Authentication method, system and device based on dynamic password

Abstract

The invention discloses an authentication method, system and device based on a dynamic password; the authentication method comprises: a token and an authentication server respectively generate the corresponding time-based challenge code block of each time window in accordance with the same generation manner and the same time period; when authentication is required to be carried out, the authentication server transmits challenge code selection indicating information to a user, wherein the challenge code selected according to the information serves as an unused challenge code; after the user selects the challenge code from the corresponding challenge code block of the present effective time window displayed in the token in accordance with the information, the token generates the dynamic password in accordance with the selected challenge code, and displays the dynamic password to the user; and the authentication server receives the dynamic password input by the user, and authenticates the received dynamic password. According to the scheme provided by the invention, the security is improved, and the user can uses the method, system and device provided by the invention conveniently.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to an authentication method, system and device based on a dynamic password. Background technique [0002] In recent years, with the rapid development of the Internet and financial informatization, online banking has been widely praised by users and the banking industry for its convenience and efficiency. In order to ensure the security of information, it is usually necessary to authenticate the user, and the authentication methods include: an authentication method based on a static password and an authentication method based on a dynamic password. Among them, the authentication method based on the static password is less secure because the password is fixed, so the authentication method based on the dynamic password is used more. [0003] Dynamic passwords are also called one-time passwords (OTP, One Time Password). According to different generation methods, dynamic pa...

AI Technical Summary

Problems solved by technology

[0008] However, there are certain problems in the above two methods in practical application. For example, for method 1), the dynamic password does not become invalid once it is used, but is valid for a period of time. In this way, if the dynamic password is intercepted by a hacker , hackers can use it to interact with the authentication server, thereby reducing security; for method 2), the user needs to enter the challenge code into the token device, and in order to facilitate the user to carry, the size of the token device is usually relatively small, so It will be very inconvenient for users to enter the challenge code

Images