CN106953726A - A kind of message authentication method, message authentication device and host computer - Google Patents

A kind of message authentication method, message authentication device and host computer Download PDF

Info

Publication number
CN106953726A
CN106953726A CN201710079384.4A CN201710079384A CN106953726A CN 106953726 A CN106953726 A CN 106953726A CN 201710079384 A CN201710079384 A CN 201710079384A CN 106953726 A CN106953726 A CN 106953726A
Authority
CN
China
Prior art keywords
message
identifying code
code
authentication
result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710079384.4A
Other languages
Chinese (zh)
Inventor
潘斌
朱华均
徐峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Upper Hailin Fruit Industry Inc Co
Original Assignee
Upper Hailin Fruit Industry Inc Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Upper Hailin Fruit Industry Inc Co filed Critical Upper Hailin Fruit Industry Inc Co
Priority to CN201710079384.4A priority Critical patent/CN106953726A/en
Publication of CN106953726A publication Critical patent/CN106953726A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to field of information security technology, a kind of message authentication method, message authentication device and host computer are disclosed.Show identifying code;The first message that host computer is sent is received, first message is generated after obtaining identifying code by inputting interface by host computer according to identifying code;According to checking code authentication first message, security certification result is determined;Security certification result is sent to host computer.Make it possible to be lifted the security of transaction flow.

Description

A kind of message authentication method, message authentication device and host computer
Technical field
The present invention relates to field of information security technology, more particularly to a kind of message authentication method, message authentication device and on Position machine.
Background technology
With continuing to develop for science and technology, online transaction becomes a kind of mode in people's life, in order to which ensure ne is submitted Easy safety, improves network security and is very important.Existing frequently-used security protection product is UKEY (Universal Serial Bus Key, USB-Key, also referred to as " UKEY "), UKEY is that one kind is directly connected, with close by USB with computer The small memory device of code authentication function, reliable high speed.UKEY is an extremely strong benefit to existing network security system Fill, can ensure that the operation such as file digital signature of user is not tampered with UKEY.The characteristics of UKEY is maximum is exactly security Height, technical specification uniformity is strong, and Compatibility of Operating System is good, and easy to carry and use is flexibly.
Inventor is had found during the present invention is realized, personal identity number (Personal is needed in process of exchange Identification Number, referred to as " PIN code ") and digital signing operations, the UKEY used at present generally has 4 buttons, Respectively " above turning over ", " under turn over ", " cancellation " and " confirmation ", generally in process of exchange, user by UKEY " above turning over ", " under Turn over " each Transaction Information is checked, in the case of confirming that Transaction Information is correct, Transaction Information is confirmed by " confirmation " button, When UKEY " confirmation " button is pressed, signature operation is just carried out, to ensure the security of transaction flow.But, user is looking into When seeing information, there is a situation where because checking that Transaction Information does not confirm carefully so as to caused by by mistake, it is saved especially on UKEY In the case of a plurality of Transaction Information, if information to be confirmed is illegally distorted, it is easier to increase user and carry out confirming operation by mistake Possibility, so as to cause the dangerous of transaction flow.
The content of the invention
The purpose of embodiment of the present invention is to provide a kind of message authentication method, message authentication device and host computer, is made The security of transaction flow can be lifted by obtaining.
In order to solve the above technical problems, embodiments of the present invention provide a kind of message authentication method, including:Display is tested Demonstrate,prove code;The first message that host computer is sent is received, the first message is obtained after the identifying code by the host computer by inputting interface Generated according to the identifying code;According to the checking code authentication first message, security certification result is determined;By the security certification result Send to the host computer.
Embodiments of the present invention additionally provide a kind of message authentication method, including:First is sent to message authentication device Message, the first message is that host computer is obtained after identifying code according to identifying code generation by inputting interface;Receive message authentication The security certification result that device is sent, the security certification result is by message authentication device according to the checking code authentication first message After determine.
Embodiments of the present invention provide a kind of message authentication device, including:Display module, for showing identifying code; First receiver module, the first message for receiving host computer transmission, first message is obtained by the host computer by inputting interface Obtain and generated after the identifying code according to the identifying code;Authentication module, for according to the checking code authentication first message, it is determined that safety Authentication result;Sending module, for the security certification result to be sent to the host computer.
Embodiments of the present invention additionally provide a kind of host computer, including:Sending module, for being sent out to message authentication device First message is sent, the first message is that host computer is obtained after identifying code according to identifying code generation by inputting interface;Receive mould Block, the security certification result for receiving message authentication device transmission, the security certification result is by the message authentication device root According to being determined after the checking code authentication first message.
In terms of existing technologies, by showing identifying code in message authentication device, user obtains embodiment of the present invention Know identifying code, it is ensured that the identifying code in message authentication device will not be tampered, and host computer is according to testing that inputting interface is got Code generation first message is demonstrate,proved, passes through the certification to first message, it is ensured that the security of first message, recognizes so as to improve in message The security of transaction flow under card device;Due to without the confirmation that manually be authenticated, reducing because of artificial operating mistake and Artificial carelessness causes the probability of potential safety hazard.
In addition, before display identifying code, also including:Obtain identifying code.Recognized before display identifying code by obtaining message Identifying code in card device, the identifying code is obtained from message authentication device, it is ensured that the identifying code of acquisition is not distorted illegally, So as to ensure that the security of the identifying code of display.
In addition, the identifying code is obtained, including:Generate identifying code;Or, judge whether to preserve identifying code, if so, then obtaining Go bail for the identifying code deposited;Otherwise, identifying code is generated.Various ways can be had by obtaining identifying code, obtain test in several ways Demonstrate,prove code so that the acquisition of identifying code flexibly, simultaneously as acquisition modes are more, enhances the security of the identifying code of acquisition.
In addition, however, it is determined that preserve the identifying code, whether the authentication result for judging last verification process is authentification failure, If so, and determine since first time authentification failure continuous authentification failure duration exceed preset duration, then regenerate this and test Code is demonstrate,proved, otherwise, the identifying code preserved is obtained;Or, whether the authentication result for judging last verification process is authentification failure, If so, and determine that the number of times of the continuous authentification failure since first time authentification failure exceedes preset times, then regenerate described Identifying code, otherwise, obtains the identifying code preserved;Or, whether the authentication result for judging last verification process is that certification is lost Lose, if so, then regenerating the identifying code, otherwise obtain the identifying code of preservation.In the case of it is determined that preserving identifying code, If there is provided the mode of a variety of acquisition identifying codes when last authentication result is failure so that the acquisition of identifying code is more flexible, It further enhancing the safety of verification code of acquisition.
In addition, before obtaining identifying code, also including:The second message that host computer is sent is received, second message is used to refer to Show and obtain and show the identifying code.Pass through the second message of reception so that message authentication device is obtained under the triggering of the second message Take and show the identifying code, be easy to control to obtain and show the opportunity of identifying code.
In addition, the second message includes parameter to be certified;Determine before security certification result, this method also includes:To second Parameter to be certified is authenticated in message;Security certification result is determined, including:According to the authentication result to the first message and To the authentication result of the parameter to be certified, security certification result is determined.When including parameter to be certified in the second message, safety certification As a result determined by the authentication result of first message and to the authentication result of the parameter to be certified, add the flexible of message authentication Property, enhance the adaptability of message authentication.
Brief description of the drawings
Fig. 1 is a kind of flow chart of message authentication method according to first embodiment of the invention;
Fig. 2 is a kind of flow chart of message authentication method according to second embodiment of the invention;
Fig. 3 is a kind of flow chart of message authentication method according to third embodiment of the invention;
Fig. 4 is a kind of flow chart of message authentication method according to four embodiment of the invention;
Fig. 5 is a kind of flow chart of message authentication method according to fifth embodiment of the invention;
Fig. 6 is embodiment of the present invention message authentication process schematic diagram;
Fig. 7 is another message authentication process schematic diagram of the embodiment of the present invention;
Fig. 8 is another message authentication process schematic diagram of the embodiment of the present invention;
Fig. 9 is a kind of structural representation of message authentication device according to sixth embodiment of the invention;
Figure 10 is a kind of structural representation of message authentication device according to seventh embodiment of the invention;
Figure 11 is a kind of structural representation of host computer according to eighth embodiment of the invention.
Embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with each reality of the accompanying drawing to the present invention The mode of applying is explained in detail.However, it will be understood by those skilled in the art that in each embodiment of the invention, In order that reader more fully understands the application and proposes many ins and outs.But, even if without these ins and outs and base Many variations and modification in following embodiment, can also realize the application technical scheme claimed.
The first embodiment of the present invention is related to a kind of message authentication method.The message authentication method can apply on the net The message authentication device of transaction, the message authentication device includes but is not limited to:Online payment carries out what is used during authentication UKEY.Idiographic flow as shown in figure 1, including:
Step 101:Show identifying code.
In implementation, need to obtain the identifying code before display identifying code.
In one embodiment, message authentication device receive host computer send the second message after, according to this second Message generates identifying code.
Specifically, the second message is used to indicate to obtain and shows identifying code, wherein, the length to the second message is not limited System, the second message can be identifying code generation instruction or other any one be used for the finger that triggers message authentication process Order.In specific implementation, it can indicate that message authentication device is obtained and display identifying code by the specific fields of message, for example, disappearing Ceasing the information entrained by the field at end is used to trigger the acquisition of message authentication device and display identifying code.
Specifically, the identifying code of generation has random characteristic, for example, can by Generating Random Number generation with Machine number, regard the random number as identifying code;Or, after generation random number, after being handled according to preset rules the random number, It regard the result as identifying code;Or, after message authentication device at random one message of generation, the message is added Close, the eap-message digest of the message after generation encryption regard the eap-message digest as identifying code.Wherein, preset rules can be any Computing, is not limited herein.
In implementation, the form and length of identifying code are not limited.Specifically, identifying code can be the one of length-specific Piece of digital, for example, generate the identifying code of 6 bit lengths every time, identifying code 1 is that " 789585 ", identifying code 2 are " 896584 ";Test Card code can also be indefinite length numeral and letter combination, be either indefinite length numeral combine or be random length The monogram of degree, for example, the identifying code 1 of generation is " 1we89 ", identifying code 2 is " 145698 ", identifying code 3 is “yanzhengma”。
In specific implementation, the acquisition modes of identifying code include but is not limited to following two realizations:First, can be that message is recognized Card device is when receiving the second message, triggering message authentication device generation identifying code, obtains after the identifying code of the generation is used for Continuous step is used;As soon as second or message authentication device after electricity, be immediately generated identifying code on, receiving second After message, the identifying code generated is obtained.
Specifically, after identifying code is got, the identifying code got is shown by display screen, user can be according to aobvious The identifying code shown, knows identifying code.
Step 102:Receive the first message that host computer is sent.Wherein, first message is obtained by host computer by inputting interface Generated after obtaining the identifying code according to identifying code.
Specifically, host computer gets identifying code and parameter to be certified, identifying code and ginseng to be certified by inputting interface Result of the number after special computing can be able to be hash computing or add as first message, special computing Close computing.Parameters for authentication can also be treated using identifying code to carry out after special computing, disappeared the result obtained by computing as first Breath;It is also possible that identifying code is carried out into the operation result after the first special computing and parameter to be certified the second special computing of progress Operation result afterwards is combined, as first message, wherein, the first special computing and the second special computing can with identical, It can differ, special computing can be hash algorithm or AES.
Step 103:According to the checking code authentication first message, security certification result is determined.
Specifically, if being determined in the first message received according only to identifying code, the certification first message is as recognized Card:Determine whether the identifying code that first message is used is consistent with the identifying code of display.Embodiment includes but is not limited to It is following two:
First, if including identifying code in first message, message authentication device parsing first message is obtained in first message The identifying code of carrying, will parse the identifying code obtained and the identifying code that is locally displayed is compared, if both it is identical, to the One message authentication passes through, otherwise, to the first message authentification failure.
Second, if what is directly included in first message is the result that host computer carries out gained after certain operations to identifying code, Then message authentication device carries out identical certain operations to the identifying code being locally displayed, by the result and first message obtained by computing In entrained information (i.e. host computer carries out the result obtained by certain operations to identifying code) be compared, if both it is identical, First message certification passes through, otherwise, to first message authentification failure.
3rd, the specified data for needing to carry in first message are added using identifying code if first message is host computer Obtained after close, then message authentication device first message is decrypted, by what is obtained after decryption using the identifying code being locally displayed Data are compared with specified data, if identical, and checking code authentication is passed through, that is, are determined to first message certification success, no Then, it is determined that to first message authentification failure.
If for example, information entrained in first message is:Host computer carries out hash computing to the identifying code A of acquisition and obtained Result, then message authentication device the identifying code A ' that is locally displayed is transported using identical hash after first message is received Calculation obtains operation result B, information and operation result B entrained in first message is compared, if identical, it is determined that to testing Code authentication success is demonstrate,proved, if differing, it is determined that to identifying code authentification failure;If entrained information is in first message:It is upper The result that computing is obtained is encrypted to the identifying code A of acquisition in machine, then message authentication device is after first message is received, to One message is decrypted computing and is verified a yard A, compares the identifying code A that decryption is obtained and the checking shown in message authentication device Whether code A ' is consistent, if unanimously, it is determined that to checking code authentication success, it is inconsistent, it is determined that to identifying code authentification failure.
Specifically, if the first message received is determined according to verification code information and parameter to be certified, to first The authentication result of message is then together decided on by the authentication result to identifying code with the authentication result for treating parameters for authentication, if to checking Code and reference authentication to be certified succeed, then are first message certification success, otherwise, first message authentification failure.Specific implementation Mode includes but is not limited to following three kinds:
First, if directly carrying identifying code and parameter to be certified in first message, message authentication device parsing first Message obtains identifying code and parameter to be certified, will parse identifying code of the acquisition identifying code with being locally displayed and be compared, if phase Together, then to checking code authentication success, otherwise, to identifying code authentification failure.If message authentication device is to checking code authentication success, and Reference authentication to be certified success to being carried in first message, then to first message certification success, otherwise, to first message certification Failure.Wherein, the verification process for treating parameters for authentication is not the present embodiment content of concern, existing safety certification process In treat the verification process of parameters for authentication and be used equally for the present embodiment.Wherein, parameter to be certified can be PIN code or The combination of signature or PIN code and signature.
Second, if the result for identifying code obtain after certain operations for host computer carried in first message, disappears Breath authentication device is carried out after identical certain operations to the identifying code being locally displayed, and will be carried in obtained result and first message Information be compared, if identical, it is determined that to checking code authentication success, otherwise, it determines to identifying code authentification failure.Similarly, If the entrained result to treat after parameters for authentication progress computing, determines to treat to recognize using similar mode in first message Whether the certification of card parameter succeeds.
3rd, the specified data for needing to carry in first message are added using identifying code if first message is host computer Obtained after close, then message authentication device first message is decrypted, by what is obtained after decryption using the identifying code being locally displayed Data are compared with specified data, if identical, and checking code authentication is passed through, if this, which is specified, includes ginseng to be certified in data Number, then can determine that treating parameters for authentication certification passes through simultaneously, that is, determine to first message certification success, otherwise, it determines to first Message authentication fails.Wherein, parameter to be certified can be the group of PIN code or signature or PIN code and signature Close.
Specifically, if only needing to first message certification, security certification result is the certification knot to first message Really, even to first message certification success, then security certification result passes through for certification, otherwise, security certification result be certification not Pass through;If also carrying parameter to be certified in the second message, basis is needed to disappear to the authentication result of first message and to second The authentication result of the parameter to be certified carried in breath, determines security certification result, i.e., be to recognize in the authentication result to first message Demonstrate,prove successfully, and to the authentication result of the parameter to be certified in the second message also for certification it is successful in the case of, determine safety certification As a result pass through for certification, otherwise, it determines security certification result does not pass through for certification.
Step 104:The security certification result is sent to the host computer.
Specifically, security certification result is sent back into host computer, to carry out the transaction flow of next step.
In terms of existing technologies, the message authentication method provided in present embodiment, is sent by receiving host computer The second message, triggering, which is obtained, simultaneously showing identifying code so that the opportunity that user can control to obtain and show identifying code, there is provided life Into the different opportunitys of identifying code so that identifying code generating mode is flexible, because identifying code is generated and had by message authentication device Randomness, it is ensured that the security of the identifying code of generation;By way of showing identifying code, what user can be safe knows checking Code, the first message generated according to identifying code using different methods, it is ensured that the security of first message, so as to ensure that the The security of one message authentication.
Second embodiment of the present invention is related to a kind of message authentication method.Second embodiment is big with first embodiment Cause is identical, is in place of the main distinction:In the first embodiment, obtaining identifying code includes:Generate identifying code.And in the present invention In second embodiment, obtaining identifying code includes:Judge to whether there is identifying code in message authentication device, if in the presence of obtaining The identifying code of preservation, otherwise regenerates identifying code.Idiographic flow as shown in Fig. 2 including:
Step 201:Receive the second message that host computer is sent.
Specifically, parameter to be certified is included in the second message, after the second message is received, is preserved in the second message Parameter to be certified, wherein, parameter to be certified can trigger message by specific fields in the digital signature of user, the second message Authentication device obtains and shows identifying code.
Step 202:Judge whether to preserve identifying code.If preserving identifying code, then step 203 is performed, otherwise, performed Step 204.
Specifically, after the second message is received, system first detects in message authentication device whether preserve identifying code, For example, storing identifying code in A memory space is in the address of message authentication device, the memory space of system detectio A addresses is It is no to preserve data, if, it is determined that identifying code is preserved in the memory space of A addresses, otherwise, it determines not preserving identifying code.
Step 203:Obtain the identifying code preserved.
Specifically, detect in message authentication device and preserve identifying code, by reading the checking that memory space is preserved Code is so as to obtain the identifying code.
Step 204:Generate the identifying code.
Specifically, detect and do not preserve identifying code in message authentication device, then generate identifying code, the identifying code of generation Mode can refer to the associated description of first embodiment, here is omitted.Wherein, the form and length of identifying code are not limited It is fixed.
Step 205:Show the identifying code.
Step 206:Receive the first message that host computer is sent.
Step 207:According to the checking code authentication first message.
Step 208:According to the authentication result to first message, security certification result is determined.
Specifically, the parameter to be certified in the second message is obtained, the parameter to be certified is authenticated, parameter to be certified Certification be authenticated using existing mode, for example, the certification of digital signature.According to the authentication result of parameter to be certified and The authentication result of one message determines security certification result, if parameter to be certified authentication result and first message authentication result all It is certification success, it is determined that security certification result is successfully, otherwise, it determines security certification result is failure.
It is noted that not done for the parameter to be certified and the authentication sequence of first message included in the second message Limitation, can first certification first message, the parameter to be certified that can also be included in the message of first certification second.
Step 209:The security certification result is sent to the host computer.
The message authentication method that present embodiment is provided, by judging to whether there is identifying code in message authentication device, is adopted Identifying code is obtained with different modes, the mode of identifying code acquisition is added, so as to improve the flexibility of identifying code acquisition, increased The strong security of identifying code;And in the second message can also include parameter to be certified, by treat parameters for authentication certification and The certification of first message determines security certification result, enhances the flexibility of message authentication, so as to enhance the suitable of message authentication The property used.
Third embodiment of the present invention is related to a kind of message authentication method.3rd embodiment and second embodiment are big Cause is identical, is in place of the main distinction:In this second embodiment, obtaining identifying code includes:Tested according to judging whether to preserve The result for demonstrate,proving code obtains identifying code.And in third embodiment of the invention, obtaining identifying code includes:It is determined that preserving described In the case of identifying code, identifying code is obtained according to the security certification result of last verification process.Idiographic flow as shown in figure 3, Including:
Step 301:Receive the second message that host computer is sent.
Step 302:Judge whether to preserve identifying code.If so, then performing step 303, step 305 is otherwise performed.
Step 303:Whether the security certification result for judging last verification process is failure, if so, then performing step 304;Otherwise, step 306 is performed.
Specifically, the security certification result of the last verification process preserved in message authentication device is obtained, if upper one Secondary security certification result is failure, then performs step 304;If last security certification result is successfully, to perform step 306。
Step 304:Judge since first time safety certification unsuccessfully continuous authentification failure duration whether exceed preset duration, Or since first time safety certification unsuccessfully continuous authentification failure number of times whether exceed preset times, if so, then performing step 305, otherwise perform step 306.
Specifically, can first time safety certification failure when start timing, by the duration of continuous authentification failure with Preset duration is compared, wherein, preset duration can be pre-set by designer, and preset duration can be using minute to be single Position, for example, preset duration is 1 minute;Whether the duration for judging continuous authentification failure according to comparative result exceedes preset duration.Or Person, can start to calculate the frequency of failure when first time safety certification fails, by the number of times of continuous authentification failure and default time Number is compared, wherein, preset times can be pre-set by designer, for example, the security in order to obtain identifying code, in advance If number of times is within 10 times such as 5 times;Judge whether the number of times of continuous authentification failure exceedes preset times.
Step 305:Generate the identifying code.
Step 306:Obtain the identifying code preserved.
Step 307:Show the identifying code.
Step 308:Receive the first message that host computer is sent.
Step 309:According to the checking code authentication first message.
Step 310:Determine security certification result.
Step 311:The security certification result is sent to the host computer.
It is noted that when step 303 judges that the security certification result of last verification process is unsuccessfully, can skip Step 304, step 305 is directly performed.
The message authentication method provided in present embodiment, in the case of it is determined that preserving identifying code, according to the last time The security certification result of verification process, by the way of different acquisition identifying codes so that the acquisition of identifying code is more flexible, enters one Step enhances the safety of verification code of acquisition, so as to improve the security of message authentication.
The step of various methods are divided above, be intended merely to description it is clear, can be merged into when realizing a step or Some steps are split, multiple steps are decomposed into, as long as including identical logical relation, all protection domain in this patent It is interior;To adding inessential modification in algorithm or in flow or introducing inessential design, but its algorithm is not changed Core design with flow is all in the protection domain of the patent.
Four embodiment of the invention is related to a kind of message authentication method, applied to the host computer of online transaction, for example, electric Brain, mobile phone etc..Idiographic flow as shown in figure 4, including:
Step 401:First message is sent to message authentication device.
In one embodiment, before sending first message to message authentication device, sent to message authentication device Second message, and after identifying code is obtained by inputting interface, first message is generated according to the parameter to be certified and identifying code.Should Parameter to be certified can be that host computer is obtained by inputting interface.
Wherein, the second message implement can be found in first to 3rd embodiment description, be not repeated herein.Specifically Say, message authentication device obtains after the second message is received and shows identifying code, checking is shown in message authentication device After code, user can know the identifying code in message authentication device and is input to by the inputting interface of host computer in host computer.
Wherein, parameter to be certified used in generation first message, can be that host computer is obtained by inputting interface, such as PIN code, can also be stored directly in host computer, e.g., data to be signed.
Identifying code is carried out into the operation result after the first special computing to carry out after the second special computing with parameter to be certified Operation result is combined, as first message, and the first special computing and the second special computing can be with identical, can not also phase Together, wherein, special computing can be hash computing, for example, Hash 256 (SHA256), Hash 512 (SHA512), eap-message digest Algorithm the 5th edition (MD5) etc. or AES, e.g., the close SM1 of state (SM1cryptographic algorithm), state Close SM4 etc..It can also be that treating parameters for authentication using identifying code carries out special computing, and the operation result is carried in first message In, special computing can be AES or hash computing.For example, identifying code A obtains computing by SHA256 computings As a result as the key for encrypting parameter A to be certified, the parameter A to be certified after being encrypted takes the parameter A to be certified after encryption Band is in first message.
Specifically, first message is sent to message authentication device and is authenticated after generation first message by host computer Operation.
Step 402:Receive the security certification result of message authentication device transmission.
Specifically, security certification result as the message authentication device according to it is described checking code authentication described in first message After determine.Message authentication device can be found in first to 3rd embodiment according to the embodiment of checking code authentication first message Described content, here is omitted.
In terms of existing technologies, host computer to message authentication device by sending the second message, control message certification Device obtains the opportunity for showing identifying code so that can know the identifying code in message authentication device as needed;Pass through input Interface obtains identifying code, and first message is generated by specially treated according to the identifying code of acquisition and the parameter to be certified got, Security of the first message in transmission is ensure that, host computer decides whether that continuous business is operated, only according to security certification result When security certification result is successfully, follow-up transactional operation is carried out, it is ensured that the security of transaction flow.
The 5th embodiment of the present invention is related to a kind of message authentication method.5th embodiment and the 4th embodiment are big Cause is identical, is in place of the main distinction:In the 4th embodiment, first message is generated according to identifying code and parameter to be certified. And in fifth embodiment of the invention, first message is generated according to identifying code.Idiographic flow as shown in figure 5, including:
Step 501:The second message is sent to message authentication device.
Specifically, parameter to be certified is included in the second message, parameter to be certified can be the data to be signed of user, Message authentication device can be according to the contents of the specific fields of the second message, and triggering, which is obtained, simultaneously showing identifying code.
Step 502:Identifying code is obtained, first message is generated according to identifying code.
Specifically, message authentication device obtains after the second message is received and shows identifying code, in message authentication dress Put and show after identifying code, message authentication device is shown identifying code by user, is inputted by the inputting interface of host computer to upper Machine, host computer carries out special computing to the identifying code got, the operation result of acquisition is carried in first message, special fortune Calculation can be hash computing, such as SHA256, MD5;Can also be AES, such as SM1, SM4.
Step 503:First message is sent to message authentication device.
Step 504:Receive the security certification result of message authentication device transmission.
Specifically, specifically, security certification result verifies code authentication institute by the message authentication device according to described State and determined after first message.Message authentication device according to checking code authentication first message embodiment can be found in first to Content described by 3rd embodiment, here is omitted.
In addition, step 503 is roughly the same with the step 403 of fourth embodiment, in order to reduce repetition, step 503 is not done Repeat.
Parameter to be certified is included in the message authentication method that present embodiment is provided, the second message so that parameter to be certified Separately transmitted with identifying code, further confirmed that parameter to be certified and the safety of identifying code, by first message and to be certified The authentication result of parameter determines security certification result, further the security of increase message authentication.
Specific verification process will be illustrated below.
For example, in verification process as shown in Figure 6, S61 host computers send the second message to message authentication device, wherein, Entrained information is in second message:Message authentication device generates the instruction of identifying code.S62 message authentication devices are according to reception After the second message arrived, obtain identifying code and show the identifying code.S63 host computers obtain PIN code and checking by inputting interface Code, first message is generated according to the PIN code and identifying code that get, wherein, PIN code that host computer is obtained by inputting interface and Identifying code is by user input.S64 host computers send first message to message creating apparatus.S65 message authentication device message authentications Device is received after first message, and first message is handled, and obtains the information that first message is carried:Identifying code and PIN code, The identifying code and PIN code got is authenticated, if checking code authentication by and PIN code certification pass through, determine first message Certification success, otherwise, it determines first message authentification failure, using the authentication result of first message as safety certification certification knot Really.Security certification result is sent to host computer by S66 message authentication devices.
Again for example, in safety certification process as shown in Figure 7, S71 host computers send the second message to message authentication device, Second message carries information:Identifying code generation instruction and digital signature.S72 message authentication devices are received after the second message, right Second message carries out processing and obtains the information that the second message is carried, and obtains identifying code according to identifying code generation instruction and shows, and Digital signature is preserved, for subsequent operation.S73 host computers obtain the identifying code that user is inputted by inputting interface, according to checking Code generation first message.S74 host computers send first message to message authentication device.S75 message authentication devices receive first After message, first message is handled, the information that first message is carried is obtained:Identifying code, and identifying code is authenticated, will The result of code authentication is verified as the authentication result of first message, and the digital signature of preservation is authenticated, if disappearing to first The authentication result of breath is certification success, and is also certification success to the authentication result of digital signature, it is determined that security certification result It is successful for certification, otherwise, it determines security certification result is authentification failure.S76 message authentication devices send security certification result To host computer.
Again for example, in safety certification process as shown in Figure 8, S81 host computers send generation checking to message authentication device The instruction of code.After the instruction that S82 message authentications device generates identifying code according to receiving, obtain identifying code and show the identifying code. S83 host computers obtain the identifying code that user is inputted by inputting interface, and certification message is generated according to identifying code and digital signature. S84 host computers send certification message to message authentication device.S85 message authentication device authentication identifying codes and digital signature, if really The fixed authentication result to identifying code is certification success, and is also certification success to the authentication result of digital signature, it is determined that safety Authentication result is certification success, otherwise, it determines security certification result is authentification failure.S86 message authentications device is by safety certification As a result it is sent to host computer.
Sixth embodiment of the invention is related to a kind of message authentication device.Message authentication device 9, includes but is not limited to:It is aobvious Show module 91, the first receiver module 92, the second receiver module 93, acquisition module 94, authentication module 95 and sending module 96.Specifically Structure is as shown in Figure 9.
Display module 91, for showing identifying code.
First receiver module 92, the first message for receiving host computer transmission, the first message is passed through defeated by host computer Enter after interface obtains identifying code and generated according to identifying code;
Second receiver module 93, the second message for receiving host computer transmission, the second message is used to indicate to obtain and show Show identifying code.
Acquisition module 94, for before display identifying code, obtaining identifying code.
Authentication module 95, for according to checking code authentication first message, determining security certification result
Sending module 96, for security certification result to be sent to host computer.
Specifically, the second receiver module 93 in message authentication device 9 receives the second message of upper transmission, and second disappears Cease for indicating to obtain and showing identifying code, wherein, the length of the second message is not limited, and the second message can be identifying code life Into the message of instruction or one section of encryption.Message authentication device can be triggered by the specific fields of the second message to obtain With display identifying code, obtained and display identifying code for example, the field at the end of message triggers message authentication device.
Also include in acquisition module 94:Submodule 941 is generated, for generating identifying code, or, judge whether to preserve and test Code is demonstrate,proved, if so, then obtaining the identifying code of preservation;Otherwise, identifying code is generated.
During the second message that the second receiver module 93 is received, the generation submodule 941 in triggering acquisition module 94 is generated Identifying code, the identifying code for obtaining the generation is used for subsequent step;Can also be message authentication device on one after electricity when, it is raw Identifying code is just immediately generated into submodule 941, after the second message is received, acquisition module 94 obtains the checking generated Code.
After acquisition module 94 gets identifying code, the identifying code that gets is shown by display module 91, user can be with The identifying code shown according to display module 91, knows identifying code.First receiver module 92 receives the first message of upper transmission, the The identifying code that one message is obtained by host computer according to inputting interface is generated.Wherein, comprising identifying code and it can be treated in first message The first message received is obtained first after computing corresponding with host computer and disappeared by the information of parameters for authentication, authentication module 95 Identifying code and parameter to be certified in breath, authentication module 95 are authenticated to identifying code and parameter to be certified respectively, identifying code The authentication sequence of certification and parameter to be certified is not limited, and can first carry out the certification of identifying code, can also first be carried out to be certified The certification of parameter.Authentication module 95 determines safety certification knot according to the authentication result of identifying code and the authentication result of parameter to be certified Really, when verifying code authentication success and reference authentication to be certified success, safety certification success is determined, otherwise, it determines safety certification Failure.
Sending module 96 sends the security certification result that authentication module 95 is determined to host computer.
In terms of existing technologies, the message authentication device that present embodiment is provided, receives upper by receiver module The second message that machine is sent, triggering acquisition module obtains identifying code, and display module shows identifying code so that user can control to obtain Take and show that the generation submodule in the opportunity of identifying code, acquisition module provides the different opportunitys of generation identifying code so that checking Code generating mode is flexible, because identifying code is generated by message authentication device and with randomness, it is ensured that the identifying code of generation Security;By way of display module shows identifying code, what user can be safe knows identifying code, according to identifying code using not The first message of same method generation, it is ensured that the security of first message, so as to ensure that the security of first message certification.
The 7th embodiment of the present invention is related to a kind of message authentication device.7th embodiment and the 6th embodiment are big Cause is identical, is in place of the main distinction:Acquisition module 94 includes generating submodule 941, for generating identifying code.And in this hair In bright 7th embodiment, acquisition module includes:Judging submodule 942, is tested for judging to whether there is in message authentication device Code is demonstrate,proved, if in the presence of obtaining the identifying code of preservation, otherwise regenerate identifying code.Concrete structure is as shown in Figure 10, including:
Acquisition module 94 includes:Judging submodule 942, for if it is determined that preserve identifying code, judging last certification Whether the authentication result of process is authentification failure, if so, and determine since first time authentification failure continuous authentification failure when It is long to exceed preset duration, then the identifying code is regenerated, otherwise, the identifying code preserved is obtained;Or,
Whether the authentication result for judging last verification process is authentification failure, if so, and determining to lose from first time certification The number of times for starting continuous authentification failure is lost more than preset times, then regenerates the identifying code, otherwise, obtains the described of preservation Identifying code;Or, whether the authentication result for judging last verification process is authentification failure, if so, then regenerating described test Code is demonstrate,proved, the identifying code of preservation is otherwise obtained.
Specifically, judging submodule 942 first judges whether preserve identifying code in message authentication device 9, has and does not preserve Checking, then generate identifying code.
The message authentication device provided in present embodiment, in the case of it is determined that preserving identifying code, according to the last time The security certification result of verification process, by the way of different acquisition identifying codes so that the acquisition of identifying code is more flexible, enters one Step enhances the safety of verification code of acquisition, so as to improve the security of message authentication.
It is noted that each module involved in present embodiment is logic module, in actual applications, one Individual logic unit can be a part for a physical location or a physical location, can also be with multiple physics lists The combination of member is realized.In addition, will not be with solving institute of the present invention in the innovative part in order to protrude the present invention, present embodiment The technical problem relation of proposition less close unit is introduced, but this be not intended that in present embodiment be not present it is other single Member.
Eighth embodiment of the invention is related to a kind of host computer, and the specific implementation of the host computer can be found in embodiment of the method portion The description divided, repeats part and repeats no more.Host computer 11, includes but is not limited to:Sending module 111, receiver module 112.Specifically Structure is as shown in figure 11.
Sending module 111, for sending first message to message authentication device 9, first message is host computer 111 by defeated Enter after interface obtains identifying code and generated according to identifying code.
Receiver module 112:Security certification result for receiving the transmission of message authentication device 9, security certification result is by disappearing Authentication device 9 is ceased according to determination after checking code authentication first message.
Specifically, the second message is used to indicate that message authentication device 9 obtains and shows identifying code, wherein, the second message Specific implementation can be found in first to 3rd embodiment associated description, here is omitted.Sending module 111, second is disappeared Breath is sent to message authentication device.
Sending module 111 in host computer 11 is sent after the second message, and message authentication device 9 is obtained simultaneously according to the second message Show after identifying code, host computer 11 obtains the identifying code of user input by inputting interface, host computer 11 can pass through input Interface obtains the parameter to be certified of user input, such as PIN code, or directly obtains the parameter to be certified preserved, e.g., number to be signed According to.
Host computer 11 also includes generation module 113, and for generating first message, the embodiment of the first message can With reference to the associated description in the first to the 5th embodiment, it is not repeated herein.
Host computer 11, which sends the first message of generation into message authentication device 9 by sending module, is authenticated behaviour Make, message authentication device 9 after first message is received, first message is used with the corresponding computing of host computer 11, obtain the The identifying code included in one message and message to be certified, are authenticated to identifying code and message to be certified, according to identifying code respectively Authentication result and the authentication result of message to be certified determine the security certification result of this certification, when the success of checking code authentication and During message authentication success to be certified, it is determined that this time the result of safety certification is that successfully, otherwise, security certification result is failure.On Position machine 11 receives the security certification result that message authentication device 9 is sent by receiver module 112, according to authentication result, it is determined that after Continuous operation, if authentication result is successfully, can carry out follow-up transaction flow, if authentication result is failure, host computer 11 passes through Sending module 111 sends the second message to message authentication device again.
It is noted that including parameter to be certified in the second message that host computer 11 is sent by sending module 111, treat Parameters for authentication can be the digital signature of user.First message is sent to message authentication dress by the sending module 121 of host computer 11 9 are put, message authentication device 9 is received after first message, first message is authenticated using the identifying code of display;And certification The authentication sequence of the parameter to be certified included in second message, the certification of first message and parameter to be certified is not limited, can be with Parameter to be certified is first verified, can also first authentication verification code.Message authentication device 9 is according to the authentication result of first message and waits to recognize The authentication result of card parameter determines the result of safety certification.Receiver module 122 receives the safety certification that message authentication device 9 is sent As a result, follow-up operation is determined according to security certification result, if security certification result is successfully, subsequent transaction operation is carried out, Otherwise, the second message is sent again, and parameter to be certified can not now be included in the second message.
The host computer that present embodiment is provided, host computer to message authentication device by sending the second message, control message Authentication device obtains the opportunity for showing identifying code;Identifying code is obtained by inputting interface, according to the identifying code of acquisition and getting Parameter to be certified by specially treated generate first message, it is ensured that security of the first message in transmission, host computer lead to Cross the certification to first message and determine security certification result, decide whether that continuous business is operated, be only into security certification result During work(, follow-up transactional operation is carried out, it is ensured that the security of transaction flow;Parameter to be certified is included in second message so that Parameter to be certified is separately transmitted with identifying code, has further confirmed that parameter to be certified and the safety of identifying code, by disappearing to first The authentication result of breath and parameter to be certified determines security certification result, further the security of increase message authentication.
It will be appreciated by those skilled in the art that realizing that all or part of step in above-described embodiment method can be by Program instructs the hardware of correlation to complete, and the program storage is in a storage medium, including some instructions are to cause one Individual equipment (can be single-chip microcomputer, chip etc.) or processor (processor) perform each embodiment methods described of the application All or part of step.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.
It will be understood by those skilled in the art that the respective embodiments described above are to realize the specific embodiment of the present invention, And in actual applications, can to it, various changes can be made in the form and details, without departing from the spirit and scope of the present invention.

Claims (16)

1. a kind of message authentication method, it is characterised in that including:
Show identifying code;
The first message that host computer is sent is received, the first message obtains the checking by the host computer by inputting interface Generated after code according to the identifying code;
The first message according to the checking code authentication, determines security certification result;
The security certification result is sent to the host computer.
2. according to the method described in claim 1, it is characterised in that before the display identifying code, also include:Tested described in obtaining Demonstrate,prove code.
3. the method according to claim 2, it is characterised in that the acquisition identifying code, including:
Generate the identifying code;Or,
Judge whether to preserve the identifying code, if so, then obtaining the identifying code of preservation;Otherwise, the identifying code is generated.
4. method according to claim 2, it is characterised in that the acquisition identifying code, including:
If it is determined that the identifying code is preserved,
Whether the security certification result for judging last verification process is authentification failure, if so, and determining to lose from first time certification The duration for starting continuous authentification failure is lost more than preset duration, then regenerates the identifying code, otherwise, obtains the described of preservation Identifying code;Or,
Whether the authentication result for judging last verification process is authentification failure, if so, and determining to open from first time authentification failure Begin continuous authentification failure number of times exceed preset times, then regenerate the identifying code, otherwise, obtain preserve the checking Code;Or,
Whether the authentication result for judging last verification process is authentification failure, if so, then regenerating the identifying code, otherwise Obtain the identifying code preserved.
5. the method according to claim any one of 2-4, it is characterised in that before the acquisition identifying code, also include:Connect The second message that the host computer is sent is received, second message is used to indicate to obtain and show the identifying code.
6. method according to claim 5, it is characterised in that second message includes parameter to be certified;
Determine before security certification result, methods described also includes:
Parameter to be certified in second message is authenticated;
The determination security certification result, including:
According to the authentication result to the first message and to the authentication result of the parameter to be certified, determine that the safety is recognized Demonstrate,prove result.
7. a kind of message authentication method, it is characterised in that including:
First message is sent to message authentication device, the first message is that host computer obtains root after identifying code by inputting interface Generated according to the identifying code;
The security certification result that the message authentication device is sent is received, the security certification result is by the message authentication device Determined after the first message according to the checking code authentication.
8. the method according to claim 7, it is characterised in that it is described to message authentication device send first message it Before, also include:The second message is sent to the message authentication device, second message is used to indicate that message authentication device is obtained And show the identifying code.
9. the method according to claim 7, it is characterised in that before sending first message to message authentication device, institute Stating method also includes:
Parameter to be certified and the identifying code are obtained, is disappeared according to the identifying code and the parameter generation described first to be certified Breath;Or,
The identifying code is obtained, the first message is generated according to the identifying code.
10. a kind of message authentication device, it is characterised in that including:
Display module, for showing identifying code;
First receiver module, the first message for receiving host computer transmission, the first message is passed through defeated by the host computer Enter interface to obtain after the identifying code according to identifying code generation;
Authentication module, for the first message according to the checking code authentication, determines security certification result;
Sending module, for the security certification result to be sent to the host computer.
11. device according to claim 10, it is characterised in that the message authentication device also includes:Acquisition module, is used In before display identifying code, the identifying code is obtained.
12. the device according to claim 11, it is characterised in that the acquisition module, including:Generate submodule;
The generation submodule, is used for:
Generate the identifying code;Or, judge whether to preserve the identifying code, if so, then obtaining the identifying code of preservation; Otherwise, the identifying code is generated.
13. device according to claim 11, it is characterised in that the acquisition module, including:Judging submodule;
Judging submodule, for if it is determined that preserve the identifying code, judge last verification process authentication result whether be Authentification failure, if so, and determine since first time authentification failure continuous authentification failure duration exceed preset duration, then again The identifying code is generated, otherwise, the identifying code preserved is obtained;Or,
Whether the authentication result for judging last verification process is authentification failure, if so, and determining to open from first time authentification failure Begin continuous authentification failure number of times exceed preset times, then regenerate the identifying code, otherwise, obtain preserve the checking Code;Or,
Whether the authentication result for judging last verification process is authentification failure, if so, then regenerating the identifying code, otherwise Obtain the identifying code preserved.
14. the device according to claim any one of 11-13, it is characterised in that the message authentication device also includes:The Two receiver modules, for receiving the second message that the host computer is sent, second message is used to indicate to obtain and show institute State identifying code.
15. a kind of host computer, it is characterised in that including:
Sending module, for sending first message to message authentication device, the first message passes through inputting interface for host computer Obtain and generated after identifying code according to the identifying code;
Receiver module, the security certification result for receiving the transmission of message authentication device, the security certification result is disappeared by described Determined after ceasing authentication device first message according to the checking code authentication.
16. host computer according to claim 15, it is characterised in that the sending module, is additionally operable to, recognize to the message Card device sends the second message, and second message is used to indicate that message authentication device obtains and shows the identifying code.
CN201710079384.4A 2017-02-14 2017-02-14 A kind of message authentication method, message authentication device and host computer Pending CN106953726A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710079384.4A CN106953726A (en) 2017-02-14 2017-02-14 A kind of message authentication method, message authentication device and host computer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710079384.4A CN106953726A (en) 2017-02-14 2017-02-14 A kind of message authentication method, message authentication device and host computer

Publications (1)

Publication Number Publication Date
CN106953726A true CN106953726A (en) 2017-07-14

Family

ID=59466400

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710079384.4A Pending CN106953726A (en) 2017-02-14 2017-02-14 A kind of message authentication method, message authentication device and host computer

Country Status (1)

Country Link
CN (1) CN106953726A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111064743A (en) * 2019-12-28 2020-04-24 飞天诚信科技股份有限公司 Method and system for safely inputting password

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101102194A (en) * 2007-07-31 2008-01-09 北京飞天诚信科技有限公司 A method for OTP device and identity authentication with this device
CN101350723A (en) * 2008-06-20 2009-01-21 北京天威诚信电子商务服务有限公司 USB Key equipment and method for implementing verification thereof
CN101377804A (en) * 2008-09-28 2009-03-04 北京飞天诚信科技有限公司 Method and system for implementing start-up protection
CN101420302A (en) * 2008-12-01 2009-04-29 成都市华为赛门铁克科技有限公司 Safe identification method and device
CN101616148A (en) * 2009-07-31 2009-12-30 北京握奇数据系统有限公司 Internet transaction identity authentication method and device
CN101699892A (en) * 2009-10-30 2010-04-28 北京神州付电子支付科技有限公司 Method and device for generating dynamic passwords and network system
CN101848090A (en) * 2010-05-11 2010-09-29 武汉珞珈新世纪信息有限公司 Authentication device and system and method using same for on-line identity authentication and transaction
CN102238193A (en) * 2011-08-09 2011-11-09 深圳市德卡科技有限公司 Data authentication method and system using same
CN103259664A (en) * 2013-05-08 2013-08-21 北京昆腾微电子有限公司 Nfc dynamic password chip and working method thereof
CN103944910A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data security interactive method

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101102194A (en) * 2007-07-31 2008-01-09 北京飞天诚信科技有限公司 A method for OTP device and identity authentication with this device
CN101350723A (en) * 2008-06-20 2009-01-21 北京天威诚信电子商务服务有限公司 USB Key equipment and method for implementing verification thereof
CN101377804A (en) * 2008-09-28 2009-03-04 北京飞天诚信科技有限公司 Method and system for implementing start-up protection
CN101420302A (en) * 2008-12-01 2009-04-29 成都市华为赛门铁克科技有限公司 Safe identification method and device
CN101616148A (en) * 2009-07-31 2009-12-30 北京握奇数据系统有限公司 Internet transaction identity authentication method and device
CN101699892A (en) * 2009-10-30 2010-04-28 北京神州付电子支付科技有限公司 Method and device for generating dynamic passwords and network system
CN101848090A (en) * 2010-05-11 2010-09-29 武汉珞珈新世纪信息有限公司 Authentication device and system and method using same for on-line identity authentication and transaction
CN102238193A (en) * 2011-08-09 2011-11-09 深圳市德卡科技有限公司 Data authentication method and system using same
CN103259664A (en) * 2013-05-08 2013-08-21 北京昆腾微电子有限公司 Nfc dynamic password chip and working method thereof
CN103944910A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data security interactive method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111064743A (en) * 2019-12-28 2020-04-24 飞天诚信科技股份有限公司 Method and system for safely inputting password

Similar Documents

Publication Publication Date Title
CN104579649B (en) Personal identification method and system
CN113014539B (en) Internet of things equipment safety protection system and method
CN108965222A (en) Identity identifying method, system and computer readable storage medium
CN109088902B (en) Register method and device, authentication method and device
CN107194268A (en) A kind of information processing method, device, computer installation and readable storage medium storing program for executing
CN105320891B (en) A kind of method and device of computer security loading system mirror image
CN103929308B (en) Information Authentication method applied to rfid card
WO2018133675A1 (en) Key update method, device and system
US9959403B2 (en) Information processing system for mutual authentication between communication device and storage
CN103888429B (en) Virtual machine starts method, relevant device and system
CN106576047B (en) Make Password Operations from the method and apparatus of malicious modification
CN106341228A (en) Migration method, migration system, immigration end and emigration end of virtual machine
CN107277017A (en) Purview certification method, apparatus and system based on encryption key and device-fingerprint
CN107948186A (en) A kind of safety certifying method and device
CN109407651A (en) The control method and device of vehicle
CN109067544A (en) A kind of private key verification method, the apparatus and system of soft or hard combination
CN109214221A (en) A kind of identity card reader verification method, host computer and identity card reader
CN109922022A (en) Internet of Things communication means, platform, terminal and system
CN103093141A (en) Download method, guidance method and device of safe main control chip Coolcloud system (COS)
CN109302442A (en) A kind of data storage method of proof and relevant device
CN104504309A (en) Data encryption method and terminal for application program
CN106953726A (en) A kind of message authentication method, message authentication device and host computer
EP2985712A1 (en) Application encryption processing method, apparatus, and terminal
CN114449504B (en) NFC label verification method, electronic device and storage medium
CN106330877B (en) It is a kind of to authorize the method and system converted to the SOT state of termination

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170714

WD01 Invention patent application deemed withdrawn after publication