CN104023030A - Method for synchronizing token passwords - Google Patents
Method for synchronizing token passwords Download PDFInfo
- Publication number
- CN104023030A CN104023030A CN201410279880.0A CN201410279880A CN104023030A CN 104023030 A CN104023030 A CN 104023030A CN 201410279880 A CN201410279880 A CN 201410279880A CN 104023030 A CN104023030 A CN 104023030A
- Authority
- CN
- China
- Prior art keywords
- password
- token
- synchronous
- dynamic password
- dynamic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method for synchronizing token passwords. The method is characterized by including the steps that at least the prior password and the post password are spliced through a token, a password obtained after splicing is input into an authentication server and verified by the authentication server multiple times, and synchronization is completed. According to the method, due to the fact that the passwords are spliced one time to be sent to a user, the user only needs to input the password one time to be capable of completing synchronization, input of the user is reduced, unnecessary trouble is avoided, the server can achieve the effect that the password is synchronously verified multiple times, and synchronization is completed.
Description
Technical field
The present invention relates to network information security technology, be specifically related to the simultaneous techniques of dynamic token.
Background technology
Token authentication, already in industries such as bank, security, government department, University Scientific Research mechanisms, is generally used as ensuring information safety; As time goes on or the reason such as terminal, the authentication track of token seed can be offset, and is synchronously at this moment the effective means of corrigendum seed skew;
At present synchronous method is a lot: be mostly to adopt repeatedly password continuously, or repeatedly password authentication method.Such as: once require user to input 2 or 3 token passwords that token produces continuously, checking must all be passed through, and completes thus synchronous; Also there is requirement user to input a password authentication success, then at a password of input, again verify, repeat like this 2 times or 3 times, by checking, complete synchronous.
The synchronous method that these are traditional, frequent with user interactions, user experiences poor.User's input repeatedly, the possibility of input error increases, and completes synchronous efficiency lower.
Summary of the invention
For existing problem in existing token synchronization scenario, the object of the present invention is to provide a kind of to need once-through operation can complete fast the synchronous method of token password.
In order to achieve the above object, the present invention adopts following technical scheme:
A synchronous method for token password, the method by front and back at least two password amalgamations, and inputs to certificate server by the password after amalgamation by token, makes certificate server multiple authentication password, completes synchronous.
In the preferred version of the method, described synchronous method comprises the steps:
(1), when synchronous, token terminal is used current time and token seed to generate current dynamic password within the scope of current step value;
(2) then token terminal re-use within the scope of at least previous step value corresponding time and token seed generate before dynamic password;
(3) the current dynamic password generating and dynamic password amalgamation are before formed for to the synchronous password authenticating;
(4) this synchronous authenticate password input is committed to certificate server;
(5) certificate server is after getting synchronous authenticate password, decomposes and obtains current dynamic password and dynamic password before, and in large window value, generate corresponding dynamic password with certificate server respectively successively and mate checking according to its amalgamation rule; If be verified, record kind of sub-trajectory, synchronously success; Otherwise synchronization failure.
Further, the dynamic password generating in described step (1) and step (2) is 4 dynamic passwords.
Further, in described step (3) by current dynamic password and before dynamic password in order amalgamation form synchronous authenticate password.
Scheme provided by the invention has greatly reduced user's input number of times, and user only need input password one time, just can complete synchronous, so not only improved user's experience, can also effectively reduce user misoperation, server also can arrive the effect of synchronous multiple authentication password simultaneously, completes synchronous.Compare with traditional synchronous method, this synchronous method has greatly improved, and the promotion of simultaneous techniques is had to certain meaning.
Accompanying drawing explanation
Below in conjunction with the drawings and specific embodiments, further illustrate the present invention.
Fig. 1 is that the present invention carries out the synchronous flow chart of password.
Embodiment
For technological means, creation characteristic that the present invention is realized, reach object and effect is easy to understand, below in conjunction with concrete diagram, further set forth the present invention.
The present invention is by produce a plurality of passwords in token terminal, and will after these password amalgamations, once issue user, and user is as long as input to certificate server by the password after amalgamation, and certificate server carries out multiple authentication to this password, realizes synchronous.In this verification process, user only need input password one time, reduces the trouble that user repeatedly inputs, and avoids repeatedly inputting the problem that occurs misoperation, can make server multiple authentication password simultaneously, completes synchronous.
Based on above-mentioned principle, the present invention realizes password synchronizing process following (as shown in Figure 1):
1, when synchronous, token terminal, within the scope of step value, is used current time and token seed to generate the current dynamic password A of 4, and the step value of this token terminal calculating dynamic password is 30s as an example.
2, then token terminal re-uses the time of correspondence within the scope of previous step value and the dynamic password B before that token seed generates 4; Use first 30 seconds corresponding time of current time and token seed to generate the dynamic password of 4.
, adopt the dynamic password of 4 herein, can guarantee, under the prerequisite of fail safe, to avoid the problem of the long reduction dynamic password of password ease for use like this.
This scheme is not limited to calculate the previous step value of current time again, can calculate as required two dynamic passwords that the continuous step value of the first two is corresponding.
3, before calculate in 4 current dynamic password A that token terminal calculates step 1 and step 24, dynamic password B is stitched together in order and forms one 8 for the dynamic password C of synchronous authentication.
In splicing during password, by corresponding 4 the splicing successively and once forming 8 dynamic password C for synchronously authenticating according to succession for the dynamic password B dynamic password A corresponding with current step value of front step value.
4,8 dynamic password C for synchronous authentication that token terminal formed are sent to certificate server together in conjunction with carrying out synchronous service order.
5, certificate server is after getting this synchronous authentication dynamic password of 8, obtain seed data corresponding to this token terminal, in a large window value, generate corresponding dynamic password C, and by the synchronous authentication dynamic password of 8 separately, obtain successively 4 dynamic password B and 4 dynamic password A, again by password B and A successively respectively with in large window value, generate corresponding dynamic password and mate, complete checking.Be verified record kind of sub-trajectory, synchronously success; Otherwise synchronization failure.
Concrete, certificate server receives after the data of being inputted by dynamic token end, first according to service order, obtain corresponding what type of service of dynamic password C of 8, according to synchronously requiring after service order in the data that receive, determine that the dynamic password C of 8 is for synchronous authentication herein.
Thus, certificate server is by after this synchronous authentication dynamic password C of 8, according to the built-up sequence of token terminal, the synchronous authentication dynamic passwords of 8 are decomposed, obtain 4 dynamic password B and 4 dynamic password A that current step value is corresponding that front step value is corresponding.
Then, obtain seed data corresponding to this token terminal, a large window is set, in large window value, generate corresponding dynamic password (may have a plurality of passwords).This large window is for limiting the shift time up and down of current seed, in this large window, some large window value are the parameter that seed is arranged, according to large window value, can calculate the shift time up and down of seed, then according to these upper and lower shift times, can calculate the dynamic password in large window.
Then by corresponding dynamic password B and 4 the dynamic password A that current step value is corresponding of 4 front step values that separate, mate with the dynamic password generating in large window value respectively in order, complete checking.If all pass through, be verified record kind of sub-trajectory, synchronously success; Otherwise synchronization failure.
For the record of kind of sub-trajectory, first according to dynamic password B corresponding to 4 front step values that separate and 4 dynamic password A corresponding to current step value, distinguish two dynamic passwords in corresponding large window value, determine the time that this two dynamic password is corresponding; By this two time difference, calculated again the time offset of seed; Finally, again according to 4 dynamic password B and 4 order that dynamic password A front and back corresponding to current step value authenticate that front step value is corresponding, determine the offset direction of the seed time offset calculating: upper skew is lower skew still, obtain thus the final skew track of seed.Can determine like this skew track that accurately records seed.
When re-using this seed and generating dynamic password, by the participation of " seed time offset ", can obtain the dynamic password after synchronous.
Hardware token take below as example, illustrate the present invention in the process of the actual use of token.
Hardware token is the most widely used token terminal in current token field.Hardware token is compared with other token terminal, has the feature of oneself: sealing, interactive, have a life cycle etc.Hardware token can not complete synchronously by the synchronization server time as handset token terminal; But can complete synchronously by continuous password authentication.
Hardware token increases synchronizing function at setting option, when selection is synchronous, hardware token triggering synchronous function, now token will be used time and the seed data of current time and last generation password to generate respectively the password of 4, be combined in order the password of 8, be presented on screen.
Now, user inputs 8 passwords in client, and is submitted to server.
Server, after receiving 8 passwords, decomposes this 8 passwords, generates and obtains two 4 passwords respectively, then mates checking with the dynamic password of certificate server in large window value in order, completes synchronizing process, returns to client.
Synchronous success, hardware token can carry out authentication operation.
More than show and described basic principle of the present invention, principal character and advantage of the present invention.The technical staff of the industry should understand; the present invention is not restricted to the described embodiments; that in above-described embodiment and specification, describes just illustrates principle of the present invention; without departing from the spirit and scope of the present invention; the present invention also has various changes and modifications, and these changes and improvements all fall in the claimed scope of the invention.The claimed scope of the present invention is defined by appending claims and equivalent thereof.
Claims (4)
1. a synchronous method for token password, is characterized in that, described method by front and back at least two password amalgamations, and inputs to certificate server by the password after amalgamation by token, makes certificate server multiple authentication password, completes synchronous.
2. the synchronous method of a kind of token password according to claim 1, is characterized in that, described synchronous method comprises the steps:
(1), when synchronous, token terminal is used current time and token seed to generate current dynamic password within the scope of current step value;
(2) then token terminal re-use within the scope of at least previous step value corresponding time and token seed generate before dynamic password;
(3) the current dynamic password generating and dynamic password amalgamation are before formed for to the synchronous password authenticating;
(4) this synchronous authenticate password input is committed to certificate server;
(5) certificate server is after getting synchronous authenticate password, decomposes and obtains current dynamic password and dynamic password before, and in large window value, generate corresponding dynamic password with certificate server respectively successively and mate checking according to its amalgamation rule; If be verified, record kind of sub-trajectory, synchronously success; Otherwise synchronization failure.
3. the synchronous method of a kind of token password according to claim 1, is characterized in that, the dynamic password generating in described step (1) and step (2) is 4 dynamic passwords.
4. the synchronous method of a kind of token password according to claim 1, is characterized in that, in described step (3) by current dynamic password and before dynamic password in order amalgamation form synchronous authenticate password.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410279880.0A CN104023030A (en) | 2014-06-20 | 2014-06-20 | Method for synchronizing token passwords |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410279880.0A CN104023030A (en) | 2014-06-20 | 2014-06-20 | Method for synchronizing token passwords |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104023030A true CN104023030A (en) | 2014-09-03 |
Family
ID=51439600
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410279880.0A Pending CN104023030A (en) | 2014-06-20 | 2014-06-20 | Method for synchronizing token passwords |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104023030A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106506529A (en) * | 2016-12-06 | 2017-03-15 | 上海众人网络安全技术有限公司 | A kind of mutual authentication method and system |
| CN107425977A (en) * | 2017-04-28 | 2017-12-01 | 北京海泰方圆科技股份有限公司 | Dynamic token method for synchronizing time and device |
| CN107453871A (en) * | 2016-05-30 | 2017-12-08 | 阿里巴巴集团控股有限公司 | Password generated method, password authentication method, method of payment and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040103064A1 (en) * | 2002-11-26 | 2004-05-27 | Thomas Howard | Models for marketing and selling access to on-line content |
| CN103814380A (en) * | 2011-08-02 | 2014-05-21 | 高通股份有限公司 | Method and apparatus for using a multi-factor password or a dynamic password for enhanced security on a device |
-
2014
- 2014-06-20 CN CN201410279880.0A patent/CN104023030A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040103064A1 (en) * | 2002-11-26 | 2004-05-27 | Thomas Howard | Models for marketing and selling access to on-line content |
| CN103814380A (en) * | 2011-08-02 | 2014-05-21 | 高通股份有限公司 | Method and apparatus for using a multi-factor password or a dynamic password for enhanced security on a device |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107453871A (en) * | 2016-05-30 | 2017-12-08 | 阿里巴巴集团控股有限公司 | Password generated method, password authentication method, method of payment and device |
| CN107453871B (en) * | 2016-05-30 | 2020-07-03 | 阿里巴巴集团控股有限公司 | Password generation method, password verification method, payment method and payment device |
| CN106506529A (en) * | 2016-12-06 | 2017-03-15 | 上海众人网络安全技术有限公司 | A kind of mutual authentication method and system |
| CN107425977A (en) * | 2017-04-28 | 2017-12-01 | 北京海泰方圆科技股份有限公司 | Dynamic token method for synchronizing time and device |
| CN107425977B (en) * | 2017-04-28 | 2018-07-31 | 北京海泰方圆科技股份有限公司 | Dynamic token method for synchronizing time and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102843236B (en) | Generation and authentication method and system for dynamic password | |
| CN109542888A (en) | The data modification and synchronous method of block chain, device, equipment and storage medium | |
| CN102123148B (en) | Authentication method, system and device based on dynamic password | |
| CN103441856A (en) | Dynamic password authentication method and device | |
| CN109587238A (en) | The data processing of block chain and synchronous method, device, equipment and storage medium | |
| CN112001502A (en) | Federal learning training method and device for high-delay network environment robustness | |
| CN106713370B (en) | A kind of identity identifying method, server and mobile terminal | |
| CN104579558A (en) | Method for detecting integrity in data transmission process | |
| CN105574398B (en) | A kind of verification code verification method and device | |
| CN103514410A (en) | Dependable preservation and evidence collection system and method for electronic contract | |
| KR20160126986A (en) | Voice print verification method and apparatus, storage medium and device | |
| CN104539421A (en) | Realizing method for mobile token based on dynamic algorithm seed | |
| CN104580104A (en) | Method, device and system for identity verification | |
| CN101252437A (en) | Dynamic verification method, system and apparatus of client terminal identification under C/S architecture | |
| CN104023030A (en) | Method for synchronizing token passwords | |
| CN105956921A (en) | Method and device for selecting bankcard number by user himself/herself | |
| CN110113334A (en) | Contract processing method, equipment and storage medium based on block chain | |
| WO2019041819A1 (en) | Accreditation method and apparatus, and computer device and storage medium | |
| CN104935555B (en) | client certificate authentication method, server, client and system | |
| US20160156610A1 (en) | Message Pushing System And Method | |
| CN113407593A (en) | Data sampling method and device, electronic equipment and readable storage medium | |
| CN104519054A (en) | Digital signature method, device and system | |
| CN103514651A (en) | Internet lottery secure transaction and claiming system based on face recognition and method thereof | |
| CN103514564A (en) | System and method of Internet lottery secure transaction and prize claiming based on signature recognition | |
| CN104618112A (en) | Method for verifying dynamic password of dynamic token |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140903 |