CN106330862A - Secure transmission method and system for dynamic password - Google Patents
Secure transmission method and system for dynamic password Download PDFInfo
- Publication number
- CN106330862A CN106330862A CN201610649358.6A CN201610649358A CN106330862A CN 106330862 A CN106330862 A CN 106330862A CN 201610649358 A CN201610649358 A CN 201610649358A CN 106330862 A CN106330862 A CN 106330862A
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- ciphertext
- server end
- dynamic password
- note
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
- H04W4/14—Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a secure transmission method for a dynamic password. The method comprises the steps: a mobile terminal obtains user information from a third party application, uses the asymmetric key algorithm to generate a key pair according to the user information, and stores the generated key pair in the mobile terminal; the mobile terminal obtains its own unique identification information and sends the user information, the public key of the generated key pair, and the unique identification information of the mobile terminal to a server; the server establishes a mapping relationship table among the user information, the public key of the generated key pair, and the unique identification information of the mobile terminal that all pass the validity check, and sends a notice of success of mapping relationship establishment to the mobile terminal; and the mobile terminal receives the notice of success of mapping relationship establishment and continues to monitor all the short messages. The method and the system can overcome the technical problems that the dynamic password is easily intercepted, acquired, received or eavesdropped by the third party in the existing dynamic password encryption transmission process.
Description
Technical field
The invention belongs to field of information security technology, more particularly, to a kind of dynamic password safe transmission method and
System.
Background technology
Along with the development of dynamic-password technique, at present, whether it is traded in ecommerce, or needs at other
Carry out in authentication or the checking of authority and the system authorized, all at substantial amounts of use dynamic-password technique, along with shifting
The rapid growth of dynamic the Internet, dynamic password is combined the dynamic password short message verification code (letter below formed with mobile interchange terminal
Claim short message verification code) extensively and more and more used, it is well known that, the closeest in short message verification code
The transmission of code, to transmit, receive be all to carry out when in plain text, the sender of short message verification code, transmission intermediary, Yi Jijie
Debit cannot ensure that dynamic password will not be intercepted by third party, obtain, receive or eavesdrop, thus result in some illegal point
Son can get dynamic password by some any special measures, causes the adverse consequences such as leakage of personal information, property loss.
Summary of the invention
For disadvantages described above or the Improvement requirement of prior art, the invention provides the safe transmission side of a kind of dynamic password
Method and system, it is intended that during solving existing dynamic password encrypted transmission due to dynamic password transmission, transmit, connect
Receiving is all to carry out caused dynamic password when in plain text easily to be intercepted by third party, obtain, receive or eavesdrop, and
Further result in some lawless persons and can cause the adverse consequences such as leakage of personal information, property loss by obtaining dynamic password
Technical problem.
For achieving the above object, according to one aspect of the present invention, it is provided that the safe transmission side of a kind of dynamic password
Method, comprises the steps:
(1) mobile terminal obtains user profile from third-party application, and uses asymmetric key algorithm according to this user profile
Generate double secret key, and the double secret key of generation is stored in mobile terminal;
(2) mobile terminal obtains the unique identification information of self, and the cipher key pair that will generate in user profile, step (1)
PKI and the unique identification information of mobile terminal be sent collectively to server end;
(3) server end is set up by the user profile of validity checking, the PKI of cipher key pair and mobile terminal only
Mapping relations table between one identification information three, and notice mapping relations being successfully established is sent to mobile terminal;
(4) mobile terminal is persistently monitored after receiving the notice that the mapping relations coming from server end transmission are successfully established
All notes;
(5) received server-side comes from the CIPHERING REQUEST of third-party platform, according to the user profile in this CIPHERING REQUEST
Inquiring about the PKI of correspondence in mapping relations table, the dynamic password using this PKI inquired to associate CIPHERING REQUEST adds
Close, to generate ciphertext, and the ciphertext generated is passed through short message sending to mobile terminal;
(6) mobile terminal judges that whether number corresponding to the note that receives be the number that this server end sends note, as
Fruit is to enter step (7), otherwise abandons this note, and persistently monitors next note;
(7) private key of the cipher key pair that mobile terminal use step (1) generates is to from the ciphertext in the note of server end
It is decrypted, to generate original text, and original text is shown to user.
Preferably, the mode generating double secret key in step (1) can also be, after obtaining user profile, and stochastic generation one
Random factor, and use asymmetric key algorithm to generate key according to user profile and this random factor.
Preferably, the following steps after described method further includes at step (2), before step (3):
(the 2 ') server end unique mark to user profile, the PKI of cipher key pair and the mobile terminal from mobile terminal
Knowledge information carries out validity checking.
Preferably, the following steps after described method further includes at step (2) or (2 '), before step (3):
(2 ") server end is by the conjunction to the user profile from mobile terminal of the third-party platform at third-party application place
Method checks.
Preferably, the dynamic password in step (5) associated CIPHERING REQUEST is encrypted and by the ciphertext of generation with note
Form be sent to the process of mobile terminal and include following sub-step:
(5-1) this PKI inquired is used dynamic password to be encrypted, to obtain dynamic password ciphertext;
(5-2) the encrypted indicia symbol using server end and mobile terminal to make an appointment is combined with dynamic password ciphertext,
To obtain combining ciphertext;
(5-3) the short message prompt content that this combination ciphertext and server end and mobile terminal are made an appointment is combined, with
Obtaining complete note, this note includes ciphertext, and by this short message sending to mobile terminal.
Preferably, the mode generating ciphertext in step (5) can also be to come from third-party platform at received server-side
CIPHERING REQUEST after, according to the user profile in this CIPHERING REQUEST inquire about in mapping relations table correspondence PKI, randomly generate
One random factor, the dynamic password using this random factor and associating CIPHERING REQUEST with this PKI inquired is encrypted,
To generate ciphertext.
Preferably, show user in step (7) can also be dynamic password, and it is to use step by mobile terminal
(5) private key of the cipher key pair that the random factor produced and step (1) generate is decrypted life to the ciphertext from server end
Become.
Preferably, the ciphertext from server end is decrypted, includes following sub-step generating the process of dynamic password
Rapid:
(7-1) short message prompt content server end in note and mobile terminal made an appointment is deleted, to obtain ciphertext group
Bag;
(7-2) the encrypted indicia symbol made an appointment in server end and mobile terminal in ciphertext group bag is deleted, to be encrypted
The dynamic password ciphertext of request association;
(7-3) use the private key of the cipher key pair generated in step (1) that the dynamic password ciphertext obtained is decrypted, with
Obtain dynamic password original text.
It is another aspect of this invention to provide that provide the secure transmission system of a kind of dynamic password, including:
First module, it is arranged at mobile terminal, for obtaining user profile from third-party application, and according to this user profile
Use asymmetric key algorithm to generate double secret key, and the double secret key of generation is stored in mobile terminal;
Second module, it is arranged at mobile terminal, for obtaining the unique identification information of self, and by user profile, first
The PKI of cipher key pair and the unique identification information of mobile terminal that generate in module are sent collectively to server end;
Three module, it is arranged at server end, for setting up by the user profile of validity checking, cipher key pair
Mapping relations table between the unique identification information three of PKI and mobile terminal, and the notice that mapping relations are successfully established
It is sent to mobile terminal;
4th module, it is arranged at mobile terminal, for receiving the mapping relations foundation coming from server end transmission
Successfully persistently monitor all notes after notice;
5th module, it is arranged at server end, for receiving the CIPHERING REQUEST coming from third-party platform, adds according to this
User profile in close request inquires about the PKI of correspondence in mapping relations table, uses this PKI inquired to close CIPHERING REQUEST
The dynamic password of connection is encrypted, and to generate ciphertext, and the ciphertext generated is passed through short message sending to mobile terminal;
6th module, whether it is arranged at mobile terminal, be this server for judging number corresponding to the note received
End sends the number of note, if yes then enter the 7th module, otherwise abandons this note, and persistently monitors next note;
7th module, it is arranged at mobile terminal, for using the private key of the cipher key pair of the first module generation to from clothes
Ciphertext in the note of business device end is decrypted, and to generate original text, and original text is shown to user.
It is another aspect of this invention to provide that provide the safe transmission method of a kind of dynamic password, comprise the steps:
(1) mobile terminal obtains user profile from third-party application;
(2) mobile terminal obtains the unique identification information of self, and by the unique identification information one of user profile and mobile terminal
Rise and be sent to server end;
(3) server end stochastic generation random number is as dispersion factor, sets up by the user profile of validity checking, divides
Dissipate the mapping relations table between the factor and the unique identification information three of mobile terminal, and mapping relations are successfully established logical
Know and be sent to mobile terminal;
(4) mobile terminal receive come from the notice that is successfully established of mapping relations and step (3) that server end sends raw
The dispersion factor become, storage dispersion factor also persistently monitors all notes;
(5) received server-side comes from the CIPHERING REQUEST of third-party platform, according to the user profile in this CIPHERING REQUEST
Inquiring about the dispersion factor of correspondence in mapping relations table, it is the closeest that CIPHERING REQUEST is associated by this dispersion factor that use inquires
Code is encrypted, and to generate ciphertext, and the ciphertext generated is passed through short message sending to mobile terminal;
(6) mobile terminal judges that whether number corresponding to the note that receives be the number that this server end sends note, as
Fruit is to enter step (7), otherwise abandons this note, and persistently monitors next note;
(7) dispersion factor that mobile terminal uses step (4) to store generates key, and uses this double secret key from server end
Note in ciphertext be decrypted, to generate original text, and original text is shown to user.
In general, by the contemplated above technical scheme of the present invention compared with prior art, it is possible to show under acquirement
Benefit effect:
1, owing to present invention uses rivest, shamir, adelman or symmetric encipherment algorithm encryption dynamic password so that after encryption
Dynamic password be difficult to be obtained by lawless person or crack, therefore, it is possible to during solving existing dynamic password encrypted transmission due to
The transmission of dynamic password, to transmit, receive be all to carry out caused dynamic password when in plain text easily to be blocked by third party
Cut, obtain, receive or eavesdrop, and further result in some lawless persons can by obtain dynamic password, cause personal information
The technical problem of the adverse consequencess such as leakage, property loss;
2, present invention can apply to various mobile terminal and server end, applied widely;
3, the dynamic password of the present invention is all to carry out with encrypted test mode in time sending, transmit, receive, and is only shown to mobile
Just understand the when of end subscriber with clear-text way, it is achieved thereby that from the protection producing the whole link of checking of dynamic password, and
Safe transmission for dynamic password provides strong guarantee.
