445154 " and dynamic token preserve
" 65201d80cb58ade3dd236caef6925010 ", generates answer back code " 4534 ".
Step 105, dynamic token generates synchronizing information according to answer back code and dynamic factor.
Specifically, dynamic token can carry out XOR to answer back code and dynamic factor, by the XOR obtaining result with default
Key information carry out XOR, obtain synchronizing information;Can also be generated according to the seed key in preset data and dynamic token
Key information, carries out XOR to answer back code and dynamic factor, the XOR obtaining result and above-mentioned key information is carried out XOR, obtains
To synchronizing information;The data of preset length from the beginning of the lowest order of dynamic factor, can also be chosen, by the data chosen and response
Code carries out XOR, the XOR obtaining result and default key information is carried out XOR, obtains synchronizing information;Can also be according to pre-
If the seed key in data and dynamic token generates key information, from the beginning of the lowest order of dynamic factor, choose preset length
Data, the data of selection and answer back code are carried out XOR, the XOR obtaining result and above-mentioned key information are carried out XOR, obtains
To synchronizing information.
For example, preset length is 4, and dynamic factor is time factor " 1390445154 ", and answer back code is " 4534 ", presets
Key information be " 9453 " when, dynamic token chooses 4 data " 5154 " from time factor " 1390445154 ", will choose
Data " 5154 " and answer back code " 4534 " carry out XOR, the XOR obtaining result " 6542 " is carried out with key information " 9453 "
XOR, obtains synchronizing information " 3564 ".
Step 106, synchronizing information and answer back code are combined into synchronous code by dynamic token, and this synchronous code is shown.
Wherein, in the synchronous code that combination obtains, answer back code may be located at the first predeterminated position, and synchronizing information may be located at
Second predeterminated position.
For example, answer back code " 4534 " and synchronizing information " 3564 " are combined into synchronous code " 45343564 " by dynamic token, and
Display synchronous code " 45343564 ".
Step 107, main frame obtains the synchronous code of user input, and the serial number according to this synchronous code and dynamic token generates same
Step executes request, and this synchronization execution request is sent to certificate server.
Wherein, the synchronous code of user input and the serial number of dynamic token are comprised in synchronous execution request, user input
Synchronous code can be the synchronous code that in step 106, dynamic token generates and shows.
For example, main frame obtains the synchronous code " 45343564 " of user input, according to this synchronous code " 45343564 " with dynamically
The serial number " 5740000006 " of token generates synchronization and executes request, and this synchronization execution request is sent to certificate server.
Step 108, certificate server obtains synchronous code and the sequence of dynamic token from the synchronization execution request receiving
Number, record the acquisition time of this synchronous code, and inquire about the generation time of corresponding challenge code according to the serial number of dynamic token.
For example, certificate server gets the serial number " 5740000006 " of synchronous code " 45343564 " and dynamic token,
The acquisition time " 1390445090 " recording this synchronous code " 45343564 " is (44 when being equivalent to natural time 23 days 2 January in 2014
Divide 50 seconds), and the serial number " 5740000006 " according to dynamic token, inquire the generation time of corresponding challenge code " 1234 "
" 1390445039 " (43 points 59 seconds when being equivalent to natural time 23 days 2 January in 2014).
Step 109, what certificate server judged synchronous code obtains the time whether after the generation time of challenge code the
In one preset duration, if it is, execution step 112;Otherwise, execution step 110.
For example, the first preset duration is 60 seconds, and the acquisition time of synchronous code (is equivalent to natural time for " 1390445090 "
44 points 50 seconds during 23 days 2 January in 2014), the generation time of challenge code (is equivalent to natural time 2014 for " 1390445039 "
43 points 59 seconds during 23 days 2 January) when, certificate server got between the acquisition time of synchronous code and the generation time of challenge code
Time interval be 51 seconds, this time interval is less than the first preset duration, and then judges acquisition time of synchronous code in challenge
In the first preset duration after the generation time of code.
Step 110, certificate server sends synchronization failure message to main frame.
Step 111, main frame shows synchronization failure information, terminates flow process.
Step 112, obtains answer back code and synchronizing information in certificate server Secondary Synchronization Code, according to the serial number of dynamic token
Inquire about seed key corresponding with this dynamic token and challenge code.
Specifically, certificate server can with Secondary Synchronization Code first predeterminated position obtain answer back code, the second of Secondary Synchronization Code
Predeterminated position obtains synchronizing information.Certificate server can be dynamic with this according to the seed key that the serial number of dynamic token inquires
The seed key that state token preserves is identical.
For example, answer back code " 4534 " and synchronizing information " 3564 " are obtained in certificate server Secondary Synchronization Code " 45343564 ",
Serial number " 5740000006 " according to dynamic token inquires corresponding seed key
" 65201d80cb58ade3dd236caef6925010 " and challenge code " 1234 ".
Step 113, certificate server is same using obtain in the seed key inquiring and challenge code, and Secondary Synchronization Code
Step information, verifies to the answer back code obtaining in Secondary Synchronization Code, if the verification passes, then execution step 114;Otherwise, return
Step 110.
Specifically, the seed key inquiring and preset data can be carried out XOR by certificate server, close by obtain
The synchronizing information obtaining in key information and Secondary Synchronization Code carries out XOR, using the XOR obtaining result as dynamic factor, according to looking into
The seed key ask and challenge code, generate answer back code identical method according to dynamic token, generate answer back code, and judge to give birth to
Whether the answer back code becoming is identical with the answer back code obtaining in Secondary Synchronization Code, if it is, confirming that the answer back code obtaining is verified;
Otherwise, it determines the answer back code checking obtaining is not passed through.
The seed key inquiring and preset data can also be carried out XOR by certificate server, by the key information obtaining
Carry out XOR with the synchronizing information obtaining in Secondary Synchronization Code, the XOR obtaining result is replaced the dynamic factor in certificate server
The data of the preset length of middle lowest order, after replacing the data that obtains as dynamic factor, according to the seed key inquiring
And challenge code, generate answer back code identical method according to dynamic token, generate answer back code, and whether judge the answer back code generating
Identical with the answer back code obtaining in Secondary Synchronization Code, if it is, confirming that the answer back code obtaining is verified;Otherwise, it determines obtaining
Answer back code checking do not pass through.
The synchronizing information of default key information and acquisition in Secondary Synchronization Code can also be carried out XOR by certificate server, will
The XOR result obtaining, as dynamic factor, according to the seed key inquiring and challenge code, is answered according to being generated with dynamic token
Answer a yard identical method, generate answer back code, and judge whether the answer back code generating is identical with the answer back code obtaining in Secondary Synchronization Code,
If it is, confirming that the answer back code obtaining is verified;Otherwise, it determines the answer back code checking obtaining is not passed through.
The synchronizing information of default key information and acquisition in Secondary Synchronization Code can also be carried out XOR by certificate server, will
In dynamic factor in the XOR result replacement certificate server obtaining, the data of the preset length of lowest order, will obtain after replacing
Data as dynamic factor, according to the seed key inquiring and challenge code, according to generate answer back code identical with dynamic token
Method, generate answer back code, and judge that the answer back code generating is whether identical with the answer back code obtaining in Secondary Synchronization Code, if it is,
Then confirm that the answer back code obtaining is verified;Otherwise, it determines the answer back code checking obtaining is not passed through.Wherein, in certificate server
Dynamic factor can be time factor or event factor.
For example, preset length is 4, and the seed key that certificate server inquires is
" 65201d80cb58ade3dd236caef6925010 ", challenge code is " 1234 ", and key information is " 9453 ", certificate server
Answer back code " 4534 " and synchronizing information " 3564 ", the dynamic factor in certificate server is got in Secondary Synchronization Code " 45343564 "
During for time factor " 1390445090 " (44 points 50 seconds when being equivalent to natural time 23 days 2 January in 2014), certificate server will
Default key information " 9453 " and synchronizing information " 3564 " carry out XOR, and the XOR obtaining result " 5154 " is replaced certification clothes
In business device minimum 4 of dynamic factor " 1390445090 ", using replace the data " 1390445154 " obtaining as dynamic because
Son, according to the seed key " 65201d80cb58ade3dd236caef6925010 " inquiring and challenge code " 1234 ", according to
Generate answer back code identical method with dynamic token, in default authentication window, generate multiple answer back codes, and judge to generate
Answer back code in comprise with Secondary Synchronization Code in obtain answer back code " 4534 " identical answer back code, determine obtain answer back code
" 4534 " are verified.
Step 114, certificate server is according to dynamic in the synchronizing information obtaining in Secondary Synchronization Code and certificate server
The factor, updates token side-play amount corresponding with dynamic token in certificate server, sends synchronous success message to main frame, and main frame shows
Show synchronous successful information, terminate flow process.
Specifically, when dynamic token is time type dynamic token, dynamic factor is time factor, the order in certificate server
Board side-play amount is token shift time, and certificate server is carried out to the dynamic password that dynamic token generates according to token shift time
Certification, and after the authentication has been successful, the value of the time factor mated with this dynamic password is saved as corresponding with this dynamic token
Certification success the time.
Correspondingly, in above-mentioned steps 114, certificate server updates the operation of token side-play amount, specially certificate server
Update the operation of token shift time, as shown in Fig. 2 comprising the following steps:
Step 201, it is corresponding with dynamic token, that certificate server judges whether the time factor in dynamic token is more than
The nearly certification success time once, if it is, execution step 204;Otherwise, execution step 202.
Specifically, the seed key inquiring and preset data can be carried out XOR by certificate server, close by obtain
Key information carries out XOR, using the XOR obtaining result as the time in dynamic token with the synchronizing information of acquisition in Secondary Synchronization Code
The factor, judges whether the time factor in dynamic token is more than corresponding with dynamic token, the last certification success time;
The seed key inquiring and preset data can also be carried out XOR by certificate server, by the key information obtaining and from synchronization
The synchronizing information obtaining in code carries out XOR, the XOR obtaining result is replaced lowest order in the time factor in certificate server
Preset length data, after replacing, the data that obtains, as the time factor in dynamic token, judges in dynamic token
Whether time factor is more than corresponding with dynamic token, the last certification success time;Certificate server can also in advance
If key information and Secondary Synchronization Code in the synchronizing information that obtains carry out XOR, using the XOR obtaining result as in dynamic token
Time factor, judge whether time factor in dynamic token becomes more than corresponding with dynamic token, the last certification
The work(time;The synchronizing information of default key information and acquisition in Secondary Synchronization Code can also be carried out XOR by certificate server, will
In time factor in the XOR result replacement certificate server obtaining, the data of the preset length of lowest order, will obtain after replacing
Data as the time factor in dynamic token, judge time factor in dynamic token whether more than corresponding with dynamic token
, the last certification success time.
For example, dynamic token corresponding, the last certification success time is " 1390440765 " (when being equivalent to nature
Between 23 days 1 January in 2014 when 32 points 45 seconds), get answer back code " 4534 " in certificate server Secondary Synchronization Code " 45343564 "
With synchronizing information " 3564 ", the time factor in certificate server (is equivalent to natural time in January, 2014 for " 1390445090 "
44 points 50 seconds when 23 days 2) when, default key information " 9453 " and synchronizing information " 3564 " are carried out XOR by certificate server,
The XOR obtaining result " 5154 " is replaced the time factor " 1390445090 " in certificate server minimum 4, will replace
The data " 1390445154 " obtaining, as the time factor in dynamic token, judges that the time factor in dynamic token is more than
Corresponding with dynamic token, the last certification success time.
Step 202, certificate server sends synchronization failure message to main frame.
Step 203, main frame shows synchronization failure information, terminates flow process.
Step 204, certificate server obtains corresponding with dynamic token nearest that present system time is preserved with itself
Difference between secondary lock in time, according to this difference and the first default step size computation first offset threshold.
Specifically, when certificate server can obtain the synchronization of present system time the last time corresponding with dynamic token
Between between difference, using the product of this difference and the first default step-length as the first offset threshold.
For example, present system time is " 1390445090 " (44 point 50 when being equivalent to natural time 23 days 2 January in 2014
Second), the first default step-length is 0.00001, the last lock in time corresponding with dynamic token that certificate server preserves
During for " 1380445090 " (58 points 10 seconds when being equivalent to natural time September in 2013 29 days 16), certificate server can obtain
Difference between present system time the last lock in time corresponding with dynamic token is 1390445090-
1380445090=10000000, the first offset threshold is the product between this difference and the first default step-length, i.e. 10000000*
0.00001=100.
Step 205, certificate server judge time factor in time factor in dynamic token and certificate server it
Between time difference whether be more than the first offset threshold, if it is, execution step 207;Otherwise, execution step 206.
Specifically, the seed key inquiring and preset data can be carried out XOR by certificate server, close by obtain
Key information carries out XOR, using the XOR obtaining result as the time in dynamic token with the synchronizing information of acquisition in Secondary Synchronization Code
Whether the factor, judge time difference between the time factor in the time factor and certificate server in dynamic token more than the
One offset threshold;The seed key inquiring and preset data can also be carried out XOR, by the key information obtaining and from same
The synchronizing information obtaining in step code carries out XOR, the XOR obtaining result is replaced minimum in the time factor in certificate server
The data of the preset length of position, the data obtaining after replacing, as the time factor in dynamic token, judges in dynamic token
Time factor and certificate server in time factor between time difference whether be more than the first offset threshold;Can also be by
Default key information carries out XOR, using the XOR obtaining result as dynamic token with the synchronizing information of acquisition in Secondary Synchronization Code
In time factor, judge that the time difference between the time factor in time factor and certificate server in dynamic token is
No it is more than the first offset threshold;The synchronizing information of default key information and acquisition in Secondary Synchronization Code can also be carried out XOR,
The XOR obtaining result is replaced the data of the preset length of lowest order in the time factor in certificate server, will obtain after replacing
To data as the time factor in dynamic token, judge the time in time factor in dynamic token and certificate server
Whether the time difference between the factor is more than the first offset threshold.
For example, preset length is 4, and key information is " 9453 ", and certificate server Secondary Synchronization Code obtains in " 45343564 "
The synchronizing information got is " 3564 ", and the time factor in certificate server is " 1390445090 ", and the first offset threshold is
When " 100 ", key information " 9453 " and synchronizing information " 3564 " are carried out XOR by certificate server, by the XOR obtaining result
" 5154 " replace minimum 4 of the time factor " 1390445090 " in certificate server, the data that replacement is obtained
" 1390445154 " are as the time factor in dynamic token, and judge the time factor " 1390445154 " in dynamic token
Time difference " 64 " and the time factor " 1390445090 " in certificate server between is less than the first offset threshold " 100 ".
Step 206, certificate server updates the token skew corresponding with dynamic token of itself preservation according to time difference
Time, and present system time is saved as lock in time corresponding with this dynamic token, terminate flow process.
For example, present system time is " 1390445090 " (44 point 50 when being equivalent to natural time 23 days 2 January in 2014
Second), when time difference is " 64 ", the token shift time corresponding with dynamic token that itself is preserved by certificate server updates
For " 64 ", by " 1390445090 " (44 points 50 seconds when being equivalent to natural time 23 days 2 January in 2014) as with dynamic token pair
The lock in time answered is preserved.
Step 207, certificate server judges present system time the last lock in time corresponding with dynamic token
Between difference, if more than the second preset duration, if it is, return to step 206;Otherwise, return to step 202.
For example, the second preset duration is " 20000000 ", and present system time is " 1390445090 " (when being equivalent to nature
Between 23 days 2 January in 2014 when 44 points 50 seconds), during corresponding with the dynamic token the last synchronization that certificate server preserves
Between for " 1380445090 " (58 points 10 seconds when being equivalent to natural time September in 2013 29 days 16) when, certificate server calculates
Difference between present system time the last lock in time corresponding with dynamic token is 1390445090-
1380445090=10000000, and then judge that calculated difference " 10000000 " is less than the second preset duration
“20000000”.
It should be noted that when the dynamic token in the embodiment of the present invention is event mode dynamic token, dynamic factor is thing
The part factor, token side-play amount offsets number of times for token, and certificate server offsets number of times according to token and dynamic token generation is moved
State password is authenticated, and after the authentication has been successful, the value of the event factor being mated with this dynamic password is saved as and moves with this
State token corresponding certification number of success.
Correspondingly, in the step 114 of above-described embodiment, certificate server updates the operation of token side-play amount, specially recognizes
Card server update token offsets the operation of number of times, as shown in figure 3, comprising the following steps:
Step 301, it is corresponding with dynamic token, that certificate server judges whether the event factor in dynamic token is more than
Nearly certification number of success once, if it is, execution step 304;Otherwise, execution step 302.
Specifically, the seed key inquiring and preset data can be carried out XOR by certificate server, close by obtain
Key information carries out XOR, using the XOR obtaining result as the event in dynamic token with the synchronizing information of acquisition in Secondary Synchronization Code
The factor, judges whether the event factor in dynamic token is more than corresponding with dynamic token, the last certification number of success;
The seed key inquiring and preset data can also be carried out XOR by certificate server, by the key information obtaining and from synchronization
The synchronizing information obtaining in code carries out XOR, the XOR obtaining result is replaced corresponding with this dynamic token in certificate server
The data of the preset length of lowest order in event factor, after replacing the data that obtains as the event factor in dynamic token,
Judge whether the event factor in dynamic token is more than corresponding with dynamic token, the last certification number of success;Certification
The synchronizing information of default key information and acquisition in Secondary Synchronization Code can also be carried out XOR by server, and the XOR obtaining is tied
Fruit as the event factor in dynamic token, judge the event factor in dynamic token whether be more than corresponding with dynamic token,
The last certification number of success;Certificate server can also be by the synchronization of default key information and acquisition in Secondary Synchronization Code
Information carries out XOR, the XOR obtaining result is replaced minimum in event factor corresponding with this dynamic token in certificate server
The data of the preset length of position, the data obtaining after replacing, as the event factor in dynamic token, judges in dynamic token
Event factor whether more than corresponding with dynamic token, the last certification number of success.
For example, corresponding, the last certification number of success of dynamic token is " 440765 ", and certificate server is from synchronization
Answer back code " 4534 " and synchronizing information " 3564 " is got in code " 45343564 ", corresponding with this dynamic token in certificate server
Event factor be " 445090 " when, default key information " 9453 " and synchronizing information " 3564 " are carried out different by certificate server
Or, the XOR obtaining result " 5154 " is replaced event factor " 445090 " corresponding with this dynamic token in certificate server
Minimum 4, the data " 445154 " obtaining will be replaced as the event factor in dynamic token, judge the thing in dynamic token
The part factor is more than corresponding with dynamic token, the last certification number of success.
Step 302, certificate server sends synchronization failure message to main frame.
Step 303, main frame shows synchronization failure information, terminates flow process.
Step 304, certificate server obtains corresponding with dynamic token nearest that present system time is preserved with itself
Difference between secondary lock in time, according to this difference and the second default step size computation second offset threshold.
Specifically, when certificate server can obtain the synchronization of present system time the last time corresponding with dynamic token
Between between difference, using the product of this difference and the second default step-length as the second offset threshold.
For example, present system time is " 1390445090 " (44 point 50 when being equivalent to natural time 23 days 2 January in 2014
Second), the second default step-length is 0.00001, the last lock in time corresponding with dynamic token that certificate server preserves
During for " 1380445090 " (58 points 10 seconds when being equivalent to natural time September in 2013 29 days 16), certificate server can obtain
Difference between present system time the last lock in time corresponding with dynamic token is 1390445090-
1380445090=10000000, the second offset threshold is the product between this difference and the second default step-length, i.e. 10000000*
0.00001=100.
Step 305, certificate server judge in event factor in dynamic token and certificate server with dynamic token pair
Whether the number of times difference between the event factor answered is more than the second offset threshold, if it is, execution step 307;Otherwise, execute
Step 306.
Specifically, the seed key inquiring and preset data can be carried out XOR by certificate server, close by obtain
Key information carries out XOR, using the XOR obtaining result as the event in dynamic token with the synchronizing information of acquisition in Secondary Synchronization Code
The factor, judges secondary between the event factor in dynamic token and event factor corresponding with this dynamic token in certificate server
Whether number difference is more than the second offset threshold;The seed key inquiring and preset data can also be carried out XOR, will obtain
Key information and Secondary Synchronization Code in the synchronizing information that obtains carry out XOR, the XOR obtaining result is replaced in certificate server
The data of the preset length of lowest order in event factor corresponding with this dynamic token, after replacing, the data that obtains is as dynamic
Event factor in token, judges the event factor in dynamic token and event corresponding with this dynamic token in certificate server
Whether the number of times difference between the factor is more than the second offset threshold;Can also be by default key information and acquisition in Secondary Synchronization Code
Synchronizing information carry out XOR, using the XOR obtaining result as the event factor in dynamic token, judge in dynamic token
Whether the number of times difference between event factor and event factor corresponding with this dynamic token in certificate server is inclined more than second
Move threshold value;The synchronizing information of default key information and acquisition in Secondary Synchronization Code can also be carried out XOR, by the XOR obtaining
Result replaces the data of the preset length of lowest order in event factor corresponding with this dynamic token in certificate server, will replace
The data obtaining afterwards as the event factor in dynamic token, judge in event factor in dynamic token and certificate server with
Whether the number of times difference between the corresponding event factor of this dynamic token is more than the second offset threshold.
For example, key information is " 9453 ", the synchronizing information getting in certificate server Secondary Synchronization Code " 45343564 "
For " 3564 ", in certificate server, event factor corresponding with dynamic token is " 445090 ", and the second offset threshold is " 100 ",
Then key information " 9453 " and synchronizing information " 3564 " are carried out XOR by certificate server, and the XOR obtaining result " 5154 " is replaced
Change event factor " 445090 " corresponding with dynamic token in certificate server minimum 4, the data that replacement is obtained
" 445154 " are as the event factor in dynamic token, and judge that the event factor " 445154 " in dynamic token is taken with certification
In business device, the number of times difference " 64 " between event factor " 445090 " corresponding with this dynamic token is less than the second offset threshold
“100”.
Step 306, certificate server updates the token skew corresponding with dynamic token of itself preservation according to number of times difference
Number of times, and present system time is saved as lock in time corresponding with this dynamic token, terminate flow process.
For example, present system time is " 1390445090 " (44 point 50 when being equivalent to natural time 23 days 2 January in 2014
Second), when number of times difference is " 64 ", the token skew number of times corresponding with dynamic token that itself is preserved by certificate server updates
For " 64 ", by " 1390445090 " (44 points 50 seconds when being equivalent to natural time 23 days 2 January in 2014) as with dynamic token pair
The lock in time answered is preserved.
Step 307, certificate server judges present system time the last lock in time corresponding with dynamic token
Between difference, if more than the 3rd preset duration, if it is, return to step 306;Otherwise, return to step 302.
For example, the 3rd preset duration is " 20000000 ", and present system time is " 1390445090 " (when being equivalent to nature
Between 23 days 2 January in 2014 when 44 points 50 seconds), during corresponding with the dynamic token the last synchronization that certificate server preserves
Between for " 1380445090 " (58 points 10 seconds when being equivalent to natural time September in 2013 29 days 16) when, certificate server calculates
Difference between present system time the last lock in time corresponding with dynamic token is 1390445090-
1380445090=10000000, and then judge that calculated difference " 10000000 " is less than the 3rd preset duration
“20000000”.
In the embodiment of the present invention, certificate server generates random number, and this random number is saved as corresponding with dynamic token
Challenge code;Dynamic token obtains the random number that certificate server generates, and according to one synchronous code of this generating random number, certification
Server passes through to compare the generation time of challenge code corresponding with dynamic token and the acquisition time of synchronous code, and dynamic token is given birth to
The effectiveness of the synchronous code becoming is judged, and the challenge code being generated using itself, synchronous code is verified, is being verified
Afterwards to itself preserve token side-play amount be updated, thus improve synchronous success rate, prevent due to using mistake or
Synchronous code that person postpones and the malevolent sync that causes.
It should be noted that in the other embodiment of the present invention, the first offset threshold can also be the first preset value,
Second offset threshold can also be the second preset value, equally can realize the goal of the invention of the present invention.
As shown in figure 4, being the structural representation of one of the embodiment of the present invention synchronization system of dynamic token, including dynamic
State token 400, main frame 600 and certificate server 500;
Wherein, dynamic token 400 includes:
First acquisition module 410, for obtaining the random number of certificate server 500 generation;
First generation module 420, for the random number that got according to the first acquisition module 410 and dynamic token 400
In dynamic factor and seed key, generate answer back code;
Second generation module 430, in the answer back code and dynamic token 400 that are generated according to the first generation module 420
Dynamic factor generates synchronizing information;
Composite module 440, synchronizing information and the first generation module 420 for generating the second generation module 430 generate
Answer back code be combined into synchronous code;
Display module 450, the synchronous code for obtaining to composite module 440 combination shows;
Certificate server 500, comprising:
Receiver module 510, for receiving the synchronization request from main frame 600;
Second acquisition module 520, for obtaining dynamic token 400 from the synchronization request that receiver module 510 receives
Serial number;
3rd generation module 530, after receiving synchronization request in receiver module 510, generates random number, should be with
Machine number saves as the corresponding challenge code of serial number of the dynamic token 400 getting with the second acquisition module 520;
3rd acquisition module 540, for obtaining the synchronous code of dynamic token 400 generation and the serial number of dynamic token 400;
4th acquisition module 550, for obtaining answer back code and synchronization from the synchronous code that the 3rd acquisition module 540 gets
Information;
Enquiry module 560, for the dynamic token 400 that got according to the 3rd acquisition module 540 serial number inquiry with
The corresponding seed key of dynamic token 400 and challenge code;
Authentication module 570, for the seed key that inquired using enquiry module 560 and challenge code, and the 4th acquisition
The synchronizing information obtaining in module 550 Secondary Synchronization Code, verifies to the answer back code obtaining in Secondary Synchronization Code;
Update module 580, for when authentication module 570 is verified to answer back code, according to the 4th acquisition module 550 from
Dynamic factor in the synchronizing information obtaining in synchronous code and certificate server 500, updates in certificate server 500 and dynamic
The corresponding token side-play amount of token 400;
Sending module 590, the random number for generating the 3rd generation module 530 returns to main frame 600 and is shown, and
When authentication module 570 does not pass through to answer back code checking, send synchronization failure message to main frame 600.
Further, above-mentioned certificate server 500 also includes:
Logging modle 710, for the 3rd generation module 530 generate random number after, record this random number generation when
Between, saved as the generation time of challenge code corresponding with the serial number of dynamic token 400 the generation time of this random number;?
After three acquisition module 540 obtains synchronous code, record the acquisition time of this synchronous code;
Enquiry module 560, the serial number inquiry of the dynamic token 400 being additionally operable to be got according to the 3rd acquisition module 540
The generation time of corresponding challenge code;
Correspondingly, above-mentioned certificate server 500, also includes:
Judge module 720, for judge logging modle 710 record synchronous code the acquisition time whether in enquiry module
In the first preset duration after the generation time of 560 challenge codes inquiring;
Sending module 590, is additionally operable to judge the acquisition time of synchronous code not in the generation of challenge code in judge module 720
When in the first preset duration after the time, send synchronization failure message to main frame 600;
4th acquisition module 550, specifically for judging the acquisition time of synchronous code in challenge code in judge module 720
When in the first preset duration after the generation time, from the synchronous code that the 3rd acquisition module 540 gets obtain answer back code and
Synchronizing information.
Further, above-mentioned second generation module 430, can be specifically for the response that the first generation module 420 is generated
Dynamic factor in code and dynamic token 400 carries out XOR, and the XOR obtaining result and default key information are carried out XOR,
Obtain synchronizing information;
Correspondingly, above-mentioned authentication module 570, specifically for by default key information and the 4th acquisition module 550 from
The synchronizing information obtaining in step code carries out XOR, using the XOR obtaining result as dynamic factor, is inquired about according to enquiry module 560
The seed key arriving and challenge code, generate answer back code identical method according to dynamic token 400, generate answer back code, and judge
Whether the answer back code generating is identical with the answer back code obtaining in Secondary Synchronization Code, if it is, confirming that the answer back code checking obtaining is logical
Cross;Otherwise, it determines the answer back code checking obtaining is not passed through.
Above-mentioned second generation module 430, can also be specifically for close according to the seed in preset data and dynamic token 400
Key generates key information, and the dynamic factor in answer back code and dynamic token 400 that the first generation module 420 is generated carries out different
Or, the XOR obtaining result and key information are carried out XOR, obtain synchronizing information;
Correspondingly, above-mentioned authentication module 570, specifically for the seed key that inquires enquiry module 560 and present count
According to carrying out XOR, the synchronizing information obtaining in the key information obtaining and the 4th acquisition module 550 Secondary Synchronization Code is carried out XOR,
Using the XOR obtaining result as dynamic factor, the seed key being inquired according to enquiry module 560 and challenge code, according to dynamic
State token 400 generates answer back code identical method, generates answer back code, and judges that whether the answer back code generating obtains with Secondary Synchronization Code
The answer back code taking is identical, if it is, confirming that the answer back code obtaining is verified;Otherwise, it determines the answer back code obtaining is verified not
Pass through.
Above-mentioned second generation module 430, can also open specifically for the lowest order of the dynamic factor from dynamic token 400
Begin, choose the data of preset length, the answer back code that the data of selection is generated with the first generation module 420 carries out XOR, will
To XOR result and default key information carry out XOR, obtain synchronizing information;
Correspondingly, above-mentioned authentication module 570, specifically for by default key information and the 4th acquisition module 550 from
The synchronizing information obtaining in step code carries out XOR, and the XOR obtaining result is replaced in the dynamic factor in certificate server 500
The data of the preset length of lowest order, the data obtaining after replacing, as dynamic factor, inquires according to enquiry module 560
Seed key and challenge code, generate answer back code identical method according to dynamic token 400, generate answer back code, and judge to generate
Answer back code whether identical with the answer back code obtaining in Secondary Synchronization Code, if it is, confirming that the answer back code obtaining is verified;No
Then, determine that the answer back code checking obtaining is not passed through.
Above-mentioned second generation module 430, can also be specifically for close according to the seed in preset data and dynamic token 400
Key generates key information, from the beginning of the lowest order of the dynamic factor from dynamic token 400, chooses the data of preset length, will select
The answer back code that the data taking is generated with the first generation module 420 carries out XOR, by the XOR obtaining result and above-mentioned key information
Carry out XOR, obtain synchronizing information;
Correspondingly, above-mentioned authentication module 570, specifically for the seed key that inquires enquiry module 560 and present count
According to carrying out XOR, the synchronizing information obtaining in the key information obtaining and the 4th acquisition module 550 Secondary Synchronization Code is carried out XOR,
The XOR obtaining result is replaced the data of the preset length of lowest order in the dynamic factor in certificate server 500, will replace
The data obtaining afterwards, as dynamic factor, according to the seed key inquiring and challenge code, is answered according to being generated with dynamic token 400
Answer a yard identical method, generate answer back code, and judge whether the answer back code generating is identical with the answer back code obtaining in Secondary Synchronization Code,
If it is, confirming that the answer back code obtaining is verified;Otherwise, it determines the answer back code checking obtaining is not passed through.
In the embodiment of the present invention, when dynamic token 400 is time type dynamic token, dynamic factor is time factor, certification
Token side-play amount in server 500 is token shift time;
Correspondingly, update module 580 is as shown in figure 5, specifically include:
First calculating sub module 581, corresponding with dynamic token 400 for obtain that present system time and itself preserve
The lock in time of the last time between difference, according to this difference and the first default step size computation first offset threshold;
First judging submodule 582, for judging in the time factor in dynamic token 400 and certificate server 500
The first the offset threshold whether time difference between time factor calculates more than the first calculating sub module 581;
First sending submodule 583, for judge in the first judging submodule 582 time in dynamic token 400 because
When the time difference between time factor in son and certificate server 500 is more than the first offset threshold, send same to main frame 600
Step failed message;Judge in time factor and certificate server 500 in dynamic token 400 in the first judging submodule 582
Time factor between time difference be not more than the first offset threshold when, send synchronous success message to main frame 600;
First renewal submodule 584, for judge in the first judging submodule 582 time in dynamic token 400 because
When the time difference between time factor in son and certificate server 500 is not more than the first offset threshold, according to this time difference
Value update itself preserve token shift time corresponding with dynamic token 400, and by present system time save as with dynamically
Token 400 corresponding lock in time.
Further, above-mentioned update module 580, also includes:
Second judging submodule 585, for judge in the first judging submodule 582 time in dynamic token 400 because
After the time difference between time factor in son and certificate server 500 is more than the first offset threshold, judge current system
Difference between the last lock in time corresponding with dynamic token 400 time, if more than the second preset duration;
Correspondingly, above-mentioned first sending submodule 583, specifically for judging in the second judging submodule 585 to be currently
When difference between the last lock in time corresponding with dynamic token 400 system time is not more than the second preset duration, to
Main frame 600 sends synchronization failure message;
Judge the same of present system time the last time corresponding with dynamic token 400 in the second judging submodule 585
When difference between the step time is more than the second preset duration, and, judge dynamic token 400 in the first judging submodule 582
In time factor and certificate server 500 in time factor between time difference be not more than the first offset threshold when, to
Main frame 600 sends synchronous success message;
Above-mentioned first renewal submodule 584, is additionally operable to judge present system time and move in the second judging submodule 585
Difference between state token 400 corresponding the last lock in time, during more than the second preset duration, according to dynamic token
The time difference between time factor in time factor in 400 and certificate server 500, updates that itself preserves and dynamic
The corresponding token shift time of state token 400, and when present system time is saved as corresponding with dynamic token 400 synchronous
Between.
Further, above-mentioned update module 580, also includes:
3rd judging submodule 586, for judging whether the time factor in dynamic token 400 is more than and dynamic token
400 corresponding, the last certification success times;
Correspondingly, above-mentioned first calculating sub module 581, specifically for judging dynamically to make in the 3rd judging submodule 586
When time factor in board 400 is more than the certification success time corresponding, the last with dynamic token 400, obtain current system
Difference between the last lock in time corresponding with dynamic token 400 that the system time is preserved with itself, according to this difference
With the first default step size computation first offset threshold;
Above-mentioned first sending submodule 583, is additionally operable to judge in dynamic token 400 in the 3rd judging submodule 586
When time factor is not more than the certification success time corresponding, the last with dynamic token 400, send synchronization to main frame 600
Failed message.
Specifically, above-mentioned first judging submodule 582, can be close specifically for the seed inquiring enquiry module 560
Key and preset data carry out XOR, by the synchronization obtaining in the key information obtaining and the 4th acquisition module 550 Secondary Synchronization Code letter
Breath carries out XOR, using the XOR obtaining result as the time factor in dynamic token 400, judge in dynamic token 400 when
Between time difference between time factor in the factor and certificate server 500 whether be more than the first offset threshold;
Correspondingly, above-mentioned 3rd judging submodule 586, specifically for seed key that enquiry module 560 is inquired with
Preset data carries out XOR, and the synchronizing information of the key information obtaining and acquisition in the 4th acquisition module 550 Secondary Synchronization Code is entered
Row XOR, using the XOR obtaining result as the time factor in dynamic token 400, judge time in dynamic token 400 because
Whether son is more than the certification success time corresponding, the last with dynamic token 400.
Above-mentioned first judging submodule 582, can also specifically for seed key that enquiry module 560 is inquired with pre-
If data carries out XOR, the synchronizing information of the key information obtaining and acquisition in the 4th acquisition module 550 Secondary Synchronization Code is carried out
XOR, the XOR obtaining result is replaced the data of the preset length of lowest order in the time factor in certificate server 500, will
The data obtaining after replacement, as the time factor in dynamic token 400, judges the time factor in dynamic token 400 and certification
Whether the time difference between time factor in server 500 is more than the first offset threshold;
Correspondingly, above-mentioned 3rd judging submodule 586, specifically for seed key that enquiry module 560 is inquired with
Preset data carries out XOR, and the synchronizing information of the key information obtaining and acquisition in the 4th acquisition module 550 Secondary Synchronization Code is entered
Row XOR, the XOR obtaining result is replaced the data of the preset length of lowest order in the time factor in certificate server 500,
After replacing, the data that obtains is as the time factor in dynamic token 400, judges time factor in dynamic token 400 whether
More than the certification success time corresponding, the last with dynamic token 400.
Above-mentioned first judging submodule 582, can also be specifically for by default key information and the 4th acquisition module 550
The synchronizing information obtaining in Secondary Synchronization Code carries out XOR, using the XOR obtaining result as the time factor in dynamic token 400,
Judge whether the time difference between the time factor in the time factor in dynamic token 400 and certificate server 500 is more than
First offset threshold;
Correspondingly, above-mentioned 3rd judging submodule 586, specifically for by default key information and the 4th acquisition module
In 550 Secondary Synchronization Codes obtain synchronizing information carry out XOR, using the XOR obtaining result as the time in dynamic token 400 because
Son, judges whether the time factor in dynamic token 400 is successful more than the certification corresponding, the last with dynamic token 400
Time.
Above-mentioned first judging submodule 582, can also be specifically for by default key information and the 4th acquisition module 550
In Secondary Synchronization Code obtain synchronizing information carry out XOR, by the XOR obtaining result replace certificate server 500 in time because
The data of the preset length of lowest order in son, the data obtaining after replacing, as the time factor in dynamic token 400, judges
Whether the time difference between time factor in the time factor in dynamic token 400 and certificate server 500 is more than first
Offset threshold;
Correspondingly, above-mentioned 3rd judging submodule 586, specifically for by default key information and the 4th acquisition module
The synchronizing information obtaining in 550 Secondary Synchronization Codes carries out XOR, and the XOR obtaining result is replaced the time in certificate server 500
The data of the preset length of lowest order in the factor, the data obtaining after replacing, as the time factor in dynamic token 400, is sentenced
Whether the time factor in disconnected dynamic token 400 is more than the certification success time corresponding, the last with dynamic token 400.
In the embodiment of the present invention, when dynamic token 400 is event mode dynamic token, dynamic factor is event factor, certification
Token side-play amount in server 500 offsets number of times for token;
Correspondingly, update module 580 is as shown in fig. 6, specifically include:
Second calculating sub module 621, corresponding with dynamic token 400 for obtain that present system time and itself preserve
The lock in time of the last time between difference, according to this difference and the second default step size computation second offset threshold;
4th judging submodule 622, for judge in the event factor in dynamic token 400 and certificate server 500 with
Number of times difference between the corresponding event factor of dynamic token 400 whether calculate more than the second calculating sub module 621 second
Offset threshold;
Second sending submodule 623, for judge in the 4th judging submodule 622 event in dynamic token 400 because
Son is more than the second calculating submodule with the number of times difference between event factor corresponding with dynamic token 400 in certificate server 500
During the second offset threshold that block 621 calculates, send synchronization failure message to main frame 600;Judge in the 4th judging submodule 622
Go out secondary between the event factor in dynamic token 400 and event factor corresponding with dynamic token 400 in certificate server 500
When number difference is not more than the second offset threshold that the second calculating sub module 621 calculates, sends synchronization to main frame 600 and successfully disappear
Breath;
Second renewal submodule 624, for judge in the 4th judging submodule 622 event in dynamic token 400 because
Son is not more than second with the number of times difference between event factor corresponding with dynamic token 400 in certificate server 500 and calculates son
During the second offset threshold that module 621 calculates, the corresponding with dynamic token 400 of itself preservation is updated according to this number of times difference
Token skew number of times, and present system time is saved as lock in time corresponding with dynamic token 400.
Further, above-mentioned update module 580, also includes:
5th judging submodule 625, for judge in the 4th judging submodule 622 event in dynamic token 400 because
Son is more than the second offset threshold with the number of times difference between event factor corresponding with dynamic token 400 in certificate server 500
Afterwards, judge the difference between present system time the last lock in time corresponding with dynamic token 400, if be more than
3rd preset duration;
Correspondingly, above-mentioned second sending submodule 623, specifically for judging in the 5th judging submodule 625 to be currently
When difference between the last lock in time corresponding with dynamic token 400 system time is not more than three preset duration, to
Main frame 600 sends synchronization failure message;
Judge the same of present system time the last time corresponding with dynamic token 400 in the 5th judging submodule 625
When difference between the step time is more than three preset duration, and, judge dynamic token 400 in the 4th judging submodule 622
In event factor be not more than with the number of times difference between event factor corresponding with dynamic token 400 in certificate server 500
During the second offset threshold, send synchronous success message to main frame 600;
Above-mentioned second renewal submodule 624, is additionally operable to judge present system time and move in the 5th judging submodule 625
When difference between state token 400 corresponding the last lock in time is more than three preset duration, according to dynamic token 400
In event factor and event factor corresponding with dynamic token 400 in certificate server 500 between number of times difference, update from
The token skew number of times corresponding with dynamic token 400 that body preserves, and present system time is saved as corresponding with dynamic token
Lock in time.
Further, update module 580, also include:
6th judging submodule 626, for judging whether the event factor in dynamic token 400 is more than and dynamic token
400 corresponding, the last certification number of success;
Correspondingly, above-mentioned second calculating sub module 621, specifically for judging dynamically to make in the 6th judging submodule 626
When event factor in board 400 is more than the certification number of success corresponding, the last with dynamic token 400, obtain current system
Difference between the last lock in time corresponding with dynamic token 400 that the system time is preserved with itself, according to this difference
With the second default step size computation second offset threshold;
Above-mentioned second sending submodule 623, is additionally operable to judge in dynamic token 400 in the 6th judging submodule 626
When event factor is not more than the certification number of success corresponding, the last with dynamic token 400, send synchronization to main frame 600
Failed message.
Specifically, above-mentioned 4th judging submodule 622, can be close specifically for the seed inquiring enquiry module 560
Key and preset data carry out XOR, by the synchronization obtaining in the key information obtaining and the 4th acquisition module 550 Secondary Synchronization Code letter
Breath carries out XOR, using the XOR obtaining result as the event factor in dynamic token 400, judges the thing in dynamic token 400
Whether the number of times difference between the part factor and event factor corresponding with dynamic token 400 in certificate server 500 is more than second
Offset threshold;
Correspondingly, above-mentioned 6th judging submodule 626, specifically for seed key that enquiry module 560 is inquired with
Preset data carries out XOR, and the synchronizing information of the key information obtaining and acquisition in the 4th acquisition module 550 Secondary Synchronization Code is entered
Row XOR, using the XOR obtaining result as the event factor in dynamic token 400, judge event in dynamic token 400 because
Whether son is more than the certification number of success corresponding, the last with dynamic token 400.
Above-mentioned 4th judging submodule 622, can also specifically for seed key that enquiry module 560 is inquired with pre-
If data carries out XOR, the synchronizing information of the key information obtaining and acquisition in the 4th acquisition module 550 Secondary Synchronization Code is carried out
XOR, the XOR obtaining result is replaced lowest order in event factor corresponding with dynamic token 400 in certificate server 500
The data of preset length, the data obtaining after replacing, as the event factor in dynamic token 400, judges dynamic token 400
In event factor whether big with the number of times difference between event factor corresponding with dynamic token 400 in certificate server 500
In the second offset threshold;
Correspondingly, above-mentioned 6th judging submodule 626, specifically for seed key that enquiry module 560 is inquired with
Preset data carries out XOR, and the synchronizing information of the key information obtaining and acquisition in the 4th acquisition module 550 Secondary Synchronization Code is entered
Row XOR, the XOR obtaining result is replaced lowest order in event factor corresponding with dynamic token 400 in certificate server 500
Preset length data, after replacing, the data that obtains, as the event factor in dynamic token 400, judges dynamic token
Whether the event factor in 400 is more than the certification number of success corresponding, the last with dynamic token 400.
Above-mentioned 4th judging submodule 622, can also be specifically for by default key information and the 4th acquisition module 550
The synchronizing information obtaining in Secondary Synchronization Code carries out XOR, using the XOR obtaining result as the event factor in dynamic token 400,
Judge that the event factor in dynamic token 400 is right with dynamic token 400 with certificate server 500 with certificate server 500
Whether the number of times difference between the event factor answered is more than the second offset threshold;
Correspondingly, above-mentioned 6th judging submodule 626, specifically for by default key information and the 4th acquisition module
In 550 Secondary Synchronization Codes obtain synchronizing information carry out XOR, using the XOR obtaining result as the event in dynamic token 400 because
Son, judges whether the event factor in dynamic token 400 is successful more than the certification corresponding, the last with dynamic token 400
Number of times.
Above-mentioned 4th judging submodule 622, can also be specifically for by default key information and the 4th acquisition module 550
The synchronizing information obtaining in Secondary Synchronization Code carries out XOR, the XOR obtaining result is replaced in certificate server 500 and makes with dynamic
The data of the preset length of lowest order in the corresponding event factor of board 400, the data obtaining after replacing is as dynamic token 400
In event factor, judge that the event factor in dynamic token 400 is corresponding with dynamic token 400 with certificate server 500
Whether the number of times difference between event factor is more than the second offset threshold;
Correspondingly, above-mentioned 6th judging submodule 626, specifically for by default key information and the 4th acquisition module
The synchronizing information obtaining in 550 Secondary Synchronization Codes carries out XOR, the XOR obtaining result is replaced in certificate server 500 and dynamic
The data of the preset length of lowest order in the corresponding event factor of token 400, the data obtaining after replacing is as dynamic token
Event factor in 400, judges whether the event factor in dynamic token 400 is more than corresponding with dynamic token 400, nearest one
Secondary certification number of success.
In the embodiment of the present invention, certificate server 500 generates random number, and this random number is saved as and dynamic token
400 corresponding challenge codes;Dynamic token 400 obtains the random number that certificate server 500 generates, and according to this generating random number one
Individual synchronous code, certificate server 500 passes through to compare the generation time of challenge code corresponding with dynamic token 400 and obtaining of synchronous code
Take the time, the effectiveness of the synchronous code that dynamic token 400 generates is judged, and the challenge code being generated using itself, to same
Step code is verified, the token side-play amount after being verified, itself being preserved is updated, thus improve synchronous success
Rate, prevents the malevolent sync causing due to the synchronous code using wrong or delay.
Hardware, computing device can directly be used in conjunction with the step in the method for the embodiments described herein description
Software module, or the combination of the two is implementing.Software module can be placed in random access memory (ram), internal memory, read only memory
(rom), electrically programmable rom, electrically erasable rom, depositor, hard disk, moveable magnetic disc, cd-rom or technical field
In interior known any other form of storage medium.
The above, the only specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, and any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, all should contain
Cover within protection scope of the present invention.Therefore, protection scope of the present invention should described be defined by scope of the claims.
Claims (40)
1. a kind of synchronous method of dynamic token is it is characterised in that comprise the following steps:
S1, certificate server receive the synchronization request from main frame, obtain the serial number of dynamic token from described synchronization request,
And generate random number, and described random number is saved as challenge code corresponding with the serial number of described dynamic token, will be described random
Number returns to described main frame and is shown;
S2, described dynamic token obtain described random number, according to the dynamic factor in described random number and described dynamic token
And seed key, generate answer back code, and synchronizing information is generated according to described answer back code and described dynamic factor;
Described synchronizing information and described answer back code are combined into synchronous code by s3, described dynamic token, and described synchronous code is carried out
Display;
S4, described certificate server obtain the serial number of described synchronous code and described dynamic token;
S5, described certificate server obtain described answer back code and described synchronizing information from described synchronous code, according to described dynamic
The serial number of token inquires about seed key corresponding with described dynamic token and challenge code;
S6, described certificate server are using the seed key inquiring and challenge code, and the institute obtaining from described synchronous code
State synchronizing information, the answer back code obtaining from described synchronous code is verified, if the verification passes, then execution step s8;No
Then, execution step s7;
S7, described certificate server send synchronization failure message to described main frame;
S8, described certificate server are according in the described synchronizing information obtaining from described synchronous code and described certificate server
Dynamic factor, update described certificate server in token side-play amount corresponding with described dynamic token.
2. the method for claim 1 is it is characterised in that after described certificate server generation random number, also include:
The generation time of random number described in described certificate server record;
After described step s4, also include:
The acquisition time of synchronous code described in described certificate server record, the serial number according to described dynamic token is inquired about corresponding
The generation time of challenge code, judge described synchronous code obtains the time whether after the generation time of described challenge code first
In preset duration, if it is, execution step s5;Otherwise, send synchronization failure message to described main frame.
3. the method for claim 1 it is characterised in that described dynamic token according to described answer back code and described dynamic because
Son generates synchronizing information, particularly as follows:
Described dynamic token carries out XOR to described answer back code and described dynamic factor, and the XOR obtaining result is close with default
Key information carries out XOR, obtains described synchronizing information;
Described step s6, particularly as follows:
Described default key information is carried out XOR with the synchronizing information obtaining from described synchronous code by described certificate server,
Using the XOR obtaining result as dynamic factor, according to the described seed key inquiring and challenge code, according to dynamic with described
Token generates answer back code identical method, generates answer back code, and judges whether the answer back code generating obtains with from described synchronous code
The answer back code taking is identical, if it is, the answer back code of the described acquisition of confirmation is verified;Otherwise, it determines the response of described acquisition
Code checking is not passed through.
4. the method for claim 1 it is characterised in that described dynamic token according to described answer back code and described dynamic because
Son generates synchronizing information, particularly as follows:
Described dynamic token generates key information according to the seed key in preset data and described dynamic token, to described response
Code and described dynamic factor carry out XOR, the XOR obtaining result and described key information are carried out XOR, obtains described synchronization
Information;
Described step s6, particularly as follows:
The described seed key inquiring and described preset data are carried out XOR by described certificate server, and the key obtaining is believed
Breath carries out XOR, using the XOR obtaining result as dynamic factor, according to institute with the synchronizing information obtaining from described synchronous code
State the seed key inquiring and challenge code, generate answer back code identical method according to described dynamic token, generate answer back code,
And judge that the answer back code whether answer back code generating obtains with from described synchronous code is identical, if it is, confirming described acquisition
Answer back code be verified;Otherwise, it determines the answer back code checking of described acquisition is not passed through.
5. the method for claim 1 it is characterised in that described dynamic token according to described answer back code and described dynamic because
Son generates synchronizing information, particularly as follows:
Described dynamic token from the beginning of the lowest order of described dynamic factor, choose preset length data, by choose data with
Answer back code carries out XOR, the XOR obtaining result and default key information is carried out XOR, obtains synchronizing information;
Described step s6, particularly as follows:
Described default key information is carried out XOR with the synchronizing information obtaining from described synchronous code by described certificate server,
The XOR obtaining result is replaced the data of the preset length of lowest order in the dynamic factor in described certificate server, will replace
The data obtaining afterwards as dynamic factor, according to the described seed key inquiring and challenge code, according to described dynamic token
Generate answer back code identical method, generate answer back code, and judge the answer back code generating whether with obtain from described synchronous code
Answer back code is identical, if it is, the answer back code of the described acquisition of confirmation is verified;Otherwise, it determines the answer back code of described acquisition is tested
Card does not pass through.
6. the method for claim 1 it is characterised in that described dynamic token according to described answer back code and described dynamic because
Son generates synchronizing information, particularly as follows:
Described dynamic token generates key information according to the seed key in preset data and described dynamic token, from described dynamic
The lowest order of the factor starts, and chooses the data of preset length, the data of selection and described answer back code is carried out XOR, by obtain
XOR result and described key information carry out XOR, obtain described synchronizing information;
Described step s6, particularly as follows:
The described seed key inquiring and described preset data are carried out XOR by described certificate server, and the key obtaining is believed
Breath carries out XOR with the synchronizing information obtaining from described synchronous code, and the XOR obtaining result is replaced in described certificate server
Dynamic factor in lowest order preset length data, after replacing, the data that obtains, as dynamic factor, is looked into according to described
The seed key ask and challenge code, generate answer back code identical method according to described dynamic token, generate answer back code, and sentence
The answer back code whether answer back code that medium well becomes obtains with from described synchronous code is identical, if it is, confirming answering of described acquisition
Answer code to be verified;Otherwise, it determines the answer back code checking of described acquisition is not passed through.
7. the method for claim 1 is it is characterised in that when described dynamic token is time type dynamic token, described dynamic
The state factor is time factor, and the token side-play amount in described certificate server is token shift time;
Described step s8, particularly as follows:
A1, described certificate server obtain corresponding with described dynamic token nearest that present system time is preserved with itself
Difference between secondary lock in time, according to described difference and the first default step size computation first offset threshold;
A2, described certificate server judge the time factor in described dynamic token and the time factor in described certificate server
Between time difference whether be more than described first offset threshold, if it is, execution step a3;Otherwise, execution step a4;
A3, described certificate server send synchronization failure message to described main frame;
A4, described certificate server update the token corresponding with described dynamic token of itself preservation according to described time difference
Shift time, and described present system time is saved as lock in time corresponding with described dynamic token, send out to described main frame
Send synchronous success message.
8. method as claimed in claim 7 it is characterised in that described certificate server judge in described dynamic token when
Between after time difference between time factor in the factor and described certificate server is more than described first offset threshold, also wrap
Include:
Described certificate server judges described present system time the last lock in time corresponding with described dynamic token
Between difference, if more than the second preset duration, if it is, execution step a4;Otherwise, execution step a3.
9. method as claimed in claim 7 is it is characterised in that before described step a1, also include:
It is corresponding with described dynamic token that a0, described certificate server judge whether the time factor in described dynamic token is more than
, the last certification success time, if it is, execution step a1;Otherwise, execution step a3.
10. method as claimed in claim 9 is it is characterised in that described step a2, particularly as follows:
The described seed key inquiring and preset data are carried out XOR by described certificate server, by the key information obtaining with
The synchronizing information obtaining from described synchronous code carries out XOR, using the XOR obtaining result as the time in described dynamic token
The factor, judges that the time difference between the time factor in the time factor in described dynamic token and described certificate server is
No more than described first offset threshold;If it is, execution step a3;Otherwise, execution step a4;
Described step a0, particularly as follows:
The described seed key inquiring and described preset data are carried out XOR by described certificate server, and the key obtaining is believed
Breath carries out XOR, using the XOR obtaining result as in described dynamic token with the synchronizing information obtaining from described synchronous code
Time factor, judges whether the time factor in described dynamic token is more than corresponding with described dynamic token, the last
The certification success time, if it is, execution step a1;Otherwise, execution step a3.
11. methods as claimed in claim 9 it is characterised in that described step a2, particularly as follows:
The described seed key inquiring and preset data are carried out XOR by described certificate server, by the key information obtaining with
From described synchronous code obtain synchronizing information carry out XOR, by the XOR obtaining result replace described certificate server in when
Between in the factor preset length of lowest order data, the data that will obtain after replacing as the time in described dynamic token because
Son, judges time difference between the time factor in the time factor and described certificate server in described dynamic token whether
More than described first offset threshold, if it is, execution step a3;Otherwise, execution step a4;
Described step a0, particularly as follows:
The described seed key inquiring and described preset data are carried out XOR by described certificate server, and the key obtaining is believed
Breath carries out XOR with the synchronizing information obtaining from described synchronous code, and the XOR obtaining result is replaced in described certificate server
Time factor in lowest order preset length data, after replacing, the data that obtains is as the time in described dynamic token
The factor, judges whether the time factor in described dynamic token is more than the certification corresponding, the last with described dynamic token
The successful time, if it is, execution step a1;Otherwise, execution step a3.
12. methods as claimed in claim 9 it is characterised in that described step a2, particularly as follows:
Default key information is carried out XOR with the synchronizing information obtaining from described synchronous code by described certificate server, will
To XOR result as the time factor in described dynamic token, judge that the time factor in described dynamic token is recognized with described
Whether the time difference between time factor in card server is more than described first offset threshold, if it is, execution step
a3;Otherwise, execution step a4;
Described step a0, particularly as follows:
Described default key information is carried out XOR with the synchronizing information obtaining from described synchronous code by described certificate server,
Using the XOR obtaining result as the time factor in described dynamic token, judge time factor in described dynamic token whether
More than the certification success time corresponding, the last with described dynamic token, if it is, execution step a1;Otherwise, execute
Step a3.
13. methods as claimed in claim 9 it is characterised in that described step a2, particularly as follows:
Default key information is carried out XOR with the synchronizing information obtaining from described synchronous code by described certificate server, will
To XOR result replace described certificate server in time factor in lowest order preset length data, will obtain after replacing
To data as the time factor in described dynamic token, judge the time factor in described dynamic token and described certification clothes
Whether the time difference between time factor in business device is more than described first offset threshold, if it is, execution step a3;No
Then, execution step a4;
Described step a0, particularly as follows:
Described default key information is carried out XOR with the synchronizing information obtaining from described synchronous code by described certificate server,
The XOR obtaining result is replaced the data of the preset length of lowest order in the time factor in described certificate server, will replace
The data obtaining afterwards, as the time factor in described dynamic token, judges whether the time factor in described dynamic token is more than
The certification success time corresponding, the last with described dynamic token, if it is, execution step a1;Otherwise, execution step
a3.
14. the method for claim 1 are it is characterised in that when described dynamic token is event mode dynamic token, described dynamic
The state factor is event factor, and the token side-play amount in described certificate server offsets number of times for token;
Described step s8, particularly as follows:
B1, described certificate server obtain corresponding with described dynamic token nearest that present system time is preserved with itself
Difference between secondary lock in time, according to described difference and the second default step size computation second offset threshold;
B2, described certificate server judge that the event factor in described dynamic token is dynamic with described with described certificate server
Whether the number of times difference between the corresponding event factor of token is more than described second offset threshold, if it is, execution step b3;
Otherwise, execution step b4;
B3, described certificate server send synchronization failure message to described main frame;
B4, described certificate server update the token corresponding with described dynamic token of itself preservation according to described number of times difference
Skew number of times, and described present system time is saved as lock in time corresponding with described dynamic token, send out to described main frame
Send synchronous success message.
15. methods as claimed in claim 14 are it is characterised in that described certificate server judges the thing in described dynamic token
Number of times difference between the part factor and event factor corresponding with described dynamic token in described certificate server is more than described the
After two offset threshold, also include:
Described certificate server judges described present system time the last lock in time corresponding with described dynamic token
Between difference, if more than the 3rd preset duration, if it is, execution step b4;Otherwise, execution step b3.
16. methods as claimed in claim 14 are it is characterised in that before described step b1, also include:
It is corresponding with described dynamic token that b0, described certificate server judge whether the event factor in described dynamic token is more than
, the last certification number of success, if it is, execution step b1;Otherwise, execution step b3.
17. methods as claimed in claim 16 it is characterised in that described step b2, particularly as follows:
The described seed key inquiring and preset data are carried out XOR by described certificate server, by the key information obtaining with
The synchronizing information obtaining from described synchronous code carries out XOR, using the XOR obtaining result as the event in described dynamic token
The factor, judge event factor in described dynamic token and event corresponding with described dynamic token in described certificate server because
Whether the number of times difference between son is more than described second offset threshold, if it is, execution step b3;Otherwise, execution step b4;
Described step b0, particularly as follows:
The described seed key inquiring and described preset data are carried out XOR by described certificate server, and the key obtaining is believed
Breath carries out XOR, using the XOR obtaining result as in described dynamic token with the synchronizing information obtaining from described synchronous code
Event factor, judges whether the event factor in described dynamic token is more than corresponding with described dynamic token, the last
Certification number of success, if it is, execution step b1;Otherwise, execution step b3.
18. methods as claimed in claim 16 it is characterised in that described step b2, particularly as follows:
The described seed key inquiring and preset data are carried out XOR by described certificate server, by the key information obtaining with
From described synchronous code obtain synchronizing information carry out XOR, by the XOR obtaining result replace described certificate server in institute
State the data of the preset length of lowest order in the corresponding event factor of dynamic token, the data that will obtain after replacing is moved as described
Event factor in state token, judge in event factor in described dynamic token and described certificate server with described dynamic order
Whether the number of times difference between the corresponding event factor of board is more than described second offset threshold, if it is, execution step b3;No
Then, execution step b4;
Described step b0, particularly as follows:
The described seed key inquiring and described preset data are carried out XOR by described certificate server, and the key obtaining is believed
Breath carries out XOR with the synchronizing information obtaining from described synchronous code, and the XOR obtaining result is replaced in described certificate server
The data of the preset length of lowest order in event factor corresponding with described dynamic token, the data obtaining after replacing is as institute
State the event factor in dynamic token, judge whether the event factor in described dynamic token is more than corresponding with described dynamic token
, the last certification number of success, if it is, execution step b1;Otherwise, execution step b3.
19. methods as claimed in claim 16 it is characterised in that described step b2, particularly as follows:
Default key information is carried out XOR with the synchronizing information obtaining from described synchronous code by described certificate server, will
To XOR result as the event factor in described dynamic token, judge that the event factor in described dynamic token is recognized with described
In card server, whether the number of times difference between event factor corresponding with described dynamic token in described certificate server is big
In described second offset threshold, if it is, execution step b3;Otherwise, execution step b4;
Described step b0, particularly as follows:
Described default key information is carried out XOR with the synchronizing information obtaining from described synchronous code by described certificate server,
Using the XOR obtaining result as the event factor in described dynamic token, judge event factor in described dynamic token whether
More than the certification number of success corresponding, the last with described dynamic token, if it is, execution step b1;Otherwise, execute
Step b3.
20. methods as claimed in claim 16 it is characterised in that described step b2, particularly as follows:
Default key information is carried out XOR with the synchronizing information obtaining from described synchronous code by described certificate server, will
To XOR result replace the default length of lowest order in event factor corresponding with described dynamic token in described certificate server
The data of degree, the data obtaining after replacing, as the event factor in described dynamic token, judges in described dynamic token
Whether the number of times difference between event factor and event factor corresponding with described dynamic token in described certificate server is more than
Described second offset threshold, if it is, execution step b3;Otherwise, execution step b4;
Described step b0, particularly as follows:
Described default key information is carried out XOR with the synchronizing information obtaining from described synchronous code by described certificate server,
The XOR obtaining result is replaced in described certificate server the pre- of lowest order in event factor corresponding with described dynamic token
If the data of length, the data obtaining after replacing, as the event factor in described dynamic token, judges described dynamic token
In event factor whether more than the certification number of success corresponding, the last with described dynamic token, if it is, execution
Step b1;Otherwise, execution step b3.
A kind of 21. synchronization systems of dynamic token are it is characterised in that include dynamic token, main frame and certificate server;
Wherein, described dynamic token includes:
First acquisition module, for obtaining the random number that described certificate server generates;
First generation module, in the described random number that got according to described first acquisition module and described dynamic token
Dynamic factor and seed key, generate answer back code;
Second generation module, described answer back code and the generation of described dynamic factor for being generated according to described first generation module are same
Step information;
Composite module, for generate the described synchronizing information of described second generation module generation and described first generation module
Described answer back code is combined into synchronous code;
Display module, the described synchronous code for obtaining to the combination of described composite module shows;
Described certificate server, comprising:
Receiver module, for receiving the synchronization request from described main frame;
Second acquisition module, for obtaining the sequence of described dynamic token in the described synchronization request that receives from described receiver module
Row number;
3rd generation module, after receiving described synchronization request in described receiver module, generate random number, by described with
Machine number saves as the corresponding challenge code of serial number of the described dynamic token getting with described second acquisition module;
3rd acquisition module, for obtaining the described synchronous code of described dynamic token generation and the serial number of described dynamic token;
4th acquisition module, for obtaining described answer back code and institute from the described synchronous code that described 3rd acquisition module gets
State synchronizing information;
Enquiry module, the serial number inquiry of the described dynamic token for being got according to described 3rd acquisition module is dynamic with described
The corresponding seed key of state token and challenge code;
Authentication module, for the seed key that inquired using described enquiry module and challenge code, and described 4th acquisition mould
The described synchronizing information that block obtains from described synchronous code, verifies to the answer back code obtaining from described synchronous code;
Update module, for when described authentication module is verified to described answer back code, according to described 4th acquisition module from
Dynamic factor in the described synchronizing information obtaining in described synchronous code and described certificate server, updates described authentication service
Token side-play amount corresponding with described dynamic token in device;
Sending module, the described random number for generating described 3rd generation module returns to described main frame and is shown, and
When described authentication module does not pass through to the checking of described answer back code, send synchronization failure message to described main frame.
22. systems as claimed in claim 21 are it is characterised in that described certificate server also includes:
Logging modle, after generating random number in described 3rd generation module, records the generation time of described random number, will
The generation time of described random number saves as the generation time of challenge code corresponding with the serial number of described dynamic token;Described
After 3rd acquisition module obtains described synchronous code, record the acquisition time of described synchronous code;
Described enquiry module, the serial number inquiry of the described dynamic token being additionally operable to be got according to described 3rd acquisition module is right
The generation time of the challenge code answered;
Described certificate server, also includes:
Judge module, for judge described logging modle record described synchronous code the acquisition time whether in described enquiry module
In the first preset duration after the generation time of the described challenge code inquiring;
Described sending module, is additionally operable to judge the acquisition time of described synchronous code not in described challenge code in described judge module
The generation time after the first preset duration in when, to described main frame send synchronization failure message;
Described 4th acquisition module, the acquisition time specifically for judging described synchronous code in described judge module chooses described
When in the first preset duration after the generation time of war code, obtain from the described synchronous code that described 3rd acquisition module gets
Take described answer back code and described synchronizing information.
23. systems as claimed in claim 21 it is characterised in that
Described second generation module, specifically for described first generation module generate described answer back code and described dynamic factor
Carry out XOR, the XOR obtaining result and default key information are carried out XOR, obtains described synchronizing information;
Described authentication module, specifically for by described default key information and described 4th acquisition module from described synchronous code
The synchronizing information obtaining carries out XOR, using the XOR obtaining result as dynamic factor, is inquired according to described enquiry module
Seed key and challenge code, generate answer back code identical method according to described dynamic token, generate answer back code, and judge to generate
The answer back code that whether obtains with from described synchronous code of answer back code identical, if it is, confirming that the answer back code of described acquisition is tested
Card passes through;Otherwise, it determines the answer back code checking of described acquisition is not passed through.
24. systems as claimed in claim 21 it is characterised in that
Described second generation module, specifically for generating key letter according to the seed key in preset data and described dynamic token
Breath, the described answer back code that described first generation module is generated and described dynamic factor carry out XOR, by the XOR obtaining result
Carry out XOR with described key information, obtain described synchronizing information;
Described authentication module, seed key and the described preset data specifically for inquiring described enquiry module carries out different
Or, the synchronizing information obtaining the key information obtaining and described 4th acquisition module from described synchronous code carries out XOR, will
The XOR result obtaining as dynamic factor, the seed key being inquired according to described enquiry module and challenge code, according to institute
State dynamic token and generate answer back code identical method, generate answer back code, and judge the answer back code generating whether with from described synchronization
The answer back code obtaining in code is identical, if it is, the answer back code of the described acquisition of confirmation is verified;Otherwise, it determines described acquisition
Answer back code checking do not pass through.
25. systems as claimed in claim 21 it is characterised in that
Described second generation module, specifically for, from the beginning of the lowest order of described dynamic factor, choosing the data of preset length, will
Choose data with described first generation module generate described answer back code carry out XOR, by the XOR obtaining result with default
Key information carries out XOR, obtains synchronizing information;
Described authentication module, specifically for by described default key information and described 4th acquisition module from described synchronous code
The synchronizing information obtaining carries out XOR, the XOR obtaining result is replaced lowest order in the dynamic factor in described certificate server
Preset length data, after replacing, the data that obtains is as dynamic factor, the seed being inquired according to described enquiry module
Key and challenge code, generate answer back code identical method according to described dynamic token, generate answer back code, and judge that generate answers
Answer whether code is identical with the answer back code of acquisition from described synchronous code, if it is, the answer back code checking of the described acquisition of confirmation is logical
Cross;Otherwise, it determines the answer back code checking of described acquisition is not passed through.
26. systems as claimed in claim 21 it is characterised in that
Described second generation module, specifically for generating key letter according to the seed key in preset data and described dynamic token
Breath, from the beginning of the lowest order of described dynamic factor, chooses the data of preset length, by the data chosen and described first generation mould
The described answer back code that block generates carries out XOR, and the XOR obtaining result and described key information are carried out XOR, obtains described same
Step information;
Described authentication module, seed key and the described preset data specifically for inquiring described enquiry module carries out different
Or, the synchronizing information obtaining the key information obtaining and described 4th acquisition module from described synchronous code carries out XOR, will
The data of the preset length of lowest order in dynamic factor in the XOR result described certificate server of replacement obtaining, after replacing
The data obtaining, as dynamic factor, according to the described seed key inquiring and challenge code, is given birth to according to described dynamic token
Become answer back code identical method, generate answer back code, and judge the answer back code generating whether with obtain from described synchronous code should
Answer code-phase with if it is, the answer back code of the described acquisition of confirmation is verified;Otherwise, it determines the answer back code checking of described acquisition
Do not pass through.
27. systems as claimed in claim 21 it is characterised in that described dynamic token be time type dynamic token when, described
Dynamic factor is time factor, and the token side-play amount in described certificate server is token shift time;
Described update module, specifically includes:
First calculating sub module, for obtain that present system time and itself preserve corresponding with described dynamic token recently
The difference between lock in time once, according to described difference and the first default step size computation first offset threshold;
First judging submodule, for judge the time in the time factor in described dynamic token and described certificate server because
Described first the offset threshold whether time difference between son calculates more than described first calculating sub module;
First sending submodule, for judging the time factor in described dynamic token and institute in described first judging submodule
When stating time difference between the time factor in certificate server and being more than described first offset threshold, to described main frame send with
Step failed message;Judge the time factor in described dynamic token and described certificate server in described first judging submodule
In time factor between time difference when being not more than described first offset threshold, send to described main frame and synchronous successfully disappear
Breath;
First renewal submodule, for judging the time factor in described dynamic token and institute in described first judging submodule
When stating time difference between the time factor in certificate server and being not more than described first offset threshold, according to described time difference
Value updates the token shift time corresponding with described dynamic token that itself preserves, and described present system time is saved as
Lock in time corresponding with described dynamic token.
28. systems as claimed in claim 27, it is characterised in that described update module, also include:
Second judging submodule, for judging the time factor in described dynamic token and institute in described first judging submodule
State after time difference between the time factor in certificate server is more than described first offset threshold, judge described current system
Difference between the last lock in time corresponding with described dynamic token system time, if more than the second preset duration;
Described first sending submodule, specifically for judging described present system time and institute in described second judging submodule
When stating difference no more than the second preset duration between dynamic token corresponding the last lock in time, send out to described main frame
Send synchronization failure message;
Judge described present system time the last time corresponding with described dynamic token in described second judging submodule
When difference between lock in time is more than the second preset duration, and, judge described dynamic in described first judging submodule
The time difference between the time factor in time factor and described certificate server in token is not more than described first skew
During threshold value, send synchronous success message to described main frame;
Described first renewal submodule, be additionally operable to described second judging submodule judge described present system time with described
When difference between dynamic token corresponding the last lock in time is more than the second preset duration, according to described time difference
Update itself preserve token shift time corresponding with described dynamic token, and by described present system time save as with
Described dynamic token corresponding lock in time.
29. systems as claimed in claim 27, it is characterised in that described update module, also include:
Whether the 3rd judging submodule, for judging the time factor in described dynamic token more than corresponding with described dynamic token
, the last certification success time;
Described first calculating sub module, specifically for judging the time in described dynamic token in described 3rd judging submodule
When the factor is more than corresponding, the last with the described dynamic token certification success time, obtain present system time and itself
Difference between the last lock in time corresponding with described dynamic token preserving, pre- according to described difference and first
If step size computation first offset threshold;
Described first sending submodule, be additionally operable to described 3rd judging submodule judge time in described dynamic token because
When son is not more than the certification success time corresponding, the last with described dynamic token, send synchronization failure to described main frame
Message.
30. systems as claimed in claim 29 it is characterised in that
Described first judging submodule, seed key and the preset data specifically for inquiring described enquiry module carries out different
Or, the synchronizing information obtaining the key information obtaining and described 4th acquisition module from described synchronous code carries out XOR, will
The XOR result obtaining as the time factor in described dynamic token, judge time factor in described dynamic token with described
Whether the time difference between time factor in certificate server is more than described first offset threshold;
Described 3rd judging submodule, seed key and described preset data specifically for inquiring described enquiry module enter
Row XOR, the synchronizing information that the key information obtaining is obtained from described synchronous code with described 4th acquisition module carries out different
Or, using the XOR obtaining result as the time factor in described dynamic token, judging the time factor in described dynamic token
Whether more than the certification success time corresponding, the last with described dynamic token.
31. systems as claimed in claim 29 it is characterised in that
Described first judging submodule, seed key and the preset data specifically for inquiring described enquiry module carries out different
Or, the synchronizing information obtaining the key information obtaining and described 4th acquisition module from described synchronous code carries out XOR, will
The data of the preset length of lowest order in time factor in the XOR result described certificate server of replacement obtaining, after replacing
The data obtaining, as the time factor in described dynamic token, judges the time factor in described dynamic token and described certification
Whether the time difference between time factor in server is more than described first offset threshold;
Described 3rd judging submodule, seed key and described preset data specifically for inquiring described enquiry module enter
Row XOR, the synchronizing information that the key information obtaining is obtained from described synchronous code with described 4th acquisition module carries out different
Or, the XOR obtaining result is replaced the data of the preset length of lowest order in the time factor in described certificate server, will
The data obtaining after replacement as the time factor in described dynamic token, judges time factor in described dynamic token whether
More than the certification success time corresponding, the last with described dynamic token.
32. systems as claimed in claim 29 it is characterised in that
Described first judging submodule, specifically for by default key information and described 4th acquisition module from described synchronous code
The synchronizing information of middle acquisition carries out XOR, using the XOR obtaining result as the time factor in described dynamic token, judges institute
Whether state time difference between the time factor in the time factor and described certificate server in dynamic token more than described
First offset threshold;
Described 3rd judging submodule, specifically for by described default key information and described 4th acquisition module from described with
The synchronizing information obtaining in step code carries out XOR, using the XOR obtaining result as the time factor in described dynamic token, sentences
When whether the time factor broken in described dynamic token is successful more than the certification corresponding, the last with described dynamic token
Between.
33. systems as claimed in claim 29 it is characterised in that
Described first judging submodule, specifically for by default key information and described 4th acquisition module from described synchronous code
The synchronizing information of middle acquisition carries out XOR, the XOR obtaining result is replaced minimum in the time factor in described certificate server
The data of the preset length of position, the data obtaining after replacing, as the time factor in described dynamic token, judges described dynamic
Whether the time difference between the time factor in time factor and described certificate server in state token is more than described first
Offset threshold;
Described 3rd judging submodule, specifically for by described default key information and described 4th acquisition module from described with
The synchronizing information obtaining in step code carries out XOR, and the XOR obtaining result is replaced in the time factor in described certificate server
The data of the preset length of lowest order, the data obtaining after replacing, as the time factor in described dynamic token, judges institute
State whether the time factor in dynamic token is more than the certification success time corresponding, the last with described dynamic token.
34. systems as claimed in claim 21 it is characterised in that described dynamic token be event mode dynamic token when, described
Dynamic factor is event factor, and the token side-play amount in described certificate server offsets number of times for token;
Described update module, specifically includes:
Second calculating sub module, for obtain that present system time and itself preserve corresponding with described dynamic token recently
The difference between lock in time once, according to described difference and the second default step size computation second offset threshold;
4th judging submodule, dynamic with described with described certificate server for judging the event factor in described dynamic token
Number of times difference between the corresponding event factor of state token whether calculate more than described second calculating sub module described second
Offset threshold;
Second sending submodule, for judging the event factor in described dynamic token and institute in described 4th judging submodule
State the number of times difference between event factor corresponding with described dynamic token in certificate server and be more than described second calculating submodule
During described second offset threshold that block calculates, send synchronization failure message to described main frame;In described 4th judging submodule
Judge the event factor in described dynamic token and event factor corresponding with described dynamic token in described certificate server
Between number of times difference be not more than described second calculating sub module calculate described second offset threshold when, send out to described main frame
Send synchronous success message;
Second renewal submodule, for judging the event factor in described dynamic token and institute in described 4th judging submodule
State the number of times difference between event factor corresponding with described dynamic token in certificate server and be not more than described second calculating
During described second offset threshold that module calculates, itself preservation and described dynamic token is updated according to described number of times difference
Corresponding token offsets number of times, and described present system time is saved as lock in time corresponding with described dynamic token.
35. systems as claimed in claim 34, it is characterised in that described update module, also include:
5th judging submodule, for judging the event factor in described dynamic token and institute in described 4th judging submodule
State the number of times difference between event factor corresponding with described dynamic token in certificate server and be more than described second offset threshold
Afterwards, judge the difference between described present system time the last lock in time corresponding with described dynamic token, be
No it is more than the 3rd preset duration;
Described second sending submodule, specifically for judging described present system time and institute in described 5th judging submodule
When stating difference no more than three preset duration between dynamic token corresponding the last lock in time, send out to described main frame
Send synchronization failure message;
Judge described present system time the last time corresponding with described dynamic token in described 5th judging submodule
When difference between lock in time is more than three preset duration, and, judge described dynamic in described 4th judging submodule
Number of times difference between event factor in token and event factor corresponding with described dynamic token in described certificate server
When being not more than described second offset threshold, send synchronous success message to described main frame;
Described second renewal submodule, be additionally operable to described 5th judging submodule judge described present system time with described
When difference between dynamic token corresponding the last lock in time is more than three preset duration, according to described number of times difference
Update token corresponding with the described dynamic token skew number of times itself preserving, and by described present system time save as with
Described dynamic token corresponding lock in time.
36. systems as claimed in claim 34, it is characterised in that described update module, also include:
Whether the 6th judging submodule, for judging the event factor in described dynamic token more than corresponding with described dynamic token
, the last certification number of success;
Described second calculating sub module, specifically for judging the event in described dynamic token in described 6th judging submodule
When the factor is more than corresponding, the last with described dynamic token certification number of success, obtain present system time and itself
Difference between the last lock in time corresponding with described dynamic token preserving, pre- according to described difference and second
If step size computation second offset threshold;
Described second sending submodule, be additionally operable to described 6th judging submodule judge event in described dynamic token because
When son is not more than the certification number of success corresponding, the last with described dynamic token, send synchronization failure to described main frame
Message.
37. systems as claimed in claim 36 it is characterised in that
Described 4th judging submodule, seed key and the preset data specifically for inquiring described enquiry module carries out different
Or, the synchronizing information obtaining the key information obtaining and described 4th acquisition module from described synchronous code carries out XOR, will
The XOR result obtaining as the event factor in described dynamic token, judge event factor in described dynamic token with described
In certificate server, whether the number of times difference between event factor corresponding with described dynamic token is more than described second skew threshold
Value;
Described 6th judging submodule, seed key and described preset data specifically for inquiring described enquiry module enter
Row XOR, the synchronizing information that the key information obtaining is obtained from described synchronous code with described 4th acquisition module carries out different
Or, using the XOR obtaining result as the event factor in described dynamic token, judging the event factor in described dynamic token
Whether more than the certification number of success corresponding, the last with described dynamic token.
38. systems as claimed in claim 36 it is characterised in that
Described 4th judging submodule, seed key and the preset data specifically for inquiring described enquiry module carries out different
Or, the synchronizing information obtaining the key information obtaining and described 4th acquisition module from described synchronous code carries out XOR, will
In event factor corresponding with described dynamic token in the XOR result described certificate server of replacement obtaining, lowest order is default
The data of length, the data obtaining after replacing, as the event factor in described dynamic token, judges in described dynamic token
Event factor whether big with the number of times difference between event factor corresponding with described dynamic token in described certificate server
In described second offset threshold;
Described 6th judging submodule, seed key and described preset data specifically for inquiring described enquiry module enter
Row XOR, the synchronizing information that the key information obtaining is obtained from described synchronous code with described 4th acquisition module carries out different
Or, the XOR obtaining result is replaced lowest order in event factor corresponding with described dynamic token in described certificate server
The data of preset length, the data obtaining after replacing, as the event factor in described dynamic token, judges described dynamic order
Whether the event factor in board is more than the certification number of success corresponding, the last with described dynamic token.
39. systems as claimed in claim 36 it is characterised in that
Described 4th judging submodule, specifically for by default key information and described 4th acquisition module from described synchronous code
The synchronizing information of middle acquisition carries out XOR, using the XOR obtaining result as the event factor in described dynamic token, judges institute
The event factor stated in dynamic token is corresponding with described dynamic token with described certificate server with described certificate server
Event factor between number of times difference whether be more than described second offset threshold;
Described 6th judging submodule, specifically for by described default key information and described 4th acquisition module from described with
The synchronizing information obtaining in step code carries out XOR, using the XOR obtaining result as the event factor in described dynamic token, sentences
Whether the event factor breaking in described dynamic token is more than the certification success time corresponding, the last with described dynamic token
Number.
40. systems as claimed in claim 36 it is characterised in that
Described 4th judging submodule, specifically for by default key information and described 4th acquisition module from described synchronous code
The synchronizing information of middle acquisition carries out XOR, by the XOR obtaining result replace described certificate server in described dynamic token pair
The data of the preset length of lowest order in the event factor answered, the data obtaining after replacing is as the thing in described dynamic token
The part factor, judges the event factor in described dynamic token and event corresponding with described dynamic token in described certificate server
Whether the number of times difference between the factor is more than described second offset threshold;
Described 6th judging submodule, specifically for by described default key information and described 4th acquisition module from described with
Step code in obtain synchronizing information carry out XOR, by the XOR obtaining result replace described certificate server in described dynamic order
The data of the preset length of lowest order in the corresponding event factor of board, the data obtaining after replacing is as in described dynamic token
Event factor, judge event factor in described dynamic token whether more than corresponding with described dynamic token, the last
Certification number of success.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410131504.7A CN103888470B (en) | 2014-04-02 | 2014-04-02 | Dynamic token synchronizing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410131504.7A CN103888470B (en) | 2014-04-02 | 2014-04-02 | Dynamic token synchronizing method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103888470A CN103888470A (en) | 2014-06-25 |
| CN103888470B true CN103888470B (en) | 2017-01-25 |
Family
ID=50957190
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410131504.7A Active CN103888470B (en) | 2014-04-02 | 2014-04-02 | Dynamic token synchronizing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103888470B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104104687B (en) * | 2014-07-28 | 2017-02-22 | 飞天诚信科技股份有限公司 | Safe login method and system |
| CN104184590B (en) * | 2014-09-01 | 2017-06-06 | 飞天诚信科技股份有限公司 | A kind of method and apparatus for activating dynamic token |
| CN104980449B (en) * | 2015-08-03 | 2018-05-08 | 上海携程商务有限公司 | The safety certifying method and system of network request |
| CN107770126A (en) * | 2016-08-16 | 2018-03-06 | 国民技术股份有限公司 | Personal identification method, system and dynamic token, mobile terminal, gateway device |
| CN109120396B (en) * | 2018-07-10 | 2021-11-26 | 成都安恒信息技术有限公司 | Use method of data encryption and decryption system based on challenge response code |
| CN113132113B (en) * | 2021-04-06 | 2022-07-01 | 鼎铉商用密码测评技术(深圳)有限公司 | Method, system and equipment for verifying correctness of dynamic token |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4885778A (en) * | 1984-11-30 | 1989-12-05 | Weiss Kenneth P | Method and apparatus for synchronizing generation of separate, free running, time dependent equipment |
| KR100187445B1 (en) * | 1996-06-05 | 1999-04-15 | 김광호 | Method and apparatus of rinsing wafer |
| CN101783731B (en) * | 2009-12-28 | 2012-05-23 | 飞天诚信科技股份有限公司 | Display method of dynamic password and dynamic token |
| CN102594803B (en) * | 2012-01-18 | 2016-03-23 | 深圳市文鼎创数据科技有限公司 | Information safety devices and server time synchronous method |
| CN102684881B (en) * | 2012-05-03 | 2016-05-25 | 飞天诚信科技股份有限公司 | A kind of authentication method of dynamic password and device |
| CN103441856A (en) * | 2013-09-06 | 2013-12-11 | 北京握奇智能科技有限公司 | Dynamic password authentication method and device |
-
2014
- 2014-04-02 CN CN201410131504.7A patent/CN103888470B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN103888470A (en) | 2014-06-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103888470B (en) | Dynamic token synchronizing method and system | |
| CN104243458B (en) | A kind of safe online game login method and system | |
| CN105516195B (en) | A kind of security certification system and its authentication method based on application platform login | |
| CN106789047A (en) | A kind of block chain identification system | |
| CN106506146A (en) | Based on the Transaction Information method of calibration of block chain technology, apparatus and system | |
| CN107480990A (en) | Block chain bookkeeping methods and device | |
| CN106487801A (en) | Information Authentication method and device based on block chain | |
| CN103957196B (en) | Synchronization method and system for information security equipment | |
| CN108521333A (en) | A kind of login method and system carrying out offline authentication based on dynamic password | |
| CN102684881A (en) | Authentication method and authentication device of dynamic password | |
| CN105429754B (en) | The management method and system of national standard Electronic Signature | |
| CN108696356A (en) | A kind of digital certificate delet method, apparatus and system based on block chain | |
| CN107347049A (en) | A kind of account method for authenticating and server | |
| CN103731413A (en) | Abnormal login handling method | |
| CN106549803A (en) | A kind of normal access part method under Intelligent storage cabinet unreliable network | |
| CN107005412A (en) | Information processor, message authentication method | |
| CN109756460A (en) | A kind of anti-replay-attack method and device | |
| CN110445792A (en) | Verification code generation method, verifying code verification method and identifying code login system | |
| Chien et al. | Robust and simple authentication protocol | |
| CN108924122A (en) | A kind of network enemy and we recognition methods and system | |
| CN110336663A (en) | A kind of PUFs based on block chain technology certificate scheme group to group | |
| CN105183402A (en) | Data storage method | |
| CN105224262A (en) | Data processing method | |
| CN104703173B (en) | The configuration of terminal applies account and detection method, apparatus and system | |
| Boureanu et al. | Mechanised models and proofs for distance-bounding |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |