CN104104672A - Method for establishing dynamic authorization code based on identity authentication - Google Patents
Method for establishing dynamic authorization code based on identity authentication Download PDFInfo
- Publication number
- CN104104672A CN104104672A CN201410304079.7A CN201410304079A CN104104672A CN 104104672 A CN104104672 A CN 104104672A CN 201410304079 A CN201410304079 A CN 201410304079A CN 104104672 A CN104104672 A CN 104104672A
- Authority
- CN
- China
- Prior art keywords
- authorization code
- dynamic authorization
- authentication
- mobile terminal
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention provides a method for establishing a dynamic authorization code based on identity authentication. A unified third party dynamic password cipher security authentication and security authorization service is established via a novel dynamic cipher editing mode, legal authentication of user identity of a dynamic password cipher and a technical mode of corresponding binding authorization of a user mobile terminal. Further, a lock of strict legal identity authentication is additionally arranged in application of the dynamic password cipher so that a user uses the dynamic password cipher to complete the authentication and authorization service under the state of complete legal identity authentication. Besides, the unified third party dynamic password cipher service is provided so that legal security authentication and authorization guarantee can be provided for assisting project teams with different sizes in development of various types of services.
Description
Technical field
The present invention relates to relevant mobile Internet, cloud computing and Internet of Things application, particularly, relate to based on user's legal capacity and authenticate to set up dynamic authorization code operation system, realizes user's account safety authentication and a kind of method of account safety mandate of ensureing.
Background technology
Authentication is the important component part of information security system, and its task is legitimacy and the authenticity of inspection user identity.Identity identifying technology is divided into: digital certificate (CA) authentication that static password authentication, dynamic password authentication, biotechnology authenticate and provide by third party etc.Static password authentication is the early stage authentication product of computer system, static characteristic and reusability because of static password, existing and easily to steal, easily conjecture, easily the safety defect such as crack, is a kind of weak identity authorization system, can only require lower information applied environment for safe class.
Biotechnology authentication comprises, fingerprint recognition, iris recognition, face recognition, vocal print, idiograph's identification etc., because it uses, generally need the configuration of specific identification equipment, environment for use be there are certain requirements, so the application that can not provide as a kind of popularity authentication and subscriber authorisation instruction.
Dynamic password is a kind of one-time password.Dynamic password is the password of change, and the operational factor that its change derives from generation password changes.Its key property is that each password producing changes, and can only use once, therefore effectively avoided by intrinsic security vulnerabilities of static password such as guessing, crack and reuse, as one of main authentication techniques, be widely used at present ecommerce, remote access, built-in system access, the authentication that subscriber authorisation instruction provides etc.
Ensure user's being perfectly safe of authentication and authorization, best bet is to build last a mandate of account authentication that illegal person cannot be obtained to user.Observed user account and authenticated mandate defence line, last Zhe road, malfeasant object finally cannot be realized, so all malfeasances have not just had necessity of implementing.Be exactly, no matter have leak how, illegal person to do successful effort how before, but finally must account directly authorize the malfeasance success that could obtain illegal person, if he finally cannot obtain this and finally authorize, he is engaged in malfeasance so has not just had necessity of implementing.
Building one cannot can directly be contacted by account system or the third party physical channel of active attack, and the authorization code being generated by this passage carry out completing user account authentication last determine authorize, be to user, to build one to allow illegal person cannot obtain this last best approach of authorizing.This shows how to build this third party physical channel, and generate by this physical channel the authorization code that fail safe has absolute assurance, this is to realize the key that ensures that user account is perfectly safe.
The existing patent of invention technology in existing dynamic password application technology and this field thereof, comprise the application of E-token dynamic password card technology, although it is relatively perfect to build the technology of this third party physical channel, how generates the authorization code with safety and also have some problems.If can not accomplish absolute protection user cipher, cause the generation of the problem of divulging a secret, can bring risk to equally login and the authorized transaction of user based on account password.If cannot be by its technology application extension to various different application scenes, particularly can not meet mobile terminal or the O2O service authorization application of self-aided terminal of landing, as bank paying, the Portable safety application of the contour security industry of mobile payment, just having there is obvious technical limitation in this, will be unfavorable for supporting whole industry development.
Be worth the relatively patent of invention of contrast, title: the single-point logging method based on cloud management and key management, the patent No.: 2012104712612.This patented technology mainly comprises: for logining user the cloud key login management system that entrance carries out concentrated authentication and record of the audit according to user identity, for cipher key user management system that all subscriber identity informations are merged to centralized stores storehouse, the user identity of each independent utility carried out to unified management, for supplying service system according to authorization resources and user data for authorization resources and user data that user supplies service.
Above-mentioned contrast patent of invention, although proposed a kind of safety certification pattern of user identity unified management, due to subscriber identity information collection source existing problems, equally also can easily cause the generation of the problem of divulging a secret.Chief reason is, the first provides false identity information and the not tight leak of audit to exist, so cannot definitely lock user's true identity.It two is the uses of obtaining of dynamic password, if not being the binding pattern one to one of E-token dynamic password card, is to lock real user user.Even it three is E-token dynamic password card binding patterns one to one; also after existing loss stolen; the risk that password code is stolen; the technology that causes this patent of invention to be protected; the scene high in some security requirements cannot be suitable for; the single application scene restriction of existing password board, cannot provide user more account authorization convenient management, and urgent need will be done the Depth Conformity Development of related application technology.
Summary of the invention
Problem for above-mentioned existence, the inventor is in conjunction with the inventor's mandate patent of invention, title: the root service system of personal identification, the patent No.: 2011102160995, by to its organic technical graft, the technical solution for the problems referred to above of the present invention has been proposed.The present invention is mainly individual legal capacity third party's unified certification and the authorization technique system based on this mandate patent of invention, set up legal authentication and the legal mandate of a set of realization to dynamic password password (being the said dynamic authorization code of the present invention) user's identity, and by the legal checking one to one of individual legal capacity authentication and subscriber phone number is bound, and other supporting technologies, finally realize the application safety guarantee of dynamic password cryptographic technique.Be mainly the application to general dynamic password password, then add the lock of a legal capacity authentication, and synchronous realization used the legal checking of terminal to bind to user's dynamic password password.Accomplish user's use to dynamic password password under legal capacity authentication state completely, guarantee being perfectly safe of dynamic password password use, thereby carry out for various business of user, provide safe dynamic authorization to realize safe authentication and authorization and guarantee.
The said authenticating user identification of the present invention, is not limited to the identity authorization system that adopts country legal.Based on not high to security of user account authentication requesting, or the operation system that internal authentication is tighter, can be according to own service feature, call self or outside other account identification authentication data, adopt correlation technique of the present invention, also relevant dynamic authorization code business can be realized, but not the legal identification authentication data of country must be called.
The dynamic password cryptosystem with legal capacity authentication function of the present invention, by the design of minute configuration mode and particular event factor mode, generate a kind of brand-new and high dynamic password password of fail safe---be dynamic authorization code, or dynamic password cipher code set, the index collection edit generate pattern of setting up a kind of brand-new dynamic password password, has technological innovation completely.The E-token dynamic password card manufacturing technology of developing therefrom, has the technological innovation of high safety too.
The dynamic password cryptosystem with legal capacity authentication function of the present invention, the application scenarios of dynamic password password will greatly be enriched, can not only meet the application scenarios that Generally Recognized as safe requires, and some safe classes are required to high applied environment, or some have legal supervision, the project that safety certification needs, as the social management Information-based Item of government, the secure payment of bank and mobile secure payment project, can provide high legal safety guarantee.
The dynamic password cryptosystem with legal capacity authentication function of the present invention, sets up unified third party's passage, and legal safety certification and the legal mandate business of dynamic password password is provided.This is to extensive promotion social informatization, production informatization, and Network Mobility, has the meaning of particular importance.Various, the business effectively authenticating based on legal capacity of all trades and professions, all will carry out therefore and in the least without barrier.Originally only had large-scale professional institution as state-owned big bank, the business under legal capacity authentication prerequisite that can realize, the medium-sized and small enterprises all because of the present invention also can participate in, and develop whereby the wide variety of applications of the user's of meeting needs and promotion social progress more.
The technology of setting up the method for dynamic authorization code based on authentication of the present invention, can expand to the application of Static authorization code completely.But the Parking Lot questions of easily divulging a secret due to the existence of Static authorization code, so in the present invention and its practical application, just it is not carried out to Technology Utilization Project design, but by this dynamic authorization code technology, replace technology and the application of all Static authorization codes completely, this stops the generation of the problem of may divulging a secret from source, all related application that relate to have just all directly adopted dynamic authorization code technology of the present invention.
The method of setting up dynamic authorization code based on authentication of the present invention, to build dynamic authorization code and authentication operation system unique corresponding relation, relation is read in the unique parsing that builds dynamic authorization code and customer mobile terminal, and/or structure dynamic authorization code reads relation with the parsing of registration logon account system.
Described structure dynamic authorization code and authentication operation system unique corresponding relation, on dynamic authorization code authentication server, to install the corresponding business operation support system of authentication operation system additional, by this business operation support system, set up the unique corresponding relation of user account and the authentication seeds code of authentication operation system, external system is obtained and authorization requests to authentication business dynamic authorization code, by authentication operation system, is undertaken initiating and obtaining after formerly authentication.
Its authentication operation system, by the cura legitima Huo Qi of office permission mechanism, in personally identifiable information server database, or in personally identifiable information backup server database, set up the legal verification system of a kind of user mobile phone number and subscriber identity information corresponding relation, utilize this legal verification system that legal personal identification and digital identity authentication related service are externally provided.
Further, its authentication operation system, or by user's identity information acquisition system, in account identity information management server database, set up the verification system of a kind of user mobile phone number and account identity information corresponding relation, utilize this verification system that account authentication and digital identity authentication related service are externally provided.
Relation is read in unique parsing of described structure dynamic authorization code and customer mobile terminal, it is the corresponding business operation support system that installs authentication operation system on application server additional, at customer mobile terminal, install dynamic authorization code client additional, by this dynamic authorization code client, read only string of code of this mobile terminal hardware device, and/or after this unique mobile terminal hardware device relevant parameter, by password password authentication, activate client, and/or activate client by the checking of mobile terminal operator short message;
Relation is read in the parsing of described structure registration logon account system, it is the corresponding business operation support system that installs authentication operation system on application server additional, by the dynamic authorization code business module of business operation support system, with the binding of registration logon account management system, during user's logon account, after the authentication operation system information of setting by typing, and/or replying after parameter of setting, the dynamic authorization code showing at account login side automatic acquisition;
By customer mobile terminal, obtain the authority checking of dynamic authorization code, comprise the steps:
The first step, on customer mobile terminal, open the client that installs dynamic authorization code additional; Or after the password formerly set of release, on customer mobile terminal, open the client that installs dynamic authorization code additional.
The corresponding business operation support system of second step, authentication operation system, read this mobile terminal hardware device only string of code and/or this mobile terminal hardware device relevant parameter, carry out after uniqueness is proved to be successful, by authentication operation system, confirm to obtain this customer mobile terminal corresponding to the account of authentication operation system.
