CN106953726A - A kind of message authentication method, message authentication device and host computer - Google Patents
A kind of message authentication method, message authentication device and host computer Download PDFInfo
- Publication number
- CN106953726A CN106953726A CN201710079384.4A CN201710079384A CN106953726A CN 106953726 A CN106953726 A CN 106953726A CN 201710079384 A CN201710079384 A CN 201710079384A CN 106953726 A CN106953726 A CN 106953726A
- Authority
- CN
- China
- Prior art keywords
- message
- identifying code
- code
- authentication
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The present invention relates to field of information security technology, a kind of message authentication method, message authentication device and host computer are disclosed.Show identifying code;The first message that host computer is sent is received, first message is generated after obtaining identifying code by inputting interface by host computer according to identifying code;According to checking code authentication first message, security certification result is determined;Security certification result is sent to host computer.Make it possible to be lifted the security of transaction flow.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of message authentication method, message authentication device and on
Position machine.
Background technology
With continuing to develop for science and technology, online transaction becomes a kind of mode in people's life, in order to which ensure ne is submitted
Easy safety, improves network security and is very important.Existing frequently-used security protection product is UKEY (Universal
Serial Bus Key, USB-Key, also referred to as " UKEY "), UKEY is that one kind is directly connected, with close by USB with computer
The small memory device of code authentication function, reliable high speed.UKEY is an extremely strong benefit to existing network security system
Fill, can ensure that the operation such as file digital signature of user is not tampered with UKEY.The characteristics of UKEY is maximum is exactly security
Height, technical specification uniformity is strong, and Compatibility of Operating System is good, and easy to carry and use is flexibly.
Inventor is had found during the present invention is realized, personal identity number (Personal is needed in process of exchange
Identification Number, referred to as " PIN code ") and digital signing operations, the UKEY used at present generally has 4 buttons,
Respectively " above turning over ", " under turn over ", " cancellation " and " confirmation ", generally in process of exchange, user by UKEY " above turning over ", " under
Turn over " each Transaction Information is checked, in the case of confirming that Transaction Information is correct, Transaction Information is confirmed by " confirmation " button,
When UKEY " confirmation " button is pressed, signature operation is just carried out, to ensure the security of transaction flow.But, user is looking into
When seeing information, there is a situation where because checking that Transaction Information does not confirm carefully so as to caused by by mistake, it is saved especially on UKEY
In the case of a plurality of Transaction Information, if information to be confirmed is illegally distorted, it is easier to increase user and carry out confirming operation by mistake
Possibility, so as to cause the dangerous of transaction flow.
The content of the invention
The purpose of embodiment of the present invention is to provide a kind of message authentication method, message authentication device and host computer, is made
The security of transaction flow can be lifted by obtaining.
In order to solve the above technical problems, embodiments of the present invention provide a kind of message authentication method, including:Display is tested
Demonstrate,prove code;The first message that host computer is sent is received, the first message is obtained after the identifying code by the host computer by inputting interface
Generated according to the identifying code;According to the checking code authentication first message, security certification result is determined;By the security certification result
Send to the host computer.
Embodiments of the present invention additionally provide a kind of message authentication method, including:First is sent to message authentication device
Message, the first message is that host computer is obtained after identifying code according to identifying code generation by inputting interface;Receive message authentication
The security certification result that device is sent, the security certification result is by message authentication device according to the checking code authentication first message
After determine.
Embodiments of the present invention provide a kind of message authentication device, including:Display module, for showing identifying code;
First receiver module, the first message for receiving host computer transmission, first message is obtained by the host computer by inputting interface
Obtain and generated after the identifying code according to the identifying code;Authentication module, for according to the checking code authentication first message, it is determined that safety
Authentication result;Sending module, for the security certification result to be sent to the host computer.
Embodiments of the present invention additionally provide a kind of host computer, including:Sending module, for being sent out to message authentication device
First message is sent, the first message is that host computer is obtained after identifying code according to identifying code generation by inputting interface;Receive mould
Block, the security certification result for receiving message authentication device transmission, the security certification result is by the message authentication device root
According to being determined after the checking code authentication first message.
In terms of existing technologies, by showing identifying code in message authentication device, user obtains embodiment of the present invention
Know identifying code, it is ensured that the identifying code in message authentication device will not be tampered, and host computer is according to testing that inputting interface is got
Code generation first message is demonstrate,proved, passes through the certification to first message, it is ensured that the security of first message, recognizes so as to improve in message
The security of transaction flow under card device;Due to without the confirmation that manually be authenticated, reducing because of artificial operating mistake and
Artificial carelessness causes the probability of potential safety hazard.
In addition, before display identifying code, also including:Obtain identifying code.Recognized before display identifying code by obtaining message
Identifying code in card device, the identifying code is obtained from message authentication device, it is ensured that the identifying code of acquisition is not distorted illegally,
So as to ensure that the security of the identifying code of display.
In addition, the identifying code is obtained, including:Generate identifying code;Or, judge whether to preserve identifying code, if so, then obtaining
Go bail for the identifying code deposited;Otherwise, identifying code is generated.Various ways can be had by obtaining identifying code, obtain test in several ways
Demonstrate,prove code so that the acquisition of identifying code flexibly, simultaneously as acquisition modes are more, enhances the security of the identifying code of acquisition.
In addition, however, it is determined that preserve the identifying code, whether the authentication result for judging last verification process is authentification failure,
If so, and determine since first time authentification failure continuous authentification failure duration exceed preset duration, then regenerate this and test
Code is demonstrate,proved, otherwise, the identifying code preserved is obtained;Or, whether the authentication result for judging last verification process is authentification failure,
If so, and determine that the number of times of the continuous authentification failure since first time authentification failure exceedes preset times, then regenerate described
Identifying code, otherwise, obtains the identifying code preserved;Or, whether the authentication result for judging last verification process is that certification is lost
Lose, if so, then regenerating the identifying code, otherwise obtain the identifying code of preservation.In the case of it is determined that preserving identifying code,
If there is provided the mode of a variety of acquisition identifying codes when last authentication result is failure so that the acquisition of identifying code is more flexible,
It further enhancing the safety of verification code of acquisition.
