Dynamic Password Authentication System and Method thereof

US 20070186115A1
Filed: 04/17/2007
Published: 08/09/2007
Est. Priority Date: 10/20/2005
Status: Abandoned Application

First Claim

Patent Images

1. A dynamic password authentication method comprising:

performing in a mobile terminal an encrypting operation using a dynamic password algorithm generating key and an initialization parameter stored in a telecommunication card to obtain an encryption result;

sending the encryption result and a user identity identification code to a security authentication server, the security authentication server seeking out the dynamic password generating algorithm key in a database based on the user identity identification code and performing a decrypting operation to the encryption result to obtain a decrypted parameter. comparing the initialization parameter with the decrypted parameter, the mobile terminal passing the authentication if the initialization parameter is consistent with the decrypted parameter, and the authentication being denied if not.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A dynamic password authentication system and the method thereof are disclosed. According to one aspect of the present invention, a dynamic password telecommunication card embedded with a security algorithm in the SIM card of a mobile telephone is used to generate a momentarily changed password. The technique as disclosed improves the security of identity authentication effectively and avoids the trouble for the user to remember the password and change the password frequently. The technique is also suitable to a systems that requires a higher security of the identify authentication, such as the bank, the securities, the police and the electronic government affair and the like, thereby to improve the security for the system administrator and the user to login the system.

87 Citations

View as Search Results

10 Claims

1. A dynamic password authentication method comprising:
- performing in a mobile terminal an encrypting operation using a dynamic password algorithm generating key and an initialization parameter stored in a telecommunication card to obtain an encryption result;
  
  sending the encryption result and a user identity identification code to a security authentication server, the security authentication server seeking out the dynamic password generating algorithm key in a database based on the user identity identification code and performing a decrypting operation to the encryption result to obtain a decrypted parameter. comparing the initialization parameter with the decrypted parameter, the mobile terminal passing the authentication if the initialization parameter is consistent with the decrypted parameter, and the authentication being denied if not.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein the initialization parameter is time information of the mobile terminal.
  - 3. The method according to claim 2, wherein if the time information is used as the initialization parameter, a communication delay and a clock error value are added into the decrypted parameter.
  - 4. The method according to claim 1, wherein the initialization parameter is counting information of the mobile terminal.
  - 5. The method according to claim 4, wherein if the counting information is used as the initialization parameter, an error value caused by the previous denying of the authentication is added.
  - 6. The method according to claim 1, wherein the dynamic password generating algorithm key, a user menu or applications which are stored in the mobile terminal and the security authentication server are updated or changed in an Over-the-Air mode.
  - 7. The method according to claim 6, wherein the Over-the-Air mode comprises:
    - a service provider updating new services used with a dynamic password in a database of a download server;
      
      the mobile terminal implementing a momentary query to a dynamic menu download server by a mobile telephone short message, and sending a dynamic menu downloading request to the download server if new services used with the dynamic password are found, the request of the user being upload by network to the short message service center and transmitted to the download server by a gateway;
      
      the download server packaging the dynamic menu requested by the user into a short message with a specified format, and downloading the dynamic password menu required by the user into the dynamic password telecommunication card of the user through a network link in a data short message mode.
  - 8. The method according to claim 7, wherein the telecommunication card is a SIM card or a UIM card.

9. A dynamic password authentication system comprising:
- an authentication server; and
  
  a mobile terminal connected to the authentication server via wireless communication, the mobile terminal is provided with a dynamic password telecommunication card to generate a dynamic password, the authentication server is stored therein with a dynamic password key corresponding to the dynamic password telecommunication card of the mobile terminal to verify the dynamic password submitted by the mobile terminal
- View Dependent Claims (10)
- - 10. The system according to claim 9, wherein it further comprises a short message service center wirelessly connected to the mobile terminal, and the short message service center provides update service for the user of the mobile terminal or the authentication server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Beijing Watch Data System Co. Ltd. (Watchdata System Company Limited)
Original Assignee
Beijing Watch Data System Co. Ltd. (Watchdata System Company Limited)
Inventors
Hu, Peng, GAO, Xiang

Application Number

US11/736,003
Publication Number

US 20070186115A1
Time in Patent Office

Days
Field of Search
US Class Current

713/184
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0846   using time-dependent-passwo...

H04L 63/0853   using an additional device,...

H04W 12/068   using credential vaults, e....

H04W 12/35   Protecting application or s...

Dynamic Password Authentication System and Method thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

87 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

Dynamic Password Authentication System and Method thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others