The new dynamic password patented technology for safe account login and online payment security organically unifies cryptography, computer application practice and efficient algorithm design. Dynamic passwords can be obtained 12 hours in advance, which can provide high security level protection for the account security of domestic and foreign users. Its goal is to become the terminator of current token technology and overcome the shortcomings of current token technology.
Cryptographically secure technology may not necessarily be applied in actual combat. For example: dynamic passwords will never expire before they are used. This is the highest state. It is not only safe, but also extremely convenient. However, it cannot be used in actual computer applications because as the user base expands, the server needs to continuously expand the hard disk capacity, which ultimately makes the service provider completely unable to bear it. For a single user, it is necessary to search from the dynamic passwords that have been used to determine whether the currently entered dynamic password has been used, and the retrieval efficiency will become increasingly low.
The dynamic password designed by this patented technology still has a validity period, which is at least one day. It is recommended to set it for at least three days (yesterday, today, and tomorrow, the patented demonstration system is set for three days). Even if there are a large number of users, it will not occupy a large server hard disk capacity, which is similar to the once popular security card. Security cards are now abandoned, and the only reason is that they are not very secure. The perfect and efficient algorithm design of this patented technology ensures the security of the dynamic password itself from the source, reaching a 6-digit confidential number. After use, it becomes invalid immediately and cannot be guessed or obtained from other channels.
Therefore, this patented technology overcomes the shortcomings of the current token dynamic password technology one by one, which is specifically reflected in (the following advantages cannot or are difficult to achieve with current mobile phone tokens):
a. You can set the number of uses per day. For example, if you only log in to an online game 10 times a day, you can only generate 10 different dynamic passwords that day. After you use it, you cannot log in again that day; of course, the same is true for online payments. In this way, you can strictly limit yourself, get rid of Internet addiction, prevent yourself from becoming an online shopaholic, etc. Of course, it limits the number of logins per day and also enhances security.
b. Provide high security level protection for the accounts of global users, and easily realize safe online gaming, safe online payment (entering dynamic passwords for online shopping is more convenient than UsbKey, and security can be guaranteed), etc. The biggest advantage of this patented technology is that it can easily provide high-security account protection for foreign users. The biggest disadvantage of mobile phone tokens at present is that it is difficult to provide high-security account protection for foreign users. Due to time differences, time correction and other factors, most foreign users cannot use it. Even if they can be used, it will cause confusion between foreign time and domestic time, causing great inconvenience to study and life.
c. The mobile phone is about to run out of battery and is not carried with you. You can still use high-security dynamic password technology. The new mobile phone token developed using this patented technology can completely calculate the dynamic password for any day. You don't need to carry your mobile phone when you are away for many days, and you don't have to worry about the phone running out of battery. You can get the dynamic password in advance and write it on the palm of your hand or on a note you carry with you. As long as the dynamic password is within the login validity period, it will become invalid immediately after login. The current mobile phone token must be carried with the mobile phone at all times, and if the mobile phone is out of battery, the dynamic password cannot be obtained.
d. The dynamic password technology provided by this patented technology is suitable for anyone, especially the elderly who are very unfamiliar with computers and move very slowly. Therefore, the current mobile cardless ATM cash withdrawal service launched by banks such as ICBC (make an appointment online and obtain a dynamic password for cash withdrawal, which is generally valid for 24 hours) can be completely replaced by the new mobile phone token developed by this patent, which is easy to operate. And no need to go online. The current mobile cardless ATMs for cash withdrawal are very troublesome to operate, so few people use this service, let alone the elderly who are very unfamiliar with computers and move very slowly. The current mobile phone token and dynamic password are valid for one minute. It makes it a bit confusing for users to withdraw money from teller machines that are heavily fortified in terms of security. Almost no banks provide mobile phone tokens for ATM withdrawal services.
e. The dynamic password technology provided by this patented technology can be designed into a new type of mobile phone token or hardware token, which can be used in a wide range of applications. Even withdrawals from POS machines in shopping malls are very convenient.
Digression: Regarding the security issues of information transmission and storage, the common approach is: user accounts, passwords and dynamic passwords are encrypted for transmission and storage, and user login authentication is performed on a dedicated authentication server. Therefore, the security issues of information transmission and storage are easy to solve. Users don't need to pay too much attention. Therefore, generally, the user account, password and dynamic password may be obtained by Trojans only when the user enters the user account, password and dynamic password. However, the dynamic password is a character that becomes invalid immediately after input, and it will be invalid even if the Trojan obtains it. Before using the mobile phone token, you can set it to require a login password. In this way, even if the mobile phone is lost or given to others, others will not be able to obtain the dynamic password. In addition, even if someone else obtains the dynamic password and does not know the username and password, they still cannot pass the authentication. Therefore, login authentication technology that simultaneously verifies user accounts, passwords and dynamic passwords can fully protect the security of user accounts. As long as the dynamic password is very random, it cannot be guessed.
