CN101162996B - Multiple dynamic cipher device authorization identifying system and identifying method thereof - Google Patents
Multiple dynamic cipher device authorization identifying system and identifying method thereof Download PDFInfo
- Publication number
- CN101162996B CN101162996B CN2007101864218A CN200710186421A CN101162996B CN 101162996 B CN101162996 B CN 101162996B CN 2007101864218 A CN2007101864218 A CN 2007101864218A CN 200710186421 A CN200710186421 A CN 200710186421A CN 101162996 B CN101162996 B CN 101162996B
- Authority
- CN
- China
- Prior art keywords
- client
- dynamic
- dynamic password
- cipher device
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses an authorization and authentication system and an authentication method which can allow the mutual authentication between a service provider and clients and the momentary update of authentication passwords, wherein, the system includes the computer host (11) of the service provider, client login terminals (12), a wired or wireless communication network (13) connecting the computer host with the client login terminals and multi-dynamic cipher coders (1) in the hands of the clients, the built-in clocks of the multi-dynamic cipher coders are synchronized with the computer host, at least one dynamic password-generating programe is built in the multi-dynamic cipher coder (1) of each client, the same dynamic password-generating programe corresponding to the multi-dynamic cipher coder of each client is built in the computer host and stored under the account of each client, and according to the set time function, the dynamic password-generating programe generates two or more dynamic passwords updated according to time. The double passwords can allow the mutual authentication between the service provider and clients, the authentication passwords can be updated at any time, thus ensuring security, moreover, the capacity of the computer host does not need to be expanded, and the small-sized multi-dynamic cipher coders can be conveniently carried.
Description
Technical field
The present invention relates to a kind of multiple dynamic cipher device authorization identifying system, especially a kind ofly can let ISP and client both sides verify each other and the authorization identifying system of authentication password updated at any time.The invention still further relates to the authentication method of said system.
Background technology
Social in modern times, more and more many people use ebanking services, the Internet shopping and other e-commerce initiative.When login, they must input customer name and password.But the offender uses spyware, trojan horse, and hacking technique, fishing website (the same false webpages of webpage such as outward appearance and bank are used to steal client password) etc. are stolen these fixing customer name and passwords at an easy rate.And more and more active financial crime discloses, and utilizing card number and card holder's name is to be nowhere near as the credit card safety measure.The offender can steal credit card information, and uses these fixing information unlawfully to get into client's online account, or forged credit card or clone ATM card.
For solving the problem that fixed password is stolen, some banks have distributed dynamic cipher device for their Net silver client.Using the most general dynamic cipher device is the product of U.S. RSA Security Inc company: the SecurID dynamic cipher device.The operation principle of SecurID dynamic cipher device is such: the SecurID dynamic cipher device produces a quasi random number as dynamic password according to plug-in per 30 (or 60) second.The main frame of bank or mechanism also produces a quasi random number on clients' accounts according to same program per 30 (or 60) simultaneously second.When the client used Internet-based banking services, they must input the password that on the SecurID dynamic cipher device, shows when login.If the password that the client submits is identical with the password of bank main, the client allows to get into his/her Net silver account.The SecurID dynamic cipher device is the authentication that ebanking services provides high safety.Even dynamic password is stolen, it can become useless password.Because dynamic password in minutes just can lose efficacy, and in its term of validity, can only use once.
But common dynamic cipher device, such as SecurID dynamic cipher device still have safety defect and shortcoming.At first, it can't tackle fishing webpage.Common dynamic cipher device only allows bank to examine the client, but the client can't examine whether the webpage of their login is the webpage of forging.The offender still can cheat the client and sign in to fishing webpage; When the client imports customer name and dynamic password on fishing webpage; Offender's intercepting the customer name and the dynamic password of client input, exist side by side and promptly use the website of these information registration to bank, enter in client's the Net silver account.
The second, bank only distributes dynamic cipher device for the Net silver client, and common dynamic cipher device only is used for online transaction (the Internet banking), and can not be used to tackle forged credit card or clone ATM card.
The 3rd, common dynamic cipher device volume is inadequately little, and the client carries above two will feel inconvenience.Yet people have the account surpassing in the banks different more than two usually.
United States Patent (USP) 7,051,929 B2 propose the safety credit card that produce new secure digital a kind of every day.The first half of card has magnetic stripe, and thickness is the same with normal card, therefore can read information by credit card reader; The card Lower Half comprises processor, button or keyboard, battery, display window and program input port.Before issuing the client to credit card, download a specific program to credit card processor, this specific program also is recorded under the interior customer account number of host computer of bank or mechanism.Processor produces a new secure digital according to this specific program every day, and it is presented at display window with the date.Secure digital is the function on date, and functional relation is by this specific program definition.Not only customer name, card number to be provided during payment, also will submit the date of payment and secure digital at that time to.These information are sent to bank and check.Bank retrieves corresponding account and specific program, calculates secure digital with this specific program according to the date of payment then; If the secure digital that produces is identical with the secure digital that credit card produces, just the transaction approval, otherwise refusal.Because secure digital is to change every day,, bring risk can for card holder and bank even the information of credit card is divulged yet.Though this safety credit card possibly prevent that credit card from being forged, it still has safety defect.For example, criminal can use false webpage (fishing webpage is used to defraud of the forgery webpage of password) or trojan horse to steal the information and the secure digital of safety credit card and use their illegal payment immediately.
Summary of the invention
First purpose of the present invention just provides and a kind ofly can let ISP and client both sides verify each other and the multiple dynamic cipher device authorization identifying system of authentication password updated at any time.
For realizing above-mentioned purpose; Multiple dynamic cipher device authorization identifying system of the present invention; Comprise that the host computer and the client that serve the provider land terminal (landing the terminal can be computer, and phone or other communication are not equipped with), and the wired or wireless communication network that connects both; It is characterized in that: also comprise the multiple dynamic cipher device that is in client's hand, its onboard clock and host computer are synchronous; Described client's multiple dynamic cipher device is built-in with at least one dynamic password generator; Described host computer is built-in with corresponding to the identical dynamic password generator of each client's multiple dynamic cipher device and is stored under this client's the account number, and described dynamic password generator generates two or more each dynamic passwords that upgrade in time according to the function of time of setting; Two or more dynamic passwords that identical dynamic password generator generates are corresponding identical respectively.
Described host computer and multiple dynamic cipher device generate two dynamic passwords; The length of first dynamic password is 3 to 5; Be equal to or greater than 2 minutes update time at interval, is less than or equal to 12 hours, and the length of described second dynamic password is 4 to 8; Be equal to or greater than 20 seconds update time at interval, is less than or equal to 120 seconds.
Described dynamic password is numeral, letter or its combination, can also be bar code.
Described multiple dynamic cipher device is provided with switch, and the ability computing generates the dynamic password under the current time during startup; When described host computer received customer name that communication network transmits and fixed password, the dynamic password generator union that host computer just calls corresponding to this client's multiple dynamic cipher device generated the dynamic password under the current time.
Described multiple dynamic cipher device has display screen.
Described multiple dynamic cipher device can be inserted in the mobile phone.
Described client's multiple dynamic cipher device is built-in with a plurality of dynamic password generators that correspond respectively to a plurality of service provider host computers.
Can be provided with the data input port on described client's multiple dynamic cipher device, serving the provider can be input to the dynamic password generator of themselves host computer on the multiple dynamic cipher device.
The authentication method of said system can be applicable to the authentication of Web bank, the network gaming login authentication, and each major company, mechanism, remote authentications such as inner website login authentication such as government department, authenticating step is following:
1, the client inputs user name (user ID) and fixed password (Pin number) from landing terminal (landing the terminal can be computer, also can be mobile phone, or other communication is not equipped with);
2, host computer accesses this client's dynamic password generator in this customer account number according to client's user name and fixed password, produces first dynamic password and is transmitted back to and land on the terminal screen;
3, the client compares first dynamic password that shows on the multiple dynamic cipher device in first dynamic password of host computer passback and the hand: different as if two passwords, the client is terminating operation then; If two dynamic passwords are identical, then the client imports second dynamic password that shows on his multiple dynamic cipher device;
4, second dynamic password that generates it oneself of host computer compares with second dynamic password of client's passback, if two passwords are identical, host computer just can be confirmed client's legal identity, thereby the permission client gets into his account number; Otherwise refusal lands.
Following service orientation is arranged specifically:
Authenticating step when being used for Web bank is following:
1) client inputs user name and fixed password from landing the terminal;
2) host computer accesses this client's dynamic password generator in this customer account number according to client's user name and fixed password, produces first dynamic password and is transmitted back to and land on the terminal screen;
3) client compares first dynamic password that shows on the multiple dynamic cipher device in first dynamic password of bank passback and the hand: different as if two passwords, the client is terminating operation then; If two dynamic passwords are identical, then the client imports second dynamic password that shows on his multiple dynamic cipher device;
4) second dynamic password that generates it oneself of host computer compares with second dynamic password of client's passback, if two passwords are identical, bank just can confirm client's legal identity, thereby the permission client gets into his account number; Otherwise refusal lands.
Authenticating step when being used for market consumption brush credit card is following:
When 1) client pays the bill in cashier, outside card number and cardholder name, also must hand in first dynamic password that shows on the multiple dynamic cipher device;
2) cashier will consume first dynamic password that the amount of money, credit card number, cardholder name and client hand in and be sent to credit card company;
3) reduce out the dynamic password generating routine from this client's account number after credit card company receives, this program first dynamic password that generates and first dynamic password of sending here relatively, then ratify transaction if both are identical, otherwise refusal.
Authenticating step when being used for credit card and paying the bill on the internet is following:
1) client imports second dynamic password that shows on credit card number, cardholder name and the dynamic cipher device;
2) reduce out the dynamic password generating routine from this client's account number after credit card company receives, this program second dynamic password that generates and second dynamic password of sending here relatively, then ratify transaction if both are identical, otherwise refusal.
Be used for withdrawing the money on the ATM or the authenticating step when carrying out other transaction following:
1) client inserts atm card, and the input fixed password is to ATM;
2) point out on the screen on the ATM, please import dynamic password (can be first dynamic password or second dynamic password); The client is input to the dynamic password that shows on the dynamic cipher device on the ATM according to prompting;
3) ATM reads client's account information from the atm card that the client inserts, and is sent to the bank computer main frame to the dynamic password of client's account information and input then;
4) the bank computer main frame accesses this client's dynamic password computing formula under this account; Calculate the dynamic password under the current time; And the dynamic password of itself and client input made comparisons; If two dynamic passwords are identical, then client's account of allowing to get into him is withdrawn the money or is carried out other transaction, gets into otherwise refuse this client.
Beneficial effect: the multiple dynamic cipher device of multiple dynamic cipher device authorization identifying system of the present invention can produce two or more dynamic passwords, and the length of each dynamic password, and the time interval of renewal is all different.Dynamic password be the time (year, month, day, the time, divide, second) function, this functional relation is determined by the dynamic password generator.The dynamic password generator is stored on the processor and host computer of multiple dynamic cipher device.Because the clock of multiple dynamic cipher device and the clock synchronization of host computer, therefore, at each constantly, it is identical respectively with one group of password that host computer produces that multiple dynamic cipher device can produce one group of password.Multiple dynamic cipher device can not only let bank examine client identity authentication, also lets the client examine the true and false of bank's webpage, eliminates fishing webpage (being used to defraud of the forgery webpage of password) effectively.Although the client might be stolen by spyware or trojan horse from the dynamic password that computer is imported, because the term of validity of dynamic password has only short a few minutes, and can only use once, the client has used it just to lose efficacy.What therefore spyware or trojan horse stole only is password expired or that lost efficacy.And multiple dynamic cipher device produces different length, and the dynamic password in the different update time interval can be applied to anti-counterfeiting credit card and anti-clone ATM card easily.Dynamic cipher device and host computer only need considerably less amount of calculation.Therefore, serve the provider and need not to invest substantial contribution expansion host capacity and maintenance, and dynamic cipher device can design to such an extent that volume is urinated in carrying, because it only needs the very little button battery of volume just can keep long operation very much.
Description of drawings
Below in conjunction with accompanying drawing and embodiment the present invention is done further explain.
Fig. 1 is that authorization identifying system of the present invention is formed the structural principle sketch map.
Fig. 2 is an authorization identifying system authentication method flow chart of the present invention.
Fig. 3 is the stereo appearance figure of dynamic cipher device.
Fig. 4 is the stereo appearance figure of shell body.
Fig. 5 is the stereo appearance figure of inner housing.
Fig. 6 is the profile sketch map of electronic unit.
Among the figure, 11-serves provider's host computer, and 12-client lands the terminal, 13-wired or wireless communication network, 1-multiple dynamic cipher device; The 2-inner housing, 3-shell body, 4-electronic unit, 5-power supply; The 6-on & off switch, 7-cryptographic key, 8-LCDs, 9-shell body opening.
Embodiment
Fig. 1 is that multiple dynamic cipher device authorization identifying system of the present invention is formed the structural principle sketch map, from Fig. 1, can see authorization identifying system of the present invention; Comprise that the host computer 11 of serving the provider lands terminal 12 with the client; And the wired or wireless communication network 13 that connects both, also comprising the multiple dynamic cipher device 1 that is in client's hand, its onboard clock and host computer are synchronous; Multiple dynamic cipher device has display screen 8 and switch key 6, multiple dynamic cipher device built-in dynamic password generator.In the host computer of serving the provider 11, also be built-in with corresponding to the identical dynamic password generator of each client's dynamic cipher device, the dynamic password generator can generate two dynamic passwords that upgrade in time; The length of each dynamic password; The time interval of upgrading maybe be different, and the length of first dynamic password is 3 to 5, and be equal to or greater than 2 minutes update time at interval; Be less than or equal to 12 hours; The length of second dynamic password is 4 to 8, and be equal to or greater than 20 seconds update time at interval, is less than or equal to 120 seconds; Dynamic password be time such as year, the moon, day, the time, branch, second function, this functional relation is by the decision of dynamic password generator, two or more dynamic passwords that identical dynamic password generator generates are corresponding identical respectively.The length of first dynamic password of present embodiment is 3 bit digital, is spaced apart 15 minutes update time, and the length of second dynamic password is 5 bit digital, is spaced apart 30 seconds update time.Host computer is when receiving customer name that communication network transmits and fixed password, and the dynamic password generator union that host computer just calls corresponding to this client's multiple dynamic cipher device generates the dynamic password under the current time; And multiple dynamic cipher device ability computing when starting switch generates the dynamic password under the current time.
Dynamic password is also formed by numeral and monogram, can also convert the bar code that is fit to the scanning input to.
Fig. 3 is the stereo appearance figure of dynamic cipher device 1, and the shell of dynamic cipher device 1 is inserted in the shell body 3 by inner housing 2 and constitutes the inner chamber of a sealing, and 4 of electronic units are placed in the inner chamber of this sealing.Fig. 4 is the stereo appearance figure of shell body 3, and Fig. 5 is the stereo appearance figure of inner housing 2, and Fig. 6 is the profile sketch map of electronic unit 4.Electronic unit 4 is by display screen 8, power supply 5, control piece, circuit board and processor (the not having demonstration figure on) composition that is welded on the circuit board.In this example, power supply 5 is batteries, and control piece is on & off switch 6 and cryptographic key 7, and display screen is a LCDs 8.On & off switch 6 is being controlled the operating state of processor and display screen 8,7 displaying contents of controlling display screen 8 of cryptographic key.Opening 9 is arranged on the shell body 3, and these openings 9 face display screen 8 and on & off switch 6 and cryptographic key 7, therefore can see display screen and touch by on & off switch 6 and cryptographic key 7 from these openings 9.
Processor is storing the dynamic password generating routine, and the dynamic password generator is formed (only be as title with first section program and second section program, be used for distinguishing each other, with the location independent of this section program in main program) here by at least two sections.First section program produces the length weak point, and the dynamic password that update time is long at interval is called first dynamic password here and this dynamic password.Second section program generation length is long, and the dynamic password that update time is short at interval is called second dynamic password.First dynamic password is made up of 2 to 5 numerals or letter, and update time is at interval from 2 minutes to 12 hours; Second dynamic password is made up of 4 to 8 numerals or letter, and update time is at interval from 20 seconds to 120 seconds.In this example, first dynamic password has 3 figure places, upgrades once in 15 minutes; Second dynamic password has 5 figure places, upgrades once in 30 seconds.Dynamic password can all be made up of numeral, also can be formed by numeral and monogram.When pressing on & off switch, processor 9 beginning computings according to the dynamic password generator, produce 2 dynamic passwords under the current time.These 2 dynamic passwords can be simultaneously displayed on the display screen 8, also can once only show a password by display screen 8, press cryptographic key 7, and these 2 dynamic passwords alternately are presented on the display screen 8.Automatically disappear after display screen 8 shows 1 minute, processor gets into resting state to save electric energy.Dynamic password also can bar code form be presented on the display screen 8, therefore can import dynamic password quickly and easily with scanner in the cash desk.Dynamic password be year time, the moon, * day, the time, branch or second function, this functional relation is determined by the dynamic password generator.First dynamic password of this example is year, month, day, the time, the function of branch:
First dynamic password=f1 (year, month, day, the time, divide) ... Equation (1)
In second section program, second dynamic password is year, month, day, the time, divide function with second:
Second dynamic password=f2 (year, month, day, the time, divide, second) ... Equation (2)
Provide an example that can produce first section program of first dynamic password below:
A=C1×YY+C2×MM×DD×hh+C3×YY×hh×Int(mm/15)
Equation (3)
In equation 3, the back two digits that YY represents year, MM represents month, and DD represent day, and hh represents hour, and mm represents minute.C1, C2, C3 are coefficients.Here, get C1=3, C2=4, C3=6.Int is a bracket function, and this example is got first dynamic password and upgraded once in 15 minutes, so minute mm quilt in the bracket function is divided by 15.
Set: first dynamic password is chosen last 3 bit digital of A.
If the current time is 16: 35 on the 18th May in 2007, so, YY=7, MM=5, DD=18, hh=16, andmm=35, substitution equation (3):
A=7125
Get last 3 figure places of A, then: first dynamic password=125
Because various dynamic password generators can have thousands of up to ten thousand; And the combinations of coefficients in the program also can have thousands of up to ten thousand kinds; Add dynamic password and only get the part of result of calculation (in the previous example, the 125th, last 3 figure places of A), therefore; Even dynamic password is stolen, do not violate molecule and can't extrapolate the dynamic password generator yet from the dynamic password of stealing.
Simultaneously, host computer also is stored in this dynamic password generator under the customer accounting code.Because the clock synchronization of host computer and dynamic cipher device, therefore, at any time, host computer can both produce identical dynamic password with dynamic cipher device.
Referring to Fig. 2, authorization identifying system of the present invention is applied to the authentication of Web bank, the network gaming login authentication, and each major company, mechanism, the step of remote authentications such as inner website login authentication such as government department is following:
2, host computer accesses this client's dynamic password generator in this customer account number according to customer name and fixed password, produces first dynamic password and is transmitted back to and land on the terminal screen;
4, second dynamic password that generates it oneself of host computer compares with second dynamic password of client's passback, if two passwords are identical, host computer just can be confirmed client's legal identity, thereby the permission client gets into his account number; Otherwise refusal lands.
Although it is synchronous to set the onboard clock and the host computer of multiple dynamic cipher device in theory; But in fact because the human error and the accumulated error of onboard clock after several years of dynamic cipher device when setting, the onboard clock that can make multiple dynamic cipher device in advance or lag behind host computer and can reach 20 to 30 seconds.If the client just first dynamic password update time of host computer point front and back land in half a minute; Because the error of the onboard clock of multiple dynamic cipher device, first dynamic password of host computer passback is different with first dynamic password that multiple dynamic cipher device shows probably.For example; The onboard clock of multiple dynamic cipher device lagged behind host computer 30 seconds; If the client just lands in 10 seconds in the first dynamic password point update time back of host computer; What host computer sent back client terminal is first dynamic password that has upgraded, and client's multiple dynamic cipher device on hand also differs from just renewal in 20 seconds, and what therefore show is host computer first dynamic password of preceding 15 minute period.Therefore first dynamic password that sends back of first dynamic password that shows of multiple dynamic cipher device and host computer is not inconsistent.
For solving the onboard clock error problem of multiple dynamic cipher device, the update time of first dynamic password is big more than error amount at interval, and is general more than 10 minutes.The probability just before and after first dynamic password update time of host computer point, landed in half a minute of client is little so.And host computer upgrades in back one minute at first dynamic password, not only returns the first current dynamic password, also returns first dynamic password of last period to the client simultaneously; Host computer upgrades in last minute at first dynamic password, not only returns the first current dynamic password, also returns first dynamic password of next period to the client simultaneously.First dynamic password that can guarantee the host computer passback like this conforms to first dynamic password that multiple dynamic cipher device shows.
Second dynamic password is to be returned to host computer by the client to check, and the onboard clock error of eliminating multiple dynamic cipher device on the host computer is very simple.For example; Host computer can all calculate second dynamic password of first three period and back three periods; Second dynamic password of calculating second dynamic password of client passback and these host computers then compares, and as if there being one to conform to, then can confirm this client's legal identity.For possibility that second dynamic password is guessed right is very little, also take into account the convenience of client's input, should select second dynamic password of 5 figure places or 6 figure places for use.And set on the host computer with once login; The client only limits the input dynamic password three times, if the dynamic password of continuous three inputs all is wrong, this client logins data and is stolen probably; Host computer will be revoked this client's account number, and the client must handle account number again and open formality.These methods can be stopped to get into through the method for guessing password after the lawless person steals client's login data.
Can know that from following analysis these two of authorization identifying systems of the present invention have different length, the dynamic password in the different update time interval can provide the high safe precautionary measures for various transaction.
Be applied in remote authentication (Web bank, the remote authentication of network gaming etc.)
When client's logging in to online banks (or game website), at first import customer name and fixed password, the host computer of bank accesses this client's dynamic password generator in this customer account number, produces first dynamic password.Host computer is having only 3 figure places; First dynamic password that upgraded in 15 minutes once passes back on the terminal screen of client's login; The client compares first dynamic password that shows on first dynamic password of bank's passback and his multiple dynamic cipher device; If two passwords are identical, the client just can be sure of that the webpage that he logins is official's webpage of bank.At this moment, the client imports second dynamic password that shows on his multiple dynamic cipher device.Second dynamic password that the dynamic password generator that host computer accesses it in this customer account number generates compares with second dynamic password that the client returns; If two passwords are identical; Bank just can confirm client's legal identity, thereby allows the client to get into his account number.Therefore, multiple dynamic cipher device can not only let bank examine client identity authentication, also can let the client examine the true and false of webpage, eliminates fishing webpage effectively.
Be used for the anti-counterfeiting credit card and usurp credit card
When paying the bill in cashier with credit card, outside card number and cardholder name, the client also must hand in first dynamic password that shows on the multiple dynamic cipher device as the anti-tamper security measure.The cashier is the amount of money, the card number of credit card, and first dynamic password that cardholder name and client hand in is sent to credit card company and examines.Reduce out the dynamic password generating routine from this client's account number after credit card company receives, first dynamic password of this program generation and first dynamic password of sending here are compared, if both identical then approvals are concluded the business.If client's credit card information is stolen, the offender also can't remove forged credit card with stealing the credit card information that comes, because first dynamic password just lost efficacy after using once.It is thus clear that, used of the anti-tamper security measure of first dynamic password as credit card, can eliminate forged credit card effectively, and, need not on charging terminal, to increase any equipment.The more important thing is that cashier's input has only first dynamic password of 3 figure places only to need the several seconds, can not increase chargeable time significantly.This point is all very important to businessman and client.If increase chargeable time significantly, can make the time lengthening of paying dues of lining up when busy, some client can be impatient of and abandon buying, and businessman can refuse to use because of income reduces.Therefore, when paying the bill in cashier with credit card with the anti-tamper security measure of first dynamic password of 3 figure places, and without the second long dynamic password of figure place as credit card.In addition, for making more convenient and quicker ground input first dynamic password, also can be shown as bar code to first dynamic password on the display screen.The cashier with scanner scans article price bar code after, scan first dynamic password of the bar code form that shows on the dynamic cipher device again, just can import first dynamic password quickly.
When paying the bill on the internet with credit card, except that card number and cardholder name, the client also must hand in the anti-safety measure of usurping of second dynamic password conduct that shows on the multiple dynamic cipher device.Reduce out the dynamic password generating routine from this client's account number after credit card company receives, second dynamic password of this program generation and second dynamic password of sending here are compared, if both identical then approvals are concluded the business.If client's credit card information is stolen, the offender also can't be used for illegally paying the bill on the internet with stealing the credit card information and second dynamic password that come, because second dynamic password just lost efficacy after using once.Although second dynamic password is longer, the input required time is long slightly, and the client imports on computer screen, and should not be a problem long slightly input time.Yet much bigger when the risk of paying the bill on the net with credit card is paid the bill than in cashier, therefore, figure place is long, brings higher safety update time on the net when the second short dynamic password can be paid the bill for credit card.
Be used for anti-clone ATM card
The client is if will withdraw the money or carry out other transaction on ATM, the client inserts atm card earlier, the input fixed password; ATM screen prompt: please import first dynamic password; The client opens multiple dynamic cipher device, is input to first dynamic password that shows on the multiple dynamic cipher device on the ATM.ATM reads client's account information from the atm card that the client inserts, and is sent to the bank computer main frame to first dynamic password of client's account information and input then.The bank computer main frame accesses this client's the first dynamic password computing formula again under this account, calculates first dynamic password under the current time, and first dynamic password of itself and client's input is made comparisons.If two first dynamic passwords are identical, then client's account of allowing to get into him is withdrawn the money or is carried out other transaction; Otherwise refusing this client gets into.
It is thus clear that the client outside the input fixed password, also will import first dynamic password when using atm card.Because first dynamic password has only three figure places, the client imports three-figure first dynamic password and only needs the several seconds, can not increase client's trouble; The bank ATM machine also need not to transform, and need not increase bank and drop into.But greatly increased safety, because first dynamic password is whenever to upgrade 1 time at a distance from 15 minutes, and can only use once, even be stolen, it lost efficacy, can't remove to clone an atm card with it.If require highlyer, ATM also can require the client to import second dynamic password.The client imports five figure second dynamic password possibly need more than ten second, has increased the time that the client uses a little.
Multiple dynamic cipher device authorization identifying system also can be applicable to the network gaming login authentication, each major company, mechanism, inner website login authentication such as government department.Here do not list one by one.
With respect to other dynamic cipher devices, the multiple dynamic cipher device of authorization identifying system of the present invention also has an advantage, and its required computing is few.Common dynamic cipher device, the for example product of U.S. RSA Security Inc company: the SecurID dynamic cipher device, the SecurID dynamic cipher device produces a quasi random number as dynamic password according to plug-in per 30 seconds.The production process of quasi random number is: the generation of each quasi random number is based on previous quasi random number.Therefore, common dynamic cipher device must whenever incessantly produce a quasi random number at a distance from 30 seconds.Same, this client is every incessantly to produce a quasi random number at a distance from 30 seconds and the bank computer main frame also is necessary for.The device even this client does not access to your password, the bank computer main frame also is necessary for this client's computing password 2880 times every day, and annual computing password is above 1,000,000 times.Hence one can see that, if scrambler is sent out for its each client by bank, bank's host computer is necessary for 1,000,000 passwords of the annual computing of each client.Bank's expansion computer of must injecting capital into also is necessary for and safeguards that computer increases expense so.
Because the dynamic password of multiple dynamic cipher device is the function of time, do not need every incessantly dynamic password that produces at a distance from 30 seconds.When the client starts dynamic cipher device, the dynamic password of multiple dynamic cipher device under the ability computing current time; When dynamic password was transferred to host computer, host computer this client's under the ability computing current time password was made comparisons two passwords then.When the client did not use dynamic cipher device, host computer was not required to be this client's computing password yet.On average, the client just uses dynamic cipher device every day one time, also is that host computer is merely this client's computing password 1 time every day, is merely this client's computing password 360 times every year.Even scrambler is sent out for its each client by bank, bank's host computer need only be the annual computing of each client 360 passwords only.Bank need not infusion of financial resources expansion computer so, also need not to safeguarding that computer increases expense.The use annual fee of each dynamic cipher device is less to ignoring.And because computing is few, power consumption is also few, and the button cell of less electric weight is enough kept 5 year operating period of dynamic cipher device, so multiple dynamic cipher device can be designed to the less thin slice profile of volume.Be easy to carry.
Also be built-in with a plurality of dynamic password generators that correspond respectively to a plurality of service provider host computers at client's multiple dynamic cipher device; Respectively serve the provider and use a pair of dynamic password wherein, just therefore a multiple dynamic cipher device may be used on a plurality of service providers such as each bank or other mechanism.Can also on client's multiple dynamic cipher device, be provided with the data input port, serving the provider can be input to the dynamic password generator of themselves host computer on the multiple dynamic cipher device.Such benefit is that the client only need carry a multiple dynamic cipher device.
Multiple dynamic cipher device also can combine with mobile phone.Bank can be input to the dynamic password generator on the processor of mobile phone, and mobile phone also can produce a pair of length different dynamic password.Such benefit is that the client need not carry multiple dynamic cipher device.
Claims (9)
1. multiple dynamic cipher device authorization identifying system; Comprise that the host computer (11) and the client that serve the provider land terminal (12); And the wired or wireless communication network (13) that connects both; It is characterized in that: also comprise the multiple dynamic cipher device (1) that is in client's hand, the onboard clock and the host computer of this multiple dynamic cipher device are synchronous; Described client's multiple dynamic cipher device is built-in with at least one dynamic password generator; Described host computer is built-in with corresponding to the identical dynamic password generator of each client's multiple dynamic cipher device and is stored under each client's the account number, and described dynamic password generator generates two or more each dynamic passwords that upgrade in time according to the function of time of setting; Described host computer utilization is stored in two or more dynamic passwords that the dynamic password generator under client's the account number produces and distinguishes corresponding identical with client's multiple dynamic cipher device at two or more dynamic passwords that synchronization produces; The length of described first dynamic password is 3 to 5, and be equal to or greater than 2 minutes update time at interval, is less than or equal to 12 hours, and the length of described second dynamic password is 4 to 8, and be equal to or greater than 20 seconds update time at interval, is less than or equal to 120 seconds.
2. multiple dynamic cipher device authorization identifying system according to claim 1 is characterized in that: described dynamic password can also be a bar code for numeral, letter or its combination.
3. multiple dynamic cipher device authorization identifying system according to claim 2 is characterized in that: described multiple dynamic cipher device is provided with display screen and switch key, and the ability computing generates the dynamic password under the current time during startup; When described host computer received customer name that communication network transmits and fixed password, the dynamic password generator union that host computer just calls corresponding to this client's multiple dynamic cipher device generated the dynamic password under the current time.
4. multiple dynamic cipher device authorization identifying system according to claim 3; It is characterized in that: the built-in a plurality of dynamic password generators of described client's multiple dynamic cipher device correspond respectively to the dynamic password generator in a plurality of service provider host computers, respectively serve the provider and use a pair of dynamic password wherein.
5. multiple dynamic cipher device authorization identifying system according to claim 4; It is characterized in that: described client's multiple dynamic cipher device is provided with the data input port, and serving the provider can be input to the dynamic password generator of themselves host computer on the multiple dynamic cipher device.
6. multiple dynamic cipher device authorization identifying system according to claim 1, it is following that it is used for the remote authentication step:
1) client inputs user name and fixed password from landing the terminal;
The host computer of 2) serving the provider accesses this client's dynamic password generator in this customer account number according to client's user name and fixed password, produces first dynamic password and is transmitted back to and land on the terminal screen;
3) client compares first dynamic password that shows on the multiple dynamic cipher device in first dynamic password of the host computer passback of serving the provider and the hand: different as if two passwords, the client is terminating operation then; If two dynamic passwords are identical, then the client imports second dynamic password that shows on his multiple dynamic cipher device;
Second dynamic password that second dynamic password that the host computer of 4) serving the provider generates oneself it and client are transmitted compares; If two passwords are identical; Service provider's host computer just can be confirmed client's legal identity, thereby allows the client to get into his account number; Otherwise refusal lands.
7. multiple dynamic cipher device authorization identifying system according to claim 1, the authenticating step when it is used for the market and is consumed in cashier brush credit card is following:
When 1) client pays the bill in cashier, outside card number and cardholder name, also must hand in first dynamic password that shows on the multiple dynamic cipher device;
2) cashier will consume first dynamic password that the amount of money, credit card number, cardholder name and client hand in and be sent to credit card company;
3) reduce out the dynamic password generating routine from this client's account number after credit card company receives, this program first dynamic password that generates and first dynamic password of sending here relatively, then ratify transaction if both are identical, otherwise refusal.
8. multiple dynamic cipher device authorization identifying system according to claim 1, the authenticating step when it is used for the credit card remote payment is following:
1) client imports second dynamic password that shows on credit card number, cardholder name and the multiple dynamic cipher device;
2) reduce out the dynamic password generating routine from this client's account number after credit card company receives, this program second dynamic password that generates and second dynamic password of sending here relatively, then ratify transaction if both are identical, otherwise refusal.
9. multiple dynamic cipher device authorization identifying system according to claim 1, its be used for withdrawing the money on the ATM or the authenticating step when carrying out other transaction following:
1) client inserts atm card, is input to fixed password and dynamic password on the ATM;
2) ATM reads client's account information from the atm card that the client inserts, and is sent to the bank computer main frame to the dynamic password of client's account information and input then;
3) the bank computer main frame accesses this client's dynamic password computing formula under this account; Calculate the dynamic password under the current time; And the dynamic password of itself and client input made comparisons; If two dynamic passwords are identical, then client's account of allowing to get into him is withdrawn the money or is carried out other transaction, gets into otherwise refuse this client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101864218A CN101162996B (en) | 2007-11-16 | 2007-11-16 | Multiple dynamic cipher device authorization identifying system and identifying method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101864218A CN101162996B (en) | 2007-11-16 | 2007-11-16 | Multiple dynamic cipher device authorization identifying system and identifying method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101162996A CN101162996A (en) | 2008-04-16 |
| CN101162996B true CN101162996B (en) | 2012-11-14 |
Family
ID=39297836
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101864218A Expired - Fee Related CN101162996B (en) | 2007-11-16 | 2007-11-16 | Multiple dynamic cipher device authorization identifying system and identifying method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101162996B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101616003B (en) * | 2008-06-25 | 2012-05-30 | 鸿富锦精密工业(深圳)有限公司 | Password-protecting system and method |
| CN101901306A (en) * | 2009-06-01 | 2010-12-01 | 北京焜安信息技术有限公司 | Network transaction encryption method and dynamic password equipment used by same |
| CN101958787A (en) * | 2010-10-22 | 2011-01-26 | 北京天地融科技有限公司 | Dynamic password token device and parameter configuration processing method thereof |
| CN102868668A (en) * | 2011-07-07 | 2013-01-09 | 陈国平 | Method for preventing phishing website from stealing sensitive information of user |
| CN102477820A (en) * | 2011-09-07 | 2012-05-30 | 贾松仁 | Dynamic password-based electronic lock system and authentication method thereof |
| WO2013185278A1 (en) * | 2012-06-11 | 2013-12-19 | Sun Hongming | Method and apparatus for generating dynamic authorization code, and payment transaction method and system |
| CN102930646B (en) * | 2012-11-05 | 2014-08-06 | 张金木 | Authentication technology based on stock market quotation |
| CN104008312A (en) * | 2014-03-18 | 2014-08-27 | 深圳怡化电脑股份有限公司 | Cardholder identity verification method of ATM (Automatic Teller Machine) |
| CN106302317B (en) * | 2015-05-15 | 2019-07-23 | 北京国双科技有限公司 | The generation method and device of logon web page |
| CN105743643A (en) * | 2016-04-26 | 2016-07-06 | 百度在线网络技术(北京)有限公司 | Communication security detection method and device |
| CN110298946B (en) * | 2019-06-21 | 2021-08-17 | 合肥赛为智能有限公司 | Login verification method and system for rail transit comprehensive monitoring system |
| CN111077843B (en) * | 2019-12-27 | 2021-02-02 | 重庆摩尔水处理设备有限公司 | Time dynamic password-based pure water equipment money-prompting method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1694555A (en) * | 2005-05-24 | 2005-11-09 | 北京易诚世纪科技有限公司 | Dynamic cipher system and method based on mobile communication terminal |
| US7051929B2 (en) * | 2004-10-18 | 2006-05-30 | Gongling Li | Secure credit card having daily changed security number |
| CN1937498A (en) * | 2006-10-09 | 2007-03-28 | 网之易信息技术(北京)有限公司 | Dynamic cipher authentication method, system and device |
| CN1952984A (en) * | 2005-10-17 | 2007-04-25 | 李巩令 | Safety credit card giving new safety numbers everyday |
| CN1992590A (en) * | 2005-12-29 | 2007-07-04 | 盛大计算机(上海)有限公司 | Identity authentication system of network user and method |
-
2007
- 2007-11-16 CN CN2007101864218A patent/CN101162996B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7051929B2 (en) * | 2004-10-18 | 2006-05-30 | Gongling Li | Secure credit card having daily changed security number |
| CN1694555A (en) * | 2005-05-24 | 2005-11-09 | 北京易诚世纪科技有限公司 | Dynamic cipher system and method based on mobile communication terminal |
| CN1952984A (en) * | 2005-10-17 | 2007-04-25 | 李巩令 | Safety credit card giving new safety numbers everyday |
| CN1992590A (en) * | 2005-12-29 | 2007-07-04 | 盛大计算机(上海)有限公司 | Identity authentication system of network user and method |
| CN1937498A (en) * | 2006-10-09 | 2007-03-28 | 网之易信息技术(北京)有限公司 | Dynamic cipher authentication method, system and device |
Non-Patent Citations (2)
| Title |
|---|
| 郭玉娇,黄建华,何希.一种实现双向认证的动态口令身份认证方案.计算机与信息技术 7.2007,(7),第12-15页. |
| 郭玉娇,黄建华,何希.一种实现双向认证的动态口令身份认证方案.计算机与信息技术 7.2007,(7),第12-15页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101162996A (en) | 2008-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101162996B (en) | Multiple dynamic cipher device authorization identifying system and identifying method thereof | |
| US8200978B2 (en) | Security device and method incorporating multiple varying password generator | |
| US8494959B2 (en) | Payment card with dynamic account number | |
| US8266441B2 (en) | One-time password credit/debit card | |
| CN202210326U (en) | Personal payment terminal provided with keyboard | |
| WO2017137888A1 (en) | Systems and methods for messaging, calling, digital multimedia capture, payment transactions, global digital ledger, and national currency world digital token | |
| US20090172402A1 (en) | Multi-factor authentication and certification system for electronic transactions | |
| GB2387999A (en) | Generation of variable authentication codes, each code being generated using the immediately preceding authentication code and fixed data | |
| US20090031407A1 (en) | Method and system for security check or verification | |
| JP2017515248A (en) | Wireless digital wallet implementation method and system | |
| MXPA03002050A (en) | Embedded synchronous random disposable code identification method and system. | |
| CN102906776A (en) | A method for mutual authentication of a user and service provider | |
| WO2014108916A1 (en) | A computer implemented system and method for cashless and cardless transactions | |
| AU2023237157A1 (en) | E-card | |
| CN115244562A (en) | Systems, methods, and computer-accessible media for reward information authentication | |
| CN101223729A (en) | Updating a mobile payment device | |
| CN201218950Y (en) | Authorization and authentication system for multi-dynamic password device | |
| US20020032874A1 (en) | System and method for identity verification | |
| WO2017102098A1 (en) | Financial apparatus and method | |
| JPH05504643A (en) | money transfer system | |
| CN100353705C (en) | Disposable cipher protection careless electronic transaction payment method | |
| KR20010078424A (en) | A Lottery Direct Ticketing Processing System and Method Therefore through Internet | |
| JP5589471B2 (en) | Royalty management system, royalty management method and token | |
| Read | EFTPOS: electronic funds transfer at point of sale | |
| US20200410493A1 (en) | Computer Implemented System and Method for Cashless and Cardless Transactions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121114 Termination date: 20181116 |