CN104184590B - A kind of method and apparatus for activating dynamic token - Google Patents

A kind of method and apparatus for activating dynamic token Download PDF

Info

Publication number
CN104184590B
CN104184590B CN201410441637.4A CN201410441637A CN104184590B CN 104184590 B CN104184590 B CN 104184590B CN 201410441637 A CN201410441637 A CN 201410441637A CN 104184590 B CN104184590 B CN 104184590B
Authority
CN
China
Prior art keywords
value
operation values
dynamic token
computing
seed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410441637.4A
Other languages
Chinese (zh)
Other versions
CN104184590A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201410441637.4A priority Critical patent/CN104184590B/en
Publication of CN104184590A publication Critical patent/CN104184590A/en
Application granted granted Critical
Publication of CN104184590B publication Critical patent/CN104184590B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Compression, Expansion, Code Conversion, And Decoders (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention discloses a kind of method and device for activating dynamic token, and the method includes:Dynamic token receives active coding by button;According to the activation challenge code in default first seed and the active coding for receiving, second seed is generated;According to the second seed of generation, second answerback code is generated;Judge whether the second answerback code for calculating generation is consistent with the activation answer back code in the active coding for receiving, be second seed default first seed of renewal then according to generation, activate successfully, terminate, otherwise show error message, terminate.A kind of method of activation dynamic token that the present invention is provided, ensure that the new seed (second seed) in dynamic token is consistent with the new seed in certificate server, that is, ensure that the correctness of new seed.

