CN102255728B - Identity recognition method for computer system - Google Patents
Identity recognition method for computer system Download PDFInfo
- Publication number
- CN102255728B CN102255728B CN201110174652.3A CN201110174652A CN102255728B CN 102255728 B CN102255728 B CN 102255728B CN 201110174652 A CN201110174652 A CN 201110174652A CN 102255728 B CN102255728 B CN 102255728B
- Authority
- CN
- China
- Prior art keywords
- system host
- information
- handheld terminal
- enciphered message
- described step
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses an identity recognition method for a computer system, relating to a computer technology. The method comprises the following steps: (1) user information is written into a handheld terminal in which preset encryption and decryption mechanisms are stored to bind the handheld terminal to a system, and mapping between user information and a system host is established and stored in the system host and the handheld terminal; (2) the system host publishes first encryption information which comprises identity information of the system host; (3) the handheld terminal acquires the first encryption information, decrypts by using the preset decryption mechanism to obtain the identity information of the system host, searches for corresponding user information according to the identity information of the system host, and encrypts the user information into second encryption information; and (4) the system host receives the second encryption information and decrypts the second encryption information to obtain a static password. According to the method, a user can get rid of the burden of password memorization, and authentication can be completed by only using the handheld terminal.
Description
Technical field
The present invention relates to computer technology.
Background technology
In prior art, the nearly all place that relates to static password and field, be all static password simply, repeatedly, use publicly, this process has just been brought great potential safety hazard, such as, snooping password, keyboard record theft etc.Meanwhile, also bring a lot of inconveniences to user, such as, require user to remember a lot of passwords that are difficult to memory, in order to resist the means of stealing secret information that day by day strengthen, the longer password string of memory of having to.If user selects the password string of irregularities, for example, & ^+H0J, degree of safety improves really, and still, user is difficult to remember this password.Therefore a lot of users usually adopt static password and long period simple easy to remember, that length is shorter not to change, but this simple password easy to remember is very dangerous.Important defect is:
1. the conflict of fail safe and ease for use.In order to improve fail safe, just need to adopt large character set, increase the length of password, but this conflicts completely with ease for use.General user is difficult to remember the password in large character set, for long password, is also difficult to remember.Therefore a lot of users just adopt small size character set (such as numeral), short password.Such password, for assailant, cracks just relatively easy a lot.Add a lot of people and use the nonrandom character strings such as birthday, telephone number, date of graduation, word, name abbreviation as password, adopt dictionary method to crack just more easy.
2. single-factor authentication.Does what the authentication factor in cryptography, have these: know? what has? what is biological characteristic? static password, only possesses a factor, " what is known? ", be exactly that fail safe can not be improved like this.Only " what is known ", do not guard against effect completely for stealing password and decryption.Decryption, for short password, small size character set, is not difficult especially thing.
3. for static password, also there is a lot of leaks to make to be stolen.Such as, peep, keyboard records wooden horse.In the process of input password, if input process is peeped, be just equivalent to password to disclose.Even, even if can not peep whole input processes completely, only peep a part, for example, six peep of cipher three, the fail safe of password just sharply declines.In fact, snooping password is current important safety hidden danger, and a lot of criminal activities all produce around this problem.
4. be easy to propagate.For instance, user's first has been obtained login password, and first should not allow all other men use his password login in principle, but static password does not possess any function that prevents that him from doing like this, first can easily allow anyone login easily, and is difficult to the person of being managed and discovers.
Meanwhile, the ease for use of static password is also problematic.Although surface is seen, remembers a password not difficult (in fact, people are difficult to remember the password of high security), there is no the problem of ease for use as static password.But in fact, modern society, everyone has a lot of network accounts, a lot of password.Wanting a people to remember the password that these are all, is a very large burden, in fact infeasible burden.Therefore, a lot of people just adopt any occasion to use a password or continuous numeral.This just brings larger potential safety hazard: user uses static password in the occasion of low value, if password is stolen, stealer can carry out with this password the account login of high value.
For these security breaches, there are a lot of technology, such as various dynamic password, and multiple-factor authentication.But static password has user very widely, replace static password comprehensively, need very large cost and time.For instance, PC extensively adopts the operating system of Microsoft, and this operating system is exactly the static password adopting, and comprises long-range various services, and such as remote desktop login etc., are all static passwords.Replace such static password system, obviously need to be by Microsoft and computer manufacturer, and the working in concert of users, just likely.
Summary of the invention
Technical problem to be solved by this invention is, a kind of safer, identity recognition method for computer system is easily provided.
The technical scheme that the present invention solve the technical problem employing is that identity recognition method for computer system, is characterized in that, comprises the steps:
1) in the manual terminal that stores predetermined encryption and decryption mechanism, write user profile, manual terminal is tied to system, set up the mapping between user profile and system host, and be stored in system host and manual terminal;
2) system host publicity the first enciphered message, wherein comprises system host identity information;
3) handheld terminal obtains the first enciphered message, utilizes predetermined decryption mechanisms deciphering, obtains system host identity information, searches corresponding user profile according to system host identity information, and after user profile is encrypted, becomes the second enciphered message;
4) system host receives after the second enciphered message, to its deciphering, obtains static password;
Further, described step 2) in, system host is with mode publicity first enciphered message of encoding of graphs; Described step 3) in, handheld terminal obtains the first enciphered message in the mode of video acquisition.
Described step 3) in, handheld terminal is with mode publicity second enciphered message of encoding of graphs; Described step 4) in, system host obtains the second enciphered message in the mode of video acquisition.
Further, described step 1) comprising:
1.1 systems generate a disposable binding code;
1.2 system hosts produce the character string of binding information, and character string comprises enchancement factor, then utilize binding code encryption; Then the information after encrypting is sent to handheld terminal;
1.3 handheld terminals, by the deciphering of binding code, obtain binding information storage.
Adopt technology of the present invention, computer system can adopt quite complicated static password, because remember without user, can adopt character set very large (such as, all visicode set, normally 94 elements of this set are larger much doubly than common digital collection, fail safe exponentially level increases), can adopt very long password.Meanwhile, due in the communication process of handheld terminal and resolver, seldom artifact, so may reducing of being peeped is a lot.The more important thing is, in communication process, be all disposable encrypted content, even if peeped, person of peeping is the very difficult Useful Information that obtains also.The improvement that another is important is to rise to double factor authentication (or, if we install biological characteristic authentication additional on handheld terminal, just can become multiple-factor and authenticate) from single-factor authentication.Such improvement, just makes the hidden danger of prior art all obtain safe handling.From ease for use, technology of the present invention, makes user can break away from the burden of memory cipher, only needs to use handheld terminal, just can complete authentication.This is that far reaching improves concerning a big chunk user.Just because of there has been this technological means, company and other unit, can be to the equipment of oneself, and software etc. are made meticulousr, safer rights of using requirement, and needn't worry to allow employee and user increase the burden of not remembering password.
Below in conjunction with the drawings and specific embodiments, the present invention is further illustrated.
Accompanying drawing explanation
Fig. 1 is binding schematic flow sheet of the present invention.In figure, sequence number refers to following flow process:
1.1 propose binding application;
1.2 reply inputting interface;
1.3 input static password and binding informations;
1.4 seek to authenticate quiet code;
Whether 1.5 authentications are passed through;
1.6 inter-process;
If 1.7 by authenticating publicity binding character string, otherwise refusal;
1.8 handheld terminals require user to input binding code, then resolve character string, obtain binding information, and storage, completes binding.
Fig. 2 is identifying procedure schematic diagram of the present invention.In figure, sequence number refers to following flow process:
2.1 publicity information;
2.2 start handheld terminal;
2.3 read publicity information;
2.4 resolving informations, obtain resolver name;
2.5 information extractions, and encrypt;
2.6 return to encrypted message to resolver;
2.7 parse static password;
2.8 input static password authentications;
The whole vestiges of 2.9 cleaning.
Fig. 3 is an example of QR code.
Fig. 4 is that the static password the present invention relates to dynamically uses schematic diagram.
Embodiment
Referring to Fig. 1~4.
The present invention includes following step:
1) exchange agreement of formulation enciphered message, in the manual terminal that stores predetermined encryption and decryption mechanism, write user profile, make manual terminal be tied to system, set up the mapping between user profile and system host, and necessary relevant information is stored in system host and manual terminal simultaneously;
2) system host publicity the first enciphered message, wherein comprises system host identity information;
3) handheld terminal obtains the first enciphered message, utilizes predetermined decryption mechanisms deciphering, obtains system host identity information, searches corresponding user profile according to system host identity information, and after user profile is encrypted, becomes the second enciphered message;
4) system host receives after the second enciphered message, to its deciphering, obtains static password.
In abovementioned steps 2~4, the information interaction between handheld terminal and system host can be by being shown as QR code and being the form of the other side's camera collection on display screen separately.
Also can be in described step 3) in, handheld terminal is with mode publicity second enciphered message of printable character; In step 4) in, user uses manual type the second enciphered message input system main frame.
Or, step 2)~4) in communication between system host and handheld terminal with other arbitrarily proximity information exchange way complete, such as infrared transmission, Bluetooth transmission etc.
Embodiment is more specifically:
System unit:
1. static password authenticator.Authenticator can adopt prior art, and normally software systems, are installed on system host.
2. front end resolver.Normally software systems.
3. handheld terminal.Handheld terminal can be understood as the calculation element of small-sized (or miniature), for example smart mobile phone.Handheld terminal possesses following ability: one, and the ability of front end resolver swap data, its two, can store some security informations, its three, possess computing capability.
On this basis, a concrete design:
1.PC machine, as system host.
2. front end resolver software.Front end resolver can produce QR Quick Response Code according to character string, and allows Quick Response Code be shown in screen.As Fig. 3, this is the example of a QR Quick Response Code.Software also can read the QR Quick Response Code showing on screen of handheld terminal by camera, to obtain the information of generation of handheld terminal.
3. handheld terminal is the smart mobile phone that related software is housed, and with camera.The Quick Response Code of handheld terminal on can reading screen, also can oneself produce Quick Response Code, is then presented on the screen of oneself, then allows the camera of PC carry out video acquisition, reads Quick Response Code by front end resolver.
Systematic procedure:
A process of system is binding procedure.With reference to figure 1, the process of handheld terminal and resolver binding.Idiographic flow is as follows:
A. handheld terminal user and resolver are realized authentication.
B., after authentication realizes, handheld terminal is bound to resolver application.In the time of application, handheld terminal user is selected and input a disposable binding code (because be disposable use, can be lower to length requirement), and user, before binding completes, should remember this binding yard simultaneously.
C. resolver completes the necessary formalities such as internal registration, then produces the character string of binding information, has considerable enchancement factor in character string.Then utilize this binding code to carry out encrypted characters string, produce the character string after encrypting.Then this character string with send to someway handheld terminal (such as, this character string is made into QR Quick Response Code.Then show, allow handheld terminal read).The form of QR Quick Response Code can be adopted, the method for wireless telecommunications can also be used.
D. handheld terminal obtaining information.
E. handheld terminal requires user to input binding code.Then handheld terminal deciphering, obtains binding information, and then handheld terminal arranges binding information, store.Binding completes.
F. still, in most cases, also need to have bound confirmation.That is, handheld terminal produces a code, and user is input in resolver and obtains and bound confirmation.
G. after binding procedure completes, in handheld terminal, be concealed with static password information.But the complete information without any static password in resolver.
H. the option of binding procedure is, completes after binding, produce confirmation code, and resolver completes confirmation.
Second process of system is verification process.With reference to figure 2, use the verification process of handheld terminal.Idiographic flow is as follows:
I. resolver publicity information, and require handheld terminal user to obtain this segment information.
The publicity is here to represent, this information, for all reading devices that have, can read.But might not represent that this information can be soon.In this segment information, there is random code, and a resolver name, and instruction to handheld terminal.Conventionally, resolver name is identical with original static password authenticator name.This segment information is to adopt fixing key to be encrypted.This fixed key, specific implementation in binding procedure.Therefore, although this segment information does not have the information of need to be keep secret interior,, if not with this resolver binding after handheld terminal, can not obtain the content of this segment information.
J. handheld terminal user starts (software or hardware).Startup can obtain the protection of multiple level, with the user's really that guarantees wish.But, this protection is not in scope of the present invention.We will have other technology for this protection.
K. handheld terminal user reads the information of resolver publicity with handheld terminal.Because handheld terminal is bound with resolver, handheld terminal can, to this segment information deciphering, obtain resolver name.
L. obtain after resolver name, handheld terminal can extract corresponding instruction and information, is then encrypted calculating, then according to instruction, produces the coding that returns to accordingly resolver.
M. handheld terminal turns back to resolver this code.
N. resolver is resolved this code, then obtains quiet code, quiet code is input to static password authenticator simultaneously.At the same time, know all calculating vestige and average informations, to guarantee that static password can not be exposed loss.
The mode that information interchange between handheld terminal of the present invention and system host is identified by related software after can adopting camera to take, those skilled in the art can implement the present invention according to specification completely, therefore specification repeats no more concrete identifying.
Claims (6)
1. identity recognition method for computer system, is characterized in that, comprises the steps:
1) in the manual terminal that stores predetermined encryption and decryption mechanism, write user profile, make manual terminal be tied to system, set up the mapping between user profile and system host, and be stored in system host and manual terminal;
2) system host publicity the first enciphered message, wherein comprises system host identity information;
3) handheld terminal obtains the first enciphered message, utilizes predetermined decryption mechanisms deciphering, obtains system host identity information, searches corresponding user profile according to system host identity information, and after user profile is encrypted, becomes the second enciphered message;
4) system host receives after the second enciphered message, to its deciphering, obtains static password.
2. identity recognition method for computer system as claimed in claim 1, is characterized in that, described step 2) in, system host is with mode publicity first enciphered message of encoding of graphs; Described step 3) in, handheld terminal obtains the first enciphered message in the mode of video acquisition.
3. identity recognition method for computer system as claimed in claim 1, is characterized in that, described step 3) in, handheld terminal is with mode publicity second enciphered message of encoding of graphs; Described step 4) in, system host obtains the second enciphered message in the mode of video acquisition.
4. identity recognition method for computer system as claimed in claim 1, is characterized in that, described step 1) comprising:
1.1 systems generate a disposable binding code;
1.2 system hosts produce the character string of binding information, and character string comprises enchancement factor,
Then utilize binding code encryption; Then the information after encrypting is sent to handheld terminal;
1.3 handheld terminals, by the deciphering of binding code, obtain binding information storage.
5. identity recognition method for computer system as claimed in claim 1, is characterized in that, described step 2) and 3) in, system host is sent to the first enciphered message in handheld terminal with proximity information exchange way.
6. identity recognition method for computer system as claimed in claim 1, is characterized in that, described step 3) and 4) in, handheld terminal is sent to system host with proximity information exchange way the second enciphered message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110174652.3A CN102255728B (en) | 2011-06-27 | 2011-06-27 | Identity recognition method for computer system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110174652.3A CN102255728B (en) | 2011-06-27 | 2011-06-27 | Identity recognition method for computer system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102255728A CN102255728A (en) | 2011-11-23 |
| CN102255728B true CN102255728B (en) | 2014-07-09 |
Family
ID=44982735
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110174652.3A Active CN102255728B (en) | 2011-06-27 | 2011-06-27 | Identity recognition method for computer system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102255728B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067371A (en) * | 2012-12-24 | 2013-04-24 | 广州杰赛科技股份有限公司 | Cloud terminal identity authentication method and system |
| CN103248629B (en) * | 2013-05-14 | 2016-05-25 | 成都天钥科技有限公司 | Identity registration system |
| CN104038933A (en) * | 2014-06-16 | 2014-09-10 | 彭卫 | Encryption and authentication management method of mobile web |
| CN105791335B (en) * | 2014-12-17 | 2019-10-01 | 阿里巴巴集团控股有限公司 | A kind of information processing method and device |
| CN107580002B (en) * | 2017-10-24 | 2020-03-13 | 杭州安恒信息技术股份有限公司 | Double-factor authentication security manager login system and method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101471770A (en) * | 2007-12-24 | 2009-07-01 | 毛华 | Method for determining inquiry answer type bidirectional identification and business, and encipher device applying the method |
| CN101917720A (en) * | 2010-08-19 | 2010-12-15 | 北京普罗信科技有限公司 | System and method for authenticating identity of mobile phone user |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8881266B2 (en) * | 2008-11-13 | 2014-11-04 | Palo Alto Research Center Incorporated | Enterprise password reset |
-
2011
- 2011-06-27 CN CN201110174652.3A patent/CN102255728B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101471770A (en) * | 2007-12-24 | 2009-07-01 | 毛华 | Method for determining inquiry answer type bidirectional identification and business, and encipher device applying the method |
| CN101917720A (en) * | 2010-08-19 | 2010-12-15 | 北京普罗信科技有限公司 | System and method for authenticating identity of mobile phone user |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102255728A (en) | 2011-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107453862B (en) | Scheme for generating, storing and using private key | |
| US9698992B2 (en) | Method for signing electronic documents with an analog-digital signature with additional verification | |
| ES2456815T3 (en) | User authentication procedures in data processing systems | |
| KR101878149B1 (en) | Device, system, and method of secure entry and handling of passwords | |
| CN101765996B (en) | Device and method for remote authentication and transaction signatures | |
| CN101370069B (en) | Image encryption/decryption system | |
| JP6296938B2 (en) | Authentication using a two-dimensional code on a mobile device | |
| US20160205098A1 (en) | Identity verifying method, apparatus and system, and related devices | |
| KR20180117715A (en) | Method and system for user authentication with improved security | |
| CN108684041A (en) | The system and method for login authentication | |
| CN104662870A (en) | Data security management system | |
| CN102255728B (en) | Identity recognition method for computer system | |
| KR20140046474A (en) | Communication method utilizing fingerprint information for authentication | |
| CN106100851B (en) | Password management system, intelligent wristwatch and its cipher management method | |
| EP3643097A1 (en) | Controlling access to data | |
| KR102479661B1 (en) | Split Key Authentication System | |
| CN107241184A (en) | Personal identification number generation and management method based on improvement AES | |
| US20150188896A1 (en) | Method for associating an image-forming device, a mobile device, and a user | |
| KR101967874B1 (en) | Method for Generating Dynamic Code Which Varies Periodically and Method for Authenticating the Dynamic Code | |
| CN109617703B (en) | Key management method and device, electronic equipment and storage medium | |
| JP2007058487A (en) | Log-in information management device and method | |
| JP4791193B2 (en) | Information processing apparatus, portable terminal apparatus, and information processing execution control method | |
| WO2011058629A1 (en) | Information management system | |
| JP4645084B2 (en) | Data management system, data management method and program therefor | |
| KR102291942B1 (en) | A method of saving and using OTP backup codes or temporal user OTP codes by using multi-dimensional barcode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |