WO2015032248A1 - Jeton, procédé de génération de mot de passe dynamique, et procédé et système d'authentification de mot de passe dynamique - Google Patents

Jeton, procédé de génération de mot de passe dynamique, et procédé et système d'authentification de mot de passe dynamique Download PDF

Info

Publication number
WO2015032248A1
WO2015032248A1 PCT/CN2014/083079 CN2014083079W WO2015032248A1 WO 2015032248 A1 WO2015032248 A1 WO 2015032248A1 CN 2014083079 W CN2014083079 W CN 2014083079W WO 2015032248 A1 WO2015032248 A1 WO 2015032248A1
Authority
WO
WIPO (PCT)
Prior art keywords
dynamic password
strategy
challenge code
preset
dynamic
Prior art date
Application number
PCT/CN2014/083079
Other languages
English (en)
Chinese (zh)
Inventor
李东声
Original Assignee
天地融科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 天地融科技股份有限公司 filed Critical 天地融科技股份有限公司
Publication of WO2015032248A1 publication Critical patent/WO2015032248A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Definitions

  • the present invention relates to the field of electronic technologies, and in particular, to a dynamic port token, a dynamic password generating method, a dynamic password authentication method, and a system. Background technique
  • Dynamic password technology also known as One Time Password (OTP) technology
  • OTP One Time Password
  • OTP One Time Password
  • the user inputs an electronic password according to the display number of the dynamic password token provided by the service provider, and the dynamic password technology is different according to the password generation method. It can be divided into time-based dynamic password technology, event-based dynamic password technology, and challenge/response-based dynamic password technology.
  • the dynamic port token When using the challenge/response-based dynamic password technology, the dynamic port token has the same key seed as the server store; when user authentication is required, the server generates a challenge code for the user, and after the user obtains the challenge code, the challenge code is input into the dynamic password.
  • the dynamic port token generates a response code (ie, a dynamic password) using the key seed and the challenge code input by the user.
  • the dynamic password After the user knows the current dynamic password through the display of the dynamic port token, the dynamic password is input at the transaction terminal, and the transaction terminal will The dynamic password and information such as a user name and a static password are sent to the server for authentication.
  • the above-mentioned identity authentication method based on dynamic password technology overcomes the defect that the password information is fixed in static password verification, but it also has the following problems:
  • the server When using the challenge/response-based dynamic password technology, the server generally randomly sends a challenge code to the user's transaction terminal or mobile phone.
  • the random challenge code is independent of the transaction information and user information (which can be collectively referred to as user transaction information), and the user cannot know Whether it is a real transaction that needs to be carried out by itself, and it is impossible to know which transaction is being made.
  • user transaction information which can be collectively referred to as user transaction information
  • the dynamic port token when the challenge/response based dynamic password technology is adopted, the dynamic port token generates a dynamic password according to the challenge code, wherein even if the challenge code uses user transaction information, such as account number and amount, once the hacker obtains the user's account letter Interest, impersonating the bank to send the user the account number and amount, and telling the user to send the display result to the "bank", for example:
  • the hacker pretends to send a text message to the user, telling him that the dynamic port token needs to be upgraded, and the user needs to send it to the user.
  • the information is input to the dynamic port token to generate a dynamic password, and the dynamic password is fed back to the hacker. In this way, the hacker can directly obtain the dynamic password of the user and perform subsequent operations, thereby becoming a major security risk.
  • the present invention aims to solve the problem that the existing dynamic password authentication is not secure.
  • the main object of the present invention is to provide a dynamic password generating method
  • Another object of the present invention is to provide a dynamic password authentication method
  • Yet another object of the present invention is to provide a dynamic port token
  • An aspect of the present invention provides a dynamic password generation method, including: a dynamic port token receiving an encryption challenge code; the dynamic port token receiving a first confirmation instruction; the dynamic port token acquiring a preset decryption policy, according to the decryption Decrypting the encryption challenge code to obtain the challenge code; the dynamic port token acquiring a preset dynamic password generation policy, and generating a dynamic password according to the challenge code and the dynamic password generation policy; The card acquires a preset first prompting policy, and prompts the dynamic password according to the first prompting policy.
  • the dynamic password generation method further includes: the dynamic port token acquisition preset a parsing strategy, parsing the meaning of the challenge code according to the parsing policy, and obtaining parsing information; the dynamic port token acquiring a preset second prompting policy, and prompting the parsing information according to the second prompting policy; The dynamic port token receives a second confirmation command.
  • Another aspect of the present invention provides a dynamic password authentication method, including: a background system server receiving a transaction request; the background system server acquiring a preset extraction policy, and extracting key information of the transaction request according to the extraction policy; The background system server obtains a preset challenge code generation policy, and generates a challenge code according to the challenge code generation policy and the key information; the background system server acquires a preset encryption policy, and the challenge is performed according to the encryption policy The code is encrypted to obtain an encryption challenge code; the background system server obtains an output policy, and outputs the encryption challenge code according to the output policy; the dynamic port token receives the encryption challenge code; and the dynamic port token receives the first confirmation instruction The dynamic port token acquires a preset decryption policy, decrypts the encryption challenge code according to the decryption policy, and obtains the challenge code; the dynamic port token acquires a preset dynamic password generation policy, according to the Challenge code and dynamic password generation strategy generation dynamics Make; the Token strategy to obtain preset first prompt, root The dynamic password is prompted
  • the dynamic password authentication method further includes: the dynamic port token acquiring preset a parsing strategy, parsing the meaning of the challenge code according to the parsing policy, and obtaining parsing information; the dynamic port token acquiring a preset second prompting policy, and prompting the parsing information according to the second prompting policy; The dynamic port token receives a second confirmation command.
  • a further aspect of the present invention provides a dynamic port token, including: a receiving unit, a decrypting unit, a dynamic password generating unit, and a prompting unit;
  • the receiving unit is configured to receive an encryption challenge code, and a first confirmation instruction; After the receiving unit receives the first confirmation instruction, acquiring a preset decryption policy, decrypting the encryption challenge code according to the decryption policy, and obtaining the challenge code;
  • the dynamic password generating unit is configured to After obtaining the challenge code, the decryption unit acquires a preset dynamic password generation policy, and generates a dynamic password according to the challenge code and the dynamic password generation policy;
  • the prompting unit is configured to generate in the dynamic password generation unit. After the dynamic password is obtained, the preset first prompting policy is obtained, and the dynamic password is prompted according to the first prompting policy.
  • the dynamic port token further includes: a parsing unit; the parsing unit is configured to: after the decrypting unit obtains the challenge code, the dynamic password generating unit acquires a preset before acquiring a preset dynamic password generating policy a parsing strategy, parsing the meaning of the challenge code according to the parsing policy, and obtaining parsing information; the prompting unit is further configured to: after the parsing unit obtains parsing information, obtain a preset second prompting strategy, according to The second prompting policy prompts the parsing information; the receiving unit is further configured to: after the prompting unit prompts the parsing information, receive a second confirming instruction.
  • a parsing unit is configured to: after the decrypting unit obtains the challenge code, the dynamic password generating unit acquires a preset before acquiring a preset dynamic password generating policy a parsing strategy, parsing the meaning of the challenge code according to the parsing policy, and obtaining parsing information
  • the prompting unit is further
  • a further aspect of the present invention provides a dynamic password authentication system, including: a background system server and a dynamic port token; the background system server is configured to receive a transaction request, obtain a preset extraction policy, and extract the Key information of the transaction request, obtaining a preset challenge code generation strategy, generating a challenge code according to the challenge code generation policy and the key information, acquiring a preset encryption policy, and encrypting the challenge code according to the encryption policy Obtaining an encryption challenge code, obtaining an output policy, and outputting the encryption challenge code according to the output policy; the dynamic port token is configured to receive the encryption challenge code, receive a first confirmation instruction, and obtain a preset decryption policy, according to Decrypting the encryption challenge code, obtaining the challenge code, obtaining a preset dynamic password generation policy, generating a dynamic password according to the challenge code and the dynamic password generation policy, and acquiring a preset first a prompting policy, prompting the moving according to the first prompting policy Password; the backend system server is further adapted to receive
  • the dynamic port token is further configured to obtain a preset dynamic password generation policy after obtaining the challenge code. And obtaining a preset parsing policy, parsing the meaning of the challenge code according to the parsing policy, obtaining parsing information, acquiring a preset second prompting policy, and prompting the parsing information according to the second prompting policy, Receive a second confirmation command.
  • the dynamic port token and the dynamic password generating method provided by the present invention, the dynamic port token receives the encrypted challenge code, and prevents the hacker from knowing the challenge code pretending that the bank requests the dynamic password from the user. , improved security.
  • the background system server encrypts and outputs the challenge code
  • the dynamic port token receives the encryption challenge code, decrypts the encryption challenge code to restore the challenge code original text, and prevents the hacker from knowing the challenge code impersonating the bank. Requesting a dynamic password from the user increases security.
  • FIG. 1 is a flowchart of a method for generating a dynamic password according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of a dynamic port token according to an embodiment of the present invention.
  • FIG. 3 is a flowchart of a dynamic password authentication method according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a dynamic password authentication system according to an embodiment of the present invention. detailed description
  • orientation or positional relationship of "post”, “left”, “right”, “vertical”, “horizontal”, “top”, “bottom”, “inner”, “outside”, etc. is based on the figure
  • the orientation or positional relationship is merely for the purpose of describing the present invention and the simplification of the description, and is not intended to indicate or imply that the device or component referred to has a particular orientation, is constructed and operated in a particular orientation, and thus is not to be construed as limiting.
  • first and “second” are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
  • connection should be understood in a broad sense, for example, it can be a fixed connection, a detachable connection, or an integral connection; it can be a mechanical connection or an electrical connection; it can be directly connected or indirectly connected through an intermediate medium. , can be the internal connection of two components.
  • Connection should be understood in a broad sense, for example, it can be a fixed connection, a detachable connection, or an integral connection; it can be a mechanical connection or an electrical connection; it can be directly connected or indirectly connected through an intermediate medium. , can be the internal connection of two components.
  • FIG. 1 is a flowchart of a method for generating a dynamic password according to an embodiment of the present invention.
  • a dynamic password generating method of the present invention includes:
  • Step S101 The dynamic port token receives the encryption challenge code.
  • the dynamic port token can receive the encryption challenge code in one of the following ways:
  • the user inputs the encryption challenge code through the button of the dynamic port token, and the dynamic port token receives the encryption challenge code input by the user; the encryption challenge code is input through the button, so that the dynamic port token is low in cost and convenient to use.
  • the receiving device is set on the dynamic port token, and the receiving device can receive the encryption challenge code by wire or wirelessly, for example, can receive the audio through the audio interface, receive through the USB interface, receive through the NFC mode, and receive through the Bluetooth mode. Receiving an encryption challenge code in any form, such as receiving by optical transmission.
  • the receiving challenge device receives the encryption challenge code, which increases the speed and accuracy of the encryption challenge code input without user input.
  • the dynamic port token can be separated and used for management.
  • Step S102 the dynamic port token receives the first confirmation instruction
  • the encryption challenge code may be prompted to the user, and the encryption challenge code may be prompted to the user by using one of the following methods:
  • a dynamic port token is provided with a display screen, and the received encryption challenge code is displayed on the display screen to prompt the user to encrypt the challenge code; the encryption challenge code is displayed only by the dynamic port token holder to view the received encryption challenge code. , improve security.
  • a voice prompting device such as a speaker or a headset, is set on the dynamic port token to prompt the user encryption challenge code by means of voice playback.
  • the voice playback encryption challenge code makes it impossible for a person who cannot view the encryption challenge code to know the received encryption challenge code, which is convenient to use.
  • the encryption challenge code is prompted to the user so that the user can confirm whether the encryption challenge code is entered correctly. If the received encryption challenge code is correct, the user can send a first confirmation instruction to the dynamic port token to instruct the dynamic port token to generate a dynamic password.
  • the user can press the confirmation button set on the dynamic port token to send the first confirmation command, and the user sends the first confirmation command through the confirmation button, and the threat such as the Trojan horse program is isolated from the hardware, thereby improving the security.
  • the first confirmation command may also be the first confirmation command sent by other devices through wired or wireless manner, for example: the dynamic port token can be received by audio through the audio interface, received through the USB interface, received through the NFC mode, and passed through the Bluetooth. The mode receives, receives the first confirmation command in any form, such as receiving by optical transmission.
  • the first confirmation instruction is issued by other devices, so that the dynamic port token can be separated and used for convenient management.
  • Step S103 The dynamic port token obtains a preset decryption policy, and decrypts the encryption challenge code according to the decryption policy to obtain a challenge code.
  • the dynamic port token uses a decryption strategy corresponding to the encryption policy used to encrypt the challenge code, and decrypts the encryption challenge code to obtain the original text of the challenge code.
  • the original text of the challenge code is obtained to generate a dynamic password based on the challenge code source.
  • Step S104 The dynamic port token acquires a preset dynamic password generation policy, and generates a dynamic password according to the challenge code and the dynamic password generation policy.
  • the dynamic port token is generated by using the dynamic password preset in the dynamic port token after obtaining the challenge code original text.
  • the strategy calculates the challenge code to generate a dynamic password.
  • Step S105 The dynamic port token acquires a preset first prompting policy, and prompts the dynamic password according to the first prompting policy. Specifically, the dynamic port token can prompt the dynamic password in the following manner:
  • the dynamic port token is provided with a display screen, and the dynamic password is displayed on the display to prompt the user to dynamically password; the dynamic password is displayed only by the dynamic port token holder to view the dynamic password, thereby improving security.
  • a voice prompting device such as a speaker or a headset, is set on the dynamic port token to prompt the user dynamic password by means of voice playback.
  • Voice play dynamic passwords make it impossible for people who cannot view dynamic passwords to know dynamic passwords.
  • the dynamic port token acquires a preset dynamic password generation.
  • the dynamic password generating method may further include the following steps: the dynamic port token obtains a preset parsing policy, parses the meaning represented by the challenge code according to the parsing policy, and obtains parsing information; the dynamic port token acquires a preset second prompt The policy prompts parsing information according to the second prompting policy; the dynamic port token receives the second confirming instruction.
  • the second confirmation command is sent to the dynamic port token only after the user confirms that the parsing information is correct or the real transaction required by the user, otherwise the cancel command is sent to the dynamic port token. This ensures that only when the user judges that the transaction is a real transaction, a dynamic password is generated to prevent the user from being arbitrarily obtained by others to obtain a dynamic password in an uninformed manner, resulting in loss.
  • the original challenge code is 1234567899.
  • the dynamic port token can parse the actual meaning represented by the challenge code according to a preset parsing strategy. For example, after parsing the challenge code, the following parsing information is obtained: The transfer account is: 12345678, the amount is: 99.
  • the prompt analysis information may also be in any form such as a display prompt or a voice play prompt. It can be seen that, by using the dynamic password generation method of the present invention, the dynamic port token receives the encrypted challenge code, preventing the hacker from knowing the challenge code and impersonating the bank to request the dynamic password from the user, thereby improving security.
  • 2 is a schematic structural diagram of a dynamic port token according to an embodiment of the present invention.
  • the dynamic port token of the embodiment of the present invention generates a dynamic password by using the dynamic password generation method as described above, and only the structure thereof is briefly described herein.
  • the port token is not limited to this structure, and any dynamic port token that generates a dynamic password by using the dynamic password generation method described above may belong to the protection scope of the present invention.
  • the dynamic port token of the embodiment of the present invention includes:
  • the receiving unit 201, the decrypting unit 202, the dynamic password generating unit 203, and the prompting unit 204 wherein the receiving unit 201 is configured to receive an encryption challenge code, and a first confirmation instruction; the decrypting unit 202 is configured to receive the first in the receiving unit 201. After the command is confirmed, the preset decryption policy is obtained, and the encryption challenge code is decrypted according to the decryption policy to obtain a challenge code.
  • the dynamic password generating unit 203 is configured to obtain a preset dynamic password generation policy after the decryption unit 202 obtains the challenge code. The dynamic password is generated according to the challenge code and the dynamic password generation policy.
  • the prompting unit 204 is configured to obtain a preset first prompting policy after the dynamic password generating unit 203 generates the dynamic password, and prompt the dynamic password according to the first prompting policy.
  • the dynamic port token may further include: a parsing unit 205; the parsing unit 205 obtains a challenge at the decrypting unit 202 After the code is obtained, the dynamic password generating unit 203 obtains a preset analysis policy, and obtains the parsing information according to the parsing strategy to obtain the parsing information.
  • the prompting unit 204 is further used in the parsing unit. After obtaining the parsing information, the 205 obtains a preset second prompting policy, and prompts the parsing information according to the second prompting strategy.
  • the receiving unit 201 is further configured to: after the prompting unit 204 prompts the parsing information, receive the second confirming instruction.
  • the prompting information may be prompted by any means such as displaying a prompt or a voice play.
  • the second confirmation command is sent to the dynamic port token only after the user confirms that the parsing information is correct or the real transaction required by the user, otherwise the cancel command is sent to the dynamic port token. This ensures that only when the user judges that the transaction is a real transaction, a dynamic password is generated to prevent the user from being arbitrarily obtained by others to obtain a dynamic password in an uninformed manner, resulting in loss.
  • FIG. 3 is a flowchart of a dynamic password authentication method according to an embodiment of the present invention.
  • a dynamic port token generates a dynamic password according to the dynamic password generation method.
  • the dynamics of the present invention are shown in FIG. Password authentication methods, including:
  • Step S301 The background system server receives the transaction request.
  • the user can operate to generate a transaction on the terminal, so that the transaction request can be sent to the background system server through the terminal.
  • the terminal can include any terminal such as a PC, a POS, an ATM, a laptop, a tablet, or a smart phone.
  • Step S302 the background system server obtains the preset extraction policy, and extracts the key of the transaction request according to the extraction policy. Specifically, after receiving the transaction request, the background system server may extract key information from the transaction request, for example: the transaction request is a transfer Request, then the backend system server can extract the transfer account number and the transfer amount from the transfer request as key information.
  • the background system server may extract key information from the transaction request, for example: the transaction request is a transfer Request, then the backend system server can extract the transfer account number and the transfer amount from the transfer request as key information.
  • Step S303 The background system server acquires a preset challenge code generation policy, and generates a challenge code according to the challenge code generation policy and the key information.
  • the background system server After obtaining the key information, the background system server generates a challenge code according to the preset challenge code generation strategy and key information, for example: connecting the transfer account and the transfer amount as a challenge code; of course, to prevent the same account The same amount of challenge code appears in the same amount of transfer.
  • the challenge code can be generated by adding random numbers between the transfer account and the transfer amount.
  • the challenge code can also be generated together with the key information by using a time factor or an event factor.
  • Step S304 The background system server obtains a preset encryption policy, and encrypts the challenge code according to the encryption policy to obtain an encryption challenge code.
  • the background system server negotiates the encryption policy and the decryption policy with the dynamic port token in advance, and encrypts the challenge code by using the negotiated encryption policy to obtain the encryption challenge code.
  • the background system server sends the encryption challenge code to prevent users from being phishing.
  • the existing phishing can be: The hacker knows the user's account number and password, pretends that the bank sends the user's known challenge code, and uses the upgrade dynamic token to notify the user to inform him of the dynamic password generated by the challenge code. Thereby obtaining a dynamic password for the user transaction, thereby causing property damage to the user.
  • the background system server encrypts the challenge code to prevent the hacker from impersonating the bank to request the dynamic password from the user. Since the background system server needs to encrypt the challenge code in the present invention, the hacker cannot know the encryption policy, and thus cannot obtain the encryption. Challenge code.
  • Step S305 The background system server obtains an output policy, and outputs an encryption challenge code according to the output policy. Specifically, the background system server may output the encryption challenge code by:
  • the background system server sends the encryption challenge code to the terminal that initiates the transaction request to the user, and the terminal displays the encryption challenge code to prompt the user to input the encryption challenge code to the dynamic port token;
  • the background system server sends the encryption challenge code to the mobile phone bound to the user account to prompt the user to input the Encrypt the challenge code to the dynamic port token;
  • the background system server sends the encryption challenge code to the mailbox bound with the user account to prompt the user to input the encryption challenge code to the dynamic port token.
  • Step S306 the dynamic port token receives the encryption challenge code.
  • the dynamic port token can receive the encryption challenge code in one of the following ways:
  • the user inputs the encryption challenge code through the button of the dynamic port token, and the dynamic port token receives the encryption challenge code input by the user; the encryption challenge code is input through the button, so that the dynamic port token is low in cost and convenient to use.
  • the receiving device is set on the dynamic port token, and the receiving device can receive the encryption challenge code by wire or wirelessly, for example, can receive the audio through the audio interface, receive through the USB interface, receive through the NFC mode, and receive through the Bluetooth mode. Receiving an encryption challenge code in any form, such as receiving by optical transmission.
  • the receiving challenge device receives the encryption challenge code, which increases the speed and accuracy of the encryption challenge code input without user input.
  • the dynamic port token can be separated and used for management.
  • Step S307 the dynamic port token receives the first confirmation instruction
  • the encryption challenge code may be prompted to the user, and the encryption challenge code may be prompted to the user by using one of the following methods:
  • a dynamic port token is provided with a display screen, and the received encryption challenge code is displayed on the display screen to prompt the user to encrypt the challenge code; the encryption challenge code is displayed only by the dynamic port token holder to view the received encryption challenge code. , improve security.
  • a voice prompting device such as a speaker or a headset, is set on the dynamic port token to prompt the user encryption challenge code by means of voice playback.
  • the voice playback encryption challenge code makes it impossible for a person who cannot view the encryption challenge code to know the received encryption challenge code, which is convenient to use.
  • the encryption challenge code is prompted to the user so that the user can confirm whether the encryption challenge code is entered correctly. If the received encryption challenge code is correct, the user can send a first confirmation instruction to the dynamic port token to instruct the dynamic port token to generate a dynamic password.
  • the user can press the confirmation button set on the dynamic port token to send the first confirmation command, and the user sends the first confirmation command through the confirmation button to isolate the threat of the Trojan horse from the hardware, thereby improving the security.
  • the first confirmation command may also be the first confirmation command sent by other devices through wired or wireless manner, for example: the dynamic port token can be received by audio through the audio interface, received through the USB interface, received through the NFC mode, and passed through the Bluetooth.
  • the mode receives, receives the first confirmation command in any form, such as receiving by optical transmission.
  • the first confirmation instruction is issued by other devices, so that the dynamic port token can be separated and used for convenient management.
  • Step S308 the dynamic port token acquires a preset decryption policy, and decrypts the encryption challenge code according to the decryption policy. Get the challenge code;
  • the dynamic port token uses a decryption strategy corresponding to the encryption policy used to encrypt the challenge code, and decrypts the encryption challenge code to obtain the original text of the challenge code.
  • the original text of the challenge code is obtained to generate a dynamic password based on the challenge code source.
  • Step S309 the dynamic port token acquires a preset dynamic password generation policy, and generates a dynamic password according to the challenge code and the dynamic password generation policy.
  • the dynamic port token is generated by using the dynamic password preset in the dynamic port token after obtaining the challenge code original text.
  • the strategy calculates the challenge code to generate a dynamic password.
  • Step S310 The dynamic port token acquires a preset first prompting policy, and prompts the dynamic password according to the first prompting policy. Specifically, the dynamic port token can prompt the dynamic password in the following manner:
  • the dynamic port token is provided with a display screen, and the dynamic password is displayed on the display to prompt the user to dynamically password; the dynamic password is displayed only by the dynamic port token holder to view the dynamic password, thereby improving security.
  • a voice prompting device such as a speaker or a headset, is set on the dynamic port token to prompt the user dynamic password by means of voice playback.
  • Voice play dynamic passwords make it impossible for people who cannot view dynamic passwords to know dynamic passwords.
  • Step S311 The background system server receives the dynamic password, obtains a preset authentication policy, and authenticates the dynamic password according to the authentication policy.
  • the background system server authenticates the dynamic password according to the preset authentication policy.
  • the authentication dynamic password is generated by using the same dynamic password generation method as the dynamic port token. If the authentication dynamic password is the same as the received dynamic password, if the authentication is the same, the authentication is passed, otherwise the authentication fails.
  • the transaction can also be executed according to the transaction request.
  • the dynamic port token acquires a preset dynamic password generation.
  • the dynamic password authentication method may further include the following steps: the dynamic port token obtains a preset parsing policy, parses the meaning represented by the challenge code according to the parsing policy, and obtains parsing information; the dynamic port token acquires a preset second prompt The policy prompts parsing information according to the second prompting policy; the dynamic port token receives the second confirming instruction.
  • the second confirmation command is sent to the dynamic port token only after the user confirms that the parsing information is correct or the real transaction required by the user, otherwise the cancel command is sent to the dynamic port token.
  • a dynamic password is generated to prevent the user from being arbitrarily obtained by others to obtain the dynamic password in an arbitrary manner, resulting in loss.
  • the original challenge code is 1234567899.
  • the dynamic port token can parse the actual meaning represented by the challenge code according to a preset parsing strategy. For example, after parsing the challenge code, the following parsing information is obtained:
  • the transfer account is: 12345678, the amount is: 99.
  • the prompt can also be in any form such as a display prompt or a voice play prompt.
  • the dynamic password authentication method of the present invention is adopted, the background system server encrypts and outputs the challenge code, the dynamic port token receives the encryption challenge code, and the decryption encryption challenge code restores the challenge code original text, preventing the hacker from knowing the challenge code pretending to be the bank. Users request dynamic passwords for increased security.
  • 4 is a schematic structural diagram of a dynamic password authentication system according to an embodiment of the present invention.
  • the dynamic password authentication system in the embodiment of the present invention uses a dynamic password authentication method to authenticate a dynamic password, and the dynamic password authentication system includes the dynamic password token described above.
  • the dynamic password authentication system of the present invention includes: a background system server 40 and a dynamic port token 50;
  • the background system server 40 is configured to receive a transaction request, obtain a preset extraction policy, extract key information of the transaction request according to the extraction policy, obtain a preset challenge code generation strategy, generate a challenge code according to the challenge code generation strategy and key information, and obtain a pre-
  • the encryption policy is set, the challenge code is encrypted according to the encryption policy, the encryption challenge code is obtained, the output policy is obtained, the encryption challenge code is output according to the output policy, and the dynamic password is received to obtain a preset authentication policy, and the dynamic password is performed according to the authentication policy. Certification.
  • the background system server 40 can distinguish different function modules from performing the above functions, for example: the background system server 40 can include: the receiving module performs an operation of receiving a transaction request, receiving a dynamic password, and the extracting module performs a preset extraction policy, according to the extraction policy. The operation of extracting the key information of the transaction request, the challenge code generation module performs the operation of acquiring the preset challenge code generation strategy, and generating the challenge code according to the challenge code generation strategy and the key information, and the encryption module performs the acquisition of the preset encryption policy according to the encryption policy.
  • Encrypting the challenge code to obtain the operation of encrypting the challenge code the output module performing the acquisition output policy, outputting the encryption challenge code according to the output policy, and the authentication module performing the acquisition of the preset authentication policy, and authenticating the dynamic password according to the authentication policy operating.
  • the above module division is only an embodiment, and the present invention is not limited to the division of such a function module.
  • the dynamic port token 50 is configured to receive the encryption challenge code, receive the first confirmation instruction, obtain a preset decryption policy, decrypt the encryption challenge code according to the decryption policy, obtain a challenge code, and obtain a preset dynamic password generation policy, according to the challenge code. And the dynamic password generation policy generates a dynamic password, obtains a preset first prompt policy, and prompts the dynamic password according to the first prompt policy.
  • the dynamic port token 50 can be a dynamic port token as shown in FIG. 2, including various execution units of the dynamic port token as shown in FIG. 2.
  • the dynamic port token 50 still obtains the preset dynamic password generation policy after obtaining the challenge code.
  • Obtain a preset parsing strategy parse the meaning represented by the challenge code according to the parsing policy, obtain parsing information, and obtain Taking a preset second prompting strategy, prompting the parsing information according to the second prompting policy, and receiving the second confirming instruction.
  • the prompting information may be prompted by any means such as displaying a prompt or a voice play.
  • the second confirmation command is sent to the dynamic port token only after the user confirms that the parsing information is correct or the real transaction required by the user, otherwise the cancel command is sent to the dynamic port token. This ensures that only when the user judges that the transaction is a real transaction, a dynamic password is generated to prevent the user from being arbitrarily obtained by others to obtain a dynamic password in an uninformed manner, resulting in loss.
  • the dynamic password authentication system of the present invention is adopted, the background system server encrypts and outputs the challenge code, the dynamic port token receives the encryption challenge code, and the decryption encryption challenge code restores the challenge code original text, preventing the hacker from knowing the challenge code pretending to the bank. Users request dynamic passwords for increased security.
  • Any process or method description in the flowcharts or otherwise described herein may be understood to represent a module, segment or portion of code that includes one or more executable instructions for implementing the steps of a particular logical function or process.
  • the scope of the preferred embodiments of the invention includes additional implementations, in which the functions may be performed in a substantially simultaneous manner or in an opposite order depending on the functions involved, in the order shown or discussed. It will be understood by those skilled in the art to which the embodiments of the present invention pertain.
  • portions of the invention may be implemented in hardware, software, firmware or a combination thereof.
  • multiple steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system.
  • a suitable instruction execution system For example, if implemented in hardware, as in another embodiment, it can be implemented with any one or combination of the following techniques well known in the art: having logic gates for implementing logic functions on data signals Discrete logic circuits, application specific integrated circuits with suitable combinational logic gates, programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), etc.
  • each functional unit in each embodiment of the present invention may be integrated into one processing module, or each unit may exist physically separately, or two or more units may be integrated into one module.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules.
  • the integrated modules, if implemented in the form of software functional modules and sold or used as separate products, may also be stored in a computer readable storage medium.
  • the above-mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.

Abstract

L'invention concerne un jeton dynamique, un procédé de génération de mot de passe dynamique, et un procédé et un système d'authentification de mot de passe dynamique. Le procédé de génération de mot de passe dynamique comprend les étapes suivantes : un jeton dynamique reçoit un code de défi chiffré ; le jeton dynamique reçoit une première instruction d'accusé de réception ; le jeton dynamique acquiert une politique de déchiffrement prédéfinie, déchiffre le code de défi chiffré d'après la politique de déchiffrement, et obtient un code de défi ; le jeton dynamique acquiert une politique prédéfinie de génération de mot de passe dynamique, et génère un mot de passe dynamique d'après le code de défi et la politique de génération de mot de passe dynamique ; et le jeton dynamique acquiert une première politique de proposition prédéfinie, et propose le mot de passe dynamique d'après la première politique de proposition.
PCT/CN2014/083079 2013-09-06 2014-07-25 Jeton, procédé de génération de mot de passe dynamique, et procédé et système d'authentification de mot de passe dynamique WO2015032248A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310403552.2 2013-09-06
CN2013104035522A CN103475481A (zh) 2013-09-06 2013-09-06 令牌、动态口令生成方法、动态口令认证方法及系统

Publications (1)

Publication Number Publication Date
WO2015032248A1 true WO2015032248A1 (fr) 2015-03-12

Family

ID=49800193

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/083079 WO2015032248A1 (fr) 2013-09-06 2014-07-25 Jeton, procédé de génération de mot de passe dynamique, et procédé et système d'authentification de mot de passe dynamique

Country Status (2)

Country Link
CN (1) CN103475481A (fr)
WO (1) WO2015032248A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103475481A (zh) * 2013-09-06 2013-12-25 天地融科技股份有限公司 令牌、动态口令生成方法、动态口令认证方法及系统

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040233893A1 (en) * 2003-05-09 2004-11-25 Transat Technologies, Inc. System and method for transferring wireless network access passwords
US20090063850A1 (en) * 2007-08-29 2009-03-05 Sharwan Kumar Joram Multiple factor user authentication system
CN102025716A (zh) * 2010-06-29 2011-04-20 北京飞天诚信科技有限公司 一种对动态口令令牌的种子进行更新的方法
CN102075547A (zh) * 2011-02-18 2011-05-25 北京天地融科技有限公司 动态口令生成方法及装置、认证方法及系统
CN102281137A (zh) * 2010-06-12 2011-12-14 杭州驭强科技有限公司 一种双向认证式挑战应答机制的动态密码认证方法
CN102752115A (zh) * 2012-07-04 2012-10-24 北京天龙融和软件有限公司 挑战码生成方法及装置、动态口令认证方法及系统
CN103475481A (zh) * 2013-09-06 2013-12-25 天地融科技股份有限公司 令牌、动态口令生成方法、动态口令认证方法及系统

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040233893A1 (en) * 2003-05-09 2004-11-25 Transat Technologies, Inc. System and method for transferring wireless network access passwords
US20090063850A1 (en) * 2007-08-29 2009-03-05 Sharwan Kumar Joram Multiple factor user authentication system
CN102281137A (zh) * 2010-06-12 2011-12-14 杭州驭强科技有限公司 一种双向认证式挑战应答机制的动态密码认证方法
CN102025716A (zh) * 2010-06-29 2011-04-20 北京飞天诚信科技有限公司 一种对动态口令令牌的种子进行更新的方法
CN102075547A (zh) * 2011-02-18 2011-05-25 北京天地融科技有限公司 动态口令生成方法及装置、认证方法及系统
CN102752115A (zh) * 2012-07-04 2012-10-24 北京天龙融和软件有限公司 挑战码生成方法及装置、动态口令认证方法及系统
CN103475481A (zh) * 2013-09-06 2013-12-25 天地融科技股份有限公司 令牌、动态口令生成方法、动态口令认证方法及系统

Also Published As

Publication number Publication date
CN103475481A (zh) 2013-12-25

Similar Documents

Publication Publication Date Title
US10972290B2 (en) User authentication with self-signed certificate and identity verification
US10592872B2 (en) Secure registration and authentication of a user using a mobile device
TWI792284B (zh) 用於驗證對安全裝置功能性之線上存取之方法
JP6648110B2 (ja) クライアントをデバイスに対して認証するシステム及び方法
KR102364874B1 (ko) 웨어러블 디바이스를 사용하여 전자 지불들을 용이하게 하기 위한 방법 및 장치
TWI635409B (zh) 判定認證能力之查詢系統、方法及非暫態機器可讀媒體
JP6264674B2 (ja) Qrコードを用いた認証システム及びその方法
WO2017045539A1 (fr) Procédé et dispositif d'authentification d'identité
US10025920B2 (en) Enterprise triggered 2CHK association
US9521548B2 (en) Secure registration of a mobile device for use with a session
US9642005B2 (en) Secure authentication of a user using a mobile device
WO2014161438A1 (fr) Jeton de mot de passe dynamique, et procédé et système de transmission de données pour le jeton de mot de passe dynamique
JP2018532301A (ja) 本人認証方法及び装置
WO2015101310A1 (fr) Procédé, dispositif, et système de traitement de service
JP6552714B2 (ja) データ処理方法およびシステム、ならびにウェアラブル電子デバイス
WO2014201907A1 (fr) Procédé et système de signature électronique
EP3662430B1 (fr) Système et procédé d'authentification d'une transaction
CN110620763B (zh) 一种基于移动端app的移动身份认证方法及系统
JP2022527798A (ja) 効率的なチャレンジ応答認証のためのシステム及び方法
WO2015168878A1 (fr) Procédé et dispositif de paiement, et procédé et dispositif de traitement de facteur de paiement
WO2015109958A1 (fr) Procédé de traitement de données basé sur une clé de négociation, et téléphone mobile
WO2015032248A1 (fr) Jeton, procédé de génération de mot de passe dynamique, et procédé et système d'authentification de mot de passe dynamique
WO2015000332A1 (fr) Procédé de transmission de données de signature et jeton de signature électronique
CN102420798A (zh) 网络认证系统和方法
CN107292611B (zh) 一种交易方法和系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14841637

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14841637

Country of ref document: EP

Kind code of ref document: A1