Accompanying drawing explanation
Fig. 1 is the flow chart of the safe transmission method of the dynamic password according to first embodiment of the invention.
Fig. 2 is the flow chart of the safe transmission method of the dynamic password according to second embodiment of the invention.
Detailed description of the invention
In order to make the purpose of the present invention, technical scheme and advantage clearer, below in conjunction with drawings and Examples, right
The present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, and
It is not used in the restriction present invention.If additionally, technical characteristic involved in each embodiment of invention described below
The conflict of not constituting each other just can be mutually combined.
As it is shown in figure 1, comprise the steps: according to the safe transmission method of the dynamic password of first embodiment of the invention
(1) mobile terminal obtains user profile from third-party application, and uses asymmetric key algorithm according to this user profile
Generate double secret key, and the double secret key of generation is stored in mobile terminal;
In the present embodiment, mobile terminal can be any mobile device carrying out network service or main process equipment, all
Such as PC (Personal Computer is called for short PC), mobile phone, panel computer, personal digital assistants (Personal
Digital Assistant, is called for short PDA) etc..
Specifically, third-party application can be various transaction system, including, but not limited to bank transaction system, security
Transaction system, government bodies' official document system etc., it can provide user profile, and this user profile is including, but not limited to user's
Account, title, telephone number etc.;
In the present embodiment, asymmetric key algorithm is including, but not limited to RSA Algorithm (Rivest-Shamir-
Adleman algorithm), Elliptic Curve Cryptography algorithm (Elliptic curve cryptography, be called for short ECC), SM2 algorithm
Deng;
Alternatively, this step can also be, mobile terminal obtains user profile from third-party application, and stochastic generation one is random
The factor, and use asymmetric key algorithm to generate double secret key according to user profile and this random factor, thus further enhance life
The safety of the double secret key become;
(2) mobile terminal obtains the unique identification information of self, and the cipher key pair that will generate in user profile, step (1)
PKI and the unique identification information of mobile terminal be sent collectively to server end;This unique identification information is for mobile phone
Being its IMEI number or IMSI number, be its serial number that dispatches from the factory for PDA and computer, this unique identification information can also be mobile
The hardware number of certain parts (such as CPU, network interface card etc.) in end;
As it is further preferred that this method may additionally include the following steps after step (2):
(the 2 ') server end unique mark to user profile, the PKI of cipher key pair and the mobile terminal from mobile terminal
Knowledge information carries out validity checking;
Specifically, user profile is carried out validity checking and is whether the length checking user profile is in a threshold value
In the range of, if be in this threshold range, then proving that this user profile is legal, otherwise representing that user profile is illegal;
The lower limit of this threshold value is 0, and higher limit is the message length that in third-party application, user profile length is maximum.
It is to check whether this PKI length uses equal in step (1) that the PKI of cipher key pair carries out validity checking
The PKI length of the code requirement corresponding to asymmetric key algorithm, if equal to represent that this PKI is legal, otherwise represents
This PKI is illegal.
The unique identification information of mobile terminal is carried out validity checking specifically check the IMEI number of mobile phone or IMSI number,
In dispatch from the factory serial number and the mobile terminal of PDA or computer, whether the hardware number of certain parts (such as CPU, network interface card etc.) meets
Specific length (such as IMEI is 15, and computer serial number is 11 etc.), if met, then identifies this unique identification information
It is legal, otherwise represents it is illegal.
As it is further preferred that after the method for the present invention may additionally include above-mentioned steps (2) or step (2 ')
Following steps:
(2 ") server end is by the conjunction to the user profile from mobile terminal of the third-party platform at third-party application place
Method checks;
(3) server end is set up by the user profile of validity checking, the PKI of cipher key pair and mobile terminal only
Mapping relations table (i.e. achieving the binding between three) between one identification information three, and mapping relations are successfully established
Notice is sent to mobile terminal;
(4) mobile terminal is persistently monitored after receiving the notice that the mapping relations coming from server end transmission are successfully established
All notes;
(5) received server-side comes from the CIPHERING REQUEST of third-party platform, according to the user profile in this CIPHERING REQUEST
Inquiring about the PKI of correspondence in mapping relations table, the dynamic password using this PKI inquired to associate CIPHERING REQUEST adds
Close, to generate ciphertext, and the ciphertext generated is passed through short message sending to mobile terminal;
Specifically, dynamic password can be the information carried in CIPHERING REQUEST, it is also possible to be treating of specifying of CIPHERING REQUEST
The information of stochastic generation, dynamic password can be specifically numeral, Chinese character, Chinese and English character etc..
The AES used in this step is identical with the AES used in above-mentioned steps (1).
Alternatively, this step can also be, received server-side comes from the CIPHERING REQUEST of third-party platform, according to this
User profile in CIPHERING REQUEST inquires about the PKI of correspondence in mapping relations table, randomly generates a random factor, and using should
The dynamic password that CIPHERING REQUEST is associated by random factor with this PKI inquired is encrypted, and to generate ciphertext, and will generate
Ciphertext be sent to mobile terminal with the form of note;
In detail, the dynamic password of CIPHERING REQUEST association is encrypted and the ciphertext of generation is sent out with the form of note
Deliver to the process of mobile terminal and include following sub-step:
(5-1) this PKI inquired is used dynamic password to be encrypted, to obtain dynamic password ciphertext Cifer;
(5-2) (it can be letter, numeral, character to the encrypted indicia symbol that make an appointment in use server end and mobile terminal
Or its combination in any) and dynamic password ciphertext Cifer be combined, with obtain combine ciphertext;Such as, that makes an appointment adds secret mark
Note symbol is FF or 00, and dynamic password ciphertext is Cifer, then combination ciphertext | | Cifer or 00 | | the Cifer that is FF.
(5-3) short message prompt content (such as, this note this combination ciphertext and server end and mobile terminal made an appointment
Suggestion content is " identifying code of this transaction is: ") it is combined, to obtain complete note, this note includes ciphertext, and
By this short message sending to mobile terminal.
(6) mobile terminal judges that whether number corresponding to the note that receives be the number that this server end sends note, as
Fruit is to enter step (7), otherwise abandons this note, and persistently monitors next note;Such as, if a certain moment mobile terminal
Receiving a note, the number of its correspondence is 106922222, and mobile terminal judges that this number is not that server end transmission is short
The number 106900000 of letter, then this note is abandoned in mobile terminal, continues to monitor next note;
(7) private key of the cipher key pair that mobile terminal use step (1) generates is to from the ciphertext in the note of server end
It is decrypted, to generate original text, and original text is shown to user.
Alternatively, when generating random factor in step (5), this step is: mobile terminal uses step (5) to produce
Ciphertext from server end is decrypted by the private key of the cipher key pair that random factor and step (1) generate, to generate dynamically
Password, and dynamic password is shown to user.
Specifically, the algorithm that deciphering is used is the most corresponding with the AES used in above-mentioned steps (1).
Above-mentioned the ciphertext from server end is decrypted, includes following sub-step generating the process of dynamic password:
(7-1) short message prompt content server end in note and mobile terminal made an appointment is deleted, to obtain ciphertext group
Bag;
(7-2) the encrypted indicia symbol made an appointment in server end and mobile terminal in ciphertext group bag is deleted, to be encrypted
The dynamic password ciphertext of request association;
(7-3) use the private key of the cipher key pair generated in step (1) that the dynamic password ciphertext obtained is decrypted, with
Obtain dynamic password original text.
The safe transmission method of the dynamic password according to second embodiment of the invention comprises the steps:
(1) mobile terminal obtains user profile from third-party application;
Specifically, third-party application can be various transaction system, including, but not limited to bank transaction system, security
Transaction system, government bodies' official document system etc., it can provide user profile, and this user profile is including, but not limited to user's
Account, title, telephone number etc.;
(2) mobile terminal obtains the unique identification information of self, and by the unique identification information one of user profile and mobile terminal
Rise and be sent to server end;This unique identification information is its IMEI number or IMSI number for mobile phone, for PDA and computer
Speech is its serial number that dispatches from the factory, and this unique identification information can also be the hardware of certain parts in mobile terminal (such as CPU, network interface card etc.)
Number;
As it is further preferred that this method may additionally include the following steps after step (2):
(2 ') server end carries out legitimacy to from the user profile of mobile terminal and the unique identification information of mobile terminal
Check;
Specifically, user profile is carried out validity checking and is whether the length checking user profile is in a threshold value
In the range of, if be in this threshold range, then proving that this user profile is legal, otherwise representing that user profile is illegal;
The lower limit of this threshold value is 0, and higher limit is the message length that in third-party application, user profile length is maximum.
The unique identification information of mobile terminal is carried out validity checking specifically check the IMEI number of mobile phone or IMSI number,
In dispatch from the factory serial number and the mobile terminal of PDA or computer, whether the hardware number of certain parts (such as CPU, network interface card etc.) meets
Specific length (such as IMEI is 15, and computer serial number is 11 etc.), if met, then identifies this unique identification information
It is legal, otherwise represents it is illegal.
As it is further preferred that after the method for the present invention may additionally include above-mentioned steps (2) or step (2 ')
Following steps:
(2 ") server end is by the conjunction to the user profile from mobile terminal of the third-party platform at third-party application place
Method checks;
(3) server end stochastic generation random number is as dispersion factor, sets up by the user profile of validity checking, divides
Dissipate the mapping relations table (i.e. achieving the binding between three) between the factor and the unique identification information three of mobile terminal,
And notice mapping relations being successfully established is sent to mobile terminal;
(4) mobile terminal receive come from the notice that is successfully established of mapping relations and step (3) that server end sends raw
The dispersion factor become, storage dispersion factor also persistently monitors all notes;
(5) received server-side comes from the CIPHERING REQUEST of third-party platform, according to the user profile in this CIPHERING REQUEST
Inquiring about the dispersion factor of correspondence in mapping relations table, it is the closeest that CIPHERING REQUEST is associated by this dispersion factor that use inquires
Code is encrypted, and to generate ciphertext, and the ciphertext generated is passed through short message sending to mobile terminal;
Specifically, dynamic password can be the information carried in CIPHERING REQUEST, it is also possible to be treating of specifying of CIPHERING REQUEST
The information of stochastic generation, dynamic password can be specifically numeral, Chinese character, Chinese and English character etc..
Alternatively, this step can also be, received server-side comes from the CIPHERING REQUEST of third-party platform, according to this
User profile in CIPHERING REQUEST inquires about the dispersion factor of correspondence in mapping relations table, randomly generates a random factor, makes
The dynamic password associated CIPHERING REQUEST with this dispersion factor inquired with this random factor is encrypted, to generate ciphertext,
And the ciphertext of generation is sent to mobile terminal with the form of note;
In detail, the dynamic password of CIPHERING REQUEST association is encrypted and the ciphertext of generation is sent out with the form of note
Deliver to the process of mobile terminal and include following sub-step:
(5-1) use hash algorithm that dispersion factor is carried out Hash operation, to obtain cryptographic Hash, and utilize cut position algorithm pair
This cryptographic Hash carries out cut position, to obtain encryption key, uses this encryption key to be encrypted dynamic password, the closeest to generate
Code ciphertext;
Specifically, first cryptographic Hash is carried out cut position computing, to obtain the encryption identical with dynamic password original text length
Key, then uses this encryption key that dynamic password original text carries out step-by-step XOR, thus generates dynamic password ciphertext;
(5-2) (it can be letter, numeral, character to the encrypted indicia symbol that make an appointment in use server end and mobile terminal
Or its combination in any) and dynamic password ciphertext be combined, with obtain combine ciphertext;Such as, the encrypted indicia symbol made an appointment
Being FF or 00, dynamic password ciphertext is Cifer, then combination ciphertext | | dynamic password ciphertext or 00 | | the dynamic password ciphertext that is FF.
(5-3) short message prompt content (such as, this note this combination ciphertext and server end and mobile terminal made an appointment
Suggestion content is " identifying code of this transaction is: ") it is combined, to obtain complete note, this note includes ciphertext, and
By this short message sending to mobile terminal.
(6) mobile terminal judges that whether number corresponding to the note that receives be the number that this server end sends note, as
Fruit is to enter step (7), otherwise abandons this note, and persistently monitors next note;Such as, if a certain moment mobile terminal
Receiving a note, the number of its correspondence is 106922222, and mobile terminal judges that this number is not that server end transmission is short
The number 106900000 of letter, then this note is abandoned in mobile terminal, continues to monitor next note;
(7) dispersion factor that mobile terminal uses step (4) to store generates key, and uses this double secret key from server end
Note in ciphertext be decrypted, to generate original text, and original text is shown to user.
Alternatively, when generating random factor in step (5), this step is: mobile terminal uses step (5) to produce
Dispersion factor and random factor generate double secret key and are decrypted from the ciphertext of server end, to generate dynamic password, and will be dynamic
State password is shown to user.
Specifically, the algorithm that deciphering is used is the most corresponding with the AES used in above-mentioned steps (5).
Above-mentioned the ciphertext from server end is decrypted, includes following sub-step generating the process of dynamic password:
(7-1) short message prompt content server end in note and mobile terminal made an appointment is deleted, to obtain ciphertext group
Bag;
(7-2) the encrypted indicia symbol made an appointment in server end and mobile terminal in ciphertext group bag is deleted, to be encrypted
The dynamic password ciphertext of request association;
(7-3) use hash algorithm that dispersion factor is carried out Hash operation, to obtain cryptographic Hash, and utilize cut position algorithm pair
Cryptographic Hash carries out cut position, to obtain decruption key, and uses this decruption key to be decrypted dynamic password, the closeest to generate
Code is in plain text;
Specifically, first cryptographic Hash is carried out cut position computing, to obtain the deciphering identical with dynamic password ciphertext length
Key, then uses this decruption key that dynamic password ciphertext carries out step-by-step XOR, generates dynamic password in plain text.
Present invention also offers the secure transmission system of a kind of dynamic password, including:
First module, it is arranged at mobile terminal, for obtaining user profile from third-party application, and according to this user profile
Use asymmetric key algorithm to generate double secret key, and the double secret key of generation is stored in mobile terminal;
Second module, it is arranged at mobile terminal, for obtaining the unique identification information of self, and by user profile, first
The PKI of cipher key pair and the unique identification information of mobile terminal that generate in module are sent collectively to server end;
Three module, it is arranged at server end, for setting up by the user profile of validity checking, cipher key pair
Mapping relations table between the unique identification information three of PKI and mobile terminal, and the notice that mapping relations are successfully established
It is sent to mobile terminal;
4th module, it is arranged at mobile terminal, for receiving the mapping relations foundation coming from server end transmission
Successfully persistently monitor all notes after notice;
5th module, it is arranged at server end, for receiving the CIPHERING REQUEST coming from third-party platform, adds according to this
User profile in close request inquires about the PKI of correspondence in mapping relations table, uses this PKI inquired to close CIPHERING REQUEST
The dynamic password of connection is encrypted, and to generate ciphertext, and the ciphertext generated is passed through short message sending to mobile terminal;
6th module, whether it is arranged at mobile terminal, be this server for judging number corresponding to the note received
End sends the number of note, if yes then enter the 7th module, otherwise abandons this note, and persistently monitors next note;
7th module, it is arranged at mobile terminal, for using the private key of the cipher key pair of the first module generation to from clothes
Ciphertext in the note of business device end is decrypted, and to generate original text, and original text is shown to user.
The present invention still further provides the secure transmission system of a kind of dynamic password, including:
First module, it is arranged at mobile terminal, for obtaining user profile from third-party application;
Second module, it is arranged at mobile terminal, for obtaining the unique identification information of self, and by user profile and movement
The unique identification information of end is sent collectively to server end;
Three module, it is arranged at server end, for stochastic generation random number as dispersion factor, sets up by legal
Property the unique identification information three of user profile, dispersion factor and mobile terminal that checks between mapping relations table, and will reflect
The notice that the relation of penetrating is successfully established is sent to mobile terminal;
4th module, it is arranged at mobile terminal, is successfully established for receiving the mapping relations coming from server end transmission
Notice and step (3) in the dispersion factor that generates, storage dispersion factor also persistently monitors all notes;
5th module, it is arranged at server end, for receiving the CIPHERING REQUEST coming from third-party platform, adds according to this
User profile in close request inquires about the dispersion factor of correspondence in mapping relations table, uses this dispersion factor inquired to adding
The dynamic password of close request association is encrypted, and to generate ciphertext, and the ciphertext generated is passed through short message sending to mobile terminal;
6th module, whether it is arranged at mobile terminal, be this server for judging number corresponding to the note received
End sends the number of note, if yes then enter the 7th module, otherwise abandons this note, and persistently monitors next note;
7th module, it is arranged at mobile terminal, for using the dispersion factor of the 4th module stores to generate key, and uses
This double secret key is decrypted from the ciphertext in the note of server end, to generate original text, and original text is shown to user.
As it will be easily appreciated by one skilled in the art that and the foregoing is only presently preferred embodiments of the present invention, not in order to
Limit the present invention, all any amendment, equivalent and improvement etc. made within the spirit and principles in the present invention, all should comprise
Within protection scope of the present invention.
Claims (10)
1. the safe transmission method of a dynamic password, it is characterised in that comprise the steps:
(1) mobile terminal obtains user profile from third-party application, and uses asymmetric key algorithm to generate according to this user profile
Double secret key, and the double secret key of generation is stored in mobile terminal;
(2) mobile terminal obtains the unique identification information of self, and by the public affairs of the cipher key pair of generation in user profile, step (1)
The unique identification information of key and mobile terminal is sent collectively to server end;
(3) server end sets up the unique mark by the user profile of validity checking, the PKI of cipher key pair and mobile terminal
Mapping relations table between knowledge information three, and notice mapping relations being successfully established is sent to mobile terminal;
(4) mobile terminal is persistently monitored all after receiving the notice that the mapping relations coming from server end transmission are successfully established
Note;
(5) received server-side comes from the CIPHERING REQUEST of third-party platform, is reflecting according to the user profile in this CIPHERING REQUEST
Penetrating the PKI inquiring about correspondence in relation table, the dynamic password using this PKI inquired to associate CIPHERING REQUEST is encrypted,
To generate ciphertext, and the ciphertext generated is passed through short message sending to mobile terminal;
(6) mobile terminal judges that whether number corresponding to the note that receives be the number that this server end sends note, if
Then enter step (7), otherwise abandon this note, and persistently monitor next note;
(7) private key of the cipher key pair that mobile terminal use step (1) generates is carried out from the ciphertext in the note of server end
Deciphering, to generate original text, and is shown to user by original text.
Safe transmission method the most according to claim 1, it is characterised in that generate the mode of double secret key in step (1) also
Can be, after obtaining user profile, stochastic generation one random factor, and non-right according to user profile and the use of this random factor
Key algorithm is claimed to generate key.
Safe transmission method the most according to claim 1, it is characterised in that after further including at step (2), step
(3) following steps before:
(2 ') server end uniquely identifies letter to user profile, the PKI of cipher key pair and the mobile terminal from mobile terminal
Breath carries out validity checking.
4. according to the safe transmission method described in claim 1 or 3, it is characterised in that further include at step (2) or (2 ')
Afterwards, the following steps before step (3):
(2 ") server end is by the third-party platform at the third-party application place legitimacy to the user profile from mobile terminal
Check.
Safe transmission method the most according to claim 1, it is characterised in that CIPHERING REQUEST association is moved in (5) by step
State password is encrypted and with the form of note, the ciphertext of generation is sent to the process of mobile terminal and includes following sub-step:
(5-1) this PKI inquired is used dynamic password to be encrypted, to obtain dynamic password ciphertext;
(5-2) the encrypted indicia symbol using server end and mobile terminal to make an appointment is combined with dynamic password ciphertext, with
To combination ciphertext;
(5-3) the short message prompt content that this combination ciphertext and server end and mobile terminal are made an appointment is combined, to obtain
Complete note, this note includes ciphertext, and by this short message sending to mobile terminal.
Safe transmission method the most according to claim 1, it is characterised in that the mode generating ciphertext in step (5) also may be used
Think, after received server-side comes from the CIPHERING REQUEST of third-party platform, exist according to the user profile in this CIPHERING REQUEST
Mapping relations table is inquired about the PKI of correspondence, randomly generates a random factor, use this random factor and these public affairs inquired
The dynamic password that CIPHERING REQUEST is associated by key is encrypted, to generate ciphertext.
Safe transmission method the most according to claim 6, it is characterised in that show user in step (7) can also
Being dynamic password, it is the private of the cipher key pair using step (5) random factor that produces and step (1) to generate by mobile terminal
Key is decrypted generation to the ciphertext from server end.
Safe transmission method the most according to claim 7, it is characterised in that the ciphertext from server end is solved
Close, include following sub-step generating the process of dynamic password:
(7-1) short message prompt content server end in note and mobile terminal made an appointment is deleted, to obtain ciphertext group bag;
(7-2) the encrypted indicia symbol made an appointment in server end and mobile terminal in ciphertext group bag is deleted, to obtain CIPHERING REQUEST
The dynamic password ciphertext of association;
(7-3) private key of the cipher key pair generated in step (1) is used the dynamic password ciphertext obtained to be decrypted, to obtain
Dynamic password original text.
9. the secure transmission system of a dynamic password, it is characterised in that including:
First module, it is arranged at mobile terminal, for obtaining user profile from third-party application, and uses according to this user profile
Asymmetric key algorithm generates double secret key, and is stored in mobile terminal by the double secret key of generation;
Second module, it is arranged at mobile terminal, for obtaining the unique identification information of self, and by user profile, the first module
The PKI of the cipher key pair of middle generation and the unique identification information of mobile terminal are sent collectively to server end;
Three module, it is arranged at server end, for setting up by the user profile of validity checking, the public affairs of cipher key pair
Mapping relations table between the unique identification information three of key and mobile terminal, and notice mapping relations being successfully established sends out
Deliver to mobile terminal;
4th module, it is arranged at mobile terminal, for coming from the mapping relations that server end sends and be successfully established receiving
Notice after persistently monitor all notes;
5th module, it is arranged at server end, for receiving the CIPHERING REQUEST coming from third-party platform, please according to this encryption
The user profile asked inquires about the PKI of correspondence in mapping relations table, uses this PKI inquired to associate CIPHERING REQUEST
Dynamic password is encrypted, and to generate ciphertext, and the ciphertext generated is passed through short message sending to mobile terminal;
6th module, whether it is arranged at mobile terminal, be that this server end is sent out for judging number corresponding to the note received
Send the number of note, if yes then enter the 7th module, otherwise abandon this note, and persistently monitor next note;
7th module, it is arranged at mobile terminal, for using the private key of the cipher key pair of the first module generation to from server
Ciphertext in the note of end is decrypted, and to generate original text, and original text is shown to user.
10. the safe transmission method of a dynamic password, it is characterised in that comprise the steps:
(1) mobile terminal obtains user profile from third-party application;
(2) mobile terminal obtains the unique identification information of self, and is risen by the unique identification information one of user profile and mobile terminal
Deliver to server end;
(3) server end stochastic generation random number is as dispersion factor, set up by the user profile of validity checking, dispersion because of
Mapping relations table between son and the unique identification information three of mobile terminal, and notice mapping relations being successfully established sends out
Deliver to mobile terminal;
(4) mobile terminal receives to come from and generates in the notice that is successfully established of mapping relations and step (3) that server end sends
Dispersion factor, storage dispersion factor also persistently monitors all notes;
(5) received server-side comes from the CIPHERING REQUEST of third-party platform, is reflecting according to the user profile in this CIPHERING REQUEST
Penetrating the dispersion factor inquiring about correspondence in relation table, the dynamic password using this dispersion factor inquired to associate CIPHERING REQUEST enters
Row encryption, to generate ciphertext, and passes through short message sending to mobile terminal by the ciphertext generated;
(6) mobile terminal judges that whether number corresponding to the note that receives be the number that this server end sends note, if
Then enter step (7), otherwise abandon this note, and persistently monitor next note;
(7) mobile terminal uses step (4) dispersion factor that stores to generate key, and uses short from server end of this double secret key
Ciphertext in letter is decrypted, and to generate original text, and original text is shown to user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610649358.6A CN106330862A (en) | 2016-08-10 | 2016-08-10 | Secure transmission method and system for dynamic password |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610649358.6A CN106330862A (en) | 2016-08-10 | 2016-08-10 | Secure transmission method and system for dynamic password |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106330862A true CN106330862A (en) | 2017-01-11 |
Family
ID=57739719
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610649358.6A Pending CN106330862A (en) | 2016-08-10 | 2016-08-10 | Secure transmission method and system for dynamic password |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106330862A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108513272A (en) * | 2018-07-04 | 2018-09-07 | 北京奇安信科技有限公司 | Method for processing short messages and device |
| CN108694333A (en) * | 2017-04-07 | 2018-10-23 | 华为技术有限公司 | User information processing method and processing device |
| CN109120612A (en) * | 2018-08-06 | 2019-01-01 | 浙江衣拿智能科技有限公司 | A kind of packet filtering method, system and application program |
| CN109587683A (en) * | 2019-01-04 | 2019-04-05 | 中国联合网络通信集团有限公司 | Method and system, application program and the terminal information database of the anti-monitoring of short message |
| CN110234082A (en) * | 2019-05-30 | 2019-09-13 | 深圳市梦网科技发展有限公司 | A kind of addressing method of mobile terminal, device, storage medium and server |
| WO2020048289A1 (en) * | 2018-09-05 | 2020-03-12 | 深圳市红砖坊技术有限公司 | System and method for processing user information |
| CN112257094A (en) * | 2020-11-11 | 2021-01-22 | 恩亿科(北京)数据科技有限公司 | Data processing method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101188496A (en) * | 2007-12-10 | 2008-05-28 | 中兴通讯股份有限公司 | A SMS encryption transport method |
| CN101262349A (en) * | 2008-04-17 | 2008-09-10 | 华为技术有限公司 | SMS-based identity authentication method and device |
| CN101917710A (en) * | 2010-08-27 | 2010-12-15 | 中兴通讯股份有限公司 | Method, system and related device for mobile internet encryption communication |
| CN104079581A (en) * | 2014-07-16 | 2014-10-01 | 金红宇 | Identity authentication method and device |
| CN105282738A (en) * | 2015-11-24 | 2016-01-27 | 苏州铭冠软件科技有限公司 | Security authentication method for mobile terminal |
-
2016
- 2016-08-10 CN CN201610649358.6A patent/CN106330862A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101188496A (en) * | 2007-12-10 | 2008-05-28 | 中兴通讯股份有限公司 | A SMS encryption transport method |
| CN101262349A (en) * | 2008-04-17 | 2008-09-10 | 华为技术有限公司 | SMS-based identity authentication method and device |
| CN101917710A (en) * | 2010-08-27 | 2010-12-15 | 中兴通讯股份有限公司 | Method, system and related device for mobile internet encryption communication |
| CN104079581A (en) * | 2014-07-16 | 2014-10-01 | 金红宇 | Identity authentication method and device |
| CN105282738A (en) * | 2015-11-24 | 2016-01-27 | 苏州铭冠软件科技有限公司 | Security authentication method for mobile terminal |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108694333A (en) * | 2017-04-07 | 2018-10-23 | 华为技术有限公司 | User information processing method and processing device |
| CN108513272A (en) * | 2018-07-04 | 2018-09-07 | 北京奇安信科技有限公司 | Method for processing short messages and device |
| CN108513272B (en) * | 2018-07-04 | 2021-10-01 | 奇安信科技集团股份有限公司 | Short message processing method and device |
| CN109120612A (en) * | 2018-08-06 | 2019-01-01 | 浙江衣拿智能科技有限公司 | A kind of packet filtering method, system and application program |
| CN109120612B (en) * | 2018-08-06 | 2021-04-30 | 浙江衣拿智能科技股份有限公司 | Data packet filtering method, system and application program |
| WO2020048289A1 (en) * | 2018-09-05 | 2020-03-12 | 深圳市红砖坊技术有限公司 | System and method for processing user information |
| CN109587683A (en) * | 2019-01-04 | 2019-04-05 | 中国联合网络通信集团有限公司 | Method and system, application program and the terminal information database of the anti-monitoring of short message |
| CN110234082A (en) * | 2019-05-30 | 2019-09-13 | 深圳市梦网科技发展有限公司 | A kind of addressing method of mobile terminal, device, storage medium and server |
| CN110234082B (en) * | 2019-05-30 | 2021-10-22 | 深圳市梦网科技发展有限公司 | Addressing method and device of mobile terminal, storage medium and server |
| CN112257094A (en) * | 2020-11-11 | 2021-01-22 | 恩亿科(北京)数据科技有限公司 | Data processing method and device |
| CN112257094B (en) * | 2020-11-11 | 2024-03-29 | 恩亿科(北京)数据科技有限公司 | Data processing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106330862A (en) | Secure transmission method and system for dynamic password | |
| CN103812871B (en) | Development method and system based on mobile terminal application program security application | |
| CN102547688B (en) | Virtual-dedicated-channel-based establishment method for high-credibility mobile security communication channel | |
| CN100574511C (en) | The method and system of opposite end identity validation in a kind of mobile terminal communication | |
| AU2010266760B2 (en) | Method for generating an encryption/decryption key | |
| CN114095181B (en) | Threshold ring signature method and system based on cryptographic algorithm | |
| CN107094108A (en) | The method for being connected to the part of data/address bus and encryption function being realized in the part | |
| CN108924147A (en) | Method, server and the communication terminal that communication terminal digital certificate is signed and issued | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN112564906A (en) | Block chain-based data security interaction method and system | |
| CN107222501A (en) | A kind of information interaction security transmission method and system based on the non-electromagnetic signal of message identification code | |
| JP6041864B2 (en) | Method, computer program, and apparatus for data encryption | |
| CN109040060A (en) | Terminal-Matching and system, computer equipment | |
| CN107483429A (en) | A kind of data ciphering method and device | |
| CN104200154A (en) | Identity based installation package signing method and identity based installation package signing device | |
| CN103973714A (en) | E-mail account generating method and system | |
| Nurhaida et al. | Digital signature & encryption implementation for increasing authentication, integrity, security and data non-repudiation | |
| CN102404107A (en) | Method, device, sending end and receiving end for guaranteeing input content safety | |
| CN106100828A (en) | A kind of method for encrypting mobile phone short message of identity-based PKI | |
| CN108768958B (en) | Verification method for data integrity and source based on no leakage of verified information by third party | |
| CN114186998B (en) | Block chain-based privacy communication method | |
| Chauhan et al. | Digital signature with message security process | |
| CN116707798A (en) | Ciphertext examination method, device and system based on equivalence test | |
| CN103986724A (en) | Real-name authentication method and system for e-mail | |
| Shi et al. | Verification of LINE encryption version 1.0 using ProVerif |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170111 |