CN1731723A - Electron/handset token dynamic password identification system - Google Patents
Electron/handset token dynamic password identification system Download PDFInfo
- Publication number
- CN1731723A CN1731723A CN 200510028939 CN200510028939A CN1731723A CN 1731723 A CN1731723 A CN 1731723A CN 200510028939 CN200510028939 CN 200510028939 CN 200510028939 A CN200510028939 A CN 200510028939A CN 1731723 A CN1731723 A CN 1731723A
- Authority
- CN
- China
- Prior art keywords
- token
- mobile phone
- user
- dynamic password
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a method for dynamic identification which comprises the steps of: forming a token mobile phone by embedding a dynamic password generating device and integrating calculator, clock and liquid crystal display; activating the token mobile phone and providing users specific seed value and initialization time by mass data bank; generating a dynamic password by the token mobile. When electronic/mobile phone token users log in networks, the double-factors identification will be executed positively including inputting dynamic password and user identification which are sent to identification proxy application server; the identification proxy application server sends user's identification and dynamic password to an identification server and it looks for the token in database according to user's identification and generating contrast password with time sequence, comparing with dynamic password and sending the results to identification proxy application server; allowing user to log in if same, otherwise, declining user to log in.
Description
Technical field
The present invention relates to the information security certification technology, more particularly, relate to a kind of dynamic identity authentication method and system.
Background technology
Enter cybertimes, centralized network management and open ecommerce make information security seem particularly important.Release various software and hardware systems and product both at home and abroad, solve the different aspect of information security and the problem of different levels.As encryption and decryption technology, network invasion monitoring and various identity identifying technologies of firewall technology, VPN technologies, transfer of data and storage or the like.Wherein, authentication is the basis of information security, if can not confirm reliably whether computer information system visitor's identity is legal, and other safety measures will perform practically no function so.At present, the authentication that is different from the normal static password mainly contains following several form:
USB card, ca authentication, intellective IC card, the authentication of fingerprint rainbow mould
1.USB block the defective of aspects such as existing authentication information in transmission, to be stolen and to reuse and can only on the interface that the USB computer is arranged, use;
2.CA authentication uses public-key and private key mechanism, is guaranteed the correctness of PKI by third party's ca authentication center.But user's private key is a static information, if in case divulge a secret, just can illegally be used, and implementation cost height in addition, the working service management cost is also quite high;
3.IC the defective that card exists authentication information to be intercepted and to reuse in transmission equally, the user also must install corresponding card-reading apparatus;
4. though the authentication of fingerprint rainbow mould is to use typical personal characteristics to come the inspection user identity, security procedure is very high, because data volume is big, the difficulty that Telnet implements is big, cost is high.And its still a kind of static information in essence, so can not fundamentally stop intercepting, safety problem such as counterfeit.
So just need a kind of new safety certifying method to overcome the defective of above-mentioned several forms.
Summary of the invention
The purpose of this invention is to provide a kind of new dynamic identity authentication method and system, it adopts electron/handset token dynamic password dual factors identity identifying technology system based on clock synchronization to make user password promptly can't be stolen and can solve the problem that conventional password frequent changes is brought again.
The present invention relates to differentiate, to authorize and manage is the AAA technology of core, be based on the networked Secure Application of mobile communication, be that a kind of comprehensive utilization network communication, mobile communication and information coding are realized, be applied to the online secure authentication technology of dialling in and login operational lines such as various computer operating systems, stock exchange, e-bank, ecommerce.
According to an aspect of the present invention, provide a kind of dynamic identity authentication method, use the e-token technology, concrete authenticating step is as follows:
Implant a dynamic password generating apparatus for mobile phone and integrate the computing of mobile phone, clock, liquid crystal display function formation token mobile phone simultaneously;
The token mobile phone produces and provides specific seed of token cellphone subscriber and initialization time through activating by big plain database;
Described token mobile phone will produce a dynamic password according to the time;
When needs log on network, execute the dual factors ID authentication mechanism, import described dynamic password and user ID, and described user ID and described dynamic password are sent to authentication proxy's application server;
Authentication proxy's application server is sent to a certificate server with described user ID and dynamic password,
Described certificate server is sought described token and is generated the contrast password together according to time series according to user ID in database, compare with described dynamic password, and comparative result is delivered to described authentication proxy application server;
If described comparative result is identical, then allow the user to land, otherwise refusing user's is landed.
According to one embodiment of the invention, the dynamic password that described token mobile phone produces is an one-time password, to schedule, is generally one minute or changes once for tens seconds and can not reuse.
According to one embodiment of the invention, go into disposable dynamic password application program for described mobile phone value and form the token mobile phone.
According to one embodiment of the invention, described dynamic password application program is the pseudo-random algorithm program, described token mobile phone is implanted the validated user initialize routine, is to be produced and offered the specific seed of handset token user and initialization time is used for activating the token mobile phone by big plain database.
According to a further aspect in the invention, provide a kind of dynamic identity authentication system, use the e-token technology, comprising:
One electron/handset token, mobile phone are implanted has a dynamic password generating apparatus to form the token mobile phone, and the token mobile phone is through activating, and described token mobile phone will produce a dynamic password according to the time;
One authentication proxy's application server is connected to network, when needs land network, executes the dual factors ID authentication mechanism, the dynamic password that described authentication proxy application server receives user ID and produced by the token mobile phone;
One certificate server, receive user ID and dynamic password that described authentication proxy application server transmits, in database, seek described token and generate the contrast password together according to user ID according to time series, compare with described dynamic password, and comparative result is delivered to described authentication proxy application server;
Wherein, whether described authentication proxy application server allows the user to land according to the comparative result decision that described certificate server returns, if described comparative result is identical, then allow the user to land, otherwise refusing user's is landed.
According to one embodiment of the invention, described certificate server links to each other with the authentication proxy application server by the center local area network (LAN), and described authentication proxy application server comprises Web server, application server and communication server/router.
According to one embodiment of the invention, described authentication proxy application server is one communication server/router, is connected with the center local area network (LAN); The local user can directly be linked to the center local area network (LAN); Help by Phone/phone delegate user is connected to described center local area network (LAN) by described communication server/router after can linking public switch telephone network again; The mobile subscriber is connected into described center local area network (LAN) by described communication server/router after can leading to DDN again; Branch's LAN subscriber can be connected into and be connected into another behind branch's local area network (LAN) and be not connected into the frame relay the Internet as the communication server/router of authentication proxy's application server and be connected into the center local area network (LAN) by first communication server/router.
According to one embodiment of the invention, the dynamic password that described token mobile phone produces is an one-time password, to schedule, is generally one minute or tens seconds kinds change once and can not reuse;
Go into disposable dynamic password application program for described mobile phone value and form the token mobile phone.
According to one embodiment of the invention, described dynamic password application program is the pseudo-random algorithm program, described token mobile phone is implanted the validated user initialize routine, is to be produced and offered the specific seed of handset token user and initialization time is used for activating the token mobile phone by big plain database.
According to one embodiment of the invention, dynamic password that adopts in the initialize routine of described implantation mobile phone and disposable dynamic password application program and the described certificate server and contrast password production method comprise:
Built-in pseudo-random algorithm and token initial value;
The token function, functional form is: long acSeaKESyncAuthGenerateCode (char
*AcPartKey1, char
*AcPartKey2, char
*AcPartKey3, char
*AcPartKey4, char
*AcInitTime, char
*AcTokenPwd);
Parameter value: acPartKey1, acPartKey2, acPartKey3, acPartKey4:
The initialization seed number, wherein preceding 3 seed number that do not become at the beginning, the 4th is initially " ", the back be the dynamic password of last generation;
AcInitTime: being initialization time for the first time, is the time the when last time calculating password afterwards;
AcTokenPwd: the dynamic password of the current time of returning;
Return value is: 0 represents successfully, non-0 expression failure.
Adopted technical scheme of the present invention, adopt disclosed dynamic identity authentication method and system, electron/handset token dynamic password dual factors identity identifying technology based on clock synchronization is provided, has made user password promptly can't be stolen and can solve the problem that conventional password frequent changes is brought again.
Description of drawings
Fig. 1 is the dynamic password authentication workflow diagram according to one embodiment of the invention;
Fig. 2 is the Verification System structural representation according to one embodiment of the invention;
Fig. 3 is the application structure figure according to the Verification System of one embodiment of the invention;
Fig. 4 is that the token mobile phone is implanted disposable dynamic password function of application diagrammatic sketch according to an embodiment of the invention.
Embodiment
Further specify technical scheme of the present invention below.
The invention provides a kind of dynamic identity authentication method, use the e-token technology, show the flow chart of an one embodiment with reference to figure 1, as shown in Figure 1, its concrete authenticating step is as follows:
At first be to implant a dynamic password generating apparatus for mobile phone to form token mobile phone 100, the token mobile phone is through activating; According to one embodiment of the invention, what go into for the mobile phone value is that disposable dynamic password application program forms the token mobile phone, according to one embodiment of the invention, the dynamic password application program that value is gone into is the pseudo-random algorithm program, simultaneously, also the token mobile phone is implanted the validated user initialize routine, produce and offer the specific seed of handset token user and initialization time is used for activating the token mobile phone by big plain database.
Next token mobile phone 100 produces a dynamic password according to the time, and the dynamic password that the token mobile phone produces is an one-time password, one minute, also can be set at tens seconds and changes once and can not reuse.
Afterwards when needs log on network, execute the dual factors ID authentication mechanism, for example land by the log-in interface shown in Fig. 1 102, can require authenticated user input dynamic password and user ID this moment, and user ID and dynamic password are sent to authentication proxy's application server 104;
Authentication proxy's application server 104 is sent to a certificate server 106 with user ID and dynamic password,
Whether decision allows the user to land to authentication proxy's application server 104 according to comparative result, if comparative result is identical, then allow the user to land, otherwise refusing user's is landed.
The present invention also provides a kind of dynamic identity authentication system, with reference to figure 2,
Fig. 2 shows the structure chart according to an embodiment of dynamic identity authentication of the present invention system 200, and as shown in Figure 2, it comprises:
One electron/handset token, 202, mobile phone is implanted has a dynamic password generating apparatus to form the token mobile phone, and the token mobile phone is through activating, and the token mobile phone will produce a dynamic password according to the time; According to one embodiment of the invention, what go into for the mobile phone value is that disposable dynamic password application program forms the token mobile phone, the dynamic password application program that value is gone into is the pseudo-random algorithm program, according to one embodiment of the invention, simultaneously, also the token mobile phone being implanted the validated user initialize routine, is to be produced and offered the specific seed of handset token user and initialization time is used for activating the token mobile phone by big plain database.Token mobile phone 202 produces a dynamic password according to the time, and the dynamic password that token mobile phone 202 produces is an one-time password, one minute, also can be set at tens seconds and changes once and can not reuse.
One authentication proxy's application server 204 is connected to network, when needs land network, executes the dual factors ID authentication mechanism, the dynamic password that authentication proxy's application server receives user ID and produced by the token mobile phone;
One certificate server 206, receive user ID and dynamic password that authentication proxy's application server sends, in database, seek token and generate the contrast password together according to user ID, compare with dynamic password, and comparative result is delivered to authentication proxy's application server according to time series;
Wherein, whether authentication proxy's application server 204 allows the user to land according to the comparative result decision that certificate server 206 returns, if comparative result is identical, then allow the user to land, otherwise refusing user's is landed.
According to an application example of the present invention, authentication proxy of the present invention application server and certificate server are with a wide range of applications, with reference to figure 3 as seen: certificate server 206 links to each other with authentication proxy application server 204 by center local area network (LAN) 302, and authentication proxy's application server 204 comprises Web server 204a, application server 204b and communication server/router two 04c.With reference to example shown in Figure 3, for the situation of communication server/router two 04c as authentication proxy's application server, this communication server/router two 04c is connected with center local area network (LAN) 302; Local user 304 can directly be linked to center local area network (LAN) 302; Help by Phone/phone delegate user 306 is connected to center local area network (LAN) 302 by communication server/router two 04c after can linking public switch telephone network 308 again; Mobile subscriber 310 is connected into center local area network (LAN) 302 by communication server/router two 04c after can being communicated with DDN 312 again; Branch's LAN subscriber 314 can be connected into and be connected into another behind branch's local area network (LAN) 316 and be not connected into frame relay the Internet 320 as the communication server/router three 18 of authentication proxy's application server and be connected into center local area network (LAN) 302 by communication server/router two 04c.
In the present invention, authentication proxy's application server can be regarded as the client of certificate server, is the protected authentication resource of any needs in the enterprise network.Authentication proxy's application server resembles one " safe sentry " in whole system.More particularly: for the situation of Web server as authentication proxy's application server; authentication proxy's application server is the safety that is used for protecting Web server; and be connected on the certificate server by the TCP/IP network, this just provides the authentication service for Web server.
When the user attempted to enter the resource of certified agent application server protection, the user was required to import its effective proof of identification at once, i.e. PIN code and the dynamic password that produces from electron/handset token.These data are sent on the certificate server by SSL, and whether the PIN and the dynamic password of checking input be effective there, illustrates above the method for checking, are to be produced according to token and time by certificate server to verify after a contrast password compares.User by verifying dynamic password just can enter, and uncommitted disabled user then is denied access to shielded Web server.
The selected page and the catalogue of authentication proxy's application server protection Web server.After the catalogue and file start agent software of Web server, all attempt to visit the user of these protected Web pages, need show dynamic password.The user who has only these server databases to register could visit the page that is subjected to the dynamic password protection.Therefore, both can offer all users to the website as public resource, and also can come it to send security information as the secret website of height to the trusted user.
Authentication proxy of the present invention application server can provide the dynamic password protection to following Web platform:
1) IIS virtual server, path and file; Outlook Web Access; Microsoft SiteServer and Site Server Commerce Edition; Microsoft Proxy Server.
2) Lotus database (address book, calendar, mail etc.), URL path and be installed in file on the Domino Web server on the WindowsNT platform.
3) Web server root or the login authentication on Windows NT or unix platform (Solaris, HP-UX and AIX).
Can arrange security service quickly and easily according to identity identifying method of the present invention, and not need with user's desktop mutual.Before the user gets permission to visit secret Web resource, must determine user's identity, put teeth in the security strategy that they formulate.
Certificate server among the present invention has with the clock synchronization algorithm to be all kinds of core safety certification administration modules of mechanism and to embed and be compatible with the various professional application system of computer network with software development packet form (multiple application interface is provided), uses the authentication of dynamic password dual factors.Certificate server of the present invention operates under the network environment, and all users of centralized control provide authentication, mandate and auditing service simultaneously to the visit of network.
Dynamic password that adopts in the initialize routine of implantation mobile phone and disposable dynamic password application program and the certificate server and contrast password production method comprise:
Built-in pseudo-random algorithm and token initial value;
B. token function comprises:
Functional form is: long acSeaKESyncAuthGenerateCode (char
*AcPartKey1, char
*AcPartKey2, char
*AcPartKey3, char
*AcPartKey4, char
*AcInitTime, char
*AcTokenPwd);
Parameter value: acPartKey1, acPartKey2, acPartKey3, acPartKey4:
The initialization seed number, wherein preceding 3 seed number that do not become at the beginning, the 4th is initially " ", the back be the dynamic password of last generation;
AcInitTime: being initialization time for the first time, is the time the when last time calculating password afterwards;
AcTokenPwd: the dynamic password of the current time of returning;
Return value is: 0 represents successfully, non-0 expression failure.
Aforementioned algorithm was both used in certificate server, used in mobile phone again.With reference to figure 4, Fig. 4 is that the token mobile phone is implanted disposable dynamic password function of application block diagram according to an embodiment of the invention, it value of comprising is gone into pseudo-random algorithm program 402 and the initialize routine 404 in the existing mobile phone kernel 400, mobile phone kernel 400 is connected to mobile phone display screen 412 by clock line 406, computing circuit 408 and liquid crystal display circuit 410, dynamic password can be presented on the mobile phone display screen 412 after the calculating of finishing dynamic password.
According to one embodiment of the invention, certificate server can also realize that User Token imports, derives; Newly-built and the deletion User Token; Enable and forbid User Token; User's static password is set, and the distributing user token is provided with the authority of User Token; Show and edit token information and comprise: import, derive, token is reported the loss in deletion; The token clock error is synchronous automatically; The token log audit; Attached charging.
Comprehensive, use identity identifying method of the present invention and system to have following advantage:
The online Security Authentication Service function of dialling in of superior mobile communication: support various main flow mobile phone models, directly on the mobile phone color screen, show (based on clock synchronization mechanism) dynamic password (6-10 position), this password has randomness, disposable, characteristics such as convenience, this dynamic password mobile phone is in conjunction with the use of certificate server authentication proxy, but the various operational applications of secure log system, online e-bank, stock exchange trading system, electronic commerce transaction system carries out the online identification safety authentication of dialling in, also can be used as the electron/handset token dynamic password dual factors identification safety authentication of Collective qualification control, do not influence the speech quality of mobile communication and other function of mobile phone simultaneously.
Good interoperability: the network equipment of authentication proxy's application server and certificate server and various main flows (as CISCO, PERLE, BAY, Huawei etc.) interoperability is strong, for different user mechanism provides maximum flexibility and investment protective capability.By identity verification scheme, remote access products, Internet fire compartment wall, VPN, network operating system (NT, 2000 and main flow Linux, UNIX) can direct built-in identity identifying technologies.
Compatible main standard: authentication proxy of the present invention application server and certificate server comprise radius server, so the user can really authenticate leading subscriber account number the single database of use from RADIUS and woods.
In sum, adopt identity identifying method of the present invention and system, use and easy to carry, (token) mobile phone both can be used for mobile communication, can be used as the identity sign of safety certification again, subscriber authentication settles at one go, and comparison condition/answer (Challenge/response) is simple.Can prevent person's visit information resource without permission, can be in the network system application program identifying user identity.Can generate uncertain one-time password (usually gap time change in 60 seconds once) automatically, prevent that malice from falsely using.Do not need special identification equipment, wireless connections, mobility is strong, and is easy to operate, be onlinely dial in, ideal tools that remote access and Virtual Private Network use.
The present invention has disclosed a kind of dynamic identity authentication method and system, electron/handset token dynamic password dual factors identity identifying technology based on clock synchronization is provided, has made user password promptly can't be stolen and can solve the problem that conventional password frequent changes is brought again.
Though technical scheme of the present invention is illustrated in conjunction with preferred embodiment; but it should be appreciated by those skilled in the art; various modifications or change for the above embodiments are predictable; this should not be regarded as having exceeded protection scope of the present invention; therefore; protection scope of the present invention is not limited to above-mentioned specifically described embodiment, and should be the scope the most widely that meets the inventive features that discloses in this place.
Claims (10)
1. a dynamic identity authentication method is used the e-token technology, it is characterized in that:
Implant a dynamic password generating apparatus for mobile phone and integrate the computing of mobile phone, clock, liquid crystal display function formation token mobile phone simultaneously;
The token mobile phone produces and provides specific seed of token cellphone subscriber and initialization time through activating by big plain database;
Described token mobile phone will produce a dynamic password according to the time;
When needs log on network, execute the dual factors ID authentication mechanism, import described dynamic password and user ID, and be sent to authentication proxy's application server;
Authentication proxy's application server is sent to a certificate server with described user ID and dynamic password;
Described certificate server is sought described token and is generated the contrast password together according to time series according to user ID in database, compare with described dynamic password, and comparative result is delivered to described authentication proxy application server;
If described comparative result is identical, then allow the user to land, otherwise refusing user's is landed.
2. dynamic identity authentication method as claimed in claim 1 is characterized in that, the dynamic password that described token mobile phone produces is an one-time password, changes once on schedule and can not reuse.
3. dynamic identity authentication method as claimed in claim 2 is characterized in that, goes into disposable dynamic password application program for described mobile phone value and forms the token mobile phone.
4. dynamic identity authentication method as claimed in claim 3, it is characterized in that described dynamic password application program is the pseudo-random algorithm program, described token mobile phone is implanted the validated user initialize routine, is to be produced and offered the specific seed of token cellphone subscriber and initialization time is used for confirming the legitimacy of authenticated user and activates the token mobile phone by big plain database.
5. a dynamic identity authentication system uses the e-token technology, it is characterized in that, comprising:
One electron/handset token, mobile phone are implanted has a dynamic password generating apparatus to form the token mobile phone, and the token mobile phone is through activating, and described token mobile phone will produce a dynamic password according to the time;
One authentication proxy's application server is connected to network, when needs land network, and the dynamic password that described authentication proxy application server receives user ID and produced by the token mobile phone;
One certificate server, receive user ID and dynamic password that described authentication proxy application server transmits, in database, seek described token and generate the contrast password together according to user ID according to time series, compare with described dynamic password, and comparative result is delivered to described authentication proxy application server;
Wherein, whether described authentication proxy application server allows the user to land according to the comparative result decision that described certificate server returns, if described comparative result is identical, then allow the user to land, otherwise refusing user's is landed.
6. the system of dynamic identity authentication as claimed in claim 5, it is characterized in that, described certificate server links to each other with the authentication proxy application server by the center local area network (LAN), and described authentication proxy application server comprises Web server, application server and communication server/router.
7. dynamic identity authentication as claimed in claim 6 system is characterized in that described authentication proxy application server is one communication server/router, is connected with the center local area network (LAN); The local user can directly be linked to the center local area network (LAN); Help by Phone/phone delegate user is connected to described center local area network (LAN) by described communication server/router after can linking public switch telephone network again; The mobile subscriber is connected into described center local area network (LAN) by described communication server/router after can being communicated with DDN again; Branch's LAN subscriber can be connected into and be connected into another behind branch's local area network (LAN) and be not connected into the frame relay the Internet as the communication server/router of authentication proxy's application server and be connected into the center local area network (LAN) by first communication server/router.
8. dynamic identity authentication as claimed in claim 7 system is characterized in that, the dynamic password that described token mobile phone produces is an one-time password, changes once on schedule and can not reuse;
Implant disposable dynamic password application program for described mobile phone and form the token mobile phone,
Described dynamic password application program is the pseudo-random algorithm program.
9. dynamic identity authentication as claimed in claim 8 system, it is characterized in that, describedly also described token mobile phone being implanted the validated user initialize routine, is to be produced and offered the specific seed of handset token user and initialization time is used for activating the token mobile phone by big plain database
10. dynamic identity authentication as claimed in claim 9 system is characterized in that, dynamic password that adopts in the initialize routine of described implantation mobile phone and disposable dynamic password application program and the described certificate server and contrast password production method comprise:
Built-in pseudo-random algorithm and token initial value;
The token function, functional form is: long acSeaKESyncAuthGenerateCode (char*acPartKey1, char * acPartKey2, char * acPartKey3, char * acPartKey4, char*acInitTime, char * acTokenPwd);
Parameter value: acPartKey1, acPartKey2, acPartKey3, acPartKey4:
The initialization seed number, wherein preceding 3 seed number that do not become at the beginning, the 4th is initially " ", the back be the dynamic password of last generation;
AcInitTime: being initialization time for the first time, is the time the when last time calculating password afterwards;
AcTokenPwd: the dynamic password of the current time of returning;
Return value is: 0 represents successfully, non-0 expression failure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510028939 CN1731723A (en) | 2005-08-19 | 2005-08-19 | Electron/handset token dynamic password identification system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510028939 CN1731723A (en) | 2005-08-19 | 2005-08-19 | Electron/handset token dynamic password identification system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1731723A true CN1731723A (en) | 2006-02-08 |
Family
ID=35964032
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200510028939 Pending CN1731723A (en) | 2005-08-19 | 2005-08-19 | Electron/handset token dynamic password identification system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1731723A (en) |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009097778A1 (en) * | 2008-02-01 | 2009-08-13 | Huawei Technologies Co., Ltd. | A method, device and system for calling the security interface |
| CN101398952B (en) * | 2007-09-25 | 2010-09-01 | 中国移动通信集团公司 | User identity verification mode management device, platform and method for verifying user identity |
| CN1925398B (en) * | 2006-09-25 | 2011-02-16 | 上海林果科技有限公司 | Cipher card dynamic identification method and system based on pre-computation |
| CN101309268B (en) * | 2008-05-21 | 2011-04-27 | 北京飞天诚信科技有限公司 | Dynamic token preventing false trigger and control method thereof |
| CN102055766A (en) * | 2010-12-31 | 2011-05-11 | 北京新媒传信科技有限公司 | Webservice service management method and system |
| CN101420298B (en) * | 2008-09-08 | 2011-05-18 | 北京飞天诚信科技有限公司 | Method and system for negotiating cipher |
| CN101166092B (en) * | 2006-10-19 | 2011-07-06 | 富士施乐株式会社 | Authentication system, authentication-service-providing device and authentication-service-providing method |
| CN102426592A (en) * | 2011-10-31 | 2012-04-25 | 北京人大金仓信息技术股份有限公司 | Method for initializing database based on dynamic password |
| CN101699892B (en) * | 2009-10-30 | 2012-06-06 | 北京神州付电子支付科技有限公司 | Method and device for generating dynamic passwords and network system |
| CN101605030B (en) * | 2008-06-13 | 2012-09-05 | 新奥特(北京)视频技术有限公司 | Active Directory-based uniform authentication realizing method applied to TV station |
| CN101719826B (en) * | 2009-05-13 | 2013-01-02 | 北京宏基恒信科技有限责任公司 | Dynamic token having function of updating seed key and updating method for seed key thereof |
| CN103152172A (en) * | 2011-12-07 | 2013-06-12 | 中国电信股份有限公司 | Method and client side and server and system for mobile token dynamic password generation |
| CN103220148A (en) * | 2013-04-03 | 2013-07-24 | 天地融科技股份有限公司 | Method and system for electronic signature token to respond operation request, and electronic signature token |
| CN103269483A (en) * | 2013-06-03 | 2013-08-28 | 上海众人网络安全技术有限公司 | Multi-mode activation system and method of OOAC (object-oriented access control) mobile phone token |
| CN103346885A (en) * | 2013-06-26 | 2013-10-09 | 飞天诚信科技股份有限公司 | Method for activating token equipment |
| CN105282166A (en) * | 2015-11-04 | 2016-01-27 | 浪潮(北京)电子信息产业有限公司 | Identity authentication method and system for linux operating system |
| CN105516069A (en) * | 2014-09-28 | 2016-04-20 | 腾讯科技(深圳)有限公司 | Data processing method, data processing device, and data processing system |
| CN103856447B (en) * | 2012-11-30 | 2017-04-05 | 富士通株式会社 | Integral unit performs device, generating means and correlation method and corresponding mobile terminal |
| CN108809935A (en) * | 2018-04-20 | 2018-11-13 | 国网江西省电力有限公司信息通信分公司 | A kind of cloud environment or the safety access control method under virtual environment and device |
| CN109547196A (en) * | 2018-11-16 | 2019-03-29 | 飞天诚信科技股份有限公司 | The implementation method and wrist-watch token system and device of a kind of wrist-watch token system |
| CN110602700A (en) * | 2019-09-23 | 2019-12-20 | 飞天诚信科技股份有限公司 | Seed key processing method and device and electronic equipment |
| CN112910854A (en) * | 2021-01-18 | 2021-06-04 | 深圳万物安全科技有限公司 | Method and device for safe operation and maintenance of Internet of things, terminal equipment and storage medium |
-
2005
- 2005-08-19 CN CN 200510028939 patent/CN1731723A/en active Pending
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1925398B (en) * | 2006-09-25 | 2011-02-16 | 上海林果科技有限公司 | Cipher card dynamic identification method and system based on pre-computation |
| CN101166092B (en) * | 2006-10-19 | 2011-07-06 | 富士施乐株式会社 | Authentication system, authentication-service-providing device and authentication-service-providing method |
| CN101398952B (en) * | 2007-09-25 | 2010-09-01 | 中国移动通信集团公司 | User identity verification mode management device, platform and method for verifying user identity |
| WO2009097778A1 (en) * | 2008-02-01 | 2009-08-13 | Huawei Technologies Co., Ltd. | A method, device and system for calling the security interface |
| CN101309268B (en) * | 2008-05-21 | 2011-04-27 | 北京飞天诚信科技有限公司 | Dynamic token preventing false trigger and control method thereof |
| CN101605030B (en) * | 2008-06-13 | 2012-09-05 | 新奥特(北京)视频技术有限公司 | Active Directory-based uniform authentication realizing method applied to TV station |
| CN101420298B (en) * | 2008-09-08 | 2011-05-18 | 北京飞天诚信科技有限公司 | Method and system for negotiating cipher |
| CN101719826B (en) * | 2009-05-13 | 2013-01-02 | 北京宏基恒信科技有限责任公司 | Dynamic token having function of updating seed key and updating method for seed key thereof |
| CN101699892B (en) * | 2009-10-30 | 2012-06-06 | 北京神州付电子支付科技有限公司 | Method and device for generating dynamic passwords and network system |
| CN102055766B (en) * | 2010-12-31 | 2013-06-12 | 北京新媒传信科技有限公司 | Webservice service management method and system |
| CN102055766A (en) * | 2010-12-31 | 2011-05-11 | 北京新媒传信科技有限公司 | Webservice service management method and system |
| CN102426592B (en) * | 2011-10-31 | 2014-10-08 | 北京人大金仓信息技术股份有限公司 | Method for initializing database based on dynamic password |
| CN102426592A (en) * | 2011-10-31 | 2012-04-25 | 北京人大金仓信息技术股份有限公司 | Method for initializing database based on dynamic password |
| CN103152172B (en) * | 2011-12-07 | 2017-03-22 | 中国电信股份有限公司 | Method and client side and server and system for mobile token dynamic password generation |
| CN103152172A (en) * | 2011-12-07 | 2013-06-12 | 中国电信股份有限公司 | Method and client side and server and system for mobile token dynamic password generation |
| CN103856447B (en) * | 2012-11-30 | 2017-04-05 | 富士通株式会社 | Integral unit performs device, generating means and correlation method and corresponding mobile terminal |
| CN103220148B (en) * | 2013-04-03 | 2015-12-09 | 天地融科技股份有限公司 | The method of electronic signature token operation response request, system and electronic signature token |
| CN103220148A (en) * | 2013-04-03 | 2013-07-24 | 天地融科技股份有限公司 | Method and system for electronic signature token to respond operation request, and electronic signature token |
| CN103269483B (en) * | 2013-06-03 | 2015-09-23 | 上海众人网络安全技术有限公司 | A kind of OOAC handset token multi-mode activation system and method |
| CN103269483A (en) * | 2013-06-03 | 2013-08-28 | 上海众人网络安全技术有限公司 | Multi-mode activation system and method of OOAC (object-oriented access control) mobile phone token |
| CN103346885B (en) * | 2013-06-26 | 2016-02-24 | 飞天诚信科技股份有限公司 | A kind of Activiation method of token device |
| CN103346885A (en) * | 2013-06-26 | 2013-10-09 | 飞天诚信科技股份有限公司 | Method for activating token equipment |
| CN105516069B (en) * | 2014-09-28 | 2020-10-09 | 腾讯科技(深圳)有限公司 | Data processing method, device and system |
| CN105516069A (en) * | 2014-09-28 | 2016-04-20 | 腾讯科技(深圳)有限公司 | Data processing method, data processing device, and data processing system |
| CN105282166A (en) * | 2015-11-04 | 2016-01-27 | 浪潮(北京)电子信息产业有限公司 | Identity authentication method and system for linux operating system |
| CN108809935A (en) * | 2018-04-20 | 2018-11-13 | 国网江西省电力有限公司信息通信分公司 | A kind of cloud environment or the safety access control method under virtual environment and device |
| CN109547196A (en) * | 2018-11-16 | 2019-03-29 | 飞天诚信科技股份有限公司 | The implementation method and wrist-watch token system and device of a kind of wrist-watch token system |
| CN109547196B (en) * | 2018-11-16 | 2021-11-02 | 飞天诚信科技股份有限公司 | Watch token system implementation method, watch token system and device |
| CN110602700A (en) * | 2019-09-23 | 2019-12-20 | 飞天诚信科技股份有限公司 | Seed key processing method and device and electronic equipment |
| CN110602700B (en) * | 2019-09-23 | 2023-01-17 | 飞天诚信科技股份有限公司 | Seed key processing method and device and electronic equipment |
| CN112910854A (en) * | 2021-01-18 | 2021-06-04 | 深圳万物安全科技有限公司 | Method and device for safe operation and maintenance of Internet of things, terminal equipment and storage medium |
| CN112910854B (en) * | 2021-01-18 | 2022-07-26 | 深圳万物安全科技有限公司 | Method and device for safe operation and maintenance of Internet of things, terminal equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1731723A (en) | Electron/handset token dynamic password identification system | |
| US9576146B2 (en) | Service oriented secure collaborative system for compartmented networks | |
| CN101207485B (en) | System and method of unification identification safety authentication for users | |
| CN101674304B (en) | Network identity authentication system and method | |
| CN100542092C (en) | Distributed access control method in multistage securities | |
| CN108880822B (en) | Identity authentication method, device and system and intelligent wireless equipment | |
| CN1191703C (en) | Safe inserting method of wide-band wireless IP system mobile terminal | |
| CN101741860B (en) | Computer remote security control method | |
| CN1879071A (en) | Method and system for the authentication of a user of a data processing system | |
| CN106453361B (en) | A kind of security protection method and system of the network information | |
| CN1805341A (en) | Network authentication and key allocation method across secure domains | |
| CN103152179A (en) | Uniform identity authentication method suitable for multiple application systems | |
| CN1631001A (en) | System and method for creating a secure network using identity credentials of batches of devices | |
| CN1480852A (en) | Method and system for providing information related to status and preventing attacks from middleman | |
| CN101488857B (en) | Authenticated service virtualization | |
| CN1694555A (en) | Dynamic cipher system and method based on mobile communication terminal | |
| CN102457491B (en) | Dynamic identity authenticating method and system | |
| CN1268157C (en) | A handset used for dynamic identity authentication | |
| CN103986734B (en) | Authentication management method and authentication management system applicable to high-security service system | |
| CN108833363A (en) | A kind of block chain right management method and system | |
| CN106936588A (en) | A kind of trustship method, the apparatus and system of hardware controls lock | |
| CN101068255A (en) | User identification method and device in safety shell protocol application | |
| CN1822541A (en) | Device and method for controlling computer access | |
| CN1186723C (en) | Dynamic password identity authentication system applicable to network based on software token | |
| CN1925398A (en) | Cipher card dynamic identification method and system based on pre-computation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1088147 Country of ref document: HK |
|
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20060208 |
|
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: WD Ref document number: 1088147 Country of ref document: HK |