CN106712967B - Dynamic token and control method thereof - Google Patents

Dynamic token and control method thereof Download PDF

Info

Publication number
CN106712967B
CN106712967B CN201710084076.0A CN201710084076A CN106712967B CN 106712967 B CN106712967 B CN 106712967B CN 201710084076 A CN201710084076 A CN 201710084076A CN 106712967 B CN106712967 B CN 106712967B
Authority
CN
China
Prior art keywords
password
power
dynamic token
key
control terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710084076.0A
Other languages
Chinese (zh)
Other versions
CN106712967A (en
Inventor
陈诚
陈光胜
赵启山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Eastsoft Microelectronics Co ltd
Original Assignee
Shanghai Eastsoft Microelectronics Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Eastsoft Microelectronics Co ltd filed Critical Shanghai Eastsoft Microelectronics Co ltd
Priority to CN201710084076.0A priority Critical patent/CN106712967B/en
Publication of CN106712967A publication Critical patent/CN106712967A/en
Application granted granted Critical
Publication of CN106712967B publication Critical patent/CN106712967B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephone Function (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

A dynamic token and a control method thereof, the dynamic token comprising: controller, display screen and communication interface, wherein: the controller is respectively coupled with the communication interface and the display screen and is suitable for receiving a control instruction sent by the bound control terminal through the communication interface, and the control instruction comprises a challenge code; decrypting the control instruction, and reading the challenge code from the decrypted control instruction; and generating a response code corresponding to the challenge code, and displaying the response code through the display screen. According to the scheme, the volume of the dynamic token can be reduced and the cost of the dynamic token can be reduced while the safety is ensured.

Description

Dynamic token and control method thereof
Technical Field
The invention relates to the field of data security, in particular to a dynamic token and a control method thereof.
Background
Dynamic password technology has been used by an increasing number of industries as one of the most secure authentication techniques. Because the dynamic token is convenient to use and independent of a platform, the dynamic token becomes the mainstream of an identity authentication method along with the development of the mobile internet, and is widely applied to the fields of enterprises, online tours, securities, insurance, banks and the like.
The dynamic password technology can be divided into a time-based dynamic password technology, an event-based dynamic password technology, and a challenge-response-based dynamic password technology according to the password generation method. The time type dynamic token based on the time dynamic password technology has small shape, convenient application and lower safety. Although the challenge-response dynamic token based on the challenge-response dynamic password technology is higher in security than the time-type dynamic token, the challenge-response dynamic token is larger in size and higher in cost.
Disclosure of Invention
The technical problem solved by the embodiment of the invention is how to reduce the volume of the dynamic token and reduce the cost of the dynamic token while ensuring the security.
To solve the foregoing technical problem, an embodiment of the present invention provides a dynamic token, including: controller, display screen and communication interface, wherein: the controller is respectively coupled with the communication interface and the display screen and is suitable for receiving a control instruction sent by the bound control terminal through the communication interface, and the control instruction comprises a challenge code; decrypting the control instruction, and reading the challenge code from the decrypted control instruction; and generating a response code corresponding to the challenge code, and displaying the response code through the display screen.
Optionally, the dynamic token further includes: a key coupled to the controller; the display screen includes: a power-on password display area and a power-on password option display area are input; the key is coupled with the controller; the controller is further adapted to control the display screen to light up the input power-on password display area and the power-on password option display area when the dynamic token is powered on; and when a trigger signal corresponding to the pressing of the key is detected, processing the power-on password option in the power-on password option display area according to the action corresponding to the trigger signal, and displaying the processing result through the input power-on password display area.
Optionally, the pressing the key includes any one of: press for a short time the button, press for a long time the button and press the button even, wherein: the long press is the button for pressing the length of time of button reaches predetermined first length of time, the short press the button for pressing the duration of button is not more than predetermined second length of time, press even the interval length of time that the button is for pressing twice button is not more than predetermined third length of time, first length of time is in the second length of time, the second length of time is not less than the third length of time.
Optionally, the controller is further adapted to process the power-on password option in the power-on password option display area according to the action corresponding to the trigger signal, obtain the power-on password input by the user, and perform verification; after the power-on password is verified to be correct, displaying the current working mode of the dynamic token through the display screen; and when the trigger signal corresponding to the pressing of the key is detected, setting the working mode of the dynamic token according to the action corresponding to the trigger signal, and displaying the setting result through the display screen.
Optionally, the communication interface is an audio signal interface.
The embodiment of the invention provides a control method of a dynamic token, which comprises the following steps: receiving a control instruction sent by a bound control terminal through a communication interface preset in the dynamic token, wherein the control instruction comprises a challenge code; decrypting the control instruction, and reading the challenge code from the decrypted control instruction; and generating a response code corresponding to the challenge code, and outputting the response code through a display screen in the dynamic token.
Optionally, the dynamic token further includes: a key coupled to the controller; the display screen includes: a power-on password display area and a power-on password option display area are input; before receiving the control instruction sent by the bound control terminal through the communication interface, the method further comprises the following steps: when the dynamic token is started, controlling the display screen to light the display area of the input power-on password and the display area of the power-on password option; and when a trigger signal corresponding to the pressing of the key is detected, processing the power-on password option in the power-on password option display area according to the action corresponding to the trigger signal, and displaying the processing result in the input power-on password display area.
Optionally, the pressing the key includes any one of: press for a short time the button, press for a long time the button and press the button even, wherein: the long press is the button for pressing the length of time of button reaches predetermined first length of time, the short press the button for pressing the duration of button is less than predetermined second length of time, press even the button is for pressing in predetermined third length of time the number of times of button is not less than predetermined number of times, first length of time is greater than the second length of time, the second length of time is not less than the third length of time.
Optionally, after displaying the processing result in the display area of the entered power-on password, the method further includes: processing the power-on password option in the power-on password option display area according to the action corresponding to the trigger signal to obtain a power-on password input by a user and verifying the power-on password; after the power-on password is verified to be correct, displaying the current working mode of the dynamic token through the display screen; and when the trigger signal corresponding to the pressing of the key is detected, setting the working mode of the dynamic token according to the action corresponding to the trigger signal, and displaying the setting result on the display screen.
Optionally, before receiving the control instruction sent by the bound control terminal through the communication interface, the method further includes: and receiving a binding instruction sent by a control terminal, and binding the binding instruction with the control terminal.
Optionally, the receiving the binding instruction sent by the control terminal, and binding with the control terminal includes: receiving a binding instruction sent by the control terminal, wherein the binding instruction is generated by the control terminal through the following modes: generating a random number with the same bit as a preset key, combining the random number with the identification information of the control terminal, and encrypting data obtained by combination, wherein the encrypted key is the preset key; and decrypting the binding instruction by adopting the preset key, storing the identification information of the control terminal and the random number, binding the control terminal with the random number, and updating the preset key into the random number.
Optionally, the control method of the dynamic token further includes: receiving a power-on password modification instruction sent by the bound control terminal; the power-on password modification instruction comprises the following steps: the identification information of the bound control terminal, the current power-on password of the dynamic token and a new power-on password; and modifying the current power-on password of the dynamic token into the new power-on password.
Optionally, the control method of the dynamic token further includes: receiving a communication password updating instruction sent by the bound control terminal; the communication password updating command comprises: the identification information of the bound control terminal and a new communication password are obtained; and updating the stored password into the new communication password.
Optionally, the communication interface is an audio signal interface.
Compared with the prior art, the technical scheme of the embodiment of the invention has the following beneficial effects:
and the dynamic token generates a response code corresponding to the challenge code after receiving the challenge code and displays the response code on a display screen by controlling the terminal to send the challenge code. In the process of generating the response code, the dynamic token does not need to receive the challenge code input by the user, so that a keyboard for inputting the challenge code by the user does not need to be arranged in the dynamic token, the size of the dynamic token can be reduced, and the cost of the dynamic token can be reduced.
Furthermore, the dynamic token and the control terminal are communicated through the audio signal interface, the communication flow is simple, and compared with wireless communication, a wireless communication unit does not need to be added in the dynamic token, so that the cost of the dynamic token can be further reduced.
Drawings
FIG. 1 is a schematic structural diagram of a dynamic token in an embodiment of the present invention;
fig. 2 is a schematic diagram of a connection between a dynamic token and a control terminal in an embodiment of the present invention;
FIG. 3 is a schematic diagram of a display area of a display screen according to an embodiment of the present invention;
FIG. 4 is a schematic display diagram of a display screen in an embodiment of the invention;
fig. 5 is a flowchart of a method for controlling a dynamic token according to an embodiment of the present invention.
Detailed Description
In the prior art, dynamic tokens are generally divided into time-type dynamic tokens and challenge-response type dynamic tokens according to different password generation modes. The time-based dynamic token adopts a time-based dynamic password technology, and the challenge-response dynamic token adopts a challenge-response based dynamic password technology. The time type dynamic token has small appearance, convenient application and low safety. The security of the challenge-response dynamic token is higher than that of the time-type dynamic token, but the challenge-response dynamic token is larger in size and higher in cost.
In the embodiment of the invention, the challenge code is sent by the control terminal, and the dynamic token generates the response code corresponding to the challenge code after receiving the challenge code and displays the response code on the display screen. In the process of generating the response code, the dynamic token does not need to receive the challenge code input by the user, so that a keyboard for inputting the challenge code by the user does not need to be arranged in the dynamic token, the size of the dynamic token can be reduced, and the cost of the dynamic token can be reduced.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below.
Referring to fig. 1, an embodiment of the present invention provides a dynamic token 10, including: a controller 11, a display 12 and a communication interface 13.
In one embodiment, the controller 11 is coupled to the display 12 and the communication interface 13. The controller 11 may receive the control command sent by the bound control terminal through the communication interface 13. The control instruction is an encrypted control instruction, which may carry a challenge code. After receiving the control instruction, the controller 11 may decrypt the control instruction, and read the challenge code from the decrypted control instruction. After reading the challenge code, the controller 11 may generate a response code corresponding to the challenge code and control the display 12 to display the response code on the display 12.
It will be appreciated that in actual practice, dedicated hardware circuitry may be included within the controller 11 of the dynamic token to implement a particular algorithm to generate a response code corresponding to the challenge code. At this time, the controller 11 parses the challenge code from the decrypted control instruction, and then calculates the challenge code with other optional parameters through a special hardware circuit to obtain the response code. The controller 11 transmits the generated response code to the display screen.
For example, the special hardware circuit is an SM3 cryptographic hash algorithm circuit integrated in the controller 11 for generating a response code corresponding to the challenge code.
In specific implementation, when a user has a need for a dynamic token, the dynamic token may be connected with a bound control terminal, so as to implement communication between the dynamic token and the bound control terminal.
The dynamic token and the bound control terminal can communicate through a wired cable or a wireless network. When the dynamic token and the bound control terminal are communicated through a wired cable, the dynamic token and the bound control terminal can be communicated through a USB interface, an audio interface or other wired cable methods. When the dynamic token and the bound control terminal are communicated through a wireless network, the dynamic token and the bound control terminal can be communicated through a Bluetooth network, a WIFI network and other wireless networks.
In practical applications, it is known that the security of the communication between the dynamic token and the bound control terminal through the wireless network is lower than that of the communication through the wired cable, mainly because the communication through the wireless network is easy to intercept and crack. In addition, if the dynamic token and the bound control terminal communicate with each other through a wireless network, it is inevitably necessary to provide a wireless communication unit in the dynamic token, for example, a bluetooth communication unit is required to be provided in the dynamic token when communicating through a bluetooth network, which inevitably increases the cost and volume of the dynamic token.
When the dynamic token and the bound control terminal communicate through a wired cable, if a USB interface is used for communication, the information interaction between the dynamic token and the bound control terminal is complicated. In practical applications, it can be known that a common external interface in the control terminal may generally include an audio signal interface in addition to the USB interface, and therefore, in the embodiment of the present invention, in order to reduce the cost of the dynamic token and simplify information interaction between the dynamic token and the control terminal, the communication interface in the dynamic token is an audio signal interface, and the audio signal interface in the dynamic token is connected to the audio signal interface of the bound control terminal through an audio line, so as to implement communication with the control terminal.
Referring to fig. 2, a schematic diagram of a connection between a dynamic token and a control terminal in an embodiment of the present invention is shown. The audio signal interface 101 of the dynamic token 10 is connected to the audio signal interface 201 of the bound control terminal 20 via the audio line 3.
The control terminal may be pre-installed with Application (APP) software corresponding to the dynamic token. When the user has a requirement for controlling the dynamic token, the APP software interface corresponding to the dynamic token can be opened in the bound control terminal. In the APP software interface, a user can click an input box to input information. After the user completes the input of the information, the control terminal may generate a control instruction from the information input by the user, and output the control instruction to the dynamic token.
For example, when a user makes a payment using online banking, there is a need to generate a response code using a dynamic token. The user can input the challenge code required to be input by the internet bank service provider in the APP software interface corresponding to the dynamic token. After the user clicks the "done" option, the control terminal generates a control command and transmits the control command to the dynamic token through the audio line.
In a specific implementation, the control terminal may be a mobile terminal, for example, the control terminal may be a smart terminal such as a smart phone or a tablet computer. The control terminal can also be an intelligent terminal such as a PC machine and the like which can send control instructions to the dynamic token.
In one embodiment, the Display 12 may be a Liquid Crystal Display (LCD) or other types of displays, such as an LED Display. In general, the cost of the LCD display is lower than that of the LED display, and the power consumption of the LCD display is lower than that of the LED display, so in an embodiment of the present invention, in order to reduce the cost and power consumption of the dynamic token as much as possible, the display is the LCD display.
In particular embodiments, the dynamic token may further include a key 14, and the key 14 is coupled to the controller 11. When the user does not operate the dynamic token for a long time or the dynamic token receives a shutdown instruction input by the user, the dynamic token can enter a shutdown state to save power consumption.
When the user has a need for using the dynamic token, the user can perform a power-on operation by pressing the key 14 of the dynamic token. After the power-on operation is completed, the controller 11 controls the display 12 to display a power-on password input interface, that is, the user can use the dynamic token after inputting the correct power-on password.
Compared with the existing time-based dynamic token, the dynamic token provided by the embodiment of the invention does not generate a dynamic password immediately after being started, but can be normally used when the input starting password is correct, so that the safety of the dynamic token can be improved.
In a specific implementation, a power-on password corresponding to the dynamic token may be preset. The power-on password may be a 6-digit or 4-digit decimal number. For example, the power-on password corresponding to the dynamic token is set to 123456.
The dynamic token provided by the embodiment of the invention only comprises one key, so that the operation of the dynamic token is different from that of the dynamic token with a keyboard. For ease of understanding, the operation of the dynamic token provided in the embodiments of the present invention is described in detail below.
When the user uses the dynamic token, the operation of the user on the dynamic token can be divided into the following three types: long press operation, short press operation, and continuous press operation. The controller of the dynamic token may determine which of the three operations is currently performed by the user according to the type of operation triggered by the detected key.
In a specific implementation, the long-press operation refers to that the duration of pressing the key by the user exceeds a preset first duration. For example, the first time period is set to 2s (s is time unit second) in advance, and when the duration of the key press by the user is detected to exceed 2s, the controller determines that the operation by the user is the long press operation.
In a specific implementation, the short-press operation means that the duration of pressing the key by the user is not greater than a preset second duration. For example, the second time period is preset to be 1s, and when the duration that the user presses the key is detected to be less than or equal to 1s and greater than 0.5s, the controller judges that the operation of the user is a short-press operation.
In a specific implementation, the continuous pressing operation refers to that the number of times that the user presses the key within the preset third duration reaches a preset number of times. For example, the third time period is preset to be 1s, and the preset number of times is 2. When the fact that the user presses the key twice within 1s is detected, the duration of pressing the key each time is 0.3s, and the interval of pressing the key twice is smaller than 0.3s, the controller judges that the operation of the user is continuous pressing operation.
It should be noted that, in the embodiment of the present invention, the maximum number of times of the continuous pressing operation is supported to be 3 times, and the continuous pressing user experience exceeding 3 times is not good.
In a specific implementation, the first duration is set to be longer than the second duration, and the second duration is set to be not shorter than the third duration. The specific values of the first duration, the second duration and the third duration may be set according to an actual application scenario.
In a specific implementation, the following settings may be performed in advance: and when the controller detects that the key is pressed by the user for a long time, controlling the dynamic token to be started up when the dynamic token is in the power-off state. It is understood that the following setting may also be performed in advance: and when the controller detects that the key is pressed by the user for a long time, controlling the dynamic token to be started up when the dynamic token is in the power-off state. In the following embodiments of the present invention, the controller detects that the key is pressed by the user for a long time to control the dynamic token to be turned on.
Since the dynamic token only comprises one key, in order to realize the input of the power-on password with 6 bits or 4 bits of decimal numbers, in the embodiment of the invention, the controller controls the display screen to light up the display area of the input power-on password and the display area of the power-on password options when controlling the dynamic token to be powered on. In the entered power-on password display area, the power-on password that the user has entered is displayed. And displaying selectable power-on password options in the power-on password option display area, wherein the user can operate the keys to select and input the power-on password according to the selectable power-on password options displayed on the display screen. In the power-on password option display area, one digit in decimal digits 0-9 can be displayed, and the displayed digits are continuously updated circularly.
In specific implementation, when detecting that a trigger signal corresponding to a key pressed by a user is detected, the controller processes the power-on password option in the power-on password option display area according to an action corresponding to the trigger signal, and displays a processing result through the input power-on password display area.
Referring to fig. 3, a schematic diagram of a display area of the display screen 12 in the embodiment of the present invention is shown. In fig. 3, the entered-power-on-password display area 31 is disposed in the left half of the display area of the display screen 12, and the power-on-password option display area 32 is disposed in the right half of the display area of the display screen 12. In the power-on password option display area 32, the number displayed therein is periodically changed in an increasing cycle from 0 to 9 or in a decreasing cycle from 9 to 0 with a period of 1 s.
The short press operation may be set to correspond to the power-on password selection operation, the long press operation may be set to correspond to the power-on password operation that is to be deleted most recently entered, and the long press operation may be set to correspond to the operation of changing the direction of change of the digits in the power-on password option display area 32.
For example, after the dynamic token is powered on, the displayed number in the power-on password option display area 32 changes in a cycle of 0 to 9, and when the displayed number is 1, the user can press a key for a short time. When the controller detects a trigger signal corresponding to a short-press operation of the user, 1 is selected as one bit of the power-on password, and the decimal number 1 is displayed in the input power-on password display area 31.
The following illustrates the power-on password entry process of the dynamic token provided in the embodiment of the present invention.
For example, the user preset the power-on password of the dynamic token to be 123456, and the highest bit of the power-on password is 1. After the user presses the keys on the dynamic token for a long time, the decimal numbers displayed in the power-on password option display area 32 of the display screen 12 are sequentially and incrementally cycled from 0 to 9. When the decimal number displayed in the power-on password option display area 32 is 1, the user presses the key for a short time, selects the decimal number 1, and completes the input of the 1 st digit, i.e. the highest digit, of the power-on password. Correspondingly, when the decimal number displayed in the power-on password option display area 32 is 2, the user presses the key for a short time, and then selects the decimal number 2, and completes the input of the 2 nd digit of the power-on password. By analogy, the user may enter the remaining bits of the power-on password.
When the user finds that the power-on password entered in the power-on password display area 31 is wrong, the user can press a key for a long time. When the controller detects that the key is pressed for a long time, the newly input one digit is deleted, and the digit displayed in the input power-on password display area 31 is controlled to be reduced by one digit, namely, the digit displayed in the input power-on password display area 31 is restored to the state before the newly input one digit is input.
For example, the user sets the power-on password to 123456, the fourth power-on password input by the user is 5, and at this time, the number displayed in the input power-on password display area 31 is 1235. The user presses the key for a long time, and when the controller detects that the key is pressed for a long time, the newly input one-digit power-on password '5' is deleted, and the number displayed in the input power-on password display area 31 on the display screen is controlled to be updated to 123.
The user may also change the direction of the numeric change in the power-on password option display area 32 by pressing in succession. For example, the direction of the change of the digits in the power-on password option display area 32 is in a cycle of increasing from 0 to 9. The user presses the key continuously. And when the controller detects that the key is pressed continuously, the digital change direction of the power-on password option display area 32 is controlled to be updated to be in a descending cycle from 9 to 0 in sequence.
Referring to fig. 4, a display diagram of a display screen 12 according to an embodiment of the invention is shown. In fig. 4, the number displayed in the input password-on display area 31 is 123, and the number displayed in the password-on option display area 32 is 0.
In a specific implementation, after the user completes the input of the power-on password, the controller may verify the power-on password input by the user. In practical applications, the power-on password input by the user is usually compared with the pre-stored power-on password. If the two are the same, the verification is judged to be successful, namely the power-on password input by the user is correct; if the two are different, the verification is judged to be failed, namely the power-on password input by the user is wrong.
For example, the power-on password stored in the dynamic token is 123456. The user completes the entry of the 6-digit power-on password, which is 123456. The controller compares the power-on password input by the user with the power-on password stored in the dynamic token, and if the comparison result is that the power-on password and the power-on password are the same, the controller judges that the power-on password input by the user is correct.
As another example, the power-on password stored in the dynamic token is 234567. The user completes the entry of the 6-digit power-on password, which is 123456. And comparing the two data, and judging that the power-on password input by the user is wrong if the comparison result shows that the two data are different.
When the password input by the user is correct, the controller can control the current working mode of the dynamic token displayed on the display screen, and the current working mode of the dynamic token can be the working mode set by the user in the last use. The operating modes of the dynamic token may include a time-type operating mode and a challenge-response type operating mode. The user can realize the switching of the working mode and the setting of the working mode by pressing the key.
In specific implementation, when the controller detects a trigger signal corresponding to the key, the working mode of the dynamic token is set according to an action corresponding to the trigger signal, and a setting result is displayed through the display screen.
And setting the selection operation of the working mode corresponding to the short-press operation, and switching the working mode corresponding to the long-press operation. And when the controller detects that the trigger signal corresponding to the pressed key is short-press operation, setting the working mode of the dynamic token as the working mode displayed on the display screen. And when the controller detects that the trigger signal corresponding to the pressed key is long-press operation, the working mode of the dynamic token is switched to another working mode, and the switching result is displayed on the display screen.
For example, after the user correctly enters the power-on password, the current operation mode of the dynamic token is displayed on the display screen as a time-type operation mode. If the user has the requirement of the time type working mode, the working mode of the dynamic token can be set to be the time type working mode by pressing the key for a short time.
And if the user has the requirement of the challenge response type working mode, pressing the key for a long time. And after detecting that the key is pressed for a long time, the controller switches the working mode of the dynamic token into a challenge response type working mode, and displays the working mode of the dynamic token on a display screen as the challenge response type working mode. Then, when the controller detects that the user presses the key for a short time, the working mode of the dynamic token can be set to be a challenge response type working mode.
After the selection of the working mode is completed, the dynamic token can work normally. When the working mode of the dynamic token is a time type working mode, the dynamic token can update the dynamic password at regular time and display the dynamic password through the display screen in the working process. For example, the dynamic token updates the dynamic password periodically with a period of 1 minute.
When the working mode of the dynamic token is a challenge response type working mode, in the working process, when the dynamic token receives a challenge code output by the control terminal, the controller can generate a response code corresponding to the challenge code and display the generated response code through the display screen.
The following describes a specific control flow of the dynamic token provided in the embodiment of the present invention in detail. Referring to fig. 5, a control method of a dynamic token in an embodiment of the present invention is shown, and is described in detail below with reference to fig. 1 to 2.
Step S501, receiving a control instruction sent by the bound control terminal through a communication interface preset in the dynamic token.
In a specific implementation, the control command sent by the bound control terminal includes a challenge code.
In a specific implementation, the control terminal and the dynamic token both store the same communication password, the communication password is used as an encryption key for data sent by the control terminal, and the communication password is used as a decryption key for the dynamic token.
When the user uses the dynamic token for the first time, the dynamic token and the control terminal can be bound firstly. The control terminal and the dynamic token store the same default communication password. For example, the default communication password stored in the control terminal and the dynamic token is a full 0 binary number of 16 bits.
The user can open a software interface of the pre-installed APP through the control terminal. In the software interface of the APP, the "bind" option is clicked. The control terminal generates a random number with the same length as the default communication password, combines the random number with identification information of the control terminal, encrypts a plaintext obtained by combination by adopting a symmetric cipher algorithm to obtain an encrypted ciphertext, wherein the encrypted ciphertext corresponds to the binding instruction, and the encrypted cipher key is the default communication password. And the control terminal transmits the generated encrypted ciphertext to the dynamic token through the audio line.
The dynamic token receives the encrypted ciphertext through the audio signal interface. The controller decrypts the received encrypted ciphertext by adopting a default communication password, acquires and stores the identification information and the random number of the control terminal from the obtained encrypted ciphertext, and uses the random number as a new communication password, namely a new decryption key, thereby realizing the binding with the control terminal.
After the setting of the new communication password is completed, if the dynamic token does not receive a key updating instruction sent by the control terminal, the control terminal encrypts data transmitted to the dynamic token by using the random number as an encryption key, and the dynamic token controller decrypts the received data by using the random number as a decryption key.
For example, the default communication code is a full 0 binary number of 16 bits, and the random number is 0110011001100110. The control terminal combines 0110011001100110 with its own identification information into a plaintext during the binding operation, encrypts the plaintext using a 16-bit full 0 binary number as an encryption key, and transmits the encrypted ciphertext to the dynamic token over the audio line. The controller decrypts the received encrypted ciphertext by using 16-bit full-0 binary number as a decryption key, stores 0110011001100110 and identification information of the control terminal, and uses 0110011001100110 as a new decryption key.
The identification information of the control terminal may be an International Mobile Equipment Identity (IMEI) of the control terminal, or may be other information that uniquely identifies the control terminal.
If the dynamic token is bound with other control terminals, the decryption key stored in the dynamic token, namely the stored communication password, is no longer the default communication password. If the user uses the control terminal to bind with the dynamic token under the unknown condition, the binding operation between the control terminal and the dynamic token cannot be realized at this moment because the encryption key of the encrypted ciphertext sent by the control terminal is the default communication password and the decryption key stored in the dynamic token is different from the default communication password. After the dynamic token receives the encrypted ciphertext, if the controller detects that decryption fails, the dynamic token controls the display screen to display a communication error word.
After the control terminal completes the binding operation with the dynamic token, when a user has a demand for a challenge response function of the dynamic token, an APP software interface corresponding to the dynamic token can be opened in the bound control terminal. In the APP software interface, the user may click on an input box to enter the challenge code. The bound control terminal can generate a control instruction according to a specific mode by using the challenge code input by the user, encrypts the control instruction by using the set communication password, and transmits the encrypted control instruction to the dynamic token through the audio line.
Step S502, the control instruction is decrypted, and the challenge code is read from the decrypted control instruction.
In a specific implementation, the audio signal interface of the dynamic token is electrically connected with the audio line. The controller may obtain the challenge code by decrypting a control command received through the audio signal interface.
And step S503, generating a response code corresponding to the challenge code, and outputting the response code through a display screen of the dynamic token.
Next, steps S501 to S503 will be described.
In a specific implementation, the control instruction generated by the control terminal may include identification information of the control terminal, a password type and a check code in addition to the challenge code. The control terminal generates a clear text from the challenge code, the identification information of the control terminal, the password type and the check code, and encrypts the clear text by using a communication password agreed with the dynamic token to obtain an encrypted control instruction.
The controller decrypts the received control command through the pre-stored communication password.
For example, in the binding process, the communication password agreed by the control terminal and the dynamic token is 0110011001100110, and the controller in the dynamic token decrypts the received control command by using 0110011001100110 as a decryption key.
And the controller compares the identification information of the control terminal in the control instruction with the identification information of the control terminal stored in the binding process, and confirms whether the check code in the control instruction is correct or not. And when the control terminal identification in the control instruction is the same as the identification of the control terminal during binding and the check code is correct, the controller generates a response code corresponding to the challenge code and displays the response code through a display screen.
And if the identification information of the control terminal in the control instruction is different from the identification information of the control terminal stored in the binding process, or the check code is incorrect, the controller controls the display screen to display an 'error' word.
Therefore, the challenge code is sent by the control terminal, and the dynamic token generates a response code corresponding to the challenge code after receiving the challenge code and displays the response code on the display screen. In the process of generating the response code, the dynamic token does not need to receive the challenge code input by the user, so that a keyboard for inputting the challenge code by the user does not need to be arranged in the dynamic token, the size of the dynamic token can be reduced, and the cost of the dynamic token can be reduced.
After the control terminal completes the binding operation with the dynamic token, the user can modify the power-on password of the dynamic token through the control terminal and can also update the communication password of the dynamic token through the control terminal. When there is a demand for a challenge-response type application, a user can input a challenge code through the control terminal.
The following describes the above application scenarios.
When the user has a need of modifying the power-on password of the dynamic token, the user can input the current power-on password and the new power-on password in the software interface of the APP in the control terminal. And after the input is finished, the control terminal generates a ciphertext corresponding to the power-on password modification instruction and transmits the ciphertext to the dynamic token through the audio line. In the power-on password modification instruction, the method comprises the following steps: the identification information of the bound control terminal, the current power-on password of the dynamic token and the new power-on password. The encryption key for encrypting the power-on password modification instruction by the control terminal is as follows: a random number generated when binding with the dynamic token.
For example, when the random number generated by the control terminal is 0110011001100110 at the time of binding, 0110011001100110 is used as an encryption key to encrypt the power-on password modification command. Accordingly, the controller of the dynamic token decrypts the power-on password modification instruction using 0110011001100110 as the decryption key.
In practical application, the power-on password modification instruction may further include information such as an operation code and a check code corresponding to the modified power-on password. And the operation code corresponding to the modified power-on password is used for indicating the dynamic token to modify the power-on password.
And the controller of the dynamic token receives the encrypted power-on password modification instruction through the audio signal interface and decrypts the power-on password modification instruction by adopting the stored decryption key. And after decryption, determining whether the identification information and the check code of the control terminal in the power-on password modification instruction are correct, if so, reading the corresponding operation code, and updating the stored current power-on password into a new power-on password. After the operation is finished, the controller controls the display screen to display the word of 'successful modification of the power-on password'.
And if any one of the identification information and the check code of the control terminal in the power-on password modification instruction is incorrect, the controller controls the display screen to display the word of 'power-on password modification failure'. And if the current power-on password in the power-on password modification instruction is different from the stored current power-on password, the controller controls the display screen to display the word of 'power-on password modification failure'.
When the user needs to update the communication password of the dynamic token, the user can click the option of 'update the communication password' in the software interface of the APP in the control terminal. The control terminal generates a communication password updating instruction, and the communication password updating instruction comprises the following steps: and controlling the identification information of the terminal and the new communication password. The new communication password is a random number which is generated by the control terminal and has the same length as the current communication password.
For example, during binding, the random number generated by the control terminal is 0110011001100110, that is, after binding, the communication passwords in the control terminal and the dynamic token are 0110011001100110. When the user updates the communication password of the dynamic token, the user clicks the option of 'updating the communication password' in the software interface of the APP. The control terminal generates a new communication password of 0110110110110110.
In practical application, the communication password update instruction may further include identification information of the control terminal, and information such as an operation code and a check code corresponding to the communication password update. And the operation code corresponding to the communication password updating is used for indicating the dynamic token to update the communication password.
The control terminal adopts 0110011001100110 as an encryption key to encrypt the communication password updating instruction, and outputs the encrypted communication password updating instruction to the dynamic token through the audio line. And after the controller of the dynamic token receives the communication password updating command, 0110011001100110 is used as a decryption key to decrypt the communication password updating command.
After decryption, the controller confirms whether the identification information of the control terminal in the communication password updating instruction is the same as the identification information of the control terminal stored in the binding process, and confirms whether the check code is correct. And when the control terminal identification in the communication password updating instruction is the same as the identification of the control terminal during binding and the check code is correct, the controller reads the operation code corresponding to the communication password updating, updates the communication password into a new communication password and controls the display screen to display the updating result.
For example, if the communication password stored in the control terminal is 0110011001100110 and the new random number is 0110110110110110, the controller updates the communication password to 0110110110110110 and controls the display screen to display the word "communication password update is successful".
And if the identification information of the control terminal in the communication password updating instruction is different from the identification information of the control terminal stored in the binding process, or the check code is incorrect, the controller controls the display screen to display the character of 'failure in updating the communication password'.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by instructing the relevant hardware through a program, which may be stored in a computer-readable storage medium, and the storage medium may include: ROM, RAM, magnetic or optical disks, and the like.
Although the present invention is disclosed above, the present invention is not limited thereto. Various changes and modifications may be effected therein by one skilled in the art without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (10)

1. A dynamic token, comprising: controller, display screen and communication interface, a button, wherein:
the key is coupled with the controller;
the display screen includes: a power-on password display area and a power-on password option display area are input;
the controller is respectively coupled with the communication interface and the display screen and is suitable for receiving a control instruction sent by the bound control terminal through the communication interface, and the control instruction comprises a challenge code; decrypting the control instruction, and reading the challenge code from the decrypted control instruction; generating a response code corresponding to the challenge code, and displaying the response code through the display screen; when the dynamic token is started, controlling the display screen to light the display area of the input power-on password and the display area of the power-on password option; when a trigger signal corresponding to the pressing of the key is detected, processing the power-on password option in the power-on password option display area according to the action corresponding to the trigger signal, and displaying the processing result through the input power-on password display area;
the pressing the key comprises any one of the following steps: press for a short time the button, press for a long time the button and press the button even, wherein: the long press of the key is that the press time of the key reaches a preset first time, the short press of the key is that the press time of the key is not longer than a preset second time, the continuous press of the key is that the press time of the key twice is not longer than a preset third time, the first time is longer than the second time, and the second time is not shorter than the third time; the short pressing of the key, the long pressing of the key and the continuous pressing of the key respectively correspond to different operations.
2. The dynamic token of claim 1, wherein the controller is further adapted to process the power-on password option in the power-on password option display area according to the action corresponding to the trigger signal, obtain the power-on password input by the user, and verify the power-on password; after the power-on password is verified to be correct, displaying the current working mode of the dynamic token through the display screen; and when the trigger signal corresponding to the pressing of the key is detected, setting the working mode of the dynamic token according to the action corresponding to the trigger signal, and displaying the setting result through the display screen.
3. The dynamic token of claim 1 or 2, wherein the communication interface is an audio signal interface.
4. A method for controlling a dynamic token, the dynamic token comprising a controller, a display screen, a communication interface, and a button, the button being coupled to the controller, the display screen comprising a display area for entered power-on password and a display area for power-on password option, the method comprising:
when the dynamic token is started, the controller controls the display screen to light the input power-on password display area and the power-on password option display area; when a trigger signal corresponding to the pressing of the key is detected, processing the power-on password option in the power-on password option display area according to the action corresponding to the trigger signal, and displaying the processing result in the input power-on password display area; the pressing the key comprises any one of the following steps: press for a short time the button, press for a long time the button and press the button even, wherein: the long press of the key is that the press time of the key reaches a preset first time, the short press of the key is that the press time of the key is less than a preset second time, the continuous press of the key is that the press times of the key in a preset third time are not less than preset times, the first time is longer than the second time, and the second time is not less than the third time; short pressing the key, long pressing the key and continuous pressing the key respectively correspond to different operations;
the controller receives a control instruction sent by a bound control terminal through a communication interface preset in the dynamic token, wherein the control instruction comprises a challenge code;
the controller decrypts the control instruction and reads the challenge code from the decrypted control instruction;
and the controller generates a response code corresponding to the challenge code and outputs the response code through a display screen of the dynamic token.
5. The method of controlling a dynamic token of claim 4, further comprising, after displaying the processing result in the entered power-on password display area:
the controller processes the power-on password option in the power-on password option display area according to the action corresponding to the trigger signal to obtain the power-on password input by the user and checks the power-on password;
after the controller verifies that the power-on password is correct, displaying the current working mode of the dynamic token through the display screen;
and when the controller detects the trigger signal corresponding to the pressing of the key, the controller sets the working mode of the dynamic token according to the action corresponding to the trigger signal and displays the setting result on the display screen.
6. The method for controlling a dynamic token according to claim 4, wherein before receiving the control command sent by the bound control terminal through the communication interface, the method further comprises:
and the controller receives a binding instruction sent by a control terminal and binds the binding instruction with the control terminal.
7. The method for controlling a dynamic token according to claim 6, wherein the receiving the binding command sent by the control terminal to bind with the control terminal comprises:
the controller receives a binding instruction sent by the control terminal, and the binding instruction is generated by the control terminal through the following modes: generating a random number with the same bit as a preset key, combining the random number with the identification information of the control terminal, and encrypting data obtained by combination, wherein the encrypted key is the preset key;
and the controller decrypts the binding instruction by adopting the preset key, stores the identification information of the control terminal and the random number, binds the random number with the control terminal and updates the preset key into the random number.
8. The method of controlling a dynamic token of claim 7, further comprising:
the controller receives a power-on password modification instruction sent by the bound control terminal; the power-on password modification instruction comprises the following steps: the identification information of the bound control terminal, the current power-on password of the dynamic token and a new power-on password;
and the controller modifies the current power-on password of the dynamic token into the new power-on password.
9. The method of controlling a dynamic token of claim 7, further comprising:
the controller receives a communication password updating instruction sent by the bound control terminal; the communication password updating command comprises: the identification information of the bound control terminal and a new communication password are obtained;
and the controller updates the stored password into the new communication password.
10. A method for controlling a dynamic token according to any one of claims 4 to 9, characterised in that the communication interface is an audio signal interface.
CN201710084076.0A 2017-02-16 2017-02-16 Dynamic token and control method thereof Active CN106712967B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710084076.0A CN106712967B (en) 2017-02-16 2017-02-16 Dynamic token and control method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710084076.0A CN106712967B (en) 2017-02-16 2017-02-16 Dynamic token and control method thereof

Publications (2)

Publication Number Publication Date
CN106712967A CN106712967A (en) 2017-05-24
CN106712967B true CN106712967B (en) 2020-02-21

Family

ID=58909228

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710084076.0A Active CN106712967B (en) 2017-02-16 2017-02-16 Dynamic token and control method thereof

Country Status (1)

Country Link
CN (1) CN106712967B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111726221B (en) * 2020-01-06 2021-07-20 电子科技大学 Physical layer safety transmission method capable of resisting arbitrary eavesdropping antenna number

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102592090A (en) * 2011-12-30 2012-07-18 深圳市文鼎创数据科技有限公司 Input method and input device of challenge type dynamic token challenge questions
CN102801724A (en) * 2012-08-09 2012-11-28 长城瑞通(北京)科技有限公司 Identity authentication method combining graphic image with dynamic password
CN202713331U (en) * 2012-07-02 2013-01-30 长城瑞通(北京)科技有限公司 Hand-held button type dynamic token
CN203180940U (en) * 2013-03-29 2013-09-04 国民技术股份有限公司 Dynamic password card
CN203251312U (en) * 2013-03-22 2013-10-23 长城瑞通(北京)科技有限公司 Low power consumption card-type dynamic token

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9208482B2 (en) * 2010-04-09 2015-12-08 Paypal, Inc. Transaction token issuing authorities

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102592090A (en) * 2011-12-30 2012-07-18 深圳市文鼎创数据科技有限公司 Input method and input device of challenge type dynamic token challenge questions
CN202713331U (en) * 2012-07-02 2013-01-30 长城瑞通(北京)科技有限公司 Hand-held button type dynamic token
CN102801724A (en) * 2012-08-09 2012-11-28 长城瑞通(北京)科技有限公司 Identity authentication method combining graphic image with dynamic password
CN203251312U (en) * 2013-03-22 2013-10-23 长城瑞通(北京)科技有限公司 Low power consumption card-type dynamic token
CN203180940U (en) * 2013-03-29 2013-09-04 国民技术股份有限公司 Dynamic password card

Also Published As

Publication number Publication date
CN106712967A (en) 2017-05-24

Similar Documents

Publication Publication Date Title
CN103220148B (en) The method of electronic signature token operation response request, system and electronic signature token
CN103929307B (en) Cipher-code input method, intelligent cipher key equipment and client terminal device
US11776348B2 (en) Contactless card personal identification system
EP3230917B1 (en) System and method for enabling secure authentication
CN103036681B (en) A kind of password safety keyboard device and system
EP2982150A1 (en) Secure mobile user interface and mobile device case
CN105426790A (en) Touch screen based password security input method and apparatus
US20180025332A1 (en) Transaction facilitation
EP2840735A1 (en) Electronic cipher generation method, apparatus and device, and electronic cipher authentication system
WO2007072615A1 (en) Authentication system and authentication object device
CA2921718A1 (en) Facilitating secure transactions using a contactless interface
US20140025946A1 (en) Audio-security storage apparatus and method for managing certificate using the same
CN110493265A (en) The method and storage medium of encryption data
CN106712967B (en) Dynamic token and control method thereof
US7545930B1 (en) Portable terminal
CN104966017A (en) Password input protection system and method
CN103136667A (en) Smart card with electronic signature function, smart card trading system and smart card trading method
CN109560918B (en) Method for generating NTRU key and terminal equipment
CN202978979U (en) Password security keypad device and password security pad system
CN105554010A (en) Password encryption method and system and intelligent terminal
KR100972152B1 (en) One time password generator
JPWO2018105304A1 (en) Information processing apparatus and information processing method
WO2023067321A1 (en) Portable encryption device
KR101733318B1 (en) Otp authentication system and method
KR101607712B1 (en) Security Method for Wireless Key by Key Button Matrix Structure Agreement, Wireless Terminal, Server and Recording Medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant