Secondary authentication method based on out-of-band authentication and enhanced OTP (One-time Password) mechanism

A secondary authentication and mechanism technology, applied in the field of identity authentication and information security, can solve problems such as password theft, hacker deciphering, fund theft, etc., achieve safe and convenient two-factor authentication, and eliminate the threat of phishing and man-in-the-middle attacks

Active Publication Date: 2016-02-24
JIANGSU PAYEGIS TECH CO LTD
View PDF5 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In fact, in order to prevent forgetting passwords, many users often use strings that are easy to guess such as birthdays and phone numbers as passwords, or copy passwords on paper and put them in a safe place, which can easily cause password leakage
This method has obvious defects: first, it is difficult to remember, and second, it is easy to be deciphered by hackers
The above two methods will lead to the theft of customer passwords, and criminals will use these passwords to steal funds

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Secondary authentication method based on out-of-band authentication and enhanced OTP (One-time Password) mechanism
  • Secondary authentication method based on out-of-band authentication and enhanced OTP (One-time Password) mechanism
  • Secondary authentication method based on out-of-band authentication and enhanced OTP (One-time Password) mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] The present invention aims at the phishing problem and man-in-the-middle attack problem existing in the existing OTP token authentication, proposes an enhanced OTP mechanism, and combines out-of-band security communication, proposes a new type based on out-of-band verification and enhanced OTP mechanism Multi-factor authentication method, and its realization method is given at the same time. In order to more clearly illustrate the new identity authentication scheme and implementation method in the present invention, the present invention will be described in detail below in conjunction with the accompanying drawings and embodiments. Other feasible equivalent variations can be obtained from these figures.

[0041] Such as figure 1As shown, it is a block diagram of the secondary authentication system based on the out-of-band verification and enhanced OTP mechanism of the present invention, and the system mainly involves the client, the server, the data server, and the mo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a secondary authentication method based on out-of-band authentication and an enhanced OTP (One-time Password) mechanism. Authentication of a client to a server is added based on a common OTP mechanism, and the client and the server are communicated based on PKI/CA (Public Key Infrastructure/Certificate Authority) by adopting a one-way SSL (Secure Socket Layer) authentication protocol; after secondary authentication is completed, the server adopts an out-of-band secure channel to push a business authentication message to equipment bound to a user based on an equipment fingerprint. After the user affirms the push message on the equipment, a business party can proceed. Meanwhile, mobile equipment of the user is provided with an environment site-cleaning control to prevent Trojan from controlling communication to destroy business security. Through the whole secondary authentication method, threats from phishing and a man-in-the-middle attack of a common OTP token are eliminated, and the method is a good replacement for commonly used short message verification codes in business, such as quick payment, on-line payment and mobile payment.

Description

technical field [0001] The invention relates to the field of information security and to the field of identity authentication, in particular to a secondary authentication method based on out-of-band authentication and enhanced OTP mechanism, which is a strong identity authentication technology. Background technique [0002] Authentication technology is an important aspect of information security theory and technology. Before accessing the security system, the user first needs to be identified by the identity authentication system, and then the system determines whether the user can access a certain resource according to the user's identity and authorization database. Identity authentication plays an extremely important role in the security system. It is the most basic security service, and other security services depend on it. Once the identity authentication system is breached, all the security measures of the system will be useless. The target of hacker attacks is often ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0815H04L63/0838H04L63/0853H04L63/0861H04L63/0876H04L63/145H04L69/162
Inventor 汪德嘉刘伟刘景景
Owner JIANGSU PAYEGIS TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap