The content of the invention
The purpose of the embodiment of the present application is to provide a kind of password generated method, password authentication method, method of payment and device,
To solve the problems, such as that identity authenticating password of the prior art has the risk cracked by other people brute-force.
In order to solve the above technical problems, password generated method, password authentication method, payer that the embodiment of the present application provides
What method and device were realized in:
A kind of password generated method, including:
Dynamic is calculated using the token prestored and current time value as the input value of the first preset algorithm in terminal
Password;The terminal also prestores device id corresponding with the token, and the token and the device id are by service end
Generate and sent to the terminal;
Input value of the terminal at least using the first information comprising the dynamic password as the second preset algorithm, is calculated
Second information;
Terminal generates the certification password for including the dynamic password, second information and the device id.
A kind of password authentication method, including:
Service end receives the certification password for including dynamic password, the second information and device id generated by terminal;It is described dynamic
State password is that the token prestored and current time value are calculated terminal as the input value of the first preset algorithm, institute
It is that terminal is at least calculated the first information including dynamic password as the input value of the second preset algorithm to state the second information
, the device id is previously stored in the terminal;
Service end inquires about token corresponding with the device id;
Service end is verified using the token and first preset algorithm to the dynamic password;
Service end verifies at least with the first information and second preset algorithm to second information;
If the dynamic password verification passes through and second information checking is by judging that the certification password authentication leads to
Cross.
A kind of method of payment, including:
Service end receives the certification password for including dynamic password, the second information and device id generated by terminal;It is described dynamic
State password is that the token prestored and current time value are calculated terminal as the input value of the first preset algorithm, institute
It is that terminal is at least calculated the first information including dynamic password as the input value of the second preset algorithm to state the second information
, the device id is previously stored in the terminal;
Service end inquires about token corresponding with the device id;
Service end is verified using the token and first preset algorithm to the dynamic password;
Service end verifies at least with the first information and second preset algorithm to second information;
If the dynamic password verification passes through and second information checking is by performing corresponding with the certification password
Payment transaction.
A kind of password generated device, including:
First computing unit, for the token and current time value that will be pre-stored within terminal as the first preset algorithm
Input value, dynamic password is calculated;The terminal also prestores device id corresponding with the token, the token and
The device id is to be generated from service end and sent to terminal;
Second computing unit, at least using the first information comprising the dynamic password as the defeated of the second preset algorithm
Enter value, the second information is calculated;
Password generated unit, for generating the certification for including the dynamic password, second information and the device id
Password.
A kind of password authentication device, including:
Receiving unit, for receiving the certification password for including dynamic password, the second information and device id generated by terminal;
The dynamic password is that terminal calculates the token prestored and current time value as the input value of the first preset algorithm
Arrive, second information is input value meter of the terminal at least using the first information including dynamic password as the second preset algorithm
Obtain, the device id is previously stored in the terminal;
Query unit, for inquiring about token corresponding with the device id;
Verification unit, for being verified using the token and first preset algorithm to the dynamic password, and use
Second information is verified at least with the first information and second preset algorithm;
Identifying unit, for dynamic password verification pass through and second information checking by when, described in judgement
Certification password authentication passes through.
A kind of payment mechanism, including:
Receiving unit, for receiving the certification password for including dynamic password, the second information and device id generated by terminal;
The dynamic password is that terminal calculates the token prestored and current time value as the input value of the first preset algorithm
Arrive, second information is input value meter of the terminal at least using the first information including dynamic password as the second preset algorithm
Obtain, the device id is previously stored in the terminal;
Query unit, for inquiring about token corresponding with the device id;
Verification unit, for being verified using the token and first preset algorithm to the dynamic password, and use
Second information is verified at least with the first information and second preset algorithm;
Payment unit, for the dynamic password verification pass through and second information checking by when, perform and institute
State payment transaction corresponding to certification password.
Above-mentioned at least one technical scheme that the embodiment of the present application uses can reach following beneficial effect:According to token
After dynamic password is calculated with current time value, also at least preset the first information including the dynamic password as second
The input value of algorithm, the second information is calculated, and ultimately generates recognizing comprising dynamic password, the second information and the device id
Demonstrate,prove password, it is seen then that the certification password of the embodiment of the present application generation, in addition to comprising dynamic password and device id, in addition to above-mentioned the
Two information.During the certification password is verified, not only need to verify above-mentioned dynamic password, it is also necessary to right
Above-mentioned second information verified, and after above-mentioned dynamic password and above-mentioned second information are verified, and judges current to recognize
Card password authentication passes through.Compared to prior art, the risk that is cracked by other people brute-force of certification password of the embodiment of the present application generation
Effectively reduced.As an example it is assumed that above-mentioned dynamic password is 0~9 numeral of M positions, above-mentioned second information is the 0 of K positions
~9 numeral, the then above-mentioned certification password that the embodiment of the present application generates are about by the probability that other people brute-force crack:1/10M+K。
Embodiment
In order that those skilled in the art more fully understand the technical scheme in the application, it is real below in conjunction with the application
The accompanying drawing in example is applied, the technical scheme in the embodiment of the present application is clearly and completely described, it is clear that described implementation
Example only some embodiments of the present application, rather than whole embodiments.It is common based on the embodiment in the application, this area
The every other embodiment that technical staff is obtained under the premise of creative work is not made, it should all belong to the application protection
Scope.
The application is intended to the certification password higher by generating level of security, by reduction other people using brute-force crack in a manner of enter
The risk of row authentication attack.In brute-force cracks mode, attacker can by exhaustive all possible certification password,
And verified one by one using the certification password of exhaustion, to collide correct certification password.Generally, due to the certification of service end
Password verification interface is exposed in public network untrusted channel, and it is low to crack the cost that mode attacked using above-mentioned brute-force, once
Success is cracked, then is likely to result in user's property loss.
Fig. 1 is the flow chart of generation and the checking for the certification password that the embodiment of the application one provides.Wherein, in a kind of example
In authentication (or identification) scene of property, terminal, service end and barcode scanning device can be included, the terminal can be
Wireless terminal (such as smart mobile phone), it can install to carry out the applications client of authentication on the wireless terminal, it is above-mentioned
Service end can be the service end for carrying out authentication, and above-mentioned barcode scanning device can be various types of Quick Response Code or bar
Code scanner device etc..Then, the technical scheme of the embodiment of the present application can be realized by following process:
S101:Token and device id corresponding with token that terminal sends service end are written to the memory block of the terminal
In.
Usually, terminal is above-mentioned objective to carry out the applications client of authentication and start the application for the first time in installation
Behind the end of family, service end can to generate a unique token and device id corresponding with the token, wherein, above-mentioned token can be with
As to generate the seed of dynamic password (OTP codes) (input value of algorithm), the said equipment ID is used for uniquely identifying the end
End.Typically only terminal and service end are stored with the token, and other equipment is difficult to get above-mentioned token.Sent out to each terminal
Serve after stating token and device id, service end needs the mapping relations by above-mentioned token and device id to be stored.It is worth saying
Bright, above-mentioned secure storage areas can be certain block memory cell in terminal, need to ensure the content stored in the memory cell
It is difficult to be stolen by other devices in addition to carry out the client of identification.Usually, user can step in terminal
Some account is recorded, after the account is logged in, service end can be with generation device id corresponding with current account and above-mentioned token.
That is, above-mentioned token, device id correspond in terminal the above-mentioned account logged in.
S102:Terminal calculates using the token prestored and current time value as the input value of the first preset algorithm
To dynamic password.
The corresponding numerical value of above-mentioned current time value can be with terminal is got current time.Above-mentioned first preset algorithm
The output valve being calculated including input value and according to input value, above-mentioned input value can be current time value and token, above-mentioned
Output valve is dynamic password (Dynamic Password).In the embodiment of the present application, to lift security, the above-mentioned first pre- imputation
Method can be the non-reversible algorithm of any formation, and the non-reversible algorithm can be Time synchronization algorithm (TOTP), event synchronization
Algorithm (HOTP), challenge response algorithm (OCRA) etc..Due to above-mentioned calculating dynamic password process need to using current time value as
The input value of first preset algorithm, therefore above-mentioned dynamic password possesses certain ageing (i.e. can only be in one section of duration effectively).
This way it is possible to avoid attacker is cracked by multi-sending attack (Replay Attacks) to authenticating user identification process.
S103:Input value of the terminal at least using the first information including above-mentioned dynamic password as the second preset algorithm, meter
Calculation obtains the second information.
In the embodiment of the present application, above-mentioned second preset algorithm can be the algorithm that any one is manually set, by above-mentioned
Input value of one information as second preset algorithm, the output valve being calculated are above-mentioned second information.Due to this first
Information comprises at least dynamic password, and dynamic password is related to current time value (being calculated according to current time value),
Over time, above-mentioned dynamic password constantly changes, then the first information including dynamic password also constantly changes.
In the embodiment of the present application, above-mentioned second preset algorithm can be non-reversible algorithm, for example, a kind of " signature algorithm ",
" signature algorithm " is somebody's turn to do using above-mentioned token and the above-mentioned first information as input value, the output valve being calculated is above-mentioned second information
(signature).Above-mentioned " signature algorithm " includes but is not limited to:HMAC(Hash-based Message Authentication
Code, Hash operation message authentication code)-MD5 algorithms or HMAC-SHA algorithms.Wherein, in above-mentioned " signature algorithm ", typically
With a key (above-mentioned token) and one section of plaintext (the above-mentioned first information) for input value, above-mentioned second information (label are calculated
Name).Then, above-mentioned steps S103 includes:Terminal is by the token and includes the first information of the dynamic password, pre- as second
The input value of imputation method, the second information is calculated.
It is worth addressing, the input value of above-mentioned second preset algorithm can only have the above-mentioned first information, or above-mentioned first
Information and above-mentioned token, or in addition to the above-mentioned first information and above-mentioned token, in addition to other input values, the application is not to upper
The input value for stating the second preset algorithm is restricted.
In the embodiment of the present application, the above-mentioned first information can be it is following any one:
1) dynamic password;Such as:123456.
2) combination of dynamic password and current time value;Such as:123456 (dynamic passwords) 20160503110232 are (when current
Between be worth).
3) combination of device id and dynamic password;Such as:5060341211 (device id) 20160503110232 (current time
Value).
4) combination of device id, dynamic password and current time value.Such as:5060341211 (device id) 123456 (dynamic
Password) 20160503110232 (current time values).
S104:Terminal generates the certification password for including dynamic password, the second information and device id.
General terminal can be by the above-mentioned certification password of generation in the form of Quick Response Code, in bar code form, digital form
One or more are showed on display screen.During above-mentioned certification password is generated, corresponding AES pair can be utilized
Above-mentioned dynamic password is encrypted.
Shown in reference picture 2, in the embodiment of the application one, above-mentioned second information (label can be generated by " signature algorithm "
Name).Then in this embodiment, first can be using current time value and token as the defeated of HOTP algorithm (i.e. the first preset algorithm)
Enter value, dynamic password is calculated (such as:N bit digitals), then by device id (such as:M bit digitals) and the dynamic password be combined,
Obtain a gender identity password (such as:N+M bit digitals).Then, by token and an above-mentioned gender identity password (i.e. above-mentioned first letter
Breath) it is used as the second preset algorithm (such as:HMAC-SHA algorithms) input value, the second information is calculated (such as:K bit digitals).Most
Afterwards, by an above-mentioned gender identity password (such as:N+M bit digitals) and above-mentioned second information is (such as:K bit digitals) it is combined, obtain
To realize the certification password of authentication (N+M+K bit digitals).
It is a kind of schematic diagram of exemplary certification password shown in reference picture 3.The certification password can generally comprise two dimension
Code viewing area and bar code display area, and the certification password represented in digital form.Wherein, the certification represented in digital form
Password can include device id 10, the information 30 of dynamic password 20 and second.It is noted that in the certification password ultimately generated
In, above-mentioned second information, the ordering of dynamic password and device id and combination are formed and are not restricted.In figure 3, it is above-mentioned dynamic
State password can automatically update once every one section of duration (such as one minute), that is to say, that generate every time include dynamic password,
The effective time of the certification password of second information and device id is one minute.
S105:The certification password that barcode scanning device is shown by scanning in above-mentioned terminal, and send the certification mouth to service end
Order, to ask to carry out authentication.In the embodiment of the present application, scanning means can be sent and work as according to the difference of specific business
The corresponding service requesting information of preceding business, and the certification password is carried in the service requesting information.Above-mentioned barcode scanning device can
To be two-dimensional code scanning device or bar code scanner of any formation etc., the barcode scanning device passes through network to be carried out with service end
Communication.
S106:Service end obtains the device id in the certification password, and inquire about and the device id according to above-mentioned certification password
Corresponding token.
As it was previously stated, service end is to above-mentioned terminal after unique token and device id corresponding with token is sent, meeting
The mapping relations of the token and device id are stored.Service end can be according to the word where the device id in certification password
Section, extraction equipment ID, and inquire the token with the device id maps mutually.So, although above-mentioned certification password is plaintext,
As a result of non-reversible algorithm, the external world can not get token by way of reverse engineered so that token can be used as one
Kind key, is only stored on above-mentioned client and above-mentioned service end.
S107:Service end is verified to above-mentioned dynamic password, and above-mentioned second information is verified.
In the embodiment of the present application, service end can utilize the token and current time value that inquire, and using it is above-mentioned can not
Algorithm for inversion is (such as:HOTP algorithm), credible dynamic password list is calculated, dynamic password list that this is credible includes multiple credible dynamic
State password.Afterwards, can be carried out using each credible dynamic password in the credible dynamic password list and above-mentioned dynamic password
Compare, if finding, some credible dynamic password is consistent with above-mentioned dynamic password, and it is legal, verification to show current dynamic password
Pass through.Usually, above-mentioned dynamic password can be in one section of duration effectively (such as:After the time point of the dynamic password is generated
30 seconds in effectively), and the dynamic password can only be only used once.It is noted that the checking procedure to dynamic password
Belong to technology well-known to those skilled in the art, be not described in detail herein.
In the embodiment of the present application, service end can utilize the first information and the second preset algorithm, and second information is entered
Row verification.Specifically, input value of the service end using the first information as the second preset algorithm, a check value is calculated, and will
The check value is compared with above-mentioned second information, if unanimously, showing that the verification of the second information passes through, otherwise not passing through.
In the embodiment of the application one, if above-mentioned second preset algorithm be signature algorithm (such as:HMAC-SHA algorithms), the signature
The input value of algorithm be token and a gender identity password (such as:N+M bit digitals), obtained the second information (signature) is K digits
Word.Then, the input that service end can be using an above-mentioned gender identity password (i.e. the first information) and token as above-mentioned signature algorithm
Value, is calculated a check value, and by the check value compared with above-mentioned second information (signature), if unanimously, verification is logical
Cross, otherwise do not pass through.
S108:Service end sends identity authentication result to scanning means.
It can be seen that above-mentioned second information checking by and the verification of above-mentioned dynamic password pass through when, show the body of active user
Part certification is by the way that service end can send the message that authentication passes through to scanning means;Otherwise, identity is sent to scanning means
The message that certification does not pass through.Certainly, above-mentioned identity authentication result can also be fed back to above-mentioned terminal by service end.According to business
Difference, above-mentioned second information checking by and above-mentioned dynamic password verification pass through when, can perform and current authentication password pair
The affairs answered are (such as:To the affairs for specifying account to be withholdd).
The technical scheme provided from above the embodiment of the present application, it is dynamic being calculated according to token and current time value
After state password, the input value also at least using the first information including the dynamic password as the second preset algorithm, it is calculated
Second information, and ultimately generate the certification password comprising dynamic password, the second information and the device id, it is seen then that the application is real
The certification password of example generation is applied, in addition to comprising dynamic password and device id, in addition to above-mentioned second information.To the certification password
During being verified, not only need to verify above-mentioned dynamic password, it is also necessary to above-mentioned second information is verified,
And after above-mentioned dynamic password and above-mentioned second information are verified, judge that current certification password authentication passes through.Compared to
Prior art, the risk that the certification password of the embodiment of the present application generation is cracked by other people brute-force are effectively reduced.For example,
Assuming that above-mentioned dynamic password is 0~9 numeral of M positions, above-mentioned second information is 0~9 numeral of K positions, then the application is implemented
Example generation above-mentioned certification password be about by the probability that other people brute-force crack:1/10M+K。
In addition, in the above-described embodiments, signature algorithm can be utilized, and by token and the first information including dynamic password
As the input value of above-mentioned signature algorithm, the second information (signature) is calculated, and second information (signature) is added to most
Throughout one's life into certification password in.Compared to prior art, by above-mentioned signature algorithm, attacker can be reduced by the way that " brute-force is broken
Solution " mode collides the possibility of obtained certification password.That is, if desired attacker cracks the certification of user identity, then
Needing while colliding to obtain above-mentioned dynamic password by " brute-force cracks " mode, collision obtains above-mentioned second information, so,
Compared in the prior art, it is clear that crack difficulty and be increased, and then improve the security of authenticating user identification process.
The flow for the password generated method that Fig. 4 provides for the embodiment of the application one, the executive agent of the password generated method
Can be above-mentioned terminal, the password generated method may include steps of:
S201:Using the token prestored and current time value as the input value of the first preset algorithm, it is calculated dynamic
State password;Wherein, the terminal also prestores device id corresponding with the token, the token and the device id be by
What service end was generated and sent to the terminal.
Step S201 is referred to above-mentioned steps S102 content, is no longer repeated herein.
S202:Input value at least using the first information comprising the dynamic password as the second preset algorithm, is calculated
To the second information.
Step S202 is referred to above-mentioned steps S103 content, is no longer repeated herein.
In the embodiment of the application one, by the token and the first information of the dynamic password can be included, as second
The input value of preset algorithm, the second information is calculated.
S203:Generation includes the certification password of the dynamic password, second information and the device id.
Step S203 is referred to above-mentioned steps S104 content, is no longer repeated herein.
The password generated method performed by above-mentioned terminal, it can obtain including dynamic password, the second information and device id
Certification password, compared to prior art, the embodiment of the present application generation certification password obtained by the risk that other people brute-force crack
Effectively reduce.
The flow for the password authentication method that Fig. 5 provides for the embodiment of the application one, the executive agent of the password authentication method
Can be above-mentioned service end, the password authentication method may include steps of:
S301:Receive the certification password for including dynamic password, the second information and device id generated by terminal;The dynamic
Password is that the token prestored and current time value are calculated terminal as the input value of the first preset algorithm, described
Second information is that terminal is at least calculated the first information including dynamic password as the input value of the second preset algorithm,
The device id is previously stored in the terminal.
S302:According to the device id in the certification password, token corresponding with the device id is inquired about.
Step S302 is referred to above-mentioned steps S106 content, is no longer repeated herein.
S303:The dynamic password is verified using the token and first preset algorithm.
S304:Second information is verified at least with the first information and second preset algorithm.
S305:If the dynamic password verification passes through and second information checking is by judging that the certification password is tested
Card passes through.
The password authentication method performed by above-mentioned service end, terminal can be generated believes comprising dynamic password, second
The certification password of breath and device id is verified that, compared to prior art, the certification password that the embodiment of the present application is verified is by him
The risk that people's brute-force cracks effectively is reduced.
Next, introduce it is a kind of using above-mentioned password generated method and password authentication method come the method for payment realized.Should
Method of payment can be that barcode scanning pays scene under a kind of line, comprise the following steps:
Step a:Service end is received to carry and asked by the payment of the certification password of terminal generation;The certification password includes dynamic
State password, the second information and device id, the dynamic password are terminals using the token prestored and current time value as
What the input value of one preset algorithm was calculated, second information is that terminal at least makees the first information including dynamic password
It is calculated for the input value of the second preset algorithm, the device id is previously stored in the terminal.It is described to pay request
The amount information of payment, beneficiary accounts information, payer accounts information can also be carried.
Step b:Device id of the service end in the certification password, inquire about token corresponding with the device id.
Step c:Service end is verified using the token and current time value to the dynamic password.
Step d:Service end utilizes the first information, token and second preset algorithm, and second information is entered
Row verification.
Step f:If the dynamic password verification passes through and second information checking is by performing and the certification mouth
Payment transaction corresponding to order.The implementation procedure of the payment transaction is usually that (above-mentioned payment asks what is carried by certain amount of money
The amount information of payment) process of beneficiary account (such as Merchant Account) is gone to from payer account (such as some buyer).
It can be seen that in the scene that lower barcode scanning is paid online, compared to prior art, certification mouth that the embodiment of the present application is verified
Make the risk cracked by other people brute-force effectively be reduced, substantially reduce the possibility of the stolen brush of user's property.
It should be noted that the application for the password generated method and password authentication method that above-mentioned each embodiment of the application provides
Scene is not limited to barcode scanning under above-mentioned line and pays scene, can also be the scene for needing to carry out authentication of other forms (such as:
Enabling etc. is realized by verifying user identity).
It should be noted that the executive agent that various embodiments above provides each step of method may each be same and set
It is standby, or, this method is also by distinct device as executive agent.For example step S201 and step S1202 executive agent can be with
For equipment 1, step S203 executive agent can be equipment 2;Again for example, step S201 executive agent can be equipment 1, step
Rapid S202 and step S203 executive agent can be equipment 2;Etc..
Fig. 6 is the module diagram of the password generated device that the embodiment of the present application provides and password authentication device.The application
In embodiment, exemplified by paying scene, including terminal 100, service end 200, barcode scanning device 300, network 400, wherein, above-mentioned clothes
Business end 200 and above-mentioned terminal 100 can be in communication with each other by network 400, and above-mentioned server 200 and above-mentioned barcode scanning device 300 can
To be in communication with each other by network 400.Wherein, terminal 100 includes display screen 102, processing unit, bus, input/output unit etc.
Hardware, above-mentioned service end 200 also include processor 202, internal memory 204, nonvolatile memory 206, bus, input/output unit
Deng hardware.In addition to above-mentioned hardware, above-mentioned terminal 100 and service end 200 also include corresponding software.Wherein, password generated device
110 can be present in the form of software or hardware or software and hardware combining in above-mentioned terminal 100 (such as it is present in internal memory or hard
In disk), password calibration equipment 210 can be present in the form of software or hardware or software and hardware combining in above-mentioned terminal 200
(such as being present in internal memory or hard disk).Wherein, the function that the unit in the password generated device can be realized with it is upper
State that the function that each step can be realized in password generated method is similar, therefore the detail of the password generated device can join
According to the content of above-mentioned password generated embodiment of the method, no longer repeated herein.Similarly, above-mentioned password authentication device is specific
Details is referred to the content of above-mentioned password authentication embodiment of the method.
As shown in fig. 6, in the embodiment of the application one, a kind of password generated device 110 includes:
First computing unit 111, for the token being pre-stored within terminal and current time value to be preset as first
The input value of algorithm, is calculated dynamic password;The terminal also prestores device id corresponding with the token, the order
Board and the device id are to be generated from service end and sent to terminal.
Second computing unit 113, at least using the first information comprising the dynamic password as the second preset algorithm
Input value, the second information is calculated.
Password generated unit 115, for generating recognizing comprising the dynamic password, second information and the device id
Demonstrate,prove password.
In the application optional embodiment, second computing unit 113 is used for:
By the token and the first information of the dynamic password is included, as the input value of the second preset algorithm, is calculated
Obtain the second information.
In the application optional embodiment, the first information include it is following any one:
Dynamic password;
The combination of dynamic password and current time value;
The combination of device id and dynamic password;
The combination of device id, dynamic password and current time value.
In the application optional embodiment, first preset algorithm is non-reversible algorithm, and/or the described second pre- imputation
Method is non-reversible algorithm.
As shown in fig. 6, in the embodiment of the application one, a kind of password authentication device 210, including:
Receiving unit 211, for receiving the certification mouth for including dynamic password, the second information and device id generated by terminal
Order;The dynamic password is that terminal calculates the token prestored and current time value as the input value of the first preset algorithm
Obtain, second information is input value of the terminal at least using the first information including dynamic password as the second preset algorithm
It is calculated, the device id is previously stored in the terminal;
Query unit 213, for inquiring about token corresponding with the device id;
Verification unit 215, for being verified using the token and first preset algorithm to the dynamic password, and
For being verified at least with the first information and second preset algorithm to second information;
Identifying unit 217, for the dynamic password verification pass through and second information checking by when, judge institute
Certification password authentication is stated to pass through.
In the application optional embodiment, the verification unit 215 is used for:
Second information is verified using the first information, the token and second preset algorithm;Institute
It is that the token and the first information are calculated terminal as the input value of the second preset algorithm to state the second information.
In the application optional embodiment, the first information include it is following any one:
Dynamic password;
The combination of dynamic password and current time value;
The combination of device id and dynamic password;
The combination of device id, dynamic password and current time value.
In scene is paid, a kind of payment mechanism of the embodiment of the present application offer, including:
Receiving unit, for receiving the certification password for including dynamic password, the second information and device id generated by terminal;
The dynamic password is that terminal calculates the token prestored and current time value as the input value of the first preset algorithm
Arrive, second information is input value meter of the terminal at least using the first information including dynamic password as the second preset algorithm
Obtain, the device id is previously stored in the terminal;
Query unit, for inquiring about token corresponding with the device id;
Verification unit, for being verified using the token and first preset algorithm to the dynamic password, and use
Second information is verified at least with the first information and second preset algorithm;
Payment unit, for the dynamic password verification pass through and second information checking by when, perform and institute
State payment transaction corresponding to certification password.
Compared to prior art, the certification password that the embodiment of the present application is verified is had by the risk that other people brute-force crack
Effect reduces, and substantially reduces the possibility of the stolen brush of user's property.
For convenience of description, it is divided into various units during description apparatus above with function to describe respectively.Certainly, this is being implemented
The function of each unit can be realized in same or multiple softwares and/or hardware during application.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more
The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability
Comprising so that process, method, commodity or equipment including a series of elements not only include those key elements, but also wrapping
Include the other element being not expressly set out, or also include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that wanted including described
Other identical element also be present in the process of element, method, commodity or equipment.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer program product.
Therefore, the application can be using the embodiment in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Form.Deposited moreover, the application can use to can use in one or more computers for wherein including computer usable program code
The shape for the computer program product that storage media is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
Formula.
The application can be described in the general context of computer executable instructions, such as program
Module.Usually, program module includes performing particular task or realizes routine, program, object, the group of particular abstract data type
Part, data structure etc..The application can also be put into practice in a distributed computing environment, in these DCEs, by
Task is performed and connected remote processing devices by communication network.In a distributed computing environment, program module can be with
In the local and remote computer-readable storage medium including storage device.
Each embodiment in this specification is described by the way of progressive, identical similar portion between each embodiment
Divide mutually referring to what each embodiment stressed is the difference with other embodiment.It is real especially for system
For applying example, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is referring to embodiment of the method
Part explanation.
Embodiments herein is the foregoing is only, is not limited to the application.For those skilled in the art
For, the application can have various modifications and variations.All any modifications made within spirit herein and principle, it is equal
Replace, improve etc., it should be included within the scope of claims hereof.