CN105871546A - Verification method combining static password and dynamic password and terminal equipment - Google Patents

Verification method combining static password and dynamic password and terminal equipment Download PDF

Info

Publication number
CN105871546A
CN105871546A CN201610392886.8A CN201610392886A CN105871546A CN 105871546 A CN105871546 A CN 105871546A CN 201610392886 A CN201610392886 A CN 201610392886A CN 105871546 A CN105871546 A CN 105871546A
Authority
CN
China
Prior art keywords
password
dynamic password
static
dynamic
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610392886.8A
Other languages
Chinese (zh)
Inventor
张雪莱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201610392886.8A priority Critical patent/CN105871546A/en
Publication of CN105871546A publication Critical patent/CN105871546A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention relates to a dynamic password verification method, which is characterized in that a password input by a user includes two parts of characters including static characters and dynamic characters; a dynamic password calculation method is appointed by the user in advance during account creating or setting; the calculation method uses variable data such as use date to obtain the dynamic password used for verification through single conversion; when password verification is needed, the user inputs the static password and the dynamic password obtained through simple calculation on the terminal equipment or the client software interface; or a character string obtained by using the dynamic password and the static password is used for submitting the verification; the terminal equipment or the client software decomposes the obtained input into the static password and the dynamic password character strings, or the dynamic password is used for decrypting the input character string to obtain the static password; a server compares the received encrypted static password with the prestored user password; if required, the received dynamic password is compared with the character string obtained according to the identical algorithm; whether the verification can be passed or not is judged.

Description

Verification method that a kind of static password is combined with dynamic password and terminal unit
Technical field
The present invention relates to a kind of method of password authentication and corresponding terminal unit, it is adaptable to software client or operating system log in and fiscard disappears Expense etc. needs the application of code authentication.
Background technology
Generally we use fixing static password when logging in software account or use bank card.If static password is illegally accessed and malice just uses Huge loss can be caused.Currently used bank card can be suitable by replicating magnetic stripe, snooping password and refitted vehicles POS record magnetic stripe and button Sequence is decoded and steals brush.Dynamic password is the scheme of the safety promoting system further, and traditional dynamic password relies on extra scrambler etc. independently to set Standby or through approach transmission such as SMSs, independent encryption device is relatively costly, and short message password still has the risk intercepted and captured by Trojan software.
Summary of the invention
The technical problem to be solved is the cryptographic system of the safety designing a kind of low cost.
Technical scheme provided by the present invention is: use the scheme that static password is combined with dynamic password, and dynamic password uses between user and authentication The character that numeral in consentient variable data, such as current time of day and this dealing money and current page ad-hoc location show, passes through The simple transformation such as four arithmetic operation place-exchange obtain.So advantage of design is that password is easily remembered, dynamic password need not extras, password Calculating parameter need not transmit between a client and a server because of without being intercepted and captured by illegal software with algorithm;Be combined with static password and make system liter Level is simple steadily;If the peep of cipher or stolen without worry account by illegal software intercepting and capturing of input during certain checking.
Detailed description of the invention
The dynamic password needs that this programme relates to are assignment algorithm when creating or arranging account, it is provided that multiple computing formula selects for user, such as (being not limited to) provides the operator between 2 to 3 optional variablees and variable, and each variable can be month, date, time, week Numeral and former positions of the amount of money of this transaction or the inverted order of above-mentioned several variable, it is also possible to be certain fixed value or current page ad-hoc location The character of display.If needing to limit the figure place of dynamic password, also setting and blocking or the strategy of cover.Assume certain user setup dynamic password formula For: the inverted order+32 of current month+current date, current date is 05 month 09 day, then the dynamic password generated is: 05+90+32=127, if Limit Password Length as 2 and take latter two, then password position 27.
The password of user's input is combined into by static password and dynamic password.Static password can be unified with whole system with the built-up sequence of dynamic password Regulation, it is also possible to set by user oneself.The 2nd 3rd of such as password is dynamic password;Or first 6 is static password, latter 2 are State password.The static password assuming user is 123456, and this dynamic password to be used of concluding the business is 78, and the front two of agreement password is the closeest Code, then the password of this secondary input is 78123456.
When needing to verify password, user inputs static password and the dynamic password formed through simple computation on terminal unit or client software interface Combining characters string, submit to checking;The input of acquisition is divided into static password character string and dynamic password character string also by terminal unit or client software It is sent to server authentication respectively after encryption;Server receive encryption static password with the user cipher comparison pre-saved, the encryption received Dynamic password follows the character string comparison drawn according to identical algorithms, only this two strings password to be all consistent just can be by checking.
User can also use and use dynamic password to obtain the password string of this secondary input as the method for key encryption static password, this AES by Arranging during user setup account, the general algorithm using step-by-step superposition etc. to be easy to mental arithmetic, terminal unit or client software are transported according to the inverse of AES Calculate deciphering and obtain the static password of server authentication to be sent to.Such as static password is 123456, and this dynamic password used is 21, and encryption is calculated Method be the password that every two superposition dynamic passwords then input be 123456+212121=335577, client subtracts 212121 335577 and obtains 123456 conventionally send server authentication.

Claims (8)

1. a dynamic password authentication method, it is characterised in that the password of user's input comprises static and dynamic two parts character, Yong Hu Create or arrange account's current events and first arrange the computational methods that a few positions of password are dynamic password and dynamic password, these computational methods The numeral that uses between user and authentication in consentient variable data, such as current time of day and this dealing money or work as The character of ad-hoc location on the front page, the dynamic password used when the simple transformation such as four arithmetic operation place-exchange are verified; When needing to verify password, user inputs static password and through simple computation formation on terminal unit or client software interface Dynamic password, submits checking to;The input of acquisition is divided into static password character string and dynamic password by terminal unit or client software It is sent to server authentication after character string respectively encryption;Server is close with the user pre-saved the encryption static password received Code comparison, follows the character string comparison drawn according to identical algorithms, only this two strings password to be all consistent the encryption dynamic password received Just can be by checking.
2. the dynamic password authentication method as described in claim 1, it is characterised in that as a kind of reduction procedure, dynamic password is not Through encrypting step.
3. using a bank card POS machine for dynamic password authentication method described in claim 1 or 2, it is characterized in that can be disposable Input static password and the combining characters string of dynamic password, and isolate dynamic password part and static password part, according to service The security requirements of device side uploads the message data of two passwords of checking.
4. use a bank card POS machine for dynamic password authentication method described in claim 1 or 2, it is characterized in that first inputting Static password or dynamic password character string, upload checking data according to the security requirements of server side, then according to server side Further requirement in response message, it is desirable to user inputs another password and uploads checking.
5. one kind uses the software client of dynamic password authentication method login described in claim 1 or 2, Web page or operation system System.
6. a dynamic password authentication method, it is characterised in that the password of user's input is close with dynamic password for the static state that key is encrypted Code, user is creating or is arranging account's current events and first arrange source and arrangement, the computational methods of conversion of dynamic password, arranging simultaneously Dynamic password is used to use consentient change between user and authentication as the algorithm of key simple encryption static password, this source Numeral in amount data, such as current time of day and this dealing money or the display character of current page ad-hoc location, pass through The dynamic password used when the simple transformation of the computational methods of definition is verified;When needing to verify password, user is at terminal unit Or input, through the static password of the simple encryption using dynamic password as key, submits checking on client software interface;Terminal The input obtained is utilized the dynamic password obtaining this transaction use according to usersaccount information in advance to make by equipment or client software It is sent to server authentication after encrypting according to the security requirements of server software after obtaining static password character string for secret key decryption;Clothes Business device is consistent, with the user cipher ciphertext comparison pre-saved, such as two string passwords, the static password ciphertext received then by checking.
7. use a bank card POS machine for dynamic password authentication method described in claim 6, it is characterized in that obtaining when swiping the card being somebody's turn to do The dynamic password that this transaction of user is to be used, during checking password, the password deciphering to user's input obtains static password character string, And upload checking data according to the security requirements of server side.
8. one kind uses software client, Web page or the operating system that dynamic password authentication method described in claim 6 logs in.
CN201610392886.8A 2016-05-24 2016-05-24 Verification method combining static password and dynamic password and terminal equipment Pending CN105871546A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610392886.8A CN105871546A (en) 2016-05-24 2016-05-24 Verification method combining static password and dynamic password and terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610392886.8A CN105871546A (en) 2016-05-24 2016-05-24 Verification method combining static password and dynamic password and terminal equipment

Publications (1)

Publication Number Publication Date
CN105871546A true CN105871546A (en) 2016-08-17

Family

ID=56676853

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610392886.8A Pending CN105871546A (en) 2016-05-24 2016-05-24 Verification method combining static password and dynamic password and terminal equipment

Country Status (1)

Country Link
CN (1) CN105871546A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106341229A (en) * 2016-11-03 2017-01-18 北京挖玖电子商务有限公司 Client and method therefor
CN107292161A (en) * 2017-06-27 2017-10-24 姚新波 A kind of composing method of variable fingerprint digital dynamic password
CN108279589A (en) * 2017-12-11 2018-07-13 广州朔月电子科技有限公司 A kind of programmed method, system and the device of heat pump liquid-crystal controller
CN108462571A (en) * 2017-02-20 2018-08-28 申彦伦 A method of generating Crypted password using dynamic digital
CN110048834A (en) * 2019-03-12 2019-07-23 深圳壹账通智能科技有限公司 Dynamic password sending method, device and computer readable storage medium
CN110837628A (en) * 2018-08-16 2020-02-25 比亚迪股份有限公司 Encryption and decryption method and device for terminal equipment, computer equipment and storage medium
CN111028392A (en) * 2019-12-23 2020-04-17 安智技术服务(深圳)有限公司 Combined password verification method, hardware terminal and password system
CN111415734A (en) * 2020-03-20 2020-07-14 四川南格尔生物科技有限公司 Service life management method of active medical instrument
CN112330855A (en) * 2020-10-15 2021-02-05 成都市以太节点科技有限公司 Electronic lock safety management method, equipment and system
CN112455384A (en) * 2020-12-01 2021-03-09 株洲齿轮有限责任公司 Unlocking method for electrically controlled clutch of manually shifted vehicle
CN112769543A (en) * 2019-10-21 2021-05-07 千寻位置网络有限公司 Method and system for protecting dynamic secret key
CN115242450A (en) * 2022-06-23 2022-10-25 北卡科技有限公司 Password data input method, device and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101425118A (en) * 2007-10-28 2009-05-06 徐强 Dynamic password generating method
CN101166091B (en) * 2006-10-19 2010-08-11 阿里巴巴集团控股有限公司 A dynamic password authentication method and service end system
CN101800644A (en) * 2010-01-11 2010-08-11 上海众烁信息科技有限公司 Computer security protection system and method based on dynamic countersign
CN103268669A (en) * 2013-05-20 2013-08-28 广州广电运通金融电子股份有限公司 Password input system and input method for self-service financial device
CN103607274A (en) * 2013-10-22 2014-02-26 周灿旭 Method adopting static passwords as source to generate dynamic passwords
CN105337729A (en) * 2015-11-19 2016-02-17 广东欧珀移动通信有限公司 Encryption method and device of mobile terminal and mobile terminal

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101166091B (en) * 2006-10-19 2010-08-11 阿里巴巴集团控股有限公司 A dynamic password authentication method and service end system
CN101425118A (en) * 2007-10-28 2009-05-06 徐强 Dynamic password generating method
CN101800644A (en) * 2010-01-11 2010-08-11 上海众烁信息科技有限公司 Computer security protection system and method based on dynamic countersign
CN103268669A (en) * 2013-05-20 2013-08-28 广州广电运通金融电子股份有限公司 Password input system and input method for self-service financial device
CN103607274A (en) * 2013-10-22 2014-02-26 周灿旭 Method adopting static passwords as source to generate dynamic passwords
CN105337729A (en) * 2015-11-19 2016-02-17 广东欧珀移动通信有限公司 Encryption method and device of mobile terminal and mobile terminal

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106341229A (en) * 2016-11-03 2017-01-18 北京挖玖电子商务有限公司 Client and method therefor
CN108462571B (en) * 2017-02-20 2020-10-02 申彦伦 Method for generating encrypted password by using dynamic number
CN108462571A (en) * 2017-02-20 2018-08-28 申彦伦 A method of generating Crypted password using dynamic digital
CN107292161A (en) * 2017-06-27 2017-10-24 姚新波 A kind of composing method of variable fingerprint digital dynamic password
CN108279589A (en) * 2017-12-11 2018-07-13 广州朔月电子科技有限公司 A kind of programmed method, system and the device of heat pump liquid-crystal controller
CN110837628A (en) * 2018-08-16 2020-02-25 比亚迪股份有限公司 Encryption and decryption method and device for terminal equipment, computer equipment and storage medium
CN110048834A (en) * 2019-03-12 2019-07-23 深圳壹账通智能科技有限公司 Dynamic password sending method, device and computer readable storage medium
CN112769543A (en) * 2019-10-21 2021-05-07 千寻位置网络有限公司 Method and system for protecting dynamic secret key
CN112769543B (en) * 2019-10-21 2022-06-28 千寻位置网络有限公司 Method and system for protecting dynamic secret key
CN111028392A (en) * 2019-12-23 2020-04-17 安智技术服务(深圳)有限公司 Combined password verification method, hardware terminal and password system
CN111415734A (en) * 2020-03-20 2020-07-14 四川南格尔生物科技有限公司 Service life management method of active medical instrument
CN112330855A (en) * 2020-10-15 2021-02-05 成都市以太节点科技有限公司 Electronic lock safety management method, equipment and system
CN112330855B (en) * 2020-10-15 2022-06-28 成都市以太节点科技有限公司 Electronic lock safety management method, equipment and system
CN112455384A (en) * 2020-12-01 2021-03-09 株洲齿轮有限责任公司 Unlocking method for electrically controlled clutch of manually shifted vehicle
CN115242450A (en) * 2022-06-23 2022-10-25 北卡科技有限公司 Password data input method, device and storage medium
CN115242450B (en) * 2022-06-23 2024-05-10 北卡科技有限公司 Password data input method, device and storage medium

Similar Documents

Publication Publication Date Title
CN105871546A (en) Verification method combining static password and dynamic password and terminal equipment
US10305688B2 (en) Method, apparatus, and system for cloud-based encryption machine key injection
EP4027576B1 (en) Efficient methods for protecting identity in authenticated transmissions
US20180144114A1 (en) Securing Blockchain Transactions Against Cyberattacks
CN104322003B (en) Cryptographic authentication and identification method using real-time encryption
CN107733933B (en) Method and system for double-factor identity authentication based on biological recognition technology
WO2012014231A1 (en) System and method for generating a strong multi factor personalized server key from a simple user password
CN1689297A (en) Method of preventing unauthorized distribution and use of electronic keys using a key seed
WO2018133674A1 (en) Method of verifying and feeding back bank payment permission authentication information
CN103246850A (en) Method and device for processing file
CN101662469A (en) Method and system based on USBKey online banking trade information authentication
CN105959108A (en) Method, device and system for encrypting and decrypting cloud payment limiting secret key
CN106936588A (en) A kind of trustship method, the apparatus and system of hardware controls lock
JP2019525691A (en) Permission granting method and system for acquiring terminal attack warning message log
CN110138548A (en) Based on unsymmetrical key pond to and DH agreement quantum communications service station cryptographic key negotiation method and system
WO2017050152A1 (en) Password security system adopted by mobile apparatus and secure password entering method thereof
CN105612728A (en) Secured data channel authentication implying a shared secret
CN200993803Y (en) Internet banking system safety terminal
CN110098925A (en) Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system
CN108616516A (en) A kind of third party's plaintext password method of calibration based on multiple encryption algorithms
KR20130019929A (en) How to use certificate by using secure reader
CN106911625B (en) Text processing method, device and system for safe input method
CN109660490A (en) Data processing method, device, system and storage medium
KR101800503B1 (en) Transaction signing and authentication system for multichannel electronic commerce and method thereof
Nashwan et al. Mutual chain authentication protocol for SPAN transactions in Saudi Arabian banking

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20160817

RJ01 Rejection of invention patent application after publication