CN100580680C - Password verification system and method for identification of computer message system - Google Patents

Password verification system and method for identification of computer message system Download PDF

Info

Publication number
CN100580680C
CN100580680C CN03135178A CN03135178A CN100580680C CN 100580680 C CN100580680 C CN 100580680C CN 03135178 A CN03135178 A CN 03135178A CN 03135178 A CN03135178 A CN 03135178A CN 100580680 C CN100580680 C CN 100580680C
Authority
CN
China
Prior art keywords
password
substring
user
checking
receiver
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN03135178A
Other languages
Chinese (zh)
Other versions
CN1567321A (en
Inventor
汤放鸣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN03135178A priority Critical patent/CN100580680C/en
Publication of CN1567321A publication Critical patent/CN1567321A/en
Application granted granted Critical
Publication of CN100580680C publication Critical patent/CN100580680C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

This invention relates to a kind of authorization method of data transmission system, especially a kind of password verification system and method that used for computer information system identity verification. The said system structure comprises verification end 1, claim end 2, password receiver 3, master channel 4 and supplementary channel 5. The purpose of this invention is to design a dual-code dual-channel password verification technique with higher security intensity, lower system configuration cost and operation spending.

Description

A kind of password authentication system and method that is used for the computer information system authentication
Technical field
The present invention relates to the authorization method in a kind of data transmission system, particularly a kind of password authentication system and method that is used for the computer information system authentication.
Background technology
In computer information system, it is the first road security perimeter that identity is differentiated.At present, the method that identity is differentiated is existing a lot, the most popular authentication identifying method that is based on password authentication.The password authentication technology mainly contains static password verification technique, one-time password (OTP) verification technique two big classes.
The static password authentication technology: during registration, the user must submit the user name and password of oneself to, and authentication server is registered in all the user name and passwords in the password file.During login, the user imports the user name and password in client, sends authentication server to.Authentication server with the relative users name registered in the log-on message that receives and the password file and password relatively.If identical, then by checking; Otherwise will refuse login.Usually, password information has certain security intensity through encrypting.But the generation of password depends on the user substantially, and password information is constant substantially, and is reusable.The assailant can steal password file by network, uses such as dictionary again and cracks, exhaustively the password that means crack the user such as cracks; Perhaps obtain password information with means such as network interception, Trojan Horse abduction; Also can extract password information by other manual type; And stolen often being difficult to of password finds that the assailant can cause damage with the password illegal invasion computer information system of stealing.Here it is so-called Replay Attack.In addition, to having relatively high expectations of user's establishment, memory, change password, also can cause variety of problems because of the user forgets password.Password after the improvement increases user's memory capacitance, uses difficulty, and rule remains unchanged for a long period of time and reveals easily.
Pure software OTP technology: system distributes an account number for each user, and each account number is furnished with seed (Seed), iterative value (Ic) and current cipher (SPP).During login, the account number that the user submits oneself to service end is as request; Challenge information of forming by seed Seed and current iteration value Ic of service end response, the user imports the cipher of oneself, client with this cipher and seed Seed as input parameter, move One-Way Encryption Hash function Ic time, produce an one-time password OTP and submit to service end.Service end also produces an OTP with same algorithm.Two compare, and conform to then by checking.After logining successfully, service end subtracts 1 with iterative value, preserves this OTP and Ic value.The OTP technology has taked new password to generate and transfer mechanism, can successfully take precautions against above-mentioned Replay Attack.But there is following problem:
(1). the computation burden of service end, client computer is heavier, and system's operation expense is big;
(2). service end stores one-time password information, but has the point of attack [13]Because password has periodically reusability, thus iterative value near 0 or cipher revealed when needing to revise cipher, the OTP system must in time reinitialize, otherwise has the danger that is broken [8] [14]In case one of them by broken, then may produce chain by broken [14]And the user must login immediately if user and service end are too far away apart, and this initialization is very inconvenient;
(3). the user need remember cipher, have forget, reveal, by the danger of artificial attack the (as steal a glance at, steal and falsely use, in the operation keystroke, perhaps worry to forget and be recorded on the paper);
(4). for the transmission of key message,, seriously rely on safe lane, and be difficult to exist real safe lane in the computer network system as user ID, cryptographic seed, sequence number, first proof factor (i.e. n password) [9]
(5). only support the unidirectional authentication of service end to the user; Being difficult to prevent to palm off server gains the elder generation that initiates behind the OTP by cheating and sends out attack [7]
(6). use the cryptographic algorithm of standard, provide condition for the assailant uses same algorithm to carry out password cracking.
The dynamic password card technological system: password card, certificate server and management work station by user side form.Management work station is responsible for user's registration, initialization, generation and granting password card, information correction, cancellation of card etc.During registration, carry out initialization by management work station, storing exclusive information such as user key, hair fastener time, user PIN in the card, after this password maker in the card generates a password according to the information per minute in the card; Certificate server makes the password that uses the same method cryptosync in all registered user's generations and the card is changed.When the user logined, the card of entering password was gone up the password that shows, compares authentication by certificate server.This is a kind of time synchronized and two-factor authentication technology, can prevent network interception, Replay Attack etc., but have following defective and hidden danger [9]:
(1). system configuration cost height needs special certificate server and standby certificate server, management work station;
(2). system's operation expense is big, and the calculation of complex of service end, calculated amount are very big;
(3). time synchronized requires high, if because the system failure or administrator error are revised system time (this is the mistake that is easy to produce), in a single day lose synchronously between certificate server and the card, password card will lose efficacy, cause confusion, need administrative center to carry out special processing;
(4). the maintenance management of password and password card depends on administrative center, user's inconvenience, the hidden danger that also exists the keeper to commit a crime;
(5). password blocking work, handling cost are higher, are afraid of to lose, is afraid of to damage, be afraid of to usurp increase user's financial burden and psychological burden;
Smart card password technology also requires to be equipped with the concrete management workstation and depends on the key information center, and the defective of existence is identical with the dynamic password card technique substantially [9] [11]
Application number is the method for introducing in 98101443.7 the Chinese patent literature, is mainly used in telecommunications bank to the user notification password information, solves the problem of being opened, stealing by the people easily in the legacy notifications method.Though used binary channels mode and password receiver, the solid size password strings is eavesdropped easily; And, after notifying the receiver of user to the user (comprising mobile phone, beeper, phone, E-mail, facsimile recorder etc.), though can be disposable, but owing to the time that password exists can certain mode of user specify, if the time of appointment is longer, then before using, have password information in receiver and authorization computer, this has just stayed the hidden danger that is stolen.In case receiver (especially mobile phone, beeper) is lost or used by people's malice, just just energy is stolen for password information, and user benefit just has no security and can say.
Summary of the invention
The objective of the invention is to design that a kind of security intensity is higher, the system configuration cost is lower, system's operation expense is less, the user uses the lighter password authentication technology of burden---dicode binary channels password authentication method and system.
Content of the present invention is: a kind of method that is used for the computer information system authentication is characterized in that the password authentication method of described computer information system identity is:
The first step, registration: the user submits user identification code, password receiver ID log-on message by subscriber interface module to the request end, select the password composition rule, the request end sends the checking end to, and the checking end is preserved these information, set up the login account number for the user who meets registration condition;
Second step, password authentication:
(1), the user passes through the subscriber interface module of request end to verifying that the identification information of holding submission oneself as logging request, starts proof procedure;
(2), after the checking end is received logging request, whether there is this user in the check system,, then generates character string at random as the password substring if exist, and preserve the password substring that is produced, and send the password substring to user by the equipment of communication channel and reception password;
(3). after the user receives the password substring, the password substring is input to the request end, makes the request end know the password composition rule that own this login will be used simultaneously;
(4). the password composition rule that will use according to this login of user synthesizes the password substring of receiving, generates checking voucher password strings, and makes it to be present in the checking end;
(5). the checking end synthesizes checking according to password strings according to the password composition rule that this user who is preserved in the system selects with the password substring of being preserved, then, will verify according to password strings and checking voucher password strings to compare, if identical, allow the user to enter system, otherwise the refusing user's login;
Step in the described password authentication is:
(1). the user holds the identification information of submitting oneself to as logging request by the subscriber interface module of request end to checking, starts proof procedure;
(2). after the checking end is received logging request, whether there is this user in the check system, if exist, then generate and preserve two character strings that produce at random as the password substring, one of them password substring is sent to the request end by main channel, and another password substring is sent to the password receiver by auxilliary channel; Perhaps generate and preserve a character string that produces at random as the password substring, be sent to the password receiver by auxilliary channel;
(3). after the user receives the password substring, the password substring is input to the request end, enter password simultaneously composition rule or use default rule make the request end know the password composition rule that own this login will be used;
(4). the password composition rule that will be used according to this login of user by verifying software synthesizes the password substring of receiving, generates checking voucher password strings; Be after request end software receives user's input, the password synthesis mode according to the user selects synthesizes checking voucher password strings with the password substring, sends the checking end to; Perhaps the password substring is sent to the checking end, whether the password composition rule decision of selecting according to the user also transmits synthetic code, by the synthetic checking of checking end software voucher password strings; Import the request end after perhaps according to the password composition rule of oneself selecting the password substring being synthesized checking voucher password strings by the user, the request end is submitted checking voucher password strings to the checking end then;
(5). the checking end synthesizes two password substrings being preserved according to the password composition rule that this user who is preserved in the system selects, and generates checking according to password strings; Then, will verify according to password strings and checking voucher password strings to compare, and, allow the user to enter system if identical; Otherwise refusing user's login.
A kind of password authentication system that is used for the computer information system authentication, the structure of described system comprises checking end, request end, password receiver, main channel, auxilliary channel, be characterized in that the mode that password generates is to produce the password substring by verifying software temporarily, synthetic according to the password composition rule that the user selectes, password information is by main channel, auxilliary two channel transfers of channel.
Above-mentioned checking end is responsible for the user is registered, handles logging request and password authentication, and can be connected mutually with the other system service; Described checking end comprises computer system, is used for connecting the main channel Network Interface Unit of main channel and request end, is used for being connected auxilliary channel and the auxilliary channel interface device of password receiver and the checking end software that is used for password authentication; Described password authentication software section comprises monitoring and receiver module, checks inspection module, random password substring generation module, sending module, authentication module, secondary service module, user's registration information storage table, is connected module with other system service program.
Above-mentioned request end is used for finishing login process to password substring, help user that the checking end submits to logging request, Receipt Validation end to transmit, and other and checking related service function are provided; Described request end comprises common computer system and carries out the request end software of login process and password authentication with checking end software collaboration, and request end software comprises subscriber interface module, monitoring and receiver module, sending module, tentatively checks and check module, synthesis module, secondary service module, user authentication information storage table.
Above-mentioned checking end software and/or request end software all are called verifying software.
Above-mentioned main channel be checking end department of computer science unify the place, request end computer system itself or can make the information transfer channel that checking is held and the request end communicates.
Above-mentioned auxilliary channel is that another different with main channel is used for the communication port of information transmission.
Above-mentioned password receiver is used for receiving the password substring that transmits through auxilliary channel from the checking end.
The user holds to checking by the request end and sends logging request, and under the control of above-mentioned verifying software, the checking end generates and preserve the password substring, and transmits password substring information by channel and the equipment that can receive password to the user; The user is input to the request end with the password substring that receives, and tells the request end password composition rule that this login will be used oneself, with generating checking voucher password strings; The password information that is used to verify is transmitted to the checking end in the request end; The checking termination closes up and makes information, and the password composition rule of selecting according to this user who is preserved in the system synthesizes checking according to password strings with the password substring of being preserved, and compares with checking voucher password strings, and whether decision allows the user to login.
Concrete processing procedure is: during registration, user or service organization submit user's user ID (having the identification code of uniqueness such as user name, account name, user identity card number or other), password receiver ID number to checking end by the request end, also can specify password receiver kind, the user selects oneself password composition rule, and (user need remember the Code Number that this is regular, or select use to give tacit consent to composition rule), the checking end is kept at these information in the proof list.
During logging in system by user, to the request end submit to oneself user ID or password receiver ID number as logging request; The request end sends this information to the checking end; After the checking end is received logging request, whether there is this user in the check system.If exist, generate two random strings (optimum length is 4~8 characters) immediately, perhaps a random string is as password substring (optimum length is 6~12 characters), and this password substring is kept in the proof list; By main channel a password substring is sent to the request end then, another password substring is sent to the password receiver, perhaps only a password substring is sent to the password receiver by auxilliary channel by auxilliary channel.Certainly also can transmit earlier again and preserve.
After the user receives the password substring, the password substring is input to the request end, also whether the password composition rule that will select according to oneself determines the needs synthetic code of entering password, by the composition rule of request end the password substring is synthesized, generate checking voucher password strings according to user's appointment in this login; Import the request end after perhaps according to the password composition rule of oneself selecting the password substring being synthesized checking voucher password strings by the user, the request end is submitted checking voucher password strings to the checking end then; Perhaps the request end is submitted the password substring to the checking end, whether submits synthetic code to according to the password composition rule decision that the user selects.
The checking termination is received checking voucher password strings or password substring, and the password composition rule of selecting according to this user in the proof list synthesizes the password substring of being preserved, and generates a checking according to password strings.If what receive is password substring and composition rule information, also need the password substring be synthesized checking voucher password strings with the password composition rule of user's appointment in this login.Then, will verify according to password strings and password voucher password strings to compare,, then be proved to be successful, and notify the user, allow login system by authentication if identical.Otherwise refusal login or requirement login once more.
After this checking is finished (no matter being to be proved to be successful or login failure), the password substring of being preserved is eliminated immediately or lost efficacy.
In the content of the present invention, can be in the step of described password authentication: after the checking end is received logging request, whether there is this user in the check system, if exist, then generate and preserve two character strings that produce at random as the password substring, one of them password substring is sent to the request end by main channel, and another password substring is sent to the password receiver by auxilliary channel, perhaps generate and preserve a character string that produces at random as the password substring, be sent to the password receiver by auxilliary channel.
In the content of the present invention, can be in the step of described password authentication: after the checking end is received logging request, whether have this user in the check system, if exist, then generate and preserve a character string that produces at random as the password substring, be sent to the password receiver by auxilliary channel.
Can realize in the terminal device that the function of the request end described in the content of the present invention can communicate by communication server equipment in the alternative communication network and checking end and this equipment place communication system that the respective server equipment of described request end software function realizes jointly.
The formation method of the auxilliary channel described in the content of the present invention can have following several mode:
1. will verify that end links to each other with the interface server equipment of landline telephone communication network; When sending the password substring, a password substring is sent to this interface server equipment, the telephone exchange that this interface server equipment is transferred to password substring information in this communication network sends to appointment password receiver; The communication terminal device of its password receiver for receiving this switch institute transmission information and passing on received content to the user;
2. will verify that end links to each other with the interface server equipment of cordless communication network; When sending the password substring, a password substring is sent to this interface server equipment, the dispensing device that this interface server equipment is transferred to password substring information in this communication network sends to appointment password receiver; The communication terminal device of its password receiver for receiving this emitter institute transmission information and passing on received content to the user;
3. send password substring information with the emitter that directly links to each other, have only specific password receptacle can receive this password substring with checking end computing machine; This emitter has interface section, receiving circuit, signal modulation circuit, address encoding circuit, amplifying circuit, radiating circuit; The interface section is used for linking to each other with verifying the end computing machine, and other parts are finished message pick-up, signal modulation, geocoding, signal amplification, frequency modulation and information emission respectively; Corresponding password receiver contains receiving circuit, signal demodulation, address decoding circuitry, output circuit, output unit, control setting, the password substring information that can guarantee above-mentioned dispensing device emission has only the password receiver of appointment or password receiver group to receive, and so that the mode that the user knows is exported this password substring content, other password receiver does not receive or receives and do not export.
4. utilize the communication port of computing machine itself, have interface section, receiving circuit on the password receptacle and can allow the user know the output unit of password substring content; The interface section is in order to be connected with checking end communication port, when the checking end needs to send the password substring, promptly mail to the corresponding communication port, the interface and the receiving unit of password receiver receive password information, and output is immediately so that the mode that the user knows is exported this password substring content.
Have the interface section on the password receptacle described in the content of the present invention, receiving circuit and can allow the user know the output unit of password substring content; The interface section is in order to be connected with checking end communication port, when the checking end needs to send the password substring, promptly mail to the corresponding communication port, the interface and the receiving unit of password receiver receive password information, and output is immediately so that the mode that the user knows is exported this password substring content.
Is furnished with biometric devices on the password receiver described in the content of the present invention, the formation of this device comprises the biological attribute data memory storage that stores specific user's biological attribute data, gathers the biometric data acquisition device of existing holder's biological attribute data and relatively controls and be provided with circuit arrangement; Relatively control and be provided with circuit arrangement and biological attribute data memory storage, the biometric data acquisition device, power supply is connected with display device with switchgear; Relatively controlling and be provided with circuit arrangement can and compare from biological attribute data memory storage and biometric data acquisition device for reading data, according to the Push And Release of comparative result control power supply and switchgear and display device, guarantee that the user that biological characteristic only conforms to can start its work.
Description of drawings
Fig. 1 is the general structure synoptic diagram of the password authentication system and method for computer information system authentication.
Fig. 2 is a checking end structure block diagram of the present invention.
Fig. 3 is a request end of the present invention structured flowchart.
Fig. 4 is an auxilliary channel embodiment synoptic diagram of the present invention.
Fig. 5 is that the password emitter circuit among the auxilliary channel embodiment of the present invention constitutes synoptic diagram.
Fig. 6 is that the password acceptor circuit among the auxilliary channel embodiment of the present invention constitutes synoptic diagram.
Fig. 7 is the synoptic diagram of the embodiment 3 of second kind of auxilliary channel implementation method.
Fig. 8 is that the password emitter circuit of second kind of auxilliary channel implementation method constitutes synoptic diagram.
Fig. 9 is that the password acceptor circuit of second kind of auxilliary channel implementation method constitutes synoptic diagram.
Figure 10 is that the another kind of password acceptor circuit of second kind of auxilliary channel implementation method constitutes synoptic diagram.
Figure 11 is complete reinforced three a factor authentication system passwords checking processing flow chart.
Embodiment
Below, further introduce implementation method of the present invention in conjunction with the accompanying drawings and embodiments.
In above-mentioned password authentication system, the function of checking end 1 is realized jointly by the checking end software and hardware that is used for password authentication, sees Fig. 1, Fig. 2.Checking end software section can comprise monitor with receiver module 16, check check module 14, random password substring generation module 12, sending module 13, authentication module 15, secondary service module 17, checking end proof list 18, with other system service program converged functionality module.
Wherein:
Monitor and receiver module 16: be responsible for monitoring and find login request of users, and receive the user ID that request end 2 sends, perhaps password receiver ID number, give to check and check module 14 from main channel transmitting-receiving port 11; Also to receive 2 other authorization informations that transmit, give related process module from the request end.
Check and check module 14: after receiving landing request information, check and verify in the end proof list 18 whether have this user ID.If exist, call random password substring generation module 12 immediately and generate the password substring; Otherwise call sending module 13, send the refusal login or require the information of login again to request end 2.
Random password substring generation module 12: be responsible for generating two or a random password substring 6,7, and it is kept in the checking end proof list 18, call sending module 13 then, send the password substring to main channel transmitting-receiving port 11 and/or auxilliary channel transmit port 10.The random password substring can utilize random character to generate software and produce, and perhaps utilizes random character generator hardware to produce.
Sending module 13: be responsible for sending information to the transmit port of two channels.Normally send a password substring and other response answer information to the request end to main channel transmitting-receiving port 11; Send another password substring to auxilliary channel transmit port 10.
Authentication module 15: be responsible for receiving password substring (also may also have password composition rule code) or checking voucher password strings information, take out the password substring of being preserved by random password substring generation module 12 from checking end proof list 18 from monitoring with receiver module 16, the password composition rule of selecting according to the user generates checking according to password strings; To verify that voucher password strings and checking compare according to password strings.If the two is identical, then call sending module 13 and send the successful information of login, and remove the password substring in the table to request end 2, the service routine in the connected system allows the user to use simultaneously; Otherwise, remove the password substring information in the table, call sending module 13 simultaneously and send the refusal login or require the information of login again to request end 2.
Secondary service module 17: to the user account number registration, Account Administration be provided, withdraw from automatically, the password substring is removed or the service of losing efficacy.
Checking end proof list 18: promptly user's registration information stores table (or database), is id number (as password receiving end PIN code, cell-phone number, Pager No, telephone number etc.), the code information of password composition rule of each user's registration and preservation user ID (or the account waits other uniqueness user identification code), password receiver 3; Also to preserve the password substring when needing.
Certainly, but the function of above-mentioned each module is divided flexible design, is not limited to above-mentioned division.The realization of software module and concrete programming language, programming tool, programmed method have nothing to do.
The hardware of checking end 1 except common computer system device, also has auxilliary channel transmit port 10 apparatuss, is used for linking to each other with auxilliary channel 5 communication systems and password receiver 3, holds 1 to communicate by letter with auxilliary channel communication system for checking.The checking end links to each other with main channel 4 and request end 2 by common Network Interface Unit or computer system itself, links to each other with auxilliary channel 5 and password receiver 3 by auxilliary channel transmit port 10 apparatuss.
The computer system of checking end is irrelevant with model, the size of all hardware equipment such as concrete CPU, internal memory, memory device, also has nothing to do with software environments such as concrete computer operating system, application system, development systems.
Request end 2 is common computer systems, or other can be by communication server equipment in the alternative communication network and the terminal device of verifying that end communicates, such as telephone set, facsimile recorder, PDA.
When request end 2 is common computer system, link to each other with checking end 1 with main channel 4 by main channel transmitting-receiving port 20, realize by the request end software that carries out password authentication with checking end software collaboration, its function comprise substitute the family to service end 1 transmit local verification in logging request, the checking of two stages, the correctness of password rule code in the remote validation is judged with analyze, carry out password syntheticly generates the checking voucher, transmits the required information of remote validation (comprising user identification code, synthetic back password strings) to checking end 1.Software comprises monitoring and receiver module 25, sending module 24, subscriber interface module 19, tentatively verifies module 21, synthesis module 22, secondary service module 23, request end proof list 26, sees Fig. 1, Fig. 3.
Wherein:
Monitor and receiver module 25: be responsible for monitoring and finding checking end 1 information of sending from main channel transmitting-receiving port 20, and the password substring 6 that sends of Receipt Validation end 1, give subscriber interface module 19 and show; Also to receive other response answer information that transmits from checking end 1, give correlation module and handle;
Sending module 24: be responsible for to main channel transmitting-receiving port 20 transmission information;
Subscriber interface module 19: be responsible for and the user between mutual, accept the information (such as request log-on message, password substring, password composition rule code, operational order) of user's input, with checking end 1 information of sending, report an error, information with the mode that can allow the user know (as show, voice suggestion) tell the user, and call corresponding module and handle, as call sending module 24 to checking end 1 send the request login information, calling password synthesis module 22, to carry out password synthetic.
The preliminary module 21 of verifying: whether this user's synthetic code is consistent in the password composition rule code of checking user's input and the request end proof list 26.If consistent, call password synthesis module 22 immediately; Otherwise show error message to the user, refusal carries out register or requires login again; Also can analyze maloperation that current mistake is a validated user or illegal invasion person guessing examination, handle accordingly then;
Password synthesis module 22: be responsible for to receive user's input password substring (may also have password composition rule code), according to the password composition rule code in the request end proof list 26 the password substring is synthesized a checking voucher password strings 8, call sending module 24 then and send to checking end 1; When checking holds 1 to send checking voucher password strings, also may be when needing to checking end transmission password receiver ID number, the code information of password composition rule.
Secondary service module 23: be responsible for providing other subsidiary function to the user;
Request end proof list: for each user's registration and preservation user ID (or the account waits other uniqueness user identification code), password receiver number (as password receiving end PIN code, cell-phone number, Pager No, telephone number etc.), the code information of password composition rule, be used to analyze the out of Memory of registrant's intention.
Also can increase the local verification module, carry out the request end local verification.
Certainly, but the function of above-mentioned each module is divided flexible design, is not limited to above-mentioned division.The realization of software module and concrete programming language, programming tool, programmed method have nothing to do.
The implementation method of password authentication is as follows:
During registration, user or service organization submit user ID (having the identification code of uniqueness such as user name, account name, user identity card number or other), password receiver to ID number by subscriber interface module 19, also can specify password receiver kind, the user selects the password composition rule of oneself, or selects to use the acquiescence composition rule; Subscriber interface module 19 calls secondary service module 23 and 17 and finishes the registration operation, and the information of response is kept in request end proof list 26 and the checking end proof list 18.
When the user logins, submit user ID to by subscriber interface module 19, subscriber interface module 19 calls sending module 24 and sends logging request to checking end 1; After the monitoring of checking end 1 and receiver module 16 receive logging request from main channel transmitting-receiving port 11, user ID given to check check module 14, check check that module 14 is received landing request information after, check and verify in the end proof list 18 whether have this user ID.If exist, call random password substring generation module 12 immediately and generate the password substring; Otherwise call sending module 13, send the refusal login or require the information of login again to request end 2.
Random password substring generation module 12 utilizes random character to generate software and produces, perhaps utilize random character generator hardware to produce, generate two or a random password substring 6,7, and it is kept in the checking end proof list 18, call sending module 13 then, send the password substring to main channel transmitting-receiving port 11 and/or auxilliary channel transmit port 10.The password substring 7 that sends by auxilliary channel transmit port 10 is received by password receiver 3 through auxilliary channel 5, receive and dispatch port 20 by the password substring 6 that main channel transmitting-receiving port 11 sends through the main channel that main channel 4 is sent to request end 2, receive by monitoring, and be sent to subscriber interface module 19 and export to the user with receiver module 25; The password substring 7 that the user receives password receiver 3 is by artificial channel 9 input user interface modules 19, also can be with password substring 6 input user interface module 19 again; And, import this and login employed password composition rule code according to the password composition rule of oneself selecting; Or do not enter password the composition rule code and use the acquiescence composition rule; Subscriber interface module 19 calls preliminary verification module 21 and carries out trial inspection; Whether this user's synthetic code is consistent in the password composition rule code of checking user's input and the request end proof list 26.If consistent, call password synthesis module 22 immediately; Otherwise show error message to the user, refusal carries out register or requires login again; Also can analyze maloperation that current mistake is a validated user or illegal invasion person guessing examination, handle accordingly then; Password synthesis module 22 synthesizes a checking voucher password strings 8 according to the password composition rule code in the request end proof list 26 with the password substring, calls sending module 24 then and sends to checking end 1 by main channel transmitting-receiving port 20; When checking holds 1 to send checking voucher password strings 8, also may be when needing to information such as checking end transmission password receiver ID number, password composition rule codes; It is synthetic that perhaps request end software does not carry out password, but the password substring of user's input and the password composition rule code of this less important use are sent to checking end 1 by main channel transmitting-receiving port 20.
The monitoring of checking end 1 and receiver module 16 receive the above-mentioned password information that is used to verify by main channel transmitting-receiving port 11, call authentication module 15; If what receive is checking voucher password strings, authentication module 15 takes out the password substring of being preserved by random password substring generation module 12 6 and 7 from checking end proof list 18, the password composition rule of selecting according to user in the checking end proof list 18 generates checking according to password strings; If what receive is password substring information such as (also may also have password composition rule code), also need according to this composition rule the synthetic checking of the password substring voucher password strings of receiving; Then, will verify that voucher password strings and checking compare according to password strings.If the two is identical, then call sending module 13 and send the successful information of login, and remove the password substring in the table to request end 2, the service routine in the connected system allows the user to use simultaneously; Otherwise, remove the password substring information in the table, call sending module 13 simultaneously and send the refusal login or require the information of login again to request end 2.
When the user need carry out the Account Administration operation, at first to call secondary service module 23,17 by subscriber interface module 19 then, finish needed Account Administration operation by above-mentioned password authentication process.
Account Administration comprises log-on message modification, account number time-out, recovery or cancellation etc.These operations are optional, according to circumstances determine whether, when to carry out with needs by user or service organization, but can carry out after all must obtaining corresponding authority by authentication.Modification is meant some log-on message before the change, such as password receiver ID number, and/or the password composition rule etc.User ID can not be revised.Suspend and be meant that the requests verification end is temporarily invalid with the user ID of oneself, no longer allows anyone use.Recovery is that the requests verification end can use the user ID that is suspended again.Cancellation is that the requests verification end is removed user ID, and making this user no longer is the validated user of native system.
The user name of input and the correctness of regular code also can be responsible for checking in the request end, to alleviate the burden and the network traffics of checking end.If correct, promptly have this user ID in the request end proof list 26, and the synthetic Code Number of input conforms to this user's Code Number in the table, then submit to this to login needed information (comprise user identification code, password strings after synthesizing etc.) to checking end 1; If do not have this user, then report an error, prompting is defeated again; If user ID is correct, but regular code do not conform to, and the numerical distance between this user's the code value in the regular code value of record input and the proof list 26 is then analyzed password strings that client submits to and the correct degree of approximation between the password strings.Be proper mistake or guessing the examination password with this analysis user, and write down the continuous errors number in this logging request, machine prompting user is carrying out password attack in due course, notice checking end 1 this user account number of locking, and stop this session connection.Can effectively block like this and guess the examination attack.
In order further to improve security intensity, the user that the request end also can adopt existing password technology (such as the static password improvement technology of introducing in " background technology ") that request is logined carries out local verification, has the power that receives password substring 6 and/or 7 to guarantee login user.Can prevent to attempt the password receiver 3 that illegal incomer usurps validated user so more effectively.
After request end 2 sends logging request,, then stop this login sessions if in the checking time limit, do not receive the checking end 1 password substring 7 that transmits or 6 and 7.Need the user to login again.
When request end 2 is can be by the communication server equipment in the alternative communication network during with other terminal device that checking end 1 is communicated by letter, its function is by realizing in this terminal device and this equipment place communication system that the respective server equipment of described request end software function realizes jointly.
Main channel 4 of the present invention is exactly common computer system itself or computer network channel, need not give unnecessary details.
Auxilliary channel 5 of the present invention is different with main channel 4 at aspects such as communication system, physical channel, information coding, transmission methods with main channel 4.According to the concrete condition of implementing, the implementation method of auxilliary channel can have:
1. utilize existing communication facilities such as public telephone network, mobile radio communication, call communication network, satellite communication link to realize; This is used for internet environment, the situation of perhaps having ready conditions and linking to each other with other external communication network.
2. adopt self-built dedicated channel to realize.
When adopting first kind of implementation method, see Fig. 4, the constructive method of auxilliary channel 5 is that auxilliary channel transmit port 10 can be but be not limited to common network interface unit; Checking end 1 links to each other with the interface server 27 of another kind of communication network by auxilliary channel transmit port 10; Checking end 1 is sent to interface server 27 with password substring 7 and password receiver 3 ID number, is handed by interface server 27 over to corresponding dispensing device 51 sends in this communication network, is received by password receiver specific in this communication network 3 again.Such as, link to each other with the communication interface server of checking end 1 and public telephone network or switch or with the note transmission interface server of mobile telephone communications network or with the call service device of paging station or with the transmission server of Satellite Transmission Center (server or the similar devices with above-mentioned special use is commonly referred to as interface server here); Its password receiver 3 can be respectively telephone set and facsimile recorder, mobile phone or beeper, and perhaps other can receive the similar devices of place communication network dispensing device institute transmission information (also comprising the password substring certainly).
When adopting second kind of implementation method, the formation of auxilliary channel 4 needs special-purpose password information dispensing device and password receiving equipment.Following several mode is arranged:
(1). in the unit situation or under the situation that checking is held and place, request end network coverage is not very big, can see Fig. 5 with special-purpose password dispensing device and corresponding password receiver realization.In this case, special-purpose dispensing device 28 links to each other with the auxilliary channel transmit port 10 of checking end, is used for sending password substring 7, and its transmitting range should be able to the overlay network coverage.
As shown in Figure 8: the structured flowchart of this dispensing device 28 has been described, it has parts such as interface section 30, data receiver circuit 31, address encoding circuit 32, signal modulation circuit 33, amplifying circuit 34, antenna and radiating circuit 35.Interface section 30 is the interface that connects the internal slots of computing machine, the communication port that is used for connection request end 2 computing machines, or parallel communications port, or USB interface, or the plug of other communication port, the perhaps wave point of communicating by letter with the computing machine infrared communications ports, be used for linking to each other with verifying the end computing machine, other parts are finished message pick-up, signal modulation, geocoding, signal amplification, frequency modulation and information emission etc. respectively.Also power supply and control circuit can be arranged.
Corresponding password receiver architecture block diagram is seen Fig. 9, it contains antenna and receiving circuit 36, signal demodulating circuit 37, address decoding circuitry 38, data output circuit 39, output unit 40, relatively controls and be provided with parts such as circuit 41 and power supply and switchgear 48, password substring 7 information that can guarantee above-mentioned dispensing device emission have only the password receiver 3 of appointment or password receiver group to receive, and export this password substring content with explicit, voice suggestion or alternate manner, other password receiver does not receive or receives and do not export.
(2). under unit (promptly the checking end is in the same computer system with the request end) situation, also can not need special-purpose dispensing device, and realize, see Fig. 6 with the method for external password substring receiver.The structured flowchart of external password substring receiver 3 is seen Figure 10, it has an interface section 44 (such as the communication port that is used to insert the request end computing machine, or parallel communications port, or USB interface, or the plug of other communication port, the perhaps wave point of communicating by letter etc.), also have data receiving circuit 45, data output circuit 46 and an explicit device or other can allow the user know the output unit 47 of password substring content with the computing machine infrared communications ports.When checking end 1 needs to send password substring 7, promptly mail to one of above-mentioned communication port.External password receiver 3 shows immediately or otherwise exports this password substring content.Need, power supply and switchgear 48 also can be arranged.
(3). bigger at checking end and place, request end network coverage, the transmitting range of special-purpose transmission cards can not the situation of overlay network coverage under, as shown in Figure 7, the way that can adopt and strengthen the emitter emissive power, enlarge the emission coverage solves, such as emission again after increasing one or more transmitting stations 29 or extending to transmitting range at a distance, by password receiver 3 by microwave transmission unit 29.
Password receiver to this special use all is assigned a unique ID sign indicating number.Address encoding circuit 32 in the transmission cards and the address decoding circuitry 38 in the password receiver 3 can guarantee that the password substring of being launched has only specific password receiver 3 or password receiver group to receive, and other password receiver does not receive or receives and do not export.
This usually under situations such as unit, the LAN (Local Area Network) that does not link to each other, Metropolitan Area Network (MAN) with external network (such as fail to be communicated with or remote because of security requirements height, funds anxiety, geographic position, reason such as need not be communicated with and can not be communicated with) use.
The password receiver is told the user in the mode that can allow the user know after receiving password substring information, such as notifying the user to receive password information with modes such as jingle bell, vibrations, with the content of mode output password substrings such as demonstration, voice suggestion.
Password receiver 3 links to each other with request end 2 by artificial channel 9, promptly by manual type the password substring in the password receiver 3 is input to request end 2 by the user.Dotted line 9 expression users in the accompanying drawing manually import request end 2 with the password substring on the password receiver 3.
At safety requirements than higher occasion, in order to prevent usurping to the password receiver, also can be equipped with biometric devices on password receiver of the present invention, this device comprises the biological attribute data memory storage 42 that stores specific user's biological attribute data, gathers the biometric data acquisition device 43 of existing holder's biological attribute data and relatively control and be provided with circuit arrangement 41; Relatively control and circuit arrangement 41 is set is connected with display device 47 with switchgear 48 with biological attribute data memory storage 42, biometric data acquisition device 43, power supply; Relatively controlling and be provided with circuit arrangement 41 can and compare from biological attribute data memory storage 42 and biometric data acquisition device 43 reading of data, according to the Push And Release of comparative result control power supply and switchgear 48 and display device 47, guarantee that the user that biological characteristic only conforms to can start its work.
Under the more strict occasion of some security requirements, in order to make password receiver special messenger special use, prevent that other people from usurping, also can be the password receiver and add and join biometric devices (such as fingerprint recognition, Application on Voiceprint Recognition, sclera identification, retina identification etc.), guarantee to have only validated user could start the random password substring that password receiver Receipt Validation end is sent.
This password receiver includes a biological attribute data memory storage 42, biometric data acquisition device 43, relatively controls and be provided with circuit arrangement 41, also independent power supply can be arranged, as Fig. 9, shown in Figure 10.Relatively control and circuit arrangement 41 is set is connected with display device 47 with switchgear 48 with biological attribute data memory storage 42, biometric data acquisition device 43, power supply; Biological attribute data memory storage 42 is used for storing the biological attribute data of specific private subscribers; Biometric data acquisition device 43 is used for gathering password receiver 3 existing holders' biological attribute data, and it is sent to relatively controls and be provided with circuit arrangement 41; Relatively control and be provided with circuit arrangement 41 biological attribute data that collects and the biological attribute data of storage are compared,, promptly control the power supply of password receiver and switchgear 48 or display device 47 and start 3 work of password receivers if identical; Otherwise the power switch device 48 or the display device 47 of control password receiver are closed password receiver 3.So just can guarantee that the user that biological characteristic only conforms to can start its work; After the startup work, behind certain hour, can close automatically, perhaps close, perhaps after finishing authentication, user and logining success, send out code to corresponding password receiver, prevent invalid user stealing by the checking end by the holder.
According to the above description of this invention, but the password authentication system of the following four kinds of different security intensities of specific implementation, as shown in figure 11:
(1). solid size binary channels password authentication (dual factors)---when the user asks to login, the checking end produces a random password string (length can be 6~12 characters), be sent to the password receiver by auxilliary channel, in the checking time limit, import the request end by the user, the request end submits to the checking end for checking after according to composition rule it being synthesized;
(2). dicode binary channels password authentication (dual factors)---when the user asks to login, the checking end produces two random password substrings, by main channel one of them is sent to the request end, by auxilliary channel another is sent to the password receiver, in the checking time limit, import the request end by the user, the request end submits to the checking end for checking after according to composition rule it being synthesized;
(3). two stages checkings (reinforced dual factors)---i.e. " request end verifying dynamic password+dicode binary channels password authentication ", this is in order further to improve security intensity, to prevent the strengthening measure that usurping of password receiver taked.Phase one, only to carry out in the request end, its purpose only is that can whether checking logging request person be the legal holder of password receiver, obtain the qualification of obtaining the password substring from the checking end.Implementation method is: submit an initial challenge when user registers to; During login, the request end is carried out conversion with dynamic factors such as login system datas, time, week at that time to initial challenge according to certain rule and is processed to form as the dynamic password of verifying foundation.The user is transformed into initial challenge as the password of checking voucher according to same dynamic password composition rule and imports the request end.The request end comparatively validate if the two conforms to, then sends the logging request of subordinate phase to the checking end.The checking of subordinate phase is identical with above-mentioned " dicode binary channels password authentication " mode;
(4). living things feature recognition+two stages checkings (reinforced three factors)---on the password receiver, install user biological feature identification device (can be fingerprint recognition, Application on Voiceprint Recognition or iris recognition or the like) additional, only when gathering the characteristic that stores in user's fingerprint, vocal print or iris feature and the password receiver in advance when matching, the password receiver can start work, could receive the password substring.After receiving password substring, in the time of setting, close voluntarily.Like this, fundamentally stopped the threat that appropriator is falsely used.Remaining proof procedure is identical with above-mentioned " two stage password authentications " mode.
In " dicode binary channels password authentication " system, be: 1. know the identity code (or user name, account number etc.) of validated user in the registration of checking end by the condition of verifying; 2. hold and the corresponding password receiver of above-mentioned User Recognition identification code; 3. know above-mentioned user's password composition rule code.The three is interrelated, and as the instrument and the voucher that participate in authentication, its security intensity meets dual factors (specialized knowledge, token are held) authentication principle.
In " two stage password authentications " system, by the condition of verifying be: 1. know identification code, initial challenge and the dynamic password composition rule thereof of validated user in the request end; 2. know the identity code (or user account number name) of validated user in the registration of checking end; 3. hold and the corresponding password receiver of above-mentioned User Recognition identification code; 4. know above-mentioned user's password composition rule code.Four is interrelated, indispensable.On the basis that meets the two-factor authentication principle, increased the specialized knowledge amount, security intensity is further strengthened.
In " reinforced three factor authentication " system, by the condition of verifying be: 1. know identification code, initial challenge and the dynamic password composition rule thereof of validated user in the request end; 2. the characteristic of gathering in password receiver holder biological characteristic and the password receiver matches; 3. know the identity code (or user account number name) of validated user in the registration of checking end; 4. hold and the corresponding password receiver of above-mentioned User Recognition identification code; 5. know above-mentioned user's password composition rule code.Article five, indispensable.Meet three factor authentication principles (specialized knowledge, token are held, feature is coincide), its security intensity is further strengthened.
In sum, security of the present invention comes from its unique password and generates, password transmits, the password storage mechanism, information (user identification code known to the user, composition rule etc.) combine with the hard token that is had security protection factors such as (password receivers), add a series of strengthening measures (as two password codes, binary channels, the control that the user is synthetic to password, holding of password receiver, the checking of two stages, living things feature recognition etc.), meet the multifactor authentication principle (thing promptly fully, the thing that is had, the feature that is had), system has very high security intensity, and can overcome the other problems that existing password authentication technology exists.

Claims (8)

1, a kind of method that is used for the computer information system authentication is characterized in that the password authentication method that is described computer information system identity is:
The first step, registration: the user submits to user identification code, password receiver ID number as log-on message by subscriber interface module to the request end, select the password composition rule, the request end sends the checking end to, and the checking end is preserved above-mentioned information, set up the login account number for the user who meets registration condition;
Second step, password authentication:
Step in the described password authentication is
(1). the user holds the identification information of submitting oneself to as logging request by the subscriber interface module of request end to checking, starts proof procedure;
(2). after the checking end is received logging request, whether there is this user ID in the check system, if exist, then generate and preserve two character strings that produce at random as the password substring, one of them password substring is sent to the request end by main channel, and another password substring is sent to the password receiver by auxilliary channel; Perhaps generate and preserve a character string that produces at random as the password substring, be sent to the password receiver by auxilliary channel;
(3). after the user receives the password substring, the password substring is input to the request end, makes the request end know the password composition rule that own this login will be used simultaneously;
(4). the password composition rule that verifying software will use according to this login of user synthesizes the password substring of receiving, generates checking voucher password strings; Be after request end software receives user's input, the password synthesis mode according to the user selects synthesizes checking voucher password strings with the password substring, sends the checking end to; Perhaps the password substring is sent to the checking end, whether the password composition rule decision of selecting according to the user also transmits synthetic code, by the synthetic checking of checking end software voucher password strings; Import the request end after perhaps according to the password composition rule of oneself selecting the password substring being synthesized checking voucher password strings by the user, the request end is submitted checking voucher password strings to the checking end then;
(5). the checking end synthesizes the password substring of being preserved according to the password composition rule that this user who is preserved in the system selects, and generates checking according to password strings; Then, will verify according to password strings and checking voucher password strings to compare, and, allow the user to enter system if identical; Otherwise refusing user's login.
2, a kind of password authentication system that is used for the computer information system authentication, the structure of described system comprises checking end (1), request end (2), password receiver (3), main channel (4), auxilliary channel (5), it is characterized in that the mode that password generates is to produce the password substring by verifying software temporarily, synthetic according to the password composition rule that the user selectes, password information is by main channel, auxilliary two channel transfers of channel;
Described checking end (1) is responsible for the user is registered, handles logging request and password authentication, and can be connected mutually with the other system service; The main channel transmitting-receiving port (11) that described checking end (1) comprises computer system, be used for connecting main channel (4) and request end (2) installs, be used for being connected the checking end software that the auxilliary channel transmit port (10) of auxilliary channel (5) and password receiver (3) installs and is used for password authentication; Described password authentication software section comprises to be monitored with receiver module (16), checks and check that module (14), random password substring generation module (12), sending module (13), authentication module (15), secondary service module (17), checking hold proof list (18), be connected module with other system service program;
Described request end (2) is used for finishing login process to password substring, help user that checking end (1) submits to logging request, Receipt Validation end (1) to transmit, and other service functions relevant with checking are provided; Described request end comprises common computer system, be used for connecting main channel transmitting-receiving port (20) device of main channel (4) and checking end (2) and carry out the request end software of login process and password authentication with checking end software collaboration, and request end software comprises subscriber interface module (19), monitoring and receiver module (25), sending module (24), tentatively verifies module (21), synthesis module (22), secondary service module (23), request end proof list (26);
Described main channel (4) be checking end department of computer science unify the place, request end computer system itself or can make the information transfer channel that checking is held and the request end communicates;
Described auxilliary channel (5) is that another different with main channel is used for the communication port of information transmission;
Described password receiver (3) is used for receiving the password substring that transmits through auxilliary channel (5) from checking end (1);
The user sends logging request by request end (2) to checking end (1), and under the control of above-mentioned verifying software, the checking end generates and preserve the password substring; If what generate is two password substrings, then one of them password substring is sent to the request end by main channel, and another password substring is sent to the password receiver by auxilliary channel; If what generate is a password substring, then this password substring is sent to the password receiver by auxilliary channel; The user is input to the request end with the password substring that receives, and makes the request end know the password composition rule that own this login will be used simultaneously; The password composition rule that will use according to this login of user synthesizes the password substring of receiving, generates checking voucher password strings, and makes it to be present in the checking end; The checking end synthesizes checking according to password strings according to the password composition rule that this user who is preserved in the system selects with the password substring of being preserved, and compares with checking voucher password strings, and whether decision allows the user to login.
3, a kind of password authentication system that is used for the computer information system authentication according to claim 2, the function that it is characterized in that described request end is by realizing in terminal device that can communicate by communication server equipment in the alternative communication network and checking end and the terminal device place communication system that the respective server equipment of described request end software function realizes that jointly described terminal device is wireline communication network subscriber terminal equipment or cordless communication network subscriber terminal equipment.
4, a kind of password authentication system that is used for the computer information system authentication according to claim 2, the formation method that it is characterized in that described auxilliary channel is, send password substring information with the emitter that directly links to each other, have only specific password receptacle can receive this password substring with checking end computing machine; This emitter has interface section, receiving circuit, signal modulation circuit, address encoding circuit, amplifying circuit, radiating circuit; The interface section is used for linking to each other with verifying the end computing machine, and other parts are finished message pick-up, signal modulation, geocoding, signal amplification, frequency modulation and information emission respectively; Corresponding password receiver contains receiving circuit, signal demodulation, address decoding circuitry, output circuit, output unit, control setting, the password substring information that can guarantee above-mentioned dispensing device emission has only the password receiver of appointment or password receiver group to receive, and so that the mode that the user knows is exported this password substring content, other password receiver does not receive or receives and do not export.
5, a kind of password authentication system that is used for the computer information system authentication according to claim 2 is characterized in that having the interface section on the described password receptacle, receiving circuit and can allow the user know the output unit of password substring content; The interface section is in order to be connected with checking end communication port, when the checking end needs to send the password substring, promptly mail to the corresponding communication port, the interface and the receiving unit of password receiver receive password information, and output is immediately so that the mode that the user knows is exported this password substring content.
6, a kind of password authentication system that is used for the computer information system authentication according to claim 2 is characterized in that the formation method of described auxilliary channel is, the checking end is linked to each other with the interface server equipment of landline telephone communication network; When sending the password substring, a password substring is sent to this interface server equipment, the telephone exchange that this interface server equipment is transferred to password substring information in this communication network sends to appointment password receiver; The communication terminal device of its password receiver for receiving this switch institute transmission information and passing on received content to the user.
7, a kind of password authentication system that is used for the computer information system authentication according to claim 2 is characterized in that the formation method of described auxilliary channel is, the checking end is linked to each other with the interface server equipment of cordless communication network; When sending the password substring, a password substring is sent to this interface server equipment, the dispensing device that this interface server equipment is transferred to password substring information in this communication network sends to appointment password receiver; Its password receiver be for can receive this emitter institute transmission information, and passes on the communication terminal device of received content to the user.
8, a kind of password authentication system that is used for the computer information system authentication according to claim 2 is characterized in that being furnished with biometric devices on the described password receiver; The formation of this device comprises the biological attribute data memory storage (42) that stores specific user's biological attribute data, gathers the biometric data acquisition device (43) of existing holder's biological attribute data and relatively controls and be provided with circuit arrangement (41); Relatively control and be provided with circuit arrangement (41) and biological attribute data memory storage (42), biometric data acquisition device (43), power supply is connected with display device (47) with switchgear (48); Relatively controlling and be provided with circuit arrangement (41) can and compare from biological attribute data memory storage (42) and biometric data acquisition device (43) reading of data, according to the Push And Release of comparative result control power supply and switchgear (48) and display device (47), guarantee that the user that biological characteristic only conforms to can start its work.
CN03135178A 2003-06-09 2003-06-09 Password verification system and method for identification of computer message system Expired - Fee Related CN100580680C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN03135178A CN100580680C (en) 2003-06-09 2003-06-09 Password verification system and method for identification of computer message system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN03135178A CN100580680C (en) 2003-06-09 2003-06-09 Password verification system and method for identification of computer message system

Publications (2)

Publication Number Publication Date
CN1567321A CN1567321A (en) 2005-01-19
CN100580680C true CN100580680C (en) 2010-01-13

Family

ID=34470205

Family Applications (1)

Application Number Title Priority Date Filing Date
CN03135178A Expired - Fee Related CN100580680C (en) 2003-06-09 2003-06-09 Password verification system and method for identification of computer message system

Country Status (1)

Country Link
CN (1) CN100580680C (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100459801C (en) * 2005-10-20 2009-02-04 中国移动通信集团公司 Method of automobile log-on service
CN101163138B (en) * 2006-10-13 2012-02-08 阿里巴巴集团控股有限公司 Method and system for uploading document
CN101072095B (en) * 2007-03-30 2010-11-24 腾讯科技(深圳)有限公司 Control method and device for file downloading
US8255993B2 (en) * 2008-06-23 2012-08-28 Symantec Corporation Methods and systems for determining file classifications
US8756704B2 (en) 2008-12-15 2014-06-17 International Business Machines Corporation User impersonation and authentication
CN102065063A (en) * 2009-11-13 2011-05-18 富士通株式会社 WEB authentication device, system and method
CN106446590A (en) * 2016-11-23 2017-02-22 武汉联影医疗科技有限公司 Announcement and notification generating method and system
CN109687887B (en) * 2019-01-22 2021-07-02 福建飞通通讯科技股份有限公司 Communication device for fishing boat
CN113987278A (en) * 2020-07-27 2022-01-28 方图智能(深圳)科技集团股份有限公司 Automatic unit numbering method suitable for conference system

Also Published As

Publication number Publication date
CN1567321A (en) 2005-01-19

Similar Documents

Publication Publication Date Title
CA2197367C (en) Security access system
CA2636453C (en) Multisystem biometric token
US20170366556A1 (en) Multichannel device utilizing a centralized out-of-band authentication system (cobas)
US8572377B2 (en) Method for authentication
US7669236B2 (en) Determining whether to grant access to a passcode protected system
US7707622B2 (en) API for a system having a passcode authenticator
US20080120698A1 (en) Systems and methods for authenticating a device
US20050138394A1 (en) Biometric access control using a mobile telephone terminal
CN105847247A (en) Authentication system and working method thereof
JPWO2003069489A1 (en) Identification method
RU2006126074A (en) SYSTEM, METHOD AND DEVICES FOR AUTHENTICATION IN A WIRELESS LOCAL COMPUTER NETWORK (WLAN)
EP1844567A2 (en) Passcodes
US7702911B2 (en) Interfacing with a system that includes a passcode authenticator
US7512967B2 (en) User authentication in a conversion system
CN100580680C (en) Password verification system and method for identification of computer message system
CN105205944A (en) Self-service deposit and withdrawal system based on intelligent terminal
JP3139483B2 (en) Personal communication system and communication method therefor
JP2006060392A (en) Unauthorized-use preventive system and identification method for information terminal device
CN111222858A (en) Method for realizing block chain fingerprint identification authentication of personal wallet
US20030088794A1 (en) Method and system for rendering secure pin entry
JP2003253940A (en) Keyless entry system
JP2003140765A (en) Password managing device, password managing system, password managing method and program for the method
CN115085911A (en) Security enhancement method and system based on entrance guard
CN113993182A (en) Multifunctional Internet of things office equipment access system and method
KR20050070381A (en) Authentication system based on one-time password

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100113

Termination date: 20120609