WO2006042469A1 - A dynamic password authentication system and the method thereof - Google Patents
A dynamic password authentication system and the method thereof Download PDFInfo
- Publication number
- WO2006042469A1 WO2006042469A1 PCT/CN2005/001720 CN2005001720W WO2006042469A1 WO 2006042469 A1 WO2006042469 A1 WO 2006042469A1 CN 2005001720 W CN2005001720 W CN 2005001720W WO 2006042469 A1 WO2006042469 A1 WO 2006042469A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- dynamic password
- user
- card
- mobile terminal
- dynamic
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
- G06F21/43—User authentication using separate channels for security data wireless channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/081—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying self-generating credentials, e.g. instead of receiving credentials from an authority or from another peer, the credentials are generated at the entity itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/61—Time-dependent
Definitions
- the present invention relates to the field of information security, and in particular, to a dynamic password authentication method and system.
- the object of the present invention is to provide a dynamic password authentication method for a user by using a mobile phone commonly used in people's daily life, and the user can dynamically change, unpredictable, and one-time effective by using a dynamic password telecommunication card with a built-in security algorithm in the mobile phone. Password.
- Another object of the present invention is to provide a method for transmitting a dynamic password function of a mobile phone and a secure authentication server through a mobile communication network.
- the shared secret of the mobile phone and the secure authentication server can be established by an 0TA (over the air download) mode, which is an existing dynamic password.
- the token scheme cannot be achieved.
- a dynamic password authentication method characterized in that:
- the mobile terminal performs an encryption operation by using a dynamic password generation algorithm key and an initialization parameter stored in the telecommunication card to obtain an encryption result;
- the security authentication server finds the dynamic password generation algorithm key of the user from the database according to the personal identification code, and performs a decryption operation on the encryption result to obtain the de-densified parameter;
- the initialization parameter is compared with the de-densified parameter. If they are consistent, the mobile terminal passes the authentication. If it is inconsistent, the verification is rejected.
- the initialization parameter is time information of the mobile terminal.
- the communication delay and the clock error value are added to the decrypted parameter.
- the initialization parameter is counting information of the mobile terminal.
- the dynamic password generation algorithm key, user menu or application flow stored in the mobile terminal and the authentication server is updated or changed by over-the-air (OTA).
- OTA over-the-air
- the 0TA method includes the following steps:
- the service provider updates the service of the new dynamic password application to the database of the download server
- the mobile terminal instantly queries the dynamic menu download server through the short message of the mobile phone, and sends a dynamic menu download request to the download server after discovering the new dynamic password application service, and the network puts the user
- the request is uploaded to the short message service center and transmitted to the download server through the gateway;
- the download server encapsulates the dynamic menu of the user application into a short message of a specific format, and uses the network link to send the dynamic password required by the application user in a data short message manner.
- the menu is downloaded to the user's dynamic password telecom card.
- the telecommunication card is a SIM card or a UIM card.
- a dynamic password authentication system comprising:
- An authentication server a mobile terminal connected to the authentication server by wireless communication;
- the mobile terminal has a dynamic password telecommunications card to generate a dynamic password
- the authentication server stores a dynamic password key corresponding to the mobile terminal dynamic password telecommunications card, and verifies the dynamic password submitted by the mobile terminal.
- the system further includes a short message service center wirelessly connected to the mobile terminal, and the short message service center provides an upgrade service to the mobile terminal or the authentication server user.
- the user of the present invention When logging in to the network information service system, the user of the present invention submits a dynamic password for identity authentication, thereby completely solving the problem of user identity authentication in a remote/network environment, and providing convenience, ease of use, security, reliability, and relatively low cost for the majority of users.
- Information security products When logging in to the network information service system, the user of the present invention submits a dynamic password for identity authentication, thereby completely solving the problem of user identity authentication in a remote/network environment, and providing convenience, ease of use, security, reliability, and relatively low cost for the majority of users.
- Information security products When logging in to the network information service system, the user of the present invention submits a dynamic password for identity authentication, thereby completely solving the problem of user identity authentication in a remote/network environment, and providing convenience, ease of use, security, reliability, and relatively low cost for the majority of users.
- Information security products When logging in to the network information service system, the user of the present invention submits a dynamic password for identity authentication, thereby
- the in-mouth downloading party of the invention can realize the safe and frequent replacement of the shared secret information between the mobile phone and the security authentication server, and complete the updating and modification of the user menu and application flow in the dynamic password telecommunication card, thereby providing convenience and quickness for the user. , low cost shared secret information download service.
- 1 is a schematic diagram of a mobile phone-based dynamic password authentication system of the present invention
- 2 is a schematic diagram showing the specific structure of a dynamic password telecommunications card used in the present invention
- FIG. 3 is a flowchart of a service operation of the short message service center of the present invention providing an 0TA mode
- FIG. 4 is a schematic structural diagram of a security server of the present invention.
- FIG. 5 is a schematic diagram of a mobile phone-based dynamic password authentication system of the present invention.
- FIG. 6 is a flow chart showing the operation of generating a dynamic password by the mobile phone of the present invention.
- FIG. 8 is a flow chart of the dynamic password telecommunication card password issuance in the present invention. detailed description
- composition of the mobile phone-based dynamic password authentication system is a composition of the mobile phone-based dynamic password authentication system:
- FIG. 1 it is a schematic diagram of a mobile phone based dynamic password authentication system in the present invention.
- the mobile phone-based dynamic password authentication system is mainly composed of a client's mobile phone, a dynamic password telecom card, a short message service center, and a secure authentication server.
- SIM card Subscriber Identity Model
- smart Card user identification card
- GSM digital mobile phone must be installed before this card can be used.
- the dynamic password telecommunication card in the invention loads the dynamic password security algorithm on the basis of the functions that the SIM card can provide, and simultaneously saves the user dynamic password key, and uses the calculation function of the microprocessor chip of the SIM card to take time as a parameter, that is, Generate a one-time "dynamic password” according to the time; or use the counter as a parameter to continuously generate a one-time "dynamic password", and the password cannot be predicted and tracked, which makes the user password cannot be stolen. Moreover, it can solve the problems caused by the frequent conversion of conventional passwords.
- FIG. 2 it is a schematic structural diagram of a dynamic password telecommunications card used in the present invention.
- the dynamic password telecommunications card of the present invention has a microcircuit chip which, in addition to storing the information of the digital mobile telephone user, also loads dynamic password security algorithms and dynamic password keys in its operating system. It can provide traditional GSM network to identify the identity of the customer, and strictly guarantee the normal communication of the customer according to the GSM international standards and specifications.
- the dynamic password telecom card passes the PIN password verification.
- the dynamic password security algorithm loaded in the operating system is called to calculate the dynamic password working process on the dynamic password completion card.
- the S-top card Due to the application of the S-top card in the GSM system, the card and the mobile phone are separated, and one SIM card uniquely identifies a client, so the dynamic password telecom card is calculated by using the root card by using the SIM card unique identifier when loading the user dynamic password key.
- Each user's own dynamic password key thus achieving "one card and one secret”.
- the user's dynamic password telecom card can be plugged into any GSM mobile phone, and the dynamic password generated by using the mobile phone will not be the same, thus ensuring the convenience and security of the mobile phone based dynamic password authentication.
- the SMS Service Center provides 0TA services for users who use the mobile-based dynamic password authentication system.
- Over-the-Air Technology is a technology for remotely managing SIM card data and applications over the air interface of mobile communications (GSM or CDMA). It is the best solution to solve the current value-added service update of 2G mobile communication networks.
- STK SIM Card Application Toolkit
- STK adopts a short message-based mechanism to realize part of the data service from the PC to the mobile phone, which satisfies the needs of users to obtain information on the mobile.
- the various value-added services carried out by mobile companies are based on STK.
- the "Monternet Project” is a carrier of mobile Internet services, providing timely, rich, diversified and personalized information services, plus STK.
- the business operation is simple and convenient, so it has been greatly developed.
- the dynamic STK service over-the-air technology adopts the advanced 0TA (air interface mode) technology to manage the applications in the S card through the air interface, realizing the personalized service in the true sense.
- Dynamic STK menu download technology is based on data short message as a carrier for information download, and data short message is a special short message. It is not displayed on the screen of the mobile phone, and is directly transmitted as data to the SIM card. The SIM card is directly stored and processed after being received, and only the STK card supports the sending and receiving of such short messages.
- Dynamic STK service over-the-air technology eliminates the need to add special equipment to the mobile communication network, eliminating the need to modify existing networks, eliminating the need for frequent user card changes, and eliminating the need for a large investment of value-added service providers (SPs).
- SPs value-added service providers
- the "Dynamic STK Service Over-the-Air" technology can be applied to a variety of applications using mobile e-commerce, including domestic and foreign companies, banks, securities, information centers, hotels, supermarkets, etc.
- the service provider can change the content of the added menu and the code for the user to select according to the situation.
- the user can also download or replace the application menu at any time according to his own needs.
- "Dynamic STK service over-the-air download” technology can also be used to browse the service provider's dynamic menu download server.
- the service provider can provide multi-level menus on the server for users to download and finally select one of the services by the user. Select and replace different service providers based on the list of servers provided by the mobile operator.
- the 0TA method is adopted to realize the transmission of data in the network by using the wireless communication technology, and the mobile user only needs to tap the finger to send the dynamic password menu update request to the air menu download server through the mobile phone, and the server completes the dynamic password card through the wireless method.
- the user menu and application flow are updated and modified to provide users with convenient, fast and low-cost menu download service.
- the short message service center of the present invention provides a service workflow diagram of the 0TA mode. It can be seen from the figure that the service workflow of the 0TA mode provided by the SMS service center is as follows:
- Step 1 The service provider develops a new dynamic password application service and updates it to the database of the dynamic download server.
- the second step mobile users using dynamic STK service over-the-air technology can query the dynamic menu download server at any time through the short message of the mobile phone, and send a dynamic menu download request to the server in time after discovering the new dynamic password application service, the GSM network puts the user The request is uploaded to the SMS Center (SMS Service Center) and finally transmitted to the download server via the gateway.
- SMS Center SMS Service Center
- Step 3 After receiving the download request, the download server encapsulates the dynamic menu of the user application into a short message of a specific format, and downloads the dynamic password menu required by the application user to the short message through the original network link.
- the download process of the dynamic password menu and the application flow is completed.
- the security authentication server is the core part of the whole system. It is connected to the application system server through the local area network to control access to the network by all remote users, providing comprehensive authentication, authorization and auditing services.
- the security authentication server has perfect self-data security protection function. All user data is encrypted and stored in the database, and has secure and complete database management and backup functions.
- the security authentication server has a powerful graphical management interface to provide user management. All system management functions such as operator management and audit management.
- the security authentication server consists of six components: system operation module, user management module, system communication module, system management module, dynamic password test module, and database.
- FIG. 4 it is a schematic structural diagram of the security server of the present invention. As shown in the figure, it specifically includes the following contents:
- the dynamic password verification function is implemented by using the same dynamic password security algorithm as in the dynamic password telecom card, and a detailed operation log is recorded. Implement docking with the application interface.
- System information such as user information, card information, administrator information, system settings, and operation logs are stored, and key information (such as user dynamic password keys) is stored in an encrypted manner.
- each dynamic password telecommunication card stores a dynamic password security algorithm key and a dynamic password telecommunication card ID number, and the dynamic password security algorithm adopts the internationally popular symmetric key algorithm 3DES algorithm.
- the user inserts the dynamic telecom card into the card slot of the mobile phone for normal mobile communication.
- the user can use the dynamic password function in the STK menu already written in the card or use the 0TA method to download the menu to the mobile phone, and then call the dynamic password function in the menu, and the mobile phone prompts the user to input the PIN.
- Password if the password is entered correctly, the dynamic password telecom card generates a dynamic password and displays it on the screen of the phone.
- FIG. 5 it is a working principle diagram of a mobile phone-based dynamic password authentication system in the present invention.
- the dynamic password telecom card uses dynamic mode of time synchronization or counter synchronization to implement dynamic password.
- the dynamic password telecom card obtains time information from the mobile phone, and uses the time information as a parameter to perform encryption operation using the pre-made security algorithm key in the card, and obtains an encrypted result of an 8 or 16-bit string displayed on the mobile phone LCD. .
- All information input by the user is sent to the security authentication server, including the user personal identification code and dynamic password information, and the security authentication server retrieves the user's security algorithm key and card initialization time parameter from the user database according to the user's personal identification number, and uses The user security algorithm key performs the desalination transformation on the received dynamic password, compares the time parameter obtained by the de-emphasis with the system time, and considers the communication delay and the clock error to make an acceptance or rejection judgment.
- the dynamic password telecom card has an 8-byte accumulation counter.
- the dynamic password telecom card uses the counter value as a parameter to perform the encryption operation using the pre-made security algorithm key in the card, and obtains an 8-bit string encryption result display. On the mobile phone LCD monitor.
- the counter is automatically incremented by one after each dynamic password calculation.
- the security authentication server retrieves the security algorithm key of the user and the number of times the card has been logged in from the user database according to the user's personal identification code, and uses the user security algorithm key to perform the decryption transformation on the received dynamic password. Compare the counter value obtained by de-milking with the previous login number parameter of the card in the system, and consider the error of accepting or rejecting the error caused by the previous login failure of the card.
- the system issues a dynamic password communication card to each user who needs to log in to the network information service system.
- the user can insert the dynamic telecommunication card into the card slot of the mobile phone to replace the old telecommunication card for normal mobile communication.
- the STK or UTK menu already written in the card can be used, or the menu can be downloaded to the mobile phone by using the 0TA method and the dynamic password function in the menu can be called up.
- the mobile phone prompts the user to enter the PIN password of the mobile phone.
- the dynamic password generated by the dynamic password telecom card will be displayed on the screen of the mobile phone.
- the user only needs to use the 8 or 16 digits currently displayed on the mobile phone as the password for this login, and the user's personal identification number in the network information service system is input into the system through the keyboard of the computer, and the login can be completed.
- FIG. 6 it is a working flow chart of the mobile phone generating a dynamic password in the present invention.
- FIG. 7 it is a working flow chart of the dynamic authentication server authentication dynamic password in the present invention. As can be seen from the figure, the specific workflow is as follows:
- the phone prompts the user to enter the PIN password and verify it.
- the LCD screen of the mobile phone displays a series of dynamic passwords.
- the user enters the dynamic password and the personal identification number in the system through the client computer keyboard input.
- All information entered by the user is transmitted to the secure authentication server, including the user's personal identification code and dynamic password.
- the security authentication server retrieves the user's security algorithm key and card initialization time parameter or login number information from the user database according to the user's personal identification number.
- the security authentication server uses the same security algorithm as the dynamic password telecom card to decrypt and verify the dynamic password sent by the user, and records the verification result in the system log.
- the security authentication server returns the verification result to the user, and gives the user the corresponding authority according to the verification result, and allows the user to enter the network information service system to enjoy the corresponding information service according to the usage right, thereby completing an authentication process.
- a security algorithm key preset in the mobile phone's dynamic password telecom card is required. Since the mobile phone mostly adopts a symmetric encryption algorithm in the current mobile communication, the security algorithm in the solution also adopts a symmetric encryption algorithm to implement dynamic password calculation, and the encryption and decryption key is mastered by the network information service providing department, that is, if the network information If the service provider is a bank, the bank has the security algorithm key; if the network information service provider is a government unit, the government unit grasps the security algorithm key.
- the network information service providing department is responsible for the distribution and management of the keys of the dynamic password telecom card. As shown in FIG. 8, it is a flow chart of the dynamic password telecommunication card password issuance in the present invention.
- the network information service provider generates a CIC (Customer through the key management system).
- Injection Card A key used by the telecommunications department to personalize a dynamic password telecom card.
- the network information service provider generates a HIC (Host Injection Card) key and uses this key to decrypt the dynamic password information.
- HIC HyperText Injection Card
- the authorization management center of the network information service provider department deposits the CIC key into the IC card and sends it to the telecommunications department to form the mother card. At the same time, the card is provided to the telecommunications department through other means.
- the telecommunications department will complete the personalized identification code of the dynamic password telecom card to provide the network information service providing department in a secure manner.
- the dynamic password decryption module of the network information service providing department can use the HIC key and the unique identification code of the card. The same algorithm calculates the decryption key. This will give you the same decryption key as the encryption key.
- the HIC card is only used to download the master key to the decryption module. To ensure its security, it can only be downloaded once. The HIC card automatically expires after downloading.
- the parent key stored in the CIC card and the HIC card is the same.
- the invention effectively improves the security of the identity authentication, and at the same time eliminates the trouble that the user remembers the password and often needs to change the password.
- This technology is widely used in systems such as banking, securities, public security, and e-government that require high security for identity authentication, improving the security of system administrators and user login systems.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP05801937.3A EP1804418A4 (en) | 2004-10-22 | 2005-10-20 | DYNAMIC PASSWORD AUTHENTICATION SYSTEM AND METHOD THEREOF |
BRPI0515818-4A BRPI0515818A (pt) | 2004-10-22 | 2005-10-20 | um sistema de autenticação de senha dinámica e método para ele |
US11/736,003 US20070186115A1 (en) | 2005-10-20 | 2007-04-17 | Dynamic Password Authentication System and Method thereof |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200410083893.7 | 2004-10-22 | ||
CNB2004100838937A CN100505927C (zh) | 2004-10-22 | 2004-10-22 | 动态口令认证方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006042469A1 true WO2006042469A1 (en) | 2006-04-27 |
Family
ID=36202679
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2005/001720 WO2006042469A1 (en) | 2004-10-22 | 2005-10-20 | A dynamic password authentication system and the method thereof |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1804418A4 (zh) |
CN (1) | CN100505927C (zh) |
BR (1) | BRPI0515818A (zh) |
WO (1) | WO2006042469A1 (zh) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008011837A2 (en) * | 2006-07-24 | 2008-01-31 | Monet+, A.S. | Method of remote authentication of the telephone network subscriber |
US8027472B2 (en) * | 2005-12-30 | 2011-09-27 | Selim Aissi | Using a trusted-platform-based shared-secret derivation and WWAN infrastructure-based enrollment to establish a secure local channel |
CN107509181A (zh) * | 2017-10-11 | 2017-12-22 | 杨传杰 | 一种手机短信的加密方法 |
CN107612889A (zh) * | 2017-08-23 | 2018-01-19 | 四川长虹电器股份有限公司 | 防止用户信息泄露的方法 |
CN110189452A (zh) * | 2019-06-06 | 2019-08-30 | 广州小鹏汽车科技有限公司 | 车钥匙的接入处理方法、装置、系统及车辆 |
CN111163112A (zh) * | 2019-10-11 | 2020-05-15 | 北京帕斯沃得科技有限公司 | 一种基于身份鉴别数字签名编制密码的认证终端 |
US11328297B1 (en) * | 2008-06-30 | 2022-05-10 | Amazon Technologies, Inc. | Conducting transactions with dynamic passwords |
Families Citing this family (36)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005010715A2 (en) | 2003-07-21 | 2005-02-03 | Fusionone, Inc. | Device message management system |
US9542076B1 (en) | 2004-05-12 | 2017-01-10 | Synchronoss Technologies, Inc. | System for and method of updating a personal profile |
KR20090113310A (ko) | 2007-01-26 | 2009-10-29 | 퓨전원 인코포레이티드 | 모바일 디바이스에서 사용하기 위한 콘텐츠를 백업하는 시스템 및 방법 |
CN101399661A (zh) * | 2007-09-27 | 2009-04-01 | 华为技术有限公司 | 一种组密钥管理中的合法邻居认证方法和装置 |
EP2045768A1 (en) * | 2007-10-03 | 2009-04-08 | PosteMobile S.p.A. | System based on a SIM card for performing services with high security features and relative method |
JP2011505034A (ja) * | 2007-11-27 | 2011-02-17 | ソリナム ソルション カンパニー,リミテッド | 使い捨て用仮想秘密情報認証システムおよび認証方法 |
DE102007058351A1 (de) * | 2007-12-03 | 2009-06-04 | Deutsche Telekom Ag | Verfahren und Kommunikationssystem zum Steuern des Zugangs zu Medieninhalten in Abhängigkeit des Alters eines Nutzers |
CN101252435B (zh) * | 2008-03-27 | 2010-06-09 | 上海柯斯软件有限公司 | 智能卡上实现动态密码生成和判断的方法 |
CN101754213B (zh) * | 2008-11-28 | 2012-11-14 | 爱思开电讯投资(中国)有限公司 | 保证应用安全的智能卡、终端设备、鉴权服务器及其方法 |
CN101662769B (zh) * | 2009-09-22 | 2012-09-05 | 钱袋网(北京)信息技术有限公司 | 电话业务认证的方法、移动终端、服务器及系统 |
CN101699892B (zh) * | 2009-10-30 | 2012-06-06 | 北京神州付电子支付科技有限公司 | 动态口令生成方法和动态口令生成装置及网络系统 |
CN101764691B (zh) * | 2009-12-17 | 2012-05-02 | 北京握奇数据系统有限公司 | 一种获取动态口令生成密钥的方法、设备和系统 |
CN101765113A (zh) * | 2009-12-18 | 2010-06-30 | 中兴通讯股份有限公司 | 一种数据卡防盗用系统及方法 |
CN101783805B (zh) * | 2010-03-01 | 2013-04-17 | 田耕 | 一种利用动态矢量矩阵的加密通信方法 |
GB2481587B (en) * | 2010-06-28 | 2016-03-23 | Vodafone Ip Licensing Ltd | Authentication |
CN102404363B (zh) * | 2010-09-10 | 2015-08-26 | 联想(北京)有限公司 | 一种访问方法及装置 |
US8505083B2 (en) * | 2010-09-30 | 2013-08-06 | Microsoft Corporation | Remote resources single sign on |
US8943428B2 (en) | 2010-11-01 | 2015-01-27 | Synchronoss Technologies, Inc. | System for and method of field mapping |
CN102780674A (zh) * | 2011-05-09 | 2012-11-14 | 同方股份有限公司 | 一种具有多因素认证方法的网络业务处理方法及系统 |
CN102315940B (zh) * | 2011-09-08 | 2013-09-18 | 飞天诚信科技股份有限公司 | 一种数据的传输与处理系统及方法 |
CN102307100B (zh) * | 2011-09-08 | 2013-09-18 | 飞天诚信科技股份有限公司 | 一种数据处理装置及其数据处理方法 |
CN103107899A (zh) * | 2011-11-10 | 2013-05-15 | 天津市国瑞数码安全系统有限公司 | 一种三权分立的分级授权管理系统及方法 |
US8959604B2 (en) * | 2011-11-25 | 2015-02-17 | Synchronoss Technologies, Inc. | System and method of verifying a number of a mobile terminal |
CN102685129A (zh) * | 2012-05-10 | 2012-09-19 | 苏州阔地网络科技有限公司 | 一种实现信息安全的方法及系统 |
CN102761870B (zh) * | 2012-07-24 | 2015-06-03 | 中兴通讯股份有限公司 | 一种终端身份验证和服务鉴权的方法、系统和终端 |
CN104253689B (zh) * | 2013-06-28 | 2018-10-23 | 中国电信股份有限公司 | 基于二维码的用户卡动态口令验证方法与系统 |
CN104426659B (zh) * | 2013-09-02 | 2018-05-18 | 中国移动通信集团公司 | 动态口令生成方法、认证方法及系统、相应设备 |
DE102013019870B4 (de) | 2013-11-28 | 2019-08-08 | Friedrich Kisters | Authentifizierungs- und/oder Identifikationsverfahren in einem Kommunikationsnetzwerk |
CN105025480B (zh) * | 2014-04-29 | 2019-04-05 | 中国电信股份有限公司 | 用户卡数字签名验证的方法与系统 |
CN104125230B (zh) * | 2014-07-31 | 2017-12-15 | 上海动联信息技术股份有限公司 | 一种短信认证服务系统以及认证方法 |
WO2016049870A1 (zh) * | 2014-09-30 | 2016-04-07 | 宇龙计算机通信科技(深圳)有限公司 | 动态登录凭据的生成方法及系统 |
CN104283690B (zh) * | 2014-10-31 | 2016-01-13 | 杭州沃朴物联科技有限公司 | 时钟同步型动态口令防伪标签合法性实时验证系统及方法 |
EP3110189A1 (en) * | 2015-06-25 | 2016-12-28 | Gemalto Sa | A method of replacing at least one authentication parameter for authenticating a security element and corresponding security element |
CN106341372A (zh) * | 2015-07-08 | 2017-01-18 | 阿里巴巴集团控股有限公司 | 终端的认证处理、认证方法及装置、系统 |
CN106535168B (zh) * | 2016-12-06 | 2019-03-22 | 北京梆梆安全科技有限公司 | 具有风险控制功能的空中下载方法和装置及设备 |
CN110545191A (zh) * | 2019-09-24 | 2019-12-06 | 深圳市永达电子信息股份有限公司 | 一种动态密码生成系统及方法 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001337929A (ja) * | 2000-05-26 | 2001-12-07 | Nec Corp | 動的暗証番号管理システム |
CA2363220A1 (en) * | 2001-11-23 | 2003-05-23 | Trustshield Technologies Inc. | Simcard authorization: online credit card transaction approval, privacy, authentication and non-repudiation |
CN1510889A (zh) * | 2002-12-24 | 2004-07-07 | 明基电通股份有限公司 | 输入装置 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6338140B1 (en) * | 1998-07-27 | 2002-01-08 | Iridium Llc | Method and system for validating subscriber identities in a communications network |
JP2003196238A (ja) * | 2001-12-26 | 2003-07-11 | Fujitsu Ltd | パスワード認証装置およびパスワード認証プログラム |
US6880079B2 (en) * | 2002-04-25 | 2005-04-12 | Vasco Data Security, Inc. | Methods and systems for secure transmission of information using a mobile device |
WO2004091176A2 (en) * | 2003-04-02 | 2004-10-21 | Qualcomm Incorporated | Ciphering between a cdma network and a gsm network |
-
2004
- 2004-10-22 CN CNB2004100838937A patent/CN100505927C/zh not_active Expired - Fee Related
-
2005
- 2005-10-20 EP EP05801937.3A patent/EP1804418A4/en not_active Withdrawn
- 2005-10-20 WO PCT/CN2005/001720 patent/WO2006042469A1/zh active Application Filing
- 2005-10-20 BR BRPI0515818-4A patent/BRPI0515818A/pt not_active IP Right Cessation
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001337929A (ja) * | 2000-05-26 | 2001-12-07 | Nec Corp | 動的暗証番号管理システム |
CA2363220A1 (en) * | 2001-11-23 | 2003-05-23 | Trustshield Technologies Inc. | Simcard authorization: online credit card transaction approval, privacy, authentication and non-repudiation |
CN1510889A (zh) * | 2002-12-24 | 2004-07-07 | 明基电通股份有限公司 | 输入装置 |
Non-Patent Citations (1)
Title |
---|
See also references of EP1804418A4 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8027472B2 (en) * | 2005-12-30 | 2011-09-27 | Selim Aissi | Using a trusted-platform-based shared-secret derivation and WWAN infrastructure-based enrollment to establish a secure local channel |
US8452012B2 (en) | 2005-12-30 | 2013-05-28 | Intel Corporation | Using a trusted-platform-based shared-secret derivation and WWAN infrastructure-based enrollment to establish a secure local channel |
WO2008011837A2 (en) * | 2006-07-24 | 2008-01-31 | Monet+, A.S. | Method of remote authentication of the telephone network subscriber |
WO2008011837A3 (en) * | 2006-07-24 | 2008-04-10 | Monet & A S | Method of remote authentication of the telephone network subscriber |
US11328297B1 (en) * | 2008-06-30 | 2022-05-10 | Amazon Technologies, Inc. | Conducting transactions with dynamic passwords |
CN107612889A (zh) * | 2017-08-23 | 2018-01-19 | 四川长虹电器股份有限公司 | 防止用户信息泄露的方法 |
CN107612889B (zh) * | 2017-08-23 | 2020-06-30 | 四川长虹电器股份有限公司 | 防止用户信息泄露的方法 |
CN107509181A (zh) * | 2017-10-11 | 2017-12-22 | 杨传杰 | 一种手机短信的加密方法 |
CN110189452A (zh) * | 2019-06-06 | 2019-08-30 | 广州小鹏汽车科技有限公司 | 车钥匙的接入处理方法、装置、系统及车辆 |
CN111163112A (zh) * | 2019-10-11 | 2020-05-15 | 北京帕斯沃得科技有限公司 | 一种基于身份鉴别数字签名编制密码的认证终端 |
Also Published As
Publication number | Publication date |
---|---|
CN100505927C (zh) | 2009-06-24 |
EP1804418A1 (en) | 2007-07-04 |
BRPI0515818A (pt) | 2008-08-05 |
EP1804418A4 (en) | 2014-01-22 |
CN1764296A (zh) | 2006-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2006042469A1 (en) | A dynamic password authentication system and the method thereof | |
US20070186115A1 (en) | Dynamic Password Authentication System and Method thereof | |
EP1997291B1 (en) | Method and arrangement for secure authentication | |
US9059980B2 (en) | Systems and methods for authenticating mobile devices | |
EP1766847B1 (en) | Method for generating and verifying an electronic signature | |
US20100299731A1 (en) | Electronic System for Securing Electronic Services | |
CN103929748A (zh) | 一种物联网无线终端及其配置方法和无线网络接入点 | |
CN103067399A (zh) | 无线发射/接收单元 | |
CN101350717A (zh) | 一种通过即时通信软件登录第三方服务器的方法及系统 | |
US20100291899A1 (en) | Method and system for delivering a command to a mobile device | |
CN107241339A (zh) | 身份验证方法、装置和存储介质 | |
CN105574720A (zh) | 安全的信息处理方法以及信息处理装置 | |
EP3343494A1 (en) | Electronic signature of transactions between users and remote providers by use of two-dimensional codes | |
CN101616409A (zh) | 一种动态口令认证方法 | |
CN106470407B (zh) | 通过数据短信对sim卡锁定/解锁控制的方法和系统 | |
KR101625219B1 (ko) | 사용자 매체를 이용한 다중 코드 생성 방식의 네트워크 형 오티피 제공 방법 | |
KR20170087073A (ko) | 씨드 조합 방식의 네트워크 형 오티피 제공 방법 | |
TWI759090B (zh) | 平台登入方法 | |
KR20100136379A (ko) | 다중 코드 생성 방식의 네트워크 형 오티피 인증을 통한 휴대폰 결제 방법 및 시스템과 이를 위한 기록매체 | |
KR20100136371A (ko) | 씨드 조합 방식의 오티피 인증을 통한 휴대폰 결제 방법 및 시스템과 이를 위한 기록매체 | |
KR101663693B1 (ko) | 정보 등록 방법 | |
CN116488854A (zh) | 一种设备id的生成方法和使用该设备id的客户端及服务器 | |
KR20190104019A (ko) | 프로그램 기반의 네트워크 형 오티피 제공 방법 | |
KR20160004248A (ko) | 씨드 조합 방식의 네트워크 형 오티피 제공 방법 | |
KR20100136377A (ko) | 이중 코드 생성 방식의 네트워크 형 오티피 인증을 통한 휴대폰 결제 방법 및 시스템과 이를 위한 기록매체 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2005801937 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 2005801937 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: PI0515818 Country of ref document: BR |