CN107453871A - Password generated method, password authentication method, method of payment and device - Google Patents

Password generated method, password authentication method, method of payment and device Download PDF

Info

Publication number
CN107453871A
CN107453871A CN201610371868.1A CN201610371868A CN107453871A CN 107453871 A CN107453871 A CN 107453871A CN 201610371868 A CN201610371868 A CN 201610371868A CN 107453871 A CN107453871 A CN 107453871A
Authority
CN
China
Prior art keywords
information
password
dynamic password
terminal
token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610371868.1A
Other languages
Chinese (zh)
Other versions
CN107453871B (en
Inventor
邱鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN202010764543.6A priority Critical patent/CN111800276B/en
Priority to CN201610371868.1A priority patent/CN107453871B/en
Publication of CN107453871A publication Critical patent/CN107453871A/en
Application granted granted Critical
Publication of CN107453871B publication Critical patent/CN107453871B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the present application discloses password generated method, password authentication method, method of payment and device.The password generated method includes:Dynamic password is calculated using the token prestored and current time value as the input value of the first preset algorithm in terminal;The terminal also prestores device id corresponding with the token, and the token and the device id are to be generated from service end and sent to the terminal;Input value of the terminal at least using the first information comprising the dynamic password as the second preset algorithm, is calculated the second information;Terminal generates the certification password for including the dynamic password, second information and the device id.Compared to prior art, the risk that the certification password of the embodiment of the present application generation is cracked by other people brute-force is effectively reduced.

Description

Password generated method, password authentication method, method of payment and device
Technical field
The application is related to authentification of message field, more particularly to a kind of password generated method, password authentication method, method of payment And device.
Background technology
At present, it is required to carry out user's body by dynamic password (One-time Password, OTP) in many scenes The certification of part.Its application scenarios includes barcode scanning payment etc. under line.
So that barcode scanning under line pays scene as an example, usually, paying the service end of application can give birth to for each client in advance Sent into unique token and device id corresponding with the token, and by the token of generation and device id to each client, visitor The token and device id can be stored in secure storage areas by family end.Wherein, service end needs to prestore token and device id Corresponding relation.When the client that user needs to apply by above-mentioned payment carries out barcode scanning payment, client can be according to pre- The token and current time value first stored, using certain preset algorithm (such as:Event synchronization HOTP algorithm) to be calculated one dynamic State password, by the dynamic password (such as:M positions) and the said equipment ID is (such as:N positions) composition identity password is (such as:M+N positions).Then, business Family can be scanned by barcode scanning device to the identity password, and the identity password scanned is uploaded into above-mentioned payment application Service end verified.Service end can obtain device id according to above-mentioned identity password, and inquire about and obtain and the device id pair The token answered, by the use of current time in system and token as the input value of above-mentioned preset algorithm, credible dynamic password is calculated List, and the dynamic password is verified using the credible dynamic password list;If dynamic password verification passes through, show The authentication of active user is by that can perform payment transaction.
Above-mentioned identity password of the prior art is present by the risk of " brute-force cracks ".So-called " brute-force cracks " refers to:By In client generation above-mentioned identity password in plain text, can be in the device id in getting the identity password (such as:N positions) after, According to certain mode (such as:At random, it is exhaustive) the above-mentioned dynamic password of generation is (such as:M positions), and constantly utilize the dynamic password of generation The identity authenticating password formed with the said equipment ID is (such as:M+N positions) user identity is authenticated, until authenticating user identification Success.For example, sometime, the dynamic password that client is calculated according to token and current time value is: " 123456 ", then above-mentioned " brute-force cracks " process are:From " 000000 " to " 999999 " generates dynamic password one by one for other people, and right The identity authenticating password at current time is cracked, untill correct dynamic password " 123456 " is collided.Above-mentioned existing Have in technology, it is assumed that each in the dynamic password of above-mentioned M positions is 0~9, then above-mentioned user identity is cracked successfully by brute-force Probability is about:1/10M
It can be seen that there is certain risk cracked by other people brute-force in identity authenticating password of the prior art.
The content of the invention
The purpose of the embodiment of the present application is to provide a kind of password generated method, password authentication method, method of payment and device, To solve the problems, such as that identity authenticating password of the prior art has the risk cracked by other people brute-force.
In order to solve the above technical problems, password generated method, password authentication method, payer that the embodiment of the present application provides What method and device were realized in:
A kind of password generated method, including:
Dynamic is calculated using the token prestored and current time value as the input value of the first preset algorithm in terminal Password;The terminal also prestores device id corresponding with the token, and the token and the device id are by service end Generate and sent to the terminal;
Input value of the terminal at least using the first information comprising the dynamic password as the second preset algorithm, is calculated Second information;
Terminal generates the certification password for including the dynamic password, second information and the device id.
A kind of password authentication method, including:
Service end receives the certification password for including dynamic password, the second information and device id generated by terminal;It is described dynamic State password is that the token prestored and current time value are calculated terminal as the input value of the first preset algorithm, institute It is that terminal is at least calculated the first information including dynamic password as the input value of the second preset algorithm to state the second information , the device id is previously stored in the terminal;
Service end inquires about token corresponding with the device id;
Service end is verified using the token and first preset algorithm to the dynamic password;
Service end verifies at least with the first information and second preset algorithm to second information;
If the dynamic password verification passes through and second information checking is by judging that the certification password authentication leads to Cross.
A kind of method of payment, including:
Service end receives the certification password for including dynamic password, the second information and device id generated by terminal;It is described dynamic State password is that the token prestored and current time value are calculated terminal as the input value of the first preset algorithm, institute It is that terminal is at least calculated the first information including dynamic password as the input value of the second preset algorithm to state the second information , the device id is previously stored in the terminal;
Service end inquires about token corresponding with the device id;
Service end is verified using the token and first preset algorithm to the dynamic password;
Service end verifies at least with the first information and second preset algorithm to second information;
If the dynamic password verification passes through and second information checking is by performing corresponding with the certification password Payment transaction.
A kind of password generated device, including:
First computing unit, for the token and current time value that will be pre-stored within terminal as the first preset algorithm Input value, dynamic password is calculated;The terminal also prestores device id corresponding with the token, the token and The device id is to be generated from service end and sent to terminal;
Second computing unit, at least using the first information comprising the dynamic password as the defeated of the second preset algorithm Enter value, the second information is calculated;
Password generated unit, for generating the certification for including the dynamic password, second information and the device id Password.
A kind of password authentication device, including:
Receiving unit, for receiving the certification password for including dynamic password, the second information and device id generated by terminal; The dynamic password is that terminal calculates the token prestored and current time value as the input value of the first preset algorithm Arrive, second information is input value meter of the terminal at least using the first information including dynamic password as the second preset algorithm Obtain, the device id is previously stored in the terminal;
Query unit, for inquiring about token corresponding with the device id;
Verification unit, for being verified using the token and first preset algorithm to the dynamic password, and use Second information is verified at least with the first information and second preset algorithm;
Identifying unit, for dynamic password verification pass through and second information checking by when, described in judgement Certification password authentication passes through.
A kind of payment mechanism, including:
Receiving unit, for receiving the certification password for including dynamic password, the second information and device id generated by terminal; The dynamic password is that terminal calculates the token prestored and current time value as the input value of the first preset algorithm Arrive, second information is input value meter of the terminal at least using the first information including dynamic password as the second preset algorithm Obtain, the device id is previously stored in the terminal;
Query unit, for inquiring about token corresponding with the device id;
Verification unit, for being verified using the token and first preset algorithm to the dynamic password, and use Second information is verified at least with the first information and second preset algorithm;
Payment unit, for the dynamic password verification pass through and second information checking by when, perform and institute State payment transaction corresponding to certification password.
Above-mentioned at least one technical scheme that the embodiment of the present application uses can reach following beneficial effect:According to token After dynamic password is calculated with current time value, also at least preset the first information including the dynamic password as second The input value of algorithm, the second information is calculated, and ultimately generates recognizing comprising dynamic password, the second information and the device id Demonstrate,prove password, it is seen then that the certification password of the embodiment of the present application generation, in addition to comprising dynamic password and device id, in addition to above-mentioned the Two information.During the certification password is verified, not only need to verify above-mentioned dynamic password, it is also necessary to right Above-mentioned second information verified, and after above-mentioned dynamic password and above-mentioned second information are verified, and judges current to recognize Card password authentication passes through.Compared to prior art, the risk that is cracked by other people brute-force of certification password of the embodiment of the present application generation Effectively reduced.As an example it is assumed that above-mentioned dynamic password is 0~9 numeral of M positions, above-mentioned second information is the 0 of K positions ~9 numeral, the then above-mentioned certification password that the embodiment of the present application generates are about by the probability that other people brute-force crack:1/10M+K
Brief description of the drawings
, below will be to embodiment or existing in order to illustrate more clearly of the embodiment of the present application or technical scheme of the prior art There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments described in application, for those of ordinary skill in the art, do not paying the premise of creative labor Under, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the flow chart of generation and the checking for the certification password that the embodiment of the application one provides;
Fig. 2 shows the generating process of the certification password in the exemplary embodiment of the application one;
Fig. 3 is the schematic diagram for the certification password that the embodiment of the application one provides;
Fig. 4 is the flow chart for the password generated method based on terminal that the embodiment of the application one provides;
Fig. 5 is the flow chart for the password authentication method based on service end that the embodiment of the application one provides;
Fig. 6 is the module diagram of the password generated device that the embodiment of the application one provides and password authentication device.
Embodiment
In order that those skilled in the art more fully understand the technical scheme in the application, it is real below in conjunction with the application The accompanying drawing in example is applied, the technical scheme in the embodiment of the present application is clearly and completely described, it is clear that described implementation Example only some embodiments of the present application, rather than whole embodiments.It is common based on the embodiment in the application, this area The every other embodiment that technical staff is obtained under the premise of creative work is not made, it should all belong to the application protection Scope.
The application is intended to the certification password higher by generating level of security, by reduction other people using brute-force crack in a manner of enter The risk of row authentication attack.In brute-force cracks mode, attacker can by exhaustive all possible certification password, And verified one by one using the certification password of exhaustion, to collide correct certification password.Generally, due to the certification of service end Password verification interface is exposed in public network untrusted channel, and it is low to crack the cost that mode attacked using above-mentioned brute-force, once Success is cracked, then is likely to result in user's property loss.
Fig. 1 is the flow chart of generation and the checking for the certification password that the embodiment of the application one provides.Wherein, in a kind of example In authentication (or identification) scene of property, terminal, service end and barcode scanning device can be included, the terminal can be Wireless terminal (such as smart mobile phone), it can install to carry out the applications client of authentication on the wireless terminal, it is above-mentioned Service end can be the service end for carrying out authentication, and above-mentioned barcode scanning device can be various types of Quick Response Code or bar Code scanner device etc..Then, the technical scheme of the embodiment of the present application can be realized by following process:
S101:Token and device id corresponding with token that terminal sends service end are written to the memory block of the terminal In.
Usually, terminal is above-mentioned objective to carry out the applications client of authentication and start the application for the first time in installation Behind the end of family, service end can to generate a unique token and device id corresponding with the token, wherein, above-mentioned token can be with As to generate the seed of dynamic password (OTP codes) (input value of algorithm), the said equipment ID is used for uniquely identifying the end End.Typically only terminal and service end are stored with the token, and other equipment is difficult to get above-mentioned token.Sent out to each terminal Serve after stating token and device id, service end needs the mapping relations by above-mentioned token and device id to be stored.It is worth saying Bright, above-mentioned secure storage areas can be certain block memory cell in terminal, need to ensure the content stored in the memory cell It is difficult to be stolen by other devices in addition to carry out the client of identification.Usually, user can step in terminal Some account is recorded, after the account is logged in, service end can be with generation device id corresponding with current account and above-mentioned token. That is, above-mentioned token, device id correspond in terminal the above-mentioned account logged in.
S102:Terminal calculates using the token prestored and current time value as the input value of the first preset algorithm To dynamic password.
The corresponding numerical value of above-mentioned current time value can be with terminal is got current time.Above-mentioned first preset algorithm The output valve being calculated including input value and according to input value, above-mentioned input value can be current time value and token, above-mentioned Output valve is dynamic password (Dynamic Password).In the embodiment of the present application, to lift security, the above-mentioned first pre- imputation Method can be the non-reversible algorithm of any formation, and the non-reversible algorithm can be Time synchronization algorithm (TOTP), event synchronization Algorithm (HOTP), challenge response algorithm (OCRA) etc..Due to above-mentioned calculating dynamic password process need to using current time value as The input value of first preset algorithm, therefore above-mentioned dynamic password possesses certain ageing (i.e. can only be in one section of duration effectively). This way it is possible to avoid attacker is cracked by multi-sending attack (Replay Attacks) to authenticating user identification process.
S103:Input value of the terminal at least using the first information including above-mentioned dynamic password as the second preset algorithm, meter Calculation obtains the second information.
In the embodiment of the present application, above-mentioned second preset algorithm can be the algorithm that any one is manually set, by above-mentioned Input value of one information as second preset algorithm, the output valve being calculated are above-mentioned second information.Due to this first Information comprises at least dynamic password, and dynamic password is related to current time value (being calculated according to current time value), Over time, above-mentioned dynamic password constantly changes, then the first information including dynamic password also constantly changes.
In the embodiment of the present application, above-mentioned second preset algorithm can be non-reversible algorithm, for example, a kind of " signature algorithm ", " signature algorithm " is somebody's turn to do using above-mentioned token and the above-mentioned first information as input value, the output valve being calculated is above-mentioned second information (signature).Above-mentioned " signature algorithm " includes but is not limited to:HMAC(Hash-based Message Authentication Code, Hash operation message authentication code)-MD5 algorithms or HMAC-SHA algorithms.Wherein, in above-mentioned " signature algorithm ", typically With a key (above-mentioned token) and one section of plaintext (the above-mentioned first information) for input value, above-mentioned second information (label are calculated Name).Then, above-mentioned steps S103 includes:Terminal is by the token and includes the first information of the dynamic password, pre- as second The input value of imputation method, the second information is calculated.
It is worth addressing, the input value of above-mentioned second preset algorithm can only have the above-mentioned first information, or above-mentioned first Information and above-mentioned token, or in addition to the above-mentioned first information and above-mentioned token, in addition to other input values, the application is not to upper The input value for stating the second preset algorithm is restricted.
In the embodiment of the present application, the above-mentioned first information can be it is following any one:
1) dynamic password;Such as:123456.
2) combination of dynamic password and current time value;Such as:123456 (dynamic passwords) 20160503110232 are (when current Between be worth).
3) combination of device id and dynamic password;Such as:5060341211 (device id) 20160503110232 (current time Value).
4) combination of device id, dynamic password and current time value.Such as:5060341211 (device id) 123456 (dynamic Password) 20160503110232 (current time values).
S104:Terminal generates the certification password for including dynamic password, the second information and device id.
General terminal can be by the above-mentioned certification password of generation in the form of Quick Response Code, in bar code form, digital form One or more are showed on display screen.During above-mentioned certification password is generated, corresponding AES pair can be utilized Above-mentioned dynamic password is encrypted.
Shown in reference picture 2, in the embodiment of the application one, above-mentioned second information (label can be generated by " signature algorithm " Name).Then in this embodiment, first can be using current time value and token as the defeated of HOTP algorithm (i.e. the first preset algorithm) Enter value, dynamic password is calculated (such as:N bit digitals), then by device id (such as:M bit digitals) and the dynamic password be combined, Obtain a gender identity password (such as:N+M bit digitals).Then, by token and an above-mentioned gender identity password (i.e. above-mentioned first letter Breath) it is used as the second preset algorithm (such as:HMAC-SHA algorithms) input value, the second information is calculated (such as:K bit digitals).Most Afterwards, by an above-mentioned gender identity password (such as:N+M bit digitals) and above-mentioned second information is (such as:K bit digitals) it is combined, obtain To realize the certification password of authentication (N+M+K bit digitals).
It is a kind of schematic diagram of exemplary certification password shown in reference picture 3.The certification password can generally comprise two dimension Code viewing area and bar code display area, and the certification password represented in digital form.Wherein, the certification represented in digital form Password can include device id 10, the information 30 of dynamic password 20 and second.It is noted that in the certification password ultimately generated In, above-mentioned second information, the ordering of dynamic password and device id and combination are formed and are not restricted.In figure 3, it is above-mentioned dynamic State password can automatically update once every one section of duration (such as one minute), that is to say, that generate every time include dynamic password, The effective time of the certification password of second information and device id is one minute.
S105:The certification password that barcode scanning device is shown by scanning in above-mentioned terminal, and send the certification mouth to service end Order, to ask to carry out authentication.In the embodiment of the present application, scanning means can be sent and work as according to the difference of specific business The corresponding service requesting information of preceding business, and the certification password is carried in the service requesting information.Above-mentioned barcode scanning device can To be two-dimensional code scanning device or bar code scanner of any formation etc., the barcode scanning device passes through network to be carried out with service end Communication.
S106:Service end obtains the device id in the certification password, and inquire about and the device id according to above-mentioned certification password Corresponding token.
As it was previously stated, service end is to above-mentioned terminal after unique token and device id corresponding with token is sent, meeting The mapping relations of the token and device id are stored.Service end can be according to the word where the device id in certification password Section, extraction equipment ID, and inquire the token with the device id maps mutually.So, although above-mentioned certification password is plaintext, As a result of non-reversible algorithm, the external world can not get token by way of reverse engineered so that token can be used as one Kind key, is only stored on above-mentioned client and above-mentioned service end.
S107:Service end is verified to above-mentioned dynamic password, and above-mentioned second information is verified.
In the embodiment of the present application, service end can utilize the token and current time value that inquire, and using it is above-mentioned can not Algorithm for inversion is (such as:HOTP algorithm), credible dynamic password list is calculated, dynamic password list that this is credible includes multiple credible dynamic State password.Afterwards, can be carried out using each credible dynamic password in the credible dynamic password list and above-mentioned dynamic password Compare, if finding, some credible dynamic password is consistent with above-mentioned dynamic password, and it is legal, verification to show current dynamic password Pass through.Usually, above-mentioned dynamic password can be in one section of duration effectively (such as:After the time point of the dynamic password is generated 30 seconds in effectively), and the dynamic password can only be only used once.It is noted that the checking procedure to dynamic password Belong to technology well-known to those skilled in the art, be not described in detail herein.
In the embodiment of the present application, service end can utilize the first information and the second preset algorithm, and second information is entered Row verification.Specifically, input value of the service end using the first information as the second preset algorithm, a check value is calculated, and will The check value is compared with above-mentioned second information, if unanimously, showing that the verification of the second information passes through, otherwise not passing through.
In the embodiment of the application one, if above-mentioned second preset algorithm be signature algorithm (such as:HMAC-SHA algorithms), the signature The input value of algorithm be token and a gender identity password (such as:N+M bit digitals), obtained the second information (signature) is K digits Word.Then, the input that service end can be using an above-mentioned gender identity password (i.e. the first information) and token as above-mentioned signature algorithm Value, is calculated a check value, and by the check value compared with above-mentioned second information (signature), if unanimously, verification is logical Cross, otherwise do not pass through.
S108:Service end sends identity authentication result to scanning means.
It can be seen that above-mentioned second information checking by and the verification of above-mentioned dynamic password pass through when, show the body of active user Part certification is by the way that service end can send the message that authentication passes through to scanning means;Otherwise, identity is sent to scanning means The message that certification does not pass through.Certainly, above-mentioned identity authentication result can also be fed back to above-mentioned terminal by service end.According to business Difference, above-mentioned second information checking by and above-mentioned dynamic password verification pass through when, can perform and current authentication password pair The affairs answered are (such as:To the affairs for specifying account to be withholdd).
The technical scheme provided from above the embodiment of the present application, it is dynamic being calculated according to token and current time value After state password, the input value also at least using the first information including the dynamic password as the second preset algorithm, it is calculated Second information, and ultimately generate the certification password comprising dynamic password, the second information and the device id, it is seen then that the application is real The certification password of example generation is applied, in addition to comprising dynamic password and device id, in addition to above-mentioned second information.To the certification password During being verified, not only need to verify above-mentioned dynamic password, it is also necessary to above-mentioned second information is verified, And after above-mentioned dynamic password and above-mentioned second information are verified, judge that current certification password authentication passes through.Compared to Prior art, the risk that the certification password of the embodiment of the present application generation is cracked by other people brute-force are effectively reduced.For example, Assuming that above-mentioned dynamic password is 0~9 numeral of M positions, above-mentioned second information is 0~9 numeral of K positions, then the application is implemented Example generation above-mentioned certification password be about by the probability that other people brute-force crack:1/10M+K
In addition, in the above-described embodiments, signature algorithm can be utilized, and by token and the first information including dynamic password As the input value of above-mentioned signature algorithm, the second information (signature) is calculated, and second information (signature) is added to most Throughout one's life into certification password in.Compared to prior art, by above-mentioned signature algorithm, attacker can be reduced by the way that " brute-force is broken Solution " mode collides the possibility of obtained certification password.That is, if desired attacker cracks the certification of user identity, then Needing while colliding to obtain above-mentioned dynamic password by " brute-force cracks " mode, collision obtains above-mentioned second information, so, Compared in the prior art, it is clear that crack difficulty and be increased, and then improve the security of authenticating user identification process.
The flow for the password generated method that Fig. 4 provides for the embodiment of the application one, the executive agent of the password generated method Can be above-mentioned terminal, the password generated method may include steps of:
S201:Using the token prestored and current time value as the input value of the first preset algorithm, it is calculated dynamic State password;Wherein, the terminal also prestores device id corresponding with the token, the token and the device id be by What service end was generated and sent to the terminal.
Step S201 is referred to above-mentioned steps S102 content, is no longer repeated herein.
S202:Input value at least using the first information comprising the dynamic password as the second preset algorithm, is calculated To the second information.
Step S202 is referred to above-mentioned steps S103 content, is no longer repeated herein.
In the embodiment of the application one, by the token and the first information of the dynamic password can be included, as second The input value of preset algorithm, the second information is calculated.
S203:Generation includes the certification password of the dynamic password, second information and the device id.
Step S203 is referred to above-mentioned steps S104 content, is no longer repeated herein.
The password generated method performed by above-mentioned terminal, it can obtain including dynamic password, the second information and device id Certification password, compared to prior art, the embodiment of the present application generation certification password obtained by the risk that other people brute-force crack Effectively reduce.
The flow for the password authentication method that Fig. 5 provides for the embodiment of the application one, the executive agent of the password authentication method Can be above-mentioned service end, the password authentication method may include steps of:
S301:Receive the certification password for including dynamic password, the second information and device id generated by terminal;The dynamic Password is that the token prestored and current time value are calculated terminal as the input value of the first preset algorithm, described Second information is that terminal is at least calculated the first information including dynamic password as the input value of the second preset algorithm, The device id is previously stored in the terminal.
S302:According to the device id in the certification password, token corresponding with the device id is inquired about.
Step S302 is referred to above-mentioned steps S106 content, is no longer repeated herein.
S303:The dynamic password is verified using the token and first preset algorithm.
S304:Second information is verified at least with the first information and second preset algorithm.
S305:If the dynamic password verification passes through and second information checking is by judging that the certification password is tested Card passes through.
The password authentication method performed by above-mentioned service end, terminal can be generated believes comprising dynamic password, second The certification password of breath and device id is verified that, compared to prior art, the certification password that the embodiment of the present application is verified is by him The risk that people's brute-force cracks effectively is reduced.
Next, introduce it is a kind of using above-mentioned password generated method and password authentication method come the method for payment realized.Should Method of payment can be that barcode scanning pays scene under a kind of line, comprise the following steps:
Step a:Service end is received to carry and asked by the payment of the certification password of terminal generation;The certification password includes dynamic State password, the second information and device id, the dynamic password are terminals using the token prestored and current time value as What the input value of one preset algorithm was calculated, second information is that terminal at least makees the first information including dynamic password It is calculated for the input value of the second preset algorithm, the device id is previously stored in the terminal.It is described to pay request The amount information of payment, beneficiary accounts information, payer accounts information can also be carried.
Step b:Device id of the service end in the certification password, inquire about token corresponding with the device id.
Step c:Service end is verified using the token and current time value to the dynamic password.
Step d:Service end utilizes the first information, token and second preset algorithm, and second information is entered Row verification.
Step f:If the dynamic password verification passes through and second information checking is by performing and the certification mouth Payment transaction corresponding to order.The implementation procedure of the payment transaction is usually that (above-mentioned payment asks what is carried by certain amount of money The amount information of payment) process of beneficiary account (such as Merchant Account) is gone to from payer account (such as some buyer).
It can be seen that in the scene that lower barcode scanning is paid online, compared to prior art, certification mouth that the embodiment of the present application is verified Make the risk cracked by other people brute-force effectively be reduced, substantially reduce the possibility of the stolen brush of user's property.
It should be noted that the application for the password generated method and password authentication method that above-mentioned each embodiment of the application provides Scene is not limited to barcode scanning under above-mentioned line and pays scene, can also be the scene for needing to carry out authentication of other forms (such as: Enabling etc. is realized by verifying user identity).
It should be noted that the executive agent that various embodiments above provides each step of method may each be same and set It is standby, or, this method is also by distinct device as executive agent.For example step S201 and step S1202 executive agent can be with For equipment 1, step S203 executive agent can be equipment 2;Again for example, step S201 executive agent can be equipment 1, step Rapid S202 and step S203 executive agent can be equipment 2;Etc..
Fig. 6 is the module diagram of the password generated device that the embodiment of the present application provides and password authentication device.The application In embodiment, exemplified by paying scene, including terminal 100, service end 200, barcode scanning device 300, network 400, wherein, above-mentioned clothes Business end 200 and above-mentioned terminal 100 can be in communication with each other by network 400, and above-mentioned server 200 and above-mentioned barcode scanning device 300 can To be in communication with each other by network 400.Wherein, terminal 100 includes display screen 102, processing unit, bus, input/output unit etc. Hardware, above-mentioned service end 200 also include processor 202, internal memory 204, nonvolatile memory 206, bus, input/output unit Deng hardware.In addition to above-mentioned hardware, above-mentioned terminal 100 and service end 200 also include corresponding software.Wherein, password generated device 110 can be present in the form of software or hardware or software and hardware combining in above-mentioned terminal 100 (such as it is present in internal memory or hard In disk), password calibration equipment 210 can be present in the form of software or hardware or software and hardware combining in above-mentioned terminal 200 (such as being present in internal memory or hard disk).Wherein, the function that the unit in the password generated device can be realized with it is upper State that the function that each step can be realized in password generated method is similar, therefore the detail of the password generated device can join According to the content of above-mentioned password generated embodiment of the method, no longer repeated herein.Similarly, above-mentioned password authentication device is specific Details is referred to the content of above-mentioned password authentication embodiment of the method.
As shown in fig. 6, in the embodiment of the application one, a kind of password generated device 110 includes:
First computing unit 111, for the token being pre-stored within terminal and current time value to be preset as first The input value of algorithm, is calculated dynamic password;The terminal also prestores device id corresponding with the token, the order Board and the device id are to be generated from service end and sent to terminal.
Second computing unit 113, at least using the first information comprising the dynamic password as the second preset algorithm Input value, the second information is calculated.
Password generated unit 115, for generating recognizing comprising the dynamic password, second information and the device id Demonstrate,prove password.
In the application optional embodiment, second computing unit 113 is used for:
By the token and the first information of the dynamic password is included, as the input value of the second preset algorithm, is calculated Obtain the second information.
In the application optional embodiment, the first information include it is following any one:
Dynamic password;
The combination of dynamic password and current time value;
The combination of device id and dynamic password;
The combination of device id, dynamic password and current time value.
In the application optional embodiment, first preset algorithm is non-reversible algorithm, and/or the described second pre- imputation Method is non-reversible algorithm.
As shown in fig. 6, in the embodiment of the application one, a kind of password authentication device 210, including:
Receiving unit 211, for receiving the certification mouth for including dynamic password, the second information and device id generated by terminal Order;The dynamic password is that terminal calculates the token prestored and current time value as the input value of the first preset algorithm Obtain, second information is input value of the terminal at least using the first information including dynamic password as the second preset algorithm It is calculated, the device id is previously stored in the terminal;
Query unit 213, for inquiring about token corresponding with the device id;
Verification unit 215, for being verified using the token and first preset algorithm to the dynamic password, and For being verified at least with the first information and second preset algorithm to second information;
Identifying unit 217, for the dynamic password verification pass through and second information checking by when, judge institute Certification password authentication is stated to pass through.
In the application optional embodiment, the verification unit 215 is used for:
Second information is verified using the first information, the token and second preset algorithm;Institute It is that the token and the first information are calculated terminal as the input value of the second preset algorithm to state the second information.
In the application optional embodiment, the first information include it is following any one:
Dynamic password;
The combination of dynamic password and current time value;
The combination of device id and dynamic password;
The combination of device id, dynamic password and current time value.
In scene is paid, a kind of payment mechanism of the embodiment of the present application offer, including:
Receiving unit, for receiving the certification password for including dynamic password, the second information and device id generated by terminal; The dynamic password is that terminal calculates the token prestored and current time value as the input value of the first preset algorithm Arrive, second information is input value meter of the terminal at least using the first information including dynamic password as the second preset algorithm Obtain, the device id is previously stored in the terminal;
Query unit, for inquiring about token corresponding with the device id;
Verification unit, for being verified using the token and first preset algorithm to the dynamic password, and use Second information is verified at least with the first information and second preset algorithm;
Payment unit, for the dynamic password verification pass through and second information checking by when, perform and institute State payment transaction corresponding to certification password.
Compared to prior art, the certification password that the embodiment of the present application is verified is had by the risk that other people brute-force crack Effect reduces, and substantially reduces the possibility of the stolen brush of user's property.
For convenience of description, it is divided into various units during description apparatus above with function to describe respectively.Certainly, this is being implemented The function of each unit can be realized in same or multiple softwares and/or hardware during application.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability Comprising so that process, method, commodity or equipment including a series of elements not only include those key elements, but also wrapping Include the other element being not expressly set out, or also include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that wanted including described Other identical element also be present in the process of element, method, commodity or equipment.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer program product. Therefore, the application can be using the embodiment in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Form.Deposited moreover, the application can use to can use in one or more computers for wherein including computer usable program code The shape for the computer program product that storage media is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) Formula.
The application can be described in the general context of computer executable instructions, such as program Module.Usually, program module includes performing particular task or realizes routine, program, object, the group of particular abstract data type Part, data structure etc..The application can also be put into practice in a distributed computing environment, in these DCEs, by Task is performed and connected remote processing devices by communication network.In a distributed computing environment, program module can be with In the local and remote computer-readable storage medium including storage device.
Each embodiment in this specification is described by the way of progressive, identical similar portion between each embodiment Divide mutually referring to what each embodiment stressed is the difference with other embodiment.It is real especially for system For applying example, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is referring to embodiment of the method Part explanation.
Embodiments herein is the foregoing is only, is not limited to the application.For those skilled in the art For, the application can have various modifications and variations.All any modifications made within spirit herein and principle, it is equal Replace, improve etc., it should be included within the scope of claims hereof.

Claims (16)

  1. A kind of 1. password generated method, it is characterised in that including:
    Dynamic mouth is calculated using the token prestored and current time value as the input value of the first preset algorithm in terminal Order;The terminal also prestores device id corresponding with the token, and the token and the device id are given birth to by service end What terminal described in Cheng Bingxiang was sent;
    Input value of the terminal at least using the first information comprising the dynamic password as the second preset algorithm, is calculated second Information;
    Terminal generates the certification password for including the dynamic password, second information and the device id.
  2. 2. according to the method for claim 1, it is characterised in that terminal will at least include the first information of the dynamic password As the input value of the second preset algorithm, the second information is calculated, including:
    Terminal is by the token and includes the first information of the dynamic password, as the input value of the second preset algorithm, calculates Obtain the second information.
  3. 3. method according to claim 1 or 2, it is characterised in that the first information include it is following any one:
    Dynamic password;
    The combination of dynamic password and current time value;
    The combination of device id and dynamic password;
    The combination of device id, dynamic password and current time value.
  4. 4. according to the method for claim 1, it is characterised in that first preset algorithm is non-reversible algorithm, and/or institute It is non-reversible algorithm to state the second preset algorithm.
  5. A kind of 5. password authentication method, it is characterised in that including:
    Service end receives the certification password for including dynamic password, the second information and device id generated by terminal;The dynamic mouth Order is that the token prestored and current time value are calculated terminal as the input value of the first preset algorithm, described Two information are that terminal is at least calculated the first information including dynamic password as the input value of the second preset algorithm, institute State device id and be previously stored in the terminal;
    Service end inquires about token corresponding with the device id;
    Service end is verified using the token and first preset algorithm to the dynamic password;
    Service end verifies at least with the first information and second preset algorithm to second information;
    If the dynamic password verification passes through and second information checking is by judging that the certification password authentication passes through.
  6. 6. according to the method for claim 5, it is characterised in that service end is at least with the first information and described second Preset algorithm verifies to second information, including:
    Service end is verified using the first information, the token and second preset algorithm to second information; Second information is that the token and the first information are calculated terminal as the input value of the second preset algorithm.
  7. 7. the method according to claim 5 or 6, it is characterised in that the first information include it is following any one:
    Dynamic password;
    The combination of dynamic password and current time value;
    The combination of device id and dynamic password;
    The combination of device id, dynamic password and current time value.
  8. A kind of 8. method of payment, it is characterised in that including:
    Service end receives the certification password for including dynamic password, the second information and device id generated by terminal;The dynamic mouth Order is that the token prestored and current time value are calculated terminal as the input value of the first preset algorithm, described Two information are that terminal is at least calculated the first information including dynamic password as the input value of the second preset algorithm, institute State device id and be previously stored in the terminal;
    Service end inquires about token corresponding with the device id;
    Service end is verified using the token and first preset algorithm to the dynamic password;
    Service end verifies at least with the first information and second preset algorithm to second information;
    If the dynamic password verification passes through and second information checking is by performing branch corresponding with the certification password Pay affairs.
  9. A kind of 9. password generated device, it is characterised in that including:
    First computing unit, for the token and current time value that will be pre-stored within terminal as the defeated of the first preset algorithm Enter value, dynamic password is calculated;The terminal also prestores device id corresponding with the token, the token and described Device id is to be generated from service end and sent to terminal;
    Second computing unit, for the input at least using the first information comprising the dynamic password as the second preset algorithm Value, is calculated the second information;
    Password generated unit, for generating the certification password for including the dynamic password, second information and the device id.
  10. 10. device according to claim 9, it is characterised in that second computing unit is used for:
    By the token and the first information of the dynamic password is included, as the input value of the second preset algorithm, is calculated Second information.
  11. 11. the device according to claim 9 or 10, it is characterised in that the first information include it is following any one:
    Dynamic password;
    The combination of dynamic password and current time value;
    The combination of device id and dynamic password;
    The combination of device id, dynamic password and current time value.
  12. 12. device according to claim 9, it is characterised in that first preset algorithm is non-reversible algorithm, and/or Second preset algorithm is non-reversible algorithm.
  13. A kind of 13. password authentication device, it is characterised in that including:
    Receiving unit, for receiving the certification password for including dynamic password, the second information and device id generated by terminal;It is described Dynamic password is that the token prestored and current time value are calculated terminal as the input value of the first preset algorithm, Second information is that terminal at least calculates the first information including dynamic password as the input value of the second preset algorithm Arrive, the device id is previously stored in the terminal;
    Query unit, for inquiring about token corresponding with the device id;
    Verification unit, for being verified using the token and first preset algorithm to the dynamic password, and for extremely Second information is verified using the first information and second preset algorithm less;
    Identifying unit, for the dynamic password verification pass through and second information checking by when, judge the certification Password authentication passes through.
  14. 14. device according to claim 13, it is characterised in that the verification unit is used for:
    Second information is verified using the first information, the token and second preset algorithm;Described Two information are that the token and the first information are calculated terminal as the input value of the second preset algorithm.
  15. 15. the device according to claim 13 or 14, it is characterised in that the first information include it is following any one:
    Dynamic password;
    The combination of dynamic password and current time value;
    The combination of device id and dynamic password;
    The combination of device id, dynamic password and current time value.
  16. A kind of 16. payment mechanism, it is characterised in that including:
    Receiving unit, for receiving the certification password for including dynamic password, the second information and device id generated by terminal;It is described Dynamic password is that the token prestored and current time value are calculated terminal as the input value of the first preset algorithm, Second information is that terminal at least calculates the first information including dynamic password as the input value of the second preset algorithm Arrive, the device id is previously stored in the terminal;
    Query unit, for inquiring about token corresponding with the device id;
    Verification unit, for being verified using the token and first preset algorithm to the dynamic password, and for extremely Second information is verified using the first information and second preset algorithm less;
    Payment unit, for the dynamic password verification pass through and second information checking by when, execution recognize with described Demonstrate,prove payment transaction corresponding to password.
CN201610371868.1A 2016-05-30 2016-05-30 Password generation method, password verification method, payment method and payment device Active CN107453871B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202010764543.6A CN111800276B (en) 2016-05-30 2016-05-30 Service processing method and device
CN201610371868.1A CN107453871B (en) 2016-05-30 2016-05-30 Password generation method, password verification method, payment method and payment device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610371868.1A CN107453871B (en) 2016-05-30 2016-05-30 Password generation method, password verification method, payment method and payment device

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202010764543.6A Division CN111800276B (en) 2016-05-30 2016-05-30 Service processing method and device

Publications (2)

Publication Number Publication Date
CN107453871A true CN107453871A (en) 2017-12-08
CN107453871B CN107453871B (en) 2020-07-03

Family

ID=60484905

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202010764543.6A Active CN111800276B (en) 2016-05-30 2016-05-30 Service processing method and device
CN201610371868.1A Active CN107453871B (en) 2016-05-30 2016-05-30 Password generation method, password verification method, payment method and payment device

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202010764543.6A Active CN111800276B (en) 2016-05-30 2016-05-30 Service processing method and device

Country Status (1)

Country Link
CN (2) CN111800276B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109389386A (en) * 2018-09-13 2019-02-26 阿里巴巴集团控股有限公司 A kind of barcode scanning control method, apparatus and system
CN109586922A (en) * 2018-12-20 2019-04-05 武汉璞华大数据技术有限公司 Dynamic password offline authentication method and device
CN111292091A (en) * 2020-03-04 2020-06-16 支付宝(杭州)信息技术有限公司 Verification method, device and equipment
CN113037682A (en) * 2019-12-09 2021-06-25 西安诺瓦星云科技股份有限公司 Encrypted communication method, encrypted communication device, and encrypted communication system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113285948A (en) * 2021-05-21 2021-08-20 中国电信股份有限公司 Reverse dynamic password authentication method, device, medium and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1322076A (en) * 2000-04-28 2001-11-14 杨宏伟 Dynamic password authentication system and method
US20090249077A1 (en) * 2008-03-31 2009-10-01 International Business Machines Corporation Method and system for authenticating users with a one time password using an image reader
CN101662465A (en) * 2009-08-26 2010-03-03 深圳市腾讯计算机系统有限公司 Method and device for verifying dynamic password
CN104023030A (en) * 2014-06-20 2014-09-03 上海动联信息技术股份有限公司 Method for synchronizing token passwords
CN104426659A (en) * 2013-09-02 2015-03-18 中国移动通信集团公司 Dynamic password generating method, authentication method, authentication system and corresponding equipment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102043804A (en) * 2009-10-22 2011-05-04 上海杉达学院 Safety login method of database system
CN105243542B (en) * 2015-11-13 2021-07-02 咪付(广西)网络技术有限公司 Dynamic electronic certificate authentication method
CN108809659B (en) * 2015-12-01 2022-01-18 神州融安科技(北京)有限公司 Dynamic password generation method, dynamic password verification method, dynamic password system and dynamic password verification system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1322076A (en) * 2000-04-28 2001-11-14 杨宏伟 Dynamic password authentication system and method
US20090249077A1 (en) * 2008-03-31 2009-10-01 International Business Machines Corporation Method and system for authenticating users with a one time password using an image reader
CN101662465A (en) * 2009-08-26 2010-03-03 深圳市腾讯计算机系统有限公司 Method and device for verifying dynamic password
CN101662465B (en) * 2009-08-26 2013-03-27 深圳市腾讯计算机系统有限公司 Method and device for verifying dynamic password
CN104426659A (en) * 2013-09-02 2015-03-18 中国移动通信集团公司 Dynamic password generating method, authentication method, authentication system and corresponding equipment
CN104023030A (en) * 2014-06-20 2014-09-03 上海动联信息技术股份有限公司 Method for synchronizing token passwords

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109389386A (en) * 2018-09-13 2019-02-26 阿里巴巴集团控股有限公司 A kind of barcode scanning control method, apparatus and system
CN109389386B (en) * 2018-09-13 2020-09-29 阿里巴巴集团控股有限公司 Code scanning control method, device and system
CN112488694A (en) * 2018-09-13 2021-03-12 创新先进技术有限公司 Code scanning control method, device and system
CN109586922A (en) * 2018-12-20 2019-04-05 武汉璞华大数据技术有限公司 Dynamic password offline authentication method and device
CN113037682A (en) * 2019-12-09 2021-06-25 西安诺瓦星云科技股份有限公司 Encrypted communication method, encrypted communication device, and encrypted communication system
CN111292091A (en) * 2020-03-04 2020-06-16 支付宝(杭州)信息技术有限公司 Verification method, device and equipment

Also Published As

Publication number Publication date
CN111800276A (en) 2020-10-20
CN111800276B (en) 2022-12-23
CN107453871B (en) 2020-07-03

Similar Documents

Publication Publication Date Title
US11658961B2 (en) Method and system for authenticated login using static or dynamic codes
US10498541B2 (en) Electronic identification verification methods and systems
TWI749577B (en) Two-dimensional bar code processing method, device and system
US9838205B2 (en) Network authentication method for secure electronic transactions
JP6648110B2 (en) System and method for authenticating a client to a device
US9560033B2 (en) Method and system for authenticating user identity
US11108558B2 (en) Authentication and fraud prevention architecture
US9231925B1 (en) Network authentication method for secure electronic transactions
TWI607335B (en) Password resetting method, device having password resetting function, system having password resetting function
US20170364911A1 (en) Systems and method for enabling secure transaction
CN108064440A (en) FIDO authentication method, device and system based on block chain
WO2018145127A1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US8452980B1 (en) Defeating real-time trojan login attack with delayed interaction with fraudster
CN108684041A (en) The system and method for login authentication
US9009793B2 (en) Dynamic pin dual factor authentication using mobile device
EP1886204B1 (en) Transaction method and verification method
CN107453871A (en) Password generated method, password authentication method, method of payment and device
WO2017157185A1 (en) Method and device for linking to account and providing service process
US20200196143A1 (en) Public key-based service authentication method and system
UA113415C2 (en) METHOD, SERVER AND PERSONAL AUTHENTICATION SYSTEM
US20090220075A1 (en) Multifactor authentication system and methodology
US20170011393A1 (en) Personal identification and anti-theft system and method using disposable random key
WO2017166419A1 (en) Method of identifying false base station, device identifying false base station, and terminal
CN104657860A (en) Mobile banking security authentication method
KR101891733B1 (en) User authentication method and system performing the same

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200921

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands

Patentee after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands

Patentee before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200921

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands

Patentee after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Patentee before: Alibaba Group Holding Ltd.