CN1777098A - Dynamic cipher authentication system, method and its use - Google Patents
Dynamic cipher authentication system, method and its use Download PDFInfo
- Publication number
- CN1777098A CN1777098A CN 200410084210 CN200410084210A CN1777098A CN 1777098 A CN1777098 A CN 1777098A CN 200410084210 CN200410084210 CN 200410084210 CN 200410084210 A CN200410084210 A CN 200410084210A CN 1777098 A CN1777098 A CN 1777098A
- Authority
- CN
- China
- Prior art keywords
- dynamic
- user
- application system
- server
- dynamic password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
Being transmitted based on Internet, authentication system of dynamic cipher includes application system server, terminals of application system server, card of dynamic cipher. Card of dynamic cipher generates random dynamic cipher. Through terminals of application system server, users send dynamic ciphers to the application system server. Carrying out authentication for the dynamic cipher, application system server determines whether the user is allowed to log on based on result of authentication. Through authentication mechanism in double factors, the invention authenticates user's ID. Features are: time varying dynamic cipher, not easy of guessing subsequent cipher since particular algorithm applied. The invention is applicable to multiple areas including game, finance, negotiable securities, business management and electronic commerce etc.
Description
Technical field
The present invention relates to a kind of dynamic cipher authentication system, authentication method and uses thereof, relate in particular to a kind of dynamic cipher authentication system, authentication method and uses thereof based on mobile token.
Background technology
Authentication is the assurance system safety, stable operation is indispensable and a vital link.The user is when the access application system, the identity that needs at first to verify the user by certain Authentication mechanism with declared whether consistent, after the authentication success could according to user's identity and authorization database decision user whether can access system certain resource or carry out a certain operation, otherwise its visit will be refused by system.
At present, Chang Yong identity identifying technology mainly contains fixed password comment and dynamic cipher verification dual mode.
The fixed password authentication mode adopts the authentication mode of " user name/account number+password=user identity ", password is by establishing certainly, memory is in brain, input user name/account number during login earlier, input password again, two string numerals can be confirmed as the legal authorization user with the consistent of background system reservation, otherwise then are the disabled user.It is an a kind of mature technology that is generally adopted in a lot of fields because of its great convenience property that the mode of this employing account number encrypted code is carried out authentication technology to the identity of authorization object all the time.But the shortcoming of this authentication mode is: because client's account number is the plaintext of fixing (generally being the Arabic numerals of not encrypting and letter), password is again static, the client can not revise in a very long time, along with the strange land login is more and more frequent, the development of the variation of applied environment and high-tech crime means is stolen after these two personation legal authorization user and is entered its account to carry out the case of malicious operation more and more.In a word, adding the security intensity that static password (fixed password) confirms client identity authentication with user name is nowhere near.
Dynamic cipher verification is the back kind of effective means that improves cryptosecurity intensity.Existing dynamic cipher authentication system mainly is made up of dynamic password generation/certificate server, dynamic password generation/authentication backup server, client receiver and management work station etc.It is based on dynamic password generation/certificate server end and produces a dynamic password, send to client receiver (communicating terminal, as mobile phone etc.), the dynamic password of importing static password when the client logins simultaneously and receiving is to solve the problem that static password is decrypted.But this dynamic cipher verification mode also has its inevitable shortcoming, and the client must have a portable terminal to receive dynamic password, and needs to borrow and wireless telecommunication system, has certain unreliability.
Summary of the invention
In order to solve the defective of Current Password verification system, the invention provides a kind of saferly, use more convenient dynamic password identity authorization system, method and uses thereof.
Dynamic cipher authentication system of the present invention transmits based on the Internet, comprises the application system server, application system server terminal, dynamic password card.The dynamic password card produces random dynamic puzzle, and the user sends to the application system server by application system terminal with this dynamic password, and the application system server authenticates this dynamic password, and determines according to authentication result whether the user can login.
Described application system server comprises a dynamic cipher verification server, and it calculates authentication password according to computation rule, and the password of importing with the user compares, and then authentication result is returned the application system server.
Described application system server also comprises management work station, and its user's operation, inquiry, parameter designing, backup to the dynamic password card manages.
Described application system server also comprises a database server, is used for memory system data.
The application system server is provided with a time window, allows the dynamic password card login in this time window.
Time window between dynamic password card and the application system server can dynamically be adjusted according to login blanking time or different calling.
The user uses the time of dynamic password card to surpass the time window of setting, and system then can require the user to import current password and next dynamic password card.
Each dynamic password is stuck in when enabling on the application system server and user name binding.
The user applies for binding when enabling the dynamic password card, the application system server is set a checking phase, and user identity is verified.
The user applies for binding when enabling the dynamic password card, the application system server is also set an affirmation phase, and the user must confirm this binding in the affirmation phase.
Described application system server is a network game server.
Dynamic cipher authentication method of the present invention comprises the steps:
The user opens the dynamic password card, with the dynamic password input application system server terminal that shows on it;
The application system server terminal is sent to the application system server with dynamic password;
System verifies dynamic password, and whether definite user can login.
Dynamic password is verified it is that certificate server by application system is embedded in is finished, and certificate server returns authentication result to the application system server.
Dynamic password verified by a certificate server finishes that certificate server returns authentication result to the application system server.
Certificate server is verified the dynamic password in the certain hour window.
The time window of certificate server is dynamically to adjust.
The user uses the time of dynamic password card to surpass the time window of setting, and system then can require the user to import current password and next dynamic password card.
The user is when enabling dynamic password, and system prompt is bound dynamic password card and user's account earlier.
System verifies binding application, and sets an affirmation phase, and the user confirmed binding in this affirmation phase.
Described application system server is a network game server.
Management work station manages user's operation, inquiry, parameter designing, the backup of dynamic password card.
Dynamic cipher authentication system of the present invention and method can be used for multiple fields such as recreation, finance, security, business administration and ecommerce.
The present invention carries out two-factor authentication mechanism and differentiates user identity, and dynamic password changes in time, and difficult quilt is plagiarized, and has unique algorithm, also is difficult for being pushed and measures follow-up password, can prevent effectively that user name is stolen.
Description of drawings
The present invention is further described below in conjunction with drawings and Examples.
Fig. 1 is the configuration diagram of a kind of embodiment of cipher authentication system of the present invention.
Fig. 2 is the configuration diagram of the another kind of embodiment of cipher authentication system of the present invention.
Fig. 3 is the main flow chart of cipher authentication method of the present invention.
Fig. 4 is the first authentication branch flow chart of cipher authentication method of the present invention.
Fig. 5 is the second authentication branch flow chart of cipher authentication method of the present invention.
Fig. 6 is the binding flow chart of cipher authentication method of the present invention.
Fig. 7 is that separating of cipher authentication method of the present invention tied up flow chart.
Embodiment
As shown in Figure 1, in one embodiment of the invention, the application system server is the online game application server, and the application system server terminal is the network gaming user terminal, between user terminal and the game server based on the Internet swap data.
Can also be provided with one or more database servers, be used for memory system data, also can adopt the database that embeds the recreation application server.
Also comprise management work station, its user's operation, inquiry, parameter designing, backup to the dynamic password card manages.
The another kind of embodiment of system of the present invention as shown in Figure 2, its framework hierarchical design, user terminal is a ground floor, and recreation logon server and Mi Bao website by the Internet and the second layer link, and the second layer also is to link by the Internet and token certificate server.
When enabling the dynamic password card, user capture recreation application server, the input user account number, static password, the product ID of dynamic password card (token), application sticks into the row binding with user account number and dynamic password, system is provided with a checking phase and an affirmation phase, the length of checking phase and affirmation phase can be set arbitrarily, and operated by rotary motion becomes the cycle of user login services device, about about 6 days.The user need confirm at last to this binding in the affirmation phase that the purpose that the affirmation phase is set is in order to prevent the malice binding.System also can not establish the checking phase, a setting check phase.
The account still can use during the application binding, and system can point out and apply for binding when login, for new registration the Account Request binding finish immediately, do not establish checking phase and affirmation phase, do not need to confirm binding.
As Fig. 3, Fig. 4, user cipher identifying procedure shown in Figure 5, the dynamic password card produces random dynamic puzzle, and user's (on game client or webpage) connects the application system server; Input the numeral that shows on user name, static password and the dynamic password card dynamic login password as this moment at user terminal; Logon server obtains this user's relevant data from database, judge whether static password is correct, by checking, system carries out close precious binding state again and judges, if not binding, then by normal flow process login, if bind, system is submitted to the token certificate server with the sequence number and the dynamic password of dynamic password card, whether correct by token server authentication dynamic password, certificate server calculates authentication password according to the secret data of being determined by user identity, inputs password relatively with the user, and the return authentication result; If information such as unusual do not occur connecting,, allow logon server then by checking; If this user reports the loss, then according to the user select report the loss after can login maybe and cannot login the notice client; If this token stops using, expire, bind and do not have or do not exist this sequence number, then notify client, the change database is put not binding state, allows the client normally login; If other failure information sends concrete failure information to client, notify the client normally to login; If desired input for the second time password verify the password next time of then pointing out the user to input close treasured, and submit the certificate server authentication to, return authentication result, and then undertaken by above-mentioned steps.If this token is in the binding, whether system detects the binding date of application above 6 days, if surpass 6 days as yet, the prompting client confirms after the application phase adds 6 days; If the user applies date surpasses 12 days or the user gave password for change by webpage, then sends to separate and tie up relevant information and separate to token server and tie up, otherwise the prompting client confirms binding that the user can select to bind immediately or bind later on again.
As shown in Figure 6, the user will need enter the application system server with dynamic password card and game account binding, input binding relevant information, dynamic password, whether the system verification static password is correct, if correct, then will bind relevant information, dynamic password is submitted to the token certificate server, and obtain the token server return value, if dynamic password is correct, the state of token is correct, corresponding data in system's change logon server database, and the notice client is bound successfully.If dynamic password verification is not passed through, then notify client's Bind Failed or require the client to import next dynamic password, checking again, and repeat above-mentioned steps.
As shown in Figure 7, the user will remove the binding of recreation account number and dynamic password card, enter the application system server, input is separated and is tied up relevant information, dynamic password, whether the system verification static password is correct, if it is correct, whether the account number in the system judgment data storehouse binds, if bind, to separate and tie up relevant information, dynamic password is submitted to the token certificate server, and obtains the token server return value, if dynamic password is correct, the state of token is correct, and system removes the binding relationship in the database and notifies the success of client unbind.If dynamic password verification is not passed through, then notify client's Bind Failed or require the client to import next dynamic password, checking again, and repeat above-mentioned steps.
Certificate server can be a stand-alone mode, also can be embedded in the recreation application server;
The recreation application server is provided with a time window, allows the dynamic password login in this time window.Therefore consider that the password that had shown has the possibility of leakage, follow-up password then is difficult to be pushed measure, and adopts asymmetrical time window, all allows login as 2 minutes dynamic password after preceding 1 minute;
Login different card blanking time is adopted different time windows, is 1 minute as the card time window of not logining in a week, and the card time window of not logining in two weeks is 2 minutes;
When the user when using dynamic password, surpassed the scope that time window allowed, the password that system then requires the user to input current password and next minute is calibrated;
Departure to every card is dynamically adjusted: when the user used dynamic password at every turn, system can adjust according to its departure;
Owing to each safety requirements difference of calling, adopt different time window sizes, as when product is enabled, allowing 10 minutes error range, 1 minute error range of permission when login.
If the user loses the dynamic password card, can report the loss to system's application.Reported the loss two kinds of selections, a kind of is can login account number with quiet code after reporting the loss, and a kind of is to report the loss the back account number to forbid login.
If the user loses the dynamic password card and give the dynamic password card again for change after system's application is reported the loss, the user can apply for removing and report the loss.After releasing was reported the loss, the dynamic password card came into force again to the protection of account number.
If the user does not want to re-use the dynamic password card, can stop using to system's application.Dynamic password card after stopping using no longer includes protective effect to account number.
If the user wants the dynamic password card with new dynamic password card replace old, can replace to system's application.Replace all authentications of back user, bind, separate and operation such as tie up and directly to use new dynamic password card.
Cipher authentication system of the present invention and method can also be used for the multiple fields that need login password authentication such as bank, security, business administration and ecommerce.
Claims (21)
1. dynamic cipher authentication system, comprise the application system server, the application system server terminal, the dynamic password card, it is characterized in that the dynamic password card produces random dynamic puzzle, the user sends to the application system server by the application system server terminal with this dynamic password, the application system server authenticates this dynamic password, and determines according to authentication result whether the user can login.
2. dynamic cipher authentication system as claimed in claim 1, it is characterized in that described application system server comprises a dynamic cipher verification server, it calculates authentication password according to computation rule, and compare, and authentication result is returned the application system server with the password of user input.
3. dynamic cipher authentication system as claimed in claim 2 is characterized in that, described application system server also comprises management work station, and its user's operation, inquiry, parameter designing, backup to the dynamic password card manages.
4. dynamic cipher authentication system as claimed in claim 3 is characterized in that, the application system server is provided with a time window, allows the dynamic password login in this time window.
5. dynamic cipher authentication system as claimed in claim 4 is characterized in that, the time window between dynamic password card and the application system server can dynamically be adjusted according to login blanking time or different calling.
6. dynamic cipher authentication system as claimed in claim 5 is characterized in that, the user uses the time of dynamic password card to surpass the time window of setting, and system then can require the user to import current password and next dynamic password.
7. dynamic cipher authentication system as claimed in claim 6 is characterized in that, each dynamic password is stuck in when enabling on the application system server and user name binding.
8. dynamic cipher authentication system as claimed in claim 7 is characterized in that, the user applies for binding when enabling the dynamic password card, and the application system server is set a checking phase, and user identity is verified.
9. dynamic cipher authentication system as claimed in claim 8 is characterized in that, the user applies for binding when enabling the dynamic password card, and the application system server is also set an affirmation phase, and the user must confirm this binding in the affirmation phase.
10. dynamic cipher authentication system as claimed in claim 9 is characterized in that, described application system server is a network game server.
11. a dynamic cipher authentication method comprises the steps:
(1) user opens the dynamic password card, with the dynamic password input application system terminal that shows on it;
(2) application system terminal is sent to the application system server with dynamic password;
(3) system verifies dynamic password, and whether definite user can login.
12. dynamic cipher authentication method as claimed in claim 11 is characterized in that: dynamic password is verified it is that certificate server by application system is embedded in is finished, and certificate server returns authentication result to the application system server.
13. dynamic cipher authentication method as claimed in claim 11 is characterized in that: dynamic password verified by a certificate server finish that certificate server returns authentication result to the application system server.
14. as claim 12 or 13 described dynamic cipher authentication methods, it is characterized in that: certificate server is verified the dynamic password in the certain hour window.
15. dynamic cipher authentication method as claimed in claim 14 is characterized in that: the time window of certificate server is dynamically to adjust.
16. dynamic cipher authentication method as claimed in claim 15 is characterized in that: the user uses the time of dynamic password card to surpass the time window of setting, and system then can require the user to import current password and next dynamic password card.
17. dynamic cipher authentication method as claimed in claim 16 is characterized in that: the user is when enabling dynamic password, and system prompt is bound dynamic password card and user's account earlier.
18. dynamic cipher authentication method as claimed in claim 17 is characterized in that: system verifies binding application, and sets an affirmation phase, and the user confirmed binding in this affirmation phase.
19. dynamic cipher authentication method as claimed in claim 18 is characterized in that: described application system server is a network game server.
20. dynamic cipher authentication method as claimed in claim 19 is characterized in that: management work station manages user's operation, inquiry, parameter designing, the backup of dynamic password card.
21. the application of dynamic cipher authentication system as claimed in claim 1: it is characterized in that: be used for multiple fields such as recreation, finance, security, business administration and ecommerce.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410084210 CN1777098A (en) | 2004-11-16 | 2004-11-16 | Dynamic cipher authentication system, method and its use |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410084210 CN1777098A (en) | 2004-11-16 | 2004-11-16 | Dynamic cipher authentication system, method and its use |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1777098A true CN1777098A (en) | 2006-05-24 |
Family
ID=36766426
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200410084210 Pending CN1777098A (en) | 2004-11-16 | 2004-11-16 | Dynamic cipher authentication system, method and its use |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1777098A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101047508B (en) * | 2007-01-15 | 2010-05-19 | 深圳市莱克科技有限公司 | Accession authorization system |
| CN101166092B (en) * | 2006-10-19 | 2011-07-06 | 富士施乐株式会社 | Authentication system, authentication-service-providing device and authentication-service-providing method |
| CN103269273A (en) * | 2013-06-03 | 2013-08-28 | 上海众人网络安全技术有限公司 | Independent account seamless access dynamic password login system and method |
| CN104243458A (en) * | 2014-09-01 | 2014-12-24 | 广州博冠信息科技有限公司 | Secure online game logging-in method and system |
| WO2019041782A1 (en) * | 2017-08-31 | 2019-03-07 | 京东方科技集团股份有限公司 | Control method for use of object, authentication device, terminal device, and system |
| CN111698259A (en) * | 2020-06-18 | 2020-09-22 | 北京无忧创想信息技术有限公司 | Dynamic authentication login equipment, system and method based on Bluetooth equipment |
| CN112399360A (en) * | 2020-11-13 | 2021-02-23 | 平安科技(深圳)有限公司 | Short message dynamic password verification method, server, client and storage medium |
| CN112532566A (en) * | 2019-09-18 | 2021-03-19 | 神州云端(深圳)科技有限公司 | Internet and local area network cloud desktop user unified authentication method and system |
-
2004
- 2004-11-16 CN CN 200410084210 patent/CN1777098A/en active Pending
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101166092B (en) * | 2006-10-19 | 2011-07-06 | 富士施乐株式会社 | Authentication system, authentication-service-providing device and authentication-service-providing method |
| CN101047508B (en) * | 2007-01-15 | 2010-05-19 | 深圳市莱克科技有限公司 | Accession authorization system |
| CN103269273A (en) * | 2013-06-03 | 2013-08-28 | 上海众人网络安全技术有限公司 | Independent account seamless access dynamic password login system and method |
| CN103269273B (en) * | 2013-06-03 | 2016-03-23 | 上海众人网络安全技术有限公司 | A kind of dynamic password login system of independent account seamless access and method |
| CN104243458A (en) * | 2014-09-01 | 2014-12-24 | 广州博冠信息科技有限公司 | Secure online game logging-in method and system |
| WO2019041782A1 (en) * | 2017-08-31 | 2019-03-07 | 京东方科技集团股份有限公司 | Control method for use of object, authentication device, terminal device, and system |
| CN112532566A (en) * | 2019-09-18 | 2021-03-19 | 神州云端(深圳)科技有限公司 | Internet and local area network cloud desktop user unified authentication method and system |
| CN111698259A (en) * | 2020-06-18 | 2020-09-22 | 北京无忧创想信息技术有限公司 | Dynamic authentication login equipment, system and method based on Bluetooth equipment |
| CN111698259B (en) * | 2020-06-18 | 2022-05-10 | 北京无忧创想信息技术有限公司 | Dynamic authentication login equipment, system and method based on Bluetooth equipment |
| CN112399360A (en) * | 2020-11-13 | 2021-02-23 | 平安科技(深圳)有限公司 | Short message dynamic password verification method, server, client and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1855810A (en) | Dynamic code verificating system, method and use | |
| US7752434B2 (en) | System and method for secure communication | |
| CN1212716C (en) | Method of sharing subscriber confirming information in different application systems of internet | |
| CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
| US8505085B2 (en) | Flexible authentication for online services with unreliable identity providers | |
| US8627424B1 (en) | Device bound OTP generation | |
| US20090132828A1 (en) | Cryptographic binding of authentication schemes | |
| CN101257489A (en) | Method for protecting account number safety | |
| CN1731723A (en) | Electron/handset token dynamic password identification system | |
| CN1866822A (en) | Method for realizing uniform authentication | |
| CN101051908A (en) | Dynamic cipher certifying system and method | |
| CN1878170A (en) | Method and device for managing session identifiers | |
| CN1815482A (en) | Method for obtaining and verifying credentials | |
| CN1274105C (en) | Dynamic password authentication method based on digital certificate implement | |
| CN1805341A (en) | Network authentication and key allocation method across secure domains | |
| CN101064695A (en) | P2P(Peer to Peer) safe connection method | |
| CN1694570A (en) | Method for setting safety channel between mobile user and application server | |
| CN1960255A (en) | Distributed access control method in multistage securities | |
| CN112039889B (en) | Password-free login method, device, equipment and storage medium | |
| CN100365974C (en) | Device and method for controlling computer access | |
| CN109495486B (en) | Single-page Web application integration CAS method based on JWT | |
| CN102868702A (en) | System login device and system login method | |
| CN1889081A (en) | Data base safety access method and system | |
| CN1777098A (en) | Dynamic cipher authentication system, method and its use | |
| CN105187417B (en) | Authority acquiring method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |