Method and client side and server and system for mobile token dynamic password generation

Abstract

The invention provides a method, a client side, a server and a system for mobile token dynamic password generation. A random code and an information code are generated when a dynamic password client side is initialized, according to the random code, the immediately produced information code and a current time parameter are combined, a dynamic password is generated according to a dynamic password algorithm and is uploaded to a dynamic password server; the dynamic password server reads the random code and the information code stored under the dynamic password client side in the server when the dynamic password server verifies the dynamic password generated by the dynamic password client side every time, and according to a current time value, a dynamic password algorithm, the same as that of the dynamic password client side, is adopted to calculate a dynamic password verification code in preset time; and when the dynamic password is the same as any one dynamic password verification code calculated in the preset time, verification is passed. Therefore, the purpose of safe application of the mobile token dynamic password system is realized.

Description

technical field [0001] The invention belongs to the field of Internet information security, in particular to dynamic password and identity authentication technology. Background technique [0002] A dynamic password (Dynamic Password), also known as a one-time password (One-timePassword), is a password that is valid and unpredictable within a certain time interval and is generated with time or event changes, and is generally displayed through the dynamic password generation carrier Come out, such as scratch cards, mobile phone tokens, etc. [0003] Today, with the rapid development of the Internet, dynamic password technology combined with identity authentication technology has been widely used in online shopping, electronic transactions, online stock trading and other businesses, providing users with secure identity authentication functions. For example, in an online banking environment, when logging into the online banking transaction system, the online banking system will...

AI Technical Summary

Problems solved by technology

For the mobile phone token dynamic password system, its seed information is generally stored in a folder in the mobile phone memory, so it may be easily stolen by mobile phone viruses and spread to other mobile phones

In this way, other mobile phone users can use the seed information and dynamic password client software to generate dynamic passwords, and fake legitimate users for identity authentication, which brings certain security risks to the application of mobile phone token dynamic passwords.

Images