CN105592056A - Password safety system for mobile device and password safety input method thereof - Google Patents
Password safety system for mobile device and password safety input method thereof Download PDFInfo
- Publication number
- CN105592056A CN105592056A CN201510616410.3A CN201510616410A CN105592056A CN 105592056 A CN105592056 A CN 105592056A CN 201510616410 A CN201510616410 A CN 201510616410A CN 105592056 A CN105592056 A CN 105592056A
- Authority
- CN
- China
- Prior art keywords
- password
- mobile device
- ciphertext
- module
- cipher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The present invention relates to a password safety system for mobile device and an application method thereof. The system comprises: a safety device configured to obtain password and generate a password ciphertext in the password generation phase and then transmit the password ciphertext to a first mobile device, and configured to verify the password ciphertext sent by the first mobile device in the password verification phase; the first mobile device configured to receive generated password ciphertext and transmit the password ciphertext to a second mobile device in the password generation phase, and configured to read the password ciphertext and send to the safety device in the password verification phase; and the second mobile device configured to store the password ciphertext received from the mobile device in the password generation phase, and provide stored password ciphertext to the first mobile device in the password verification phase. According to the invention, the safety and the convenience of password usage may be improved.
Description
Technical field
The present invention relates to mobile communication technology, relate to particularly a kind of for the cipher safety system of mobile device and for the cipher safety inputting method of mobile device.
Background technology
Along with Intelligent mobile equipment becomes the little assistant of personal lifestyle gradually; increasing personal information storage is in Intelligent mobile equipment; these packets of information are containing the closely-related privacy information of a guy; as information such as individual photo, social account, game account, how these individual privacy information being carried out to safeguard protection is that user is to one of smart mobile phone large demand for security.
What existing common technology means were used is the mode of password, allows user that a password is set, in the time that user will protect personal information, require after user inputs password, Intelligent mobile equipment judges that whether password is correct, if correct, personal information is encrypted; Afterwards, if when user need to check personal information, input equally password, system is decrypted for user and checks personal information after judging that password is correct.
But also can there are following two problems in this mode:
(1) in order to ensure security, what current password used is character style and needs certain complex combination, this strengthens degree of safety to password, reduce when being cracked risk, also bring a real problem, if password for some time need not, user will easily forget, thereby cause personal information to decipher, for user makes troubles.
(2) password exists on smart mobile phone with local storage mode, and because smart mobile phone is in the shortcoming aspect security, cannot defend rogue program to steal, even if master key is stored with ciphertext form, the key master key being encrypted is also to exist on smart mobile phone, the risk that also cannot fundamentally defend password to be cracked. Meanwhile, while checking individual privacy information, all need to input password due to user, this has also increased the risk being snatched password in man-in-the-middle attack mode by rogue program greatly at every turn.
Summary of the invention
In view of the above problems, the present invention aim to provide a kind of can solve memory difficulty and the problem being easily stolen in password use procedure and realize password safety input for the cipher safety system of mobile device and for the cipher safety inputting method of mobile device.
Cipher safety system for mobile device of the present invention, is characterized in that, possesses:
Safety means, are used for obtaining password and according to being transferred to the first following mobile device after this password generating cipher ciphertext, are used for verifying the password ciphertext of sending from the first following mobile device in the password authentification stage at password generation phase;
The first mobile device,, be used for reading password ciphertext and sending to described safety means from the second following mobile device in the password authentification stage for receiving the password ciphertext generating and be transferred to the second following mobile device from described safety means at password generation phase;
The second mobile device, for storing the password ciphertext receiving from described the first mobile device, is used for providing to described the first mobile device the password ciphertext of storage at password generation phase in the password authentification stage.
Preferably, described safety means are as the part of described the first mobile device and form.
Preferably, described safety means are cloud equipment or safe unit.
Preferably, described the first mobile device is smart mobile phone or panel computer, and described the second mobile device is wearing equipment.
Cipher safety system for mobile device of the present invention, is characterized in that, possesses:
Safety means, are used for obtaining password and according to being transferred to following the second mobile device after this password generating cipher ciphertext, are used for verifying the password ciphertext of sending from the first following mobile device in the password authentification stage at password generation phase;
The first mobile device, was used for reading password ciphertext and sending to described safety means from the second following mobile device in the password authentification stage;
The second mobile device, for storing the password ciphertext receiving from described safety means, is used for providing to described the first mobile device the password ciphertext of storage at password generation phase in the password authentification stage.
Preferably, described safety means form as the part in described the first mobile device.
Preferably, described safety means possess:
Interactive interface module, for obtaining the original password of user's input;
Trusted storage module, for storing described original password;
Encryption and decryption module,, is used for being decrypted and verifying from the password ciphertext of following code data generation module extraction in the password authentification stage for according to original password generating cipher ciphertext at password generation phase;
Code data generation module,, is used for from extracting password ciphertext from the code data of following the second mobile device in the password authentification stage for according to described password ciphertext generating cipher data at password generation phase;
First information receiver module, for carrying out data interaction between described safety means and described the first mobile device and/or between described safety means and described the second mobile device,
Described the second mobile device possesses:
Memory module, is used for storing at password generation phase the described code data sending from security module;
Code data display module, is used for showing in the password authentification stage the described code data of being stored by described memory module,
Described the first mobile device possesses:
Code data read module, the code data of showing for reading described code data display module;
The second information receiving module, for carrying out data interaction between described the first mobile device and described safety means and/or between described the first mobile device and described the second mobile device.
Preferably, described code data generation module is two-dimensional code generation module,
Described two-dimensional code generation module, is used for from extracting Quick Response Code from the code data of the second mobile device in the password authentification stage for generating Quick Response Code according to described password ciphertext at password generation phase,
Described code data display module is Quick Response Code display module,
Described Quick Response Code display module is used for showing the Quick Response Code as the code data of being stored by described memory module in the password authentification stage,
Described code data read module is camera, the Quick Response Code that described camera is shown for reading described Quick Response Code display module.
Preferably, described code data generation module is that bar code generates module, described bar code generates module and is used for generating bar code according to described password ciphertext at password generation phase, is used for from extracting bar code from the code data of the second mobile device in the password authentification stage
Described code data display module is bar code display module,
Described bar code display module is used for showing the bar code as the code data of being stored by described memory module in the password authentification stage,
Described code data read module is camera, the bar code that described camera is shown for reading described bar code display module.
Preferably, described the first mobile device is smart mobile phone or panel computer, and described the second mobile device is wearable device, and described safety means are as the part of described smart mobile phone and be arranged in the TEEI of described smart mobile phone.
Preferably, the data between described safety means and described the second mobile device transmit reliable existing by non-connection.
Cipher safety inputting method for mobile device of the present invention, the method utilizes safety means, the first mobile device and the second mobile device to realize, and it is characterized in that, comprises the steps:
Password generates step, and safety means obtain password and will after this password encryption generating cipher ciphertext, are transferred to the second mobile device or are directly sent to the second mobile device by the first mobile device;
Password storing step, the second mobile device is stored described password ciphertext;
Password Input step, when user inputs password at needs, the second mobile device is shown password ciphertext to the first mobile device, is obtained password ciphertext and is sent to safety means by the first mobile device;
Password authentification step, safety means are by the password the password decrypt ciphertext of sending from the first mobile device checking deciphering.
Preferably, the data between described safety means and described the second mobile device transmit reliable existing by non-connection.
Preferably, described password ciphertext adopts Quick Response Code or bar code.
Cipher safety system for mobile device of the present invention comprises, it is characterized in that, comprising: background system, the first mobile device and the second mobile device,
Wherein, background system possesses:
The first counter, counts for generation of count value and to count value comparison number of times;
Public and private key generation unit, for generating PKI and private key;
Encryption and decryption module, at password generation phase, be used for obtaining user cipher, and by user cipher, the PKI that the count value that above-mentioned the first counter produces and above-mentioned public and private key generation unit generate is encrypted together rear generating cipher ciphertext and is sent to the first mobile device, in the password authentification stage, parse count value and the count value of this count value parsing and described the first counter storage is compared for the following second password ciphertext of sending from the first mobile device, only count value comparison by the situation that just the second password ciphertext is carried out to password authentification,
First network escape way, for carry out transfer of data between background system and the first mobile device,
The first mobile device possesses:
The second counter, storage is from the count value of background system;
Cryptography processing units, at password generation phase, receive the first password ciphertext of coming from described background system transmission and first password ciphertext and PKI are transferred to the second mobile device, in the password authentification stage, the count value that described the second counter is stored sends to the second mobile device and receives the second following password ciphertext of returning from described the second mobile device, and described the second password ciphertext is sent to background system;
Second network escape way, for carrying out transfer of data between background system and the first mobile device;
Described the second mobile device possesses:
Memory module, is used for storing at password generation phase the password ciphertext and the PKI that send from the first mobile device; And
Encryption and decryption module, generates the second password ciphertext together with the password ciphertext PKI of the count value of sending from described the first mobile device having been stored with described memory module in the password authentification stage.
Preferably, described the first mobile device is smart mobile phone or panel computer, and described the second mobile device is wearable device.
Preferably, between described the first mobile device and described the second mobile device, carry out communication by the non-mode that connects.
In sum, of the present invention for the cipher safety system of mobile device and for the cipher safety inputting method of mobile device, by utilizing for example wearing equipment of another mobile device to replace human brain to store password, without memory cipher, very complicated password combination can be set thus, improve the difficulty that password is cracked, greatly promoted user's experience. And, in the transmission of password, be all to adopt password ciphertext form, can effectively prevent from maliciously not stolen, can improve the security that password uses.
Brief description of the drawings
Fig. 1 is the frame diagram that represents the cipher safety system for mobile device of the present invention.
Fig. 2 is the flow chart that represents the concrete steps of cipher safety inputting method of the present invention.
Fig. 3 is the structural map of the cipher safety system for mobile device of first embodiment of the invention.
Fig. 4 is the structural map of the cipher safety system for mobile device of second embodiment of the invention.
Fig. 5 is the structural map of the cipher safety system for mobile device of second embodiment of the invention.
Detailed description of the invention
What introduce below is some in multiple embodiment of the present invention, aims to provide basic understanding of the present invention. Be not intended to confirm key of the present invention or conclusive key element or limit claimed scope.
Along with the development of new technology, various mobile devices continue to bring out, and user carries multiple mobile devices has become possibility, for example, carry smart mobile phone and various wearable devices etc. simultaneously. The present invention utilizes user to carry the advantage of multiple mobile devices, and a kind of cipher safety system and the cipher safety inputting method that can input reliably, expediently user cipher is provided.
Under regard to the cipher safety system for mobile device of the present invention and describe.
Fig. 1 is the frame diagram that represents the cipher safety system for mobile device of the present invention.
As shown in Figure 1, the cipher safety system for mobile device of the present invention possesses: safety means 100, the first mobile device 200, the second mobile device 300.
Safety means 100 are used for the password encryption generating cipher ciphertext that user is set and the password ciphertext of generation are transferred to the first mobile device 200 password to decipher sending from the first following mobile device, verifying for verifying in the password authentification stage at password generation phase.
The first mobile device 200, is used for reading password ciphertext and sending to safety means 100 from the second mobile device 300 in the password authentification stage for receiving the password ciphertext generating and be transferred to the second mobile device 300 from described safety means 100 at password generation phase.
The second mobile device 300 for storing the password ciphertext receiving from the first mobile device 200, is used for providing to the first mobile device 100 the password ciphertext of storage at password generation phase in the password authentification stage.
Wherein, safety means 100 obtain the password (generally can be inputted by user) that need to input when the first mobile device 200 uses, generate the ciphertext of encrypting according to this password, transmit the first mobile device 200 by communication port, the first mobile device 200 passes to the second mobile device 300 by communication port again, by the second mobile device 300, password ciphertext is stored. Like this, while needing to access to your password on the first mobile device 100, show reading in password from the second mobile device 300 of storage by the first mobile device 200, send to safety means 100, whether safety means 100 are verified the password reading in, notify the first mobile device 200 password authentifications to pass through according to the result. In the present invention, replace human brain to remember the password of the first mobile device 200 with the second mobile device 300, utilize mobile device to compare powerful computing capability and communication interface ability that human brain possesses, can promote thus safe shape and the convenience of password input mode.
In the present invention, safety means 100 can be independently to exist as an independent equipment, and for example, safety means 100 are cloud equipment or a safe unit. Certainly, safety means 100 can be also belong to a part for the first mobile device 200 and exist.
Here, for example, as an optimal way, the first mobile device 100 can be smart mobile phone, panel computer, safety means 100 can be arranged on a part of unit in this smart mobile phone, panel computer, generate and authentication function as long as completing password, on the other hand, the second mobile device 300 can be a kind of wearing equipment.
Then, describe for the cipher safety inputting method that utilizes the cipher safety system for mobile device of the present invention to realize. Fig. 2 is the flow chart that represents cipher safety inputting method of the present invention.
As shown in Figure 2, cipher safety inputting method of the present invention comprises the steps:
Password generates step S100: utilize safety means 100 obtain password and will after this password encryption generating cipher ciphertext, be transferred to the second mobile device 300 or be directly sent to the second mobile device 300 by the first mobile device 200;
Password storing step S200: the second mobile device 300 is stored described password ciphertext;
Password Input step S300: when user inputs password at needs, the second mobile device 300 is shown password ciphertext to the first mobile device 200, is obtained password ciphertext and is sent to safety means 100 by the first mobile device 200;
Password authentification step S400: safety means 100 are by the password the password decrypt ciphertext of sending from the first mobile device 200 checking deciphering.
The first embodiment
Then, describe for the cipher safety system for mobile device of first embodiment of the invention.
Fig. 3 is the structural map of the cipher safety system for mobile device of first embodiment of the invention.
As shown in Figure 3, the cipher safety system for mobile device of first embodiment of the invention comprises smart mobile phone 400 and wearable device 500. Wherein, smart mobile phone 400 comprises TEEI district (TrustedExecutiveEnvironmentIntegration, credible execution environment) 410 and Android district 420. In the first embodiment, TEEI district 410 is equivalent to that above-mentioned safety means, Android district 420 are equivalent to the first above-mentioned mobile device, wearable device 500 is equivalent to the second above-mentioned mobile device.
In current technology, TEEI(TrustedExecutionEnvironmentIntegration, credible execution environment) be the technology proposing in order to solve the security risk that current mobile intelligent terminal exists, TEEI has constructed a safe operation environment of for example, isolating with mobile intelligent terminal operating system (Android, iOS, WindowsPhone). TEEI can be the safety zone that is arranged in mobile intelligent terminal primary processor, can ensure to carry out storage, processing and the protection of sensitive data in believable environment. TEEI is that the fail-safe software (trusted software) of authorizing provides safe execution environment, by execution protect, maintain secrecy, complete and data access authority realized safety end to end.
TEEI district 410 possesses:
Credible interactive interface module 411, for obtaining the original password of user's input;
Trusted storage module 412, for storing described original password;
Encryption and decryption module 413,, is used for the password ciphertext of extracting from two-dimensional code generation module 414 to be decrypted and to verify in the password authentification stage for according to original password generating cipher ciphertext at password generation phase;
Two-dimensional code generation module 414,, is used for from extracting password ciphertext from wearable device 500 in the password authentification stage for generating Quick Response Code according to described password ciphertext at password generation phase;
First information receiver module 415, for carrying out data interaction between TEEI district 410 and Android district 420 and/or between described TEEI district 410 and wearable device 500.
Android district 420 possesses:
Camera 421, the password ciphertext of showing for reading described Quick Response Code display module 512;
The second information receiving module 422, between Android district 420 and TEEI district 410 and/or wearable device 500 carry out data interaction.
Described wearable device 500 possesses:
Memory module 511, is used for storing the password ciphertext of sending from TEEI district 410 at password generation phase;
Quick Response Code display module 512, is used for showing the password ciphertext of being stored by memory module 511 in the password authentification stage.
Wherein, the data between TEEI district 410 and wearable device 500 transmit reliable existing by non-connection, for example NFC or bluetooth.
In the first embodiment, using the TEEI district 410 in smart mobile phone as the security platform that supports Cipher Processing, can ensure the security of password generative process, store password by wearable device 500, avoid the problem of user's memory cipher.
Then, be specifically described for the flow process of secured inputting method of the password that utilizes the cipher safety system for mobile device of this first embodiment to realize.
This concrete flow process can simply be divided into password generative process (be equivalent to above-mentioned password and generate step S100 and password storing step S200) and use procedure (being equivalent to above-mentioned Password Input step S300 and password authentification step S400):
The generative process of password is:
(1), when user arranges password, the credible interactive interface module 411 providing by TEEI district 410 is obtained the password of user's input, passes to encryption and decryption module 413;
(2) encryption and decryption module 413 is used trusted storage module 412 to store password, and uses key to adopt conventional encryption method password to be encrypted as 3DES, AES etc., and generating cipher ciphertext, passes to Quick Response Code module 414;
(3) Quick Response Code module 414 generates a Quick Response Code based on this ciphertext, after generation, point out user in modes such as prompt tones, user is by wearable device 500 near mobile phone, and making password ciphertext is that the memory module 511 that Quick Response Code is sent to wearable device 500 by NFC is stored.
From said process; password is all the protection in TEEI from being input to the generation of encrypted ones ciphertext; it in transmitting procedure, is also ciphertext form; can't be obtained by rogue program; because the mode with trusted storage is stored, avoided password to be carried out by rogue program the risk that this locality obtains and cracks simultaneously.
Password use procedure:
(1) when user will, to certain the part personal information on smart mobile phone, while being encrypted protection, encrypting application and point out user to input password to open the mode of camera as the information such as catalogue, file;
(2) user shows encrypted code ciphertext Quick Response Code by operation wearable device 500, after user's camera 421 reads in, from camera 421, data are passed toward Quick Response Code module 414, Quick Response Code module 414 is resolved to extract and is sent encryption and decryption module 413 to after password ciphertext and be decrypted and verify, is verified reporting system userspersonal information is encrypted.
Like this, in the time that user will check the personal information of encryption, user opens camera 421 reads in the Quick Response Code on wearable device 500 and equally extracts password checking with said process, by encryption and decryption module 413 reporting systems, personal information is decrypted for user and is checked. In this course, be all to have the encryption and decryption module 413 under TEEI to send owing to whether needing reporting system to carry out personal information encryption and decryption, thereby greatly reduce personal information and encrypted and the risk of deciphering by rogue program is illegal.
And, from experiencing, compare existing mode, cryptosecurity input mode of the present invention is manually inputted and is become camera shooting from original password, simple to operate and easy-to-use, and password is only inputted once in the time arranging, user also need not remember this password, very complicated password combination can be set, improve the difficulty that is cracked, also greatly promote user's experience.
The second embodiment
Fig. 4 is the structural map of the cipher safety system for mobile device of second embodiment of the invention.
As shown in Figure 4, the cipher safety system for mobile device of second embodiment of the invention comprises smart mobile phone 600 and wearable device 700. Wherein, smart mobile phone 600 comprises TEEI district (TrustedExecutiveEnvironmentIntegration, credible execution environment) 610 and Android district 620. In the first embodiment, TEEI district 610 is equivalent to that above-mentioned safety means, Android district 620 are equivalent to the first above-mentioned mobile device, wearable device 700 is equivalent to the second above-mentioned mobile device.
TEEI district 610 possesses:
Credible interactive interface module 611, for obtaining the original password of user's input;
Trusted storage module 612, for storing described original password;
Encryption and decryption module 613, is used for according to original password generating cipher ciphertext at password generation phase, and the password ciphertext being used for extracting from bar code generation module 414 in the password authentification stage is decrypted and verifies;
Bar code generates module 614,, is used for from extracting password ciphertext from wearable device 700 in the password authentification stage for generating bar code according to described password ciphertext at password generation phase;
First information receiver module 615, for carrying out data interaction between TEEI district 610 and Android district 620 and/or between described TEEI district 610 and wearable device 700.
Android district 620 possesses:
Camera 621, the password ciphertext of showing for reading described bar code display module 712;
The second information receiving module 622, between Android district 620 and TEEI district 610 and/or wearable device 700 carry out data interaction.
Described wearable device 700 possesses:
Memory module 711, is used for storing the password ciphertext of sending from TEEI district 610 at password generation phase;
Bar code display module 712, is used for showing the password ciphertext of being stored by memory module 711 in the password authentification stage.
Wherein, the data between TEEI district 610 and wearable device 700 transmit reliable existing by non-connection, for example NFC or bluetooth.
In the second embodiment, using the TEEI district 610 in smart mobile phone as the security platform that supports Cipher Processing, can ensure the security of password generative process, store password by wearable device 700, can avoid the problem of user's memory cipher.
The password generative process of this second embodiment and use procedure are identical with password generative process and the use procedure of above-mentioned the first embodiment.
In addition, adopt in the first embodiment Quick Response Code, in the second embodiment, adopt bar code, here Quick Response Code or bar code are a kind of form that represents of password ciphertext, represent form as long as can arrange this between safety means and the first mobile device, so, from this aspect, as long as can have represent the information such as word, numeral exhibiting method can, directly represent password ciphertext numeral and be also fine.
The 3rd embodiment
From above-mentioned the first detailed description of the invention and the second detailed description of the invention; in the present invention the safeguard measure of password being improved is mainly to replace human brain to carry out Password Input by an extra intelligent movable equipment, and password has been broken away from because computing capability between human brain and smart machine is not mated brought too single, the fixing problem of input pattern.
On this basis, inventor further finds if encrypted ones is carried out to dynamic change, and the encryption ciphertext that each wearable device is generated is all once dynamically to generate, and can get rid of better the risk being replicated.
Based on this transformation mechanism; in the 3rd embodiment of the present invention, be exactly such scheme to be used in to the existing user who pays without card login in protection; can solve existing without the card payment problem that login password is easily stolen in the time that user identity is logined; when improving login process security, promote user and experience.
Fig. 5 is the structural map of the cipher safety system for mobile device of third embodiment of the invention.
As shown in Figure 5, the cipher safety system for mobile device of third embodiment of the invention comprises: background system 800, smart mobile phone 900, wearable device 920.
Wherein, background system 800 possesses:
The first counter 811, produces count value and the number of times of count value comparison count value is counted;
Public and private key generation unit 812, for generating PKI and private key;
Encryption and decryption module 813, be used for obtaining user cipher at password generation phase, and by user cipher, the PKI that the count value that above-mentioned counter produces and above-mentioned public and private key generation unit generate is encrypted rear generating cipher ciphertext and sends to the cryptography processing units 912 of smart mobile phone 900 together, in the password authentification stage for parsing count value from the following second password ciphertext of sending of smart mobile phone 900 and the count value that this count value parsing and the first counter 811 are stored being compared, only count value comparison by the situation that just the second password ciphertext is carried out to password authentification,
First network escape way 814, for carrying out transfer of data between background system 800 and smart mobile phone 900.
Smart mobile phone 900 possesses:
The second counter 911, storage is from the count value of described background system 800;
Cryptography processing units 912, receive the first password ciphertext of coming from the encryption and decryption module transmission of described background system 800 and first password ciphertext and PKI are transferred to wearable device 900 at password generation phase, in the password authentification stage, the count value that the second counter 911 is stored sends to wearable device 900 and receives the second following password ciphertext of returning from described wearable device 920, and described the second password ciphertext (also can comprise user name together) is sent to background system 800;
Second network escape way 913, for carrying out transfer of data (in fact second network escape way 913 and first network escape way 814 are two-way secure transmission tunnels) between background system 800 and smart mobile phone 900;
Described wearable device 920 possesses:
Memory module 921, is used for storing at password generation phase the password ciphertext and the PKI that send from smart mobile phone 900; And
Encryption and decryption module 922, generates the second password ciphertext together with the password ciphertext PKI that the count value of the cryptography processing units from described smart mobile phone 900 912 being sent in the password authentification stage has been stored with described memory module 921.
The security password input method of utilizing the cipher safety system for mobile device of the 3rd embodiment to realize is also similar with above-mentioned embodiment, also has two processes: password setting up procedure and process of user login.
Password setting procedure is:
(1) in the time that user uses smart mobile phone 900 to register, on website, input after user name and login password, password generates first password ciphertext by the encryption and decryption module 813 of background system 800 based on key, and generate at random a count value by the first counter 811 of background system 800, synthetic to this count value, PKI and first password ciphertext data are sent to the cryptography processing units 912 of smart mobile phone 900 through first network escape way 814, second network escape way 913;
(2) cryptography processing units 912 is received after data, count value is stored in the second counter 911, again by the modes such as prompt tone point out user by wearable device 920 near smart mobile phone 900, the PKI of receiving from above-mentioned background system 800 and first password ciphertext are connect to the memory module 921 that mode sends wearable device 900 to and are stored via NFC etc. is non-.
Process of user login flow process is:
(1) when user logins will input password time on smart mobile phone 900, by the modes such as prompt tone point out user by wearable device 920 near smart mobile phone 900, cryptography processing units 912 by the count value of the second counter 911 by the non-encrypting and decrypting module 912 that connects mode and send to wearable device 900 such as NFC;
(2) PKI of the encryption and decryption module 912 of wearable device 900 based on preserving before and the count value of receiving, generate a new password ciphertext, i.e. the second password ciphertext, then, by the non-cryptography processing units 912 of mode transmission meeting to smart mobile phone 900 that connect such as NFC, now cryptography processing units 912 makes the count value of the second counter 911 add 1, and has inputted with mode prompt cipher such as prompt tones;
(3) login application obtains the second password ciphertext by cryptography processing units 913, and together with user name by second network escape way 913 and first network escape way 814, be transferred to background system 800;
(4) background system 800 uses the private key of public and private key generation unit 812 to resolve the second password ciphertext, and the count value of the first counter of the count value extracting and background system 800 is compared, and whether no matter compare successfully, backstage counter all adds 1. Comparison is being decrypted with authentication password the second password ciphertext extracting after passing through, and password authentification is passed through, and user identity login process completes.
In this course, user only need, by wearable device 920 near smart mobile phone 900, can complete login, is simple and easy to use. In security, because the each password ciphertext generating of wearable device 920 is all dynamically to generate, once effective, cannot be replicated use. In addition,, after wearable device 920 is lost, due to storage is password ciphertext, stealer also cannot get actual password, meanwhile, stealer's oneself mobile phone, also owing to lacking count value, passes through the authentication of background system 900 after cannot coordinating with wearable device 920; In like manner, if user's smart mobile phone 900 device losses, due to the password ciphertext on disappearance wearable device 900, also cannot complete the authentication that makes backstage completing user. In addition, add in network transmission process it is all ciphertext form, stealer also cannot obtain password by network monitoring, the mode such as crack, and these modes have all promoted the security of user cipher greatly, have improved the safeguard protection to user identity login. Certainly, after having lost equipment, also want to continue use, user can other security mechanisms and backstage synchronisation counter or is regenerated a password ciphertext, does not describe in detail at this.
In sum, of the present invention for the cipher safety system of mobile device and for the cipher safety inputting method of mobile device, by utilizing for example wearing equipment of another mobile device to replace human brain to store password, without memory cipher, very complicated password combination can be set thus, improve the difficulty that password is cracked, greatly promoted user's experience. And, in the transmission of password, be all to adopt password ciphertext form, can effectively prevent from maliciously not stolen, can improve the security that password uses.
Upper example has mainly illustrated of the present invention for the cipher safety system of mobile device and for the cipher safety inputting method of mobile device. Although only some of them the specific embodiment of the present invention is described, those of ordinary skill in the art should understand, and the present invention can implement not departing from its purport and scope with many other forms. Therefore, the example of showing and embodiment are regarded as illustrative and not restrictive, and in the situation that not departing from spirit of the present invention as defined in appended each claim and scope, the present invention may be contained various amendments and replacement.
Claims (17)
1. for a cipher safety system for mobile device, it is characterized in that, possess:
Safety means, are used for obtaining password and according to being transferred to the first following mobile device after this password generating cipher ciphertext, are used for verifying the password ciphertext of sending from the first following mobile device in the password authentification stage at password generation phase;
The first mobile device,, be used for reading password ciphertext and sending to described safety means from the second following mobile device in the password authentification stage for receiving the password ciphertext generating and be transferred to the second following mobile device from described safety means at password generation phase;
The second mobile device, for storing the password ciphertext receiving from described the first mobile device, is used for providing to described the first mobile device the password ciphertext of storage at password generation phase in the password authentification stage.
2. the cipher safety system for mobile device as claimed in claim 1, is characterized in that,
Described safety means are as the part of described the first mobile device and form.
3. the cipher safety system for mobile device as claimed in claim 1, is characterized in that,
Described safety means are cloud equipment or safe unit.
4. the cipher safety system for mobile device as described in claim 1~3 any one, is characterized in that,
Described the first mobile device is smart mobile phone or panel computer, and described the second mobile device is wearing equipment.
5. for a cipher safety system for mobile device, it is characterized in that, possess:
Safety means, are used for obtaining password and according to being transferred to following the second mobile device after this password generating cipher ciphertext, are used for verifying the password ciphertext of sending from the first following mobile device in the password authentification stage at password generation phase;
The first mobile device, was used for reading password ciphertext and sending to described safety means from the second following mobile device in the password authentification stage;
The second mobile device, for storing the password ciphertext receiving from described safety means, is used for providing to described the first mobile device the password ciphertext of storage at password generation phase in the password authentification stage.
6. the cipher safety system for mobile device as claimed in claim 5, is characterized in that,
Described safety means form as the part in described the first mobile device.
7. the cipher safety system for mobile device as claimed in claim 6, is characterized in that,
Described safety means possess:
Interactive interface module, for obtaining the original password of user's input;
Trusted storage module, for storing described original password;
Encryption and decryption module,, is used for being decrypted and verifying from the password ciphertext of following code data generation module extraction in the password authentification stage for according to original password generating cipher ciphertext at password generation phase;
Code data generation module,, is used for from extracting password ciphertext from the code data of following the second mobile device in the password authentification stage for according to described password ciphertext generating cipher data at password generation phase;
First information receiver module, for carrying out data interaction between described safety means and described the first mobile device and/or between described safety means and described the second mobile device,
Described the second mobile device possesses:
Memory module, is used for storing at password generation phase the described code data sending from security module;
Code data display module, is used for showing in the password authentification stage the described code data of being stored by described memory module,
Described the first mobile device possesses:
Code data read module, the code data of showing for reading described code data display module;
The second information receiving module, for carrying out data interaction between described the first mobile device and described safety means and/or between described the first mobile device and described the second mobile device.
8. the cipher safety system for mobile device as claimed in claim 7, is characterized in that,
Described code data generation module is two-dimensional code generation module,
Described two-dimensional code generation module, is used for from extracting Quick Response Code from the code data of the second mobile device in the password authentification stage for generating Quick Response Code according to described password ciphertext at password generation phase,
Described code data display module is Quick Response Code display module,
Described Quick Response Code display module is used for showing the Quick Response Code as the code data of being stored by described memory module in the password authentification stage,
Described code data read module is camera, the Quick Response Code that described camera is shown for reading described Quick Response Code display module.
9. the cipher safety system for mobile device as claimed in claim 7, is characterized in that, described code data generation module is that bar code generates module,
Described bar code generates module and is used for generating bar code according to described password ciphertext at password generation phase, is used for from extracting bar code from the code data of the second mobile device in the password authentification stage,
Described code data display module is bar code display module,
Described bar code display module is used for showing the bar code as the code data of being stored by described memory module in the password authentification stage,
Described code data read module is camera, the bar code that described camera is shown for reading described bar code display module.
10. the cipher safety system for mobile device as described in claim 5~9 any one, is characterized in that,
Described the first mobile device is smart mobile phone or panel computer, and described the second mobile device is wearable device,
Described safety means are as the part of described smart mobile phone and be arranged in the TEEI of described smart mobile phone.
11. cipher safety systems for mobile device as claimed in claim 10, is characterized in that,
Data between described safety means and described the second mobile device transmit reliable existing by non-connection.
12. 1 kinds of cipher safety inputting methods for mobile device, the method utilizes safety means, the first mobile device and the second mobile device to realize, and it is characterized in that, comprises the steps:
Password generates step, and safety means obtain password and will after this password encryption generating cipher ciphertext, are transferred to the second mobile device or are directly sent to the second mobile device by the first mobile device;
Password storing step, the second mobile device is stored described password ciphertext;
Password Input step, when user inputs password at needs, the second mobile device is shown password ciphertext to the first mobile device, is obtained password ciphertext and is sent to safety means by the first mobile device;
Password authentification step, safety means are by the password the password decrypt ciphertext of sending from the first mobile device checking deciphering.
13. cipher safety inputting methods for mobile device as claimed in claim 12, is characterized in that,
Data between described safety means and described the second mobile device transmit reliable existing by non-connection.
14. cipher safety inputting methods for mobile device as claimed in claim 12, is characterized in that,
Described password ciphertext adopts Quick Response Code or bar code.
15. 1 kinds of cipher safety systems for mobile device comprise, it is characterized in that, comprising: background system, the first mobile device and the second mobile device,
Wherein, background system possesses:
The first counter, counts for generation of count value and to count value comparison number of times;
Public and private key generation unit, for generating PKI and private key;
Encryption and decryption module, at password generation phase, be used for obtaining user cipher, and by user cipher, the PKI that the count value that above-mentioned the first counter produces and above-mentioned public and private key generation unit generate is encrypted together rear generating cipher ciphertext and is sent to the first mobile device, in the password authentification stage, parse count value and the count value of this count value parsing and described the first counter storage is compared for the following second password ciphertext of sending from the first mobile device, only count value comparison by the situation that just the second password ciphertext is carried out to password authentification,
First network escape way, for carry out transfer of data between background system and the first mobile device,
The first mobile device possesses:
The second counter, storage is from the count value of background system;
Cryptography processing units, at password generation phase, receive the first password ciphertext of coming from described background system transmission and first password ciphertext and PKI are transferred to the second mobile device, in the password authentification stage, the count value that described the second counter is stored sends to the second mobile device and receives the second following password ciphertext of returning from described the second mobile device, and described the second password ciphertext is sent to background system;
Second network escape way, for carrying out transfer of data between background system and the first mobile device;
Described the second mobile device possesses:
Memory module, is used for storing at password generation phase the password ciphertext and the PKI that send from the first mobile device; And
Encryption and decryption module, generates the second password ciphertext together with the password ciphertext PKI of the count value of sending from described the first mobile device having been stored with described memory module in the password authentification stage.
16. cipher safety systems for mobile device as claimed in claim 15, is characterized in that,
Described the first mobile device is smart mobile phone or panel computer, and described the second mobile device is wearable device.
17. cipher safety systems for mobile device as claimed in claim 16, is characterized in that,
Between described the first mobile device and described the second mobile device, carry out communication by the non-mode that connects.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510616410.3A CN105592056A (en) | 2015-09-24 | 2015-09-24 | Password safety system for mobile device and password safety input method thereof |
| PCT/CN2016/098824 WO2017050152A1 (en) | 2015-09-24 | 2016-09-13 | Password security system adopted by mobile apparatus and secure password entering method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510616410.3A CN105592056A (en) | 2015-09-24 | 2015-09-24 | Password safety system for mobile device and password safety input method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105592056A true CN105592056A (en) | 2016-05-18 |
Family
ID=55931273
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510616410.3A Pending CN105592056A (en) | 2015-09-24 | 2015-09-24 | Password safety system for mobile device and password safety input method thereof |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105592056A (en) |
| WO (1) | WO2017050152A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106066965A (en) * | 2016-05-30 | 2016-11-02 | 宇龙计算机通信科技(深圳)有限公司 | Encryption method, encryption device and terminal |
| WO2017050152A1 (en) * | 2015-09-24 | 2017-03-30 | 中国银联股份有限公司 | Password security system adopted by mobile apparatus and secure password entering method thereof |
| CN108062467A (en) * | 2017-12-16 | 2018-05-22 | 深圳市飞马国际供应链股份有限公司 | Quick verification method, equipment and system based on bluetooth |
| CN111159696A (en) * | 2019-12-31 | 2020-05-15 | 中国银行股份有限公司 | Password storage and checking method, system and password management system |
| CN113792276A (en) * | 2021-11-11 | 2021-12-14 | 麒麟软件有限公司 | Operating system user identity authentication method and system based on dual-architecture |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102054146A (en) * | 2009-11-06 | 2011-05-11 | 深圳市研祥通讯终端技术有限公司 | Power on password protection method and device |
| CN103049686A (en) * | 2011-10-11 | 2013-04-17 | 镇江精英软件科技有限公司 | Method for verifying information of database and user through universal serial bus (Usb) key |
| CN104092550A (en) * | 2014-07-23 | 2014-10-08 | 三星电子(中国)研发中心 | Password protection method, system and device |
| CN104484596A (en) * | 2015-01-07 | 2015-04-01 | 宇龙计算机通信科技(深圳)有限公司 | Method and terminal for creating password in multi-operation system |
| CN104834863A (en) * | 2015-03-31 | 2015-08-12 | 努比亚技术有限公司 | Wi-Fi password storage method and apparatus |
| CN104883686A (en) * | 2015-05-28 | 2015-09-02 | 中国工商银行股份有限公司 | Mobile terminal safety certificate method, device, system and wearable equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101997678A (en) * | 2010-11-18 | 2011-03-30 | 东莞宇龙通信科技有限公司 | Password acquisition method and terminal |
| CN103237305B (en) * | 2013-03-27 | 2016-06-08 | 公安部第三研究所 | Password protection method for smart card on facing moving terminal |
| CN204046622U (en) * | 2014-06-09 | 2014-12-24 | 北京石盾科技有限公司 | A kind of cipher key storage device |
| CN105592056A (en) * | 2015-09-24 | 2016-05-18 | 中国银联股份有限公司 | Password safety system for mobile device and password safety input method thereof |
-
2015
- 2015-09-24 CN CN201510616410.3A patent/CN105592056A/en active Pending
-
2016
- 2016-09-13 WO PCT/CN2016/098824 patent/WO2017050152A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102054146A (en) * | 2009-11-06 | 2011-05-11 | 深圳市研祥通讯终端技术有限公司 | Power on password protection method and device |
| CN103049686A (en) * | 2011-10-11 | 2013-04-17 | 镇江精英软件科技有限公司 | Method for verifying information of database and user through universal serial bus (Usb) key |
| CN104092550A (en) * | 2014-07-23 | 2014-10-08 | 三星电子(中国)研发中心 | Password protection method, system and device |
| CN104484596A (en) * | 2015-01-07 | 2015-04-01 | 宇龙计算机通信科技(深圳)有限公司 | Method and terminal for creating password in multi-operation system |
| CN104834863A (en) * | 2015-03-31 | 2015-08-12 | 努比亚技术有限公司 | Wi-Fi password storage method and apparatus |
| CN104883686A (en) * | 2015-05-28 | 2015-09-02 | 中国工商银行股份有限公司 | Mobile terminal safety certificate method, device, system and wearable equipment |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017050152A1 (en) * | 2015-09-24 | 2017-03-30 | 中国银联股份有限公司 | Password security system adopted by mobile apparatus and secure password entering method thereof |
| CN106066965A (en) * | 2016-05-30 | 2016-11-02 | 宇龙计算机通信科技(深圳)有限公司 | Encryption method, encryption device and terminal |
| CN106066965B (en) * | 2016-05-30 | 2020-03-17 | 宇龙计算机通信科技(深圳)有限公司 | Encryption method, encryption device and encryption system |
| CN108062467A (en) * | 2017-12-16 | 2018-05-22 | 深圳市飞马国际供应链股份有限公司 | Quick verification method, equipment and system based on bluetooth |
| CN111159696A (en) * | 2019-12-31 | 2020-05-15 | 中国银行股份有限公司 | Password storage and checking method, system and password management system |
| CN113792276A (en) * | 2021-11-11 | 2021-12-14 | 麒麟软件有限公司 | Operating system user identity authentication method and system based on dual-architecture |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017050152A1 (en) | 2017-03-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2021203184B2 (en) | Transaction messaging | |
| ES2687191T3 (en) | Network authentication method for secure electronic transactions | |
| CN111079128B (en) | Data processing method and device, electronic equipment and storage medium | |
| JP6399382B2 (en) | Authentication system | |
| US20170063827A1 (en) | Data obfuscation method and service using unique seeds | |
| CN111615105B (en) | Information providing and acquiring method, device and terminal | |
| CN103415008A (en) | Encryption communication method and encryption communication system | |
| EP3662430B1 (en) | System and method for authenticating a transaction | |
| JP2012530311A5 (en) | ||
| CA3178204A1 (en) | Secure messaging between cryptographic hardware modules | |
| CN105592056A (en) | Password safety system for mobile device and password safety input method thereof | |
| WO2015065249A1 (en) | Method and system for protecting information against unauthorized use (variants) | |
| CN102945526A (en) | Device and method for improving online payment security of mobile equipment | |
| CN104462949A (en) | Method and device for calling plug-in | |
| CN108401494B (en) | Method and system for transmitting data | |
| GB2522445A (en) | Secure mobile wireless communications platform | |
| CN104955029A (en) | Address book protection method, address book protection device and communication system | |
| CN105162592B (en) | A kind of method and system of certification wearable device | |
| CN107733936A (en) | A kind of encryption method of mobile data | |
| CN106416120A (en) | Management of cryptographic keys | |
| CN106789076B (en) | Interaction method and device for server and intelligent equipment | |
| CN106372557B (en) | Certificate card information acquisition method, device and system | |
| CN103929743B (en) | A kind of encryption method to mobile intelligent terminal transmission data | |
| CN103514540A (en) | USBKEY business realization method and system | |
| KR101146509B1 (en) | Internet banking transaction system and the method that use maintenance of public security card to be mobile |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination |