CN101667915A - Method for generating dynamic password to execute remote security authentication and mobile communication device thereof - Google Patents

Abstract

A method for generating dynamic cipher to execute remote safety certification and its mobile communication device are disclosed, which is characterized by that a mobile communication device is electrically connected to an independent integrated circuit chip, a dynamic cipher generating module is set in the integrated circuit chip, and a remote server respectively generates a correspondent dynamic certification code, and said dynamic certification code is displayed on the display interface of the mobile communication device. The user reads the dynamic authentication code displayed on the display interface and transmits the dynamic authentication code back to the remote server for checking so as to perform remote security authentication. Therefore, the user only needs to carry out remote security authentication by the portable mobile communication device without carrying other identity verification tools additionally.

Description

Method for generating dynamic password to perform remote security authentication and mobile communication device thereof

technical field

The invention relates to a method and device for generating a dynamic password to perform remote security authentication, in particular to a method for generating a dynamic password to perform remote security authentication based on a mobile communication interface and a mobile communication device for generating a dynamic password to perform remote security authentication.

Background technique

With the rapid development of network communication, a new type of e-commerce transaction mode has emerged accordingly. People do not need to go to the bank or go shopping in person, they can conduct banking business or business transactions through the Internet. Compared with traditional trading methods, the simulated trading environment provided by the e-commerce model does provide great convenience.

However, the most criticized aspect of this e-commerce model is the consideration of transaction security, because users must send their own financial data or personal confidential data, such as credit card numbers, bank accounts, passwords, login account numbers, transaction details, etc., through the network. It is transmitted to the desired transaction server, which provides opportunities for network hackers or interested persons to log or steal data, which will cause great losses to individuals or banks.

At present, a common solution is to use a password security mechanism as a means of personal remote security authentication; general remote security authentication includes user identity authentication and secure data transmission. Taking the traditional password security mechanism as an example, the user first stores a static password in the transaction server, and when he wants to conduct transactions in the future, he enters the static password into the server and checks it to determine the user's identity for the transaction . However, network hackers can easily use methods such as phishing or implanting Trojan horse programs and spyware into the user's computer to obtain the user's static password, which once again exposes the security problem of network transactions.

In order to overcome the above-mentioned problems, a One-Time Password (OTP) technology, also known as a dynamic password technology, has been developed, as shown in Chinese Taiwan Patent No. I288554. OTP technology can randomly generate a once-used password according to time or event (event), and the password is only known to the target server and individuals at the same time. When the predetermined time is exceeded or the dynamic password is used, the password will become invalid immediately. If you want to enter the password next time, you must generate a different dynamic password. In OTP technology, the dynamic password used each time is different and only known by the user. Even if the dynamic password is captured by a network hacker, the dynamic password cannot be used in the next transaction. Therefore, compared with the security mechanism of the traditional static password, it has better security.

The common OTP technology on the market needs to generate a dynamic password through an independent dynamic password generating device (Token). Therefore, if you want to use the OTP function, you must carry the dynamic password generating device with you, which increases the burden on the user. In addition, the dynamic password generating devices used by each financial industry or trading company are not compatible. If you want to conduct transactions with different trading partners, you must carry multiple dynamic password generating devices, which is quite inconvenient to use. A known Taiwan Patent No. I261451 discloses a transaction confirmation method and system for transmitting a dynamic password, which mainly uses a terminal to read the identity verification code in the chip-type card and transmits it to a remote server. After checking the identity verification code, the server generates a dynamic password and puts it in a mobile communication device. The user can input the dynamic password into the terminal for comparison and confirm the user's identity. Although in this technology, the dynamic password is provided by the remote server, avoiding the need of the traditional dynamic password generating device, but the user must rely on the terminal to verify the identity and input the dynamic password, which is still inconvenient.

Contents of the invention

The main purpose of the present invention is to allow the user to complete the OTP identity confirmation with the desired transaction object only with a portable mobile communication device. In order to achieve the above object, the present invention provides a method for generating a dynamic password to perform remote security authentication, which is applied to a mobile communication device and includes the following steps:

a) establishing an electrical connection relationship between the mobile communication device and an independent integrated circuit chip, which is provided with a dynamic password generation module;

b) operate the mobile communication device to activate the dynamic password generation module, the dynamic password generation module and a remote server respectively generate a corresponding dynamic authentication code, and the dynamic authentication code is displayed on the display interface of the mobile communication device ;

c) inputting the dynamic authentication code on the display interface to the remote server through a return means connected to the remote server; and

d) The remote server checks whether the received dynamic authentication code matches, so as to confirm the identity.

Among them, remote security authentication includes identity authentication and secure data transmission. The dynamic password generation module generates dynamic authentication codes corresponding to a plurality of remote servers. Therefore, the present invention may also include a step of selecting the desired corresponding remote server.

In addition, in order to increase the security of the present invention, the present invention also has a step of inputting a personal identification code and checking whether the personal identification code matches; the step of checking whether the personal identification code matches is carried out in the mobile communication device. Or, there is a step of generating an electronic signature according to the transaction data and checking whether the electronic signature is consistent; checking the electronic signature is performed in the remote server.

In the present invention, the integrated circuit chip is arranged on a card slot for inserting the user identification module card. The return means can also be transmitted to the remote server through the Internet, mobile communication network or fixed telephone system; wherein, the return means is input to the remote server through SMS, GPRS, MMS, fax, voice, email and other mechanisms. server.

In addition, the present invention also provides a mobile communication device that generates a dynamic password to perform remote security authentication. The mobile communication device is electrically connected to an independent integrated circuit chip, and the integrated circuit chip has at least one dynamic password generation module. The dynamic password generates The module can be activated by operating the mobile communication device, and generates a corresponding dynamic authentication code with a remote server, the dynamic authentication code is displayed on the display interface of the mobile communication device, and the dynamic authentication code displayed on the display interface Send it to the remote server through a password return means connected to the remote server, and check whether it matches the corresponding dynamic authentication code in the remote server through a password checking module core set in the remote server, so as to Perform remote security authentication.

Among them, remote security authentication includes identity authentication and secure data transmission. The integrated circuit chip can be arranged on a card slot for inserting the user identification module card. In addition, a storage unit is arranged in the independent integrated circuit chip. The storage unit stores at least one personal login data corresponding to different remote servers, and the personal login data is downloaded to the storage unit through the Internet or a mobile communication network, or directly burned in the storage unit when leaving the factory. The personal registration data stored in the storage unit can be changed or deleted by operating the input interface of the mobile communication device. The return means can be transmitted to the remote server through the Internet, mobile communication network or fixed telephone system.

The present invention produces dynamic code and carries out the method for remote security authentication and its mobile communication device are characterized in that:

1. The user only needs to carry out a one-time password security confirmation with the remote server to be traded through a portable mobile communication device.

2. The present invention can also use methods such as downloading and expansion to perform remote security authentication corresponding to multiple remote servers. Compared with the traditional one-time password technology, the present invention does not need to carry an additional dynamic password generating device, and can store multiple transaction objects in the mobile communication device to obtain different dynamic passwords, greatly improving the convenience of use.

3. The present invention can set the integrated circuit chip with the dynamic password generation module on the card slot on the mobile phone for the Subscriber Identity Module Card (SIM Card) to be inserted, and the user does not need to pass through the mobile communication company The provided user identification module card can perform remote security authentication, which is beneficial to popularization by the public.

Description of drawings

FIG. 1 is a schematic diagram of the system architecture of a preferred embodiment of a mobile communication device for generating a dynamic password to perform remote security authentication according to the present invention.

FIG. 2 is a schematic diagram of the system architecture of the embodiment of the present invention using computer equipment or fixed telephones as the return means.

FIG. 3 is a flow diagram of steps in a preferred embodiment of a method for generating a dynamic password to perform remote security authentication in the present invention.

FIG. 4 is a schematic flowchart of an embodiment of the steps of inputting a personal identification code and checking whether the personal identification code matches in the method of the present invention.

Fig. 5 is a schematic flow chart of an embodiment of the steps of generating an electronic signature according to transaction data and verifying the electronic signature in the method of the present invention.

Detailed ways

Relevant detailed description and technical content of the present invention, cooperate schematic diagram to illustrate as follows now:

Please refer to FIG. 1, which is a schematic diagram of the system architecture of a preferred embodiment of the present invention. As shown in the figure: the present invention discloses a mobile communication device 10 that generates a dynamic password to perform remote security authentication. The remote security authentication includes user Authentication and secure data transmission. The mobile communication device 10 includes an input interface 11 for the user to input command signals or select functions, and a display interface 12 for the user to read information. The input interface can be a keyboard module (keyboard module) or a A touch panel (touch panel), and the display interface can be a flat panel display (flat panel display). The mobile communication device 10 is electrically connected to an independent integrated circuit chip 30 , and at least one dynamic password generating module 31 is disposed in the integrated circuit chip 30 . In order to increase the user's convenience, it is not necessary to expand the method of remote security authentication only through the Subscriber Identity Module card provided by the mobile communication company. The integrated circuit chip 30 can be arranged on a Subscriber Identity Module card Card, SIM Card) into the card slot.

The mobile communication device 10 activates the dynamic password generation module 31 by operating the input interface 11, so that the dynamic password generation module 31 and a remote server 20 respectively generate a corresponding dynamic authentication code, and the dynamic authentication code is displayed on On the display interface 12 of the mobile communication device 10 . After the user obtains the dynamic authentication code by reading the display interface 12 , the dynamic authentication code displayed on the display interface 12 is sent to the remote server 20 through a password return means. The password return method adopted by the user can be to directly input the dynamic authentication code through the input interface 11 on the mobile communication device 10, and then transmit it to the remote server via the Internet (Internet) or mobile communication network (Mobile Communication Network) 20, as shown in Figure 1. The mobile communication network can be, for example, a GSM (Global System for Mobile Communication) system, a GPRS (General Packet Radio Service) system, or a 3G ( ^3rd -Generation) system. Or, after the user can read the dynamic authentication code of the display interface 12, use other computer equipment 40 connected to the Internet, such as a personal computer or a notebook computer, etc., to input the dynamic authentication code into the remote server 20, such as Figure 2 shows. The remote server 20 has a password verification module 21 inside. The password verification module 21 receives the dynamic authentication code provided by the password return means, and then checks the received dynamic authentication code to perform remote security authentication. What's more, the user can not use the computer equipment shown in Figure 2, but instead dial the fixed telephone 50 through the fixed telephone system or the public switched telephone network (Public Switched Telephone Network, PSTN), the dynamic authentication will be displayed on the display interface 12 The code is transmitted to the remote server 20.

Besides, in order to enable the present invention to be applied to a plurality of remote servers 20 . A storage unit 32 is disposed in the independent integrated circuit chip 30 . A plurality of personal login data corresponding to different remote servers 20 are stored in the storage unit 32, and the user can select different personal login data and then generate corresponding dynamic authentication codes with a remote server 20 respectively; The communication network or the Internet is downloaded to the storage unit 32 , or directly burned and set in the storage unit 32 when leaving the factory. The personal registration data stored in the storage unit 32 can be changed or deleted by operating the input interface of the mobile communication device 10 .

Please refer to Figure 3, which is a schematic diagram of the steps of a preferred embodiment of the present invention. As shown in the figure: the present invention also discloses a method for generating a dynamic password to perform remote security authentication. Remote security authentication includes identity authentication and security data transmission etc. The method is applied to a mobile communication device and a remote server. Firstly, an electrical connection relationship is established between the mobile communication device and an independent integrated circuit chip (S10), and at least one dynamic password module is arranged in the integrated circuit chip. The integrated circuit chip can be arranged on a card slot for inserting the user identification module card. After the connection relationship between the mobile communication device and the integrated circuit chip is established, the user can operate the mobile communication device to activate the dynamic password generation module, and the dynamic password generation module and at least one remote server respectively generate a corresponding The dynamic authentication code (S20), and the dynamic authentication code is displayed on the display interface of the mobile communication device. In addition to generating dynamic authentication codes corresponding to one remote server, the dynamic password generation module can also generate dynamic authentication codes corresponding to multiple remote servers. Thus, the user can use a single mobile communication device to correspond to multiple servers to achieve the purpose of expanding electronic transaction objects. If the dynamic password generation module can generate different dynamic authentication codes corresponding to multiple remote servers, in the present invention, there is also a step of selecting the corresponding remote server through the input interface of the mobile communication device (S21). Furthermore, after the user reads the dynamic authentication code through the display interface, the dynamic authentication code can be input to the remote server through a return means connected to the remote server (S30). The user can use other computer systems to input the dynamic authentication code, and the computer system and the remote server can be connected to each other through an Internet, so the remote server can receive the dynamic authentication code input by the computer system. Alternatively, the user can directly use the input interface on the mobile communication device to input the dynamic authentication code, and the mobile communication device can be connected to the remote server through the Internet or mobile communication network, so that the remote server can receive the dynamic authentication code. Finally, the remote server kernel checks whether the dynamic authentication code sent by the return means matches the corresponding dynamic authentication code in the remote server to determine the identity of the user (S40). If the dynamic authentication code sent by the return means matches the corresponding dynamic authentication code in the remote server, the remote server sends a verification success message (S41); if the dynamic authentication code sent by the return means does not If it matches the corresponding dynamic authentication code in the remote server, the remote server sends a verification failure message (S42). The verification success information and the verification failure information can be sent back to the mobile communication device or the computer system according to the return means used.

Please refer to FIG. 4, in order to strengthen the security of the overall remote security authentication, in the aforementioned method, there is also a step of inputting a personal identification code (S50) and a step of checking whether the personal identification code matches (S51). In this embodiment, the step of inputting the personal identification code (S50) and the step of checking whether the personal identification code matches (S51) can be placed in activating the dynamic password generation module and generating corresponding dynamic authentication codes with a remote server between the step (S20) and the step (S30) of inputting the dynamic authentication code on the display interface to the remote server through a return means connected to the remote server. When the personal identification code input by the user matches the pre-stored personal identification code, the subsequent steps can be performed; if not, the personal identification code must be re-inputted. The personal identification code is preset in the mobile communication device. Or after the user reads the dynamic authentication code, he must first input the personal identification code in the mobile communication device, and the input personal identification code can be checked in the mobile communication device. After the verification is completed, the following steps can be carried out. The personal identification code can be set by the user, such as a key, a static password, a financial account number, an identity number, a telecommunication number, and the like.

In addition, as shown in FIG. 5 , in order to ensure transaction security, the present invention may also include a step of generating an electronic signature according to the transaction data and checking whether the electronic signature is consistent ( S60 ). According to this embodiment, the user can conduct electronic transactions after the step of sending a verification success message ( S41 ). After the electronic transaction content is confirmed, the step of generating an electronic signature according to the transaction data and checking whether the electronic signature is consistent (S60) can be performed. The transaction data may be enabled transactions, types of financial transactions, transaction accounts, transaction amounts, transaction time, and the like. After the user confirms the desired transaction data, a logic operation is performed to generate the electronic signature. The user transmits the electronic signature to the remote server through a return method and checks it. If the verification is successful, Then the remote server sends a transaction success message (S61), if the verification fails, the remote server sends a transaction failure message (S62). In this way, the procedure of secondary checking is achieved, so as to increase the safety and reliability.

In summary, through the method of generating a dynamic password to perform remote security authentication of the present invention and its mobile communication device, when a user conducts electronic transactions with an electronic merchant or a bank, the one-time password or dynamic password technology can be used to ensure the correctness of identity. sex. In addition, the user only needs to wear a single mobile communication device to connect with a remote server for electronic transactions and conduct remote security authentication. Compared with traditional methods that need to carry an additional independent dynamic password generating device, or obtain and verify dynamic passwords only through a terminal, the present invention does provide a more convenient remote security authentication method. Also, because the present invention can also use methods such as download expansion to perform remote security authentication corresponding to multiple remote servers, it greatly reduces the possibility that users in the past may have to carry a variety of different corresponding dynamic password generators in order to be able to respond to different transaction objects. It reduces the burden on the objects that users need to carry, increases the convenience of use, and can also be popularized for public use. In addition, in the present invention, the integrated circuit chip with the dynamic password generating module can be set in a card slot for inserting the user identification module card, compared with the traditional user identification module card that must be provided by the mobile communication company Only in the way of expanding functions, the present invention can be applied to different mobile communication companies, which is beneficial to the popularization of the public.

The present invention has been described in detail above, but what is described above is only a preferred embodiment of the present invention, and should not limit the implementation scope of the present invention. That is, all equivalent changes and modifications made according to the claims of the present invention should still fall within the scope of the patent of the present invention.

Claims (20)

1. A method for generating a dynamic password to perform remote security authentication, applied in a mobile communication device (10), is characterized in that, comprising the following steps: Establishing an electrical connection relationship between the mobile communication device (10) and an independent integrated circuit chip (30), the integrated circuit chip (30) being provided with a dynamic password generation module (31); Operating the mobile communication device (10) to start the dynamic password generation module (31), the dynamic password generation module (31) and a remote server (20) respectively generate a corresponding dynamic authentication code, and The dynamic authentication code is displayed on the display interface (12) of the mobile communication device (10); inputting the dynamic authentication code on the display interface (12) to the remote server (20) through a return tool connected to the remote server (20); and The remote server (20) checks whether the received dynamic authentication codes are consistent, so as to perform remote security authentication. 2. The method for generating a dynamic password to perform remote security authentication according to claim 1, characterized in that, the dynamic password generation module (31) generates dynamic authentication codes corresponding to a plurality of remote servers (20). 3. The method for generating a dynamic password to perform remote security authentication according to claim 2, further comprising a step of selecting a corresponding remote server (20). 4. The method for generating a dynamic password for remote security authentication according to claim 1, further comprising a step of inputting a personal identification code and a step of checking whether the personal identification code matches. 5. The method for generating a dynamic password to perform remote security authentication according to claim 4, characterized in that the step of checking whether the personal identification codes match is performed in the mobile communication device (10). 6. The method for generating a dynamic password to perform remote security authentication according to claim 1, further comprising a step of generating an electronic signature according to the transaction data and checking whether the electronic signature matches. 7. The method for generating a dynamic password to perform remote security authentication according to claim 6, characterized in that, verifying the electronic signature is performed in the remote server (20). 8. The method for generating a dynamic password to perform remote security authentication according to claim 1, further comprising a step of sending verification success information. 9. The method for generating a dynamic password to perform remote security authentication according to claim 1, further comprising a step of sending verification failure information. 10. The method for generating a dynamic password to perform remote security authentication according to claim 1, characterized in that the integrated circuit chip (30) is arranged on a card slot for insertion of a user identification module card. 11. The method for generating a dynamic password to perform remote security authentication according to claim 1, characterized in that the return means is input to the remote server (20) through the Internet, a mobile communication network or a fixed telephone system. 12. A mobile communication device that generates a dynamic password to perform remote security authentication, characterized in that: The mobile communication device (10) is electrically connected in an independent integrated circuit chip (30), and the integrated circuit chip (30) has at least one dynamic password generation module (31), and the dynamic password generation module (31 ) is activated by operating the mobile communication device (10), and generates a corresponding dynamic authentication code with a remote server (20), and the dynamic authentication code is displayed on the display interface of the mobile communication device (10) (12), the dynamic authentication code displayed on the display interface (12) is sent to the remote server (20) through a password return means connected to the remote server (20), and through a The password checking module (21) in the remote server (20) checks whether it is consistent with the corresponding dynamic authentication code in the remote server (20), so as to perform remote security authentication. 13. The mobile communication device for generating a dynamic password for performing remote security authentication according to claim 12, characterized in that the integrated circuit chip (30) is arranged on a card slot for insertion of a subscriber identification module card. 14. The mobile communication device for generating a dynamic password to perform remote security authentication according to claim 12, characterized in that the mobile communication device (10) has an input interface (11). 15. The mobile communication device for generating a dynamic password for performing remote security authentication according to claim 12, wherein the display interface (12) is a flat panel display. 16. The mobile communication device for generating a dynamic password for performing remote security authentication according to claim 12, characterized in that a storage unit (32) is arranged in the independent integrated circuit chip (30). 17. The mobile communication device generating a dynamic password according to claim 16 and performing remote security authentication, wherein at least one personal login data corresponding to different remote servers (20) is stored in the storage unit (32) . 18. The mobile communication device for generating a dynamic password for remote security authentication according to claim 17, wherein the personal login data is downloaded to the storage unit (32) via a mobile communication network or the Internet. 19. The mobile communication device for generating a dynamic password for remote security authentication according to claim 17, wherein the personal login data is directly burned into the storage unit (32) when leaving the factory. 20. The mobile communication device for generating a dynamic password according to claim 17 and performing remote security authentication, characterized in that the personal login data stored in the storage unit (32) is performed by operating the mobile communication device (10) change or delete. 21. The mobile communication device for generating a dynamic password to perform remote security authentication according to claim 12, characterized in that the password return means is transmitted to the remote server (20) through the Internet, a mobile communication network or a fixed telephone system .

Images