Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for protecting account security based on asynchronous dynamic password technology

A dynamic password and technology technology, applied in platform integrity maintenance, user identity/authority verification, electrical components, etc., can solve problems such as lack of confidentiality, inability to prevent, and inability to prevent fraudulent attacks by criminals, to reduce computing pressure , the calculation formula is simple, and the effect of ensuring safety

Active Publication Date: 2014-05-14
陈珂
View PDF6 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Its disadvantages are: the dynamic password is sent in clear text, does not have confidentiality, cannot prevent criminals from using phishing websites to swindle attacks, and cannot prevent criminals from using mobile Trojan horses such as "Stealth Thief" to intercept and forward the dynamic password used by users to log in. It is also impossible to prevent the "renewal card attack" of criminals, that is, to report the loss of the user's mobile phone card maliciously through the user information obtained in advance, and to reissue the user's mobile phone card to defraud the user's dynamic password
Its disadvantages are: the dynamic password is sent in plain text, which does not have confidentiality. The identification code is sent in plain text before the user logs in, which gives the criminals time to put the identification code into the phishing website, and the user cannot effectively judge the authenticity of the server. It is impossible to prevent criminals from using mobile phone Trojan horses such as "Stealth Thief" to intercept and forward the dynamic passwords used by users to log in to invade users' accounts
[0007] The above-mentioned methods can neither prevent "replacement card attack" and hacking Trojan attack, nor prevent criminals from using phishing websites to defraud users, and the security of accounts cannot be guaranteed.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for protecting account security based on asynchronous dynamic password technology
  • Method for protecting account security based on asynchronous dynamic password technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0046] (1) Registration: The user submits binding information to the service provider. The binding information includes the user's account name, a mobile phone number, the encryption method of the challenge code, the validity period of the dynamic password, the calculation formula of the dynamic password and the use of the calculation formula The threshold of the number of times, a secure email address and / or another secure mobile phone number, the encryption method of the challenge code, the validity period of the dynamic password, the calculation formula of the dynamic password and the threshold of the use times of the calculation formula are jointly agreed by the user and the service provider. And it can be retrieved or modified through the secure email address and / or another secure mobile phone number, the management workstation verifies the account name, mobile phone number, secure email address and / or another secure mobile phone number submitted by the user, and calculates...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for protecting account security based on an asynchronous dynamic password technology. The method is characterized by including the steps that a user and a service provider agree on the encryption mode of challenge codes and the calculation formula of dynamic codes; after a log-in request of the user is verified successfully, an authentication server generates the challenge code A, the challenge code B and the dynamic code C, the challenge code A is encrypted to obtain the challenge code B, and the challenge code A is calculated through the calculation formula to obtain the dynamic code C; the authentication server sends a feedback message containing the challenge code B to a mobile phone of the user; the user decrypts the challenge code B according to the encryption mode and then substitutes the decrypted challenge code B into the calculation formula to obtain the dynamic code D; the user inputs the dynamic code D and an account name in the log-in interface on the client side to log in. A system is high in reliability, the secrecy degree for transmitting the challenge codes and other information is high, leakage of code information of the user can be effectively avoided, and moreover user operation is safe and reliable.

Description

technical field [0001] The invention relates to the operation and application technology combining short message transmission and computer database, in particular to a method for protecting account security based on asynchronous dynamic password technology. Background technique [0002] At present, the known mobile phone dynamic password and asynchronous dynamic password technologies mainly have the following methods: [0003] The first one is the asynchronous dynamic password technology, also called the challenge-response method. As the name implies, the identity authentication system based on the challenge / response method means that the authentication server sends a different "challenge" string to the client every time the authentication is performed, and the client program After receiving the "challenge" word string, make a corresponding "response", a system developed by this mechanism. The verification steps are: 1. Enter the application login interface, enter the accou...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/32G06F21/55
Inventor 陈珂
Owner 陈珂
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products