Description

A kind of method and apparatus for activating dynamic token
Technical field
The present invention relates to information security field, more particularly to a kind of method and apparatus for activating dynamic token.
Background technology
Dynamic token is the terminal for generating dynamic password, and dynamic password may insure the legal identity of user, so that The security that customer service is accessed is ensured on the basis of user is logged in legal identity.Dynamic password authentication technology is considered as One of method for solving user authentication most effective at present, so as to be widely used in bank, security, Third-party payment, large enterprises In the various information system scenarios such as inside.
In the prior art, the active coding that dynamic token is received generally is made up of challenging value and response value, is activating Cheng Zhong, dynamic token generates the response value of dynamic token according to default seed and the challenging value that receives first, further according to connecing The response value and the response value of the dynamic token of generation for receiving judge whether to activate successfully, and basis is received if activating successfully Active coding generates new seed, and the mode of this activation cannot ensure the correctness of the new seed after dynamic token activation, if activation The new seed of dynamic token generation is different from authentication service seed therein after success, then cause user to be continuing with this and move State token.
The content of the invention
The invention aims to overcome the deficiencies in the prior art, there is provided the method and dress of a kind of activation dynamic token Put, it is ensured that after activating successfully in dynamic token new seed correctness, improve the security using dynamic token.
A kind of method of activation dynamic token that the present invention is provided, including:
Step S1:The dynamic token receives active coding by button;The active coding includes activation challenge code and activation Answer back code;
Step S2:The dynamic token carries out the first unidirectional computing and obtains the first operation values to default first seed, right The activation challenge code in the active coding carries out being converted to the second conversion value, and it is unidirectional to carry out second to first seed Computing obtains the 3rd operation values;
Step S3:The dynamic token is according to first operation values, second conversion value and the 3rd operation values Obtain the 4th diffuseness values;
Step S4:The dynamic token generates second seed according to the 4th diffuseness values and the 3rd operation values;Institute Stating second seed includes the first data and the second data;
Step S5:The dynamic token carries out the described first unidirectional computing and obtains to the first data in the second seed The second data in the second seed supplement and obtain seed supplement value by the 5th operation values, in the second seed The first data carry out the described second unidirectional computing and obtain the 7th operation values;
Step S6:The dynamic token is according to the 5th operation values, the seed supplement value and the 7th operation values Obtain the 8th operation values;
Step S7:The dynamic token generates second answerback code according to the 8th operation values;
Step S8:The dynamic token judges the activation response in the second answerback code and the active coding for receiving Whether code is consistent, is then to perform step S9, otherwise shows error message, terminates;
Step S9:The dynamic token updates default first seed according to the second seed, activates successfully, knot Beam.
Include before the step S2:The dynamic token judges whether the length of the active coding for receiving is first Preset length, is then to perform step S2, otherwise shows error message, return to step S1.
It is described first unidirectional computing is carried out to default first seed to obtain the first operation values, specially:
The dynamic token carries out XOR to default first seed and the first preset value, obtains the first XOR Value;
The dynamic token carries out computing according to one-way algorithm and first constant to the first XOR value, further according to computing Result and the first constant, obtain first operation values.
The activation challenge code in the active coding carries out being converted to the second conversion value, specially:
Activation challenge code in the active coding is converted to 16 system integers by the dynamic token, obtains the first conversion Value;
The dynamic token is supplemented first conversion value, obtains second conversion value.
It is described that first conversion value is supplemented, second conversion value is obtained, specially:The dynamic token exists The second preset value is filled behind first conversion value, the length of length and first conversion value according to the first XOR value Degree obtains the first length, by first length pad after second preset value, and in second preset value and institute State and mend 0x00 between the first length, the integral multiple for making the data length after supplement be 512 obtains second conversion value.
It is described second unidirectional computing is carried out to default first seed to obtain the 3rd operation values, specially:
The dynamic token carries out XOR to default first seed and the 3rd preset value, obtains the second XOR Value;
The dynamic token carries out computing according to one-way algorithm and first constant to the second XOR value, further according to computing Result and the first constant, obtain the 3rd operation values.
It is described that 4th diffuseness values are worth to according to first operation values, the second conversion value and the 3rd computing, specifically For:
The dynamic token carries out computing according to one-way algorithm and first operation values to second conversion value, obtains Second diffuseness values, are worth to the second operation values, according to the one-way algorithm according to second diffuseness values and first computing Computing is carried out to second operation values with the 3rd operation values, the 4th diffuseness values are obtained.
First data in the second seed carry out the described first unidirectional computing and obtain the 5th operation values, specifically For:
The dynamic token carries out XOR to first data and the first preset value, obtains the 3rd XOR value;
The dynamic token carries out computing according to one-way algorithm and first constant to the 3rd XOR value, further according to computing Result and the first constant, obtain the 5th operation values.
Second data in the second seed supplement and obtain seed supplement value, specially:The dynamic Token fills the second preset value behind second data, the length and second data according to the 3rd XOR value Length obtains the second length, by second length pad after second preset value, and in second preset value and 0x00 is mended between second length, the integral multiple for making the data length after supplement be 512 obtains the seed supplement value.
First data in the second seed carry out the described second unidirectional computing and obtain the 7th operation values, specifically For:
The dynamic token carries out XOR to first data and the 3rd preset value, obtains the 4th XOR value;
The dynamic token carries out computing according to one-way algorithm and first constant to the 4th XOR value, further according to computing Result and the first constant, obtain the 7th operation values.
It is described that 8th operation values are worth to according to the 5th operation values, the seed supplement value and the 7th computing, Specially:
The dynamic token carries out computing according to one-way algorithm and the 5th operation values to the seed supplement value, obtains 6th diffuseness values, are worth to the 6th operation values, according to the one-way algorithm according to the 6th diffuseness values and the 5th computing Computing is carried out to the 6th operation values with the 7th operation values, the 8th diffuseness values are obtained, according to the 8th diffuseness values and 7th computing is worth to the 8th operation values.
The step S7 includes:
Step S7-1:The dynamic token is worth to byte location mark according to the 8th computing;
Step S7-2:The dynamic token is opened from the 8th operation values with the corresponding position of byte location mark Begin, obtain 4 data of byte as the first reply data;
Step S7-3:First reply data that the dynamic token will get is converted to 10 system integers, obtains Second reply data;
Step S7-4:The dynamic token obtains second according to the length of the active coding from second reply data Answer back code.
It is described that byte location mark is worth to according to the 8th computing, specially:The dynamic token obtains the 8th fortune The low four figures of last byte of calculation value is identified according to as the byte location.
The length according to the active coding obtains second answerback code from second reply data, specially:Institute State dynamic token using the half of the length of the active coding as the second answerback code length, according to the second answerback code Length obtain the second answerback code since the lowest order of second reply data.
The present invention provides a kind of device for activating dynamic token, including:Receiver module, the first computing module, second calculate Module, the first generation module, the 3rd computing module, the 4th computing module, the second generation module, the first judge module, display mould Block and the first update module;
The receiver module, for receiving active coding by button;The active coding includes that activation challenge code and activation should Answer code;
First computing module, the first operation values are obtained for carrying out the first unidirectional computing to default first seed, The activation challenge code in the active coding received to the receiver module carries out being converted to the second conversion value, to institute State the first seed and carry out the second unidirectional computing and obtain the 3rd operation values;
Second computing module, for first operation values, the institute that are calculated according to first computing module State the second conversion value and the 3rd computing is worth to the 4th diffuseness values;
First generation module, for the 4th diffuseness values being calculated according to second computing module and institute The 3rd operation values that the first computing module is calculated are stated, second seed is generated;The second seed includes the first data With the second data;
3rd computing module, for the first data in the second seed that is generated to first generation module Carry out the described first unidirectional computing and obtain the 5th operation values, to the in the second seed of first generation module generation Two data supplement and obtain seed supplement value, to the first data in the second seed of first generation module generation Carry out the described second unidirectional computing and obtain the 7th operation values;
4th computing module, for the 5th operation values, the institute that are calculated according to the 3rd computing module State seed supplement value and the 7th computing is worth to the 8th operation values;
Second generation module, for the 8th operation values generation being calculated according to the 4th computing module Second answerback code;
First judge module, for judging the second answerback code of second generation module generation and described connecing Whether the activation answer back code received in the active coding that module is received is consistent;
The display module, for judging the second answerback code and the activation answer back code in first judge module When inconsistent, error message is shown;
First update module, for judging that the second answerback code and the activation should in first judge module Answer code it is consistent when, the second seed generated according to first generation module updates default first seed.
Described device includes the second judge module, the length for judging the active coding that the receiver module is received Whether it is the first preset length;
First computing module, is additionally operable to, when second judge module is judged as YES, be operated;
The display module, is additionally operable to, when second judge module is judged as NO, show error message.
First computing module includes:First XOR unit and the first arithmetic element;
The first XOR unit, for carrying out XOR to default first seed and the first preset value, obtains To the first XOR value;
First arithmetic element, for the institute obtained to the first XOR unit according to one-way algorithm and first constant Stating the first XOR value carries out computing, further according to operation result and the first constant, obtains first operation values.
First computing module also includes:First converting unit and the first supplementary units;
First converting unit, turns for the activation challenge code in the active coding that receives the receiver module 16 system integers are changed to, the first conversion value is obtained;
First supplementary units, for supplementing first conversion value that first converting unit is obtained, Obtain second conversion value.
First supplementary units specifically for filling the second preset value behind first conversion value, according to described The length of the length of one XOR value and first conversion value obtains the first length, by first length pad described second After preset value, and 0x00 is mended between second preset value and first length, make the data length after supplement be 512 The integral multiple of position, obtains second conversion value.
The first XOR unit, is additionally operable to carry out XOR to default first seed and the 3rd preset value, Obtain the second XOR value;
First arithmetic element, is additionally operable to the first XOR unit is obtained according to one-way algorithm and first constant The second XOR value carries out computing, further according to operation result and the first constant, obtains the 3rd operation values.
Second computing module specifically for:According to one-way algorithm and first operation values to second conversion value Computing is carried out, the second diffuseness values are obtained, the second operation values are worth to according to second diffuseness values and first computing, according to The one-way algorithm and the 3rd operation values carry out computing to second operation values, obtain the 4th diffuseness values.
3rd computing module includes:Second XOR unit and the second arithmetic element;
The second XOR unit, for first data obtained to first generation module and the first preset value XOR is carried out, the 3rd XOR value is obtained;
Second arithmetic element, for the institute obtained to the second XOR unit according to one-way algorithm and first constant Stating the 3rd XOR value carries out computing, further according to operation result and the first constant, obtains the 5th operation values.
3rd computing module also includes the second supplementary units, is preset for the filling second behind second data Value, the length of length and second data according to the 3rd XOR value obtains the second length, second length is filled out Fill after second preset value, and 0x00 is mended between second preset value and second length, after making supplement Data length is the integral multiple of 512, obtains the seed supplement value.
The second XOR unit, first data and the 3rd for being additionally operable to obtain first generation module are preset Value carries out XOR, obtains the 4th XOR value;
Second arithmetic element, is additionally operable to the second XOR unit is obtained according to one-way algorithm and first constant The 4th XOR value carries out computing, further according to operation result and the first constant, obtains the 7th operation values.
4th computing module specifically for:According to one-way algorithm and the 5th operation values to the seed supplement value Computing is carried out, the 6th diffuseness values are obtained, the 6th operation values are worth to according to the 6th diffuseness values and the 5th computing, according to The one-way algorithm and the 7th operation values carry out computing to the 6th operation values, the 8th diffuseness values are obtained, according to described 8th diffuseness values and the 7th computing are worth to the 8th operation values.
Second generation module includes:First acquisition unit, second acquisition unit, the second converting unit and the 3rd obtain Unit;
The first acquisition unit, the 8th computing for being obtained according to the 4th computing module is worth to byte Station location marker;
The second acquisition unit, it is and described in the 8th operation values that are obtained from the 4th computing module The byte location that first acquisition unit is obtained identifies corresponding position and starts, and obtaining 4 data of byte should as first Answer evidence;
Second converting unit, first reply data for the second acquisition unit to be got is converted to 10 system integers, obtain the second reply data;
3rd acquiring unit, the length of the active coding for being received according to the receiver module, from described The second answerback code is obtained in second reply data that second converting unit is obtained.
The first acquisition unit is specifically for obtaining the low four figures evidence of last byte of the 8th operation values Identified as the byte location.
3rd acquiring unit, specifically for using the half of the length of the active coding as the second answerback code Length, the length according to the second answerback code obtains second response since the lowest order of second reply data Code.
The present invention compared with prior art, with advantages below:
The method and apparatus of a kind of activation dynamic token that the present invention is provided, due to the new seed (second in dynamic token Seed) it is active coding according to year old seeds (the first seed) and user input, given birth to by a series of computings including one-way algorithm Into, it is ensured that the security of the new seed (second seed) in dynamic token, improve and use the security of dynamic token; In activation, dynamic token generates new seed (second seed) according to default seed and the challenging value for receiving first, then The response value of dynamic token is generated according to new seed (second seed), according to answering that the response value and dynamic token for receiving are generated Answer value to judge whether to activate successfully, dynamic token new seed (second seed) updates year old seeds (the first if activating successfully Son), the mode of this activation ensure that the new seed in new seed (second seed) and certificate server in dynamic token It is consistent, that is, ensure that the correctness of new seed.
Brief description of the drawings
Fig. 1 is a kind of flow chart of the method for activation dynamic token that the embodiment of the present invention 1 is provided;
Fig. 2 is a kind of flow chart of the method for activation dynamic token that the embodiment of the present invention 2 is provided;
Fig. 3 is the flow chart of step 103 in the embodiment of the present invention 2;
Fig. 4 is the flow chart of step 104 in the embodiment of the present invention 2;
Fig. 5 is a kind of module map of the device of activation dynamic token that the embodiment of the present invention 3 is provided.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of protection of the invention.
Embodiment 1
Embodiments of the invention 1 provide a kind of method for activating dynamic token, as shown in figure 1, including:
Step S1:Dynamic token receives active coding by button;
Specifically, active coding includes activation challenge code and activation answer back code;
Step S2:Dynamic token carries out the first unidirectional computing and obtains the first operation values to default first seed, to activation Activation challenge code in code carries out being converted to the second conversion value, the second unidirectional computing is carried out to the first seed and obtains the 3rd computing Value;
Step S3:Dynamic token is worth to the 4th diffuseness values according to the first operation values, the second conversion value and the 3rd computing;
Step S4:Dynamic token is according to the 4th diffuseness values and the 3rd operation values generation second seed;
Specifically, second seed includes the first data and the second data;
Step S5:Dynamic token to second seed in the first data carry out the first unidirectional computing and obtain the 5th operation values, The second data in second seed supplement and obtain seed supplement value, to second seed in the first data to carry out second single The 7th operation values are obtained to computing;
Step S6:Dynamic token is worth to the 8th operation values according to the 5th operation values, seed supplement value and the 7th computing;
Step S7:Dynamic token generates second answerback code according to the 8th operation values;
Step S8:Dynamic token judges whether second answerback code is consistent with the activation answer back code in the active coding for receiving, It is then to perform step S9, otherwise shows error message, terminates;
Step S9:Dynamic token updates default first seed according to second seed, activates successfully, terminates.
The method of a kind of activation dynamic token that the present embodiment is provided, because the second seed in dynamic token is according to the The active coding of one seed and user input, is generated, it is ensured that in dynamic token by a series of computings including one-way algorithm Second seed security, improve the security using dynamic token;In activation, dynamic token is first according to pre- If seed and receive challenging value generation second seed, further according to second seed generate dynamic token response value, according to The response value of response value and the dynamic token generation for receiving judges whether to activate successfully, and dynamic token uses the if activating successfully Two seeds update the first seed, and the method for this activation ensure that in second seed and certificate server in dynamic token New seed is consistent, that is, ensure that the correctness of new seed.
Embodiment 2
Embodiments of the invention 2 provide a kind of method for activating dynamic token, as shown in Fig. 2 including:
Step 101:Dynamic token receives active coding by button;
For example, in the present embodiment, active coding is 123456258656;
Step 102:Dynamic token judges whether the length of the active coding for receiving is the first preset length, is then to perform step Rapid 103, otherwise show error message, return to step 101;
Specifically, active coding includes activation challenge code and activation answer back code;Dynamic token splits into active coding isometric Two parts, front portion is activation challenge code, and rear portion is activation answer back code;
For example, active coding is 123456258656, wherein, activation challenge code is 123456, and activation answer back code is 258656;
Step 103:Activation challenge code of the dynamic token in default first seed and the active coding for receiving, generation Second seed;
For example, in the present embodiment, default first seed is:
0102030405060708090a0b0c0d0e0f1011121314
Activation challenge code in the active coding for receiving is 123456;
The second seed of generation is:302F0BC29A10D098676E4202A534B2C33E67DF4D;
Specifically, second seed includes the first data and the second data;Dynamic token splits into second seed isometric Two parts, front portion is the first data, and rear portion is the second data;
For example, the first data in second seed are 302F0BC29A10D098676E, the second data in second seed For:4202A534B2C33E67DF4D;
Step 104:Dynamic token generates second answerback code according to the second seed of generation;
For example, the second answerback code of generation is 258656;
Step 105:Dynamic token judges the activation response in the active coding for calculating the second answerback code of generation and receiving Whether code is consistent, is then to perform step 106, otherwise shows error message, terminates;
For example, in the present embodiment, the activation answer back code in the second answerback code of generation and the active coding for receiving is 258656, then perform step 106;
Step 106:Dynamic token updates default first seed according to the second seed of generation, activates successfully, terminates;
For example, in the present embodiment, dynamic token second seed 302F0BC29A10D098676E4202A534B2C33E67DF4D updates the first seed 0102030405060708090a0b0c0d0e0f1011121314;
As shown in figure 3, in the present embodiment, dynamic token is according to default first seed and swashing for receiving in step 103 Activation challenge code in code living, generates second seed, including:
Step A01:Dynamic token carries out XOR to default first seed and the first preset value, obtains the first XOR Value;
Preferably, the first preset value is 0x36;
For example, default first seed is 0102030405060708090a0b0c0d0e0f1011121314, the first Son and 0x36 XOR results, i.e. the first XOR value are:
373435323330313E3F3C3D3A3B383926272425223636363636363636363636363636363636363 636363636363636363636363636363636363636363636363636;
Step A02:Dynamic token carries out computing according to one-way algorithm and first constant to the first XOR value, obtains the first expansion Dissipate value;
Preferably, in the present embodiment, one-way algorithm is that SHA1 spreads computing;In addition, one-way algorithm can also be SHA256 computings, SHA512 computings, SM3 computings;
For example, in the present embodiment, first constant is:
67452301EFCDAB8998BADCFE10325476C3D2E1F0;
According to first constant to the first XOR value 373435323330313E3F3C3D3A3B3839262724252236363 63636363636363636363636363636363636363636363636363636363636363636363636363636 363636 carry out SHA1 diffusion computings, and obtaining the first diffuseness values is:
9145DC6E9B7AE9B7CEAE940FE0FB70A09C36A8C7;
Step A03:Dynamic token obtains the first operation values according to the first diffuseness values and first constant;
Specifically, in the present embodiment, dynamic token is respectively by the first diffuseness values and first constant according to every group of 4 byte Data are grouped, and 4 data of byte in corresponding group of the first diffuseness values and first constant are carried out into arithmetic adds, adjacent Carry is not carried out between group, the first operation values are obtained;
For example, the first diffuseness values are:9145DC6E9B7AE9B7CEAE940FE0FB70A09C36A8C7;
First constant is:67452301EFCDAB8998BADCFE10325476C3D2E1F0;
The first operation values for obtaining are:F88AFF6F8B4895406769710DF12DC51660098AB7;
Step A04:Activation challenge code in the active coding that dynamic token will be received is converted to 16 system integers, obtains One conversion value;
For example, activation challenge code is 123456, being converted to 16 system integers, i.e. the first conversion value is:OX0001E240;
Step A05:Dynamic token is supplemented the first conversion value, obtains the second conversion value;
Specifically, dynamic token fills the second preset value behind the first conversion value, the length according to the first XOR value and The length of the first conversion value obtains the first length, by the first length pad after the second preset value, and in the second preset value and 0x00 is mended between first length, the integral multiple for making the data length after supplement be 512 obtains the second conversion value;
Preferably, the second preset value is 0x80, and the length of the first XOR value obtains first plus the length of the first conversion value Length;
For example, the first conversion value is:0001E240, the length of the first XOR value is 64 bytes, the length of the first conversion value It is 4 bytes, the first length for obtaining is (64+4) * 8=0x0220;Supplementing the second conversion value for obtaining is:
0001E2408000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000000000220;
Step A06:Dynamic token carries out computing according to one-way algorithm and the first operation values to the second conversion value, obtains second Diffuseness values;
Preferably, in the present embodiment, one-way algorithm is that SHA1 spreads computing;In addition, one-way algorithm can also be SHA256 computings, SHA512 computings, SM3 computings;
For example, the first operation values are:F88AFF6F8B4895406769710DF12DC51660098AB7;
Second conversion value is:
0001E2408000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000000000220;
The second diffuseness values for obtaining are:C21C444A3A3CF97128A928618AFD2ED98272EF66;
Step A07:Dynamic token obtains the second operation values according to the second diffuseness values and the first operation values;
Specifically, in the present embodiment, dynamic token is respectively by the second diffuseness values and the first operation values according to every group of 4 bytes Data be grouped, 4 data of byte in the second diffuseness values and corresponding group of the first operation values are carried out into arithmetic adds, phase Carry is not carried out between adjacent group, the second operation values are obtained;
For example, the second diffuseness values are:C21C444A3A3CF97128A928618AFD2ED98272EF66;
First operation values are:F88AFF6F8B4895406769710DF12DC51660098AB7;
The second operation values for obtaining are:BAA743B9C5858EB19012996E7C2AF3EFE07C7A1D;
Step A08:Dynamic token carries out XOR to default first seed and the 3rd preset value, obtains the second XOR Value;
Preferably, the 3rd preset value is 0x5c;
For example, default first seed is 0102030405060708090a0b0c0d0e0f1011121314, the first Son and 0x5c XOR results, i.e. the second XOR value are:
5D5E5F58595A5B54555657505152534C4D4E4F485C5C5C5C5C5C5C5C5C5C5C5C5C5C5 C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C;
Step A09:Dynamic token carries out computing according to one-way algorithm and first constant to the second XOR value, obtains the 3rd expansion Dissipate value;
Preferably, in the present embodiment, one-way algorithm is that SHA1 spreads computing;In addition, one-way algorithm can also be SHA256 computings, SHA512 computings, SM3 computings;
For example, first constant is:67452301EFCDAB8998BADCFE10325476C3D2E1F0;
According to first constant to the second XOR value 5D5E5F58595A5B54555657505152534C4D4E4
F485C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C 5C5C5C5C5C5C5C5C5C5C5C carries out SHA1 diffusion computings, and obtaining the 3rd diffuseness values is:478E9C59D5F2D4FD37049 5C36494C71984650018;
Step A10:Dynamic token obtains the 3rd operation values according to the 3rd diffuseness values and first constant;
Specifically, in the present embodiment, dynamic token is respectively by the 3rd diffuseness values and first constant according to every group of 4 byte Data are grouped, and 4 data of byte in the 3rd diffuseness values and corresponding group of first constant are carried out into arithmetic adds, adjacent Carry is not carried out between group, the 3rd operation values are obtained;
For example, the 3rd diffuseness values are:478E9C59D5F2D4FD370495C36494C71984650018;
First constant is:67452301EFCDAB8998BADCFE10325476C3D2E1F0;
The 3rd operation values for obtaining are:AED3BF5AC5C08086CFBF72C174C71B8F4837E208;
Step A11:Dynamic token carries out computing according to one-way algorithm and the 3rd operation values to the second operation values, obtains the 4th Diffuseness values;
Preferably, in the present embodiment, one-way algorithm is that SHA1 spreads computing;In addition, one-way algorithm can also be SHA256 computings, SHA512 computings, SM3 computings;
For example, the 3rd operation values are:AED3BF5AC5C08086CFBF72C174C71B8F4837E208;
Second operation values are:BAA743B9C5858EB19012996E7C2AF3EFE07C7A1D;
The 4th diffuseness values for obtaining are:815B4C68D450501297AECF41306D9734F62FFD45;
Step A12:Dynamic token obtains the 4th operation values as second according to the 4th diffuseness values and the 3rd operation values Son;
