CN104104672B - The method that dynamic authorization code is established in identity-based certification - Google Patents
The method that dynamic authorization code is established in identity-based certification Download PDFInfo
- Publication number
- CN104104672B CN104104672B CN201410304079.7A CN201410304079A CN104104672B CN 104104672 B CN104104672 B CN 104104672B CN 201410304079 A CN201410304079 A CN 201410304079A CN 104104672 B CN104104672 B CN 104104672B
- Authority
- CN
- China
- Prior art keywords
- authorization code
- dynamic authorization
- mobile terminal
- authentication
- dynamic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The method that dynamic authorization code is established in the identity-based certification of the present invention, it is by a kind of new dynamic password edit pattern, and to the legal certification of dynamic password password user's identity, and its corresponding binding authorization technique pattern of customer mobile terminal, it is established that the safety certification and security certificate business of unified third party's dynamic password password.Further the application to dynamic password password adds a lock strict legal capacity certification again, accomplishes that user completes certification and mandate business under complete legal capacity authentication state using dynamic password password.Also, by providing unified third party's dynamic password cryptographic service, so as to help project team of different sizes, various business are carried out, legal safety certification can be provided and authorize guarantee.
Description
Technical field
The present invention relates to relevant mobile Internet, cloud computing and Internet of Things application field, in particular it relates to be based on user's method
Authentication is determined to establish dynamic authorization code operation system, realizes the account safety certification for ensureing user and account safety mandate
A kind of method.
Background technology
Authentication is the important component of information security system, its task be examine user identity legitimacy and
Authenticity.Identity identifying technology is divided into:Static password authentication, dynamic password authentication, biotechnology certification and pass through third party
Digital certificate (CA) certification of granting etc..Static password authentication is the early stage authentication product of computer system, because of static mouth
The static characteristic and reusability of order, exist easily steal, easily conjecture, easily the safety defect such as crack, be a kind of weak authentication
System, it is only used for the Information application environment that safe class requires relatively low.
Biotechnology certification includes, fingerprint recognition, iris recognition, face recognition, vocal print, idiograph's identification etc., due to
Its use generally requires specific identification device configuration, and use environment there are certain requirements, so cannot function as a kind of popularity body
The application that part certification and user's authorized order provide.
Dynamic password is a kind of one-time password.Dynamic password is the password changed, and it is changed from generation password
Operational factor is change.Its key property is that every time caused password is change, and is used only once, therefore
Effective avoid such as is hypothesized, cracks and reused at the intrinsic security vulnerabilities of static password, as one of main authentication techniques,
The authentication of ecommerce, remote access, built-in system access, user's authorized order offer etc. is provided.
Ensure user certification and authorize be perfectly safe, best bet be to user build one allow illegal person without
The account authentication that method obtains finally authorizes.This last road mandate defence line of user account certification has been observed, has allowed malfeasant mesh
Can not finally realize, then all malfeasances are just without necessity of implementation.It is exactly the leakage having before
Hole, illegal person have done successful effort how, but last have to account directly mandate and could obtain the illegal of illegal person
Behavior success, if he can not finally obtain this last mandate, then he is engaged in malfeasance just without necessity of implementation.
Structure one can not can directly be contacted by account system or the third party physical channel of active attack, and by this
The authorization code of individual passage generation completes the last determination mandate of user account certification, be to user build one allow illegal person without
Method obtains this best approach finally authorized.It can thus be seen that this third party physical channel how is built, and by this
Physical channel generation security has the authorization code of absolute guarantee, and this is to realize the key for ensureing that user account is perfectly safe.
The existing patent of invention technology of existing dynamic password application technology and its field, including E-token dynamic password card technology
Using although the technology for building this third party physical channel is relatively perfect, how generating with safety
Authorization code there is also some problems.If absolute protection user cipher can not be accomplished, cause the generation for the problem of divulging a secret, equally give
Login and authorized transaction of the user based on account password can bring risk.If can not be by its technology application extension to various differences
Application scenarios, it can not particularly meet to mobile terminal or land the O2O service authorization applications of self-aided terminal, such as bank paying, move
The dynamic Portable safety application for paying contour security industry, this there is obvious technical limitation, will be unfavorable for supporting whole
Individual industry development.
It is worth the patent of invention of relatively contrast, title:Single-point logging method based on cloud management and key management, patent
Number:2012104712612 .The patented technology mainly includes:For what is concentrated according to user identity in user's logentry
The cloud key of authentication and record of the audit log in management system, for by all subscriber identity informations be merged into centrally stored storehouse,
The cipher key user management system being managed collectively to the user identity in each independent utility, for according to authorization resources and use
User data is that user supplies the authorization resources of service and user data supplies service system.
Above-mentioned contrast patent of invention, although proposing a kind of safety certification pattern of user identity unified management, due to
There is problem in subscriber identity information collection source, equally also can easily cause the generation for the problem of divulging a secret.It is mainly due to, one
Be to provide false identity information and audit not tight leak and exist, thus can not positive lock user true identity.The second is
The acquisition of dynamic password uses, the one-to-one binding pattern if not being E-token dynamic password card, is that can not lock real user to use
Family.Even the third is the one-to-one binding pattern of E-token dynamic password card, there is also lose it is stolen after, the stolen wind of password code
Danger, the technology for causing the patent of invention to be protected, can not be applicable in the high scene of some security requirements, existing password board
Single application scene limits, and can not provide the more account authorization management of user conveniently, is badly in need of doing the depth of related application technology
Spend integration and development.
The content of the invention
For above-mentioned problem, the present inventor combines the mandate patent of invention of the present inventor, title:Personal identification is recognized
The root service system of card, the patent No.:2011102160995, by its organic technology grafting, it is proposed that of the invention being directed to is upper
State the technical solution of problem.The personal legal capacity third party that the present invention is mainly based upon the mandate patent of invention uniformly recognizes
Card and authorization technique system, a set of realization is established to dynamic password password(Dynamic authorization code i.e. described in the present invention)User's body
The legal certification and legal mandate of part, and pass through the one-to-one legal checking to personal legal capacity certification and subscriber phone number
Binding, and other supporting technologies, finally realize the application safety guarantee of dynamic password cryptographic technique.I.e. mainly in general
The application of dynamic password password, then add one the lock of legal capacity certification, and synchronously realize the dynamic password password of user is made
Bound with the legal checking of terminal.Accomplish use of the user completely under legal capacity authentication state to dynamic password password, protect
What card dynamic password password used is perfectly safe, so as to carry out for various business of user, there is provided safe dynamic authorization
Ensure to realize safe certification and authorize.
Authenticating user identification described in the present invention, however it is not limited to using the legal identity authorization system of country.Based on to user
Account security authentication requesting is not high, or the operation system that internal authentication is tighter, can be adjusted according to own service feature
With itself or other outside account identification authentication datas, using the correlation technique of the present invention, it can also realize that the dynamic of correlation is awarded
Weighted code business, rather than have to the identification authentication data for calling country legal.
The dynamic password cryptosystem with legal capacity authentication function of the present invention, by dividing configuration mode and specific thing
The design of part factor mode, a kind of brand-new and high security dynamic password password --- i.e. dynamic authorization code is generated, or
Dynamic password cipher code set, it is established that a kind of index collection edit generation mode of brand-new dynamic password password, have complete
Technological innovation.The E-token dynamic password card manufacturing technology developed therefrom, the technology wound similarly with high safety
Newly.
The dynamic password cryptosystem with legal capacity authentication function of the present invention, it is close will greatly to enrich dynamic password
The application scenarios of code, the application scenarios of Generally Recognized as safe requirement can not only be met, and some safe classes are required with high and is answered
With environment, or some have a legal supervision, the project that safety certification needs, such as the social management Information-based Item of government,
The secure payment of bank and mobile secure payment project, can provide high legal safety guarantee.
The dynamic password cryptosystem with legal capacity authentication function of the present invention, it is established that a unified third party
Passage, there is provided the legal safety certification of dynamic password password and legal mandate business.This to promoting social informatization, industry extensively
Informationization, Network Mobility, there is especially important meaning.Various, all trades and professions are effectively recognized based on legal capacity
The business of card, therefore it will all have developed without a hitch.Originally there was only for example state-owned big bank of Large-scale professional mechanism, Neng Goushi
The existing business under the premise of legal capacity certification, because of the present invention, all medium-sized and small enterprises can also participate in, and develop whereby
More various applications for meeting user's needs and promoting social progress.
The technology of the method for dynamic authorization code is established in the identity-based certification of the present invention, can expand to Static authorization completely
The application of code.But due to the Parking Lot questions easily divulged a secret existing for Static authorization code, so in the present invention and its reality
In, with regard to not carrying out Technology Utilization Project design to it, but by the dynamic authorization code technology, substitute completely all
The technology of Static authorization code and application, the generation of this problem that prevents to divulge a secret from source, relate to related application, just all
Directly employ the dynamic authorization code technology of the present invention.
The method that dynamic authorization code is established in the identity-based certification of the present invention, is dynamic authorization code to be built and authentication
Relation, and/or structure are read in operation system unique corresponding relation, the unique parsing for building dynamic authorization code and customer mobile terminal
Relation is read in dynamic authorization code and the parsing of registration logon account system.
The structure dynamic authorization code and authentication operation system unique corresponding relation, are taken in dynamic authorization code authentication
Install the corresponding business operation support system of authentication operation system on business device additional, pass through the business operation support system, establish
The user account of authentication operation system and the unique corresponding relation of authentication seeds code, external system obtain to dynamic authorization code
Take and the authorization requests to authentication business, initiated and obtained after carrying out first authentication by authentication operation system
's.
Its authentication operation system, it is by cura legitima office or its Licensing Authority, in personally identifiable information
In server database, or in personally identifiable information backup server database, establish a kind of user mobile phone number and user identity
The legal checking system of information corresponding relation, legal personal identification sum body is provided using the legal checking system external
Part authentication related service.
Further, its authentication operation system, or the identity information acquisition system by user, in account identity
In information management server database, the checking system of a kind of user mobile phone number and account identity information corresponding relation is established, profit
Account authentication and digital identity authentication related service are provided with the checking system external.
Relation is read in unique parsing of the structure dynamic authorization code and customer mobile terminal, is to add on the application server
The corresponding business operation support system of authentication operation system is filled, dynamic authorization code client is installed additional in customer mobile terminal,
The mobile terminal hardware device only string of code, and/or the unique mobile terminal hardware are read by the dynamic authorization code client
After equipment relevant parameter, client is activated by password password authentication, and/or verify and swash by mobile terminal operator short message
Client living;
Relation is read in the parsing of the structure registration logon account system, is to install authentication industry additional on the application server
The corresponding business operation support system of business system, by the dynamic authorization code business module of business operation support system, with registration
Logon account management system is bound, during user's logon account, after the authentication operation system information set by typing, and/
Or after the response parameter of setting, obtain the dynamic authorization code of display automatically in Account Logon side;
Dynamic authorization code authority checking is obtained by customer mobile terminal, comprised the following steps:
The first step, the client for installing dynamic authorization code additional is opened on customer mobile terminal;Or unblock formerly set it is close
After code, the client for installing dynamic authorization code additional is opened on customer mobile terminal.
The corresponding business operation support system of second step, authentication operation system, read the mobile terminal hardware device
Only string of code and/or the mobile terminal hardware device relevant parameter, after progress uniqueness is proved to be successful, pass through authentication business
System, confirm to obtain the account that the customer mobile terminal corresponds to authentication operation system.
3rd step, the corresponding business operation support system of authentication operation system, are serviced by dynamic authorization code authentication
Device, the dynamic authorization code uniquely configured corresponding to the mobile terminal of the account is obtained, the dynamic authorization code of acquisition is submitted into visitor
Family end.
4th step, install the customer mobile terminal of dynamic authorization code client additional, read dynamic authorization code.
5th step, the dynamic authorization code of reading submitted into checking interfaces windows.
6th step, application server is by the dynamic authorization code of acquisition, and/or passes through authentication industry during first authentication registration
The identity information that business system obtains, submits to authentication operation system and is authenticated passing through in the lump.
7th step, authentication operation system submit dynamic authorization code and certification by corresponding business operation support system
Kind subcode compares successfully.
8th step, provide user and authorize and successfully prompt, or user performs other follow-up operations.
The method that dynamic authorization code is established in the identity-based certification of the present invention, the solution of the structure registration logon account system
Reading relation is analysed, is to bind dynamic authorization code business module in Account Logon side, directly obtains dynamic authorization code;Or force logical
Cross customer mobile terminal and obtain dynamic authorization code, there is provided complete to authorize login to registration logon account system.
Further, relation, the body of setting are read in parsing of the structure dynamic authorization code with registering logon account system
Part authentication business system information, and/or the response parameter information of setting, user is autonomous or system prompt needs to carry out safety to it
It is that the dynamic authorization code obtained by the customer mobile terminal of third party's passage carries out user's qualification testing when setting change manages
's.
The method that dynamic authorization code is established in the identity-based certification of the present invention, the dynamic applied to customer mobile terminal
Authorization code and the dynamic authorization code applied to registration logon account system, are needed according to business or each self-generating dynamic of point account is awarded
Weighted code value, or by same group of generation dynamic code, reading the generation value of different time constant time range respectively, automatically generating each
Dynamic authorization code.
The method that dynamic authorization code is established in the identity-based certification of the present invention, it is described by same generation dynamic code, dividing
Not Du Qu different time constant time range generation value, the respective dynamic authorization code automatically generated, its read cycle is the temporally factor
Decile reads setting value, or based on different application occasion safe class setting requirements, temporally decile reading is not set the factor
Determine value.
The method that dynamic authorization code is established in the identity-based certification of the present invention, the dynamic applied to customer mobile terminal
Authorization code and the dynamic authorization code applied to registration logon account system, believed by this feature for transferring authentication operation system
Parameter is ceased, as special parameter configuration or event factor configuration, is configured or encryption configuration generates respective dynamic authorization code,
And/or the preposition extra-code of dynamic authorization code and/or preposition additional control condition are read, for for certain applications, expiring
Foot is to account safe class requirements at the higher level;
Further, the event factor of the dynamic authorization code, it is by the user biological feature in identity information database
Information such as fingerprint, shape of face, iris, vocal print, idiograph's characteristic information data are transferred, and are distinguished as mandate and are tested for peripheral hardware hardware
Card or the preposition Additional Verification as reading dynamic authorization code;Or the challenge response feature by formerly setting, for making
For authority checking or as the preposition Additional Verification for reading dynamic authorization code.
The method that dynamic authorization code is established in the identity-based certification of the present invention, the dynamic applied to customer mobile terminal
Authorization code and the dynamic authorization code applied to registration logon account system, it can be required not according to use occasion and safe class
Used with setting selection.
Further, the dynamic authorization code in the more customer mobile terminal of high safety level, perhaps registration can be used for log in
The dynamic authorization code mandate of Accounting system.
The method that dynamic authorization code is established in the identity-based certification of the present invention, the dynamic applied to customer mobile terminal
Authorization code, new customer mobile terminal, Yong Hushi are such as bound again because the mobile terminal device damage of binding is unable to need of work
The personal account system managed by dynamic authorization code or special permission authorized organization, identity information is resubmited, or given birth to including user
Thing identifies identity information, after authentication operation system certification, changes user bound mobile terminal again.
Further, or because the customer mobile terminal of binding is lost or is stolen, leaking, it is necessary to right for dynamic authorization code is caused
The customer mobile terminal carries out the rapid failure locking of dynamic authorization code, and its operating process includes:
The first step, by being loaded with the mobile terminal of dynamic authorization code client, start account management menu.
Second step, subscriber authentication module is selected, start user au-thentication procedure;The selection subscriber authentication module, is not only limited
In the vocal print pattern of following 3rd step and the fingerprint module of the 6th step, it can also be set as that account password module and/or response are chosen
War selecting module.
3rd step, by voice message typing voice, after being verified, such as it is successfully entered next step flow;Pressed Ru unsuccessful
Second of voice message recording is verified, if successfully returning following 4th steps and the 5th step.
4th step, system checking is completed by other checking contents formerly set.
5th step, after system authentication, click on and start dynamic authorization code account lock function, complete customer mobile terminal
Dynamic authorization code locking.
Further, or connect above-mentioned second step and enter following 6th step;Enter following 6th step with above-mentioned 3rd stepping is connect.
6th step, is verified by specified location fingerprint, is such as successfully entered next step flow;As unsuccessful by finger for the second time
Determine location fingerprint to be verified, if being successfully entered next step flow.
Further, or connect above-mentioned second step and enter following 7th step, and connect above-mentioned 3rd stepping and enter following 7th step, or
Connect above-mentioned 6th stepping and enter following 7th step.
7th step, my iris is read by the prompting of specified left and right eye, after being verified, is such as successfully entered in next step
Flow;My iris of left and right eye prompting reading is specified to be verified by second as unsuccessful, if successfully returned
Above-mentioned 4th step and the 5th step.
The method that dynamic authorization code is established in the identity-based certification of the present invention, or in the use for installing dynamic authorization code client additional
Encapsulation write-in authentication seeds code, dynamic authorization code password board is configured to by customer mobile terminal on the mobile terminal of family, is met because moving
Dynamic terminal causes dynamic authorization code can not read the inconvenience of certification when can not network.
Further, the authentication seeds code of the encapsulation write-in, the mobile terminal hardware device only string of code with reading,
And/or unique mobile terminal hardware device relevant parameter configuration generates preposition Additional Verification and/or dynamic authorization code, works as startup
When the dynamic authorization code client of installation reads dynamic authorization code, the dynamic authorization code client automatically scanning of installation identifies the shifting
Dynamic terminal hardware equipment only string of code, and/or the unique mobile terminal hardware device relevant parameter, the mobile terminal such as read
Hardware device only string of code, and/or the unique mobile terminal hardware device relevant parameter, when activating initial value difference with original, then
The dynamic authorization code can not be read or self-destruction.
Further, the kind subcode of encapsulation write-in mobile terminal, can be dynamic with distal end when mobile terminal is in networking state
State authorization code certificate server carries out time factor correction.
Further, or user can file an application to need by the account management system of dynamic authorization code client, or
Dynamic authorization code operation system Auto-Sensing needs, and can carry out new authentication seeds code again to the former authentication seeds code of write-in
Write-in.
The method that dynamic authorization code is established in the identity-based certification of the present invention, or installed additional when being opened on customer mobile terminal
During the client of dynamic authorization code, user is prompted to need to open password, it opens the password password that password removes general modfel setting
Outside, and/or the user biological identification feature password including formerly setting.
The method that dynamic authorization code is established in the identity-based certification of the present invention, the method for establishing dynamic authorization code, is removed
Outside according to user legal capacity card number, and/or based on other users account number system, such as cell-phone number, QQ, wechat, microblogging,
After Taobao, e-payment, E-mail address account system, or the combination of multiple account systems or combination re-encoding, establish corresponding
Dynamic authorization code authentication system.
Brief description of the drawings:
Accompanying drawing is the system construction drawing for the method that dynamic authorization code is established in identity-based certification of the present invention.
Embodiment:
The preferred embodiments of the present invention are illustrated below in conjunction with accompanying drawing.It is it should be appreciated that described herein preferred real
Apply example to be merely to illustrate and explain the present invention, be not intended to limit the present invention.
The present embodiment illustrates how to obtain the operation flow of dynamic authorization code authority checking, bag by customer mobile terminal
Include following steps:
The first step, the client 105 for installing dynamic authorization code additional is opened on customer mobile terminal 106;Or input is formerly set
After password of the fixed license using the client for installing dynamic authorization code additional, installation dynamic is opened on customer mobile terminal 106 and is awarded
The client 105 of weighted code.
The corresponding business operation support system 102 of second step, authentication operation system 101, read the user and move eventually
Hardware device relevant parameter on hardware device only string of code and/or the mobile terminal 106 on end 106, carry out uniqueness checking into
After work(, by authentication operation system 101, confirm to obtain authentication operation system corresponding to the customer mobile terminal 106
101 account.
3rd step, the corresponding business operation support system 102 of authentication operation system 101, are recognized by dynamic authorization code
Server 103 is demonstrate,proved, obtains and gives dynamic authorization code visitor corresponding to the dynamic authorization code that the mobile terminal 106 of the account uniquely configures
Family end 105.
4th step, user are installing the customer mobile terminal 106 of dynamic authorization code client 105 additional, read dynamic authorization
Code.
5th step, user read dynamic authorization code and submit to checking interfaces windows 107.
6th step, the application server 104 of its exterior are first by the dynamic authorization code of acquisition, and/or during authentication registration
The identity information obtained by authentication operation system 101, submits to authentication operation system 101 and is authenticated leading in the lump
Cross.
7th step, authentication operation system 101 submit dynamic authorization code by corresponding business operation support system 102
Success is compared with authentication seeds code.
8th step, checking interfaces windows 107 provide user and authorized and successfully prompt, and license user performs follow-up other and operated.
In summary, the method that dynamic authorization code is established in identity-based certification of the invention, it is by a kind of new dynamic
Password edit pattern, and to the corresponding binding of the legal certification of dynamic password password user's identity, and its customer mobile terminal
Authorization technique pattern, it is established that the safety certification and security certificate business of unified third party's dynamic password password.Further
Application to dynamic password password adds a lock strict legal capacity certification again, accomplishes user in complete legal capacity certification shape
Under state certification and mandate business are completed using dynamic password password.Also, third party's dynamic password by providing unified is close
Code business, so as to help project team of different sizes, to various business carry out, can provide legal safety certification and
Authorize and ensure.
Claims (10)
1. the method that dynamic authorization code is established in identity-based certification, it is characterised in that structure dynamic authorization code and authentication industry
Relation, or structure dynamic are read in business system unique corresponding relation, the unique parsing for building dynamic authorization code and customer mobile terminal
Relation is read in authorization code and the parsing of registration logon account system;
The structure dynamic authorization code and authentication operation system unique corresponding relation, are in dynamic authorization code authentication server
The upper corresponding business operation support system for installing authentication operation system additional, by the business operation support system, establishes identity
The user account of authentication business system and the unique corresponding relation of authentication seeds code, acquisition of the external system to dynamic authorization code and
To the authorization requests of authentication business, initiated and obtain after carrying out first authentication by authentication operation system;
Its authentication operation system, it is by cura legitima office or its Licensing Authority, in personally identifiable information service
In device database, or in personally identifiable information backup server database, establish a kind of user mobile phone number and subscriber identity information
The legal checking system of corresponding relation, provide legal personal identification and digital identity using the legal checking system external and reflect
Weigh related service;
Further, its authentication operation system, or the identity information acquisition system by user, in account identity information
In management server data storehouse, the checking system of a kind of user mobile phone number and account identity information corresponding relation is established, utilizes this
Verify that system external provides account authentication and digital identity authentication related service;
Relation is read in unique parsing of the structure dynamic authorization code and customer mobile terminal, is to install body additional on the application server
The corresponding business operation support system of part authentication business system, install dynamic authorization code client additional in customer mobile terminal, pass through
The dynamic authorization code client reads the mobile terminal hardware device only string of code, and/or the unique mobile terminal hardware device
After relevant parameter, client is activated by password password authentication, or activation client is verified by mobile terminal operator short message
End;
Relation is read in the parsing of the structure registration logon account system, is to install authentication business system additional on the application server
The corresponding business operation support system of system, by the dynamic authorization code business module of business operation support system, logged in registration
Account management system is bound, and during user's logon account, passes through the authentication operation system information that typing is set, and/or setting
Response parameter after, obtain the dynamic authorization code of display automatically in Account Logon side;
Dynamic authorization code authority checking is obtained by customer mobile terminal, comprised the following steps:
The first step, the client for installing dynamic authorization code additional is opened on customer mobile terminal;Or after unlocking the password formerly set,
The client for installing dynamic authorization code additional is opened on customer mobile terminal;
The corresponding business operation support system of second step, authentication operation system, it is unique to read the mobile terminal hardware device
String code and/or the mobile terminal hardware device relevant parameter, after progress uniqueness is proved to be successful, pass through authentication business system
System, confirm to obtain the account that the customer mobile terminal corresponds to authentication operation system;
3rd step, the corresponding business operation support system of authentication operation system, by dynamic authorization code authentication server, obtain
The dynamic authorization code that the mobile terminal corresponding to the account uniquely configures is taken, the dynamic authorization code of acquisition is submitted into client;
4th step, install the customer mobile terminal of dynamic authorization code client additional, read dynamic authorization code;
5th step, the dynamic authorization code of reading submitted into checking interfaces windows;
The dynamic authorization code of acquisition is submitted to authentication operation system and is authenticated passing through by the 6th step, application server;Or
Application server is by the dynamic authorization code of acquisition, and the identity obtained during first authentication registration by authentication operation system is believed
Breath, submits to authentication operation system and is authenticated passing through;
7th step, authentication operation system submit dynamic authorization code and authentication seeds by corresponding business operation support system
Code compares successfully;
8th step, provide user and authorize and successfully prompt, or user performs other follow-up operations.
2. the method that dynamic authorization code is established in identity-based certification as claimed in claim 1, is characterised by, the structure dynamic is awarded
Relation is read in weighted code and the parsing of registration logon account system, is to bind dynamic authorization code business module in Account Logon side, directly
Obtain and take dynamic authorization code, or be forced through customer mobile terminal and obtain dynamic authorization code, there is provided give registration logon account system
System is completed to authorize and logged in;
Further, relation is read in parsing of the structure dynamic authorization code with registering logon account system, and the identity of setting is recognized
Operation system information, and/or the response parameter information of setting are demonstrate,proved, user is autonomous or system prompt needs to carry out security setting to it
It is that the dynamic authorization code obtained by the customer mobile terminal of third party's passage carries out user's qualification testing during change management.
3. the method that dynamic authorization code is established in identity-based certification as claimed in claim 1, it is characterised in that described to be applied to use
The dynamic authorization code of family mobile terminal and the dynamic authorization code applied to registration logon account system, needed according to business or divide account
Each self-generating dynamic authorization code value in family, or pass through the life to same group of generation dynamic code, respectively reading different time constant time range
Into value, respective dynamic authorization code is automatically generated.
4. the method that dynamic authorization code is established in identity-based certification as claimed in claim 3, it is characterised in that described by same
One generation dynamic code, the generation value of different time constant time range is read respectively, the respective dynamic authorization code automatically generated, it reads week
Phase is that temporally factor etc. point reads setting value, or based on different application occasion safe class setting requirements, temporally because
Decile does not read setting value to son.
5. the method that dynamic authorization code is established in identity-based certification as claimed in claim 1, it is characterised in that by transferring identity
The characteristic information parameter of authentication business system, as special parameter configuration or event factor configuration, it is reconfigured at or is re-encrypted
Configuration generates respective dynamic authorization code, and/or generation is read the preposition extra-code of dynamic authorization code and/or generated preposition additional
Authentication condition parameter, for for certain applications, Certificate Authority clothes to be provided when meeting to account safe class requirements at the higher level
Business;
Further, the event factor of the dynamic authorization code, it is by the user biological characteristic information in identity information database
As fingerprint, shape of face, iris, vocal print, idiograph's characteristic information data are transferred, for the recognition of peripheral hardware hardware as authority checking or
As the preposition Additional Verification conditional parameter for reading dynamic authorization code;Or the challenge response feature by formerly setting, use
In as authority checking or as the preposition Additional Verification conditional parameter for reading dynamic authorization code.
6. the method that dynamic authorization code is established in identity-based certification as claimed in claim 1, it is characterised in that described to be applied to use
The dynamic authorization code of family mobile terminal and the dynamic authorization code applied to registration logon account system, can according to use occasion and
The different set selection of safe class requirement uses;
Further, the dynamic authorization code in the more customer mobile terminal of high safety level, available for registration logon account system
Dynamic authorization code mandate.
7. the method that dynamic authorization code is established in identity-based certification as claimed in claim 1, it is characterised in that described to be applied to use
The dynamic authorization code of family mobile terminal, new user is such as bound again because the mobile terminal device damage of binding is unable to need of work
Mobile terminal, user are the personal account systems or special permission authorized organization managed by dynamic authorization code, resubmit identity letter
Breath, after authentication operation system certification, user bound mobile terminal is changed again;The identity information is given birth to including user
Thing identifies identity information;
Or because the customer mobile terminal of binding is lost or is stolen, cause leaking, it is necessary to be moved eventually to the user for dynamic authorization code
End carries out the rapid failure locking of dynamic authorization code, and its operating process includes:
The first step, by being loaded with the mobile terminal of dynamic authorization code client, start account management menu;
Second step, subscriber authentication module is selected, start user au-thentication procedure;
3rd step, by voice message typing voice, after being verified, such as it is successfully entered the step of flow the 6th and the 7th step;If not into
Work(is verified by second of voice message recording, if successfully entering back into the 6th step and the 7th step;
4th step, connect second step and be directly entered the 4th step, the rapid failure that dynamic authorization code is carried out by fingerprint authentication locks, and presses
Specified location fingerprint is verified, is such as successfully entered the step of flow the 6th and the 7th step, is referred to Ru unsuccessful by second of specified location
Line is verified, if successfully entering back into the step of flow the 6th and the 7th step;
5th step, connect second step and be directly entered the 5th step, the quick mistake of dynamic authorization code is carried out by iris signature verification
Effect locking, my iris is read by the prompting of specified left and right eye, after being verified, be such as successfully entered the step of flow the 6th and the
Seven steps;My iris of left and right eye prompting reading is specified to be verified by second as unsuccessful, if successfully entered back into
6th step and the 7th step;
6th step, system checking is completed by other checking contents formerly set;
7th step, after system authentication, click on and start dynamic authorization code account lock function, complete the dynamic of customer mobile terminal
State authorization code locks;
Subscriber authentication module is selected described in second step, is not limited only to the recording Validation Mode module and the 4th of following third step
The fingerprint authentication mode module of step and the iris signature verification mode module of the 5th step, can also be set as that account is close
Pattern module and/or response challenge mode module.
8. the method that dynamic authorization code is established in identity-based certification as claimed in claim 1, it is characterised in that awarded installing dynamic additional
Encapsulation write-in authentication seeds code, dynamic authorization code mouth is configured to by customer mobile terminal on the customer mobile terminal of weighted code client
Token, dynamic authorization code can not read the inconvenience of certification caused by meeting when mobile terminal can not network;
Further, the authentication seeds code of the encapsulation write-in, the mobile terminal hardware device only string of code with reading, and/
Or unique mobile terminal hardware device relevant parameter configuration generates preposition Additional Verification conditional parameter, when the dynamic for starting installation
When authorization code client reads dynamic authorization code, the dynamic authorization code client automatically scanning of installation identifies the mobile terminal hardware
Equipment only string of code, and/or the unique mobile terminal hardware device relevant parameter, the mobile terminal hardware device such as read is only
String of code, and/or the unique mobile terminal hardware device relevant parameter, when activating initial value difference with original, then the dynamic authorization
Code can not be read or self-destruction;
Further, the kind subcode of encapsulation write-in mobile terminal, can be with distally dynamically awarding when mobile terminal is in networking state
Weighted code certificate server carries out time factor correction;
Further, or user can file an application to need by the account management system of dynamic authorization code client, or dynamic
Authorization code operation system Auto-Sensing needs, and can carry out writing again for new authentication seeds code to the former authentication seeds code of write-in
Enter.
9. the method that dynamic authorization code is established in identity-based certification as claimed in claim 1, it is characterised in that moved when in user
When opening the client for installing dynamic authorization code additional in terminal, user is prompted to need to open password, it is opened password and removes general modfel
Outside the password password of setting, and/or the user biological identification feature password formerly set.
10. the method that dynamic authorization code is established in identity-based certification as claimed in claim 1, is characterised by, described to establish dynamic
The method of authorization code, according to user's legal capacity card number and/or cell-phone number, QQ account systems, wechat account system, microblogging account
Number system, Taobao's account system, e-payment account system, E-mail address account system, establishes corresponding dynamic authorization code and recognizes
Card system;Or after multiple account system combinations or combination re-encoding, establish corresponding dynamic authorization code authentication system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410304079.7A CN104104672B (en) | 2014-06-30 | 2014-06-30 | The method that dynamic authorization code is established in identity-based certification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410304079.7A CN104104672B (en) | 2014-06-30 | 2014-06-30 | The method that dynamic authorization code is established in identity-based certification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104104672A CN104104672A (en) | 2014-10-15 |
| CN104104672B true CN104104672B (en) | 2017-11-10 |
Family
ID=51672473
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410304079.7A Expired - Fee Related CN104104672B (en) | 2014-06-30 | 2014-06-30 | The method that dynamic authorization code is established in identity-based certification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104104672B (en) |
Families Citing this family (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363093B (en) * | 2014-10-26 | 2017-10-24 | 重庆智韬信息技术中心 | The method encrypted by dynamic authorization code to file data |
| CN104333544B (en) * | 2014-10-26 | 2017-11-10 | 重庆智韬信息技术中心 | Encryption method based on mobile terminal data file |
| CN104361284B (en) * | 2014-10-26 | 2018-02-13 | 深圳润迅数据通信有限公司 | To third party's intrusion detection method of cloud storage packet |
| CN104318438A (en) * | 2014-10-29 | 2015-01-28 | 重庆智韬信息技术中心 | Integrated authorization method for safe payment through dynamic authorization code |
| CN105391693A (en) * | 2015-10-20 | 2016-03-09 | 浪潮软件集团有限公司 | Intelligent terminal authorization method and device |
| CN106713234A (en) * | 2015-11-13 | 2017-05-24 | 国网智能电网研究院 | Smart power grid mobile terminal dynamic state authorization system |
| CN106803043B (en) * | 2015-11-26 | 2020-01-14 | 西安莫贝克半导体科技有限公司 | Hardware encryption memory with selective self-destruction function |
| CN107508782B (en) * | 2016-06-14 | 2021-11-23 | 阿里巴巴集团控股有限公司 | Method and device for authenticating user identity in voice customer service |
| CN106453263A (en) * | 2016-09-19 | 2017-02-22 | 惠州Tcl移动通信有限公司 | Method and system of binding cellphone number with APP |
| CN107360150A (en) * | 2017-07-06 | 2017-11-17 | 天脉聚源(北京)传媒科技有限公司 | A kind of method and device of intelligent logging-on |
| CN107333005B (en) * | 2017-07-26 | 2020-03-31 | 中国联合网络通信集团有限公司 | Emergency unlocking method, unlocking server, user equipment and system |
| CN107508796B (en) * | 2017-07-28 | 2019-01-04 | 北京明朝万达科技股份有限公司 | A kind of data communications method and device |
| CN108156155B (en) * | 2017-12-25 | 2021-01-15 | 资密科技有限公司 | Wireless network-based biometric authentication system, mobile device and method |
| CN109743159A (en) * | 2018-01-09 | 2019-05-10 | 詹贯峰 | A kind of inter-authentication method for realizing authentication with authorization using bidirectional dynamic password |
| CN109309658B (en) * | 2018-06-14 | 2024-12-27 | 孔德键 | Multiple authentication identity authentication method, identity authentication device and identity authentication system |
| WO2020034101A1 (en) * | 2018-08-14 | 2020-02-20 | 深圳迈瑞生物医疗电子股份有限公司 | Software login method of in-vitro diagnosis device, device, server, and storage medium |
| CN110166461B (en) * | 2019-05-24 | 2022-09-20 | 中国银联股份有限公司 | User unified identification processing method, device, equipment and storage medium |
| CN113377882B (en) * | 2021-06-08 | 2022-10-04 | 巨网云互联(北京)科技股份有限公司 | Method for realizing relation model in internet organization and among organizations |
| CN113507368A (en) * | 2021-06-17 | 2021-10-15 | 北京惠而特科技有限公司 | Industrial control equipment identity authentication method and device based on dynamic password |
| CN114024688B (en) * | 2021-11-29 | 2024-07-19 | 中电金信软件有限公司 | Network request method, network authentication method, terminal equipment and server |
| CN115017478B (en) * | 2022-04-21 | 2024-11-08 | 江苏康众汽配有限公司 | A method and system for company backend application login security control |
| CN114550316B (en) * | 2022-04-27 | 2022-08-05 | 广州商景网络科技有限公司 | One-stop credible biological characteristic data acquisition terminal equipment and acquisition and sharing method |
| CN116405291B (en) * | 2023-04-11 | 2025-06-13 | 厦门星纵数字科技有限公司 | A method, terminal device and medium for smoothly upgrading IPPBX authorization mode |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102148685A (en) * | 2010-02-04 | 2011-08-10 | 陈祖石 | Method and system for dynamically authenticating password by multi-password seed self-defined by user |
| CN103269270A (en) * | 2013-04-25 | 2013-08-28 | 安徽杨凌科技有限公司 | Real-name authentication safe login method and system based on cell phone number |
| CN103746807A (en) * | 2013-12-23 | 2014-04-23 | 柳州职业技术学院 | Dynamic token |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2577333C (en) * | 2004-08-18 | 2016-05-17 | Mastercard International Incorporated | Method and system for authorizing a transaction using a dynamic authorization code |
-
2014
- 2014-06-30 CN CN201410304079.7A patent/CN104104672B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102148685A (en) * | 2010-02-04 | 2011-08-10 | 陈祖石 | Method and system for dynamically authenticating password by multi-password seed self-defined by user |
| CN103269270A (en) * | 2013-04-25 | 2013-08-28 | 安徽杨凌科技有限公司 | Real-name authentication safe login method and system based on cell phone number |
| CN103746807A (en) * | 2013-12-23 | 2014-04-23 | 柳州职业技术学院 | Dynamic token |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104104672A (en) | 2014-10-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104104672B (en) | The method that dynamic authorization code is established in identity-based certification | |
| CN108898389B (en) | Content verification method and device based on block chain and electronic equipment | |
| US12244589B2 (en) | Systems and methods for managing digital identities associated with mobile devices | |
| TWI724683B (en) | Computer-implemented method for managing user key pairs, system for managing user key pairs, and apparatus for managing user key pairs | |
| US11218478B1 (en) | Security platform | |
| RU2710889C1 (en) | Methods and systems for creation of identification cards, their verification and control | |
| CN110149328B (en) | Interface authentication method, device, equipment and computer readable storage medium | |
| CA2968248C (en) | Identity infrastructure as a service | |
| US20190190723A1 (en) | Authentication system and method, and user equipment, authentication server, and service server for performing same method | |
| CN105493044B (en) | Mobile communications device and its operating method | |
| US12265644B1 (en) | Device management and security through a distributed ledger system | |
| TW201741922A (en) | Biometric-based safety authentication method and device | |
| JP7412725B2 (en) | Authentication method and authentication device | |
| CN109313690A (en) | Self-contained encryption boot policy verifying | |
| CN106716957A (en) | efficient and reliable authentication | |
| CN102281286A (en) | Flexible end-point compliance and strong authentication for distributed hybrid enterprises | |
| CN104104671B (en) | Establish the unified dynamic authorization code system of business entity's account | |
| JP7554197B2 (en) | One-click login procedure | |
| US10880302B2 (en) | Systems and methods for biometric authentication of certificate signing request processing | |
| US10764049B2 (en) | Method for determining approval for access to gate through network, and server and computer-readable recording media using the same | |
| CN102456102A (en) | Method for carrying out identity recertification on particular operation of information system by using Usb key technology | |
| US20170289153A1 (en) | Secure archival and recovery of multifactor authentication templates | |
| US20120293304A1 (en) | Identification authentication in a communications network | |
| Imran et al. | {SARA}: Secure android remote authorization | |
| CN110516427B (en) | Terminal user identity authentication method and device, storage medium and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder |
Address after: 401331 6-2, No.8, No.56 Jingyang Road, Shapingba District, Chongqing Patentee after: CHONGQING ZHITAO INFORMATION TECHNOLOGY CENTER Address before: 400039 Chongqing Jiulongpo District No. 186 stone path 2 buildings 21-1 Patentee before: CHONGQING ZHITAO INFORMATION TECHNOLOGY CENTER |
|
| CP02 | Change in the address of a patent holder | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20171110 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |