鑒於此,根據本發明的一個方面,提供了一種產生動態信用卡安全碼的方法,該方法包括:獲取動態資料元素,用所述動態資料元素替換所述信用卡的主帳號PAN的一部分,從而產生更新的主帳號PAN;對所述更新的主帳號PAN進行加密,得到第一資料塊;以及基於所述第一資料塊產生所述動態信用卡安全碼。與DES/3DES產生演算法相比,本發明採用國密演算法,計算環節少,計算結果的隨機性好。 在上述方法中,所述動態資料元素為事件可變因數,使得所述動態信用卡安全碼基於所述事件可變因數的觸發而變化。 在上述方法中,所述事件可變因數對應於個人化之後累計至當前的按鍵次數或個人化之後搖晃卡片的次數。 在上述方法中,所述事件可變因數為8位元數位,並且在所述按鍵次數少於8位元數位時,在所述按鍵次數的資料左邊以二進位數字字0填充。 在上述方法中,用所述動態資料元素替換所述信用卡的主帳號PAN的一部分,從而產生更新的主帳號PAN包括:用所述動態資料元素替換所述PAN的最左邊的8位元數位構建字串,從而產生更新的主帳號PAN。 在上述方法中,對所述更新的主帳號PAN進行加密,得到第一資料塊包括:依次串接所述更新的主帳號PAN、卡片失效日期、服務代碼,以構建第一字串;通過在所述第一字串的右側補0,將所述第一字串擴展為256位元的第二資料塊;以及利用唯一分散金鑰對所述第二資料塊進行加密,從而得到所述第一資料塊。 在上述方法中,基於所述第一資料塊產生所述動態信用卡安全碼包括:從所述第一資料塊中從左至右選出0到9的數位並將選出的數位左靠齊,從而得到第三資料塊;從所述第一資料塊中從左至右選出16進制中A到F,並將其轉換成10進制減去10,從而得到第四資料塊;將所述第四資料塊拼接到所述第三資料塊的右側,得到第五資料塊;以及將所述第五資料塊最左邊的3個數位選擇作為所述動態信用卡安全碼。 在上述方法中,所述動態資料元素為時間可變因數,所述時間可變因數基於當前時間而確定。 根據本發明的另一個方面,提供了一種產生動態信用卡安全碼的設備,該設備包括:獲取裝置,用於獲取動態資料元素;替換裝置,用於用所述動態資料元素替換所述信用卡的主帳號PAN的一部分,從而產生更新的主帳號PAN;加密裝置,用於對所述更新的主帳號PAN進行加密,得到第一資料塊;以及產生裝置,用於基於所述第一資料塊產生所述動態信用卡安全碼。 在上述設備中,所述替換裝置配置成用所述動態資料元素替換所述PAN的最左邊的8位元數位構建字串,從而產生更新的主帳號PAN。 在上述設備中,所述加密裝置包括:串接單元,用於依次串接所述更新的主帳號PAN、卡片失效日期、服務代碼,以構建第一字串;擴展單元,用於通過在所述第一字串的右側補0,將所述第一字串擴展為256位元的第二資料塊;以及加密單元,用於利用唯一分散金鑰對所述第二資料塊進行加密,從而得到所述第一資料塊。 在上述設備中,所述產生裝置配置成從所述第一資料塊中從左至右選出0到9的數位並將選出的數位左靠齊,從而得到第三資料塊;從所述第一資料塊中從左至右選出16進制中A到F,並將其轉換成10進制減去10,從而得到第四資料塊;將所述第四資料塊拼接到所述第三資料塊的右側,得到第五資料塊;以及將所述第五資料塊最左邊的3個數位選擇作為所述動態信用卡安全碼。 在上述設備中,所述動態資料元素為事件可變因數,使得所述動態信用卡安全碼基於所述事件可變因數的觸發而變化。 根據本發明的又一個方面,提供了一種銀行卡,該銀行卡包括:顯示模組,所述顯示模組包括顯示主控晶片,其中所述顯示主控晶片包括如前所述的產生動態信用卡安全碼的設備。 在上述銀行卡中,所述顯示模組還包括:顯示介質;電池,用於對所述顯示介質和所述顯示主控晶片進行供電;個人化天線,用於寫入卡片初始化參數;以及按鍵。 根據本發明的又一個方面,提供了一種由發卡行認證伺服器執行的認證方法,該方法包括:接收來自支付網路的卡片資料,其中所述卡片資料包括卡號、有效期和動態信用卡安全碼;根據主帳號PAN或發卡行識別碼BIN將卡片識別為動態可變卡,並將所述卡片資料路由到動態可變認證系統進行認證;以及從所述動態可變認證系統接收認證結果,所述認證結果包括所述動態信用卡安全碼是否落在所述動態可變認證系統設定的視窗內。 在上述認證方法中,所述動態可變認證系統對於時間可變的動態可變卡使用雙向時間視窗,而對於時間可變的動態可變卡使用單向事件視窗。 本發明的技術方案主要採用動態可變數位dCVN2來替代當前列印在銀行卡背面的靜態CVN2,該可變數位基於SM4安全演算法產生,基於事件可變因數(EBN)的觸發而變化,它能增強無卡支付(CNP)交易的安全性,大幅降低通過截獲和存儲CVN2值實施欺詐的可能性。 通過納入本文的圖式以及隨後與圖式一起用於說明本發明的某些原理的具體實施方式,本發明的方法和裝置所具有的其它特徵和優點將更為具體地變得清楚或得以闡明。In view of this, according to an aspect of the present invention, there is provided a method for generating a dynamic credit card security code, the method comprising: acquiring a dynamic data element, replacing a part of the main account number PAN of the credit card with the dynamic data element, thereby generating an update PAN's primary account number; encrypt the updated primary account number PAN to obtain a first data block; and generate the dynamic credit card security code based on the first data block. Compared with the DES/3DES generation algorithm, the invention adopts the national secret algorithm, which has fewer calculation links and good randomness of calculation results. In the above method, the dynamic data element is an event variable factor, so that the dynamic credit card security code changes based on the trigger of the event variable factor. In the above method, the event variable factor corresponds to the number of key presses accumulated to the current after personalization or the number of times the card is shaken after personalization. In the above method, the event variable factor is 8 digits, and when the number of key presses is less than 8 digits, the left side of the data of the key presses is filled with a binary digital word 0. In the above method, replacing a part of the primary account number PAN of the credit card with the dynamic data element, thereby generating an updated primary account number PAN includes: replacing the leftmost 8-bit digit of the PAN with the dynamic data element to construct String to generate the updated master account PAN. In the above method, encrypting the updated primary account number PAN to obtain the first data block includes: sequentially connecting the updated primary account number PAN, card expiration date, and service code to construct a first string; The right side of the first word string is filled with zeros to expand the first word string to a 256-bit second data block; and the second data block is encrypted with a unique distributed key to obtain the first A data block. In the above method, generating the dynamic credit card security code based on the first data block includes: selecting digits from 0 to 9 from left to right in the first data block and aligning the selected digits to the left to obtain The third data block; from left to right in the first data block, select A to F in hexadecimal, and convert it to decimal system minus 10, to get the fourth data block; The data block is spliced to the right of the third data block to obtain a fifth data block; and the three leftmost digits of the fifth data block are selected as the dynamic credit card security code. In the above method, the dynamic data element is a time variable factor, and the time variable factor is determined based on the current time. According to another aspect of the present invention, there is provided an apparatus for generating a dynamic credit card security code, the apparatus includes: acquiring means for acquiring a dynamic data element; and replacement means for replacing the main card of the credit card with the dynamic data element A part of the account PAN, thereby generating an updated master account PAN; an encryption device for encrypting the updated master account PAN to obtain a first data block; and a generating device for generating an account based on the first data block Describe the dynamic credit card security code. In the above device, the replacement device is configured to replace the leftmost 8-bit digit construction string of the PAN with the dynamic data element, thereby generating an updated master account number PAN. In the above device, the encryption device includes: a concatenating unit for sequentially concatenating the updated primary account number PAN, card expiration date, and service code to construct a first character string; and an expansion unit for passing the The right side of the first word string is padded with 0 to expand the first word string to a 256-bit second data block; and an encryption unit is used to encrypt the second data block with a unique distributed key, thereby Obtain the first data block. In the above device, the generating device is configured to select digits from 0 to 9 from left to right in the first data block and align the selected digits to the left to obtain a third data block; from the first Select the A to F in hexadecimal from left to right in the data block, and convert it to decimal 10 minus 10 to obtain the fourth data block; splice the fourth data block to the third data block On the right, get the fifth data block; and select the leftmost three digits of the fifth data block as the dynamic credit card security code. In the above device, the dynamic data element is an event variable factor, so that the dynamic credit card security code changes based on the trigger of the event variable factor. According to yet another aspect of the present invention, there is provided a bank card, the bank card includes: a display module, the display module includes a display main control chip, wherein the display main control chip includes a dynamic credit card as described above Security code device. In the above bank card, the display module further includes: a display medium; a battery for powering the display medium and the display main control chip; a personalized antenna for writing card initialization parameters; and buttons . According to yet another aspect of the present invention, there is provided an authentication method performed by a card issuing bank authentication server, the method comprising: receiving card data from a payment network, wherein the card data includes a card number, an expiration date, and a dynamic credit card security code; Identify the card as a dynamically variable card based on the main account number PAN or the issuing bank identification code BIN, and route the card data to the dynamically variable authentication system for authentication; and receive the authentication result from the dynamically variable authentication system, the The authentication result includes whether the dynamic credit card security code falls within the window set by the dynamic variable authentication system. In the above authentication method, the dynamic variable authentication system uses a bidirectional time window for a time variable dynamic variable card and a unidirectional event window for a time variable dynamic variable card. The technical solution of the present invention mainly uses a dynamic variable number dCVN2 to replace the current static CVN2 printed on the back of the bank card. The variable number is generated based on the SM4 security algorithm and changes based on the event variable factor (EBN) trigger. It can enhance the security of cardless payment (CNP) transactions and greatly reduce the possibility of fraud by intercepting and storing CVN2 values. The other features and advantages possessed by the method and device of the present invention will be more specifically clarified or clarified by the drawings incorporated herein and the specific embodiments used to explain some principles of the present invention together with the drawings. .
以下說明描述了本發明的特定實施方式以教導本領域技術人員如何製造和使用本發明的最佳模式。為了教導發明原理,已簡化或省略了一些常規方面。本領域技術人員應該理解源自這些實施方式的變型將落在本發明的範圍內。本領域技術人員應該理解下述特徵能夠以各種方式接合以形成本發明的多個變型。由此,本發明並不局限於下述特定實施方式,而僅由申請專利範圍和它們的等同物限定。 在本發明的上下文中,術語CVN2表示信用卡安全碼,dCVN2或動態CVN2表示動態信用卡安全碼,基於動態資料元素的觸發而變化。 動態資料元素包括時間可變因數(TBN, Time Based Number)和事件可變因數(EBN, Event Based Number)。 術語PAN表示銀行卡的主帳號,標明可以處理交易的發卡機構和持卡者。術語BIN指代發卡行識別碼,即Bank Identification Number。 為本申請的目的,“非接觸”或“無線”可包括任何通信方法或協定,包括專有協定,其中在兩個設備之間交換資料而無需在物理上耦合。在不限制前述的概括性的情況下,“非接觸”或“無線”可包括通過鐳射、射頻、紅外通信、藍牙或無線局域網進行的資料傳輸。 為本申請的目的,術語“支付服務”可包括在可擕式消費者設備上使用、引起資料在可擕式消費者設備和任何其他設備或位置之間交換的任何應用程式。應理解,“支付服務”不限於金融應用程式。 為本申請的目的,“支付資料”對於金融應用程式可包括由支付服務使用以執行交易的那些資料元素,而對於非金融交易可包括除本發明以外的任何必需資料元素。例如,當支付服務是磁條信用卡交易時,“支付資料”可包括磁軌1和/或磁軌2資料,如信用卡行業的普通技術人員所理解地,諸如主帳號、有效期、服務碼和任意資料。“支付資料”也可包括唯一卡標識號或服務供應商的唯一標識號。 圖1是表示本發明的一個實施例的產生動態信用卡安全碼的方法1000。 在步驟110中,獲取動態資料元素; 在步驟120中,用所述動態資料元素替換所述信用卡的主帳號PAN的一部分,從而產生更新的主帳號PAN; 在步驟130中,對所述更新的主帳號PAN進行加密,得到第一資料塊; 在步驟140中,基於所述第一資料塊產生所述動態信用卡安全碼。 在方法1000中,動態資料元素可為事件可變因數或時間可變因數。在一個實施例中,動態資料元素為事件可變因數,使得所述動態信用卡安全碼基於所述事件可變因數的觸發而變化。在一個實施例中,事件可變因數對應於個人化之後累計至當前的按鍵次數或個人化之後搖晃卡片的次數。如果該資料少於8個數位,則在其左邊以二進位數字字0填充到8個數位作為TBN。 在另一個實施例中,所述動態資料元素為時間可變因數,所述時間可變因數基於當前時間而確定。例如,時間可變因數(TBN)是基於以下3個步驟匯出的基於時間的數值:(1)確定從通用協調時1970年1月1日00:00:00用秒數表達的當前時間;(2)用步驟1中得出的時間除以時間窗口值。時間視窗值是以標籤9F5F個人化在晶片中以秒數表達的數值;(3)將步驟2中得到數值去掉小數點之後的資料得到8個cn型的資料。如果該資料少於8個數位,則從左開始截取8個數位作為TBN。 在一個實施例中,步驟120可包括:用所述動態資料元素替換所述PAN的最左邊的8位元數位構建字串,從而產生更新的主帳號PAN。在一個實施例中,步驟130可包括:依次串接所述更新的主帳號PAN、卡片失效日期、服務代碼,以構建第一字串;通過在所述第一字串的右側補0,將所述第一字串擴展為256位元的第二資料塊;以及利用唯一分散金鑰對所述第二資料塊進行加密,從而得到所述第一資料塊。在一個實施例中,步驟140可包括:從所述第一資料塊中從左至右選出0到9的數位並將選出的數位左靠齊,從而得到第三資料塊;從所述第一資料塊中從左至右選出16進制中A到F,並將其轉換成10進制減去10,從而得到第四資料塊;將所述第四資料塊拼接到所述第三資料塊的右側,得到第五資料塊;以及將所述第五資料塊最左邊的3個數位選擇作為所述動態信用卡安全碼。 參考圖2,圖2是表示本發明的一個實施例的產生動態信用卡安全碼的設備2000。 如圖2所示,設備2000可包括獲取裝置210、替換裝置220、加密裝置230以及產生裝置240。在設備2000中,獲取裝置210用於獲取動態資料元素。替換裝置220用於用所述動態資料元素替換所述信用卡的主帳號PAN的一部分,從而產生更新的主帳號PAN。加密裝置230用於對所述更新的主帳號PAN進行加密,得到第一資料塊。產生裝置240用於基於所述第一資料塊產生所述動態信用卡安全碼。 在一個實施例中,替換裝置220配置成用所述動態資料元素替換所述PAN的最左邊的8位元數位構建字串,從而產生更新的主帳號PAN。在一個實施例中,加密裝置230進一步包括:串接單元,用於依次串接所述更新的主帳號PAN、卡片失效日期、服務代碼,以構建第一字串;擴展單元,用於通過在所述第一字串的右側補0,將所述第一字串擴展為256位元的第二資料塊;以及加密單元,用於利用唯一分散金鑰對所述第二資料塊進行加密,從而得到所述第一資料塊。 在一個實施例中,產生裝置240配置成從所述第一資料塊中從左至右選出0到9的數位並將選出的數位左靠齊,從而得到第三資料塊;從所述第一資料塊中從左至右選出16進制中A到F,並將其轉換成10進制減去10,從而得到第四資料塊;將所述第四資料塊拼接到所述第三資料塊的右側,得到第五資料塊;以及將所述第五資料塊最左邊的3個數位選擇作為所述動態信用卡安全碼。 參考圖3,它示出了本發明的一個實施例的銀行卡的顯示模組。在本發明的一個實施例中,銀行卡可包括顯示模組,而顯示模組包括顯示主控晶片、顯示介質、個人化天線、電池和按鍵(可選)。顯示介質可採用電子紙、LCD等技術。電池為顯示介質和主控晶片供電以達到計算dCVN2並顯示的目的。個人化天線用於在卡片(例如動態CVN2部分)初始化的一些參數寫入。 在一個實施例中,在基於事件可變因數產生的dCVN2的情況下,顯示模組必須包括按鍵,用於基於個人化之後累計至當前的按鍵次數產生事件可變因數EBN。在另一個實施例中,在基於時間可變因數產生dCVN2的情況下,該顯示模組可不包括按鍵。 每當啟動支付服務時,即在可擕式消費者設備上產生dCVN2用於認證的目的。圖4描繪了根據本發明對每一交易產生dCVN2的方法。一開始, 用TBN或EBN替換PAN的最左邊8位元數位構建字串,記為新PAN。接著,從左到右連接新PAN、卡片失效日期、服務代碼,構建一個字串。然後,把字串放到256位元資料欄中,右補0, 得到BlockA。利用UDK(唯一分散金鑰,Unique Derivation Key)對BlockA進行加密,得到BlockG。在BlockG中從左到右選出0到9的數字,左靠齊從而得到BlockH。在BlockG中從左到右選出16進制中A到F,然後每個轉化成10進制減去10,從而得到BlockI。將BlockI拼接到BlockH右側,得到BlockJ。最終,dCVN2選擇為BlockJ最左邊3個數位。 參考圖5,圖5示意性地示出根據本發明的一個實施例的dCVN2的銀行卡的認證流程。在一個實施例中,在無卡交易時,卡片資料 (卡號、有效期和dCVN2) 通過支付網路提交到發卡行認證伺服器。發卡行認證伺服器根據PAN或者BIN識別該卡為dCVN2銀行卡,並將認證請求路由到dCVN2認證系統。dCVN2認證系統依據自身配置計算dCVN2,並與卡片提交的dCVN2進行比較。隨後,將比較結果返回給發卡行認證伺服器。最後,發卡行認證伺服器批准/拒絕該交易並告知支付請求方。 dCVN2的基本認證原理是通過使用者端與認證服務提供端以相同的運算因數,採用相同的運算方法,產生dCVN2進行比對,來完成整個認證過程。通常,dCVN2的比對是由認證服務提供端完成,只要卡片中計算得到dCVN2值落在後臺認證伺服器設定窗口內dCVN2值的集合內,則認證通過。動態CVN2銀行卡與系統之間的同步處理。對於時間可變的dCVN2銀行卡,後臺認證使用雙向時間視窗;對於事件可變的dCVN2銀行卡,使用單向事件視窗。 綜上,本發明基於多種可變因數和演算法實現CVN2位元動態顯示,保證交易的安全。此外,在本發明的實施例中,銀行卡中產生/顯示dCVN2的功能模組是獨立的,當dCVN2功能不能正常使用時,銀行卡的其他功能應能繼續正常使用。本發明採用的國密演算法的計算環節少,計算結果的隨機性好於DES/3DES國際演算法。 以上例子主要說明了本發明的產生動態信用卡安全碼的方法和設備、銀行卡和認證系統架構。儘管只對其中一些本發明的具體實施方式進行了描述,但是本領域普通技術人員應當瞭解,本發明可以在不偏離其主旨與範圍內以許多其他的形式實施。因此,所展示的例子與實施方式被視為示意性的而非限制性的,在不脫離如所附各申請專利範圍所定義的本發明精神及範圍的情況下,本發明可能涵蓋各種的修改與替換。The following description describes specific embodiments of the invention to teach those skilled in the art how to make and use the best mode of the invention. In order to teach the principles of the invention, some conventional aspects have been simplified or omitted. Those skilled in the art should understand that variations derived from these embodiments will fall within the scope of the present invention. Those skilled in the art should understand that the following features can be joined in various ways to form multiple variations of the invention. Thus, the present invention is not limited to the specific embodiments described below, but only by the scope of patent applications and their equivalents. In the context of the present invention, the term CVN2 means a credit card security code, and dCVN2 or dynamic CVN2 means a dynamic credit card security code, which changes based on the triggering of dynamic data elements. Dynamic data elements include time variable factor (TBN, Time Based Number) and event variable factor (EBN, Event Based Number). The term PAN means the main account number of the bank card, indicating the card issuer and cardholder who can process the transaction. The term BIN refers to the card issuing bank identification code, which is the Bank Identification Number. For the purposes of this application, "contactless" or "wireless" may include any communication method or agreement, including proprietary agreements, in which data is exchanged between two devices without being physically coupled. Without limiting the foregoing generality, "non-contact" or "wireless" may include data transmission via laser, radio frequency, infrared communication, Bluetooth, or wireless local area network. For the purposes of this application, the term "payment service" may include any application that is used on a portable consumer device and causes data to be exchanged between the portable consumer device and any other device or location. It should be understood that "payment services" are not limited to financial applications. For the purposes of this application, "payment data" may include those data elements used by payment services to perform transactions for financial applications, and may include any necessary data elements other than the present invention for non-financial transactions. For example, when the payment service is a magnetic stripe credit card transaction, the "payment information" may include magnetic track 1 and/or magnetic track 2 information, as understood by those of ordinary skill in the credit card industry, such as the master account number, expiration date, service code, and any data. The "payment information" may also include a unique card identification number or a service provider's unique identification number. FIG. 1 is a method 1000 for generating a dynamic credit card security code according to an embodiment of the present invention. In step 110, a dynamic data element is obtained; In step 120, the dynamic data element is used to replace a part of the main account number PAN of the credit card, thereby generating an updated main account number PAN; In step 130, the updated The master account PAN is encrypted to obtain the first data block; In step 140, the dynamic credit card security code is generated based on the first data block. In method 1000, the dynamic data element may be an event variable factor or a time variable factor. In one embodiment, the dynamic profile element is an event variable factor, so that the dynamic credit card security code changes based on the trigger of the event variable factor. In one embodiment, the event variable factor corresponds to the number of key presses accumulated after personalization or the number of times the card is shaken after personalization. If the data is less than 8 digits, then the left side of the data is filled with binary digits 0 to 8 digits as TBN. In another embodiment, the dynamic data element is a time variable factor, and the time variable factor is determined based on the current time. For example, the time variable factor (TBN) is a time-based numerical value derived based on the following three steps: (1) Determine the current time expressed in seconds from 00:00:00 on January 1, 1970, when universal coordination occurs; (2) Divide the time obtained in step 1 by the time window value. The time window value is the value expressed in seconds in the chip personalized by the label 9F5F; (3) The data obtained in step 2 is removed from the data after the decimal point to obtain 8 cn-type data. If the data is less than 8 digits, 8 digits are intercepted from the left as TBN. In one embodiment, step 120 may include replacing the leftmost 8-bit digits of the PAN with the dynamic data element to construct a string, thereby generating an updated master account number PAN. In one embodiment, step 130 may include: sequentially connecting the updated primary account number PAN, card expiration date, and service code to construct a first character string; by adding 0 to the right of the first character string, the The first word string is expanded into a second data block of 256 bits; and the second data block is encrypted by using a unique distributed key to obtain the first data block. In one embodiment, step 140 may include: selecting digits from 0 to 9 from left to right in the first data block and aligning the selected digits to the left, thereby obtaining a third data block; from the first Select the A to F in hexadecimal from left to right in the data block, and convert it to decimal 10 minus 10 to obtain the fourth data block; splice the fourth data block to the third data block On the right, get the fifth data block; and select the leftmost three digits of the fifth data block as the dynamic credit card security code. Referring to FIG. 2, FIG. 2 is a device 2000 for generating a dynamic credit card security code according to an embodiment of the present invention. As shown in FIG. 2, the device 2000 may include an acquisition device 210, a replacement device 220, an encryption device 230, and a generation device 240. In the device 2000, the obtaining device 210 is used to obtain dynamic data elements. The replacement device 220 is used to replace a part of the primary account number PAN of the credit card with the dynamic data element, thereby generating an updated primary account number PAN. The encryption device 230 is used to encrypt the updated master account PAN to obtain the first data block. The generating device 240 is used to generate the dynamic credit card security code based on the first data block. In one embodiment, the replacement device 220 is configured to replace the leftmost 8-bit digit construction string of the PAN with the dynamic data element, thereby generating an updated master account number PAN. In one embodiment, the encryption device 230 further includes: a concatenation unit for sequentially concatenating the updated primary account number PAN, card expiration date, and service code to construct a first character string; and an expansion unit for The right side of the first word string is padded with 0 to expand the first word string to a 256-bit second data block; and an encryption unit is used to encrypt the second data block with a unique distributed key, Thus, the first data block is obtained. In one embodiment, the generating device 240 is configured to select digits from 0 to 9 from left to right in the first data block and align the selected digits to the left, thereby obtaining a third data block; from the first Select the A to F in hexadecimal from left to right in the data block, and convert it to decimal 10 minus 10 to obtain the fourth data block; splice the fourth data block to the third data block On the right, get the fifth data block; and select the leftmost three digits of the fifth data block as the dynamic credit card security code. Referring to FIG. 3, it shows a display module of a bank card according to an embodiment of the present invention. In one embodiment of the present invention, the bank card may include a display module, and the display module includes a display main control chip, a display medium, a personalized antenna, a battery, and buttons (optional). The display medium can use electronic paper, LCD and other technologies. The battery supplies power to the display medium and the main control chip to calculate and display dCVN2. The personalized antenna is used to write some parameters initialized on the card (for example, the dynamic CVN2 part). In one embodiment, in the case of dCVN2 generated based on the event variable factor, the display module must include a button for generating the event variable factor EBN based on the number of key presses accumulated to the current after personalization. In another embodiment, in the case where dCVN2 is generated based on a time variable factor, the display module may not include buttons. Every time the payment service is activated, dCVN2 is generated on the portable consumer device for authentication purposes. Figure 4 depicts the method for generating dCVN2 for each transaction according to the present invention. Initially, replace the leftmost 8-bit digits of the PAN with TBN or EBN to construct the string, and record it as the new PAN. Next, connect the new PAN, card expiration date, and service code from left to right to construct a string. Then, put the string in the 256-bit data column, and add 0 to the right to get BlockA. Use UDK (Unique Derivation Key, Unique Derivation Key) to encrypt BlockA to get BlockG. In BlockG, select the numbers from 0 to 9 from left to right, and align the left to get BlockH. In BlockG, select A to F in hexadecimal from left to right, and then convert each to decimal 10 minus 10 to get BlockI. Splice BlockI to the right of BlockH to get BlockJ. In the end, dCVN2 is selected as the three leftmost digits of BlockJ. Referring to FIG. 5, FIG. 5 schematically illustrates the authentication process of the bank card of dCVN2 according to an embodiment of the present invention. In one embodiment, during cardless transactions, the card data (card number, expiration date, and dCVN2) are submitted to the card issuer authentication server through the payment network. The issuing bank authentication server recognizes the card as a dCVN2 bank card based on PAN or BIN, and routes the authentication request to the dCVN2 authentication system. The dCVN2 authentication system calculates dCVN2 according to its own configuration and compares it with the dCVN2 submitted by the card. Subsequently, the comparison result is returned to the card issuing bank authentication server. Finally, the card issuer authentication server approves/rejects the transaction and informs the payment requester. The basic authentication principle of dCVN2 is that the user terminal and the authentication service provider use the same arithmetic factor and the same arithmetic method to generate dCVN2 for comparison to complete the entire authentication process. Generally, the comparison of dCVN2 is done by the authentication service provider. As long as the calculated dCVN2 value in the card falls within the set of dCVN2 values in the setting window of the background authentication server, the authentication is passed. Synchronous processing between the dynamic CVN2 bank card and the system. For a variable time dCVN2 bank card, the background authentication uses a two-way time window; for a variable event dCVN2 bank card, a one-way event window is used. In summary, the present invention realizes CVN 2-bit dynamic display based on various variable factors and algorithms to ensure the security of transactions. In addition, in the embodiment of the present invention, the function module for generating/displaying dCVN2 in the bank card is independent. When the dCVN2 function cannot be used normally, other functions of the bank card should continue to be used normally. The national secret algorithm adopted by the invention has fewer calculation links, and the randomness of the calculation result is better than the DES/3DES international algorithm. The above examples mainly illustrate the method and device for generating a dynamic credit card security code, bank card and authentication system architecture of the present invention. Although only some of the specific embodiments of the present invention have been described, those of ordinary skill in the art should understand that the present invention can be implemented in many other forms without departing from the spirit and scope of the invention. Therefore, the examples and embodiments shown are to be regarded as illustrative rather than restrictive, and the present invention may cover various modifications without departing from the spirit and scope of the present invention as defined in the appended patent applications. And replace.