CN1614924A - Identity certifying system based on intelligent card and dynamic coding - Google Patents
Identity certifying system based on intelligent card and dynamic coding Download PDFInfo
- Publication number
- CN1614924A CN1614924A CN 200410081333 CN200410081333A CN1614924A CN 1614924 A CN1614924 A CN 1614924A CN 200410081333 CN200410081333 CN 200410081333 CN 200410081333 A CN200410081333 A CN 200410081333A CN 1614924 A CN1614924 A CN 1614924A
- Authority
- CN
- China
- Prior art keywords
- dynamic password
- smart card
- password
- key
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The system consists of smart card for generating one time password (OTP), device for creating OTP, authentication server, windows fault-tolerance authentication and synchronization method. The personal ID information and OTP are transmitted to authentication system through network. The authentication system selects one or more possible examining passwords from a large group of examining passwords to build up a smaller group of examining password. The received OTP is compared with the smaller group of examining password; if the OTP is in the smaller group the authentication of the use is passed.
Description
Technical field
The present invention relates to the technology that produces dynamic password based on smart card, specially refer to authentication method with user identity in this technology identification computer and network communication system.
Background technology
The world today, the application of information system has reached ubiquitous boundary, almost any unit all will pass through various communication networks, obtain the respective services that provides by its application system for its interior employee and outside client, therefore, identity how to confirm the user just becomes vital problem.
In the network communication environment, be different from traditional aspectant interchange, people again can't confirm user's identity with entity keepsakes such as identity card, seal, signatures.Therefore, adopted by the method for arranging one group of PIN (PIN) and password (PASSWORD) between each user and the system in advance, when the user will enter system and accepts service, must first checking just can enter system and accept service by this group identification code and password.
The shortcoming of this method is each changeless password that uses, and is easy to be stolen and falsely use.Therefore the measure that requires in use to take irregularly to change improves its safe coefficient.But these measures have reduced the convenience that uses, and have increased the difficulty of memory cipher, and in fact many users write down password, are placed on the place of oneself remembering, these places comprise under the keyboard screen next door even, and this just makes that this measure is filled with flaws.
Various cryptoguard measures and identification way have appearred thus.One class is to adopt public key architecture (PKI) to come authenticated user or server identity for the digital certificate management mechanism on basis; An other class is a way of utilizing uniqueness characteristic to carry out identification, as adopting biotechnology identification techniques such as fingerprint, retina, shape of face.But this dual mode generally is suitable for the exigent system of safe coefficient, and it relies on certain particular network or equipment, installs, operation is cumbersome, and it is expensive and be difficult for popularizing to build the expense of putting.Also having a class is to bring in constant renewal in the method for the dynamic password that produces with the thinking that improves fail safe according to the fixed password needs, and its core is to discern the user with the mode of one-time pad (OTP).
Common dynamic cipher method has the form of password table, and system is that every user produces a string password table, must find password with this table during use.This method need be deposited a large amount of passwords in certificate server, and the password table that the user preserves and renewal often will be used is both dangerous also inconvenient.
Another kind is the dynamic password token system.Early 1990s, occurred based on synchronous token (Token)--the SecurID of time base.Per 60 seconds of this token produces one group of new password automatically and is presented on the LCDs of token, as effective password at that time, exempts the puzzlement that the user regularly replaces password and memory cipher.
The dynamic cipher system of many companies release with password type (Challenge-Response) and attribute (Counter Based) arranged subsequently, contend with SecurID.The dynamic cipher system of password type adopts a kind of token that seems to be business card type calculator, when system will identify user identity, can point out string number after requiring the user to import code name, the numeric keypad that the user must see through on the token imports in token this a string numeral to produce effective instantly password.The dynamic cipher system of attribute then only needs the token of a button, and when the user need input password identification identity, the button that only need press on the token just can obtain an effective instantly password.
Above-mentioned token system needs a specially designed token to produce and display password, and all leave in the token, cost is higher to produce relevant " secret " of these passwords, and token lost can produce potential safety hazard; And the token of time synchronized type requires the user after producing dynamic password, uses in the short period of time, can not pay password in advance; The token of counting synchronized model is if the user operates before normal the use, then can the nonsynchronous problem of occurrence count, system can require to carry out again data sync, password type (asynchronous) token usually, then need to receive reply data, therefore all can make troubles and bother.
Also have the system that is known as electron key according to similar principles (one time one usefulness), this system with the personal information of carrier storage key such as IC-card, USB flash disk and necessity etc. as identity identifier.Because they all need to be equipped with online card reader is installed, exists the scope of application limited, problems such as complicated operation.
In addition, use the key issue of dynamic password to be, how to make the password generation and the selection course of user side and Verification System keep synchronous respectively.If this process is asynchronous, even the user inputs correct password, system can not discern its identity and required service is provided.Realize needing user side and Verification System to keep in the same way synchronously and upgrading such as incident sequence number, time value or other synchrodatas.But because the manual operations error, the not equal reason of transmission, authentification failure or clock frequency is easy to cause the asynchronous of synchrodata.People have attempted a lot of methods and have solved this problem, and still, known solution is concerning the user, and very trouble, loaded down with trivial details and may cause security risk.
Summary of the invention
The present invention is intended to overcome the defective that above-mentioned existing authentication exists, and a kind of identity authorization system and identity identifying method thereof based on smart card and dynamic password is provided.The present invention creatively will produce dynamic password " secret " and be put in the smart card, and adopt the device that produces dynamic password, as the general utility tool that produces and show dynamic password.Simultaneously, in Verification System, adopt the synchronous and unique window fault tolerant type authentication mechanism of event count (in due order), thereby on safe and reliable basis, make generation, transmission and the identification of dynamic password become very easy, with low cost and be easy to promote.
For solving the problems of the technologies described above, the technical solution used in the present invention is as follows:
A kind of identity authorization system based on smart card and dynamic password, it is characterized in that: the Verification System by user side that produces dynamic password and identification dynamic password constitutes, user side comprises can be stored and the smart card of handling the information relevant with producing dynamic password, and the device that shows or transmit the generation dynamic password of dynamic password; Verification System comprises certificate server and the database that is connected with various application systems by communication network; Smart card is identified by unduplicated smartcard identification sign indicating number, and have the generation dynamic password identical with Verification System algorithm, key and with user-dependent personally identifiable information, and initial random event count; Smart card is connected with the device that produces dynamic password, the device that produces dynamic password is according to information that reads from smart card or more input information, generation also shows that an a string acyclic character based on personal information is a dynamic password, user side is by comprising network, phone, fax, multimedia terminal or SMS are at interior means of communication, submit to Verification System to authenticate by the dynamic cipher verification sign that the device that produces dynamic password produces smart card, Verification System receives personal sign and the dynamic password thereof that needs identification, in database, search out the corresponding individual information of prior storage according to personal sign, and be input to the same algorithm of smart card according to these information with smart card or the device that produces dynamic password, key and synchrodata calculate an authentication password, Verification System is determined the identity of object by checking the matching of this authentication password and the dynamic password that is identified.
Identity identifying method based on above-mentioned identity authorization system is characterized in that:
A, individual subscriber identifying information and dynamic password are sent to Verification System;
B, Verification System be according to the relevant algorithm of storage, key, personally identifiable information and corresponding event count thereof be synchrodata calculate with user-dependent a series of authentication passwords be big window;
C, to select one or several most possible authentication passwords to constitute one group of less authentication password sequence from big window be wicket, the dynamic password that received and the authentication password in the wicket are compared, if this dynamic password is in wicket, then the user is by authentication, meanwhile, system according to the password of coupling to the synchrodata renewal of upgrading.
If the dynamic password that receives is outside the wicket, within the big window, then require the user to send a new dynamic password at least; If all in same sequence, then user identity obtains confirming for the dynamic password that this is new and first dynamic password, and is authorized to use service.At this moment system will upgrade synchrodata automatically according to the password of coupling equally; If the new dynamic password that takes place and first dynamic password be in same sequence, then the user can not the access authentication mandate, perhaps continues to require the user to send one or two new dynamic password, checks the continuity of these two dynamic passwords then in big window.
The production process of dynamic password is: smart card inserts the device that produces dynamic password; under the effect of device power supply; carry out the dedicated program that produces dynamic password by smart card MPU; the device that produces dynamic password generates dynamic password according to the information of smart card and the information of importing from device; comprise the simple type dynamic password of not being with the PIN protection and be with the protection type dynamic password of PIN protection, and simple and easy electronic signature dynamic password, stored value card inquiry, the small amount payment dynamic password of being with PIN protection and event argument.
Above-mentioned smart card can be SMART card, EMV card or the SIM card of any Java-based or Multos-based.
The mode of the key that system adopts personalized storage on smart card, the device that produces dynamic password needn't be stayed deposit the specific program information of individual's card, and become general instrument, this has not only improved the fail safe of system, reduced cost, and the card of different modes configuration can be used in same Verification System, the user can use the same card to different application, different users can use the device of same generation dynamic password, application units' hair fastener or modernization system also needn't be understood other application software architectures, and this has just increased flexibility and range of application that system uses greatly.
Because to the abundant utilization of intelligent card function, produce dynamic password device simplification and innovate inevitable.Except the various intelligent terminals that adapt to traditional outfit reader device, system has released the very device product of practical generation dynamic password:
A kind of is the device of specially designed portable generation dynamic password, and the device of this generation dynamic password has devices such as button, display screen, processor, draw-in groove and battery, and profile is small and exquisite attractive in appearance, can go here and there and carry on key chain.Most characteristic and what can effectively reduce production costs is its rolling wheel input device, the information that using roller to import needs produces dynamic password, can also allow the user select more systemic-function for use.
Another kind is very popular with the mode of mobile phone as the device that produces dynamic password.System supports GSM/GPRS/CDMA or 3G standard, therefore, utilizes the STK DLL (dynamic link library) of SIM card standard just to can be implemented under the value-added service menu prompt of mobile phone, utilizes the relevant function of mobile phone screen and keyboard input information and operation dynamic password.And then can by mobile communication network the dynamic password that is produced be sent to Verification System quite easily and authenticate.
Mobile phone (3G mobile) based on the 3G (Third Generation) Moblie technical foundation also can be used as the device that produces dynamic password, and the software and the information that produce dynamic password just can produce dynamic password by the Internet download to 3G mobile.
In addition, the hand-hold type personal terminal such as PDA etc. that can read information on the smart card also can be used as the device that produces dynamic password and use.
Device generation dynamic password with smart card and generation dynamic password is an independently process, does not need to be connected with communication network.In fact, set same initial random counting in Verification System and smart card during hair fastener, when smart card inserts the device that produces dynamic password, just touched the mains switch on the device, at this moment produced the device of dynamic password and the circuit and the battery of smart card and connect.Electrification reset just triggers the once counting of smart card so each time.The dynamic password algorithm of smart card just produces a dynamic password according to this event count and personal key.When this dynamic password is delivered to the Verification System authentication, Verification System will calculate the legitimacy of the dynamic password that an authentication password that matches is verified with judgement according to same algorithm, key and event count, but at this moment the counting of the event count of Verification System and smart card has bigger difference (asynchronous), therefore, the target that may exist need be sought by system in a reasonable range.
The check window that the above-mentioned authentication password sequence of calculating according to customer identification information constitutes, in fact a security fault-tolerance scope and the self-adjusting synchronization mechanism of a kind of event count sequence number of dynamic cipher verification have been provided, in most of the cases, all in the scope of wicket, the user can not be subjected to the influence of this deviation to synchronism deviation.And for normal application, it is inessential that the lsafety level that the size of wicket causes descends.If the dynamic password that is verified has exceeded the scope of wicket, illustrate that this password is wrong or bigger synchronism deviation occurred, this situation, need the request user to import dynamic password once more, then, by the sequence relation between check in big window first and second dynamic password, just can determine very safely whether password is correct.Authentication password is each, and the match is successful with dynamic password, and system just adjusts the benchmark synchrodata automatically according to the counting of this authentication password correspondence, and authenticate can very fast definite reasonable range next time thereby make.
Aforesaid way has reduced the user interaction operation to greatest extent, and verification process is efficient, and is quick, practicality, and can obviously not reduce lsafety level.The dynamic password that is generated is based on the personally identifiable information, dynamic change, the time that is subjected to does not restrict, and be very brief acyclic character, so the user can public use, and transmits to Verification System by multiple modes such as network, phone, mobile phone, facsimile machine, ATM or multimedia terminals easily.
Verification System is the autonomous system that a cover does not rely on other system instruction, and its algorithm can be selected as required, as DES, 3DES, IDEA, AES RSA etc. even.It is connected by certain suitable mode with one or several application systems (as bank ATM or on-line shopping system etc.), and can be functional modules different on the station server with application system, also can be the autonomous system on the multiple servers.System can support multiple application simultaneously, comprises multiple client access waies such as support call center, browser, voice system.
Because system subscriber terminal has been broken away from hardware interface to a great extent; the restriction of Operating Complexity and cost; key component becomes a kind of software that needs store little and calculation resources just can move; and can support multiple processing; input and display unit; therefore; system is except can providing the simple type dynamic password of not being with the PIN protection and the protection type dynamic password of being with the PIN protection; the simple and easy electronic signature functionality of band PIN protection and event argument can also be provided; this function is a kind of asynchronous Challenge/Response operating mode; not only safer; and in end-to-end transaction integrality protection; the transaction anti-repudiation is acted on behalf of aspects such as stamped signature and remote authorization and is had purposes widely.In addition, system can also provide electronic purse balance amount and transaction detail query and small amount payment dynamic password function.Further, can develop the more applications function as required.
System adopts SSL communication encryption standard agreement and hardware encipher equipment (HSM), with storage and the transmission security that ensures some sensitive information.About the information protection on the smart card; the safety of the session information between the device of card and generation dynamic password, well-known existing a lot of different, the method for strict more complexity; comprise that various symmetries and asymmetrical encryption system all can be used, the present invention does not select specially and discusses.
Description of drawings
For the purpose of illustration, will the present invention be described in further detail by the example in the accompanying drawing below.Appended diagram comprises:
Fig. 1 constitutes schematic diagram for system;
Fig. 2 is the smart card personalization schematic flow sheet;
The dynamic password generating principle schematic diagram that Fig. 3 a does not protect with PIN;
The dynamic password generating principle schematic diagram of Fig. 3 b band PIN protection;
The dynamic password generating principle schematic diagram of PIN protection of Fig. 3 c band and event argument;
Fig. 4 is the dynamic password verification principle schematic;
Fig. 5 is fault-tolerant and synchronization principles one schematic diagram of window;
Fig. 6 is fault-tolerant and synchronization principles two schematic diagrames of window;
Fig. 7 is the Verification System architecture block diagram;
Fig. 8 is the authentication logic block diagram, and Fig. 8 b is the logic diagram of " personality data generates end " among Fig. 8 a
Embodiment
Below be to describe about the more detailed exemplary of the present invention.The personnel that are familiar with relevant technologies can describe various variations and the modification of understanding in the spirit and scope of the present invention by these.
As shown in Figure 1, smart card 103 is connected with portable card reader 104, produces dynamic password.Smart card 103 is by being made up of chip 105, and chip 105 carries out the electronics connection via the slot 108 of card reader 104.The dedicated program that utilizes the button 109 on the card reader 104 to start in the smart card 103 calculates dynamic password, and it is changed in the card reader 104.Card reader 104 shows this password with the form of 4 figure places (100) on display 107 then.Obviously, numeral or other symbol of any numerical digit all may generate.That is, system has more than and is limited to the password that produces traditional four figures.
Verification System front end 101 is made up of Network Termination #1 14 or ATM (automatic teller machine) (ATM) 113 or phone 116 etc.These terminals are connected with certificate server 111 with application server 110 via communication network 112.Communication network 112 can be local area network (LAN) LAN, wide area network WAN, Internet or wireless telecommunications net etc., application server 110 and certificate server 111 can also can be connected into an identical physical unit (can be finished by the technical staff) from physically disconnecting (shown in dotted line " 115 ").
Fig. 2 illustrates the association process of smart card and certificate server, promptly allows the process of smart card personalization: the smartcard identification that every card is unique numbers 201 utilizes master key AA 203 and BB 205 to encrypt respectively by cryptographic algorithm 204 and 206.At this moment, generate two different personal key A 207 and B 209.For with these two secret key safeties be transferred to personalization means 215, these personal keys are encrypted successively in step 212 and 214 with encryption key SS 211 and CC213.In step 218 and 219, personalization means 215 is utilized decruption key S 216 and C 217 respectively, the key 207 and 209 that is transmitted is decrypted, and by write step they is stored in the smart card 200.
Fig. 3 a-3c is the method principle schematic that smart card produces dynamic password.
Fig. 3 a produces general dynamic password.Smart card powers up and produces sequence of events 3a03 under the effect of card reader, in step 3a06 and 3a08, is stored in smart card interior personal key 3a05 and 3a07 with individualized program shown in Figure 2 then, and 3a03 encrypts to sequence number.And then, in step 3a11, the encrypted result of 3a06 and 3a08 output is carried out logical exclusive-OR (XOR) combination, consequent bit sequence is converted into decimal number (for example 4-digit number) and provides in step 3a15 in step 3a13.
Fig. 3 b produces the dynamic password of band PIN protection.After smart card powers up, input smartcard identification sign indicating number PIN 3b01, in 3b09, PIN 3b01 and sequence of events 3b03 are carried out logical exclusive-OR (XOR) computing, then in step 3b06 and 3b08, with personal key 3b05 and 3b07, the result and the sequence of events 3b03 of exclusive-OR operation encrypted.The result who obtains is carried out exclusive-OR operation once more at 3b11, and the result of distance is converted to the dynamic password 3b15 that decimal number is band PIN protection by 3b13.
Fig. 3 c produces the dynamic password (simple and easy electronic signature) of band PIN protection and event argument.Identical with above-mentioned principle; just will carry out the later result of logical exclusive-OR (XOR) computing and carry out exclusive-OR operation one time with event argument 3c02 again at sequence of events 3c03 and smartcard identification sign indicating number PIN 3c01; result that will obtain and sequence of events 3c03 carry out exclusive-OR operation once more then, convert the decimal system again to and promptly obtain dynamic password with PIN protection and event argument.The event argument 3c02 here can be the information type of number, character or electronic signal form more than 1.
The above-mentioned mode of dynamic password that provides can have: show on the display 107 of Fig. 1 card reader 104 or directly provide to application server via ATM or mobile phone etc.After this, the event count sequence number increases and is stored so that transaction next time is used.
Observe now Fig. 4, certificate server compares calculating the authentication password that generates in the dynamic password 401 that receives and the step 409 in step 411.Utilize the authentication password of identification code in 403 and 409 steps of 404 calculating of key 402 and smart card.The method of calculating dynamic password in the smart card that this calculating and Fig. 3 b describe is identical.Wherein smartcard identification number may obtain indirectly by the pointer of certificate server card number database.In 411 steps, comparatively validate sign indicating number and the dynamic password that receives if equate, think that then user identity is true, and allow the user to proceed transaction, and preserve sequence of events number.If identifying code is different with the dynamic password that receives, this may be because authentic dynamic password is not to be generated by individual smart card.In this case, will not allow the user to conclude the business.Yet,, when comparing, also may cause dynamic password different with authentication password if it is different to be respectively applied for the event count sequence number that generates dynamic password and authentication password in smart card and the certificate server.Event count sequence number at smart card increases, and certificate server if transaction is interrupted, also this kind situation may take place when not receiving dynamic password.In this case, can in step 417, regulate event counter value, and calculate the authentication password that makes new advances.In step 413, allow to carry out double counting based on different incident sequence numbers, then system can adjust many times and calculate.In step 415, the user does not authenticate by native system at last.
Fig. 5 descriptive system authenticates a kind of flow instance with synchronizing process.The first step: card reader is read in or the user imports the personally identifiable information from smart card.This identifying information can be a string number or other any information types of discerning user identity; Second step: card reader produces a dynamic password (OTP) and is presented at display screen.Simultaneously, synchrodata increases (renewal) automatically; The 3rd step: personally identifiable information and dynamic password are sent to certificate server; The 4th step: certificate server mates personally identifiable information and User Information Database.On this basis, determine and user-dependent a series of authentication passwords that these passwords are called as " big window ".Also can be one group of password storing in advance or the one group of password that generates according to the synchrodata that certificate server is grasped in the big window, this depends on the password generative process that user side adopts.Big window comprises two authentication passwords (best more than five, it is optimal being not less than 10) at least, according to the event count order, selects usually to constitute based on the authentication password of current event sequence number and contiguous later on sequence number calculating thereof.Then, select 2-5 (4 best) most possible password wherein, as " wicket ".Wicket is the part of big window, wherein normally calculates successively based on the event count (synchrodata) of up-to-date upgrading, perhaps by the authentication password of calculating near the current event sequence number; The 5th step: the dynamic password of reception and the authentication password in the wicket are compared.Use wicket and do not adopt a definite authentication password, just reduced lsafety level slightly, but on the other hand, provided less synchronism deviation, the user also can not be affected; The 6th step: whether check dynamic password and authentication password mate; The 7th step: if coupling, then the user is by verifying and be allowed to use required service item;
If dynamic password that receives and the checking dynamic password in the wicket scope are complementary, but be not first most possible authentication password of calculating according to the current event counting, this explanation has produced slight synchronism deviation.In this case, certificate server can be adjusted synchrodata automatically according to the tiny synchronism deviation of being grasped, and so just can realize synchronous again with user side automatically.
If selected authentication password does not match with the dynamic password of receiving, illustrate that then synchronism deviation is too big, or the Dynamic Signal input error.In this case, the 8th step: the authentication password of the dynamic password coupling of search and reception in big window; The 9th step: whether check dynamic password and authentication password mate; The tenth step: if coupling requires the user to import a dynamic password once more; The 12 step: the user generates and imports second dynamic password; The 13 step: second dynamic password and first dynamic password that will receive compare; The 15 step: as these two dynamic passwords is continuous, and then the user passes through authentication, and addressable system and acquisition institute requested service;
Above-mentioned double probate, synchronism deviation has taken place in expression, and in this case, certificate server also needs according to the deviation of grasping synchrodata to be adjusted, thereby finishes with user side synchronous again automatically.
If second dynamic password that the user provides and the authentication password in the Verification System do not match, then this user is considered to not obtain the authorization, therefore can not access system or obtain institute's requested service (the tenth, 16 step).In other words, this step may require more loaded down with trivial details checking, synchronization program.This stricter, more complicated program is well-known, and this paper no longer makes further discussion.
Fig. 6 has illustrated that system authenticates second kind of flow instance with synchronizing process.Unless stated otherwise, all aspects of first kind of flow process then previously discussed also are applicable to this flow process.In addition, identical parameter also is used for same or similarly among the step.
In second kind of flow process, the first step~the 6th step at first requires and analyzes first dynamic password.In case unmatched situation (authentication password that is complementary as the dynamic password that in wicket, does not find and receive) occurs, when storing first dynamic password, require to import a new dynamic password (the 11 step) immediately.
The user generates and imports a new dynamic password (the 12 step) then.When new dynamic password is received by system, adopt the manner of comparison of front that this dynamic password is compared in wicket (the 5th step), second dynamic password as new reception meets the requirements (the 6th step), then by authentication (the 7th step), because same problem (as: when first dynamic password input error, transmission problem and leading to errors take place etc.) unlikely recur twice.
But,, then in big window, check the match condition of second dynamic password and the continuity possible thereof (the 13 step) with first dynamic password if in wicket, can not find the authentication password (the 6th step) of mating with second dynamic password; If two dynamic passwords are continuous (the 14 step) in big window, then by authentication (the 15 step).
If two dynamic passwords be not continuous and (or) not in big window, then authentication is not received.But can try again (the 17 step), require new dynamic password of input once more, and it be tested (as repeating later step (comprising for the 11 step) of the 11 step) by preceding method.In this case, can test to the continuity of dynamic password, but preferably check the dynamic password of receiving for the last time (before having received one or two dynamic password) again, and preferably repeat 11 steps of order at least by different modes.At this moment allow user's at least 3 different dynamic passwords of input (the 16 step) before program suspension or refusal authentication request.
With the front discussed the same, can after authentication request is rejected, enter more loaded down with trivial details checking and synchronization program.For example: require the user to import two dynamic passwords simultaneously, then the continuity of these two dynamic passwords of check in big window.
Fig. 7 is the example of a brief description Verification System internal structure and handling process.
The user that game server 706 is handled from Web server 708 lands request, obtains user profile from database 705, then these information is sent to certificate server.Verify 711 by certificate server, and authentication result is returned to Web server 708.Communicate by application end interface 709 between Web server 708 and the game server 706.
Personality data generates end 710 and generates the needed key of smart cards, sequence of events number and password, produces the smart card with individualized feature.By the data that acquisition from certificate server 720 needs, personality data generation end 710 can also be produced card in batches, only needs when these are stuck in application itself and particular user identity binding and activation.Customization instrument 715 generates end 710 from personality data and data are derived and writes card, thereby with smart card personalization.
Store user data, card data, system data and internal affairs statistical information in the database 705.Syslog file comprises the complete information trace that incident takes place.Statistical information can be used to the operating position and the systematic function of analytical system.
Database file import tool 712 imports to new user and the intelligent card data with the document form transmission that application-specific 717 provides in the database 705.It uses an input file that information is read in the database.And the result that will import outputs in the file.
Land all data files of landing the administration module use of configuration management tool 704 management, and it also is used to the system data parameter in the management database 705;
In addition, client information management instrument 722 at an easy rate identifying user identity, lock subscriber card, subscriber card etc. unlocks.
Above-mentioned application example is demonstration just, can also adopt a lot of different modes to realize with a lot of different programming languages.For example: it is many that the mode beguine that generates dynamic password carries out calculation mode according to sequence number.Understanding when of the present invention, the professional and technical personnel can use the mode of several acquisition dynamic passwords according to foregoing description, and realizes that with form of program code method of the present invention is self-explantory.Therefore, be not described in more detail.
The present invention is applicable to following purposes:
1 identification; 2 small amount payments;
3 is false proof; 4 stored value cards; 5 electronic signatures.
Claims (11)
1, a kind of identity authorization system based on smart card and dynamic password, it is characterized in that: the Verification System by user side that produces dynamic password and identification dynamic password constitutes, user side comprises can be stored and the smart card of handling the information relevant with producing dynamic password, and the device that shows or transmit the generation dynamic password of dynamic password; Verification System comprises certificate server and the database that is connected with various application systems by communication network; Smart card is identified by unduplicated smartcard identification sign indicating number, and have the generation dynamic password identical with Verification System algorithm, key and with user-dependent personally identifiable information, and initial random event count; Smart card is connected with the device that produces dynamic password, this device is according to information that reads from smart card or more input information, generation also shows that an a string acyclic character based on personal information is a dynamic password, user side is by comprising network, phone, fax, multimedia terminal or SMS are at interior means of communication, submit to Verification System to authenticate by the dynamic cipher verification sign that the device that produces dynamic password produces smart card, Verification System receives personal sign and the dynamic password thereof that needs identification, in database, search out the corresponding individual information of prior storage according to personal sign, and according to these information and the algorithm same with smart card, key and synchrodata calculate an authentication password, Verification System is determined the identity of object by checking the matching of this authentication password and the dynamic password that is identified.
2, a kind of identity authorization system according to claim 1 based on smart card and dynamic password, it is characterized in that: the identification code of described smart card utilizes master key AA and master key BB to encrypt respectively by cryptographic algorithm, generate two different personal key A and key B, this two personal key is encrypted successively with traffic encryption key; In personalization device, utilize the transmission decruption key respectively, personal key A and the key B that is transmitted is decrypted, and they and the program, the personally identifiable information (PIN) that contain card encryption and produce the algorithm of sequence of events number that produce dynamic password is stored in the smart card together by write step.
3, the identity authorization system based on smart card and dynamic password according to claim 1 and 2, it is characterized in that: smart card inserts the device that produces dynamic password, under the effect of device power supply, carry out the generation dynamic password by smart card MPU, and show by device; Smart card is the smart card through the card sending system personalization, comprises SMART card, EMV card or the SIM card of any Java-based or Multos-based; The device that produces dynamic password generates dynamic password according to the information of smart card and the information of importing from device, comprises that the simple type dynamic password of not being with the PIN protection, the protection type dynamic password of being with the PIN protection or band PIN protect and simple and easy electronic signature dynamic password, stored value card inquiry, the small amount payment dynamic password of event argument.。
4, the identity authorization system based on smart card and dynamic password according to claim 3, it is characterized in that: the device that produces dynamic password utilizes DES, 3DES, IDEA, AES or RSA Algorithm in the smart card that the event count initial value is added counting added value or time value, with producing dynamic password after the encryption keys.
5, the identity authorization system based on smart card and dynamic password according to claim 4, it is characterized in that: the device of described generation dynamic password is to have processor, the input digit roller, ACK button, LCDs, draw-in groove and battery device, or the mobile phone of support GSM/GPRS/CDMA or 3G standard, or can read the hand-hold type personal terminal of information on the smart card, the device of this generation dynamic password can also be to comprise the integrated apparatus that stores the chip that produces dynamic password algorithm routine and information; Dynamic password can be transferred to call center, browser or voice and the screen system on certificate server backstage by phone, mobile phone, facsimile machine, ATM or multimedia terminal through various ports.
6, a kind of identity identifying method of the identity authorization system based on smart card and dynamic password, it is characterized in that: verification process is:
A, individual subscriber identifying information and dynamic password are sent to Verification System;
B, Verification System be according to the relevant algorithm of storage, key, personally identifiable information and corresponding event count thereof be synchrodata calculate with user-dependent a series of authentication passwords be big window;
C, to select one or several most possible authentication passwords to constitute one group of less authentication password sequence from big window be wicket, the dynamic password that received and the authentication password in the wicket are compared, if this dynamic password is in wicket, then the user is by authentication, meanwhile, system according to the password of coupling to the synchrodata renewal of upgrading.
7, identity identifying method according to claim 6 is characterized in that: if the dynamic password that receives is outside the wicket, within the big window, then require the user to send a new dynamic password at least; If all in same sequence, then user identity obtains confirming for the dynamic password that this is new and first dynamic password, and is authorized to use service.At this moment system will upgrade synchrodata automatically according to the password of coupling equally; If the new dynamic password that takes place and first dynamic password be in same sequence, then the user can not the access authentication mandate, perhaps continues to require the user to send one or two new dynamic password, checks the continuity of these two dynamic passwords then in big window.
8, according to claim 6 or 7 described identity identifying methods; it is characterized in that: the production process of dynamic password is: smart card inserts the device that produces dynamic password; under the effect of device power supply; this device generates dynamic password according to the information of smart card and the information of importing from device, comprises simple type dynamic password and the protection type dynamic password of band PIN protection and simple and easy electronic signature dynamic password, stored value card inquiry, the small amount payment dynamic password of being with PIN protection and event argument of not being with the PIN protection.
9, identity identifying method according to claim 8, it is characterized in that: the identification code of smart card utilizes master key AA and master key BB to encrypt respectively by cryptographic algorithm, generate two different personal key A and key B, this two personal key is encrypted successively with traffic encryption key; In personalization device, utilize the transmission decruption key respectively, personal key A and the key B that is transmitted is decrypted, and they and the program, the personally identifiable information (PIN) that contain card encryption and produce the algorithm of sequence of events number that produce dynamic password is stored in the smart card together by write step.
10, identity identifying method according to claim 9, it is characterized in that: smart card is under the effect of the device that produces dynamic password, power up and produce event count sequence number (3c03), and can import smartcard identification sign indicating number PIN (3c01), perhaps incoming event parameter (3c02), then, directly sequence of events number (3c03) is carried out cryptographic calculation with personal key A and B (3c05,3c07); After perhaps smartcard identification sign indicating number PIN (3c01) being carried out logical exclusive-OR (XOR) computing with sequence of events number (3c03), carry out same cryptographic calculation; After the result who perhaps smartcard identification sign indicating number PIN (3c01) and sequence of events number (3c03) is carried out logical exclusive-OR (XOR) computing carries out exclusive-OR operation with event argument (3c02) again, carry out same cryptographic calculation; And then, with above-mentioned encryption the result carry out a nonequivalence operation again after, be converted to described dynamic password by decimal number.
11, identity identifying method according to claim 10, it is characterized in that: Verification System is that to generate first encryption key be that the encrypted smart card identification code and second encryption key are the event counter initial value to every subscriber card, smart card receives the personal information that contains identification code in the memory block that can not read, comprise receiving first encryption key and second encryption key that system deposits decruption key and second encryption key and personal information in the authentication database in simultaneously after system's master key is encrypted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100813338A CN100492966C (en) | 2004-11-26 | 2004-11-26 | Identity certifying system based on intelligent card and dynamic coding |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100813338A CN100492966C (en) | 2004-11-26 | 2004-11-26 | Identity certifying system based on intelligent card and dynamic coding |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1614924A true CN1614924A (en) | 2005-05-11 |
| CN100492966C CN100492966C (en) | 2009-05-27 |
Family
ID=34765696
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100813338A Expired - Fee Related CN100492966C (en) | 2004-11-26 | 2004-11-26 | Identity certifying system based on intelligent card and dynamic coding |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100492966C (en) |
Cited By (43)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007085168A1 (en) * | 2006-01-26 | 2007-08-02 | Huawei Technologies Co., Ltd. | Device, system and method for performing authentication by means of password |
| WO2008011758A1 (en) * | 2006-07-20 | 2008-01-31 | Kamfu Wong | Method and system for online payment and identity confirmation with self-setting authentication formula |
| CN101266638B (en) * | 2008-04-16 | 2010-04-21 | 北京飞天诚信科技有限公司 | Software protection method and system |
| CN101252435B (en) * | 2008-03-27 | 2010-06-09 | 上海柯斯软件有限公司 | Method for realizing dynamic password generation and judge on smart card |
| CN101237381B (en) * | 2007-02-02 | 2010-07-07 | 华为技术有限公司 | A method and system for transmitting START value |
| CN101931532A (en) * | 2009-09-08 | 2010-12-29 | 北京握奇数据系统有限公司 | Telecommunication smart card-based digital certificate management method and telecommunication smart card |
| CN102013026A (en) * | 2010-12-04 | 2011-04-13 | 上海众人网络安全技术有限公司 | Smart card dynamic password authentication system and smart card dynamic password authentication method |
| CN102034307A (en) * | 2010-12-31 | 2011-04-27 | 上海众人网络安全技术有限公司 | Electronic wallet-based dynamic password authentication system and method |
| CN102043937A (en) * | 2010-12-31 | 2011-05-04 | 上海众人网络安全技术有限公司 | Card reader capable of generating dynamic passwords as well as dynamic password authentication system and method |
| CN101377803B (en) * | 2008-09-28 | 2011-08-17 | 北京飞天诚信科技有限公司 | Method and system for implementing start-up protection |
| CN101364872B (en) * | 2007-08-08 | 2011-09-21 | 精品科技股份有限公司 | Method for instruction execution through verification |
| CN101252436B (en) * | 2008-03-27 | 2011-11-23 | 上海柯斯软件有限公司 | Smart card dynamic password creating and judging system |
| CN101064535B (en) * | 2007-04-12 | 2011-12-07 | 复旦大学 | Intelligent authentication method and system based on close range wireless communication handset |
| CN101800645B (en) * | 2010-02-05 | 2012-02-08 | 中国工商银行股份有限公司 | Identity authentication method, device and system |
| CN101432980B (en) * | 2006-05-01 | 2012-08-08 | 未来科技株式会社 | Time sync-type otp generation device and method for mobile phones |
| CN101789864B (en) * | 2010-02-05 | 2012-10-10 | 中国工商银行股份有限公司 | On-line bank background identity identification method, device and system |
| CN101779211B (en) * | 2007-08-29 | 2012-12-12 | 三菱电机株式会社 | Authentication system, authentication device, terminal device, ic card, and program |
| CN101345957B (en) * | 2008-08-20 | 2013-01-09 | 宇龙计算机通信科技(深圳)有限公司 | Recognition method, system and mobile terminal for login cipher |
| CN102983975A (en) * | 2012-11-12 | 2013-03-20 | 天地融科技股份有限公司 | Dynamic password display method |
| CN103106380A (en) * | 2013-01-11 | 2013-05-15 | 聚辰半导体(上海)有限公司 | Protective method for radio frequency system |
| CN103152167A (en) * | 2013-03-20 | 2013-06-12 | 东信和平科技股份有限公司 | Intelligent card PIN (personal identification number) encrypted transmission method and intelligent card PIN encrypted transmission system |
| CN103297236A (en) * | 2013-05-10 | 2013-09-11 | 季亚琴科·安德烈 | User identity verification and authorization system |
| CN103403727A (en) * | 2011-02-16 | 2013-11-20 | 日本电气英富醍株式会社 | Enable/disable method of additional-function unit, system for same, program for same, as well as additional-function unit |
| CN103488933A (en) * | 2013-09-27 | 2014-01-01 | 太仓苏易信息科技有限公司 | Non-contact type computer login protection system |
| CN103580856A (en) * | 2013-11-19 | 2014-02-12 | 上海众人网络安全技术有限公司 | Method for synchronizing token device according to sizes of certification windows |
| CN103634467A (en) * | 2013-11-22 | 2014-03-12 | 华为技术有限公司 | Privacy protecting method and mobile terminal |
| CN103973683A (en) * | 2014-05-06 | 2014-08-06 | 上海动联信息技术股份有限公司 | Double-password synchronization method for dynamic passwords |
| CN104063650A (en) * | 2014-06-09 | 2014-09-24 | 韩晟 | Secret key storage device and application method thereof |
| CN104281952A (en) * | 2013-07-08 | 2015-01-14 | 北京旋极信息技术股份有限公司 | Dynamic password verification method |
| CN104394145A (en) * | 2014-11-25 | 2015-03-04 | 飞天诚信科技股份有限公司 | Dynamic token with log function and working method thereof |
| CN104867512A (en) * | 2015-03-26 | 2015-08-26 | 加一联创电子科技有限公司 | Music data obtaining method, earphone, loudspeaker box, and music player |
| CN105393254A (en) * | 2013-06-21 | 2016-03-09 | Visa欧洲有限公司 | Enabling access to data |
| WO2017028249A1 (en) * | 2015-08-18 | 2017-02-23 | 张焰焰 | Method and mobile terminal for logging in to account with voice |
| WO2017028171A1 (en) * | 2015-08-17 | 2017-02-23 | 张焰焰 | Method and mobile terminal for authenticating account login via voice and number information |
| WO2017031704A1 (en) * | 2015-08-25 | 2017-03-02 | 张焰焰 | Method and mobile terminal for logging in to account with fingerprint |
| CN107423975A (en) * | 2011-03-30 | 2017-12-01 | 欧诺银行 | By submitting number to carry out strong authentication |
| CN108830977A (en) * | 2018-05-04 | 2018-11-16 | 西安石油大学 | A kind of dynamic password door-control lock and operating method |
| CN109690596A (en) * | 2016-08-02 | 2019-04-26 | 埃迪米亚法国公司 | Dynamic security code for card transaction |
| CN109840404A (en) * | 2019-02-14 | 2019-06-04 | 阳江核电有限公司 | A kind of industrial computer login method and system based on event synchronization algorithm |
| CN110730065A (en) * | 2018-07-17 | 2020-01-24 | 关楗股份有限公司 | Token device for key backup device and key backup system |
| CN112953711A (en) * | 2021-01-28 | 2021-06-11 | 杉德银卡通信息服务有限公司 | Database security connection system and method |
| CN113421085A (en) * | 2021-06-22 | 2021-09-21 | 深圳天盘实业有限公司 | Smart card dynamic password authentication method and system |
| CN115240308A (en) * | 2022-09-26 | 2022-10-25 | 深圳市极致科技股份有限公司 | Access control machine authorization method, device and system, access control machine and computer storage medium |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100595785C (en) * | 2004-11-26 | 2010-03-24 | 王小矿 | Dynamic cipher operation method based on petty paying |
| CN101860525B (en) * | 2009-09-25 | 2012-11-14 | 深圳市安捷信联科技有限公司 | Realizing method of electronic authorization warrant, intelligent terminal, authorization system and verification terminal |
| CN101895554A (en) * | 2010-07-26 | 2010-11-24 | 贵阳高新华美龙技术有限公司 | Dynamic code anti-counterfeiting method and system |
| CN103401686B (en) * | 2013-07-31 | 2016-08-10 | 陕西海基业高科技实业有限公司 | A kind of user's OTP WEB Authentication System and application process thereof |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5991405A (en) * | 1998-01-27 | 1999-11-23 | Dsc Telecom, L.P. | Method for dynamically updating cellular phone unique encryption keys |
| EP1281149A2 (en) * | 2000-05-04 | 2003-02-05 | Mastercard International, Inc. | System and method for enabling universal log-in |
| CN1221900C (en) * | 2001-12-17 | 2005-10-05 | 北京兆日科技有限责任公司 | User's identity authentication method of dynamic electron cipher equipment and its resources sharing system |
| CN1268157C (en) * | 2003-12-12 | 2006-08-02 | 华中科技大学 | A handset used for dynamic identity authentication |
-
2004
- 2004-11-26 CN CNB2004100813338A patent/CN100492966C/en not_active Expired - Fee Related
Cited By (57)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007085168A1 (en) * | 2006-01-26 | 2007-08-02 | Huawei Technologies Co., Ltd. | Device, system and method for performing authentication by means of password |
| CN101432980B (en) * | 2006-05-01 | 2012-08-08 | 未来科技株式会社 | Time sync-type otp generation device and method for mobile phones |
| WO2008011758A1 (en) * | 2006-07-20 | 2008-01-31 | Kamfu Wong | Method and system for online payment and identity confirmation with self-setting authentication formula |
| CN101496344B (en) * | 2006-07-20 | 2014-08-20 | 黄金富 | Method and system having self-setting authentication formula for webs bank payment and identification confirmation |
| CN101237381B (en) * | 2007-02-02 | 2010-07-07 | 华为技术有限公司 | A method and system for transmitting START value |
| CN101064535B (en) * | 2007-04-12 | 2011-12-07 | 复旦大学 | Intelligent authentication method and system based on close range wireless communication handset |
| CN101364872B (en) * | 2007-08-08 | 2011-09-21 | 精品科技股份有限公司 | Method for instruction execution through verification |
| CN101779211B (en) * | 2007-08-29 | 2012-12-12 | 三菱电机株式会社 | Authentication system, authentication device, terminal device, ic card, and program |
| CN101252435B (en) * | 2008-03-27 | 2010-06-09 | 上海柯斯软件有限公司 | Method for realizing dynamic password generation and judge on smart card |
| CN101252436B (en) * | 2008-03-27 | 2011-11-23 | 上海柯斯软件有限公司 | Smart card dynamic password creating and judging system |
| CN101266638B (en) * | 2008-04-16 | 2010-04-21 | 北京飞天诚信科技有限公司 | Software protection method and system |
| CN101345957B (en) * | 2008-08-20 | 2013-01-09 | 宇龙计算机通信科技(深圳)有限公司 | Recognition method, system and mobile terminal for login cipher |
| CN101377803B (en) * | 2008-09-28 | 2011-08-17 | 北京飞天诚信科技有限公司 | Method and system for implementing start-up protection |
| CN101931532B (en) * | 2009-09-08 | 2013-04-24 | 北京握奇数据系统有限公司 | Telecommunication smart card-based digital certificate management method and telecommunication smart card |
| CN101931532A (en) * | 2009-09-08 | 2010-12-29 | 北京握奇数据系统有限公司 | Telecommunication smart card-based digital certificate management method and telecommunication smart card |
| CN101789864B (en) * | 2010-02-05 | 2012-10-10 | 中国工商银行股份有限公司 | On-line bank background identity identification method, device and system |
| CN101800645B (en) * | 2010-02-05 | 2012-02-08 | 中国工商银行股份有限公司 | Identity authentication method, device and system |
| CN102013026B (en) * | 2010-12-04 | 2016-06-01 | 上海众人网络安全技术有限公司 | A kind of smart card dynamic password Verification System and smart card dynamic password authentication method |
| CN102013026A (en) * | 2010-12-04 | 2011-04-13 | 上海众人网络安全技术有限公司 | Smart card dynamic password authentication system and smart card dynamic password authentication method |
| CN102043937A (en) * | 2010-12-31 | 2011-05-04 | 上海众人网络安全技术有限公司 | Card reader capable of generating dynamic passwords as well as dynamic password authentication system and method |
| CN102034307A (en) * | 2010-12-31 | 2011-04-27 | 上海众人网络安全技术有限公司 | Electronic wallet-based dynamic password authentication system and method |
| CN103403727B (en) * | 2011-02-16 | 2016-01-06 | Nec平台株式会社 | Additional function enable/prohibited method, its system and additional function |
| CN103403727A (en) * | 2011-02-16 | 2013-11-20 | 日本电气英富醍株式会社 | Enable/disable method of additional-function unit, system for same, program for same, as well as additional-function unit |
| CN107423975A (en) * | 2011-03-30 | 2017-12-01 | 欧诺银行 | By submitting number to carry out strong authentication |
| CN102983975B (en) * | 2012-11-12 | 2016-02-24 | 天地融科技股份有限公司 | Dynamic password display method |
| CN102983975A (en) * | 2012-11-12 | 2013-03-20 | 天地融科技股份有限公司 | Dynamic password display method |
| CN103106380B (en) * | 2013-01-11 | 2016-01-27 | 聚辰半导体(上海)有限公司 | The guard method of radio-frequency recognition system |
| CN103106380A (en) * | 2013-01-11 | 2013-05-15 | 聚辰半导体(上海)有限公司 | Protective method for radio frequency system |
| CN103152167A (en) * | 2013-03-20 | 2013-06-12 | 东信和平科技股份有限公司 | Intelligent card PIN (personal identification number) encrypted transmission method and intelligent card PIN encrypted transmission system |
| CN103297236A (en) * | 2013-05-10 | 2013-09-11 | 季亚琴科·安德烈 | User identity verification and authorization system |
| CN103297236B (en) * | 2013-05-10 | 2016-09-14 | 季亚琴科·安德烈 | Subscriber authentication authoring system |
| CN105393254B (en) * | 2013-06-21 | 2023-01-31 | Visa欧洲有限公司 | Allowing access to data |
| US11868169B2 (en) | 2013-06-21 | 2024-01-09 | Visa Europe Limited | Enabling access to data |
| CN105393254A (en) * | 2013-06-21 | 2016-03-09 | Visa欧洲有限公司 | Enabling access to data |
| CN104281952A (en) * | 2013-07-08 | 2015-01-14 | 北京旋极信息技术股份有限公司 | Dynamic password verification method |
| CN103488933A (en) * | 2013-09-27 | 2014-01-01 | 太仓苏易信息科技有限公司 | Non-contact type computer login protection system |
| CN103580856A (en) * | 2013-11-19 | 2014-02-12 | 上海众人网络安全技术有限公司 | Method for synchronizing token device according to sizes of certification windows |
| CN103634467A (en) * | 2013-11-22 | 2014-03-12 | 华为技术有限公司 | Privacy protecting method and mobile terminal |
| CN103973683A (en) * | 2014-05-06 | 2014-08-06 | 上海动联信息技术股份有限公司 | Double-password synchronization method for dynamic passwords |
| CN104063650A (en) * | 2014-06-09 | 2014-09-24 | 韩晟 | Secret key storage device and application method thereof |
| CN104394145A (en) * | 2014-11-25 | 2015-03-04 | 飞天诚信科技股份有限公司 | Dynamic token with log function and working method thereof |
| CN104867512B (en) * | 2015-03-26 | 2017-10-24 | 加一联创电子科技有限公司 | Music data acquisition methods, earphone, audio amplifier and music player |
| CN104867512A (en) * | 2015-03-26 | 2015-08-26 | 加一联创电子科技有限公司 | Music data obtaining method, earphone, loudspeaker box, and music player |
| US10019222B2 (en) | 2015-03-26 | 2018-07-10 | 1More Inc. | Method for obtaining music data, earphone and music player |
| WO2017028171A1 (en) * | 2015-08-17 | 2017-02-23 | 张焰焰 | Method and mobile terminal for authenticating account login via voice and number information |
| WO2017028249A1 (en) * | 2015-08-18 | 2017-02-23 | 张焰焰 | Method and mobile terminal for logging in to account with voice |
| WO2017031704A1 (en) * | 2015-08-25 | 2017-03-02 | 张焰焰 | Method and mobile terminal for logging in to account with fingerprint |
| CN109690596A (en) * | 2016-08-02 | 2019-04-26 | 埃迪米亚法国公司 | Dynamic security code for card transaction |
| CN109690596B (en) * | 2016-08-02 | 2023-12-08 | 埃迪米亚法国公司 | Dynamic security code for card transactions |
| CN108830977A (en) * | 2018-05-04 | 2018-11-16 | 西安石油大学 | A kind of dynamic password door-control lock and operating method |
| CN110730065A (en) * | 2018-07-17 | 2020-01-24 | 关楗股份有限公司 | Token device for key backup device and key backup system |
| CN109840404A (en) * | 2019-02-14 | 2019-06-04 | 阳江核电有限公司 | A kind of industrial computer login method and system based on event synchronization algorithm |
| CN112953711A (en) * | 2021-01-28 | 2021-06-11 | 杉德银卡通信息服务有限公司 | Database security connection system and method |
| CN113421085B (en) * | 2021-06-22 | 2022-06-21 | 深圳天盘实业有限公司 | Smart card dynamic password authentication method and system |
| CN113421085A (en) * | 2021-06-22 | 2021-09-21 | 深圳天盘实业有限公司 | Smart card dynamic password authentication method and system |
| CN115240308A (en) * | 2022-09-26 | 2022-10-25 | 深圳市极致科技股份有限公司 | Access control machine authorization method, device and system, access control machine and computer storage medium |
| CN115240308B (en) * | 2022-09-26 | 2022-12-06 | 深圳市极致科技股份有限公司 | Access control machine authorization method, device and system, access control machine and computer storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100492966C (en) | 2009-05-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100492966C (en) | Identity certifying system based on intelligent card and dynamic coding | |
| US9218493B2 (en) | Key camouflaging using a machine identifier | |
| US9305156B2 (en) | Integrity protected smart card transaction | |
| US9124433B2 (en) | Remote authentication and transaction signatures | |
| CN107077670B (en) | Method and apparatus for transmitting and processing transaction message, computer readable storage medium | |
| CN109327457A (en) | A kind of internet of things equipment identity identifying method and system based on block chain | |
| CN101651675A (en) | Method and system for enhancing security of network transactions | |
| US9065806B2 (en) | Internet based security information interaction apparatus and method | |
| US20140172741A1 (en) | Method and system for security information interaction based on internet | |
| CN102238193A (en) | Data authentication method and system using same | |
| CN102456102A (en) | Method for carrying out identity recertification on particular operation of information system by using Usb key technology | |
| CN102238135A (en) | Security authentication server | |
| US10972286B2 (en) | Token-based authentication with signed message | |
| EP3276878A1 (en) | Method for the safe authentication of a request made to a remote provider and generated in a personal device with bifurcation of the transmission of an authentication means | |
| CN201742426U (en) | Sim card safety certificate server | |
| KR20220039507A (en) | System for electronic payment based on private token and method for operating the same | |
| EP3276877A1 (en) | Method for the safe authentication of a request made to a remote provider and generated in a personal device by using a one-time password depending also on the request | |
| KR20090094716A (en) | System and Method for Managing Certificate and Program Recording Medium | |
| KR20150059645A (en) | Method for Processing Message of Telegram | |
| KR20140100461A (en) | Method for Operating Certificate |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090527 Termination date: 20161126 |