In addition, before obtaining identifying code, also including:The second message that host computer is sent is received, second message is used to refer to
Show and obtain and show the identifying code.Pass through the second message of reception so that message authentication device is obtained under the triggering of the second message
Take and show the identifying code, be easy to control to obtain and show the opportunity of identifying code.
In addition, the second message includes parameter to be certified;Determine before security certification result, this method also includes:To second
Parameter to be certified is authenticated in message;Security certification result is determined, including:According to the authentication result to the first message and
To the authentication result of the parameter to be certified, security certification result is determined.When including parameter to be certified in the second message, safety certification
As a result determined by the authentication result of first message and to the authentication result of the parameter to be certified, add the flexible of message authentication
Property, enhance the adaptability of message authentication.
Brief description of the drawings
Fig. 1 is a kind of flow chart of message authentication method according to first embodiment of the invention;
Fig. 2 is a kind of flow chart of message authentication method according to second embodiment of the invention;
Fig. 3 is a kind of flow chart of message authentication method according to third embodiment of the invention;
Fig. 4 is a kind of flow chart of message authentication method according to four embodiment of the invention;
Fig. 5 is a kind of flow chart of message authentication method according to fifth embodiment of the invention;
Fig. 6 is embodiment of the present invention message authentication process schematic diagram;
Fig. 7 is another message authentication process schematic diagram of the embodiment of the present invention;
Fig. 8 is another message authentication process schematic diagram of the embodiment of the present invention;
Fig. 9 is a kind of structural representation of message authentication device according to sixth embodiment of the invention;
Figure 10 is a kind of structural representation of message authentication device according to seventh embodiment of the invention;
Figure 11 is a kind of structural representation of host computer according to eighth embodiment of the invention.
Embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with each reality of the accompanying drawing to the present invention
The mode of applying is explained in detail.However, it will be understood by those skilled in the art that in each embodiment of the invention,
In order that reader more fully understands the application and proposes many ins and outs.But, even if without these ins and outs and base
Many variations and modification in following embodiment, can also realize the application technical scheme claimed.
The first embodiment of the present invention is related to a kind of message authentication method.The message authentication method can apply on the net
The message authentication device of transaction, the message authentication device includes but is not limited to:Online payment carries out what is used during authentication
UKEY.Idiographic flow as shown in figure 1, including:
Step 101:Show identifying code.
In implementation, need to obtain the identifying code before display identifying code.
In one embodiment, message authentication device receive host computer send the second message after, according to this second
Message generates identifying code.
Specifically, the second message is used to indicate to obtain and shows identifying code, wherein, the length to the second message is not limited
System, the second message can be identifying code generation instruction or other any one be used for the finger that triggers message authentication process
Order.In specific implementation, it can indicate that message authentication device is obtained and display identifying code by the specific fields of message, for example, disappearing
Ceasing the information entrained by the field at end is used to trigger the acquisition of message authentication device and display identifying code.
Specifically, the identifying code of generation has random characteristic, for example, can by Generating Random Number generation with
Machine number, regard the random number as identifying code;Or, after generation random number, after being handled according to preset rules the random number,
It regard the result as identifying code;Or, after message authentication device at random one message of generation, the message is added
Close, the eap-message digest of the message after generation encryption regard the eap-message digest as identifying code.Wherein, preset rules can be any
Computing, is not limited herein.
In implementation, the form and length of identifying code are not limited.Specifically, identifying code can be the one of length-specific
Piece of digital, for example, generate the identifying code of 6 bit lengths every time, identifying code 1 is that " 789585 ", identifying code 2 are " 896584 ";Test
Card code can also be indefinite length numeral and letter combination, be either indefinite length numeral combine or be random length
The monogram of degree, for example, the identifying code 1 of generation is " 1we89 ", identifying code 2 is " 145698 ", identifying code 3 is
“yanzhengma”。
In specific implementation, the acquisition modes of identifying code include but is not limited to following two realizations:First, can be that message is recognized
Card device is when receiving the second message, triggering message authentication device generation identifying code, obtains after the identifying code of the generation is used for
Continuous step is used;As soon as second or message authentication device after electricity, be immediately generated identifying code on, receiving second
After message, the identifying code generated is obtained.
Specifically, after identifying code is got, the identifying code got is shown by display screen, user can be according to aobvious
The identifying code shown, knows identifying code.
Step 102:Receive the first message that host computer is sent.Wherein, first message is obtained by host computer by inputting interface
Generated after obtaining the identifying code according to identifying code.
Specifically, host computer gets identifying code and parameter to be certified, identifying code and ginseng to be certified by inputting interface
Result of the number after special computing can be able to be hash computing or add as first message, special computing
Close computing.Parameters for authentication can also be treated using identifying code to carry out after special computing, disappeared the result obtained by computing as first
Breath;It is also possible that identifying code is carried out into the operation result after the first special computing and parameter to be certified the second special computing of progress
Operation result afterwards is combined, as first message, wherein, the first special computing and the second special computing can with identical,
It can differ, special computing can be hash algorithm or AES.
Step 103:According to the checking code authentication first message, security certification result is determined.
Specifically, if being determined in the first message received according only to identifying code, the certification first message is as recognized
Card:Determine whether the identifying code that first message is used is consistent with the identifying code of display.Embodiment includes but is not limited to
It is following two:
First, if including identifying code in first message, message authentication device parsing first message is obtained in first message
The identifying code of carrying, will parse the identifying code obtained and the identifying code that is locally displayed is compared, if both it is identical, to the
One message authentication passes through, otherwise, to the first message authentification failure.
Second, if what is directly included in first message is the result that host computer carries out gained after certain operations to identifying code,
Then message authentication device carries out identical certain operations to the identifying code being locally displayed, by the result and first message obtained by computing
In entrained information (i.e. host computer carries out the result obtained by certain operations to identifying code) be compared, if both it is identical,
First message certification passes through, otherwise, to first message authentification failure.
3rd, the specified data for needing to carry in first message are added using identifying code if first message is host computer
Obtained after close, then message authentication device first message is decrypted, by what is obtained after decryption using the identifying code being locally displayed
Data are compared with specified data, if identical, and checking code authentication is passed through, that is, are determined to first message certification success, no
Then, it is determined that to first message authentification failure.
If for example, information entrained in first message is:Host computer carries out hash computing to the identifying code A of acquisition and obtained
Result, then message authentication device the identifying code A ' that is locally displayed is transported using identical hash after first message is received
Calculation obtains operation result B, information and operation result B entrained in first message is compared, if identical, it is determined that to testing
Code authentication success is demonstrate,proved, if differing, it is determined that to identifying code authentification failure;If entrained information is in first message:It is upper
The result that computing is obtained is encrypted to the identifying code A of acquisition in machine, then message authentication device is after first message is received, to
One message is decrypted computing and is verified a yard A, compares the identifying code A that decryption is obtained and the checking shown in message authentication device
Whether code A ' is consistent, if unanimously, it is determined that to checking code authentication success, it is inconsistent, it is determined that to identifying code authentification failure.
Specifically, if the first message received is determined according to verification code information and parameter to be certified, to first
The authentication result of message is then together decided on by the authentication result to identifying code with the authentication result for treating parameters for authentication, if to checking
Code and reference authentication to be certified succeed, then are first message certification success, otherwise, first message authentification failure.Specific implementation
Mode includes but is not limited to following three kinds:
First, if directly carrying identifying code and parameter to be certified in first message, message authentication device parsing first
Message obtains identifying code and parameter to be certified, will parse identifying code of the acquisition identifying code with being locally displayed and be compared, if phase
Together, then to checking code authentication success, otherwise, to identifying code authentification failure.If message authentication device is to checking code authentication success, and
Reference authentication to be certified success to being carried in first message, then to first message certification success, otherwise, to first message certification
Failure.Wherein, the verification process for treating parameters for authentication is not the present embodiment content of concern, existing safety certification process
In treat the verification process of parameters for authentication and be used equally for the present embodiment.Wherein, parameter to be certified can be PIN code or
The combination of signature or PIN code and signature.
Second, if the result for identifying code obtain after certain operations for host computer carried in first message, disappears
Breath authentication device is carried out after identical certain operations to the identifying code being locally displayed, and will be carried in obtained result and first message
Information be compared, if identical, it is determined that to checking code authentication success, otherwise, it determines to identifying code authentification failure.Similarly,
If the entrained result to treat after parameters for authentication progress computing, determines to treat to recognize using similar mode in first message
Whether the certification of card parameter succeeds.
3rd, the specified data for needing to carry in first message are added using identifying code if first message is host computer
Obtained after close, then message authentication device first message is decrypted, by what is obtained after decryption using the identifying code being locally displayed
Data are compared with specified data, if identical, and checking code authentication is passed through, if this, which is specified, includes ginseng to be certified in data
Number, then can determine that treating parameters for authentication certification passes through simultaneously, that is, determine to first message certification success, otherwise, it determines to first
Message authentication fails.Wherein, parameter to be certified can be the group of PIN code or signature or PIN code and signature
Close.
Specifically, if only needing to first message certification, security certification result is the certification knot to first message
Really, even to first message certification success, then security certification result passes through for certification, otherwise, security certification result be certification not
Pass through;If also carrying parameter to be certified in the second message, basis is needed to disappear to the authentication result of first message and to second
The authentication result of the parameter to be certified carried in breath, determines security certification result, i.e., be to recognize in the authentication result to first message
Demonstrate,prove successfully, and to the authentication result of the parameter to be certified in the second message also for certification it is successful in the case of, determine safety certification
As a result pass through for certification, otherwise, it determines security certification result does not pass through for certification.
Step 104:The security certification result is sent to the host computer.
Specifically, security certification result is sent back into host computer, to carry out the transaction flow of next step.
In terms of existing technologies, the message authentication method provided in present embodiment, is sent by receiving host computer
The second message, triggering, which is obtained, simultaneously showing identifying code so that the opportunity that user can control to obtain and show identifying code, there is provided life
Into the different opportunitys of identifying code so that identifying code generating mode is flexible, because identifying code is generated and had by message authentication device
Randomness, it is ensured that the security of the identifying code of generation;By way of showing identifying code, what user can be safe knows checking
Code, the first message generated according to identifying code using different methods, it is ensured that the security of first message, so as to ensure that the
The security of one message authentication.
Second embodiment of the present invention is related to a kind of message authentication method.Second embodiment is big with first embodiment
Cause is identical, is in place of the main distinction:In the first embodiment, obtaining identifying code includes:Generate identifying code.And in the present invention
In second embodiment, obtaining identifying code includes:Judge to whether there is identifying code in message authentication device, if in the presence of obtaining
The identifying code of preservation, otherwise regenerates identifying code.Idiographic flow as shown in Fig. 2 including:
Step 201:Receive the second message that host computer is sent.
Specifically, parameter to be certified is included in the second message, after the second message is received, is preserved in the second message
Parameter to be certified, wherein, parameter to be certified can trigger message by specific fields in the digital signature of user, the second message
Authentication device obtains and shows identifying code.
Step 202:Judge whether to preserve identifying code.If preserving identifying code, then step 203 is performed, otherwise, performed
Step 204.
Specifically, after the second message is received, system first detects in message authentication device whether preserve identifying code,
For example, storing identifying code in A memory space is in the address of message authentication device, the memory space of system detectio A addresses is
It is no to preserve data, if, it is determined that identifying code is preserved in the memory space of A addresses, otherwise, it determines not preserving identifying code.
Step 203:Obtain the identifying code preserved.
Specifically, detect in message authentication device and preserve identifying code, by reading the checking that memory space is preserved
Code is so as to obtain the identifying code.
Step 204:Generate the identifying code.
Specifically, detect and do not preserve identifying code in message authentication device, then generate identifying code, the identifying code of generation
Mode can refer to the associated description of first embodiment, here is omitted.Wherein, the form and length of identifying code are not limited
It is fixed.
Step 205:Show the identifying code.
Step 206:Receive the first message that host computer is sent.
Step 207:According to the checking code authentication first message.
Step 208:According to the authentication result to first message, security certification result is determined.
Specifically, the parameter to be certified in the second message is obtained, the parameter to be certified is authenticated, parameter to be certified
Certification be authenticated using existing mode, for example, the certification of digital signature.According to the authentication result of parameter to be certified and
The authentication result of one message determines security certification result, if parameter to be certified authentication result and first message authentication result all
It is certification success, it is determined that security certification result is successfully, otherwise, it determines security certification result is failure.
It is noted that not done for the parameter to be certified and the authentication sequence of first message included in the second message
Limitation, can first certification first message, the parameter to be certified that can also be included in the message of first certification second.
Step 209:The security certification result is sent to the host computer.
The message authentication method that present embodiment is provided, by judging to whether there is identifying code in message authentication device, is adopted
Identifying code is obtained with different modes, the mode of identifying code acquisition is added, so as to improve the flexibility of identifying code acquisition, increased
The strong security of identifying code;And in the second message can also include parameter to be certified, by treat parameters for authentication certification and
The certification of first message determines security certification result, enhances the flexibility of message authentication, so as to enhance the suitable of message authentication
The property used.
Third embodiment of the present invention is related to a kind of message authentication method.3rd embodiment and second embodiment are big
Cause is identical, is in place of the main distinction:In this second embodiment, obtaining identifying code includes:Tested according to judging whether to preserve
The result for demonstrate,proving code obtains identifying code.And in third embodiment of the invention, obtaining identifying code includes:It is determined that preserving described
In the case of identifying code, identifying code is obtained according to the security certification result of last verification process.Idiographic flow as shown in figure 3,
Including:
Step 301:Receive the second message that host computer is sent.
Step 302:Judge whether to preserve identifying code.If so, then performing step 303, step 305 is otherwise performed.
Step 303:Whether the security certification result for judging last verification process is failure, if so, then performing step
304;Otherwise, step 306 is performed.
Specifically, the security certification result of the last verification process preserved in message authentication device is obtained, if upper one
Secondary security certification result is failure, then performs step 304;If last security certification result is successfully, to perform step
306。
Step 304:Judge since first time safety certification unsuccessfully continuous authentification failure duration whether exceed preset duration,
Or since first time safety certification unsuccessfully continuous authentification failure number of times whether exceed preset times, if so, then performing step
305, otherwise perform step 306.
Specifically, can first time safety certification failure when start timing, by the duration of continuous authentification failure with
Preset duration is compared, wherein, preset duration can be pre-set by designer, and preset duration can be using minute to be single
Position, for example, preset duration is 1 minute;Whether the duration for judging continuous authentification failure according to comparative result exceedes preset duration.Or
Person, can start to calculate the frequency of failure when first time safety certification fails, by the number of times of continuous authentification failure and default time
Number is compared, wherein, preset times can be pre-set by designer, for example, the security in order to obtain identifying code, in advance
If number of times is within 10 times such as 5 times;Judge whether the number of times of continuous authentification failure exceedes preset times.
Step 305:Generate the identifying code.
Step 306:Obtain the identifying code preserved.
Step 307:Show the identifying code.
Step 308:Receive the first message that host computer is sent.
Step 309:According to the checking code authentication first message.
Step 310:Determine security certification result.
Step 311:The security certification result is sent to the host computer.
It is noted that when step 303 judges that the security certification result of last verification process is unsuccessfully, can skip
Step 304, step 305 is directly performed.
The message authentication method provided in present embodiment, in the case of it is determined that preserving identifying code, according to the last time
The security certification result of verification process, by the way of different acquisition identifying codes so that the acquisition of identifying code is more flexible, enters one
Step enhances the safety of verification code of acquisition, so as to improve the security of message authentication.
The step of various methods are divided above, be intended merely to description it is clear, can be merged into when realizing a step or
Some steps are split, multiple steps are decomposed into, as long as including identical logical relation, all protection domain in this patent
It is interior;To adding inessential modification in algorithm or in flow or introducing inessential design, but its algorithm is not changed
Core design with flow is all in the protection domain of the patent.
Four embodiment of the invention is related to a kind of message authentication method, applied to the host computer of online transaction, for example, electric
Brain, mobile phone etc..Idiographic flow as shown in figure 4, including:
Step 401:First message is sent to message authentication device.
In one embodiment, before sending first message to message authentication device, sent to message authentication device
Second message, and after identifying code is obtained by inputting interface, first message is generated according to the parameter to be certified and identifying code.Should
Parameter to be certified can be that host computer is obtained by inputting interface.
Wherein, the second message implement can be found in first to 3rd embodiment description, be not repeated herein.Specifically
Say, message authentication device obtains after the second message is received and shows identifying code, checking is shown in message authentication device
After code, user can know the identifying code in message authentication device and is input to by the inputting interface of host computer in host computer.
Wherein, parameter to be certified used in generation first message, can be that host computer is obtained by inputting interface, such as
PIN code, can also be stored directly in host computer, e.g., data to be signed.
Identifying code is carried out into the operation result after the first special computing to carry out after the second special computing with parameter to be certified
Operation result is combined, as first message, and the first special computing and the second special computing can be with identical, can not also phase
Together, wherein, special computing can be hash computing, for example, Hash 256 (SHA256), Hash 512 (SHA512), eap-message digest
Algorithm the 5th edition (MD5) etc. or AES, e.g., the close SM1 of state (SM1cryptographic algorithm), state
Close SM4 etc..It can also be that treating parameters for authentication using identifying code carries out special computing, and the operation result is carried in first message
In, special computing can be AES or hash computing.For example, identifying code A obtains computing by SHA256 computings
As a result as the key for encrypting parameter A to be certified, the parameter A to be certified after being encrypted takes the parameter A to be certified after encryption
Band is in first message.
Specifically, first message is sent to message authentication device and is authenticated after generation first message by host computer
Operation.
Step 402:Receive the security certification result of message authentication device transmission.
Specifically, security certification result as the message authentication device according to it is described checking code authentication described in first message
After determine.Message authentication device can be found in first to 3rd embodiment according to the embodiment of checking code authentication first message
Described content, here is omitted.
In terms of existing technologies, host computer to message authentication device by sending the second message, control message certification
Device obtains the opportunity for showing identifying code so that can know the identifying code in message authentication device as needed;Pass through input
Interface obtains identifying code, and first message is generated by specially treated according to the identifying code of acquisition and the parameter to be certified got,
Security of the first message in transmission is ensure that, host computer decides whether that continuous business is operated, only according to security certification result
When security certification result is successfully, follow-up transactional operation is carried out, it is ensured that the security of transaction flow.
The 5th embodiment of the present invention is related to a kind of message authentication method.5th embodiment and the 4th embodiment are big
Cause is identical, is in place of the main distinction:In the 4th embodiment, first message is generated according to identifying code and parameter to be certified.
And in fifth embodiment of the invention, first message is generated according to identifying code.Idiographic flow as shown in figure 5, including:
Step 501:The second message is sent to message authentication device.
Specifically, parameter to be certified is included in the second message, parameter to be certified can be the data to be signed of user,
Message authentication device can be according to the contents of the specific fields of the second message, and triggering, which is obtained, simultaneously showing identifying code.
Step 502:Identifying code is obtained, first message is generated according to identifying code.
Specifically, message authentication device obtains after the second message is received and shows identifying code, in message authentication dress
Put and show after identifying code, message authentication device is shown identifying code by user, is inputted by the inputting interface of host computer to upper
Machine, host computer carries out special computing to the identifying code got, the operation result of acquisition is carried in first message, special fortune
Calculation can be hash computing, such as SHA256, MD5;Can also be AES, such as SM1, SM4.
Step 503:First message is sent to message authentication device.
Step 504:Receive the security certification result of message authentication device transmission.
Specifically, specifically, security certification result verifies code authentication institute by the message authentication device according to described
State and determined after first message.Message authentication device according to checking code authentication first message embodiment can be found in first to
Content described by 3rd embodiment, here is omitted.
In addition, step 503 is roughly the same with the step 403 of fourth embodiment, in order to reduce repetition, step 503 is not done
Repeat.
Parameter to be certified is included in the message authentication method that present embodiment is provided, the second message so that parameter to be certified
Separately transmitted with identifying code, further confirmed that parameter to be certified and the safety of identifying code, by first message and to be certified
The authentication result of parameter determines security certification result, further the security of increase message authentication.
Specific verification process will be illustrated below.
For example, in verification process as shown in Figure 6, S61 host computers send the second message to message authentication device, wherein,
Entrained information is in second message:Message authentication device generates the instruction of identifying code.S62 message authentication devices are according to reception
After the second message arrived, obtain identifying code and show the identifying code.S63 host computers obtain PIN code and checking by inputting interface
Code, first message is generated according to the PIN code and identifying code that get, wherein, PIN code that host computer is obtained by inputting interface and
Identifying code is by user input.S64 host computers send first message to message creating apparatus.S65 message authentication device message authentications
Device is received after first message, and first message is handled, and obtains the information that first message is carried:Identifying code and PIN code,
The identifying code and PIN code got is authenticated, if checking code authentication by and PIN code certification pass through, determine first message
Certification success, otherwise, it determines first message authentification failure, using the authentication result of first message as safety certification certification knot
Really.Security certification result is sent to host computer by S66 message authentication devices.
Again for example, in safety certification process as shown in Figure 7, S71 host computers send the second message to message authentication device,
Second message carries information:Identifying code generation instruction and digital signature.S72 message authentication devices are received after the second message, right
Second message carries out processing and obtains the information that the second message is carried, and obtains identifying code according to identifying code generation instruction and shows, and
Digital signature is preserved, for subsequent operation.S73 host computers obtain the identifying code that user is inputted by inputting interface, according to checking
Code generation first message.S74 host computers send first message to message authentication device.S75 message authentication devices receive first
After message, first message is handled, the information that first message is carried is obtained:Identifying code, and identifying code is authenticated, will
The result of code authentication is verified as the authentication result of first message, and the digital signature of preservation is authenticated, if disappearing to first
The authentication result of breath is certification success, and is also certification success to the authentication result of digital signature, it is determined that security certification result
It is successful for certification, otherwise, it determines security certification result is authentification failure.S76 message authentication devices send security certification result
To host computer.
Again for example, in safety certification process as shown in Figure 8, S81 host computers send generation checking to message authentication device
The instruction of code.After the instruction that S82 message authentications device generates identifying code according to receiving, obtain identifying code and show the identifying code.
S83 host computers obtain the identifying code that user is inputted by inputting interface, and certification message is generated according to identifying code and digital signature.
S84 host computers send certification message to message authentication device.S85 message authentication device authentication identifying codes and digital signature, if really
The fixed authentication result to identifying code is certification success, and is also certification success to the authentication result of digital signature, it is determined that safety
Authentication result is certification success, otherwise, it determines security certification result is authentification failure.S86 message authentications device is by safety certification
As a result it is sent to host computer.
Sixth embodiment of the invention is related to a kind of message authentication device.Message authentication device 9, includes but is not limited to:It is aobvious
Show module 91, the first receiver module 92, the second receiver module 93, acquisition module 94, authentication module 95 and sending module 96.Specifically
Structure is as shown in Figure 9.
Display module 91, for showing identifying code.
First receiver module 92, the first message for receiving host computer transmission, the first message is passed through defeated by host computer
Enter after interface obtains identifying code and generated according to identifying code;
Second receiver module 93, the second message for receiving host computer transmission, the second message is used to indicate to obtain and show
Show identifying code.
Acquisition module 94, for before display identifying code, obtaining identifying code.
Authentication module 95, for according to checking code authentication first message, determining security certification result
Sending module 96, for security certification result to be sent to host computer.
Specifically, the second receiver module 93 in message authentication device 9 receives the second message of upper transmission, and second disappears
Cease for indicating to obtain and showing identifying code, wherein, the length of the second message is not limited, and the second message can be identifying code life
Into the message of instruction or one section of encryption.Message authentication device can be triggered by the specific fields of the second message to obtain
With display identifying code, obtained and display identifying code for example, the field at the end of message triggers message authentication device.
Also include in acquisition module 94:Submodule 941 is generated, for generating identifying code, or, judge whether to preserve and test
Code is demonstrate,proved, if so, then obtaining the identifying code of preservation;Otherwise, identifying code is generated.
During the second message that the second receiver module 93 is received, the generation submodule 941 in triggering acquisition module 94 is generated
Identifying code, the identifying code for obtaining the generation is used for subsequent step;Can also be message authentication device on one after electricity when, it is raw
Identifying code is just immediately generated into submodule 941, after the second message is received, acquisition module 94 obtains the checking generated
Code.
After acquisition module 94 gets identifying code, the identifying code that gets is shown by display module 91, user can be with
The identifying code shown according to display module 91, knows identifying code.First receiver module 92 receives the first message of upper transmission, the
The identifying code that one message is obtained by host computer according to inputting interface is generated.Wherein, comprising identifying code and it can be treated in first message
The first message received is obtained first after computing corresponding with host computer and disappeared by the information of parameters for authentication, authentication module 95
Identifying code and parameter to be certified in breath, authentication module 95 are authenticated to identifying code and parameter to be certified respectively, identifying code
The authentication sequence of certification and parameter to be certified is not limited, and can first carry out the certification of identifying code, can also first be carried out to be certified
The certification of parameter.Authentication module 95 determines safety certification knot according to the authentication result of identifying code and the authentication result of parameter to be certified
Really, when verifying code authentication success and reference authentication to be certified success, safety certification success is determined, otherwise, it determines safety certification
Failure.
Sending module 96 sends the security certification result that authentication module 95 is determined to host computer.
In terms of existing technologies, the message authentication device that present embodiment is provided, receives upper by receiver module
The second message that machine is sent, triggering acquisition module obtains identifying code, and display module shows identifying code so that user can control to obtain
Take and show that the generation submodule in the opportunity of identifying code, acquisition module provides the different opportunitys of generation identifying code so that checking
Code generating mode is flexible, because identifying code is generated by message authentication device and with randomness, it is ensured that the identifying code of generation
Security;By way of display module shows identifying code, what user can be safe knows identifying code, according to identifying code using not
The first message of same method generation, it is ensured that the security of first message, so as to ensure that the security of first message certification.
The 7th embodiment of the present invention is related to a kind of message authentication device.7th embodiment and the 6th embodiment are big
Cause is identical, is in place of the main distinction:Acquisition module 94 includes generating submodule 941, for generating identifying code.And in this hair
In bright 7th embodiment, acquisition module includes:Judging submodule 942, is tested for judging to whether there is in message authentication device
Code is demonstrate,proved, if in the presence of obtaining the identifying code of preservation, otherwise regenerate identifying code.Concrete structure is as shown in Figure 10, including:
Acquisition module 94 includes:Judging submodule 942, for if it is determined that preserve identifying code, judging last certification
Whether the authentication result of process is authentification failure, if so, and determine since first time authentification failure continuous authentification failure when
It is long to exceed preset duration, then the identifying code is regenerated, otherwise, the identifying code preserved is obtained;Or,
Whether the authentication result for judging last verification process is authentification failure, if so, and determining to lose from first time certification
The number of times for starting continuous authentification failure is lost more than preset times, then regenerates the identifying code, otherwise, obtains the described of preservation
Identifying code;Or, whether the authentication result for judging last verification process is authentification failure, if so, then regenerating described test
Code is demonstrate,proved, the identifying code of preservation is otherwise obtained.
Specifically, judging submodule 942 first judges whether preserve identifying code in message authentication device 9, has and does not preserve
Checking, then generate identifying code.
The message authentication device provided in present embodiment, in the case of it is determined that preserving identifying code, according to the last time
The security certification result of verification process, by the way of different acquisition identifying codes so that the acquisition of identifying code is more flexible, enters one
Step enhances the safety of verification code of acquisition, so as to improve the security of message authentication.
It is noted that each module involved in present embodiment is logic module, in actual applications, one
Individual logic unit can be a part for a physical location or a physical location, can also be with multiple physics lists
The combination of member is realized.In addition, will not be with solving institute of the present invention in the innovative part in order to protrude the present invention, present embodiment
The technical problem relation of proposition less close unit is introduced, but this be not intended that in present embodiment be not present it is other single
Member.
Eighth embodiment of the invention is related to a kind of host computer, and the specific implementation of the host computer can be found in embodiment of the method portion
The description divided, repeats part and repeats no more.Host computer 11, includes but is not limited to:Sending module 111, receiver module 112.Specifically
Structure is as shown in figure 11.
Sending module 111, for sending first message to message authentication device 9, first message is host computer 111 by defeated
Enter after interface obtains identifying code and generated according to identifying code.
Receiver module 112:Security certification result for receiving the transmission of message authentication device 9, security certification result is by disappearing
Authentication device 9 is ceased according to determination after checking code authentication first message.
Specifically, the second message is used to indicate that message authentication device 9 obtains and shows identifying code, wherein, the second message
Specific implementation can be found in first to 3rd embodiment associated description, here is omitted.Sending module 111, second is disappeared
Breath is sent to message authentication device.
Sending module 111 in host computer 11 is sent after the second message, and message authentication device 9 is obtained simultaneously according to the second message
Show after identifying code, host computer 11 obtains the identifying code of user input by inputting interface, host computer 11 can pass through input
Interface obtains the parameter to be certified of user input, such as PIN code, or directly obtains the parameter to be certified preserved, e.g., number to be signed
According to.
Host computer 11 also includes generation module 113, and for generating first message, the embodiment of the first message can
With reference to the associated description in the first to the 5th embodiment, it is not repeated herein.
Host computer 11, which sends the first message of generation into message authentication device 9 by sending module, is authenticated behaviour
Make, message authentication device 9 after first message is received, first message is used with the corresponding computing of host computer 11, obtain the
The identifying code included in one message and message to be certified, are authenticated to identifying code and message to be certified, according to identifying code respectively
Authentication result and the authentication result of message to be certified determine the security certification result of this certification, when the success of checking code authentication and
During message authentication success to be certified, it is determined that this time the result of safety certification is that successfully, otherwise, security certification result is failure.On
Position machine 11 receives the security certification result that message authentication device 9 is sent by receiver module 112, according to authentication result, it is determined that after
Continuous operation, if authentication result is successfully, can carry out follow-up transaction flow, if authentication result is failure, host computer 11 passes through
Sending module 111 sends the second message to message authentication device again.
It is noted that including parameter to be certified in the second message that host computer 11 is sent by sending module 111, treat
Parameters for authentication can be the digital signature of user.First message is sent to message authentication dress by the sending module 121 of host computer 11
9 are put, message authentication device 9 is received after first message, first message is authenticated using the identifying code of display;And certification
The authentication sequence of the parameter to be certified included in second message, the certification of first message and parameter to be certified is not limited, can be with
Parameter to be certified is first verified, can also first authentication verification code.Message authentication device 9 is according to the authentication result of first message and waits to recognize
The authentication result of card parameter determines the result of safety certification.Receiver module 122 receives the safety certification that message authentication device 9 is sent
As a result, follow-up operation is determined according to security certification result, if security certification result is successfully, subsequent transaction operation is carried out,
Otherwise, the second message is sent again, and parameter to be certified can not now be included in the second message.
The host computer that present embodiment is provided, host computer to message authentication device by sending the second message, control message
Authentication device obtains the opportunity for showing identifying code;Identifying code is obtained by inputting interface, according to the identifying code of acquisition and getting
Parameter to be certified by specially treated generate first message, it is ensured that security of the first message in transmission, host computer lead to
Cross the certification to first message and determine security certification result, decide whether that continuous business is operated, be only into security certification result
During work(, follow-up transactional operation is carried out, it is ensured that the security of transaction flow;Parameter to be certified is included in second message so that
Parameter to be certified is separately transmitted with identifying code, has further confirmed that parameter to be certified and the safety of identifying code, by disappearing to first
The authentication result of breath and parameter to be certified determines security certification result, further the security of increase message authentication.
It will be appreciated by those skilled in the art that realizing that all or part of step in above-described embodiment method can be by
Program instructs the hardware of correlation to complete, and the program storage is in a storage medium, including some instructions are to cause one
Individual equipment (can be single-chip microcomputer, chip etc.) or processor (processor) perform each embodiment methods described of the application
All or part of step.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey
The medium of sequence code.
It will be understood by those skilled in the art that the respective embodiments described above are to realize the specific embodiment of the present invention,
And in actual applications, can to it, various changes can be made in the form and details, without departing from the spirit and scope of the present invention.
Claims (16)
1. a kind of message authentication method, it is characterised in that including:
Show identifying code;
The first message that host computer is sent is received, the first message obtains the checking by the host computer by inputting interface
Generated after code according to the identifying code;
The first message according to the checking code authentication, determines security certification result;
The security certification result is sent to the host computer.
2. according to the method described in claim 1, it is characterised in that before the display identifying code, also include:Tested described in obtaining
Demonstrate,prove code.
3. the method according to claim 2, it is characterised in that the acquisition identifying code, including:
Generate the identifying code;Or,
Judge whether to preserve the identifying code, if so, then obtaining the identifying code of preservation;Otherwise, the identifying code is generated.
4. method according to claim 2, it is characterised in that the acquisition identifying code, including:
If it is determined that the identifying code is preserved,
Whether the security certification result for judging last verification process is authentification failure, if so, and determining to lose from first time certification
The duration for starting continuous authentification failure is lost more than preset duration, then regenerates the identifying code, otherwise, obtains the described of preservation
Identifying code;Or,
Whether the authentication result for judging last verification process is authentification failure, if so, and determining to open from first time authentification failure
Begin continuous authentification failure number of times exceed preset times, then regenerate the identifying code, otherwise, obtain preserve the checking
Code;Or,
Whether the authentication result for judging last verification process is authentification failure, if so, then regenerating the identifying code, otherwise
Obtain the identifying code preserved.
5. the method according to claim any one of 2-4, it is characterised in that before the acquisition identifying code, also include:Connect
The second message that the host computer is sent is received, second message is used to indicate to obtain and show the identifying code.
6. method according to claim 5, it is characterised in that second message includes parameter to be certified;
Determine before security certification result, methods described also includes:
Parameter to be certified in second message is authenticated;
The determination security certification result, including:
According to the authentication result to the first message and to the authentication result of the parameter to be certified, determine that the safety is recognized
Demonstrate,prove result.
7. a kind of message authentication method, it is characterised in that including:
First message is sent to message authentication device, the first message is that host computer obtains root after identifying code by inputting interface
Generated according to the identifying code;
The security certification result that the message authentication device is sent is received, the security certification result is by the message authentication device
Determined after the first message according to the checking code authentication.
8. the method according to claim 7, it is characterised in that it is described to message authentication device send first message it
Before, also include:The second message is sent to the message authentication device, second message is used to indicate that message authentication device is obtained
And show the identifying code.
9. the method according to claim 7, it is characterised in that before sending first message to message authentication device, institute
Stating method also includes:
Parameter to be certified and the identifying code are obtained, is disappeared according to the identifying code and the parameter generation described first to be certified
Breath;Or,
The identifying code is obtained, the first message is generated according to the identifying code.
10. a kind of message authentication device, it is characterised in that including:
Display module, for showing identifying code;
First receiver module, the first message for receiving host computer transmission, the first message is passed through defeated by the host computer
Enter interface to obtain after the identifying code according to identifying code generation;
Authentication module, for the first message according to the checking code authentication, determines security certification result;
Sending module, for the security certification result to be sent to the host computer.
11. device according to claim 10, it is characterised in that the message authentication device also includes:Acquisition module, is used
In before display identifying code, the identifying code is obtained.
12. the device according to claim 11, it is characterised in that the acquisition module, including:Generate submodule;
The generation submodule, is used for:
Generate the identifying code;Or, judge whether to preserve the identifying code, if so, then obtaining the identifying code of preservation;
Otherwise, the identifying code is generated.
13. device according to claim 11, it is characterised in that the acquisition module, including:Judging submodule;
Judging submodule, for if it is determined that preserve the identifying code, judge last verification process authentication result whether be
Authentification failure, if so, and determine since first time authentification failure continuous authentification failure duration exceed preset duration, then again
The identifying code is generated, otherwise, the identifying code preserved is obtained;Or,
Whether the authentication result for judging last verification process is authentification failure, if so, and determining to open from first time authentification failure
Begin continuous authentification failure number of times exceed preset times, then regenerate the identifying code, otherwise, obtain preserve the checking
Code;Or,
Whether the authentication result for judging last verification process is authentification failure, if so, then regenerating the identifying code, otherwise
Obtain the identifying code preserved.
14. the device according to claim any one of 11-13, it is characterised in that the message authentication device also includes:The
Two receiver modules, for receiving the second message that the host computer is sent, second message is used to indicate to obtain and show institute
State identifying code.
15. a kind of host computer, it is characterised in that including:
Sending module, for sending first message to message authentication device, the first message passes through inputting interface for host computer
Obtain and generated after identifying code according to the identifying code;
Receiver module, the security certification result for receiving the transmission of message authentication device, the security certification result is disappeared by described
Determined after ceasing authentication device first message according to the checking code authentication.
16. host computer according to claim 15, it is characterised in that the sending module, is additionally operable to, recognize to the message
Card device sends the second message, and second message is used to indicate that message authentication device obtains and shows the identifying code.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710079384.4A CN106953726A (en) | 2017-02-14 | 2017-02-14 | A kind of message authentication method, message authentication device and host computer |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710079384.4A CN106953726A (en) | 2017-02-14 | 2017-02-14 | A kind of message authentication method, message authentication device and host computer |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106953726A true CN106953726A (en) | 2017-07-14 |
Family
ID=59466400
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710079384.4A Pending CN106953726A (en) | 2017-02-14 | 2017-02-14 | A kind of message authentication method, message authentication device and host computer |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106953726A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111064743A (en) * | 2019-12-28 | 2020-04-24 | 飞天诚信科技股份有限公司 | Method and system for safely inputting password |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101102194A (en) * | 2007-07-31 | 2008-01-09 | 北京飞天诚信科技有限公司 | A method for OTP device and identity authentication with this device |
CN101350723A (en) * | 2008-06-20 | 2009-01-21 | 北京天威诚信电子商务服务有限公司 | USB Key equipment and method for implementing verification thereof |
CN101377804A (en) * | 2008-09-28 | 2009-03-04 | 北京飞天诚信科技有限公司 | Method and system for implementing start-up protection |
CN101420302A (en) * | 2008-12-01 | 2009-04-29 | 成都市华为赛门铁克科技有限公司 | Safe identification method and device |
CN101616148A (en) * | 2009-07-31 | 2009-12-30 | 北京握奇数据系统有限公司 | Internet transaction identity authentication method and device |
CN101699892A (en) * | 2009-10-30 | 2010-04-28 | 北京神州付电子支付科技有限公司 | Method and device for generating dynamic passwords and network system |
CN101848090A (en) * | 2010-05-11 | 2010-09-29 | 武汉珞珈新世纪信息有限公司 | Authentication device and system and method using same for on-line identity authentication and transaction |
CN102238193A (en) * | 2011-08-09 | 2011-11-09 | 深圳市德卡科技有限公司 | Data authentication method and system using same |
CN103259664A (en) * | 2013-05-08 | 2013-08-21 | 北京昆腾微电子有限公司 | Nfc dynamic password chip and working method thereof |
CN103944910A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data security interactive method |
-
2017
- 2017-02-14 CN CN201710079384.4A patent/CN106953726A/en active Pending
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101102194A (en) * | 2007-07-31 | 2008-01-09 | 北京飞天诚信科技有限公司 | A method for OTP device and identity authentication with this device |
CN101350723A (en) * | 2008-06-20 | 2009-01-21 | 北京天威诚信电子商务服务有限公司 | USB Key equipment and method for implementing verification thereof |
CN101377804A (en) * | 2008-09-28 | 2009-03-04 | 北京飞天诚信科技有限公司 | Method and system for implementing start-up protection |
CN101420302A (en) * | 2008-12-01 | 2009-04-29 | 成都市华为赛门铁克科技有限公司 | Safe identification method and device |
CN101616148A (en) * | 2009-07-31 | 2009-12-30 | 北京握奇数据系统有限公司 | Internet transaction identity authentication method and device |
CN101699892A (en) * | 2009-10-30 | 2010-04-28 | 北京神州付电子支付科技有限公司 | Method and device for generating dynamic passwords and network system |
CN101848090A (en) * | 2010-05-11 | 2010-09-29 | 武汉珞珈新世纪信息有限公司 | Authentication device and system and method using same for on-line identity authentication and transaction |
CN102238193A (en) * | 2011-08-09 | 2011-11-09 | 深圳市德卡科技有限公司 | Data authentication method and system using same |
CN103259664A (en) * | 2013-05-08 | 2013-08-21 | 北京昆腾微电子有限公司 | Nfc dynamic password chip and working method thereof |
CN103944910A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data security interactive method |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111064743A (en) * | 2019-12-28 | 2020-04-24 | 飞天诚信科技股份有限公司 | Method and system for safely inputting password |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104579649B (en) | Personal identification method and system | |
CN113014539B (en) | Internet of things equipment safety protection system and method | |
CN108965222A (en) | Identity identifying method, system and computer readable storage medium | |
CN109088902B (en) | Register method and device, authentication method and device | |
CN107194268A (en) | A kind of information processing method, device, computer installation and readable storage medium storing program for executing | |
CN105320891B (en) | A kind of method and device of computer security loading system mirror image | |
CN103929308B (en) | Information Authentication method applied to rfid card | |
WO2018133675A1 (en) | Key update method, device and system | |
US9959403B2 (en) | Information processing system for mutual authentication between communication device and storage | |
CN103888429B (en) | Virtual machine starts method, relevant device and system | |
CN106576047B (en) | Make Password Operations from the method and apparatus of malicious modification | |
CN106341228A (en) | Migration method, migration system, immigration end and emigration end of virtual machine | |
CN107277017A (en) | Purview certification method, apparatus and system based on encryption key and device-fingerprint | |
CN107948186A (en) | A kind of safety certifying method and device | |
CN109407651A (en) | The control method and device of vehicle | |
CN109067544A (en) | A kind of private key verification method, the apparatus and system of soft or hard combination | |
CN109214221A (en) | A kind of identity card reader verification method, host computer and identity card reader | |
CN109922022A (en) | Internet of Things communication means, platform, terminal and system | |
CN103093141A (en) | Download method, guidance method and device of safe main control chip Coolcloud system (COS) | |
CN109302442A (en) | A kind of data storage method of proof and relevant device | |
CN104504309A (en) | Data encryption method and terminal for application program | |
CN106953726A (en) | A kind of message authentication method, message authentication device and host computer | |
EP2985712A1 (en) | Application encryption processing method, apparatus, and terminal | |
CN114449504B (en) | NFC label verification method, electronic device and storage medium | |
CN106330877B (en) | It is a kind of to authorize the method and system converted to the SOT state of termination |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170714 |
|
WD01 | Invention patent application deemed withdrawn after publication |