Specifically, in the present embodiment, dynamic token is respectively by the 4th diffuseness values and the 3rd operation values according to every group of 4 bytes Data be grouped, 4 data of byte in the 4th diffuseness values and corresponding group of the 3rd operation values are carried out into arithmetic adds, phase Carry is not carried out between adjacent group, the 4th operation values are obtained;
For example, the 4th diffuseness values are:815B4C68D450501297AECF41306D9734F62FFD45;
3rd operation values are:AED3BF5AC5C08086CFBF72C174C71B8F4837E208;
Obtain the 4th operation values is as second seed, i.e. second seed:
302F0BC29A10D098676E4202A534B2C33E67DF4D;
As shown in figure 4, in the present embodiment, dynamic token generates the second response according to the second seed of generation in step 104 Code, including:
Step B01:Dynamic token obtains the first data in second seed, the first data and the first preset value is carried out different Or computing, obtain the 3rd XOR value;
Specifically, second seed is split into isometric two parts by dynamic token, and front portion is the first data;
Preferably, the first preset value is 0x36;
For example, the first data in second seed are 302F0BC29A10D098676E, the first data and 0x36 XOR knots Really, i.e., the 3rd XOR value is:
06193DF4AC26E6AE5158363636363636363636363636363636363636363636363636363636363 636363636363636363636363636363636363636363636363636;
Step B02:Dynamic token carries out computing according to one-way algorithm and first constant to the 3rd XOR value, obtains the 5th expansion Dissipate value;
Preferably, in the present embodiment, one-way algorithm is that SHA1 spreads computing;In addition, one-way algorithm can also be SHA256 computings, SHA512 computings, SM3 computings;
For example, in the present embodiment, first constant is:
67452301EFCDAB8998BADCFE10325476C3D2E1F0;
According to first constant to the 3rd XOR value 06193DF4AC26E6AE5158363636363636363636
36363636363636363636363636363636363636363636363636363636363636363636363636363 6363636363636 carry out SHA1 diffusion computings, and obtaining the 5th diffuseness values is:
893F911A1A13AD83B9F01D9EEF554C72FA17C14D;
Step B03:Dynamic token obtains the 5th operation values according to the 5th diffuseness values and first constant;
Specifically, in the present embodiment, dynamic token is respectively by the 5th diffuseness values and first constant according to every group of 4 byte Data are grouped, and 4 data of byte in the 5th diffuseness values and corresponding group of first constant are carried out into arithmetic adds, adjacent Carry is not carried out between group, the 5th operation values are obtained;
For example, the 5th diffuseness values are:893F911A1A13AD83B9F01D9EEF554C72FA17C14D;
First constant is:67452301EFCDAB8998BADCFE10325476C3D2E1F0;
The 5th operation values for obtaining are:
F084B41B09E1590C52AAFA9CFF87A0E8BDEAA33D;
Step B04:Dynamic token obtains the second data in second seed, and the second data are supplemented, and obtains seed Supplement value;
Specifically, second seed is split into isometric two parts by dynamic token, and front portion is the first data, latter portion It is divided into the second data;Dynamic token fills the second preset value behind the second data, according to the length and second of the 3rd XOR value The length of data obtains the second length, by the second length pad after the second preset value, and is grown in the second preset value and second 0x00 is mended between degree, the integral multiple for making the data length after supplement be 512 obtains seed supplement value;
For example, the second preset value is 0x80, the length of the 3rd XOR value obtains the second length plus the length of the second data;
For example, the second data are:4202A534B2C33E67DF4D, the length of the 3rd XOR value is 64 bytes, the second number According to length be 10 bytes, the second length for obtaining be (64+10) * 8=0x0250;Supplementing the seed supplement value for obtaining is:
4202A534B2C33E67DF4D800000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000250;
Step B05:Dynamic token carries out computing according to one-way algorithm and the 5th operation values to seed supplement value, obtains the 6th Diffuseness values;
Preferably, in the present embodiment, one-way algorithm is that SHA1 spreads computing;In addition, one-way algorithm can also be SHA256 computings, SHA512 computings, SM3 computings;
For example, the 5th operation values are:
F084B41B09E1590C52AAFA9CFF87A0E8BDEAA33D;
Seed supplement value is:
4202A534B2C33E67DF4D800000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000250;
The 6th diffuseness values for obtaining are:800D67401C55037C24521784F6F5C2225623FC7C;
Step B06:Dynamic token obtains the 6th operation values according to the 6th diffuseness values and the 5th operation values;
Specifically, in the present embodiment, dynamic token is respectively by the 6th diffuseness values and the 5th operation values according to every group of 4 bytes Data be grouped, 4 data of byte in the 6th diffuseness values and corresponding group of the 5th operation values are carried out into arithmetic adds, phase Carry is not carried out between adjacent group, the 6th operation values are obtained;
For example, the 6th diffuseness values are:800D67401C55037C24521784F6F5C2225623FC7C;
5th operation values are:F084B41B09E1590C52AAFA9CFF87A0E8BDEAA33D;
The 6th operation values for obtaining are:70921B5B26365C8876FD1220F67D630A140E9FB9;
Step B07:Dynamic token to second seed in the first data and the 3rd preset value carry out XOR, obtain Four XOR values;
Preferably, the 3rd preset value is 0x5c;
For example, the first data in second seed are 302F0BC29A10D098676E, the first data in second seed It is with 0x5c XOR results, i.e. the 4th XOR value:
6C73579EC64C8CC43B325C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5 C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C;
Step B08:Dynamic token carries out computing according to one-way algorithm and first constant to the 4th XOR value, obtains the 7th expansion Dissipate value;
Preferably, in the present embodiment, one-way algorithm is that SHA1 spreads computing;In addition, one-way algorithm can also be SHA256 computings, SHA512 computings, SM3 computings;
For example:First constant is:67452301EFCDAB8998BADCFE10325476C3D2E1F0;
According to first constant to the 4th XOR value 6C73579EC64C8CC43B325C5C5C5C5C5C5C5
C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C 5C5C5C5C5C5C5C5C carries out SHA1 diffusion computings, and obtaining the 7th diffuseness values is:
A98BE59B0871A3DC41DB81B338FB26E9D2944583;
Step B09:Dynamic token obtains the 7th operation values according to the 7th diffuseness values and first constant;
Specifically, in the present embodiment, dynamic token is respectively by the 7th diffuseness values and first constant according to every group of 4 byte Data are grouped, and 4 data of byte in the 7th diffuseness values and corresponding group of first constant are carried out into arithmetic adds, adjacent Carry is not carried out between group, the 7th operation values are obtained;
For example, the 7th diffuseness values are:A98BE59B0871A3DC41DB81B338FB26E9D2944583;
First constant is:67452301EFCDAB8998BADCFE10325476C3D2E1F0;
The 7th operation values for obtaining are:10D1089CF83F4F65DA965EB1492D7B5F96672773;
Step B10:Dynamic token carries out computing according to one-way algorithm and the 7th operation values to the 6th operation values, obtains the 8th Diffuseness values;
Preferably, in the present embodiment, one-way algorithm is that SHA1 spreads computing;In addition, one-way algorithm can also be SHA256 computings, SHA512 computings, SM3 computings;
For example, the 7th operation values are:10D1089CF83F4F65DA965EB1492D7B5F96672773;
6th operation values are:70921B5B26365C8876FD1220F67D630A140E9FB9;
The 8th diffuseness values for obtaining are:
410EB70F2A19B2FBE83CF53AFBA3C9AA0D18D2A1;
Step B11:Dynamic token obtains the 8th operation values according to the 8th diffuseness values and the 7th operation values;
Specifically, in the present embodiment, dynamic token is respectively by the 8th diffuseness values and the 7th operation values according to every group of 4 bytes Data be grouped, 4 data of byte in the 8th diffuseness values and corresponding group of the 7th operation values are carried out into arithmetic adds, phase Carry is not carried out between adjacent group, the 8th operation values are obtained;
For example, the 8th diffuseness values are:410EB70F2A19B2FBE83CF53AFBA3C9AA0D18D2A1;
7th operation values are:10D1089CF83F4F65DA965EB1492D7B5F96672773;
The 8th operation values for obtaining are:51DFBFAB22590260C2D353EB44D14509A37FFA14;
Step B12:Dynamic token is worth to byte location mark according to the 8th computing;
Specifically, dynamic token obtains the low four figures of last byte of the 8th operation values according to as byte location mark Know;
For example, the 8th operation values are 51DFBFAB22590260C2D353EB44D14509A37FFA14, the 8th operation values Last byte be 0x14, the low four figures evidence of last byte of the 8th operation values, i.e. byte location is designated 4;
Step B13:Dynamic token with the corresponding position of byte location mark, obtains 4 words since the 8th operation values The data of section are used as the first reply data;
For example, the 8th operation values are 51DFBFAB22590260C2D353EB44D14509A37FFA14, byte location mark It is 4 to know, and since the 4th byte of the 8th operation values, 4 data of byte for getting are 22590260 to dynamic token, i.e., First reply data is 22590260;
Step B14:The first reply data that dynamic token will get is converted to 10 system integers, obtains the second answer number According to;
For example, the first reply data is 22590260,10 system integers are converted to, the second reply data for obtaining is: 576258656;
Step B15:Dynamic token obtains second answerback code according to the length of active coding from the second reply data;
Specifically, in the present embodiment, dynamic token using the 1/2 of the length of active coding as second answerback code length, root Second answerback code is obtained since the lowest order of the second reply data according to the length of second answerback code;
For example, active coding is 123456258656, the length of active coding is 12, then the length of second answerback code is 6, Therefore low 6 data that dynamic token obtains the second reply data are 258656 as second answerback code, i.e. second answerback code.
The method of a kind of activation dynamic token that the present embodiment is provided, due to the new seed (second seed) in dynamic token It is the active coding according to year old seeds (the first seed) and user input, is generated by a series of computings including one-way algorithm, The security of the new seed (second seed) in dynamic token is ensure that, is improve and is used the security of dynamic token;In activation During, dynamic token generates new seed (second seed) according to default seed and the challenging value for receiving first, further according to New seed (second seed) generates the response value of dynamic token, according to the response of the response value and the dynamic token of generation for receiving Value judges whether to activate successfully, and dynamic token new seed (second seed) updates year old seeds (the first if activating successfully Son), the mode of this activation ensure that the new seed in new seed (second seed) and certificate server in dynamic token It is consistent, that is, ensure that the correctness of new seed.
Embodiment 3
Embodiments of the invention 3 provide a kind of device for activating dynamic token, as shown in figure 5, including:Receiver module 301st, the first computing module 302, the second computing module 303, the first generation module 304, the 3rd computing module the 305, the 4th are calculated Module 306, the second generation module 307, the first judge module 308, the update module 310 of display module 309 and first;
Receiver module 301, for receiving active coding by button;
Specifically, active coding includes activation challenge code and activation answer back code;
First computing module 302, the first operation values are obtained for carrying out the first unidirectional computing to default first seed, right Activation challenge code in the active coding that receiver module 301 is received is carried out being converted to the second conversion value, and the first seed is carried out Second unidirectional computing obtains the 3rd operation values;
Second computing module 303, for the first operation values, the second conversion that are calculated according to the first computing module 302 Value and the 3rd computing are worth to the 4th diffuseness values;
First generation module 304, calculates for the 4th diffuseness values being calculated according to the second computing module 303 and first The 3rd operation values that module 302 is calculated, generate second seed;
Specifically, second seed includes the first data and the second data;
3rd computing module 305, is carried out for the first data in the second seed that is generated to the first generation module 304 One unidirectional computing obtains the 5th operation values, and the second data in the second seed of the generation of the first generation module 304 are supplemented Seed supplement value is obtained, carrying out the second unidirectional computing to the first data in the second seed of the generation of the first generation module 304 obtains To the 7th operation values;
4th computing module 306, for the 5th operation values, the seed supplement that are calculated according to the 3rd computing module 305 Value and the 7th computing are worth to the 8th operation values;
Second generation module 307, the 8th operation values generation second for being calculated according to the 4th computing module 306 should Answer code;
First judge module 308, second answerback code and receiver module 301 for judging the generation of the second generation module 307 Whether the activation answer back code in the active coding for receiving is consistent;
Display module 309, for the first judge module 308 judge second answerback code and activation answer back code it is inconsistent when, Display error message;
First update module 310, for judging that second answerback code is consistent with activation answer back code in the first judge module 308 When, the second seed generated according to the first generation module 304 updates default first seed.
Device includes the second judge module, and whether the length for judging the active coding that receiver module 301 is received is the One preset length;
First computing module 302, is additionally operable to, when the second judge module is judged as YES, be operated;
Display module 309, is additionally operable to, when the second judge module is judged as NO, show error message.
First computing module 302 includes:First XOR unit and the first arithmetic element;
First XOR unit, for carrying out XOR to default first seed and the first preset value, obtains first different Or value;
First arithmetic element, for the first XOR value obtained to the first XOR unit according to one-way algorithm and first constant Computing is carried out, further according to operation result and first constant, the first operation values is obtained.
First computing module 302 also includes:First converting unit and the first supplementary units;
First converting unit, is converted to 16 and enters for the activation challenge code in the active coding that receives receiver module 301 Integer processed, obtains the first conversion value;
First supplementary units, the first conversion value for being obtained to the first converting unit is supplemented, and obtains the second conversion Value.
First supplementary units specifically for filling the second preset value behind the first conversion value, according to the length of the first XOR value The length of degree and the first conversion value obtains the first length, by the first length pad after the second preset value and default second 0x00 is mended between value and the first length, the integral multiple for making the data length after supplement be 512 obtains the second conversion value.
In first computing module 302,
First XOR unit, is additionally operable to carry out XOR to default first seed and the 3rd preset value, obtains second XOR value;
First arithmetic element, is additionally operable to the second XOR obtained to the first XOR unit according to one-way algorithm and first constant Value carries out computing, further according to operation result and first constant, obtains the 3rd operation values.
Second computing module 303 specifically for:Computing is carried out to the second conversion value according to one-way algorithm and the first operation values, The second diffuseness values are obtained, the second operation values are worth to according to the second diffuseness values and the first computing, transported according to one-way algorithm and the 3rd Calculation value carries out computing to the second operation values, obtains the 4th diffuseness values.
3rd computing module 305 includes:Second XOR unit and the second arithmetic element;
Second XOR unit, the first data and the first preset value for being obtained to the first generation module 304 carry out XOR Computing, obtains the 3rd XOR value;
Second arithmetic element, for the 3rd XOR value obtained to the second XOR unit according to one-way algorithm and first constant Computing is carried out, further according to operation result and first constant, the 5th operation values is obtained.
3rd computing module 305 also includes the second supplementary units, for filling the second preset value, root behind the second data Obtain the second length according to the length of the 3rd XOR value and the length of the second data, by the second length pad the second preset value it Afterwards, and between the second preset value and the second length 0x00 is mended, the integral multiple for making the data length after supplement be 512 is obtained Seed supplement value.
In 3rd computing module 305,
Second XOR unit, the first data and the 3rd preset value for being additionally operable to obtain the first generation module 304 carry out different Or computing, obtain the 4th XOR value;
Second arithmetic element, is additionally operable to the 4th XOR obtained to the second XOR unit according to one-way algorithm and first constant Value carries out computing, further according to operation result and first constant, obtains the 7th operation values.
4th computing module 306 specifically for:Computing is carried out to seed supplement value according to one-way algorithm and the 5th operation values, The 6th diffuseness values are obtained, the 6th operation values are worth to according to the 6th diffuseness values and the 5th computing, transported according to one-way algorithm and the 7th Calculation value carries out computing to the 6th operation values, obtains the 8th diffuseness values, and the 8th fortune is worth to according to the 8th diffuseness values and the 7th computing Calculation value.
Second generation module 307 includes:First acquisition unit, second acquisition unit, the second converting unit and the 3rd obtain Unit;
First acquisition unit, the 8th computing for being obtained according to the 4th computing module 306 is worth to byte location mark;
Second acquisition unit, in the 8th operation values that are obtained from the 4th computing module 306, being obtained with first acquisition unit To byte location identify corresponding position and start, obtain 4 data of byte as the first reply data;
Second converting unit, the first reply data for second acquisition unit to be got is converted to 10 system integers, Obtain the second reply data;
3rd acquiring unit, the length of the active coding for being received according to receiver module 301 is obtained from the second converting unit To the second reply data in obtain second answerback code.
First acquisition unit is specifically for obtaining the low four figures of last byte of the 8th operation values according to as byte Station location marker.
3rd acquiring unit, specifically for using the half of the length of active coding as second answerback code length, according to The length of two answer back codes obtains second answerback code since the lowest order of the second reply data.
The device of a kind of activation dynamic token that the present embodiment is provided, because second seed is according to the first seed and user The active coding of input, is generated, it is ensured that the security of second seed by a series of computings including one-way algorithm, is improve Use the security of dynamic token;In activation, device is first according to default seed and the challenging value for receiving generation second Seed, response value is generated further according to second seed, judges whether to activate into according to the response value and the response value of generation that receive Work(, the first seed is updated if activating successfully with second seed, and the device of this activation ensure that second in dynamic token Seed is consistent with the new seed in certificate server, that is, ensure that the correctness of new seed.
The above, the only present invention preferably specific embodiment, but protection scope of the present invention is not limited thereto, Any one skilled in the art in technical scope disclosed by the invention, the change or replacement that can be readily occurred in, Should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims It is defined.

Claims (28)

1. it is a kind of activate dynamic token method, it is characterised in that methods described includes:
Step S1:The dynamic token receives active coding by button, and the active coding includes activation challenge code and activation response Code;
Step S2:The dynamic token carries out the first unidirectional computing to default first seed, obtains the first operation values;To described Activation challenge code is changed, and obtains the second conversion value;Second unidirectional computing is carried out to first seed, the 3rd computing is obtained Value;
Step S3:The dynamic token is obtained according to first operation values, second conversion value and the 3rd operation values 4th diffuseness values;
Step S4:The dynamic token generates second seed according to the 4th diffuseness values and the 3rd operation values, and described the Two seeds include isometric the first data and the second data, and the front portion of the second seed is the first data, rear portion It is the second data;
Step S5:The dynamic token carries out the first unidirectional computing to first data, obtains the 5th operation values;To described Two data are supplemented, and obtain seed supplement value;Second unidirectional computing is carried out to first data, the 7th operation values are obtained;
Step S6:The dynamic token is obtained according to the 5th operation values, the seed supplement value and the 7th operation values 8th operation values;
Step S7:The dynamic token generates second answerback code according to the 8th operation values;
Step S8:The dynamic token judges that whether the second answerback code is consistent with the activation answer back code for receiving, and is Step S9 is then performed, error message is otherwise shown, terminated;
Step S9:The dynamic token updates first seed according to the second seed, activates successfully, terminates.
2. method according to claim 1, it is characterised in that include before the step S2:The dynamic token judges Whether the length of the active coding is the first preset length, is then to perform step S2, otherwise shows error message, return to step S1。
3. method according to claim 1, it is characterised in that the dynamic token carries out first to default first seed Unidirectional computing, obtains the first operation values, specially:
The dynamic token carries out XOR to first seed and the first preset value, obtains the first XOR value;
The dynamic token carries out computing according to one-way algorithm and first constant to the first XOR value, further according to operation result With the first constant, first operation values are obtained.
4. method according to claim 3, it is characterised in that the dynamic token is turned to the activation challenge code Change, obtain the second conversion value, specially:
The activation challenge code is converted to 16 system integers by the dynamic token, obtains the first conversion value;
The dynamic token is supplemented first conversion value, obtains second conversion value.
5. method according to claim 4, it is characterised in that the dynamic token is mended to first conversion value Fill, obtain second conversion value, specially:
The dynamic token fills the second preset value behind first conversion value, the length according to the first XOR value and The length of first conversion value obtains the first length, by first length pad after second preset value, and 0x00 is mended between second preset value and first length, the integral multiple for making the data length after supplement be 512 is obtained Second conversion value.
6. method according to claim 1, it is characterised in that it is single that the dynamic token carries out second to first seed To computing, the 3rd operation values are obtained, specially:
The dynamic token carries out XOR to first seed and the 3rd preset value, obtains the second XOR value;
The dynamic token carries out computing according to one-way algorithm and first constant to the second XOR value, further according to operation result With the first constant, the 3rd operation values are obtained.
7. method according to claim 1, it is characterised in that the dynamic token is according to first operation values, second Conversion value and the 3rd operation values, obtain the 4th diffuseness values, specially:
The dynamic token carries out computing according to one-way algorithm and first operation values to second conversion value, obtains second Diffuseness values;According to second diffuseness values and first operation values, the second operation values are obtained;According to the one-way algorithm and institute State the 3rd operation values carries out computing to second operation values, obtains the 4th diffuseness values.
8. method according to claim 1, it is characterised in that it is single that the dynamic token carries out first to first data To computing, the 5th operation values are obtained, specially:
The dynamic token carries out XOR to first data and the first preset value, obtains the 3rd XOR value;
The dynamic token carries out computing according to one-way algorithm and first constant to the 3rd XOR value, further according to operation result With the first constant, the 5th operation values are obtained.
9. method according to claim 8, it is characterised in that the dynamic token is supplemented second data, Seed supplement value is obtained, specially:
The dynamic token fills the second preset value behind second data, length and institute according to the 3rd XOR value The length for stating the second data obtains the second length, by second length pad after second preset value, and described 0x00 is mended between second preset value and second length, the integral multiple for making the data length after supplement be 512 obtains described Seed supplement value.
10. method according to claim 1, it is characterised in that the dynamic token carries out second to first data Unidirectional computing, obtains the 7th operation values, specially:
The dynamic token carries out XOR to first data and the 3rd preset value, obtains the 4th XOR value;
The dynamic token carries out computing according to one-way algorithm and first constant to the 4th XOR value, further according to operation result With the first constant, the 7th operation values are obtained.
11. methods according to claim 1, it is characterised in that the dynamic token is according to the 5th operation values, described Seed supplement value and the 7th operation values, obtain the 8th operation values, specially:
The dynamic token carries out computing according to one-way algorithm and the 5th operation values to the seed supplement value, obtains the 6th Diffuseness values;According to the 6th diffuseness values and the 5th operation values, the 6th operation values are obtained;According to the one-way algorithm and institute State the 7th operation values carries out computing to the 6th operation values, obtains the 8th diffuseness values;According to the 8th diffuseness values and described 7th operation values, obtain the 8th operation values.
12. methods according to claim 1, it is characterised in that the step S7, specifically include:
Step S7-1:The dynamic token is worth to byte location mark according to the 8th computing;
Step S7-2:The dynamic token since the 8th operation values with the corresponding position of byte location mark, 4 data of byte are obtained as the first reply data;
Step S7-3:First reply data is converted to 10 system integers by the dynamic token, obtains the second reply data;
Step S7-4:, according to the length of the active coding, obtaining second from second reply data should for the dynamic token Answer code.
13. methods according to claim 12, it is characterised in that the dynamic token is worth to byte according to the 8th computing Station location marker, specially:The dynamic token obtains the low four figures of last byte of the 8th operation values according to conduct The byte location mark.
14. methods according to claim 12, it is characterised in that the dynamic token according to the length of the active coding, Second answerback code is obtained from second reply data, specially:
The dynamic token using the half of the length of the active coding as the second answerback code length, according to described second The length of answer back code obtains the second answerback code since the lowest order of second reply data.
A kind of 15. devices for activating dynamic token, it is characterised in that including:Receiver module, the first computing module, second calculate Module, the first generation module, the 3rd computing module, the 4th computing module, the second generation module, the first judge module, display mould Block and the first update module;
The receiver module, for receiving active coding by button, the active coding includes activation challenge code and activation answer back code;
First computing module, for carrying out the first unidirectional computing to default first seed, obtains the first operation values;To institute State the activation challenge code that receiver module receives to be changed, obtain the second conversion value;Is carried out to first seed Two unidirectional computings, obtain the 3rd operation values;
Second computing module, for first operation values, described that are calculated according to first computing module Two conversion values and the 3rd operation values, obtain the 4th diffuseness values;First generation module, for being calculated according to described second The 3rd operation values that the 4th diffuseness values and first computing module that module is calculated are calculated, generation the Two seeds, the second seed includes isometric the first data and the second data, and the front portion of the second seed is first Data, rear portion is the second data;
3rd computing module, for carrying out the first unidirectional computing to the first data that first generation module is generated, obtains To the 5th operation values;The second data to first generation module generation are supplemented, and obtain seed supplement value;To described First data of one generation module generation carry out the second unidirectional computing, obtain the 7th operation values;
4th computing module, for the 5th operation values, the kind that are calculated according to the 3rd computing module Sub- supplement value and the 7th operation values, obtain the 8th operation values;
Second generation module, for the 8th operation values being calculated according to the 4th computing module, generation the Two answer back codes;
First judge module, the second answerback code and the reception mould for judging the second generation module generation Whether the activation answer back code that block is received is consistent;
The display module, for judging that the second answerback code and the activation answer back code differ in first judge module During cause, error message is shown;
First update module, for judging the second answerback code and the activation answer back code in first judge module When consistent, the second seed generated according to first generation module updates first seed.
16. devices according to claim 15, it is characterised in that including the second judge module, for judging the reception Whether the length of the active coding that module is received is the first preset length;
First computing module, is additionally operable to, when second judge module is judged as YES, be operated;
The display module, is additionally operable to, when second judge module is judged as NO, show error message.
17. devices according to claim 15, it is characterised in that first computing module includes:First XOR unit With the first arithmetic element;
The first XOR unit, for carrying out XOR to first seed and the first preset value, obtains the first XOR Value;
First arithmetic element, for the first XOR unit is obtained according to one-way algorithm and first constant described One XOR value carries out computing, further according to operation result and the first constant, obtains first operation values.
18. devices according to claim 17, it is characterised in that first computing module also includes:First conversion is single Unit and the first supplementary units;
First converting unit, it is whole that the activation challenge code for the receiver module to be received is converted to 16 systems Number, obtains the first conversion value;
First supplementary units, for supplementing first conversion value that first converting unit is obtained, obtain Second conversion value.
19. devices according to claim 18, it is characterised in that first supplementary units are specifically for described first The second preset value is filled behind conversion value, the length of length and first conversion value according to the first XOR value obtains One length, by first length pad after second preset value, and in second preset value and first length 0x00 is mended between degree, the integral multiple for making the data length after supplement be 512 obtains second conversion value.
20. devices according to claim 17, it is characterised in that the first XOR unit, are additionally operable to described first Seed and the 3rd preset value carry out XOR, obtain the second XOR value;
First arithmetic element, is additionally operable to according to one-way algorithm and first constant are obtained to the first XOR unit Second XOR value carries out computing, further according to operation result and the first constant, obtains the 3rd operation values.
21. devices according to claim 15, it is characterised in that second computing module specifically for:According to unidirectional Algorithm and first operation values carry out computing to second conversion value, obtain the second diffuseness values;According to the described second diffusion Value and first operation values, obtain the second operation values;According to the one-way algorithm and the 3rd operation values to described second Operation values carry out computing, obtain the 4th diffuseness values.
22. devices according to claim 15, it is characterised in that the 3rd computing module includes:Second XOR unit With the second arithmetic element;
The second XOR unit, first data and the first preset value for being obtained to first generation module are carried out XOR, obtains the 3rd XOR value;
Second arithmetic element, for the second XOR unit is obtained according to one-way algorithm and first constant described Three XOR values carry out computing, further according to operation result and the first constant, obtain the 5th operation values.
23. devices according to claim 22, it is characterised in that the 3rd computing module also includes that the second supplement is single Unit, for filling the second preset value behind second data, length and second number according to the 3rd XOR value According to length obtain the second length, it is by second length pad after second preset value and default described second 0x00 is mended between value and second length, the integral multiple for making the data length after supplement be 512 obtains the seed supplement Value.
24. devices according to claim 22, it is characterised in that the second XOR unit, are additionally operable to described first First data and the 3rd preset value that generation module is obtained carry out XOR, obtain the 4th XOR value;
Second arithmetic element, is additionally operable to according to one-way algorithm and first constant are obtained to the second XOR unit 4th XOR value carries out computing, further according to operation result and the first constant, obtains the 7th operation values.
25. devices according to claim 15, it is characterised in that the 4th computing module specifically for:According to unidirectional Algorithm and the 5th operation values carry out computing to the seed supplement value, obtain the 6th diffuseness values;According to the described 6th diffusion Value and the 5th operation values, obtain the 6th operation values;According to the one-way algorithm and the 7th operation values to the described 6th Operation values carry out computing, obtain the 8th diffuseness values;According to the 8th diffuseness values and the 7th operation values, the 8th computing is obtained Value.
26. devices according to claim 15, it is characterised in that second generation module includes:First acquisition unit, Second acquisition unit, the second converting unit and the 3rd acquiring unit;
The first acquisition unit, the 8th computing for being obtained according to the 4th computing module is worth to byte location Mark;
The second acquisition unit, in the 8th operation values that are obtained from the 4th computing module, with described first The byte location that acquiring unit is obtained identifies corresponding position and starts, and obtains 4 data of byte as the first answer number According to;
Second converting unit, first reply data for the second acquisition unit to be got is converted to 10 and enters Integer processed, obtains the second reply data;
3rd acquiring unit, the length of the active coding for being received according to the receiver module, from described second The second answerback code is obtained in second reply data that converting unit is obtained.
27. devices according to claim 26, it is characterised in that the first acquisition unit is specifically for obtaining described The low four figures of last byte of the 8th operation values is identified according to as the byte location.
28. devices according to claim 26, it is characterised in that the 3rd acquiring unit, specifically for swashing described The half of the length of code living as the second answerback code length, the length according to the second answerback code should from described second The lowest order of answer evidence starts to obtain the second answerback code.
CN201410441637.4A 2014-09-01 2014-09-01 A kind of method and apparatus for activating dynamic token Active CN104184590B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410441637.4A CN104184590B (en) 2014-09-01 2014-09-01 A kind of method and apparatus for activating dynamic token

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410441637.4A CN104184590B (en) 2014-09-01 2014-09-01 A kind of method and apparatus for activating dynamic token

Publications (2)

Publication Number Publication Date
CN104184590A CN104184590A (en) 2014-12-03
CN104184590B true CN104184590B (en) 2017-06-06

Family

ID=51965355

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410441637.4A Active CN104184590B (en) 2014-09-01 2014-09-01 A kind of method and apparatus for activating dynamic token

Country Status (1)

Country Link
CN (1) CN104184590B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104506319B (en) * 2014-12-15 2017-11-28 飞天诚信科技股份有限公司 The method of work of one kind of multiple sub- dynamic tokens
CN106027263B (en) * 2016-07-22 2019-10-18 北京信安世纪科技股份有限公司 A kind of update method, device and the relevant device of token seed
CN106230586A (en) * 2016-07-22 2016-12-14 北京信安世纪科技有限公司 A kind of token seed dynamics update method and device
CN113010859B (en) * 2021-02-18 2022-09-06 浪潮云信息技术股份公司 Activation code generation method supporting self-checking

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025716A (en) * 2010-06-29 2011-04-20 北京飞天诚信科技有限公司 Method for updating seeds of dynamic password token
CN103312519A (en) * 2013-07-05 2013-09-18 飞天诚信科技股份有限公司 Dynamic password device and working method thereof
EP2704464A1 (en) * 2011-04-27 2014-03-05 Dynamicode Company Limited Dynamic token seed key injection and deformation method
CN103684782A (en) * 2013-11-26 2014-03-26 飞天诚信科技股份有限公司 Method for activating token equipment in token authentication system
CN103731272A (en) * 2014-01-06 2014-04-16 飞天诚信科技股份有限公司 Identity authentication method, system and equipment
CN103746816A (en) * 2014-02-18 2014-04-23 飞天诚信科技股份有限公司 Multifunctional authenticator and working method thereof
CN103888470A (en) * 2014-04-02 2014-06-25 飞天诚信科技股份有限公司 Dynamic token synchronizing method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140177825A1 (en) * 2012-12-20 2014-06-26 Protegrity Corporation Asymmetric Tokenization

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025716A (en) * 2010-06-29 2011-04-20 北京飞天诚信科技有限公司 Method for updating seeds of dynamic password token
EP2704464A1 (en) * 2011-04-27 2014-03-05 Dynamicode Company Limited Dynamic token seed key injection and deformation method
CN103312519A (en) * 2013-07-05 2013-09-18 飞天诚信科技股份有限公司 Dynamic password device and working method thereof
CN103684782A (en) * 2013-11-26 2014-03-26 飞天诚信科技股份有限公司 Method for activating token equipment in token authentication system
CN103731272A (en) * 2014-01-06 2014-04-16 飞天诚信科技股份有限公司 Identity authentication method, system and equipment
CN103746816A (en) * 2014-02-18 2014-04-23 飞天诚信科技股份有限公司 Multifunctional authenticator and working method thereof
CN103888470A (en) * 2014-04-02 2014-06-25 飞天诚信科技股份有限公司 Dynamic token synchronizing method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于手机及挑战响应机制的动态口令系统研发;王伟珣;《中国优秀硕士论文全文数据库 信息科技辑》;20130715(第07(2013)期);全文 *
基于挑战/应答的动态口令身份认证系统研究;刘文军;《中国优秀硕士论文全文数据库 信息科技辑》;20071115(第05(2007)期);全文 *

Also Published As

Publication number Publication date
CN104184590A (en) 2014-12-03

Similar Documents

Publication Publication Date Title
CN104184590B (en) A kind of method and apparatus for activating dynamic token
CN107171805B (en) Internet of things terminal digital certificate issuing system and method
KR101575030B1 (en) Method of multi-signature generation for shared data in the cloud
EP3779792A1 (en) Two-dimensional code generation method, data processing method, apparatus, and server
CN108269062B (en) Electronic contract making method, device, equipment and medium based on H5
CN105515778B (en) Cloud storage data integrity services signatures method
SG10201908340RA (en) Method and device for application information risk management
CN105993010A (en) Methods and apparatus to provide extended object notation data
CN112116474B (en) Verification method and device for electronic contract, electronic equipment and storage medium
CN110099048A (en) A kind of cloud storage method and apparatus
CN106020601A (en) Interface display management method and device
CN107026873B (en) A kind of encryption and decryption method and system based on elliptic curve
CN110602085A (en) Method and device for sharing and processing data on block chain, storage medium and electronic equipment
CN116827522B (en) UVM-based AES-GCM function verification method and related equipment
CN113472805A (en) Model training method and device, storage medium and electronic equipment
CN115987690B (en) Privacy computing method based on API, API calling terminal and API providing terminal
KR20180084304A (en) Electronic device and method for creating shortcut of web page thereof
CN103795531A (en) Secret key authentication method based on two-dimension code and system thereof
CN108365959B (en) Full-proxy outsourcing polynomial verification method in cloud environment
CN110570197A (en) Data processing method and device based on block chain
US20200213095A1 (en) Method and device for the computer aided processing of a random bit pattern
CN106911639A (en) Encryption method and device, decryption method and device and terminal
CN111949996A (en) Generation method, encryption method, system, device and medium of security private key
CN116150780A (en) Method and device for dynamically generating token, electronic equipment and storage medium
CN109344636A (en) The encryption method and device of user file

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant