CN1268157C - A handset used for dynamic identity authentication - Google Patents

A handset used for dynamic identity authentication Download PDF

Info

Publication number
CN1268157C
CN1268157C CN200310111571.4A CN200310111571A CN1268157C CN 1268157 C CN1268157 C CN 1268157C CN 200310111571 A CN200310111571 A CN 200310111571A CN 1268157 C CN1268157 C CN 1268157C
Authority
CN
China
Prior art keywords
password
user
mobile phone
dynamic
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200310111571.4A
Other languages
Chinese (zh)
Other versions
CN1547403A (en
Inventor
胡汉平
王祖喜
吴晓刚
曾伟国
吴俊�
王凌斐
刘博�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN200310111571.4A priority Critical patent/CN1268157C/en
Publication of CN1547403A publication Critical patent/CN1547403A/en
Application granted granted Critical
Publication of CN1268157C publication Critical patent/CN1268157C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention discloses a mobile phone used for dynamic identity authentication. A dynamic identity authentication client end application module is arranged in the SIM card of the mobile phone, and the application module can independently generate a dynamic identity authentication password which is identical and synchronous with an authentication server; a memory is connected with a dynamic password generator, a password comparator and a controller; the dynamic password generator is used for generating a user current authentication password by a current working password Ks, the authentication password is corresponding to the authentication password of the server, and a user is informed of the authentication password through the output device of the mobile phone; the password comparator is used for judging whether the user of the mobile phone is valid, and the controller is used for controlling the coordination work of modules. Compared with an existing mobile phone, the mobile phone is characterized in that the mobile phone can generate a dynamic identity authentication password, and further, the mobile phone can complete an authentication system security protocol together with the authentication server. Through the security protocol, the user can start and cancel the functions of the dynamic identity authentication service at any time, actively requesting the mobile phone to be synchronous with the authentication system, the user's requesting unlocking, etc.

Description

A kind of mobile phone that is used for dynamic identity authentication
Technical field
The invention belongs to the information security certification technology, its comprehensive utilization electronic computer, information coding and mobile communication technology are realized, can be applied to system and field that many needs such as bank, security carry out authentication, be specifically related to a kind of mobile phone that is used for dynamic identity authentication.
Background technology
Authentication is to realize one of important mechanisms of network security, in the network service of safety, the identity that the communication parties that relates to must be verified them by the ID authentication mechanism of certain form with declared whether consistent, could realize access control and record then for different user.As far back as phase earlier 1970s, how International Banks card association carries out authentication to guarantee the problem of security of system to the user with regard to having run into.Along with the fast development of information technology, the listener-in can adopt the rudimentary method of spying on to obtain password; Utilize " Password file " system the conjecture password, analyze agreement and leach password (the control program is smelt in utilization); Monitor and obtain password with TSR (terminal TSR); Break through computer security mechanism with methods such as trojan-horse program intercepting and capturing passwords and carry out unauthorized access; Steal the data and the bank cipher of credit card number, Web bank from computer with computer virus (as: bugbear virus).More effective prevention method adopts the dynamic electronic cipher technology exactly.Its essence is by certain rule and regularly or after each the use change password, the password of input was all inequality when the user visited at every turn, and this has just increased difficulty to electronic theft.
Utilize above-mentioned technology method and system we (00114328.X) propose in two patents of invention in " dynamic electronic cipher formation method " (99116451.2) and " dynamic electronic cipher system ".But, because user cipher card and host computer system mainly is to adopt contactless Clock Synchronization Technology synchronously, may cause the temporal accumulation of error thus, therefore need after a period of time, proofread and correct both sides' clock; In addition, the use of user cipher card has increased user's use burden; And the user cipher card of this band keyboard and LCDs also can damage because of using accidentally.For overcoming above-mentioned shortcoming, we have proposed the patent of invention of " dynamic password radio transmitting method " (99116517.9) again.But because dynamic password transmits with clear-text way in this method, the listener-in can intercept and capture the authentication password very easily.And this method can't guarantee the real-time that authenticates when wireless communication is crowded.The inventor has invented a kind of new dynamic identity authentication method, sees another patent application of the applicant " a kind of dynamic identity authentication method and system ".This method both can effectively have been taken precautions against by spying on or guessing the illegal login that authentication password carries out, can effectively take precautions against again by intercepting and capturing the illegal login that the transmission data are carried out, can increase substantially the fail safe of system, and the dynamic password in the verification process do not need to use wireless network transmissions, guaranteed the real-time of authentication.This method in use need adopt a kind of mobile phone dedicated as identity token.
Summary of the invention
The object of the present invention is to provide a kind of mobile phone that is used for dynamic identity authentication, this mobile phone can be used as identity token, uses in dynamic identity authentication, to improve authenticating safety and real-time.
A kind of mobile phone that is used for dynamic identity authentication provided by the invention, it is characterized in that: be provided with the dynamic identity authentication client application module in the SIM card of this mobile phone, this application module is made of dynamic password generator, memory, password comparator and controller, can independently produce the dynamic identity authentication password identical and synchronous with certificate server;
Memory is used to store user ID, user identity card number, log-in password Pr, encryption key Ke, and is responsible for the startup password or the handset token password Pt of work at present password Ks that storage is used to produce current dynamic identity authentication password, client's application module and inputs the times N t of token access password continuously mistakenly on token; It links to each other with dynamic password generator, password comparator and controller;
The dynamic password generator is used for the method for synchronization generation user current authentication password according to time or incident by work at present password Ks, this authentication password is corresponding with the current authentication password of server, and this authentication password is informed the user by the output device of mobile phone;
Password comparator is used for judging whether the cellphone subscriber is legal;
Controller is used to control the co-ordination of above-mentioned each module, it is according to predetermined agreement, the control mobile phone is revised the work at present password Ks that stores in the memory by the received work password that is sended over by server, proofreaies and correct because the step-out between the dynamic password generator in dynamic identity authentication mobile phone that misoperation of users or time integral error are caused and the server; Also control mobile phone with the encryption key Ke that stores in the received encryption key modification memory that sends over by server; Transmit predefined request, response message between controller control mobile phone and the server, realize the dynamic identity authentication service of the unlatching of corresponding with it strange land, cancellation and release.
What mobile phone provided by the invention was different with existing mobile phone is that it can produce the dynamic identity authentication password, and this mobile phone can be finished the Verification System security protocol jointly with certificate server.By security protocol, the user can open at any time and cancel dynamic identity authentication service, active request mobile phone and Verification System synchronously, the user asks functions such as release.
Description of drawings
Fig. 1 is the structural representation of the dynamic identity authentication client application module of mobile phone provided by the invention;
Fig. 2 is Verification System overall structure figure;
Fig. 3 is the certificate server software architecture diagram;
Fig. 4 is the dynamic identity authentication procedure chart, and wherein 4.1 is mobile phone end implementations, the 4.2nd, and certificate server end implementation;
Fig. 5 is for starting dynamic identity authentication service process figure, and wherein 5.1 is mobile phone end implementations, and the 5.2nd, certificate server end implementation;
Fig. 6 is application system synchronizing process figure, and wherein 6.1 is mobile phone end implementations, the 6.2nd, and certificate server end implementation;
Fig. 7 is application user account number releasing process figure, and wherein 7.1 is mobile phone end implementations, the 7.2nd, and certificate server end implementation;
Fig. 8 is cancellation dynamic identity authentication service process figure, and wherein 8.1 is mobile phone end implementations, the 8.2nd, and certificate server end implementation;
Fig. 9 is a security protocol message format key diagram, and wherein 9.1 is protocol message head forms, the 9.2nd, and service request information physique formula, the 9.3rd, service response message body form;
Embodiment
Mobile phone provided by the invention can write the dynamic identity authentication client application module on the SIM card of regular handset.The SIM card of mobile phone possesses JAVA program running environment, the dynamic identity authentication client application module is to use the Embedded Application module of JAVA language development, can be written in the SIM card of mobile phone by mobile phone manufacturer or other mechanism SIM card write device (as TY311).As shown in Figure 1, the 22nd, SIM card part-structure figure in the handset token, the 23rd, the interface section structure chart of mobile phone.Dynamic identity authentication client application module in the mobile phone comprises dynamic password generator 14, memory 15, password comparator 16 and controller 17.Memory 15 is used to store user ID, user identity card number, log-in password Pr, adds, decruption key Ke, and is responsible for work at present password Ks (it is identical storing the work at present password with server), startup password or the mobile phone password Pt and the continuous times N t that inputs the token access password mistakenly on mobile phone of client's application module that storage is used for producing current dynamic identity authentication password.Encryption key Ke and work at present password Ks are when user applies is served, and certificate server is that user mobile phone distributes; The startup password of client's application module or mobile phone password Pt are provided and are write SIM card by the user.Memory 15 links to each other with dynamic password generator 14, password comparator 16 and controller 17.Dynamic password generator 14 usefulness cause work at present password Ks produce user's current authentication password, can be stream cipher arithmetics such as RC4, and are corresponding with the server authentication password.Dynamic password generator 14 links to each other with display 20 by the display interface 18 of mobile phone, and the password that is produced is presented on the display screen.Password comparator 16 is used for judging whether the cellphone subscriber is legal, and it links to each other with keyboard 21 by keyboard interface 19, and the user compares with the startup password or the mobile phone password Pt of client's application module by the password of keyboard input like this.Controller 17 is used for controlling the co-ordination of each module.
The present invention just adds above-mentioned module in existing mobile phone, it does not influence the original structure of mobile phone, function and the course of work, and these neither content of the present invention, so do not repeat them here.Hereinafter, our mobile phone that will be provided with above-mentioned application module is referred to as " handset token ".
Be example with the banking system below, be described with reference to the accompanying drawings and adopt mobile phone provided by the invention to carry out the system configuration and the verification process of dynamic identity authentication.
One, system configuration explanation
Fig. 2 is Verification System overall structure figure, comprises user terminal 6, subscriber information server 1, certificate server 2 and handset token 5.Subscriber information server 1 is the data server in the system, uses the oracle9i Database Systems, wherein deposits the form that sets according to the authentication agreement, and needed each user profile in the verification process is provided.It comprises following field: identification card number, user ID, log-in password Pr, add, sign that decruption key Ke, work at present password Ks (with to store the work at present password in the handset token be identical), account number just are being used (prevent competition from attacking) and cell-phone number etc.Subscriber information server 1 receives operation (inquiry and the modification user profile) request of certificate server 2, and this operation requests is used the OLEDB data-interface.Certificate server 2 is Server ends of whole Verification System, is responsible for receiving and finishing user's service request.Be furnished with service module, password generation module 3, the communication module 4 of certificate server end in the certificate server.Password generation module 3 is responsible for producing the dynamic identity authentication password of server end, is that the hardware of " dynamic electronic cipher generation algorithm " is realized, it uses server-bus to communicate by letter with certificate server 2.Communication module 4 uses com port to communicate by letter with certificate server 2, and handset token 5 is the user mobile phones that can finish the authentication token function, and its SIM card possesses JAVA program running environment.The application module of dynamic identity authentication client is to use the Embedded Application module of JAVA language development, and it is written in the SIM card of handset token 5 by SIM card write device TY311.The dynamic password generation algorithm that the application module of the dynamic identity authentication client in the handset token 5 is identical with password generation module 3 uses in the certificate server, and the synchronous dynamic identity authentication password of independent generation.User terminal 6 (as the ATM terminal) is communicated by letter with authentication server 2 by bank's internal network 7.The user side dynamic identity authentication password of submitting to handset token to produce by the user to certificate server during authentication, certificate server compares the server end dynamic identity authentication password of user side dynamic identity authentication password and oneself generation, and judges that according to comparative result whether the user is by authentication.
Fig. 3 is a certificate server end service module structure chart.Certificate server end service module is that the Server of Verification System holds software, mainly finishes functions such as Network Transmission is controlled, the Verification System security protocol is handled, the encryption and decryption of message transmission, user profile is visited and dynamic password obtains and keep in.Certificate server end service module comprises user profile access modules 8, dynamic password access modules 9, protocol process module 10, hard core control module 11, encrypting module 12 and network transmission module 13.User profile access modules 8 is access modules of rear end subscriber information server, be responsible for finishing the subscriber information management order of hard core control module 11, comprise and set up new account, revise existing account information, delete expired account information, locking or release user account number and control access privilege etc.Dynamic password access modules 9 is access modules of dynamic password generation module in the authentication service, and it receives the user key information that hard core control module 11 provides, and produces the dynamic password in the verification process, and gives hard core control module 11 with dynamic password and keep in.Protocol process module 10 is Server end for process of dynamic identity authentication system safety agreement, and it receives the security protocol information that hard core control module 11 provides, and result is returned to hard core control module 11.Hard core control module 11 is cores of whole certificate server end software, is responsible for correlation and information transmission between other modules of coordination.Encrypting module 12 is mainly finished the information encryption and decryption request of hard core control module 11.Network transmission module 13 is mainly finished the message transmission task of server end, the information of communication module in information of its reception bank proprietary network and the certificate server.It also handles the message transmission request of hard core control module simultaneously, and different kinds of information is sent in the different communication networks.
Two, verification process
As shown in Figure 4, verification process may further comprise the steps:
(1) user inserts bank card in the ATM terminal, submits user profile to, and sends ID authentication request to authentication server;
(2) after authentication server receives authentication request, at first verify the legitimacy of user profile.If this user is validated user (this user's information has been kept at User Information Database), authentication server produces server end dynamic identity authentication password and temporary, and inputs user side dynamic identity authentication password user terminal prompting user.The detailed process process of this step is as follows:
(2.1) after the network transmission module in the authentication server receives authentication request, submit user's request to the hard core control module.
(2.2) the hard core control module is by user profile access modules searching user's information database, if this user's information not in the User Information Database, hard core control module generation error message, and being transferred to the ATM terminal by network transmission module, terminal is received this message rear line prompting: the user profile mistake.If this user's information is arranged in the User Information Database, the subscriber information management module is returned this user's user profile to the hard core control module so, and check wherein Identification_Mode field value (field value is that 0 expression user uses the static password authentication, is that dynamic cipher verification is used in 1 expression).
(2.3) if Identification_Mode=1, then the hard core control module is inquired about this user's Lock_State field (field value is that 0 expression user is for locked, be that 1 expression user is locked), if Lock_State=1, the hard core control module is to the ATM terminal transmits information, point out this user locked, and withdraw from verification process, otherwise the hard core control module is transmitted this user's work at present password to the dynamic password access modules, the dynamic password generation module produces this dynamic authentication password of this user and returns to the hard core control module according to the work at present password, the hard core control module is temporary with this user's dynamic identity authentication password, and to the ATM terminal transmits information, the prompting user inputs user side dynamic identity authentication password.
If validated user finds that the account of oneself is locked, then can be by handset token application release, the detailed process of release is seen " user applies release " part of dynamic identity authentication security protocol.
(3) user produces user side dynamic identity authentication password by handset token, is presented on the mobile phone screen.
It must be emphasized that the user must be provided by " handset token initialization " and " opening the dynamic identity authentication service " two processes before the dynamic identity authentication service of using bank to provide.The detail of two processes is seen dynamic identity authentication security protocol " handset token initialization " and " opening the dynamic identity authentication service " two parts.
(4) user imports and is sent to authentication server with shown user side dynamic identity authentication password on the mobile phone screen by user terminal, waits for authentication.
(5) if the user side dynamic identity authentication password that authentication server receives is consistent with server end dynamic identity authentication password, then by authentication; Otherwise authentication is not passed through.The detailed process of this step is as follows:
(5.1) the hard core control module of certificate server obtains the user side dynamic identity authentication password that this user submits to from network transmission module;
(5.2) the hard core control module compares user side dynamic identity authentication password and temporary server end dynamic identity authentication password, if both unanimities, then the hard core control module by network transmission module to the ATM terminal transmits information, the success of prompting authentification of user, otherwise, the hard core control module is revised user profile in the User Information Database by user profile network module, WrongPSW_Count field in this user profile is added 1 (this user was with locked when WrongPSW_Count reached critical value), and send row information to the ATM terminal by network transmission module, require the user to restart verification process;
Must be pointed out that if validated user finds that the user can use the handset token Request System synchronous by passing through authentication after the correct operation, synchronizing process is seen " user applies system synchronization " part of dynamic identity authentication security protocol.
Three. the dynamic identity authentication security protocol
Dynamic identity authentication method based on the handset token mode is a kind of authentication method based on synchronous dynamic authentication password, need to guarantee the system synchronization of handset token and certificate server in implementation process, the present invention uses the dynamic identity authentication security protocol to realize this purpose.The dynamic identity authentication security protocol is based on the supporting protocol of the dynamic identity authentication method of handset token mode.It is a kind of interaction protocol based on note, has defined flow process mutual between handset token and the certificate server, mutual information format and the security mechanism (authentication method that comprises interactive information encryption method, encryption key managing method and interactive information) that ensures the reciprocal process fail safe.Security protocol not only provides the system synchronization function of handset token and certificate server end to the user, and supports the user can use handset token to finish dynamic identity authentication service startup, user's release and user and cancel functions such as dynamic identity authentication service.Introduce the basic principle of security protocol below in detail from protocol procedures, security mechanism and information format several respects.
(1) protocol procedures
1. handset token initialization
The handset token initialization procedure is divided into that client application module writes, two links of client application module initialization.Client application module writes and refers to use SIM card write device TY311 to write the embedded dynamic identity authentication client application module based on JAVA in the user mobile phone SIM card.The client application module initialization mainly is that the client application module in the SIM card is carried out the parameter setting, comprise be provided with that subscriber identity information, information add, the application module of decruption key, client starts parameters such as password, work at present password and user login password.The application module of client starts password and log-in password is selected by user oneself, and can revise at any time.The application module of client starts password and is used to guarantee to have only legal handset token user just can use handset token to finish the dynamic identity authentication process.Log-in password is used for guaranteeing to have only validated user just can use handset token to finish " release " and " service of cancellation dynamic identity authentication " function; The work at present password that work at present password and information add, decruption key is divided into the handset token end and the work at present password of certificate server end, the work at present password and the information of certificate server end adds, decruption key also is the part of user profile, and two ends should have that identical work at present password and information add, decruption key.When initialization, produce respectively by tandom number generator that initial work at present password and information add, decruption key, and work at present password, information in the handset token add, work at present password, the information of decruption key and certificate server end add, decruption key is set to this initial work at present password and this information adds, decruption key;
2. the user opens the dynamic identity authentication service
The user opens the dynamic identity authentication service process and is meant that the user uses handset token to send " opening the dynamic identity authentication service request " to the certificate server end, certificate server is received the legitimacy of the user profile of at first verifying this user after this request and is done corresponding processing, sends " opening the dynamic identity authentication service response " to this user then.Detailed process is as follows:
1) user's input handset token client application module starts password (setting during the handset token initialization), by the authentication of handset token end;
2) user sends " opening the dynamic identity authentication service request " information by the mobile phone handset token to certificate server;
3) certificate server receives authorization information legitimacy (user ID in the authorization information and log-in password, this log-in password are to determine) after " open dynamic identity authentication service request " information when user mobile phone is initialized;
4) certificate server is labeled as the dynamic identity authentication mode with this user's authentication mode in user information database, sends " opening the dynamic identity authentication service response " information to handset token then;
5) handset token receives " opening the dynamic identity authentication service response " information, and the service of prompting dynamic identity authentication is opened.
The processing procedure of handset token end and certificate server end was seen Fig. 5 when the user opened the dynamic identity authentication service.
3. user applies system synchronization
The front was mentioned, and the user can be that handset token and certificate server keep system synchronization by the key of certificate server authentication.But make the nonsynchronous abnormal conditions in two ends (for example in the user authentication process mobile phone sudden power etc.) owing to exist, therefore to need to recover the system synchronization state at two ends by " the user applies system synchronization " of carrying out the dynamic identity authentication security protocol.Detailed process is as follows:
1) user's input handset token client application module starts password, by the authentication of handset token end;
2) user sends " application system synchronization request " information by the mobile phone handset token to certificate server;
3) certificate server receives authorization information legitimacy after " application system synchronization request " information (user ID in the authorization information and log-in password, this log-in password are to determine) when user mobile phone is initialized;
4) certificate server takes out the work at present password of server end from user information database;
5) certificate server generates " application system syn ack " information, and " side's of the service information " field with in the work at present password writing information of server end sends response message to the user then;
6) handset token receives the work at present password in the information extraction after " application system syn ack " information, and is the work at present password that is extracted in the information with the dynamic electronic cipher work at present password setting of handset token end, finishes system synchronization.
The processing procedure of handset token end and certificate server end is seen Fig. 6 during the user applies system synchronization.
4. user applies release
If the user finds the account number of oneself and is locked by bank that the user can be by handset token application release.Detailed process is as follows:
1) user's input handset token client application module starts password, by the authentication of handset token end;
2) user sends " application account number unlocking request " information by the mobile phone handset token to certificate server;
3) certificate server receives authorization information legitimacy (user ID in the authorization information and log-in password, this log-in password are to determine) after " application account number unlocking request " information when user mobile phone is initialized;
4) certificate server " User Status " field of this user in User Information Database is set to released state, sends " release of application account number is replied " information to the user then;
5) handset token receives " release of application account number is replied " information, prompting user release success.
The processing procedure of handset token end and certificate server end is seen Fig. 7 during the user applies release.
5. the user cancels the dynamic identity authentication service
The user not only can open the dynamic identity authentication service by handset token, and can use the service of handset token cancellation dynamic identity authentication.Detailed process is as follows:
1) user's input handset token client application module starts password, by the authentication of handset token end;
2) user sends " cancellation dynamic identity authentication service request " information by the mobile phone handset token to certificate server;
3) certificate server receives authorization information legitimacy (user ID in the authorization information and log-in password, this log-in password are to determine) after " cancellation dynamic identity authentication service request " information when user mobile phone is initialized;
4) certificate server is labeled as the fixed password identification authentication mode with this user's authentication mode in user information database, sends " cancellation dynamic identity authentication service response " information to handset token then;
5) handset token receives " cancellation dynamic identity authentication service response " information, and the service of prompting dynamic identity authentication is cancelled.
The processing procedure of handset token end and certificate server end was seen Fig. 8 when the user cancelled the dynamic identity authentication service.
(2) security mechanism of security protocol
Security protocol according to add, decruption key and DES grouping cryptographic algorithms such as (Data Encryption Standard) add, decipher interactive information.
Agreement has not only defined the adding of interactive information, decryption method, has also stipulated to add accordingly, the decruption key administration detail.Agreement regulation: when the handset token initialization, write add, decruption key; Use is based on the adding of information access times, decruption key update method, also promptly safeguard an information counter at the user mobile phone end, the solicited message number that the statistics handset token sends, when counter reaches threshold value, handset token is provided with the key updating flag bit automatically in interactive information, certificate server is received and just carry that new information adds, decruption key after this information in response message, and handset token just brings into use new cipher key pair information to add, decipher after receiving new key.
(3) security protocol information format
The protocol information form is seen Fig. 9.Information is divided into service request information and serves two kinds of response messages, and every information is divided into information header and imformosome two parts again.Concrete format description is as follows:
(1) protocol information head
Version: the version number of agreement;
Head length: the length of protocol information head;
The side of service ID: use unique ID to identify the service side that each provides the dynamic authentication service;
Total length: the total length of information, why this field is set is because the expansion of imformosome after considering;
(2) service request information body
COS: 1bit specified information type; 2bit indicates whether encrypted request message key updating the or whether key of the renewal of carrying is arranged of client in response message; The 3-8 bit is the information type bit;
Identifying code: information is used byte summation checking;
Sequence number: identify each solicited message, prevent to reply Replay Attack;
User ID: authentification of user account number;
Registration code: the initialization of user mobile phone token is to generate user's private data.Server uses user ID and user rs authentication sign indicating number to user identification confirmation;
(3) service response imformosome
COS: the same;
Identifying code: the same;
Sequence number: the sequence number in the copy request guarantees the one-to-one relationship of replying and asking;
New key: carry the protocol information encrypted new key;
The side's of service information: service side returns to user's response message, for example algorithm work at present password;

Claims (1)

1, a kind of mobile phone that is used for dynamic identity authentication, it is characterized in that: be provided with the dynamic identity authentication client application module in the SIM card of this mobile phone, this application module is made of dynamic password generator (14), memory (15), password comparator (16) and controller (17), can independently produce the dynamic identity authentication password identical and synchronous with certificate server;
Memory (15) is used to store user ID, user identity card number, log-in password Pr, encryption key Ke, and is responsible for the startup password or the handset token password Pt of work at present password Ks that storage is used to produce current dynamic identity authentication password, client's application module and inputs the times N t of token access password continuously mistakenly on token; It links to each other with dynamic password generator (14), password comparator (16) and controller (17);
Dynamic password generator (14) is used for the method for synchronization generation user current authentication password according to time or incident by work at present password Ks, this authentication password is corresponding with the current authentication password of server, and this authentication password is informed the user by the output device of mobile phone;
Password comparator (16) is used for judging whether the cellphone subscriber is legal;
Controller (17) is used to control the co-ordination of above-mentioned each module, it is according to predetermined agreement, the control mobile phone is revised the work at present password Ks of storage in the memory (15) by the received work password that is sended over by server, proofreaies and correct because the step-out between the dynamic password generator in dynamic identity authentication mobile phone that misoperation of users or time integral error are caused and the server; Also control the encryption key Ke of mobile phone with storage in the received encryption key modification memory (15) that sends over by server; Transmit predefined request, response message between controller (17) control mobile phone and the server, realize the dynamic identity authentication service of the unlatching of corresponding with it strange land, cancellation and release.
CN200310111571.4A 2003-12-12 2003-12-12 A handset used for dynamic identity authentication Expired - Fee Related CN1268157C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200310111571.4A CN1268157C (en) 2003-12-12 2003-12-12 A handset used for dynamic identity authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200310111571.4A CN1268157C (en) 2003-12-12 2003-12-12 A handset used for dynamic identity authentication

Publications (2)

Publication Number Publication Date
CN1547403A CN1547403A (en) 2004-11-17
CN1268157C true CN1268157C (en) 2006-08-02

Family

ID=34336198

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200310111571.4A Expired - Fee Related CN1268157C (en) 2003-12-12 2003-12-12 A handset used for dynamic identity authentication

Country Status (1)

Country Link
CN (1) CN1268157C (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101895554A (en) * 2010-07-26 2010-11-24 贵阳高新华美龙技术有限公司 Dynamic code anti-counterfeiting method and system
CN101647026B (en) * 2007-03-30 2014-01-08 日本电气株式会社 User authentication control device, user authentication device, data processing device, and user authentication control method and the like

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100492966C (en) * 2004-11-26 2009-05-27 王小矿 Identity certifying system based on intelligent card and dynamic coding
CN100492967C (en) * 2004-11-26 2009-05-27 王小矿 Sale managing method based on dynamic coding
CN100492968C (en) * 2004-11-26 2009-05-27 王小矿 Anti-fake technology based on dynamic cipher
GB0428084D0 (en) * 2004-12-22 2005-01-26 Nokia Corp Method for producing authentication information
US20070150736A1 (en) * 2005-12-22 2007-06-28 Cukier Johnas I Token-enabled authentication for securing mobile devices
CN100456887C (en) * 2006-04-21 2009-01-28 江苏移动通信有限责任公司 Method and system of realizing data synchronization of user's terminal and server
CN100403831C (en) * 2006-08-22 2008-07-16 大唐微电子技术有限公司 Method for solving identification loophole of terminal and user identification module
CN101166320B (en) * 2006-10-19 2010-05-12 中兴通讯股份有限公司 A mobile phone and method for realizing mobile phone true name system based on RF recognition technology
CN101958024B (en) * 2009-07-16 2013-06-26 全宏科技股份有限公司 Financial transaction system, automated teller machine and method for operating automated teller machine
CN101662769B (en) * 2009-09-22 2012-09-05 钱袋网(北京)信息技术有限公司 Method, mobile terminal, server and system of telephone business authentication
CN101742499B (en) * 2009-12-31 2012-12-26 优视科技有限公司 Account number protection system for mobile communication equipment terminal and application method thereof
CN102348204A (en) * 2010-08-02 2012-02-08 奚伟祖 Mobile phone payment user account protection method using triple passwords
CN101917271B (en) * 2010-08-11 2012-11-07 优视科技有限公司 Electronic security device running in mobile communication terminal and encryption method thereof
CN102377569B (en) * 2011-10-18 2014-03-26 上海众人网络安全技术有限公司 Dynamic token unlocking method and system
CN103152172B (en) * 2011-12-07 2017-03-22 中国电信股份有限公司 Method and client side and server and system for mobile token dynamic password generation
CN102546408A (en) * 2011-12-30 2012-07-04 重庆拉土拉现代农业有限公司 Remote visual method for base agricultural products
CN107333005B (en) * 2017-07-26 2020-03-31 中国联合网络通信集团有限公司 Emergency unlocking method, unlocking server, user equipment and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101647026B (en) * 2007-03-30 2014-01-08 日本电气株式会社 User authentication control device, user authentication device, data processing device, and user authentication control method and the like
CN101895554A (en) * 2010-07-26 2010-11-24 贵阳高新华美龙技术有限公司 Dynamic code anti-counterfeiting method and system

Also Published As

Publication number Publication date
CN1547403A (en) 2004-11-17

Similar Documents

Publication Publication Date Title
CN1268157C (en) A handset used for dynamic identity authentication
CN1323538C (en) A dynamic identity certification method and system
CN106161032B (en) A kind of identity authentication method and device
US7603565B2 (en) Apparatus and method for authenticating access to a network resource
CN1302634C (en) Network connection system
CN109417553A (en) The attack using leakage certificate is detected via internal network monitoring
CN106453361B (en) A kind of security protection method and system of the network information
CN1731723A (en) Electron/handset token dynamic password identification system
CN105516195A (en) Security authentication system and security authentication method based on application platform login
CN1694555A (en) Dynamic cipher system and method based on mobile communication terminal
EP4024311A1 (en) Method and apparatus for authenticating biometric payment device, computer device and storage medium
CN108171831A (en) A kind of bidirectional safe authentication method based on NFC mobile phone and smart lock
JP4698751B2 (en) Access control system, authentication server system, and access control program
CN1910882A (en) Method and system for protecting data, related communication network and computer programme product
CN110635901A (en) Local Bluetooth dynamic authentication method and system for Internet of things equipment
WO2015108410A1 (en) Secure login without passwords
EP3513539A1 (en) User sign-in and authentication without passwords
CN115396121A (en) Security authentication method for security chip OTA data packet and security chip device
CN115473655B (en) Terminal authentication method, device and storage medium for access network
EP3987415A1 (en) Cryptocurrency key management
CN1260927C (en) IP network system for realizing safety verification and method thereof
CN114424496A (en) Computer-implemented method and system for securely identifying disconnected objects and their locations
CN114615309B (en) Client access control method, device, system, electronic equipment and storage medium
CN109902481A (en) A kind of encryption lock authentication method and encryption equipment for encrypting equipment
JP4372403B2 (en) Authentication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20060802

Termination date: 20100114