CN102025716A - Method for updating seeds of dynamic password token - Google Patents
Method for updating seeds of dynamic password token Download PDFInfo
- Publication number
- CN102025716A CN102025716A CN2010102139167A CN201010213916A CN102025716A CN 102025716 A CN102025716 A CN 102025716A CN 2010102139167 A CN2010102139167 A CN 2010102139167A CN 201010213916 A CN201010213916 A CN 201010213916A CN 102025716 A CN102025716 A CN 102025716A
- Authority
- CN
- China
- Prior art keywords
- dynamic password
- seed
- service end
- token
- password token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000004321 preservation Methods 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 claims description 4
- 230000008676 import Effects 0.000 description 28
- 230000005540 biological transmission Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 230000008901 benefit Effects 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 238000012790 confirmation Methods 0.000 description 4
- 239000004973 liquid crystal related substance Substances 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000010200 validation analysis Methods 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method for updating seeds of a dynamic password token. The method comprises the following steps: firstly, a user performs mutual authentication by using a dynamic password token and a server, and seeds in the dynamic password token are updated if legal; the server generates a seed updating identification and transmits the seed updating identification to a client; the dynamic password token uses the seed updating identification to generate a temporary seed and authenticates a dynamic password again by using the temporary seed, and updates the seeds stored inside if the authentication is successful; and the server also updates the seeds to be stored by the dynamic password token. The invention prevents token manufacturers from knowing the condition of seeds in each token by updating seeds in the dynamic password token, therefore the safety is improved.
Description
Technical field
The present invention relates to information security field, particularly a kind of seed to dynamic password token carries out method for updating.
Background technology
Along with development of internet technology, people need the transmission of a large amount of important informations such as conclude the business on the net, but common static password technology is no longer safe, be easy to just can be intercepted by the hacker, the hacker is by using the legal account of static password login user, carry out unlawful activities, people's information security has been caused very big threat.
In recent years, a kind of dynamic password technology has appearred, by this technology, can reach the characteristics of inputing one-time pad in the process of password the user, even this lands the user password and has been intercepted and captured, this password had cancelled and can not use when but landed next time, can not constitute a threat to the user again, had strengthened the safety of user account greatly.Wherein, a large amount of dynamic password systems that comprise a kind of challenge response formula that use, this kind method is used the small intelligent safety means of a band button, may also be referred to as dynamic password token, the built-in security algorithm of token, and each token is provided with unique seed (being used for calculating the static parameter of dynamic password), normally, token is provided with button and display screen, button is used for as input equipment input challenge code etc., and display screen is used to import dynamic password and since the seed in the dynamic password token be maintain secrecy and be kept at token inside and can not read, the hacker can't crack user's dynamic password under the situation that can't obtain seed.
But, still there are security breaches in such token, generally speaking, dynamic password token is that the safety product manufacturer produces, the manufacturer uses the seed tool of production to generate seed for each token, and unique seed is written in the token by hardware interface, be each token numbering simultaneously, to number with seed in correspondence with each other, when dynamic password token is sold to service provider, seed with correspondence is distributed to service provider simultaneously, and service provider is distributed to the user with token and carries out the authentication use.And generally, service provider does not have the hardware interface of seed in the change token, can't upgrade seed, has therefore produced security breaches.In the case, the token manufacturer can duplicate seed in the process of token production, can simulate token and generate dynamic password, and user's the information security and the prestige of service provider are threatened.
Summary of the invention
In order to improve the fail safe of network data transmission, the embodiment of the invention provides a kind of seed to dynamic password token to carry out method for updating.Technical scheme is as follows:
A kind of seed to dynamic password token carries out method for updating, and described method comprises:
Service end receives the request of seed in the renewal dynamic password token that the user sends by client, and whether described service end and described dynamic password token checking mutually be all legal;
If described service end and described dynamic password token are all illegal, stop the more operation of new seed;
If described service end and described dynamic password token are all legal, described service end generates more new logo of the 3rd challenge code and seed, and returns to client, described service end according to described seed more new logo obtain the interim seed of service end and preserve;
The described seed that described dynamic password token receives user's input is new logo more, described dynamic password token according to described seed more new logo obtain the interim seed of dynamic password token end;
Described dynamic password token receives the 3rd challenge code of user's input, and described dynamic password token generates the 5th dynamic password according to described interim seed and described the 3rd challenge code, and the 5th dynamic password is sent to described service end verifies;
Described service end is verified described the 5th dynamic password, if it is correct, described service end is changed to new seed with the interim seed of described service end, and return the more message of new seed success of described service end to described client, described client is exported the more message of new seed success of described service end, described dynamic password token receives the affirmation information of the more new seed success of described user's input, described dynamic password token is changed to new seed with the interim seed of described dynamic password token end, the more new seed success of described dynamic password token, if it is incorrect, described service end is returned more new seed failure, described dynamic password token receives the more new seed cancellation information of described user's input, more new seed failure.
Preferably, whether described dynamic password token and described dynamic password token checking mutually be all legal, and concrete comprises:
Described service end generates first challenge code, and returns to client, and described client is exported described first challenge code;
Described dynamic password token receives described first challenge code of described user's input, described dynamic password token uses initial seed and described first challenge code to generate first dynamic password, and described first dynamic password is sent to described service end by described client;
Described service end verifies whether described first dynamic password is correct;
If incorrect, then described dynamic password token is illegal, stops the operation of described more new seed;
If it is correct, then described dynamic password token is legal, whether continue the described service end of checking legal, described service end generates second challenge code, and generate the 3rd dynamic password by the initial seed and described second challenge code of the described dynamic password token of preserving in the described service end, described service end sends to described client with described second challenge code and described the 3rd dynamic password, described client is exported described second challenge code and described the 3rd dynamic password, described dynamic password token receives described second challenge code of described user's input, described dynamic password token generates the 4th dynamic password according to the initial seed in described second challenge code and the described dynamic password token, described user compares described the 3rd dynamic password and described the 4th dynamic password, if it is identical, send the legal affirmation information of the described service end of affirmation by described client to described service end, described dynamic password token and described service end checking mutually are all legal, if it is inequality, then described service end is illegal, stops the operation of described more new seed.
Correspondingly, described service end verifies whether described first dynamic password is correct, and concrete comprises:
Described service end uses the initial seed of the described dynamic password token of described first challenge code and the preservation of described service end to generate second dynamic password, and described first dynamic password and described second dynamic password compared, if it is identical, then described first dynamic password is correct, if inequality, then described second dynamic password is incorrect.
Preferably, more concrete the comprising of new logo of described seed:
In first numerical value, random number, interim seed encrypted bag or the seed numbering number any.
Correspondingly, when described seed upgrades when being designated described first numerical value, described service end according to described seed more new logo obtain concrete the comprising of the interim seed of service end:
Described service end is that parameter is calculated with the initial seed of the described dynamic password token that described first numerical value and described service end are preserved, and obtains the interim seed of described service end.
Correspondingly, when described seed upgrades when being designated described first numerical value, described dynamic password token according to described seed more new logo obtain concrete the comprising of the interim seed of dynamic password token end:
Described dynamic password token is that calculation of parameter obtains the interim seed of described dynamic password token end with the initial seed of described first numerical value and described dynamic password token, described dynamic password token is planted the period of the day from 11 p.m. to 1 a.m at the described dynamic password token end of calculating temporarily, uses and calculates the identical algorithm of the interim seed of described service end with described service end.
Correspondingly, when described seed upgrades when being designated described random number, described service end according to described seed more new logo obtain concrete the comprising of the interim seed of service end:
Described service end uses preset algorithm that described random number is changed, and obtains the interim seed of described service end.
Correspondingly, described service end uses preset algorithm that described random number is changed, and also comprises:
When according to preset algorithm described random number being changed, joining day factor and incident factor are as the computing parameter.
Correspondingly, when described seed upgrades when being designated described random number, described dynamic password token according to described seed more new logo obtain concrete the comprising of the interim seed of dynamic password token end:
Described dynamic password token uses preset algorithm that described random number is changed, and obtains the interim seed of described dynamic password token end.
Correspondingly, described dynamic password token uses preset algorithm that described random number is changed, and also comprises:
When according to preset algorithm described random number being changed, joining day factor and incident factor are as the computing parameter.
Preferably, concrete the comprising of described interim seed encrypted bag:
Interim seed of service end after the encryption and the 4th challenge code.
Correspondingly, described service end generates more new logo of seed, and concrete comprises:
Described service end generates the 4th challenge code and the interim seed of service end, and the initial seed and described the 4th challenge code of the described dynamic password token of preserving according to described service end generate the 7th dynamic password, described service end is encrypted as key described the 7th dynamic password to the interim seed of described service end, the interim seed of service end after obtaining encrypting.
Correspondingly, described dynamic password token according to described seed more new logo obtain the interim seed of dynamic password token end, concrete comprises:
Described dynamic password token receives described the 4th challenge code of described user's input and the interim seed after the encryption, use the initial seed and described the 4th challenge code of described dynamic password token to generate the 8th dynamic password, and use the 8th dynamic password to be decrypted as the interim seed of service end of key after to described encryption, obtain the interim seed of described dynamic password token end.
Correspondingly, when described seed renewal was designated the seed numbering, described service end generated more new logo of seed, and concrete comprises:
Described service end is numbered according to described seed, selects the seed of reference numeral as the interim seed of described service end in the seed list of the described dynamic password token that described service end is preserved.
Correspondingly, when described seed upgrades when being designated the seed numbering, described dynamic password token according to described seed more new logo obtain the interim seed of dynamic password token end, concrete comprises:
Described dynamic password token receives the described seed numbering of user's input, and selects the seed of reference numeral as the interim seed of described dynamic password token end in the seed list of preserving in described dynamic password token according to described seed numbering.
Correspondingly, described seed list writes in the described dynamic password token when being described dynamic password token initialization, and preserve the seed list of described dynamic password token in described service end, record the spendable seed of described dynamic password token in the described seed list, and each seed there is corresponding numbers to identify.
Correspondingly, described service end is verified described the 5th dynamic password, and concrete comprises:
Described service end uses interim seed of described service end and described the 3rd challenge code to generate the 6th dynamic password, and described the 5th dynamic password and described the 6th dynamic password compared, if it is identical, then described the 5th dynamic password is correct, if inequality, then described the 5th dynamic password is incorrect.
The beneficial effect that the technical scheme that the embodiment of the invention provides is brought is: overcome the problem that dynamic password token manufacturer in the conventional art can know seed in the dynamic password token, increased the fail safe of seed in the dynamic password token.
Description of drawings
Fig. 1 carries out the method for updating flow chart for a kind of seed to dynamic password token in the specific embodiment of the invention one.
Fig. 2 carries out the method for updating flow chart for a kind of seed to dynamic password token in the specific embodiment of the invention two.
Fig. 3 carries out the method for updating flow chart for a kind of seed to dynamic password token in the specific embodiment of the invention three.
Fig. 4 carries out the method for updating flow chart for a kind of seed to dynamic password token in the specific embodiment of the invention four.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
Embodiment 1
Present embodiment provides a kind of seed to dynamic password token to carry out method for updating, participates in Fig. 1, and concrete steps are as follows:
Step 101, the user sends the request of upgrading seed in the dynamic password token by client to service end;
In the present embodiment, the dynamic password token that the user uses is the dynamic password token of challenge response formula, and is equipped with the input and output device on the token, and preferably, input unit adopts keyboard, and output device adopts the mode that shows output or audio frequency report to export;
The user sends the request of upgrading seed in the dynamic password token by client, concrete can for, the user conducts interviews to service end by the browser of installing in the client, service end returns to the more function pages of new seed of dynamic password token by browser, the user imports the more numbering of the dynamic password token of new seed, and select more new seed, send the more request of new seed to service end;
In the present embodiment, the seed that will carry out storing in the dynamic password token before seed upgrades is defined as initial seed;
Step 102, service end are received the more request of new seed, generate first challenge code, and first challenge code is returned to client;
In the present embodiment, service end generates first challenge code and can also comprise, service end is according to the dynamic password token numbering that receives, search the seed information of this dynamic password token information and this dynamic password token correspondence, generate first challenge code, and judge whether the challenge code that first challenge code uses when whether carrying out verifying dynamic password with last time is identical, if it is identical, regenerate a challenge code, the challenge code that uses when carrying out verifying dynamic password with described last time is again compared, if inequality, then return first challenge code to client;
Step 103, client are exported first challenge code, and the user is input to first challenge code in the dynamic password token, and dynamic password token generates first dynamic password according to the initial seed and first challenge code after receiving first challenge code;
In the present embodiment, after dynamic password token generated first dynamic password, by liquid crystal indicator output, the algorithm that dynamic password token generates first dynamic password can be HMAC-SHA1, MD5, SHA-1, SHA-256 etc.;
Step 104, client receives first dynamic password of user's input, and sends the request that first dynamic password is verified to service end;
Step 105, service end receives the request and first dynamic password that first dynamic password is verified, first dynamic password is verified if legal, if execution in step 106 illegal, is then returned the incorrect mistake of first dynamic password to client;
In the present embodiment, service end is verified first dynamic password, service end uses first challenge code and initial seed to generate second dynamic password, second dynamic password and first dynamic password are compared, if it is identical, then first dynamic password is legal, if inequality, then first dynamic password is illegal;
Wherein, in the service end algorithm that generates second dynamic password and the step 103 dynamic password token to generate the algorithm of first dynamic password identical;
Step 106, service end generates second challenge code, and generate the 3rd dynamic password according to second challenge code and initial seed, the 3rd dynamic password and second challenge code are returned to client, client is exported the 3rd dynamic password and second challenge code, and waits for the affirmation information of user by the affirmation server legitimacy of client transmission that receives;
Step 107, the user is input to second challenge code in the dynamic password token, dynamic password token generates the 4th dynamic password and demonstration according to second challenge code and initial seed, whether compare the 4th dynamic password identical with the 3rd dynamic password, if identical, by the affirmation information of client input validation server legitimacy, execution in step 108, if inequality, illustrate that server is illegal, the more operation of new seed of dynamic password token is given in cancellation;
Wherein, in the dynamic password token algorithm that generates the 4th dynamic password and the step 106 service end to generate the algorithm of the 3rd dynamic password identical;
In the present embodiment, step 107 can also realize according to another kind of method:
The user imports second challenge code in dynamic password token, dynamic password token generates the 4th dynamic password according to second challenge code and initial seed, the user imports the 3rd dynamic password again in dynamic password token, the 3rd dynamic password and the 4th dynamic password are compared in dynamic password token inside, if it is identical, then the 3rd dynamic password is correct, the legal affirmation information of dynamic password token output service end, if it is inequality, then the 3rd dynamic password is incorrect, the illegal information of dynamic password token input service end;
Using the benefit of said method is can not expose the 4th dynamic password;
Step 108, service end generate first numerical value, generate interim seed of service end and preservation according to first numerical value and initial seed, generate the 3rd challenge code, and the 3rd challenge code and first numerical value are returned to client;
In the present embodiment, service end generates the algorithm secrecy of first numerical value, has only service end as can be known, can be for generating at random, and preferably, the data length of first numerical value and initial seed is consistent;
Generating the interim period of the day from 11 p.m. to 1 a.m of planting according to first numerical value and initial seed, first numerical value and initial seed preferably, can use first numerical value and initial seed to carry out XOR and obtain the interim seed of service end as the parameter that must participate in the computing;
Step 109, client are exported the 3rd challenge code and first numerical value;
Step 110, the user is with in first numerical value input dynamic password token, dynamic password token receives and uses first numerical value to generate the interim seed of dynamic password token end with initial seed to generate the identical algorithm of interim seed in the step 108, and preserves the interim seed of dynamic password token end;
Step 111, the user imports the 3rd challenge code in dynamic password token, and dynamic token receives the 3rd challenge code, and uses interim seed of dynamic password token end and the 3rd challenge code to generate the 5th dynamic password;
Step 112, the user imports the 5th dynamic password to client, and client receives the 5th dynamic password, and the request of sending the 5th dynamic password and the 5th dynamic password is verified to service end;
Step 113, service end are verified the 5th dynamic password, if correct, if execution in step 114 incorrect, is returned the more mistake of new seed failure to the user;
In the present embodiment, service end verify the 5th dynamic password concrete be, service end will generate the 6th dynamic password according to interim seed and the 3rd challenge code, the 5th dynamic password and the 6th dynamic password are compared, if it is identical, then the 5th dynamic password is correct, if inequality, then the 5th dynamic password is incorrect;
Step 114, service end use the interim seed of service end to replace initial seed, the interim seed of service end is preserved as new seed, and sent the more information of new seed success to client;
Step 115, the user imports the more affirmation information of new seed success of service end in dynamic password token, dynamic password token confirmation of receipt information, use the interim seed of dynamic password token end to replace initial seed, the interim seed of dynamic password token end is preserved more new seed success of dynamic password token as new seed.
In the present embodiment, provide a kind of seed to carry out method for updating to dynamic password token, make the user after buying dynamic password token, can upgrade the seed that when producing, writes in the dynamic password token by network by the manufacturer, make seed have only user dynamic password token that has and the service end of verifying dynamic password to have, guaranteed the secret of seed, strengthened the fail safe of user account, the method that present embodiment provided is applicable to that more more new seed is convenient in the enterprising enforcement usefulness of automatic teller machine.
Embodiment 2
Present embodiment provides a kind of seed to dynamic password token to carry out method for updating, participates in Fig. 2, and concrete steps are as follows:
Step 201, the user sends the request of upgrading seed in the dynamic password token by client to service end;
In the present embodiment, the dynamic password token that the user uses is the dynamic password token of challenge response formula, and is equipped with the input and output device on the token, and preferably, input unit adopts keyboard, and output device adopts the mode that shows output or audio frequency report to export;
The user sends the request of upgrading seed in the dynamic password token by client, concrete can for, the browser of user by installing in the client, service end is conducted interviews, service end returns to the more function pages of new seed of dynamic password token by browser, the user imports the more numbering of the dynamic password token of new seed, and selects more new seed, sends the more request of new seed to service end;
In the present embodiment, the seed that will carry out storing in the dynamic password token before seed upgrades is defined as initial seed;
Step 202, service end are received the more request of new seed, generate first challenge code, and first challenge code is returned to client;
In the present embodiment, service end generates first challenge code and can also comprise, service end is according to the dynamic password token numbering that receives, search the seed information of this dynamic password token information and this dynamic password token correspondence, generate first challenge code, and judge whether the challenge code that first challenge code uses when whether carrying out verifying dynamic password with last time is identical, if it is identical, regenerate a challenge code, the challenge code that uses when carrying out verifying dynamic password with described last time is again compared, if inequality, then return first challenge code to client;
Step 203, client are exported first challenge code, and the user is input to first challenge code in the dynamic password token, and dynamic password token generates first dynamic password according to the initial seed and first challenge code after receiving first challenge code;
In the present embodiment, after dynamic password token generated first dynamic password, by liquid crystal indicator output, the algorithm that dynamic password token generates first dynamic password can be HMAC-SHA1, MD5, SHA-1, SHA-256 etc.;
Step 204, client receives first dynamic password of user's input, and sends the request that first dynamic password is verified to service end;
Step 205, service end receives the request and first dynamic password that first dynamic password is verified, first dynamic password is verified if legal, if execution in step 206 illegal, is then returned the incorrect mistake of first dynamic password to client;
In the present embodiment, service end is verified first dynamic password, service end uses first challenge code and initial seed to generate second dynamic password, second dynamic password and first dynamic password are compared, if it is identical, then first dynamic password is legal, if inequality, then first dynamic password is illegal;
Wherein, in the service end algorithm that generates second dynamic password and the step 203 dynamic password token to generate the algorithm of first dynamic password identical;
Step 206, service end generates second challenge code, and generate the 3rd dynamic password according to second challenge code and initial seed, the 3rd dynamic password and second challenge code are returned to client, client is exported the 3rd dynamic password and second challenge code, waits for the affirmation information of user by the affirmation server legitimacy of client transmission that receives;
Step 207, the user is input to second challenge code in the dynamic password token, dynamic password token generates the 4th dynamic password and demonstration according to second challenge code and initial seed, whether the user compares the 4th dynamic password identical with the 3rd dynamic password, if identical, by the affirmation information of client input validation server legitimacy, execution in step 208, if inequality, illustrate that server is illegal, the more operation of new seed of dynamic password token is given in cancellation;
Wherein, in the dynamic password token algorithm that generates the 4th dynamic password and the step 206 service end to generate the algorithm of the 3rd dynamic password identical;
In the present embodiment, step 207 can also realize according to another kind of method:
The user imports second challenge code in dynamic password token, dynamic password token generates the 4th dynamic password according to second challenge code and initial seed, the user imports the 3rd dynamic password again in dynamic password token, the 3rd dynamic password and the 4th dynamic password are compared in dynamic password token inside, if it is identical, then the 3rd dynamic password is correct, the legal affirmation information of dynamic password token output service end, if it is inequality, then the 3rd dynamic password is incorrect, the illegal information of dynamic password token input service end;
Using the benefit of said method is can not expose the 4th dynamic password;
Step 208, service end generates random number R, generates interim seed of service end and preservation by random number R according to pre-defined algorithm, and generates the 3rd challenge code, random number R and the 3rd challenge code is returned to client, and send the instruction of carrying out verifying dynamic password once more;
In the present embodiment, default algorithm can be any secret algorithm, can be HMAC-SHA1, MD5, SHA-1, SHA-256 etc., for example generating 8 random numbers is 12345678, use the MD5 algorithm that random number is carried out digest calculations, obtain cryptographic Hash 25D55AD283AA400AF464C76D713C07AD, get the fixing figure place of cryptographic Hash as the interim seed of service end;
Use preset algorithm to generate service end in service end and plant the period of the day from 11 p.m. to 1 a.m temporarily, in order to increase fail safe, can also increase the parameter that generates the interim seed of service end, comprise time factor and the incident factor of increasing, for example, can in token, increase timer, plant the period of the day from 11 p.m. to 1 a.m in the generation service end temporarily, current time and random number R are carried out combination, according to the default interim seed of algorithm computation service end, the incident factor can be the number of times that this dynamic password token generates dynamic password again, can prevent like this in the process that random number R transmits on network, intercepted by the hacker, calculate the behavior of user's seed;
Step 209, client output random number R and the 3rd challenge code;
Step 210, the user imports random number R to dynamic password token, after dynamic password token receives random number R, use with step 208 in service end generate the identical algorithm of interim seed and generate the interim seed of dynamic password token end, and preservation;
Step 211, the user imports the 3rd challenge code in dynamic password token, after dynamic password token receives the 3rd challenge code, use interim seed of dynamic password token end and the 3rd challenge code to generate the 5th dynamic password;
Step 212, the user imports the 5th dynamic password to client, and client receives the 5th dynamic password, and the request of sending the 5th dynamic password and the 5th dynamic password is verified to service end;
Step 213, service end are verified the 5th dynamic password, if correct, if execution in step 214 incorrect, is returned the more mistake of new seed failure to the user;
In the present embodiment, service end is verified the 5th dynamic password, concrete comprises: after service end receives the 5th dynamic password, according to interim seed of service end and the 3rd challenge code, use with step 211 in dynamic password token generate the identical algorithm of the 5th dynamic password and generate the 6th dynamic password, and the 5th dynamic password and the 6th dynamic password are compared, if it is identical, then the 5th dynamic password is correct, if inequality, then the 5th dynamic password is incorrect;
Step 214, service end use the interim seed of service end to replace initial seed, the interim seed of service end is preserved as new seed, and sent the more information of new seed success to client;
Step 215, the user imports the more affirmation information of new seed success of service end in dynamic password token, dynamic password token confirmation of receipt information, use the interim seed of dynamic password token end to replace initial seed, the interim seed of dynamic password token end is preserved more new seed success of dynamic password token as new seed.
A kind of seed to dynamic password token that present embodiment provided carries out method for updating, overcome in traditional dynamic password technology, seed is write by the dynamic password token manufacturer, owing to the manufacturer knows the dynamic password safe risk that the seed of each dynamic password token causes, has stronger fail safe.
Embodiment 3
Present embodiment provides a kind of seed to dynamic password token to carry out method for updating, the dynamic password token that present embodiment provided, in dynamic password token, preserve a plurality of seeds, and preserve the tabulation corresponding with a plurality of seeds, be called seed list in the present embodiment, write during for dynamic password token production or initialization, when dispatching from the factory, use dynamic password token a seed in a plurality of seeds as initial seed, carrying out dynamic password calculates, this seed is defined as initial seed, and at the dynamic password token of service end to this numbering, also preserve same seed list, after the user bought, the seed that uses in the time of can calculating dynamic password to dynamic password token upgraded, participate in Fig. 3, concrete is as follows:
Step 301, the user sends the request of upgrading seed in the dynamic password token by client to service end;
In the present embodiment, the dynamic password token that the user uses is the dynamic password token of challenge response formula, and is equipped with the input and output device on the token, and preferably, input unit adopts keyboard, and output device adopts the mode that shows output or audio frequency report to export;
The user sends the request of upgrading seed in the dynamic password token by client, concrete can for, the browser of user by installing in the client, service end is conducted interviews, service end returns to the more function pages of new seed of dynamic password token by browser, the user imports the more numbering of the dynamic password token of new seed, and selects more new seed, sends the more request of new seed to service end;
Step 302, service end are received the more request of new seed, generate first challenge code, and first challenge code is returned to client;
In the present embodiment, service end generates first challenge code and can also comprise, service end is according to the dynamic password token numbering that receives, search the seed information of this dynamic password token information and this dynamic password token correspondence, generate first challenge code, and judge whether the challenge code that first challenge code uses when whether carrying out verifying dynamic password with last time is identical, if it is identical, regenerate a challenge code, the challenge code that uses when carrying out verifying dynamic password with described last time is again compared, if inequality, then return first challenge code to client;
Step 303, client are exported first challenge code, and the user is input to first challenge code in the dynamic password token, and dynamic password token generates first dynamic password according to the initial seed and first challenge code after receiving first challenge code;
In the present embodiment, after dynamic password token generated first dynamic password, by liquid crystal indicator output, the algorithm that dynamic password token generates first dynamic password can be HMAC-SHA1, MD5, SHA-1, SHA-256 etc.;
Step 304, client receives first dynamic password of user's input, and sends the request that first dynamic password is verified to service end;
Step 305, service end receives the request and first dynamic password that first dynamic password is verified, first dynamic password is verified if legal, if execution in step 306 illegal, is then returned the incorrect mistake of first dynamic password to client;
In the present embodiment, service end is verified first dynamic password, service end uses first challenge code and initial seed to generate second dynamic password, second dynamic password and first dynamic password are compared, if it is identical, then first dynamic password is legal, if inequality, then first dynamic password is illegal;
Wherein, in the service end algorithm that generates second dynamic password and the step 303 dynamic password token to generate the algorithm of first dynamic password identical;
Step 306, service end generates second challenge code, and generate the 3rd dynamic password according to second challenge code and initial seed, the 3rd dynamic password and second challenge code are returned to client, client is exported the 3rd dynamic password and second challenge code, waits for the affirmation information of user by the affirmation server legitimacy of client transmission that receives;
Step 307, the user is input to second challenge code in the dynamic password token, dynamic password token generates the 4th dynamic password and demonstration according to second challenge code and initial seed, whether the user compares the 4th dynamic password identical with the 3rd dynamic password, if identical, by the affirmation information of client input validation server legitimacy, execution in step 308, if inequality, illustrate that server is illegal, the more operation of new seed of dynamic password token is given in cancellation;
Wherein, in the dynamic password token algorithm that generates the 4th dynamic password and the step 306 service end to generate the algorithm of the 3rd dynamic password identical;
In the present embodiment, step 307 can also realize according to another kind of method:
The user imports second challenge code in dynamic password token, dynamic password token generates the 4th dynamic password according to second challenge code and initial seed, the user imports the 3rd dynamic password again in dynamic password token, the 3rd dynamic password and the 4th dynamic password are compared in dynamic password token inside, if it is identical, then the 3rd dynamic password is correct, the legal affirmation information of dynamic password token output service end, if it is inequality, then the 3rd dynamic password is incorrect, the illegal information of dynamic password token input service end;
Using the benefit of said method is can not expose the 4th dynamic password;
Step 308, service end is selected a seed at random in seed list, the interim seed as generating dynamic password generates the 3rd challenge code, the numbering and the 3rd challenge code of interim seed are returned to client, and send the instruction of carrying out verifying dynamic password once more;
Wherein, interim seed can not be identical with initial seed;
Step 309, client are exported the numbering and the 3rd challenge code of interim seed;
Step 310, the user imports the numbering of interim seed to dynamic password token, after dynamic password token receives the numbering of interim seed, in seed list, search corresponding seed, the seed of this numbering is calculated the interim seed of dynamic password as dynamic password token according to numbering;
Step 311, the user imports the 3rd challenge code in dynamic password token, after dynamic password token receives the 3rd challenge code of user's input, use interim seed and the 3rd challenge code to generate the 5th dynamic password and output;
Step 312, the user imports the 5th dynamic password to client, after client receives the 5th dynamic password, the request of sending the 5th dynamic password and the 5th dynamic password is verified to service end;
Step 313, service end are verified the 5th dynamic password, if correct, if execution in step 314 incorrect, is returned the more mistake of new seed failure to the user;
In the present embodiment, service end is verified the 5th dynamic password, concrete comprises: after service end receives the 5th dynamic password, according to interim seed and the 3rd challenge code, use with step 311 in dynamic password token generate the identical algorithm of the 5th dynamic password and generate the 6th dynamic password, and the 5th dynamic password and the 6th dynamic password are compared, if it is identical, then the 5th dynamic password is correct, if inequality, then the 5th dynamic password is incorrect;
Step 314, service end is changed to new seed with interim seed, and with new seed as the acquiescence seed that calculates later on dynamic password, and send the more information of new seed success to client;
Step 315, the user imports the more affirmation information of new seed success of service end in dynamic password token, after the dynamic password token confirmation of receipt information, use interim seed as the acquiescence seed that calculates dynamic password later on, more new seed success of dynamic password token.
A kind of seed to dynamic password token that present embodiment provided carries out method for updating, by seed list being installed at dynamic password token and service end, preserve a plurality of seeds, and after the user buys dynamic password token, in seed list, reselect and calculate the employed seed of dynamic password, overcome that the dynamic password token manufacturer knows seed information in the token in the conventional art, and may cause unsafe shortcoming thus.
Embodiment 4
Present embodiment provides a kind of seed to dynamic password token to carry out method for updating, participates in Fig. 4, and concrete steps are as follows:
Step 401, the user sends the request of upgrading seed in the dynamic password token by client to service end;
In the present embodiment, the dynamic password token that the user uses is the dynamic password token of challenge response formula, and is equipped with the input and output device on the token, and preferably, input unit adopts keyboard, and output device adopts the mode that shows output or audio frequency report to export;
The user sends the request of upgrading seed in the dynamic password token by client, concrete can for, the browser of user by installing in the client, service end is conducted interviews, service end returns to the more function pages of new seed of dynamic password token by browser, the user imports the more numbering of the dynamic password token of new seed, and selects more new seed, sends the more request of new seed to service end;
In the present embodiment, the seed that will carry out storing in the dynamic password token before seed upgrades is defined as initial seed;
Step 402, service end are received the more request of new seed, generate first challenge code, and first challenge code is returned to client;
In the present embodiment, service end generates first challenge code and can also comprise, service end is according to the dynamic password token numbering that receives, search the seed information of this dynamic password token information and this dynamic password token correspondence, generate first challenge code, and judge whether the challenge code that first challenge code uses when whether carrying out verifying dynamic password with last time is identical, if it is identical, regenerate a challenge code, the challenge code that uses when carrying out verifying dynamic password with described last time is again compared, if inequality, then return first challenge code to client;
Step 403, client are exported first challenge code, and the user is input to first challenge code in the dynamic password token, and dynamic password token generates first dynamic password according to the initial seed and first challenge code after receiving first challenge code;
In the present embodiment, after dynamic password token generated first dynamic password, by liquid crystal indicator output, the algorithm that dynamic password token generates first dynamic password can be HMAC-SHA1, MD5, SHA-1, SHA-256 etc.;
Step 404, client receives first dynamic password of user's input, and sends the request that first dynamic password is verified to service end;
Step 405, service end receives the request and first dynamic password that first dynamic password is verified, first dynamic password is verified if legal, if execution in step 406 illegal, is then returned the incorrect mistake of first dynamic password to client;
In the present embodiment, service end is verified first dynamic password, service end uses first challenge code and initial seed to generate second dynamic password, second dynamic password and first dynamic password are compared, if it is identical, then first dynamic password is legal, if inequality, then first dynamic password is illegal;
Wherein, in the service end algorithm that generates second dynamic password and the step 403 dynamic password token to generate the algorithm of first dynamic password identical;
Step 406, service end generates second challenge code, and generate the 3rd dynamic password according to second challenge code and initial seed, the 3rd dynamic password and second challenge code are returned to client, client is exported the 3rd dynamic password and second challenge code, waits for the affirmation information of user by the affirmation server legitimacy of client transmission that receives;
Step 407, the user is input to second challenge code in the dynamic password token, dynamic password token generates the 4th dynamic password and demonstration according to second challenge code and initial seed, whether the user compares the 4th dynamic password identical with the 3rd dynamic password, if identical, by the affirmation information of client input validation server legitimacy, execution in step 408, if inequality, illustrate that server is illegal, the more operation of new seed of dynamic password token is given in cancellation;
Wherein, in the dynamic password token algorithm that generates the 4th dynamic password and the step 406 service end to generate the algorithm of the 3rd dynamic password identical;
In the present embodiment, step 407 can also realize according to another kind of method:
The user imports second challenge code in dynamic password token, dynamic password token generates the 4th dynamic password according to second challenge code and initial seed, the user imports the 3rd dynamic password again in dynamic password token, the 3rd dynamic password and the 4th dynamic password are compared in dynamic password token inside, if it is identical, then the 3rd dynamic password is correct, the legal affirmation information of dynamic password token output service end, if it is inequality, then the 3rd dynamic password is incorrect, the illegal information of dynamic password token input service end;
Using the benefit of said method is can not expose the 4th dynamic password;
Step 408, service end generate the 4th challenge code, and use initial seed and the 4th challenge code to generate the 7th dynamic password OTP7;
Step 409, service end generate interim seed seed, and use the 7th dynamic password OTP7 as key, interim seed seed is carried out cryptographic calculation obtain [seed]
OTP7, with [seed]
OTP7Return to client with the 4th challenge code, and generate the 3rd challenge code and return to client, send the order that dynamic password is verified once more;
In the present embodiment, service end uses symmetric encipherment algorithm that interim seed seed is encrypted;
Step 410, client output [seed]
OTP7With the 3rd challenge code, the 4th challenge code;
Step 411, the user imports the 4th challenge code to dynamic password token, after dynamic password token receives the 4th challenge code, uses initial seed and the 4th challenge code to generate the 8th dynamic password, and preserves the 8th dynamic password, waits for user's input [seed]
OTP7
Wherein, the algorithm that dynamic password token generates the 8th dynamic password is identical with the algorithm of generation the 7th dynamic password in the step 408, and because step 401 is verified the legitimacy of dynamic password token and service end to step 407, therefore, the 7th dynamic password is actually identical with the 8th dynamic password;
Step 412, the interim seed [seed] of user after the dynamic password token input is encrypted
OTP7, dynamic password token receives [seed]
OTP7After, use the 8th dynamic password as key to [seed]
OTP7Be decrypted, obtain interim seed seed expressly, preserve interim seed seed;
Step 413, the user imports the 3rd challenge code to dynamic password token, after dynamic password token receives the 3rd challenge code, uses interim seed seed and the 3rd challenge code to generate the 5th dynamic password and output;
Step 414, the user imports the 5th dynamic password to client, and client sends to service end after receiving the 5th dynamic password, sends the request that the 5th dynamic password is verified to service end;
Step 415, service end are verified the 5th dynamic password, if correct, execution in step 417, if incorrect, execution in step 416;
In the present embodiment, service end is verified the 5th dynamic password, concrete comprises: service end is after receiving the 5th dynamic password, according to interim seed seed and the 3rd challenge code, use with step 413 in identical algorithm generate the 6th dynamic password, and the 5th dynamic password and the 6th dynamic password are compared, if it is identical, think that then the 5th dynamic password is correct,, think that then the 5th dynamic password is incorrect if inequality;
Step 416, service end is returned the more mistake of new seed failure to client;
Step 417, service end use interim seed seed to replace initial seed, interim seed seed is changed to new seed, and sends the affirmation message of more new seed success to client;
Step 418, client output service end is the message of new seed success more;
Step 419, the user imports the more affirmation information of new seed success of service end in dynamic password token, after the dynamic password token confirmation of receipt information, use and self replace the initial seed of preserving in the dynamic password token by the interim seed seed that deciphering obtains, self is changed to new seed by the interim seed seed that deciphering obtains, more new seed success of dynamic password token.
Present embodiment provides a kind of seed to dynamic password token to carry out method for updating, overcome the problem that dynamic password token manufacturer in the conventional art can know seed in the dynamic password token, the security risk that causes of problem thus, and in the process of transmission seed, use dynamic password new seed to be encrypted, guaranteed the fail safe of seed as key.
More than a kind of seed to dynamic password token provided by the present invention carried out method for updating be described in detail, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, to sum up, this description should not be construed as limitation of the present invention.
Claims (17)
1. the seed to dynamic password token carries out method for updating, it is characterized in that described method comprises:
Service end receives the request of seed in the renewal dynamic password token that the user sends by client, and whether described service end and described dynamic password token checking mutually be all legal;
If described service end and described dynamic password token are all illegal, stop the more operation of new seed;
If described service end and described dynamic password token are all legal, described service end generates more new logo of the 3rd challenge code and seed, and returns to client, described service end according to described seed more new logo obtain the interim seed of service end and preserve;
The described seed that described dynamic password token receives user's input is new logo more, described dynamic password token according to described seed more new logo obtain the interim seed of dynamic password token end;
Described dynamic password token receives the 3rd challenge code of user's input, and described dynamic password token generates the 5th dynamic password according to described interim seed and described the 3rd challenge code, and the 5th dynamic password is sent to described service end verifies;
Described service end is verified described the 5th dynamic password, if it is correct, described service end is changed to new seed with the interim seed of described service end, and return the more message of new seed success of described service end to described client, described client is exported the more message of new seed success of described service end, described dynamic password token receives the affirmation information of the more new seed success of described user's input, described dynamic password token is changed to new seed with the interim seed of described dynamic password token end, the more new seed success of described dynamic password token, if it is incorrect, described service end is returned more new seed failure, described dynamic password token receives the more new seed cancellation information of described user's input, more new seed failure.
2. the method for claim 1 is characterized in that, whether described dynamic password token and described dynamic password token checking mutually be all legal, and concrete comprises:
Described service end generates first challenge code, and returns to client, and described client is exported described first challenge code;
Described dynamic password token receives described first challenge code of described user's input, described dynamic password token uses initial seed and described first challenge code to generate first dynamic password, and described first dynamic password is sent to described service end by described client;
Described service end verifies whether described first dynamic password is correct;
If incorrect, then described dynamic password token is illegal, stops the operation of described more new seed;
If it is correct, then described dynamic password token is legal, whether continue the described service end of checking legal, described service end generates second challenge code, and generate the 3rd dynamic password by the initial seed and described second challenge code of the described dynamic password token of preserving in the described service end, described service end sends to described client with described second challenge code and described the 3rd dynamic password, described client is exported described second challenge code and described the 3rd dynamic password, described dynamic password token receives described second challenge code of described user's input, described dynamic password token generates the 4th dynamic password according to the initial seed in described second challenge code and the described dynamic password token, described user compares described the 3rd dynamic password and described the 4th dynamic password, if it is identical, send the legal affirmation information of the described service end of affirmation by described client to described service end, described dynamic password token and described service end checking mutually are all legal, if it is inequality, then described service end is illegal, stops the operation of described more new seed.
3. method as claimed in claim 2 is characterized in that, described service end verifies whether described first dynamic password is correct, and concrete comprises:
Described service end uses the initial seed of the described dynamic password token of described first challenge code and the preservation of described service end to generate second dynamic password, and described first dynamic password and described second dynamic password compared, if it is identical, then described first dynamic password is correct, if inequality, then described second dynamic password is incorrect.
4. the method for claim 1 is characterized in that, more concrete the comprising of new logo of described seed:
In first numerical value, random number, interim seed encrypted bag or the seed numbering number any.
5. method as claimed in claim 4 is characterized in that, when described seed upgrades when being designated described first numerical value, described service end according to described seed more new logo obtain concrete the comprising of the interim seed of service end:
Described service end is that parameter is calculated with the initial seed of the described dynamic password token that described first numerical value and described service end are preserved, and obtains the interim seed of described service end.
6. method as claimed in claim 5 is characterized in that, when described seed upgrades when being designated described first numerical value, described dynamic password token according to described seed more new logo obtain concrete the comprising of the interim seed of dynamic password token end:
Described dynamic password token is that calculation of parameter obtains the interim seed of described dynamic password token end with the initial seed of described first numerical value and described dynamic password token, described dynamic password token is planted the period of the day from 11 p.m. to 1 a.m at the described dynamic password token end of calculating temporarily, uses and calculates the identical algorithm of the interim seed of described service end with described service end.
7. method as claimed in claim 4 is characterized in that, when described seed upgrades when being designated described random number, described service end according to described seed more new logo obtain concrete the comprising of the interim seed of service end:
Described service end uses preset algorithm that described random number is changed, and obtains the interim seed of described service end.
8. method as claimed in claim 7 is characterized in that, described service end uses preset algorithm that described random number is changed, and also comprises:
When according to preset algorithm described random number being changed, joining day factor and incident factor are as the computing parameter.
9. method as claimed in claim 7 is characterized in that, when described seed upgrades when being designated described random number, described dynamic password token according to described seed more new logo obtain concrete the comprising of the interim seed of dynamic password token end:
Described dynamic password token uses preset algorithm that described random number is changed, and obtains the interim seed of described dynamic password token end.
10. method as claimed in claim 9 is characterized in that, described dynamic password token uses preset algorithm that described random number is changed, and also comprises:
When according to preset algorithm described random number being changed, joining day factor and incident factor are as the computing parameter.
11. method as claimed in claim 4 is characterized in that, concrete the comprising of described interim seed encrypted bag:
Interim seed of service end after the encryption and the 4th challenge code.
12. method as claimed in claim 11 is characterized in that, described service end generates more new logo of seed, and concrete comprises:
Described service end generates the 4th challenge code and the interim seed of service end, and the initial seed and described the 4th challenge code of the described dynamic password token of preserving according to described service end generate the 7th dynamic password, described service end is encrypted as key described the 7th dynamic password to the interim seed of described service end, the interim seed of service end after obtaining encrypting.
13. method as claimed in claim 12 is characterized in that, described dynamic password token according to described seed more new logo obtain the interim seed of dynamic password token end, concrete comprises:
Described dynamic password token receives described the 4th challenge code of described user's input and the interim seed after the encryption, use the initial seed and described the 4th challenge code of described dynamic password token to generate the 8th dynamic password, and use the 8th dynamic password to be decrypted as the interim seed of service end of key after to described encryption, obtain the interim seed of described dynamic password token end.
14. method as claimed in claim 4 is characterized in that, when described seed renewal was designated the seed numbering, described service end generated more new logo of seed, and concrete comprises:
Described service end is numbered according to described seed, selects the seed of reference numeral as the interim seed of described service end in the seed list of the described dynamic password token that described service end is preserved.
15. method as claimed in claim 14 is characterized in that, when described seed upgrades when being designated the seed numbering, described dynamic password token according to described seed more new logo obtain the interim seed of dynamic password token end, concrete comprises:
Described dynamic password token receives the described seed numbering of user's input, and selects the seed of reference numeral as the interim seed of described dynamic password token end in the seed list of preserving in described dynamic password token according to described seed numbering.
16. method as claimed in claim 15, it is characterized in that, described seed list writes in the described dynamic password token when being described dynamic password token initialization, and preserve the seed list of described dynamic password token in described service end, record the spendable seed of described dynamic password token in the described seed list, and each seed there is corresponding numbers to identify.
17. the method for claim 1 is characterized in that, described service end is verified described the 5th dynamic password, and concrete comprises:
Described service end uses interim seed of described service end and described the 3rd challenge code to generate the 6th dynamic password, and described the 5th dynamic password and described the 6th dynamic password compared, if it is identical, then described the 5th dynamic password is correct, if inequality, then described the 5th dynamic password is incorrect.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010213916 CN102025716B (en) | 2010-06-29 | 2010-06-29 | Method for updating seeds of dynamic password token |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010213916 CN102025716B (en) | 2010-06-29 | 2010-06-29 | Method for updating seeds of dynamic password token |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102025716A true CN102025716A (en) | 2011-04-20 |
| CN102025716B CN102025716B (en) | 2013-04-03 |
Family
ID=43866573
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010213916 Active CN102025716B (en) | 2010-06-29 | 2010-06-29 | Method for updating seeds of dynamic password token |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102025716B (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102307095A (en) * | 2011-04-27 | 2012-01-04 | 上海动联信息技术有限公司 | Injection and deformation method for seed key of dynamic token |
| CN102315933A (en) * | 2011-10-18 | 2012-01-11 | 飞天诚信科技股份有限公司 | Method for updating key and system |
| CN102571349A (en) * | 2011-12-29 | 2012-07-11 | 北京握奇数据***有限公司 | Information updating method for smart key, smart key and system |
| CN102651743A (en) * | 2012-05-02 | 2012-08-29 | 飞天诚信科技股份有限公司 | Method for generating token seeds |
| CN102752311A (en) * | 2012-07-16 | 2012-10-24 | 天地融科技股份有限公司 | Authentication method, system and device |
| WO2014005414A1 (en) * | 2012-07-02 | 2014-01-09 | 飞天诚信科技股份有限公司 | Contactless seed writing method and system |
| CN104184590A (en) * | 2014-09-01 | 2014-12-03 | 飞天诚信科技股份有限公司 | Method and device for activating dynamic token |
| CN104243158A (en) * | 2013-06-13 | 2014-12-24 | 松下电器产业株式会社 | Authentication method, communication system, device and server |
| CN104333454A (en) * | 2014-10-28 | 2015-02-04 | 飞天诚信科技股份有限公司 | Working method of dynamic token capable of updating seeds |
| WO2015032248A1 (en) * | 2013-09-06 | 2015-03-12 | 天地融科技股份有限公司 | Token, dynamic password generation method, and dynamic password authentication method and system |
| CN104506321A (en) * | 2014-12-15 | 2015-04-08 | 飞天诚信科技股份有限公司 | Method for updating seed data in dynamic token |
| CN104579686A (en) * | 2015-01-15 | 2015-04-29 | 上海动联信息技术股份有限公司 | Seed matching method for mobile phone token |
| CN103684782B (en) * | 2013-11-26 | 2016-08-24 | 飞天诚信科技股份有限公司 | The Activiation method of token device in a kind of token authentication system |
| CN106027263A (en) * | 2016-07-22 | 2016-10-12 | 北京信安世纪科技有限公司 | Token seed updating method and device, and relevant equipment |
| CN106230586A (en) * | 2016-07-22 | 2016-12-14 | 北京信安世纪科技有限公司 | A kind of token seed dynamics update method and device |
| CN106411507A (en) * | 2016-09-23 | 2017-02-15 | 杭州华三通信技术有限公司 | Secret key generation method and device |
| CN109413084A (en) * | 2018-11-15 | 2019-03-01 | 北京信安世纪科技股份有限公司 | A kind of password update method, apparatus and system |
| US10699172B2 (en) | 2018-11-22 | 2020-06-30 | Alibaba Group Holding Limited | Method, apparatus, electronic device and computer storage medium for generating information identification codes |
| CN112910857A (en) * | 2014-09-15 | 2021-06-04 | 佩里梅特雷克斯公司 | Analyzing client application behavior to detect anomalies and prevent access |
| CN113542293A (en) * | 2015-12-04 | 2021-10-22 | 维萨国际服务协会 | Method and computer for token verification |
| CN113938509A (en) * | 2021-09-26 | 2022-01-14 | 江苏一键联新能源科技有限公司 | Offline password control method for intelligent Internet of things facility |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003088014A2 (en) * | 2002-04-05 | 2003-10-23 | Amoursoft Ltd | User authentication for computer systems |
| CN101374049A (en) * | 2008-10-24 | 2009-02-25 | 北京飞天诚信科技有限公司 | Method and system for improving signature safety |
| CN101582762A (en) * | 2009-04-02 | 2009-11-18 | 北京飞天诚信科技有限公司 | Method and system for identity authentication based on dynamic password |
-
2010
- 2010-06-29 CN CN 201010213916 patent/CN102025716B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003088014A2 (en) * | 2002-04-05 | 2003-10-23 | Amoursoft Ltd | User authentication for computer systems |
| CN101374049A (en) * | 2008-10-24 | 2009-02-25 | 北京飞天诚信科技有限公司 | Method and system for improving signature safety |
| CN101582762A (en) * | 2009-04-02 | 2009-11-18 | 北京飞天诚信科技有限公司 | Method and system for identity authentication based on dynamic password |
Cited By (38)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102307095A (en) * | 2011-04-27 | 2012-01-04 | 上海动联信息技术有限公司 | Injection and deformation method for seed key of dynamic token |
| WO2012145873A1 (en) * | 2011-04-27 | 2012-11-01 | 上海动联信息技术有限公司 | Dynamic token seed key injection and deformation method |
| KR101514173B1 (en) | 2011-04-27 | 2015-04-21 | 다이나미코드 컴퍼니 리미티드 | Dynamic token seed key injection and deformation method |
| US20140052995A1 (en) * | 2011-04-27 | 2014-02-20 | DynamiCode Company Limited | Dynamic token seed key injection and deformation method |
| CN102315933A (en) * | 2011-10-18 | 2012-01-11 | 飞天诚信科技股份有限公司 | Method for updating key and system |
| CN102315933B (en) * | 2011-10-18 | 2014-02-05 | 飞天诚信科技股份有限公司 | Method for updating key and system |
| CN102571349B (en) * | 2011-12-29 | 2015-02-11 | 北京握奇数据***有限公司 | Information updating method for smart key, smart key and system |
| CN102571349A (en) * | 2011-12-29 | 2012-07-11 | 北京握奇数据***有限公司 | Information updating method for smart key, smart key and system |
| CN102651743A (en) * | 2012-05-02 | 2012-08-29 | 飞天诚信科技股份有限公司 | Method for generating token seeds |
| CN102651743B (en) * | 2012-05-02 | 2014-07-30 | 飞天诚信科技股份有限公司 | Method for generating token seeds |
| WO2014005414A1 (en) * | 2012-07-02 | 2014-01-09 | 飞天诚信科技股份有限公司 | Contactless seed writing method and system |
| US8996872B2 (en) | 2012-07-02 | 2015-03-31 | Feitian Technologies Co., Ltd. | Contactless seed programming method and system thereof |
| CN102752311A (en) * | 2012-07-16 | 2012-10-24 | 天地融科技股份有限公司 | Authentication method, system and device |
| CN102752311B (en) * | 2012-07-16 | 2016-04-06 | 天地融科技股份有限公司 | A kind of authentication method, system and device |
| CN104243158A (en) * | 2013-06-13 | 2014-12-24 | 松下电器产业株式会社 | Authentication method, communication system, device and server |
| WO2015032248A1 (en) * | 2013-09-06 | 2015-03-12 | 天地融科技股份有限公司 | Token, dynamic password generation method, and dynamic password authentication method and system |
| CN103684782B (en) * | 2013-11-26 | 2016-08-24 | 飞天诚信科技股份有限公司 | The Activiation method of token device in a kind of token authentication system |
| CN104184590A (en) * | 2014-09-01 | 2014-12-03 | 飞天诚信科技股份有限公司 | Method and device for activating dynamic token |
| CN104184590B (en) * | 2014-09-01 | 2017-06-06 | 飞天诚信科技股份有限公司 | A kind of method and apparatus for activating dynamic token |
| US11924234B2 (en) | 2014-09-15 | 2024-03-05 | PerimeterX, Inc. | Analyzing client application behavior to detect anomalies and prevent access |
| US11606374B2 (en) | 2014-09-15 | 2023-03-14 | PerimeterX, Inc. | Analyzing client application behavior to detect anomalies and prevent access |
| CN112910857A (en) * | 2014-09-15 | 2021-06-04 | 佩里梅特雷克斯公司 | Analyzing client application behavior to detect anomalies and prevent access |
| CN104333454A (en) * | 2014-10-28 | 2015-02-04 | 飞天诚信科技股份有限公司 | Working method of dynamic token capable of updating seeds |
| CN104333454B (en) * | 2014-10-28 | 2017-07-14 | 飞天诚信科技股份有限公司 | A kind of method of work of the dynamic token of renewable seed |
| CN104506321B (en) * | 2014-12-15 | 2017-12-19 | 飞天诚信科技股份有限公司 | A kind of method of seed data in renewal dynamic token |
| CN104506321A (en) * | 2014-12-15 | 2015-04-08 | 飞天诚信科技股份有限公司 | Method for updating seed data in dynamic token |
| CN104579686A (en) * | 2015-01-15 | 2015-04-29 | 上海动联信息技术股份有限公司 | Seed matching method for mobile phone token |
| CN104579686B (en) * | 2015-01-15 | 2018-10-30 | 上海动联信息技术股份有限公司 | A kind of seed matching process for handset token |
| CN113542293A (en) * | 2015-12-04 | 2021-10-22 | 维萨国际服务协会 | Method and computer for token verification |
| CN113542293B (en) * | 2015-12-04 | 2023-11-07 | 维萨国际服务协会 | Method and computer for token verification |
| CN106027263B (en) * | 2016-07-22 | 2019-10-18 | 北京信安世纪科技股份有限公司 | A kind of update method, device and the relevant device of token seed |
| CN106230586A (en) * | 2016-07-22 | 2016-12-14 | 北京信安世纪科技有限公司 | A kind of token seed dynamics update method and device |
| CN106027263A (en) * | 2016-07-22 | 2016-10-12 | 北京信安世纪科技有限公司 | Token seed updating method and device, and relevant equipment |
| CN106411507A (en) * | 2016-09-23 | 2017-02-15 | 杭州华三通信技术有限公司 | Secret key generation method and device |
| CN109413084A (en) * | 2018-11-15 | 2019-03-01 | 北京信安世纪科技股份有限公司 | A kind of password update method, apparatus and system |
| US10699172B2 (en) | 2018-11-22 | 2020-06-30 | Alibaba Group Holding Limited | Method, apparatus, electronic device and computer storage medium for generating information identification codes |
| US10783417B2 (en) | 2018-11-22 | 2020-09-22 | Alibaba Group Holding Limited | Method, apparatus, electronic device and computer storage medium for generating information identification codes |
| CN113938509A (en) * | 2021-09-26 | 2022-01-14 | 江苏一键联新能源科技有限公司 | Offline password control method for intelligent Internet of things facility |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102025716B (en) | 2013-04-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102025716B (en) | Method for updating seeds of dynamic password token | |
| US20210344669A1 (en) | Secure authorization systems and methods | |
| TWI741041B (en) | Unified programming environment for programmable devices | |
| US10102510B2 (en) | Method and system of conducting a cryptocurrency payment via a mobile device using a contactless token to store and protect a user's secret key | |
| CN101512536B (en) | System and method for authenticating a gaming device | |
| CN104412273B (en) | Method and system for activation | |
| CN110535648B (en) | Electronic certificate generation and verification and key control method, device, system and medium | |
| CN103929306B (en) | The approaches to IM of intelligent cipher key equipment and intelligent cipher key equipment | |
| CN103051451A (en) | Encryption authentication of security service execution environment | |
| EP3494508A1 (en) | Counterfeit prevention | |
| CN103929307A (en) | Password input method, intelligent secret key device and client device | |
| CN106936588B (en) | Hosting method, device and system of hardware control lock | |
| WO2011003199A1 (en) | System and method for managing electronic assets | |
| CN104868998B (en) | A kind of system, apparatus and method that encryption data is supplied to electronic equipment | |
| CN106304040A (en) | The management method of Mobile solution, device | |
| CN102986162B (en) | Based on license dynamic management approach, the Apparatus and system of TCM or TPM | |
| CA2869810A1 (en) | Electronic cipher generation method, apparatus and device, and electronic cipher authentication system | |
| CN115348107A (en) | Internet of things equipment secure login method and device, computer equipment and storage medium | |
| Cooijmans et al. | Secure key storage and secure computation in Android | |
| CN103703718A (en) | System and method for obfuscating initiation values of cryptography protocol | |
| CN105022651B (en) | A kind of method for preventing piracy in equipment production process and firmware programming device | |
| CN104506320A (en) | Method and system for identity authentication | |
| KR20130100032A (en) | Method for distributting smartphone application by using code-signing scheme | |
| CN112054890B (en) | Screen configuration file export and import method and device and broadcasting control equipment | |
| CN108809651B (en) | Key pair management method and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 17th floor, building B, Huizhi building, No.9, Xueqing Road, Haidian District, Beijing 100085 Patentee after: Feitian Technologies Co.,Ltd. Country or region after: China Address before: 100085 17th floor, block B, Huizhi building, No.9 Xueqing Road, Haidian District, Beijing Patentee before: Feitian Technologies Co.,Ltd. Country or region before: China |