The corresponding business operation support system of the 3rd step, authentication operation system, by dynamic authorization code authentication server, obtains the dynamic authorization code corresponding to the unique configuration of mobile terminal of the account, and the dynamic authorization code obtaining is submitted to client.
The 4th step, at the customer mobile terminal that installs dynamic authorization code client additional, read dynamic authorization code.
The 5th step, the dynamic authorization code reading is submitted to checking interfaces windows.
The 6th step, application server be the dynamic authorization code obtaining, and/or the identity information formerly obtaining by authentication operation system during authentication registration, submits in the lump authentication operation system and authenticate and pass through.
The 7th step, authentication operation system, by corresponding business operation support system, submit to dynamic authorization code and authentication seeds code to compare successfully.
The 8th step, provide subscriber authorisation and successfully point out, or user carries out follow-up other operations.
The method of setting up dynamic authorization code based on authentication of the present invention, relation is read in the parsing of described structure registration logon account system, is at account login side binding dynamic authorization code business module, directly obtains dynamic authorization code; Or force to obtain dynamic authorization code by customer mobile terminal, offer registration logon account system and complete mandate login.
Further, described structure dynamic authorization code reads relation with the parsing of registration logon account system, the authentication operation system information of setting, and/or set reply parameter information, autonomous or the system prompt of user need to carry out safety when change management is set to it, is that the dynamic authorization code that the customer mobile terminal by third party's passage obtains carries out user's qualification testing.
The method of setting up dynamic authorization code based on authentication of the present invention, the described dynamic authorization code that is applied to the dynamic authorization code of customer mobile terminal and is applied to register logon account system, according to service needed or minute each self-generating dynamic authorization code value of account, or by generating dynamic code to same group, read respectively the generation value of different time constant time range, automatically generate dynamic authorization code separately.
The method of setting up dynamic authorization code based on authentication of the present invention, described passing through same generation dynamic code, read respectively the generation value of different time constant time range, automatically the code of dynamic authorization separately generating, its read cycle is to read setting value by time factor decile, or based on different application occasion safe class, requirement is set, by time factor not decile read setting value.
The method of setting up dynamic authorization code based on authentication of the present invention, the described dynamic authorization code that is applied to the dynamic authorization code of customer mobile terminal and is applied to register logon account system, by transferring this characteristic information parameter of authentication operation system, as special parameter configuration or the configuration of the event factor, be configured or encryption configuration generation dynamic authorization code separately, and/or read preposition extra-code and/or the preposition additional controlled condition of dynamic authorization code, for for certain applications, meet account safe class requirements at the higher level;
Further, the event factor of described dynamic authorization code, that user biological characteristic information in identity information database is as fingerprint, shape of face, iris, vocal print, idiograph's characteristic information data are transferred, and for peripheral hardware hardware, distinguish as authority checking or as the preposition Additional Verification of reading dynamic authorization code; Or by the challenge response feature of formerly setting, for as authority checking or as the preposition Additional Verification of reading dynamic authorization code.
The method of setting up dynamic authorization code based on authentication of the present invention, the described dynamic authorization code that is applied to the dynamic authorization code of customer mobile terminal and is applied to register logon account system, can be according to the different set choice for use of use occasion and safe class requirement.
Further, the dynamic authorization code of the customer mobile terminal in higher safe level, the dynamic authorization code mandate that perhaps can be used for registering logon account system.
The method of setting up dynamic authorization code based on authentication of the present invention, the described dynamic authorization code that is applied to customer mobile terminal, as damaging, the mobile terminal device because of binding can not again bind new customer mobile terminal by need of work, user is personal account system or the special permission authorized organization managing by dynamic authorization code, resubmit identity information, or comprise user biological identification identity information, after the authentication of authentication operation system, again change user bound mobile terminal.
Further, or lose or stolen because of the customer mobile terminal of binding, cause leaking of dynamic authorization code, need to this customer mobile terminal, carry out the rapid failure locking of dynamic authorization code, its operating process comprises:
The first step, by being loaded with the mobile terminal of dynamic authorization code client, starts account management menu.
Second step, selects subscriber authentication module, starts user au-thentication procedure; Described selection subscriber authentication module, is not limited only to the fingerprint module of vocal print pattern and the 6th step of following the 3rd step, can also be set as account password module and/or reply challenge and select module.
The 3rd step, by voice message typing voice, after being verified, as successfully entered next step flow process; As unsuccessful, by the recording of voice message for the second time, verify, if successfully return following the 4th step and the 5th step.
The 4th step, by other checking content completion system checkings of formerly setting.
The 5th step, after system authentication, clicks and starts dynamic authorization code account lock function, the dynamic authorization code locking of completing user mobile terminal.
Further, or connect above-mentioned second step and enter following the 6th step; With connect above-mentioned the 3rd stepping and enter following the 6th step.
The 6th step, verifies by assigned address fingerprint, as successfully entered next step flow process; As unsuccessful, by assigned address fingerprint for the second time, verify, if successfully enter next step flow process.
Further, or connect above-mentioned second step and enter following the 7th step, and connect above-mentioned the 3rd stepping and enter following the 7th step, or connect above-mentioned the 6th stepping and enter following the 7th step.
The 7th step, by specifying left and right eye prompting to read my iris, after being verified, as successfully entered next step flow process; As unsuccessful, by specifying for the second time left and right eye prompting to read my iris, verify, if successfully return above-mentioned the 4th step and the 5th step.
The method of setting up dynamic authorization code based on authentication of the present invention, or encapsulation writes authentication seeds code on the customer mobile terminal that installs dynamic authorization code client additional, customer mobile terminal is configured to dynamic authorization code password board, meets in the time of cannot networking because of mobile terminal and cause dynamic authorization code cannot read the inconvenience of authentication.
Further, the authentication seeds code that described encapsulation writes, with this mobile terminal hardware device reading string of code only, and/or this preposition Additional Verification of unique mobile terminal hardware device relevant parameter configuration integrate and/or dynamic authorization code, when the dynamic authorization code client installing additional when startup reads dynamic authorization code, the dynamic authorization code client automatic scan installing additional is identified only string of code of this mobile terminal hardware device, and/or this unique mobile terminal hardware device relevant parameter, as this mobile terminal hardware device reading string of code only, and/or this unique mobile terminal hardware device relevant parameter, when different from former activation initial value, this dynamic authorization code cannot read or self-destruction.
Further, encapsulation writes the kind subcode of mobile terminal, at mobile terminal, when networking state, can carry out time factor correction with far-end dynamic authorization code authentication server.
Further, or user can file an application needs by the account management system of dynamic authorization code client, or dynamic authorization code operation system Auto-Sensing needs, and can carry out again writing of new authentication seeds code to the former authentication seeds code writing.
The method of setting up dynamic authorization code based on authentication of the present invention, or when opening the client that installs dynamic authorization code additional on customer mobile terminal, prompting user need to open password, it opens password except the password password that general modfel is set, and/or comprises the user biological recognition feature password formerly arranging.
The method of setting up dynamic authorization code based on authentication of the present invention, the described method of setting up dynamic authorization code, except demonstrate,proving number according to user's legal capacity, and/or based on other user account coding systems, as cell-phone number, QQ, micro-letter, microblogging, Taobao, pays E-mail address account system by mails, or a plurality of account system in combination or combination are set up corresponding dynamic authorization code authentication system after encoding again.
accompanying drawing explanation:
Accompanying drawing is to the present invention is based on the system construction drawing that the method for dynamic authorization code is set up in authentication.
embodiment:
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are described.Should be appreciated that preferred embodiment described herein, only for description and interpretation the present invention, is not intended to limit the present invention.
The present embodiment is that the operation flow that how obtains the authority checking of dynamic authorization code by customer mobile terminal is described, comprises the steps:
The first step, on customer mobile terminal 106, open the client 105 that installs dynamic authorization code additional; Or the permission to use formerly set of input installs additional after the password of client of dynamic authorization code, on customer mobile terminal 106, open the client 105 that installs dynamic authorization code additional.
The corresponding business operation support system 102 of second step, authentication operation system 101, read on this customer mobile terminal 106 only hardware device relevant parameter on string of code and/or this mobile terminal 106 of hardware device, carry out after uniqueness is proved to be successful, by authentication operation system 101, confirm the account of the authentication operation system 101 of these customer mobile terminal 106 correspondences of acquisition.
The corresponding business operation support system 102 of the 3rd step, authentication operation system 101, by dynamic authorization code authentication server 103, obtains dynamic authorization code corresponding to mobile terminal 106 unique configurations of the account to this dynamic authorization code client 105.
The 4th step, user, installing the customer mobile terminal 106 of dynamic authorization code client 105 additional, read dynamic authorization code.
The 5th step, user read dynamic authorization code and submit to checking interfaces windows 107.
The application server 104 of the 6th step, system outside is the dynamic authorization code obtaining, and/or during authentication registration formerly by the identity information of authentication operation system 101 acquisitions, submit in the lump authentication operation system 101 and authenticate and pass through.
The 7th step, authentication operation system 101, by corresponding business operation support system 102, submit to dynamic authorization code and authentication seeds code to compare successfully.
The 8th step, checking interfaces windows 107 provide subscriber authorisation and successfully point out, and permitted user is carried out follow-up other operations.
In sum, the method of setting up dynamic authorization code based on authentication of the present invention, by a kind of new dynamic password edit pattern, and the legal authentication to dynamic password password user identity, and the correspondence of customer mobile terminal binding authorization technique pattern, set up safety certification and the security certificate business of unified third party's dynamic password password.Add again the lock that a strict legal capacity authenticates to further the application of dynamic password password, accomplish that user completes authentication and authorization business with dynamic password password under legal capacity authentication state completely.And, by unified third party's dynamic password password business is provided, thereby help the project team vary in size, various business are carried out, legal safety certification can be provided and authorize to ensure.
Claims (10)
1. based on authentication, set up the method for dynamic authorization code, it is characterized in that, build dynamic authorization code and authentication operation system unique corresponding relation, relation is read in the unique parsing that builds dynamic authorization code and customer mobile terminal, and/or structure dynamic authorization code reads relation with the parsing of registration logon account system;
Described structure dynamic authorization code and authentication operation system unique corresponding relation, on dynamic authorization code authentication server, to install the corresponding business operation support system of authentication operation system additional, by this business operation support system, set up the unique corresponding relation of user account and the authentication seeds code of authentication operation system, external system is obtained and authorization requests to authentication business dynamic authorization code, by authentication operation system, is undertaken initiating and obtaining after formerly authentication;
Its authentication operation system, by the cura legitima Huo Qi of office permission mechanism, in personally identifiable information server database, or in personally identifiable information backup server database, set up the legal verification system of a kind of user mobile phone number and subscriber identity information corresponding relation, utilize this legal verification system that legal personal identification and digital identity authentication related service are externally provided;
Further, its authentication operation system, or by user's identity information acquisition system, in account identity information management server database, set up the verification system of a kind of user mobile phone number and account identity information corresponding relation, utilize this verification system that account authentication and digital identity authentication related service are externally provided;
Relation is read in unique parsing of described structure dynamic authorization code and customer mobile terminal, it is the corresponding business operation support system that installs authentication operation system on application server additional, at customer mobile terminal, install dynamic authorization code client additional, by this dynamic authorization code client, read only string of code of this mobile terminal hardware device, and/or after this unique mobile terminal hardware device relevant parameter, by password password authentication, activate client, and/or activate client by the checking of mobile terminal operator short message;
Relation is read in the parsing of described structure registration logon account system, it is the corresponding business operation support system that installs authentication operation system on application server additional, by the dynamic authorization code business module of business operation support system, with the binding of registration logon account management system, during user's logon account, after the authentication operation system information of setting by typing, and/or replying after parameter of setting, the dynamic authorization code showing at account login side automatic acquisition;
By customer mobile terminal, obtain the authority checking of dynamic authorization code, comprise the steps:
The first step, on customer mobile terminal, open the client that installs dynamic authorization code additional; Or after the password formerly set of release, on customer mobile terminal, open the client that installs dynamic authorization code additional;
The corresponding business operation support system of second step, authentication operation system, read this mobile terminal hardware device only string of code and/or this mobile terminal hardware device relevant parameter, carry out after uniqueness is proved to be successful, by authentication operation system, confirm to obtain this customer mobile terminal corresponding to the account of authentication operation system;
The corresponding business operation support system of the 3rd step, authentication operation system, by dynamic authorization code authentication server, obtains the dynamic authorization code corresponding to the unique configuration of mobile terminal of the account, and the dynamic authorization code obtaining is submitted to client;
The 4th step, at the customer mobile terminal that installs dynamic authorization code client additional, read dynamic authorization code;
The 5th step, the dynamic authorization code reading is submitted to checking interfaces windows;
The 6th step, application server be the dynamic authorization code obtaining, and/or the identity information formerly obtaining by authentication operation system during authentication registration, submits in the lump authentication operation system and authenticate and pass through;
The 7th step, authentication operation system, by corresponding business operation support system, submit to dynamic authorization code and authentication seeds code to compare successfully;
The 8th step, provide subscriber authorisation and successfully point out, or user carries out follow-up other operations.
2. based on authentication, set up as claimed in claim 1 the method for dynamic authorization code, be characterised in that, relation is read in the parsing of described structure registration logon account system, is at account login side binding dynamic authorization code business module, directly obtains dynamic authorization code; Or force to obtain dynamic authorization code by customer mobile terminal, offer registration logon account system and complete mandate login;
Further, described structure dynamic authorization code reads relation with the parsing of registration logon account system, the authentication operation system information of setting, and/or set reply parameter information, autonomous or the system prompt of user need to carry out safety when change management is set to it, is that the dynamic authorization code that the customer mobile terminal by third party's passage obtains carries out user's qualification testing.
3. based on authentication, set up as claimed in claim 1 the method for dynamic authorization code, described in it is characterized in that, be applied to the dynamic authorization code and the dynamic authorization code that is applied to register logon account system of customer mobile terminal, according to service needed or minute each self-generating dynamic authorization code value of account, or by generating dynamic code to same group, read respectively the generation value of different time constant time range, automatically generate dynamic authorization code separately.
4. based on authentication, set up as claimed in claim 3 the method for dynamic authorization code, it is characterized in that described passing through same generation dynamic code, read respectively the generation value of different time constant time range, automatically the code of dynamic authorization separately generating, its read cycle is to read setting value by time factor decile, or based on different application occasion safe class, requirement is set, by time factor not decile read setting value.
5. based on authentication, set up as claimed in claim 1 the method for dynamic authorization code, described in it is characterized in that, be applied to the dynamic authorization code and the dynamic authorization code that is applied to register logon account system of customer mobile terminal, by transferring this characteristic information parameter of authentication operation system, as special parameter configuration or the configuration of the event factor, be configured or encryption configuration generation dynamic authorization code separately, and/or read preposition extra-code and/or the preposition additional controlled condition of dynamic authorization code, be used for for certain applications, meet account safe class requirements at the higher level,
Further, the event factor of described dynamic authorization code, that user biological characteristic information in identity information database is as fingerprint, shape of face, iris, vocal print, idiograph's characteristic information data are transferred, and for peripheral hardware hardware, distinguish as authority checking or as the preposition Additional Verification of reading dynamic authorization code; Or by the challenge response feature of formerly setting, for as authority checking or as the preposition Additional Verification of reading dynamic authorization code.
6. based on authentication, set up as claimed in claim 1 the method for dynamic authorization code, described in it is characterized in that, be applied to the dynamic authorization code and the dynamic authorization code that is applied to register logon account system of customer mobile terminal, can be according to the different set choice for use of use occasion and safe class requirement;
Further, the dynamic authorization code of the customer mobile terminal in higher safe level, the dynamic authorization code mandate that perhaps can be used for registering logon account system.
7. based on authentication, set up as claimed in claim 1 the method for dynamic authorization code, described in it is characterized in that, be applied to the dynamic authorization code of customer mobile terminal, as damaging, the mobile terminal device because of binding can not again bind new customer mobile terminal by need of work, user is personal account system or the special permission authorized organization managing by dynamic authorization code, resubmit identity information, or comprise user biological identification identity information, after the authentication of authentication operation system, again change user bound mobile terminal;
Further, or lose or stolen because of the customer mobile terminal of binding, cause leaking of dynamic authorization code, need to this customer mobile terminal, carry out the rapid failure locking of dynamic authorization code, its operating process comprises:
The first step, by being loaded with the mobile terminal of dynamic authorization code client, starts account management menu;
Second step, selects subscriber authentication module, starts user au-thentication procedure; Described selection subscriber authentication module, is not limited only to the fingerprint module of vocal print pattern and the 6th step of following the 3rd step, can also be set as account password module and/or reply challenge and select module;
The 3rd step, by voice message typing voice, after being verified, as successfully entered next step flow process; As unsuccessful, by the recording of voice message for the second time, verify, if successfully return following the 4th step and the 5th step;
The 4th step, by other checking content completion system checkings of formerly setting;
The 5th step, after system authentication, clicks and starts dynamic authorization code account lock function, the dynamic authorization code locking of completing user mobile terminal;
Further, or connect above-mentioned second step and enter following the 6th step; With connect above-mentioned the 3rd stepping and enter following the 6th step;
The 6th step, verifies by assigned address fingerprint, as successfully entered next step flow process; As unsuccessful, by assigned address fingerprint for the second time, verify, if successfully enter next step flow process;
Further, or connect above-mentioned second step and enter following the 7th step, and connect above-mentioned the 3rd stepping and enter following the 7th step, or connect above-mentioned the 6th stepping and enter following the 7th step;
The 7th step, by specifying left and right eye prompting to read my iris, after being verified, as successfully entered next step flow process; As unsuccessful, by specifying for the second time left and right eye prompting to read my iris, verify, if successfully return above-mentioned the 4th step and the 5th step.
8. based on authentication, set up as claimed in claim 1 the method for dynamic authorization code, it is characterized in that, or encapsulation writes authentication seeds code on the customer mobile terminal that installs dynamic authorization code client additional, customer mobile terminal is configured to dynamic authorization code password board, meets in the time of cannot networking because of mobile terminal and cause dynamic authorization code cannot read the inconvenience of authentication;
Further, the authentication seeds code that described encapsulation writes, with this mobile terminal hardware device reading string of code only, and/or this preposition Additional Verification of unique mobile terminal hardware device relevant parameter configuration integrate and/or dynamic authorization code, when the dynamic authorization code client installing additional when startup reads dynamic authorization code, the dynamic authorization code client automatic scan installing additional is identified only string of code of this mobile terminal hardware device, and/or this unique mobile terminal hardware device relevant parameter, as this mobile terminal hardware device reading string of code only, and/or this unique mobile terminal hardware device relevant parameter, when different from former activation initial value, this dynamic authorization code cannot read or self-destruction,
Further, encapsulation writes the kind subcode of mobile terminal, at mobile terminal, when networking state, can carry out time factor correction with far-end dynamic authorization code authentication server;
Further, or user can file an application needs by the account management system of dynamic authorization code client, or dynamic authorization code operation system Auto-Sensing needs, and can carry out again writing of new authentication seeds code to the former authentication seeds code writing.
9. as described in claim 1 and 7, based on authentication, set up the method for dynamic authorization code, it is characterized in that, or when opening the client that installs dynamic authorization code additional on customer mobile terminal, prompting user need to open password, it opens password except the password password that general modfel is set, and/or comprises the user biological recognition feature password formerly arranging.
10. based on authentication, set up as claimed in claim 1 the method for dynamic authorization code, be characterised in that, the described method of setting up dynamic authorization code, except demonstrate,proving number according to user's legal capacity, and/or based on other user account coding systems, as cell-phone number, QQ, micro-letter, microblogging, Taobao, pay by mails, E-mail address account system, or a plurality of account system in combination or combination again coding after, set up corresponding dynamic authorization code authentication system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410304079.7A CN104104672B (en) | 2014-06-30 | 2014-06-30 | The method that dynamic authorization code is established in identity-based certification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410304079.7A CN104104672B (en) | 2014-06-30 | 2014-06-30 | The method that dynamic authorization code is established in identity-based certification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104104672A true CN104104672A (en) | 2014-10-15 |
| CN104104672B CN104104672B (en) | 2017-11-10 |
Family
ID=51672473
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410304079.7A Active CN104104672B (en) | 2014-06-30 | 2014-06-30 | The method that dynamic authorization code is established in identity-based certification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104104672B (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104318438A (en) * | 2014-10-29 | 2015-01-28 | 重庆智韬信息技术中心 | Integrated authorization method for safe payment through dynamic authorization code |
| CN104333544A (en) * | 2014-10-26 | 2015-02-04 | 重庆智韬信息技术中心 | Encryption method for data file based on mobile terminal |
| CN104361284A (en) * | 2014-10-26 | 2015-02-18 | 重庆智韬信息技术中心 | Third-party intrusion monitoring method for cloud storage data packet |
| CN104363093A (en) * | 2014-10-26 | 2015-02-18 | 重庆智韬信息技术中心 | Method for encrypting file data by dynamic authorization code |
| CN105391693A (en) * | 2015-10-20 | 2016-03-09 | 浪潮软件集团有限公司 | Intelligent terminal authorization method and device |
| CN106453263A (en) * | 2016-09-19 | 2017-02-22 | 惠州Tcl移动通信有限公司 | Method and system of binding cellphone number with APP |
| CN106713234A (en) * | 2015-11-13 | 2017-05-24 | 国网智能电网研究院 | Smart power grid mobile terminal dynamic state authorization system |
| CN106803043A (en) * | 2015-11-26 | 2017-06-06 | 西安莫贝克半导体科技有限公司 | A kind of hardware encrypted memory with selective self-destroying function |
| CN107333005A (en) * | 2017-07-26 | 2017-11-07 | 中国联合网络通信集团有限公司 | Emergent unlocking method, unblock server, user equipment and system |
| CN107360150A (en) * | 2017-07-06 | 2017-11-17 | 天脉聚源(北京)传媒科技有限公司 | A kind of method and device of intelligent logging-on |
| CN107508796A (en) * | 2017-07-28 | 2017-12-22 | 北京明朝万达科技股份有限公司 | A kind of data communications method and device |
| CN107508782A (en) * | 2016-06-14 | 2017-12-22 | 阿里巴巴集团控股有限公司 | The method and device of certification user identity in voice customer service |
| CN108156155A (en) * | 2017-12-25 | 2018-06-12 | 资密科技有限公司 | A kind of biological authentification system based on wireless network, mobile device and method |
| CN109309658A (en) * | 2018-06-14 | 2019-02-05 | 孔德键 | The identity identifying method and identity-validation device and identity authorization system of multiple authentication |
| CN109743159A (en) * | 2018-01-09 | 2019-05-10 | 詹贯峰 | A kind of inter-authentication method for realizing authentication with authorization using bidirectional dynamic password |
| WO2020238364A1 (en) * | 2019-05-24 | 2020-12-03 | 中国银联股份有限公司 | Method, apparatus and device for processing uniform identifier of user, and storage medium |
| CN112335211A (en) * | 2018-08-14 | 2021-02-05 | 深圳迈瑞生物医疗电子股份有限公司 | Software login method, device, server and storage medium of in-vitro diagnosis device |
| CN113377882A (en) * | 2021-06-08 | 2021-09-10 | 北京巨网云互联科技有限公司 | Method for realizing relation model in internet organization and among organizations |
| CN113507368A (en) * | 2021-06-17 | 2021-10-15 | 北京惠而特科技有限公司 | Industrial control equipment identity authentication method and device based on dynamic password |
| CN114024688A (en) * | 2021-11-29 | 2022-02-08 | 中电金信软件有限公司 | Network request method, network authentication method, terminal equipment and server |
| CN114550316A (en) * | 2022-04-27 | 2022-05-27 | 广州商景网络科技有限公司 | One-stop credible biological characteristic data acquisition terminal equipment and acquisition and sharing method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080040285A1 (en) * | 2004-08-18 | 2008-02-14 | John Wankmueller | Method And System For Authorizing A Transaction Using A Dynamic Authorization Code |
| CN102148685A (en) * | 2010-02-04 | 2011-08-10 | 陈祖石 | Method and system for dynamically authenticating password by multi-password seed self-defined by user |
| CN103269270A (en) * | 2013-04-25 | 2013-08-28 | 安徽杨凌科技有限公司 | Real-name authentication safe login method and system based on cell phone number |
| CN103746807A (en) * | 2013-12-23 | 2014-04-23 | 柳州职业技术学院 | Dynamic token |
-
2014
- 2014-06-30 CN CN201410304079.7A patent/CN104104672B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080040285A1 (en) * | 2004-08-18 | 2008-02-14 | John Wankmueller | Method And System For Authorizing A Transaction Using A Dynamic Authorization Code |
| CN102148685A (en) * | 2010-02-04 | 2011-08-10 | 陈祖石 | Method and system for dynamically authenticating password by multi-password seed self-defined by user |
| CN103269270A (en) * | 2013-04-25 | 2013-08-28 | 安徽杨凌科技有限公司 | Real-name authentication safe login method and system based on cell phone number |
| CN103746807A (en) * | 2013-12-23 | 2014-04-23 | 柳州职业技术学院 | Dynamic token |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104333544B (en) * | 2014-10-26 | 2017-11-10 | 重庆智韬信息技术中心 | Encryption method based on mobile terminal data file |
| CN104333544A (en) * | 2014-10-26 | 2015-02-04 | 重庆智韬信息技术中心 | Encryption method for data file based on mobile terminal |
| CN104361284A (en) * | 2014-10-26 | 2015-02-18 | 重庆智韬信息技术中心 | Third-party intrusion monitoring method for cloud storage data packet |
| CN104363093A (en) * | 2014-10-26 | 2015-02-18 | 重庆智韬信息技术中心 | Method for encrypting file data by dynamic authorization code |
| CN104361284B (en) * | 2014-10-26 | 2018-02-13 | 深圳润迅数据通信有限公司 | To third party's intrusion detection method of cloud storage packet |
| CN104363093B (en) * | 2014-10-26 | 2017-10-24 | 重庆智韬信息技术中心 | The method encrypted by dynamic authorization code to file data |
| CN104318438A (en) * | 2014-10-29 | 2015-01-28 | 重庆智韬信息技术中心 | Integrated authorization method for safe payment through dynamic authorization code |
| CN105391693A (en) * | 2015-10-20 | 2016-03-09 | 浪潮软件集团有限公司 | Intelligent terminal authorization method and device |
| CN106713234A (en) * | 2015-11-13 | 2017-05-24 | 国网智能电网研究院 | Smart power grid mobile terminal dynamic state authorization system |
| CN106803043A (en) * | 2015-11-26 | 2017-06-06 | 西安莫贝克半导体科技有限公司 | A kind of hardware encrypted memory with selective self-destroying function |
| CN106803043B (en) * | 2015-11-26 | 2020-01-14 | 西安莫贝克半导体科技有限公司 | Hardware encryption memory with selective self-destruction function |
| CN107508782A (en) * | 2016-06-14 | 2017-12-22 | 阿里巴巴集团控股有限公司 | The method and device of certification user identity in voice customer service |
| CN106453263A (en) * | 2016-09-19 | 2017-02-22 | 惠州Tcl移动通信有限公司 | Method and system of binding cellphone number with APP |
| CN107360150A (en) * | 2017-07-06 | 2017-11-17 | 天脉聚源(北京)传媒科技有限公司 | A kind of method and device of intelligent logging-on |
| CN107333005A (en) * | 2017-07-26 | 2017-11-07 | 中国联合网络通信集团有限公司 | Emergent unlocking method, unblock server, user equipment and system |
| CN107333005B (en) * | 2017-07-26 | 2020-03-31 | 中国联合网络通信集团有限公司 | Emergency unlocking method, unlocking server, user equipment and system |
| CN107508796A (en) * | 2017-07-28 | 2017-12-22 | 北京明朝万达科技股份有限公司 | A kind of data communications method and device |
| CN107508796B (en) * | 2017-07-28 | 2019-01-04 | 北京明朝万达科技股份有限公司 | A kind of data communications method and device |
| CN108156155A (en) * | 2017-12-25 | 2018-06-12 | 资密科技有限公司 | A kind of biological authentification system based on wireless network, mobile device and method |
| CN109743159A (en) * | 2018-01-09 | 2019-05-10 | 詹贯峰 | A kind of inter-authentication method for realizing authentication with authorization using bidirectional dynamic password |
| CN109309658A (en) * | 2018-06-14 | 2019-02-05 | 孔德键 | The identity identifying method and identity-validation device and identity authorization system of multiple authentication |
| CN112335211A (en) * | 2018-08-14 | 2021-02-05 | 深圳迈瑞生物医疗电子股份有限公司 | Software login method, device, server and storage medium of in-vitro diagnosis device |
| WO2020238364A1 (en) * | 2019-05-24 | 2020-12-03 | 中国银联股份有限公司 | Method, apparatus and device for processing uniform identifier of user, and storage medium |
| TWI804713B (en) * | 2019-05-24 | 2023-06-11 | 大陸商中國銀聯股份有限公司 | User uniform identification processing method, processing device, processing equipment and computer-readable storage medium |
| CN113377882A (en) * | 2021-06-08 | 2021-09-10 | 北京巨网云互联科技有限公司 | Method for realizing relation model in internet organization and among organizations |
| CN113377882B (en) * | 2021-06-08 | 2022-10-04 | 巨网云互联(北京)科技股份有限公司 | Method for realizing relation model in internet organization and among organizations |
| CN113507368A (en) * | 2021-06-17 | 2021-10-15 | 北京惠而特科技有限公司 | Industrial control equipment identity authentication method and device based on dynamic password |
| CN114024688A (en) * | 2021-11-29 | 2022-02-08 | 中电金信软件有限公司 | Network request method, network authentication method, terminal equipment and server |
| CN114550316A (en) * | 2022-04-27 | 2022-05-27 | 广州商景网络科技有限公司 | One-stop credible biological characteristic data acquisition terminal equipment and acquisition and sharing method |
| CN114550316B (en) * | 2022-04-27 | 2022-08-05 | 广州商景网络科技有限公司 | One-stop credible biological characteristic data acquisition terminal equipment and acquisition and sharing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104104672B (en) | 2017-11-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104104672A (en) | Method for establishing dynamic authorization code based on identity authentication | |
| CN108898389B (en) | Content verification method and device based on block chain and electronic equipment | |
| US11625460B1 (en) | Security platform | |
| US20190190723A1 (en) | Authentication system and method, and user equipment, authentication server, and service server for performing same method | |
| US9613205B2 (en) | Alternate authentication | |
| US11003760B2 (en) | User account recovery techniques using secret sharing scheme with trusted referee | |
| CN101335619B (en) | Authorized using method of disposal dynamic cipher telephone or short message | |
| CN110149328B (en) | Interface authentication method, device, equipment and computer readable storage medium | |
| CN109241726B (en) | User authority control method and device | |
| CN104104673A (en) | Method for realizing security payment through third party unified dynamic authorization code | |
| US11481509B1 (en) | Device management and security through a distributed ledger system | |
| US10764049B2 (en) | Method for determining approval for access to gate through network, and server and computer-readable recording media using the same | |
| CN104104671B (en) | Establish the unified dynamic authorization code system of business entity's account | |
| CN103634328A (en) | Authentication method, device and system for network platform authentication server | |
| CN102456102A (en) | Method for carrying out identity recertification on particular operation of information system by using Usb key technology | |
| US20180375847A1 (en) | Stored value user identification system using blockchain or math-based function | |
| WO2019178763A1 (en) | Certificate importing method and terminal | |
| CN101674284A (en) | Authentication method and system, user side server and authentication server | |
| CN103428191A (en) | Single sign on method based on combination of CAS framework and fingerprint | |
| CN103559430B (en) | application account management method and device based on Android system | |
| JP2009003501A (en) | Onetime password authentication system | |
| CN110516427B (en) | Terminal user identity authentication method and device, storage medium and computer equipment | |
| US11283623B1 (en) | Systems and methods of using group functions certificate extension | |
| CN103929310A (en) | Mobile phone client side password unified authentication method and system | |
| US20210297403A1 (en) | Systems and methods for authentication using authentication management server and device application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder |
Address after: 401331 6-2, No.8, No.56 Jingyang Road, Shapingba District, Chongqing Patentee after: CHONGQING ZHITAO INFORMATION TECHNOLOGY CENTER Address before: 400039 Chongqing Jiulongpo District No. 186 stone path 2 buildings 21-1 Patentee before: CHONGQING ZHITAO INFORMATION TECHNOLOGY CENTER |
|
| CP02 | Change in the address of a patent holder |