CN106998251A - Dynamic password formation method based on integrated mode - Google Patents
Dynamic password formation method based on integrated mode Download PDFInfo
- Publication number
- CN106998251A CN106998251A CN201710218571.6A CN201710218571A CN106998251A CN 106998251 A CN106998251 A CN 106998251A CN 201710218571 A CN201710218571 A CN 201710218571A CN 106998251 A CN106998251 A CN 106998251A
- Authority
- CN
- China
- Prior art keywords
- password
- integrated mode
- dynamic password
- authentication server
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000015572 biosynthetic process Effects 0.000 title claims abstract description 25
- 230000001360 synchronised effect Effects 0.000 claims abstract description 39
- 230000004044 response Effects 0.000 claims abstract description 24
- 230000003068 static effect Effects 0.000 claims abstract description 21
- 238000005516 engineering process Methods 0.000 description 12
- 239000013078 crystal Substances 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000005336 cracking Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000002123 temporal effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000009514 concussion Effects 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 239000000446 fuel Substances 0.000 description 1
- 238000007654 immersion Methods 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 230000007306 turnover Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention relates to a kind of dynamic password formation method based on integrated mode, including, obtain the system time of hardware token, the dynamic password for obtaining the hardware token present system time based on the system time generates integrated mode, the dynamic password generation integrated mode includes synchronous mode between the static added-time, static state plus event synchronization pattern, static state plus challenge response pattern, time synchronized adds event synchronization pattern, time synchronized adds challenge response pattern, event synchronization adds challenge response pattern, dynamic password generation integrated mode based on acquisition generates the password of two sequences, and the password of described two sequences is merged into a sequence, merge password to obtain, authentication server is verified to the merging password.By means of the invention it is possible to improve the security performance of dynamic password, it is to avoid dynamic password is cracked easily, so as to effectively ensure the economic interests of consumer and businessman.
Description
The application is Application No. 201410160099.1, the applying date to be on April 21st, 2014, entitled " be based on
The divisional application of the patent of the dynamic password formation method of integrated mode ".
Technical field
The present invention relates to Electronic dicrimination field, more particularly to a kind of dynamic password formation method based on integrated mode.
Background technology
In today of network communications technology fast development, e-payment is carried out by network and has become fashion, and moved
The innovation of terminal software and hardware and the booming of logistics and add fuel to the flames for this means of payment.By e-payment,
People can not spend each market on-the-spot investigation, wait in line enchashment for a long time without in bank, you can complete consumption,
Family receives the article of purchase, is that people have greatly saved time cost.The progress of science and technology is also a double-edged sword, in electronics branch
Pay for people provides facilitate while, also the security to payment proposes new problem, due to payment be on the network media
Perform, also provide to be familiar with the criminal of network technology and steal the chance of user profile.That how to improve Electronic dicrimination can
It is the technical problem that numerous electronic security(ELSEC) technology development co.s are badly in need of solving by property.
Currently, it is the authentication means commonly used in e-payment to carry out subscriber authentication using dynamic password.It is existing dynamic
The synchronization of use existence time, event synchronization and the challenge response Three models of state password.The dynamic password that time synchronized is produced, firmly
Part token and authentication server synchronously produce identical dynamic password, will to the synchronousness of hardware token and authentication server
Ask higher;Dynamic password based on event synchronization, its principle is made by a certain specific event order and identical seed
For input, consistent password is calculated with authentication server two ends in hardware token by HASH algorithms;Challenge response pattern
Dynamic password, receives the challenge code that service end is issued, and user inputs the challenge code on hardware token, and hardware token passes through built-in
Algorithm on generation one 6/8, once effective dynamic password.
But, the Three models of dynamic password are all single use, and each pattern is all rule governed, once it is illegal
Molecule is familiar with after the generation mode of dynamic password, by a large amount of old dynamic passwords of interception, constitutes a password dictionary, or energy
Cracking for dynamic password is enough carried out, the attack to identity authorization system is realized, certain economic loss is brought to user and businessman.
Accordingly, it would be desirable to a kind of new dynamic password formation method, in the base of the Three models of existing generation dynamic password
On plinth, the generation mode of dynamic password is converted and combined so that the personnel of cracking are difficult to obtain the create-rule of dynamic password, greatly
Improve the security of e-payment and the reliability of identity authorization system in ground.
The content of the invention
In order to solve the above problems, the invention provides a kind of dynamic password formation method based on integrated mode, pass through
Existing three kinds of generation modes are combined, the dynamic of different integrated mode generation combinations is selected based on present system time
Password, on the one hand, integrated mode changes at any time with system time, increases the difficulty that dynamic password is cracked, on the other hand, combination die
Formula is constant within a certain minute, also avoids dynamic password generation mode from frequently changing the inconvenience brought to user, so as to close
Improve to reason the security of dynamic password.
There is provided a kind of dynamic password formation method based on integrated mode, the dynamic according to an aspect of the present invention
Password generated method includes:
Step 1:The system time of hardware token is obtained, the system time includes date and time information, hour information and minute
Information;
Step 2:First pre-defined algorithm calculating is carried out to the date and time information, the hour information and the minute information,
Generalized time information is obtained, the generalized time information is a numeral;
Step 3:The unit numbers of the generalized time information are taken as the integrated mode generation factor;
Step 4:The integrated mode generation factor is based on according to the first predetermined corresponding relation and obtains dynamic password generation group
Syntype;
Step 5:Dynamic password generation integrated mode based on acquisition generates the password of two sequences, and by described two sequences
The password of row merges into a sequence, to obtain merging password;The display of the hardware token shows the merging password;
Step 6:The merging password is entered into the authentication window of authentication server by user;
Step 7:Authentication server is authenticated according to the merging password of user's typing to user identity;
Step 8:The authentication server is to the authentication window return authentication result;
Wherein, the authentication server is authenticated including according to the merging password of user's typing to user identity:
The authentication server obtains the system time of the authentication server, during the system of the authentication server
Between include date and time information, hour information and minute information;The date and time information, the hour information and the minute information are entered
The pre-defined algorithm of row second is calculated, and obtains the generalized time information of the authentication server, the authentication server
Generalized time information is a numeral;The unit numbers of generalized time information of the authentication server are taken as the identity
The integrated mode generation factor of certificate server;According to the second combination of the predetermined corresponding relation based on the authentication server
The schema creation factor obtains dynamic password generation integrated mode;Dynamic password generation integrated mode based on acquisition generates two sequences
The password of row, and the password of described two sequences is merged into a sequence, to obtain the merging of the authentication server
Password;User's typing that the merging password of the authentication server is received with the authentication server merges
Password is matched, and the match is successful then judges user for validated user, and it fails to match then judges user for disabled user;
Wherein, the dynamic password generation integrated mode includes synchronous mode, static plus event synchronization mould between the static added-time
Formula, static plus challenge response pattern, time synchronized add event synchronization pattern, time synchronized plus challenge response pattern and event synchronization
Plus challenge response pattern;
Wherein, first pre-defined algorithm is identical with the algorithm of second pre-defined algorithm, and the described first predetermined correspondence is closed
System is identical with the described second predetermined corresponding relation.
More specifically, the dynamic password formation method based on integrated mode further comprises, closed in user by described
And after password is entered into the authentication window of authentication server, the authentication window sets scheduled time window, in institute
When stating that the authentication server is not to the authentication window return authentication result in scheduled time window, the authentication window
User is reminded to re-enter the merging password.
More specifically, the dynamic password formation method based on integrated mode further comprises, when the authentication
Server to the authentication window return authentication result be repeatedly disabled user when, authentication window locking forbids user to exist
The same day continues to input the merging password.
More specifically, the dynamic password formation method based on integrated mode further comprises, the described first predetermined calculation
Method be with or, one kind in XOR, addition or subtraction.
More specifically, the dynamic password formation method based on integrated mode further comprises, described first predetermined pair
It should be related to for when the integrated mode generation factor is 0, the dynamic password generation integrated mode is static plus time synchronized
Pattern, when the integrated mode generation factor is 1 or 2, the dynamic password generation integrated mode is static plus event synchronization
Pattern, when the integrated mode generation factor is 3 or 4, the dynamic password generation integrated mode is static plus challenge response
Pattern, when the integrated mode generation factor is 5 or 6, the dynamic password generation integrated mode is that time synchronized adds event
Synchronous mode, when the integrated mode generation factor is 7 or 8, the dynamic password generation integrated mode adds for time synchronized
Challenge response pattern, when the integrated mode generation factor is 9, the dynamic password generation integrated mode adds for event synchronization
Challenge response pattern.
Brief description of the drawings
Embodiment of the present invention is described below with reference to accompanying drawing, wherein:
Fig. 1 is the method flow of the dynamic password formation method based on integrated mode according to embodiment of the present invention
Figure.
Fig. 2 is the block diagram of the electronic dicrimination system based on dynamic password according to embodiment of the present invention.
Embodiment
The embodiment to the dynamic password formation method based on integrated mode of the present invention is carried out below with reference to accompanying drawings
Describe in detail.
Password authentication is most simple, is also a kind of the most frequently used remote identity authentication method.Can in order to solve static password
The problems such as being stolen or be stolen in database in the transmission of energy appearance, while the password in order to be effectively prevented from attacker
Guess and retry attack, dynamic password arises at the historic moment.The main thought of dynamic password is added in process of user login
Uncertain factor, such as time, random number so that the information transmitted in each process of user login is all different, so as to resist weight
Examination attack, improves the security in login process.Dynamic-password technique is mainly divided to two kinds, i.e. synchronization Password Technology and asynchronous password
Technology, wherein asynchronous password technology employ challenge response mode, and synchronization Password Technology is divided into time synchronized password and thing
Part synchronization password.Currently, three of the above mainly generates the dynamic password that mode generates and is widely used in ecommerce, electronics postal
In the service of the multiple networks such as part, wireless access, network equipment login, Web bank, taken by the token and distal end of validated user
The cooperation of business device, completes the Electronic dicrimination to user.
Time synchronized password, is the time synchronized based on token and server, and consistent dynamic mouth is generated by computing
Order, the token based on time synchronized, general turnover rate is 60 seconds, produces a new password within every 60 seconds, but due to its synchronous base
Plinth is universal time, then the correct clock of holding that its server can be exactly accurate is required, while to the crystalline substance of its token
Vibration frequency has strict requirements, so that reducing system loses synchronous probability, from another point of view, the token based on time synchronized exists
When being authenticated every time, server end will detect the clock offset of token, accordingly constantly finely tune the time record of oneself,
So as to ensure that the synchronization of token and server, it is ensured that daily use, but because the working environment of token is different, in magnetic field,
High temperature, high pressure, concussion, the uncertain skew and damage that clock pulses easily occurs when immersion, therefore for time synchronized
It is very necessary, the token for losing time synchronized that equipment, which carries out preferably protection, at present can be by increasing offset
Technology (front and rear 10 minutes) carry out remote synchronization, it is ensured that it can continue to use, and reduce the influence to application, but for super
Go out the time synchronized token of acquiescence (totally 20 minutes), will be unable to be continuing with or carry out remote synchronization, it is necessary to send server end back to
Otherwise processed.Equally, for the server based on time synchronized, its system clock should be preferably protected, should not arbitrarily be changed, with
Exempt from occur stationary problem, so as to influence to be all based on the token that this server is authenticated.
Event synchronization password, its principle is to be used as input by a certain specific event order and identical seed,
Consistent password is calculated in algorithm, its computing mechanism determines that its whole workflow is unrelated with clock, not by the shadow of clock
Ring, time pulse crystal oscillator is not present in token, but due to the uniformity of its algorithm, its password is knowable in advance, by token,
You can be known a priori by multiple passwords from now on, therefore when token is lost and does not use PIN code to protect token, exist
The risk illegally logged in, therefore the token of event synchronization is used, the protection to PIN code is very necessary.Equally, it is same based on event
The token of step, which is equally existed, loses synchronous risk, such as user's repeatedly random generation password, for the step-out of token,
The server of event synchronization is resynchronized using the mode of increase offset, and its server end can be calculated certain time backward automatically
Several passwords, comes synchronous token and server, when step loss condition is through very serious, when exceeding normal range (NR) on a large scale, by even
The continuous input password that token computation goes out twice, server will carry out token synchronization, generally, token in the larger context
Synchronous required number of times is not over 3 times.But in extreme circumstances, do not discharge and lose synchronous possibility, such as power drain,
Operational error etc. when changing battery.Now, token still can be by manually entering the one group of sequential value generated by keeper come real
Existing remote synchronization, without returning to server end re-synchronization.
Asynchronous password technology, employs challenge response mode, does not have between token and server in addition to identical algorithm
The problem of needing the condition synchronized, therefore can effectively solve token step-out, reduces the influence to application, while greatly
Add the reliability of system.The shortcoming that asynchronous password is used is mainly when in use, and user needs many input challenging values
Step, for operating personnel, adds complexity, therefore in use, by the sensitivity applied according to user and to safety
It is required that degree selects the generating mode of password.
Above-mentioned three kinds of dynamic password generation modes are effectively guaranteed the degree of accuracy of Electronic dicrimination, but three to a certain extent
The generating mode for planting each pattern in dynamic password generation mode is known content, is familiar with the criminal of cryptographic technique
By the trial of limited number of time, it is still able to obtain shredder meeting.Fixed and fragile to solve existing dynamic password generation mode
The technical problem of solution, the present invention proposes a kind of dynamic password formation method based on integrated mode.
Fig. 1 is the method flow of the dynamic password formation method based on integrated mode according to embodiment of the present invention
Figure, the dynamic password formation method comprises the following steps:
Step 101:The system time of hardware token is obtained, the system time includes date and time information, hour information and divided
Clock information;
Step 102:First pre-defined algorithm meter is carried out to the date and time information, the hour information and the minute information
Calculate, obtain generalized time information, the generalized time information is a numeral;
Step 103:The unit numbers of the generalized time information are taken as the integrated mode generation factor;
Step 104:The integrated mode generation factor is based on according to the first predetermined corresponding relation and obtains dynamic password generation
Integrated mode;
Step 105:Dynamic password generation integrated mode based on acquisition generates the password of two sequences, and will be described two
The password of sequence merges into a sequence, to obtain merging password;The display of the hardware token shows the merging password;
Step 106:The merging password is entered into the authentication window of authentication server by user;
Step 107:Authentication server is authenticated according to the merging password of user's typing to user identity;
Step 108:The authentication server is to the authentication window return authentication result, when authentication result judges to use
When family is validated user, step 109 is jumped to, when authentication result judges user for disabled user, step 110 is jumped to;
Step 109:The authentication window completes certification, enters access customer mandate interface;
Step 110:The authentication window points out authentification failure, and request user inputs the merging password again;
Wherein, step 107 also includes, when the authentication server obtains the system of the authentication server
Between, the system time of the authentication server includes date and time information, hour information and minute information;The date is believed
Breath, the hour information and the minute information carry out the second pre-defined algorithm calculating, obtain the comprehensive of the authentication server
Temporal information is closed, the generalized time information of the authentication server is a numeral;Take the comprehensive of the authentication server
The unit numbers for closing temporal information are used as the integrated mode generation factor of the authentication server;According to the second predetermined correspondence
The integrated mode generation factor of the relation based on the authentication server obtains dynamic password generation integrated mode;Based on acquisition
Dynamic password generation integrated mode generate the passwords of two sequences, and the password of described two sequences is merged into a sequence
Row, to obtain the merging password of the authentication server;By the merging password of the authentication server and the body
The merging password for user's typing that part certificate server is received is matched, and the match is successful then judges user for validated user,
It fails to match then judges user for disabled user;
Wherein, after step 106, scheduled time window also can be set in the authentication window, in the scheduled time window
When the intraoral authentication server is not to the authentication window return authentication result, the authentication window reminds user again
Input the merging password;And when the authentication server to the authentication window return authentication result repeatedly be illegal
During user, the authentication window can be locked automatically, forbid user to continue the input merging password on the day of.
Wherein, the dynamic password generation integrated mode includes synchronous mode, static plus event synchronization mould between the static added-time
Formula, static plus challenge response pattern, time synchronized add event synchronization pattern, time synchronized plus challenge response pattern and event synchronization
Plus challenge response pattern;First pre-defined algorithm is identical with the algorithm of second pre-defined algorithm, the described first predetermined correspondence
Relation is identical with the described second predetermined corresponding relation;The first predetermined corresponding relation may be selected to be, when integrated mode life
When into the factor being 0, dynamic password generation integrated mode is synchronous mode between the static added-time, when integrated mode generation because
When son is 1 or 2, dynamic password generation integrated mode is static plus event synchronization pattern, when integrated mode generation because
When son is 3 or 4, dynamic password generation integrated mode is static plus challenge response pattern, when integrated mode generation because
When son is 5 or 6, the dynamic password generation integrated mode is that time synchronized adds event synchronization pattern, when integrated mode life
When into the factor being 7 or 8, dynamic password generation integrated mode is that time synchronized adds challenge response pattern, when the combination die
When the formula generation factor is 9, the dynamic password generation integrated mode is that event synchronization adds challenge response pattern.
In addition, in order that hardware token end and authentication server end generation two merge passwords it is identical always,
The system time stringent synchronization at hardware token end and authentication server end must be ensured, the general system time difference of the two is come
Source has two kinds:1) time of hardware token device is produced by crystal oscillator module, and crystal oscillator module has deviation, although crystal oscillator module
The amplitude of deviation is different, but the deviation of this part is all positive;2) user inputs dynamic password to dynamic password being serviced device
Receive, there is also time deviation between this.The time deviation of this part is mainly by user's input delay, Network Transmission Delays institute
Cause.The system time at authentication server end can be compensated using time bias mode, with realization, the two is
The synchronization of system time, effectively overcomes above mentioned problem.
Then, with continued reference to Fig. 2, the present invention will be described, and Fig. 2 is based on dynamic according to embodiment of the present invention
The block diagram of the electronic dicrimination system of state password, the electronic dicrimination system include hardware token 201, certification terminal 202,
Authentication server 203 and communication network 204, the hardware token 201 include display, and display is dynamic based on integrated mode
The dynamic password that state password generated method is generated, the dynamic password is a merging password, and the display of certification terminal 202 is recognized
Window is demonstrate,proved, the dynamic password that the hardware token 201 is shown is inputted for user, the certification terminal 202 passes through communication network 204
It is connected with authentication server 203, the dynamic password that user inputs is sent to the end of authentication server 203, the body
Part certificate server 203 itself generates another dynamic password according to identical dynamic password formation method simultaneously, to realize two
Matching result is returned to certification terminal 202 by the matching of individual dynamic password, authentication server 203, to inform certification terminal
Whether active user is validated user, so as to complete Electronic dicrimination.
It is solid for existing dynamic password generation mode using the dynamic password formation method based on integrated mode of the present invention
The fixed technical problem for being easy to crack, using the dynamic password combination producing pattern changed with system time, changes combination life at any time
Become the mode so that the personnel of cracking are difficult to find the Conduce Disciplinarian of dynamic password, ensure the peace of the Electronic dicrimination based on dynamic password
Quan Xing.
Although it is understood that the present invention is disclosed as above with preferred embodiment, but above-described embodiment and being not used to
Limit the present invention.For any those skilled in the art, without departing from the scope of the technical proposal of the invention,
Many possible variations and modification are all made to technical solution of the present invention using the technology contents of the disclosure above, or are revised as
With the equivalent embodiment of change.Therefore, every content without departing from technical solution of the present invention, the technical spirit pair according to the present invention
Any simple modifications, equivalents, and modifications made for any of the above embodiments, still fall within the scope of technical solution of the present invention protection
It is interior.
Claims (5)
1. a kind of dynamic password formation method based on integrated mode, it is characterised in that the dynamic password formation method includes:
The system time of hardware token is obtained, the system time includes date and time information, hour information and minute information;
First pre-defined algorithm calculating is carried out to the date and time information, the hour information and the minute information, when obtaining comprehensive
Between information, the generalized time information be one numeral;
The unit numbers of the generalized time information are taken as the integrated mode generation factor;
The integrated mode generation factor is based on according to the first predetermined corresponding relation and obtains dynamic password generation integrated mode;
Dynamic password generation integrated mode based on acquisition generates the password of two sequences, and the password of described two sequences is closed
And be a sequence, to obtain merging password.
2. the dynamic password formation method as claimed in claim 1 based on integrated mode, it is characterised in that also include:
The display of the hardware token shows the merging password;
The merging password is entered into the authentication window of authentication server by user;
Authentication server is authenticated according to the merging password of user's typing to user identity;
The authentication server is to the authentication window return authentication result.
3. the dynamic password formation method as claimed in claim 2 based on integrated mode, it is characterised in that the authentication
Server is authenticated including according to the merging password of user's typing to user identity:
The authentication server obtains the system time of the authentication server, and the authentication server is
The system time includes date and time information, hour information and minute information;
Second pre-defined algorithm calculating is carried out to the date and time information, the hour information and the minute information, the body is obtained
The generalized time information of part certificate server, the generalized time information of the authentication server is a numeral;
Take the authentication server generalized time information unit numbers as the authentication server combination
The schema creation factor;
Dynamic password is obtained according to the integrated mode generation factor of the second predetermined corresponding relation based on the authentication server
Generate integrated mode;
Dynamic password generation integrated mode based on acquisition generates the password of two sequences, and the password of described two sequences is closed
And be a sequence, to obtain the merging password of the authentication server;
User's typing that the merging password of the authentication server is received with the authentication server merges
Password is matched, and the match is successful then judges user for validated user, and it fails to match then judges user for disabled user;
Wherein, dynamic password generation integrated mode include synchronous mode between the static added-time, it is static plus event synchronization pattern, quiet
State adds challenge response pattern, time synchronized plus event synchronization pattern, time synchronized plus challenge response pattern and event synchronization to add to choose
War answer-mode;
Wherein, first pre-defined algorithm is identical with the algorithm of second pre-defined algorithm, the first predetermined corresponding relation with
The second predetermined corresponding relation is identical.
4. the dynamic password formation method as claimed in claim 3 based on integrated mode, it is characterised in that:
First pre-defined algorithm be with or, one kind in XOR, addition or subtraction.
5. the dynamic password formation method as claimed in claim 4 based on integrated mode, it is characterised in that:
The first predetermined corresponding relation is that, when the integrated mode generation factor is 0, the dynamic password generates combination die
Formula is synchronous mode between the static added-time, and when the integrated mode generation factor is 1 or 2, the dynamic password generates combination die
Formula is static plus event synchronization pattern, and when the integrated mode generation factor is 3 or 4, the dynamic password generates combination die
Formula is static plus challenge response pattern, and when the integrated mode generation factor is 5 or 6, the dynamic password generates combination die
Formula is that time synchronized adds event synchronization pattern, when the integrated mode generation factor is 7 or 8, the dynamic password generation group
Syntype is that time synchronized adds challenge response pattern, when the integrated mode generation factor is 9, the dynamic password generation group
Syntype is that event synchronization adds challenge response pattern.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710218571.6A CN106998251B (en) | 2014-04-21 | 2014-04-21 | Dynamic password formation method based on integrated mode |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710218571.6A CN106998251B (en) | 2014-04-21 | 2014-04-21 | Dynamic password formation method based on integrated mode |
| CN201410160099.1A CN104378204B (en) | 2014-04-21 | 2014-04-21 | Dynamic password formation method based on integrated mode |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410160099.1A Division CN104378204B (en) | 2014-04-21 | 2014-04-21 | Dynamic password formation method based on integrated mode |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106998251A true CN106998251A (en) | 2017-08-01 |
| CN106998251B CN106998251B (en) | 2018-03-09 |
Family
ID=52556886
Family Applications (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710218014.4A Active CN106936573B (en) | 2014-04-21 | 2014-04-21 | Dynamic password formation method based on integrated mode |
| CN201710218571.6A Active CN106998251B (en) | 2014-04-21 | 2014-04-21 | Dynamic password formation method based on integrated mode |
| CN201410160099.1A Expired - Fee Related CN104378204B (en) | 2014-04-21 | 2014-04-21 | Dynamic password formation method based on integrated mode |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710218014.4A Active CN106936573B (en) | 2014-04-21 | 2014-04-21 | Dynamic password formation method based on integrated mode |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410160099.1A Expired - Fee Related CN104378204B (en) | 2014-04-21 | 2014-04-21 | Dynamic password formation method based on integrated mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (3) | CN106936573B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105187421A (en) * | 2015-08-28 | 2015-12-23 | 张大圣 | Account password command protection method |
| CN106506529A (en) * | 2016-12-06 | 2017-03-15 | 上海众人网络安全技术有限公司 | A kind of mutual authentication method and system |
| CN107451490B (en) * | 2017-07-21 | 2020-02-28 | 广州大学 | TrustZone-based security authentication method, device, system and storage medium |
| CN112134885A (en) * | 2020-09-23 | 2020-12-25 | 国网江苏省电力有限公司泰州供电分公司 | Method and system for encrypting access of internet terminal |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1992596A (en) * | 2005-12-27 | 2007-07-04 | 国际商业机器公司 | User authentication device and method |
| CN101197665A (en) * | 2007-12-24 | 2008-06-11 | 北京飞天诚信科技有限公司 | Dynamic password generation method and device thereof |
| CN101699892A (en) * | 2009-10-30 | 2010-04-28 | 北京神州付电子支付科技有限公司 | Method and device for generating dynamic passwords and network system |
| US20120210408A1 (en) * | 2009-10-30 | 2012-08-16 | Zhou Lu | Verification method and system thereof |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20100136047A (en) * | 2009-06-18 | 2010-12-28 | 주식회사 비즈모델라인 | System and method for managing otp by seed combination mode and recording medium |
| CN101800644A (en) * | 2010-01-11 | 2010-08-11 | 上海众烁信息科技有限公司 | Computer security protection system and method based on dynamic countersign |
| CN102307093A (en) * | 2011-04-27 | 2012-01-04 | 上海动联信息技术有限公司 | Method for generating two-factor dynamic password |
| CN102222390B (en) * | 2011-06-30 | 2012-10-31 | 飞天诚信科技股份有限公司 | Multifunctional intelligent key device and working method thereof |
| CN103051460B (en) * | 2013-01-29 | 2015-08-19 | 赵忠华 | Based on dynamic token system and the encryption method thereof of inertial technology |
| CN103441856A (en) * | 2013-09-06 | 2013-12-11 | 北京握奇智能科技有限公司 | Dynamic password authentication method and device |
-
2014
- 2014-04-21 CN CN201710218014.4A patent/CN106936573B/en active Active
- 2014-04-21 CN CN201710218571.6A patent/CN106998251B/en active Active
- 2014-04-21 CN CN201410160099.1A patent/CN104378204B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1992596A (en) * | 2005-12-27 | 2007-07-04 | 国际商业机器公司 | User authentication device and method |
| CN101197665A (en) * | 2007-12-24 | 2008-06-11 | 北京飞天诚信科技有限公司 | Dynamic password generation method and device thereof |
| CN101699892A (en) * | 2009-10-30 | 2010-04-28 | 北京神州付电子支付科技有限公司 | Method and device for generating dynamic passwords and network system |
| US20120210408A1 (en) * | 2009-10-30 | 2012-08-16 | Zhou Lu | Verification method and system thereof |
Non-Patent Citations (1)
| Title |
|---|
| 余彬彬: "《动态身份认证***的研究与实现》", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106936573B (en) | 2018-06-01 |
| CN106936573A (en) | 2017-07-07 |
| CN104378204A (en) | 2015-02-25 |
| CN104378204B (en) | 2017-09-15 |
| CN106998251B (en) | 2018-03-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106789047B (en) | A kind of block chain identification system | |
| US10637854B2 (en) | User-wearable secured devices provided assuring authentication and validation of data storage and transmission | |
| CN101197667B (en) | Dynamic password authentication method | |
| US9218493B2 (en) | Key camouflaging using a machine identifier | |
| US10057235B2 (en) | Methods apparatuses and systems for providing user authentication | |
| US10402797B2 (en) | Secured authentication and transaction authorization for mobile and internet-of-things devices | |
| US9197414B1 (en) | Cryptographic protocol for portable devices | |
| US9858401B2 (en) | Securing transactions against cyberattacks | |
| CN104378204B (en) | Dynamic password formation method based on integrated mode | |
| US20140380445A1 (en) | Universal Authentication and Data Exchange Method, System and Service | |
| WO2015161699A1 (en) | Secure data interaction method and system | |
| TW201812630A (en) | Block chain identity system | |
| US10154031B1 (en) | User-wearable secured devices provided assuring authentication and validation of data storage and transmission | |
| CN110191086A (en) | Intelligentized Furniture remote security control method, device, computer equipment and storage medium | |
| CN110392027A (en) | Authentication, method for processing business and system based on biological characteristic | |
| CN101777983B (en) | Trading signature method, authentication server and system | |
| JP2000222360A (en) | Method and system for authentication and authentication processing program recording medium | |
| US11429702B2 (en) | Method of verification of a biometric authentication | |
| EP2758922A2 (en) | Securing transactions against cyberattacks | |
| US20220311610A1 (en) | Authentication system using paired, role reversing personal devices | |
| CN103929308A (en) | Information verification method applied to RFID card | |
| WO2018231713A1 (en) | User-wearable secured devices provided assuring authentication and validation of data storage and transmission | |
| CN115208676B (en) | Data encryption method and system based on blockchain technology | |
| Jin et al. | Fingerprint-based user authentication scheme for home healthcare system | |
| EP3076585A1 (en) | Cryptographic protocol for portable devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20171229 Address after: 518000 Guangdong Province, Shenzhen New District of Longhua City, Dalang street, Longsheng Gold Dragon Road community e-commerce incubator exhibition Tao Commercial Plaza E block 706 Applicant after: Shenzhen step Technology Transfer Center Co., Ltd. Address before: Li Zhen Liu Anxin County in Hebei province 071600 Baoding Malaysia Village School Street No. 9 Applicant before: Li Haiying |
|
| TA01 | Transfer of patent application right | ||
| CB03 | Change of inventor or designer information |
Inventor after: Hu Bo Inventor before: Wang Jun |
|
| CB03 | Change of inventor or designer information | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20180202 Address after: Nansha District Fengze road Guangzhou city Guangdong province 511458 No. 106 15 floor room 1501 No. 38 self Applicant after: Guangzhou Bao Payment Technology Co. Ltd. Address before: 518000 Guangdong Province, Shenzhen New District of Longhua City, Dalang street, Longsheng Gold Dragon Road community e-commerce incubator exhibition Tao Commercial Plaza E block 706 Applicant before: Shenzhen step Technology Transfer Center Co., Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |