CN103580873A - Identity authentication method and system and password protection device - Google Patents

Identity authentication method and system and password protection device Download PDF

Info

Publication number
CN103580873A
CN103580873A CN201310573612.5A CN201310573612A CN103580873A CN 103580873 A CN103580873 A CN 103580873A CN 201310573612 A CN201310573612 A CN 201310573612A CN 103580873 A CN103580873 A CN 103580873A
Authority
CN
China
Prior art keywords
dynamic
password
user
cipher
dynamic password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201310573612.5A
Other languages
Chinese (zh)
Other versions
CN103580873B (en
Inventor
刘义
陈炬
柴跃廷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
Original Assignee
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University filed Critical Tsinghua University
Priority to CN201310573612.5A priority Critical patent/CN103580873B/en
Publication of CN103580873A publication Critical patent/CN103580873A/en
Application granted granted Critical
Publication of CN103580873B publication Critical patent/CN103580873B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides an identity authentication method and system and a password protection device. The identity authentication method includes the steps that the password protection device and a server synchronously update dynamic matrixes; the password protection device receives a user password inputted by a user; the password protection device utilizes the dynamic matrix to carry out conversion on the user password so as to generate a first dynamic password, and then outputs the first dynamic password; the server utilizes the dynamic matrix to carry out conversion on the user password, stored in the server, of the user so as to generate a second dynamic password; the server receives the first dynamic password, compares the first dynamic password with the second dynamic password and then confirms that the user is authenticated when the first dynamic password accords with the second dynamic password. Through the identity authentication method, the burden of the user for remembering the password is effectively relieved, and the identity authentication efficiency and security of identity information of the user are improved.

Description

Identity identifying method, system and cipher protection apparatus
Technical field
The present invention relates to digital information transmission field, particularly a kind of identity identifying method, system and cipher protection apparatus.
Background technology
Current internet authentication generally adopts the authentication mode of usemame/password.User arranges unique user name and one and only has the password of oneself knowing.When logining, user inputs username and password, and pass to server by the mode of plaintext or encryption, the password of storing in the password that server sends user and server is compared, if unanimously pass through authenticating user identification, allow user's login, if inconsistent, refuse user's login.
But in existing static password technology, the password of inputting when each login authentication due to user is all identical, and need in calculator memory He in network, transmit, thereby is easy to be intercepted and captured by trojan horse program or network monitoring equipment.And user forgets Password for avoiding, often adopt the information of easily remembering such as birthday, telephone number etc. as password, or adopt better simply character string as password, these have all increased the possibility that password is stolen or cracks.
A kind of safety measure of prior art is to transmit after adopting symmetric encipherment algorithm or rivest, shamir, adelman to password encryption again.But because cryptographic algorithm is fixing and disclosed, have the danger being cracked, and will manage key, sometimes also will relate to Third Party Authentication, method of operation is complicated, and cost is high.
The another kind of safety measure of prior art is to adopt dynamic password card to generate dynamic password, and user can input current dynamic password and login, although this has improved the fail safe of subscriber identity information to a certain extent.But itself does not have safety measure dynamic password card, once stolen, still will there is the stolen danger of user identity.
Summary of the invention
The present invention is intended to solve the problems of the technologies described above at least to a certain extent.
For this reason, first object of the present invention is to propose a kind of identity identifying method, and the method can alleviate the burden of user cipher memory, reduces the risk that user cipher is stolen or cracks simultaneously, and then improves the fail safe of subscriber identity information.
For reaching above-mentioned purpose, according to first aspect present invention embodiment, a kind of identity identifying method has been proposed, comprise the following steps: cipher protection apparatus and server sync Regeneration dynamics matrix; Cipher protection apparatus receives the user cipher of user's input; Cipher protection apparatus is used dynamic matrix to convert to generate the first dynamic password to user cipher, and exports the first dynamic password; Server is used dynamic matrix to convert to generate the second dynamic password to being stored in this user's user cipher in server; Server receives the first dynamic password, and the first dynamic password and the second dynamic password are compared, and confirms by authentication when consistent with the second dynamic password at the first dynamic password.
The identity identifying method of the embodiment of the present invention, by using respectively synchronous dynamic matrix to convert user cipher in server and cipher protection apparatus, then two dynamic passwords that generate are compared, thereby complete authentication, without Third Party Authentication, easy and simple to handle in verification process, improved authentication efficiency, user cipher and dynamic matrix do not transmit all the time in channel, have reduced the possibility that password and cryptographic transformation mode are stolen; By synchronous dynamic matrix, user cipher is converted, simple password is converted to complicated dynamic password, increased and cracked difficulty, when having improved subscriber identity information fail safe, alleviated user's memory burden, promoted user's experience.
Second aspect present invention embodiment provides a kind of cipher protection apparatus, comprising: matrix update module, for server sync Regeneration dynamics matrix; Receiver module, for receiving the user cipher of user's input; Password generated module, for being used dynamic matrix to convert to generate dynamic password to user cipher; And password output module, for exporting dynamic password.
The cipher protection apparatus of the embodiment of the present invention; according to the dynamic matrix of server sync, user cipher being converted; then by generation and export dynamic password, simple password can be converted to complicated dynamic password, increase and cracked difficulty; when having improved subscriber identity information fail safe; alleviated user's memory burden, without Third Party Authentication, easy and simple to handle in verification process; improve authentication efficiency, promoted user's experience.
Third aspect present invention embodiment provides a kind of identity authorization system, comprise: cipher protection apparatus, client and server, wherein, cipher protection apparatus, for cipher protection apparatus and server sync Regeneration dynamics matrix, and the user cipher that receives user's input, and use dynamic matrix to convert to generate the first dynamic password to user cipher, and input the first dynamic password; Client, for receiving the first dynamic password, and is sent to server by the first dynamic password; Server; for synchronize Regeneration dynamics matrix with cipher protection apparatus; and use dynamic matrix to convert to generate the second dynamic password to the user cipher being stored in server; and the first dynamic password that receives client transmission; and the first dynamic password and the second dynamic password are compared, and confirm by authentication when consistent with the second dynamic password at the first dynamic password.
The identity authorization system of the embodiment of the present invention, by using respectively synchronous dynamic matrix to convert user cipher in server and cipher protection apparatus, then two dynamic passwords that generate are compared, thereby complete authentication, without Third Party Authentication, easy and simple to handle in verification process, improved authentication efficiency, user cipher and dynamic matrix do not transmit all the time in channel, have reduced the possibility that password and cryptographic transformation mode are stolen; By synchronous dynamic matrix, user cipher is converted, simple password is converted to complicated dynamic password, increased and cracked difficulty, when having improved subscriber identity information fail safe, alleviated user's memory burden, promoted user's experience.
Additional aspect of the present invention and advantage in the following description part provide, and part will become obviously from the following description, or recognize by practice of the present invention.
Accompanying drawing explanation
Above-mentioned and/or additional aspect of the present invention and advantage accompanying drawing below combination obviously and is easily understood becoming the description of embodiment, wherein:
Fig. 1 is the flow chart of identity identifying method according to an embodiment of the invention;
Fig. 2 is the structured flowchart of cipher protection apparatus according to an embodiment of the invention;
Fig. 3 is the structural representation of the identity authorization system of a specific embodiment according to the present invention.
Embodiment
Describe embodiments of the invention below in detail, the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or has the element of identical or similar functions from start to finish.Below by the embodiment being described with reference to the drawings, be exemplary, only for explaining the present invention, and can not be interpreted as limitation of the present invention.
In description of the invention, it will be appreciated that, term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of indications such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, rather than device or the element of indication or hint indication must have specific orientation, with specific orientation structure and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " be only for describing object, and can not be interpreted as indication or hint relative importance.
In description of the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be interpreted broadly, and for example, can be to be fixedly connected with, and can be also to removably connect, or connect integratedly; Can be mechanical connection, can be to be also electrically connected to; Can be to be directly connected, also can indirectly be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, can concrete condition understand above-mentioned term concrete meaning in the present invention.
For the problem solving, the present invention proposes a kind of identity identifying method, system and cipher protection apparatus.Below with reference to accompanying drawing, describe according to the identity identifying method of the embodiment of the present invention, system and cipher protection apparatus.
, comprise the following steps: cipher protection apparatus and server sync Regeneration dynamics matrix; Cipher protection apparatus receives the user cipher of user's input; Cipher protection apparatus is used dynamic matrix to convert to generate the first dynamic password to user cipher, and exports the first dynamic password; Server is used dynamic matrix to convert to generate the second dynamic password to being stored in the user cipher of this user in server; Server receives the first dynamic password, and the first dynamic password and the second dynamic password are compared, and confirms by authentication when consistent with the second dynamic password at the first dynamic password.
Fig. 1 is the flow chart of identity identifying method according to an embodiment of the invention.As shown in Figure 1, this identity identifying method comprises the following steps.
S101, cipher protection apparatus and server sync Regeneration dynamics matrix.
Wherein, the columns of dynamic matrix and the figure place of user cipher need consistent.
Particularly; user registers a unique user name sign identity on server; arrange one simultaneously and only have the static password of knowing in person; server is bound corresponding dynamic matrix according to different user names, and by default dynamic time parameters and the equiprobable encrypted form of seed key, realizes cipher protection apparatus and synchronize with the dynamic matrix of server.
In one embodiment of the invention, cipher protection apparatus and server can be synchronizeed Regeneration dynamics matrix every Preset Time.For example cipher protection apparatus can upgrade a dynamic matrix A with server sync, and changes once every the set time (as 1 minute).
S102, cipher protection apparatus receives the user cipher of user's input.
Particularly, before each login, user needs first on cipher protection apparatus, to input user cipher, and cipher protection apparatus can receive by receiving equipments such as keyboards the user cipher of user's input.
S103, cipher protection apparatus is used dynamic matrix to convert to generate the first dynamic password to user cipher, and exports the first dynamic password.
Particularly, cipher protection apparatus, after receiving the user cipher of user's input, can be used dynamic matrix to convert to generate the first dynamic password to user cipher.
In one embodiment of the invention, cipher protection apparatus can carry out premultiplication computing by dynamic matrix and user cipher, so that user cipher is converted.For example, user cipher P is 6 bit digital 123456, is write as column vector form,
P = 1 2 3 4 5 6 ,
If current dynamic matrix A = 1 7 13 19 25 31 2 8 14 20 26 32 3 9 15 21 27 33 4 10 16 22 28 34 5 11 17 23 29 35 6 12 18 24 30 36 ,
Conversion process is: AP = 1 7 13 19 25 31 2 8 14 20 26 32 3 9 15 21 27 33 4 10 16 22 28 34 5 11 17 23 29 35 6 12 18 24 30 36 1 2 3 4 5 6 = 441 462 483 504 525 546 ,
Password after available encryption 441 462 483 504 525 546 , I.e. the first dynamic password, being write as numeric string form is 441462483504525546 dynamic passwords as this time authentication of user.In addition, because the first dynamic password is the character string forms of encrypting rear column vector, length is longer, therefore, in other embodiments of the invention, can only get in actual applications wherein some figure place (as only got first 6), or only get the units of each component, or (for example parameter preset is 3 to be only taken at numeral on parameter preset position, 6,9,11, get numeral on the 3rd, the 6th, the 9th, the 11st as dynamic password).
Wherein, the first dynamic password can be vector form, numeric string form, can be also the form of segmentation password, as (441,462,483,504,525,546), can also be existing or following any other password form that may occur (as by the further coding etc. of the numeral in password).
In above-described embodiment, user cipher is 6, in other embodiments of the invention, can according to actual needs the figure place of password be made as to other numerical value, correspondingly, the columns of dynamic matrix also will be made as respective value, keeps the columns of dynamic matrix and the figure place of user cipher consistent; The line number of matrix also can be other preset values, can be also change at random.
In an embodiment of the present invention, cipher protection apparatus can show the first dynamic password, so that user is sent to server by the first dynamic password by subscription client, as the password of this authentication.In addition, cipher protection apparatus can also export the first dynamic password to subscription client by data transmission interface, further the first dynamic password is sent to server by subscription client.
S104, server is used dynamic matrix to convert to generate the second dynamic password to being stored in the user cipher of this user in server.
Particularly, server obtains corresponding dynamic matrix and generates the parameters such as the first dynamic password password figure place used, row matrix columns according to the user name receiving, and be stored in the corresponding user cipher in server, use this corresponding dynamic matrix and parameter to convert the user cipher being stored in server, to generate the second dynamic password.Should be noted that; this conversion should be identical with the conversion that cipher protection apparatus in step S103 is done user cipher; thereby when the password that the user cipher in server is inputted in client with user is consistent, the second dynamic password that server generates is identical with the first dynamic password that cipher protection apparatus generates.
S105, server receives the first dynamic password, and the first dynamic password and the second dynamic password are compared, and confirms by authentication when consistent with the second dynamic password at the first dynamic password.
Particularly, server is compared the second dynamic password of the first dynamic password receiving and server calculating generation, if consistent, judges authentication success, otherwise, judge authentication failure.
The identity identifying method of the embodiment of the present invention, by using respectively synchronous dynamic matrix to convert user cipher in server and cipher protection apparatus, then two dynamic passwords that generate are compared, thereby complete authentication, without Third Party Authentication, easy and simple to handle in verification process, improved authentication efficiency, user cipher and dynamic matrix do not transmit all the time in channel, have reduced the possibility that password and cryptographic transformation mode are stolen; By synchronous dynamic matrix, user cipher is converted, simple password is converted to complicated dynamic password, increased and cracked difficulty, when having improved subscriber identity information fail safe, alleviated user's memory burden, promoted user's experience.
In order to realize above-described embodiment, the present invention also proposes a kind of cipher protection apparatus.
Fig. 2 is the structured flowchart of cipher protection apparatus according to an embodiment of the invention.
As shown in Figure 2, according to the cipher protection apparatus of the embodiment of the present invention, comprise: matrix update module 10, receiver module 20, password generated module 30 and password output module 40.
Particularly, matrix update module 10 for server sync Regeneration dynamics matrix.Wherein, the columns of dynamic matrix and the figure place of user cipher need consistent.More specifically, user registers a unique user name sign identity on server, arrange one simultaneously and only have the static password of knowing in person, server is bound corresponding dynamic matrix according to different user names, and synchronizes with the dynamic matrix of server by default dynamic time parameters and the equiprobable encrypted form realization matrix of seed key update module 10.In one embodiment of the invention, matrix update module 10 and server can be synchronizeed Regeneration dynamics matrix every Preset Time, for example matrix update module 10 can be upgraded a dynamic matrix A with server sync, and changes once every the set time (as 1 minute).
Receiver module 20 is for receiving the user cipher of user's input.More specifically, before each authentication, user needs first on cipher protection apparatus, to input user cipher, and cipher protection apparatus can receive by receiver module 20 user cipher of user's input.
Password generated module 30 is for being used dynamic matrix to convert to generate dynamic password to user cipher.More specifically, password generated module 30, after receiving the user cipher of user's input, can be used dynamic matrix to convert to generate the first dynamic password to user cipher.
In one embodiment of the invention, password generated module 30 is specifically for dynamic matrix and user cipher are carried out to premultiplication computing, so that user cipher is converted.For example, user cipher P is 6 bit digital 123456, is write as column vector form,
P = 1 2 3 4 5 6 ,
If current dynamic matrix A = 1 7 13 19 25 31 2 8 14 20 26 32 3 9 15 21 27 33 4 10 16 22 28 34 5 11 17 23 29 35 6 12 18 24 30 36 ,
Conversion process is: AP = 1 7 13 19 25 31 2 8 14 20 26 32 3 9 15 21 27 33 4 10 16 22 28 34 5 11 17 23 29 35 6 12 18 24 30 36 1 2 3 4 5 6 = 441 462 483 504 525 546 ,
Password after available encryption 441 462 483 504 525 546 , I.e. the first dynamic password, being write as numeric string form is 441462483504525546 dynamic passwords as this time authentication of user.In addition, because the first dynamic password is the character string forms of encrypting rear column vector, length is longer, therefore, can only get in actual applications wherein some figure place (as only got first 6), or only get the units of this each component of column vector, or (for example parameter preset is 3,6,9 to be only taken at numeral on parameter preset position, 11, get numeral on the 3rd, the 6th, the 9th, the 11st as dynamic password).
Wherein, the first dynamic password can be vector form, numeric string form, can be also the form of segmentation password, as (441,462,483,504,525,546), can also be existing or following any other password form that may occur (as by the further coding etc. of the numeral in password).
In above-mentioned example, user cipher is 6, in concrete application, can according to actual needs the figure place of password be made as to other numerical value, correspondingly, the columns of dynamic matrix also will be made as respective value, keeps the columns of dynamic matrix and the figure place of user cipher consistent; The line number of matrix also can be other preset values, can be also change at random.
Password output module 40 is for exporting dynamic password.In one embodiment of the invention, password output module 40 is display module, for showing the first dynamic password, so that user is sent to server by the first dynamic password by subscription client, as the password of this authentication.
In one embodiment of the invention, password output module 40 can also be data transmission module, for exporting the first dynamic password to subscription client, further the first dynamic password is sent to server by subscription client.
The cipher protection apparatus of the embodiment of the present invention; according to the dynamic matrix of server sync, user cipher being converted; then by generation and export dynamic password, simple password can be converted to complicated dynamic password, increase and cracked difficulty; when having improved subscriber identity information fail safe; alleviated user's memory burden, without Third Party Authentication, easy and simple to handle in verification process; improve authentication efficiency, promoted user's experience.
In order to realize above-described embodiment, the present invention also proposes a kind of identity authorization system.
Fig. 3 is the structural representation of the identity authorization system of a specific embodiment according to the present invention.As shown in Figure 3, according to the identity authorization system of the embodiment of the present invention, comprise: the cipher protection apparatus 100 of above-mentioned any one embodiment, client 200 and server 300, wherein, cipher protection apparatus 100 is for cipher protection apparatus and server sync Regeneration dynamics matrix, and the user cipher that receives user's input, and use dynamic matrix to convert to generate the first dynamic password to user cipher, and input the first dynamic password; Client 200 is for receiving the first dynamic password, and the first dynamic password is sent to server; Server 300 is for synchronizeing Regeneration dynamics matrix with cipher protection apparatus; and use dynamic matrix to convert to generate the second dynamic password to being stored in the user cipher of this user in server; and the first dynamic password that receives client transmission; and the first dynamic password and the second dynamic password are compared, and confirm by authentication when consistent with the second dynamic password at the first dynamic password.
Particularly; user registers a unique user name sign identity on server 300; arrange one simultaneously and only have the static password of knowing in person; server 300 is bound corresponding dynamic matrix according to different user names, and by default dynamic time parameters and the equiprobable encrypted form of seed key, realizes cipher protection apparatus 100 and synchronize with the dynamic matrix of server 300.In one embodiment of the invention, cipher protection apparatus 100 and server 300 can be synchronizeed Regeneration dynamics matrix every Preset Time.For example cipher protection apparatus 100 can be synchronizeed with server 300 and upgraded a dynamic matrix A, and changes once every the set time (as 1 minute).
It should be noted that the columns of dynamic matrix and the figure place of user cipher are consistent.
Cipher protection apparatus 100 is specifically for dynamic matrix and user cipher are carried out to premultiplication computing, so that user cipher is converted.For example, user cipher P is 6 bit digital 123456, is write as column vector form,
P = 1 2 3 4 5 6 ,
Current dynamic matrix A = 1 7 13 19 25 31 2 8 14 20 26 32 3 9 15 21 27 33 4 10 16 22 28 34 5 11 17 23 29 35 6 12 18 24 30 36 .
Conversion process is: AP = 1 7 13 19 25 31 2 8 14 20 26 32 3 9 15 21 27 33 4 10 16 22 28 34 5 11 17 23 29 35 6 12 18 24 30 36 1 2 3 4 5 6 = 441 462 483 504 525 546
Password after the encryption finally obtaining 441 462 483 504 525 546 , I.e. the first dynamic password, being write as numeric string form is 441462483504525546 dynamic passwords as this time authentication of user.In addition, because the first dynamic password is the character string forms of encrypting rear column vector, length is longer, therefore, can only get in actual applications wherein some figure place (as only got first 6), or only get the units of this each component of column vector, or (for example parameter preset is 3,6,9 to be only taken at numeral on parameter preset position, 11, get numeral on the 3rd, the 6th, the 9th, the 11st as dynamic password).
Wherein, the first dynamic password can be vector form, numeric string form, can be also the form of segmentation password, as (441,462,483,504,525,546), can also be existing or following any other password form that may occur (as by the further coding etc. of the numeral in password).
In above-mentioned example, user cipher is 6, in concrete application, can according to actual needs the figure place of password be made as to other numerical value, correspondingly, the columns of dynamic matrix also will be made as respective value, keeps the columns of dynamic matrix and the figure place of user cipher consistent; The line number of matrix also can be other preset values, can be also change at random.
In an embodiment of the present invention, cipher protection apparatus 100 can show the first dynamic password, so that user is sent to server 300 by the first dynamic password by client 200, as the password of this authentication.In addition, cipher protection apparatus 100 can also export the first dynamic password to client 200 by data transmission interface, further the first dynamic password is sent to server 300 by client 200.
Cipher protection apparatus 100 is specifically for showing the first dynamic password, so that user is sent to server 300 by the first dynamic password by client 200.Cipher protection apparatus 100 is also for exporting the first dynamic password to client by data transmission interface, further the first dynamic password is sent to server 300 by client 200.
Particularly, server 300 obtains corresponding dynamic matrix and generates the parameters such as the first dynamic password password figure place used, row matrix columns according to the user name receiving, and be stored in the corresponding user cipher in server 300, use this corresponding dynamic matrix and parameter to convert the user cipher being stored in server 300, to generate the second dynamic password.Should be noted that; the conversion that this conversion should 100 pairs of user ciphers of cipher protection apparatus be done is identical; thereby when the password that the user cipher in server 300 is inputted with user is consistent, the second dynamic password that server 300 generates is identical with the first dynamic password that cipher protection apparatus 100 generates.Server 300 is compared the second dynamic password of the first dynamic password receiving and server calculating generation, if consistent, judges authentication success, otherwise, judge authentication failure.
The identity authorization system of the embodiment of the present invention, by using respectively synchronous dynamic matrix to convert user cipher in server and cipher protection apparatus, then two dynamic passwords that generate are compared, thereby complete authentication, without Third Party Authentication, easy and simple to handle in verification process, improved authentication efficiency, user cipher and dynamic matrix do not transmit all the time in channel, have reduced the possibility that password and cryptographic transformation mode are stolen; By synchronous dynamic matrix, user cipher is converted, simple password is converted to complicated dynamic password, increased and cracked difficulty, when having improved subscriber identity information fail safe, alleviated user's memory burden, promoted user's experience.
In flow chart or any process of otherwise describing at this or method describe and can be understood to, represent to comprise that one or more is for realizing module, fragment or the part of code of executable instruction of the step of specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by embodiments of the invention person of ordinary skill in the field.
The logic and/or the step that in flow chart, represent or otherwise describe at this, for example, can be considered to for realizing the sequencing list of the executable instruction of logic function, may be embodied in any computer-readable medium, for instruction execution system, device or equipment (as computer based system, comprise that the system of processor or other can and carry out the system of instruction from instruction execution system, device or equipment instruction fetch), use, or use in conjunction with these instruction execution systems, device or equipment.With regard to this specification, " computer-readable medium " can be anyly can comprise, storage, communication, propagation or transmission procedure be for instruction execution system, device or equipment or the device that uses in conjunction with these instruction execution systems, device or equipment.The example more specifically of computer-readable medium (non-exhaustive list) comprises following: the electrical connection section (electronic installation) with one or more wirings, portable computer diskette box (magnetic device), random-access memory (ram), read-only memory (ROM), the erasable read-only memory (EPROM or flash memory) of editing, fiber device, and portable optic disk read-only memory (CDROM).In addition, computer-readable medium can be even paper or other the suitable medium that can print described program thereon, because can be for example by paper or other media be carried out to optical scanner, then edit, decipher or process in electronics mode and obtain described program with other suitable methods if desired, be then stored in computer storage.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, a plurality of steps or method can realize with being stored in memory and by software or the firmware of suitable instruction execution system execution.For example, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: have for data-signal being realized to the discrete logic of the logic gates of logic function, the application-specific integrated circuit (ASIC) with suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is to come the hardware that instruction is relevant to complete by program, described program can be stored in a kind of computer-readable recording medium, this program, when carrying out, comprises step of embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.If described integrated module usings that the form of software function module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium.
In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of this embodiment or example description.In this manual, the schematic statement of above-mentioned term is not necessarily referred to identical embodiment or example.And the specific features of description, structure, material or feature can be with suitable mode combinations in any one or more embodiment or example.
Although illustrated and described embodiments of the invention, those having ordinary skill in the art will appreciate that: in the situation that not departing from principle of the present invention and aim, can carry out multiple variation, modification, replacement and modification to these embodiment, scope of the present invention is by claim and be equal to and limit.

Claims (15)

1. an identity identifying method, is characterized in that, comprises the following steps:
Cipher protection apparatus and server sync Regeneration dynamics matrix;
Described cipher protection apparatus receives the user cipher of user's input;
Described cipher protection apparatus is used described dynamic matrix to convert to generate the first dynamic password to described user cipher, and exports described the first dynamic password;
Described server is used described dynamic matrix to convert to generate the second dynamic password to being stored in the user cipher of the described user in described server;
Described server receives described the first dynamic password, and described the first dynamic password and described the second dynamic password are compared, and confirms by authentication when consistent with described the second dynamic password at described the first dynamic password.
2. the method for claim 1, is characterized in that, the columns of described dynamic matrix is consistent with the figure place of described user cipher, and described cipher protection apparatus is used described dynamic matrix that user cipher is converted specifically and comprised:
Described cipher protection apparatus carries out premultiplication computing by described dynamic matrix and described user cipher, so that described user cipher is converted.
3. method as claimed in claim 1 or 2, is characterized in that, described cipher protection apparatus is exported described the first dynamic password and specifically comprised:
Described cipher protection apparatus shows described the first dynamic password, so that described user is sent to described server by described the first dynamic password by subscription client.
4. method as claimed in claim 1 or 2, is characterized in that, described cipher protection apparatus is exported described the first dynamic password and specifically comprised:
Described cipher protection apparatus exports described the first dynamic password to subscription client by data transmission interface, further described the first dynamic password is sent to described server by described subscription client.
5. the method for claim 1, is characterized in that, described cipher protection apparatus is synchronizeed and upgraded described dynamic matrix every Preset Time with described server.
6. a cipher protection apparatus, is characterized in that, comprising:
Matrix update module, for server sync Regeneration dynamics matrix;
Receiver module, for receiving the user cipher of user's input;
Password generated module, for being used described dynamic matrix to convert to generate dynamic password to described user cipher; And
Password output module, for exporting described dynamic password.
7. device as claimed in claim 6, it is characterized in that, the columns of described dynamic matrix is consistent with the figure place of described user cipher, and described password generated module is specifically for carrying out premultiplication computing by described dynamic matrix and described user cipher, so that described user cipher is converted.
8. the device as described in claim 6 or 7, is characterized in that, described password output module is display module, for showing described the first dynamic password, so that described user is sent to described server by described the first dynamic password by subscription client.
9. the device as described in claim 6 or 7, it is characterized in that, described password output module is data transmission module, for exporting described the first dynamic password to subscription client, further described the first dynamic password is sent to described server by described subscription client.
10. device as claimed in claim 6, is characterized in that, described matrix update module is synchronizeed and upgraded described dynamic matrix every Preset Time with described server.
11. 1 kinds of identity authorization systems, is characterized in that, comprise cipher protection apparatus, client and server, wherein,
Described cipher protection apparatus, for cipher protection apparatus and server sync Regeneration dynamics matrix, and the user cipher that receives user's input, and use described dynamic matrix to convert to generate the first dynamic password to described user cipher, and input described the first dynamic password;
Described client, for receiving described the first dynamic password, and is sent to described server by described the first dynamic password;
Described server; for synchronize Regeneration dynamics matrix with described cipher protection apparatus; and use described dynamic matrix to convert to generate the second dynamic password to being stored in the user cipher of the described user in described server; and described the first dynamic password that receives described client transmission; and described the first dynamic password and described the second dynamic password are compared, and confirm by authentication when consistent with described the second dynamic password at described the first dynamic password.
12. systems as claimed in claim 11; it is characterized in that; the columns of described dynamic matrix is consistent with the figure place of described user cipher, and described cipher protection apparatus is specifically for carrying out premultiplication computing by described dynamic matrix and described user cipher, so that described user cipher is converted.
13. systems as described in claim 11 or 12, is characterized in that,
Described cipher protection apparatus is specifically for showing described the first dynamic password, so that described user is sent to described server by described the first dynamic password by described client.
14. systems as described in claim 11 or 12, is characterized in that,
Described cipher protection apparatus is specifically for exporting described the first dynamic password to described client by data transmission interface, further described the first dynamic password is sent to described server by described client.
15. systems as claimed in claim 11, is characterized in that, described cipher protection apparatus is synchronizeed and upgraded described dynamic matrix every Preset Time with described server.
CN201310573612.5A 2013-11-15 2013-11-15 Identity identifying method, system and cipher protection apparatus Expired - Fee Related CN103580873B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310573612.5A CN103580873B (en) 2013-11-15 2013-11-15 Identity identifying method, system and cipher protection apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310573612.5A CN103580873B (en) 2013-11-15 2013-11-15 Identity identifying method, system and cipher protection apparatus

Publications (2)

Publication Number Publication Date
CN103580873A true CN103580873A (en) 2014-02-12
CN103580873B CN103580873B (en) 2017-06-06

Family

ID=50051865

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310573612.5A Expired - Fee Related CN103580873B (en) 2013-11-15 2013-11-15 Identity identifying method, system and cipher protection apparatus

Country Status (1)

Country Link
CN (1) CN103580873B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105069619A (en) * 2015-07-17 2015-11-18 上海众人网络安全技术有限公司 On-line fast payment system and payment method thereof
CN105791274A (en) * 2016-02-24 2016-07-20 四川长虹电器股份有限公司 Distributed encrypted storage and authentication method based on local area network
CN106209380A (en) * 2016-07-08 2016-12-07 刘兴丹 A kind of input type dynamic cipher device device, system and method
CN107370765A (en) * 2017-09-06 2017-11-21 郑州云海信息技术有限公司 A kind of ftp server identity identifying method and system
WO2019179313A1 (en) * 2018-03-22 2019-09-26 中国银联股份有限公司 Method and apparatus for managing passwords, and computer storage medium
CN113268780A (en) * 2021-06-08 2021-08-17 天津赢达信科技有限公司 Identity authentication method and device, computer equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101316166A (en) * 2008-07-07 2008-12-03 张寄望 Dynamic password identity authentication method based on accidental character set
CN102075547A (en) * 2011-02-18 2011-05-25 北京天地融科技有限公司 Dynamic password generating method and device and authentication method and system
CN102594562A (en) * 2012-02-14 2012-07-18 郁晓东 Human authentication method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101316166A (en) * 2008-07-07 2008-12-03 张寄望 Dynamic password identity authentication method based on accidental character set
CN102075547A (en) * 2011-02-18 2011-05-25 北京天地融科技有限公司 Dynamic password generating method and device and authentication method and system
CN102594562A (en) * 2012-02-14 2012-07-18 郁晓东 Human authentication method

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105069619A (en) * 2015-07-17 2015-11-18 上海众人网络安全技术有限公司 On-line fast payment system and payment method thereof
CN105791274A (en) * 2016-02-24 2016-07-20 四川长虹电器股份有限公司 Distributed encrypted storage and authentication method based on local area network
CN105791274B (en) * 2016-02-24 2018-12-04 四川长虹电器股份有限公司 A kind of distributed cryptographic storage and method for authenticating based on local area network
CN106209380A (en) * 2016-07-08 2016-12-07 刘兴丹 A kind of input type dynamic cipher device device, system and method
CN107370765A (en) * 2017-09-06 2017-11-21 郑州云海信息技术有限公司 A kind of ftp server identity identifying method and system
WO2019179313A1 (en) * 2018-03-22 2019-09-26 中国银联股份有限公司 Method and apparatus for managing passwords, and computer storage medium
CN113268780A (en) * 2021-06-08 2021-08-17 天津赢达信科技有限公司 Identity authentication method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN103580873B (en) 2017-06-06

Similar Documents

Publication Publication Date Title
CN103546576B (en) A kind of embedded device remote automatic upgrading method and system
CN107248075B (en) Method and device for realizing bidirectional authentication and transaction of intelligent key equipment
CN107358441B (en) Payment verification method and system, mobile device and security authentication device
CN101430751B (en) Data management apparatus and data management method
CN103580873A (en) Identity authentication method and system and password protection device
CN110149209B (en) Internet of things equipment and method and device for improving data transmission safety of Internet of things equipment
CN106796630B (en) User authentication
CA2969332C (en) A method and device for authentication
CN107872532B (en) Method and system for storing and downloading third-party cloud storage platform
CN110224834A (en) Identity identifying method, decryption and ciphering terminal based on dynamic token
CN110224811A (en) Internet of Things cipher processing method, apparatus and system
CN103516524A (en) Security authentication method and system
CN109218025A (en) Method, safety device and security system
CN104038336A (en) Data encryption method based on 3DES
CN110635900B (en) Key management method and system suitable for Internet of things system
CN105306200B (en) The encryption method and device of network account password
CN106797381B (en) Communication adapter for user authentication
CN111008400A (en) Data processing method, device and system
CN113079002B (en) Data encryption method, data decryption method, key management method, medium, and device
CN112272090B (en) Key generation method and device
CN111338841A (en) Data processing method, device, equipment and storage medium
CN103580874A (en) Identity authentication method and system and password protection device
KR20190112959A (en) Operating method for machine learning model using encrypted data and apparatus based on machine learning model
Crocker et al. Two factor encryption in cloud storage providers using hardware tokens
CN116318675A (en) Dynamic password generation method, system, device, computer equipment and medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170606

Termination date: 20211115