CN105871546A - Verification method combining static password and dynamic password and terminal equipment - Google Patents
Verification method combining static password and dynamic password and terminal equipment Download PDFInfo
- Publication number
- CN105871546A CN105871546A CN201610392886.8A CN201610392886A CN105871546A CN 105871546 A CN105871546 A CN 105871546A CN 201610392886 A CN201610392886 A CN 201610392886A CN 105871546 A CN105871546 A CN 105871546A
- Authority
- CN
- China
- Prior art keywords
- password
- dynamic password
- static
- dynamic
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention relates to a dynamic password verification method, which is characterized in that a password input by a user includes two parts of characters including static characters and dynamic characters; a dynamic password calculation method is appointed by the user in advance during account creating or setting; the calculation method uses variable data such as use date to obtain the dynamic password used for verification through single conversion; when password verification is needed, the user inputs the static password and the dynamic password obtained through simple calculation on the terminal equipment or the client software interface; or a character string obtained by using the dynamic password and the static password is used for submitting the verification; the terminal equipment or the client software decomposes the obtained input into the static password and the dynamic password character strings, or the dynamic password is used for decrypting the input character string to obtain the static password; a server compares the received encrypted static password with the prestored user password; if required, the received dynamic password is compared with the character string obtained according to the identical algorithm; whether the verification can be passed or not is judged.
Description
Technical field
The present invention relates to a kind of method of password authentication and corresponding terminal unit, it is adaptable to software client or operating system log in and fiscard disappears
Expense etc. needs the application of code authentication.
Background technology
Generally we use fixing static password when logging in software account or use bank card.If static password is illegally accessed and malice just uses
Huge loss can be caused.Currently used bank card can be suitable by replicating magnetic stripe, snooping password and refitted vehicles POS record magnetic stripe and button
Sequence is decoded and steals brush.Dynamic password is the scheme of the safety promoting system further, and traditional dynamic password relies on extra scrambler etc. independently to set
Standby or through approach transmission such as SMSs, independent encryption device is relatively costly, and short message password still has the risk intercepted and captured by Trojan software.
Summary of the invention
The technical problem to be solved is the cryptographic system of the safety designing a kind of low cost.
Technical scheme provided by the present invention is: use the scheme that static password is combined with dynamic password, and dynamic password uses between user and authentication
The character that numeral in consentient variable data, such as current time of day and this dealing money and current page ad-hoc location show, passes through
The simple transformation such as four arithmetic operation place-exchange obtain.So advantage of design is that password is easily remembered, dynamic password need not extras, password
Calculating parameter need not transmit between a client and a server because of without being intercepted and captured by illegal software with algorithm;Be combined with static password and make system liter
Level is simple steadily;If the peep of cipher or stolen without worry account by illegal software intercepting and capturing of input during certain checking.
Detailed description of the invention
The dynamic password needs that this programme relates to are assignment algorithm when creating or arranging account, it is provided that multiple computing formula selects for user, such as
(being not limited to) provides the operator between 2 to 3 optional variablees and variable, and each variable can be month, date, time, week
Numeral and former positions of the amount of money of this transaction or the inverted order of above-mentioned several variable, it is also possible to be certain fixed value or current page ad-hoc location
The character of display.If needing to limit the figure place of dynamic password, also setting and blocking or the strategy of cover.Assume certain user setup dynamic password formula
For: the inverted order+32 of current month+current date, current date is 05 month 09 day, then the dynamic password generated is: 05+90+32=127, if
Limit Password Length as 2 and take latter two, then password position 27.
The password of user's input is combined into by static password and dynamic password.Static password can be unified with whole system with the built-up sequence of dynamic password
Regulation, it is also possible to set by user oneself.The 2nd 3rd of such as password is dynamic password;Or first 6 is static password, latter 2 are
State password.The static password assuming user is 123456, and this dynamic password to be used of concluding the business is 78, and the front two of agreement password is the closeest
Code, then the password of this secondary input is 78123456.
When needing to verify password, user inputs static password and the dynamic password formed through simple computation on terminal unit or client software interface
Combining characters string, submit to checking;The input of acquisition is divided into static password character string and dynamic password character string also by terminal unit or client software
It is sent to server authentication respectively after encryption;Server receive encryption static password with the user cipher comparison pre-saved, the encryption received
Dynamic password follows the character string comparison drawn according to identical algorithms, only this two strings password to be all consistent just can be by checking.
User can also use and use dynamic password to obtain the password string of this secondary input as the method for key encryption static password, this AES by
Arranging during user setup account, the general algorithm using step-by-step superposition etc. to be easy to mental arithmetic, terminal unit or client software are transported according to the inverse of AES
Calculate deciphering and obtain the static password of server authentication to be sent to.Such as static password is 123456, and this dynamic password used is 21, and encryption is calculated
Method be the password that every two superposition dynamic passwords then input be 123456+212121=335577, client subtracts 212121 335577 and obtains
123456 conventionally send server authentication.
Claims (8)
1. a dynamic password authentication method, it is characterised in that the password of user's input comprises static and dynamic two parts character, Yong Hu
Create or arrange account's current events and first arrange the computational methods that a few positions of password are dynamic password and dynamic password, these computational methods
The numeral that uses between user and authentication in consentient variable data, such as current time of day and this dealing money or work as
The character of ad-hoc location on the front page, the dynamic password used when the simple transformation such as four arithmetic operation place-exchange are verified;
When needing to verify password, user inputs static password and through simple computation formation on terminal unit or client software interface
Dynamic password, submits checking to;The input of acquisition is divided into static password character string and dynamic password by terminal unit or client software
It is sent to server authentication after character string respectively encryption;Server is close with the user pre-saved the encryption static password received
Code comparison, follows the character string comparison drawn according to identical algorithms, only this two strings password to be all consistent the encryption dynamic password received
Just can be by checking.
2. the dynamic password authentication method as described in claim 1, it is characterised in that as a kind of reduction procedure, dynamic password is not
Through encrypting step.
3. using a bank card POS machine for dynamic password authentication method described in claim 1 or 2, it is characterized in that can be disposable
Input static password and the combining characters string of dynamic password, and isolate dynamic password part and static password part, according to service
The security requirements of device side uploads the message data of two passwords of checking.
4. use a bank card POS machine for dynamic password authentication method described in claim 1 or 2, it is characterized in that first inputting
Static password or dynamic password character string, upload checking data according to the security requirements of server side, then according to server side
Further requirement in response message, it is desirable to user inputs another password and uploads checking.
5. one kind uses the software client of dynamic password authentication method login described in claim 1 or 2, Web page or operation system
System.
6. a dynamic password authentication method, it is characterised in that the password of user's input is close with dynamic password for the static state that key is encrypted
Code, user is creating or is arranging account's current events and first arrange source and arrangement, the computational methods of conversion of dynamic password, arranging simultaneously
Dynamic password is used to use consentient change between user and authentication as the algorithm of key simple encryption static password, this source
Numeral in amount data, such as current time of day and this dealing money or the display character of current page ad-hoc location, pass through
The dynamic password used when the simple transformation of the computational methods of definition is verified;When needing to verify password, user is at terminal unit
Or input, through the static password of the simple encryption using dynamic password as key, submits checking on client software interface;Terminal
The input obtained is utilized the dynamic password obtaining this transaction use according to usersaccount information in advance to make by equipment or client software
It is sent to server authentication after encrypting according to the security requirements of server software after obtaining static password character string for secret key decryption;Clothes
Business device is consistent, with the user cipher ciphertext comparison pre-saved, such as two string passwords, the static password ciphertext received then by checking.
7. use a bank card POS machine for dynamic password authentication method described in claim 6, it is characterized in that obtaining when swiping the card being somebody's turn to do
The dynamic password that this transaction of user is to be used, during checking password, the password deciphering to user's input obtains static password character string,
And upload checking data according to the security requirements of server side.
8. one kind uses software client, Web page or the operating system that dynamic password authentication method described in claim 6 logs in.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610392886.8A CN105871546A (en) | 2016-05-24 | 2016-05-24 | Verification method combining static password and dynamic password and terminal equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610392886.8A CN105871546A (en) | 2016-05-24 | 2016-05-24 | Verification method combining static password and dynamic password and terminal equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105871546A true CN105871546A (en) | 2016-08-17 |
Family
ID=56676853
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610392886.8A Pending CN105871546A (en) | 2016-05-24 | 2016-05-24 | Verification method combining static password and dynamic password and terminal equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105871546A (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106341229A (en) * | 2016-11-03 | 2017-01-18 | 北京挖玖电子商务有限公司 | Client and method therefor |
CN107292161A (en) * | 2017-06-27 | 2017-10-24 | 姚新波 | A kind of composing method of variable fingerprint digital dynamic password |
CN108279589A (en) * | 2017-12-11 | 2018-07-13 | 广州朔月电子科技有限公司 | A kind of programmed method, system and the device of heat pump liquid-crystal controller |
CN108462571A (en) * | 2017-02-20 | 2018-08-28 | 申彦伦 | A method of generating Crypted password using dynamic digital |
CN110048834A (en) * | 2019-03-12 | 2019-07-23 | 深圳壹账通智能科技有限公司 | Dynamic password sending method, device and computer readable storage medium |
CN110837628A (en) * | 2018-08-16 | 2020-02-25 | 比亚迪股份有限公司 | Encryption and decryption method and device for terminal equipment, computer equipment and storage medium |
CN111028392A (en) * | 2019-12-23 | 2020-04-17 | 安智技术服务(深圳)有限公司 | Combined password verification method, hardware terminal and password system |
CN111415734A (en) * | 2020-03-20 | 2020-07-14 | 四川南格尔生物科技有限公司 | Service life management method of active medical instrument |
CN112330855A (en) * | 2020-10-15 | 2021-02-05 | 成都市以太节点科技有限公司 | Electronic lock safety management method, equipment and system |
CN112455384A (en) * | 2020-12-01 | 2021-03-09 | 株洲齿轮有限责任公司 | Unlocking method for electrically controlled clutch of manually shifted vehicle |
CN112769543A (en) * | 2019-10-21 | 2021-05-07 | 千寻位置网络有限公司 | Method and system for protecting dynamic secret key |
CN115242450A (en) * | 2022-06-23 | 2022-10-25 | 北卡科技有限公司 | Password data input method, device and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101425118A (en) * | 2007-10-28 | 2009-05-06 | 徐强 | Dynamic password generating method |
CN101166091B (en) * | 2006-10-19 | 2010-08-11 | 阿里巴巴集团控股有限公司 | A dynamic password authentication method and service end system |
CN101800644A (en) * | 2010-01-11 | 2010-08-11 | 上海众烁信息科技有限公司 | Computer security protection system and method based on dynamic countersign |
CN103268669A (en) * | 2013-05-20 | 2013-08-28 | 广州广电运通金融电子股份有限公司 | Password input system and input method for self-service financial device |
CN103607274A (en) * | 2013-10-22 | 2014-02-26 | 周灿旭 | Method adopting static passwords as source to generate dynamic passwords |
CN105337729A (en) * | 2015-11-19 | 2016-02-17 | 广东欧珀移动通信有限公司 | Encryption method and device of mobile terminal and mobile terminal |
-
2016
- 2016-05-24 CN CN201610392886.8A patent/CN105871546A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101166091B (en) * | 2006-10-19 | 2010-08-11 | 阿里巴巴集团控股有限公司 | A dynamic password authentication method and service end system |
CN101425118A (en) * | 2007-10-28 | 2009-05-06 | 徐强 | Dynamic password generating method |
CN101800644A (en) * | 2010-01-11 | 2010-08-11 | 上海众烁信息科技有限公司 | Computer security protection system and method based on dynamic countersign |
CN103268669A (en) * | 2013-05-20 | 2013-08-28 | 广州广电运通金融电子股份有限公司 | Password input system and input method for self-service financial device |
CN103607274A (en) * | 2013-10-22 | 2014-02-26 | 周灿旭 | Method adopting static passwords as source to generate dynamic passwords |
CN105337729A (en) * | 2015-11-19 | 2016-02-17 | 广东欧珀移动通信有限公司 | Encryption method and device of mobile terminal and mobile terminal |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106341229A (en) * | 2016-11-03 | 2017-01-18 | 北京挖玖电子商务有限公司 | Client and method therefor |
CN108462571B (en) * | 2017-02-20 | 2020-10-02 | 申彦伦 | Method for generating encrypted password by using dynamic number |
CN108462571A (en) * | 2017-02-20 | 2018-08-28 | 申彦伦 | A method of generating Crypted password using dynamic digital |
CN107292161A (en) * | 2017-06-27 | 2017-10-24 | 姚新波 | A kind of composing method of variable fingerprint digital dynamic password |
CN108279589A (en) * | 2017-12-11 | 2018-07-13 | 广州朔月电子科技有限公司 | A kind of programmed method, system and the device of heat pump liquid-crystal controller |
CN110837628A (en) * | 2018-08-16 | 2020-02-25 | 比亚迪股份有限公司 | Encryption and decryption method and device for terminal equipment, computer equipment and storage medium |
CN110048834A (en) * | 2019-03-12 | 2019-07-23 | 深圳壹账通智能科技有限公司 | Dynamic password sending method, device and computer readable storage medium |
CN112769543A (en) * | 2019-10-21 | 2021-05-07 | 千寻位置网络有限公司 | Method and system for protecting dynamic secret key |
CN112769543B (en) * | 2019-10-21 | 2022-06-28 | 千寻位置网络有限公司 | Method and system for protecting dynamic secret key |
CN111028392A (en) * | 2019-12-23 | 2020-04-17 | 安智技术服务(深圳)有限公司 | Combined password verification method, hardware terminal and password system |
CN111415734A (en) * | 2020-03-20 | 2020-07-14 | 四川南格尔生物科技有限公司 | Service life management method of active medical instrument |
CN112330855A (en) * | 2020-10-15 | 2021-02-05 | 成都市以太节点科技有限公司 | Electronic lock safety management method, equipment and system |
CN112330855B (en) * | 2020-10-15 | 2022-06-28 | 成都市以太节点科技有限公司 | Electronic lock safety management method, equipment and system |
CN112455384A (en) * | 2020-12-01 | 2021-03-09 | 株洲齿轮有限责任公司 | Unlocking method for electrically controlled clutch of manually shifted vehicle |
CN115242450A (en) * | 2022-06-23 | 2022-10-25 | 北卡科技有限公司 | Password data input method, device and storage medium |
CN115242450B (en) * | 2022-06-23 | 2024-05-10 | 北卡科技有限公司 | Password data input method, device and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105871546A (en) | Verification method combining static password and dynamic password and terminal equipment | |
US10305688B2 (en) | Method, apparatus, and system for cloud-based encryption machine key injection | |
EP4027576B1 (en) | Efficient methods for protecting identity in authenticated transmissions | |
US20180144114A1 (en) | Securing Blockchain Transactions Against Cyberattacks | |
CN104322003B (en) | Cryptographic authentication and identification method using real-time encryption | |
CN107733933B (en) | Method and system for double-factor identity authentication based on biological recognition technology | |
WO2012014231A1 (en) | System and method for generating a strong multi factor personalized server key from a simple user password | |
CN1689297A (en) | Method of preventing unauthorized distribution and use of electronic keys using a key seed | |
WO2018133674A1 (en) | Method of verifying and feeding back bank payment permission authentication information | |
CN103246850A (en) | Method and device for processing file | |
CN101662469A (en) | Method and system based on USBKey online banking trade information authentication | |
CN105959108A (en) | Method, device and system for encrypting and decrypting cloud payment limiting secret key | |
CN106936588A (en) | A kind of trustship method, the apparatus and system of hardware controls lock | |
JP2019525691A (en) | Permission granting method and system for acquiring terminal attack warning message log | |
CN110138548A (en) | Based on unsymmetrical key pond to and DH agreement quantum communications service station cryptographic key negotiation method and system | |
WO2017050152A1 (en) | Password security system adopted by mobile apparatus and secure password entering method thereof | |
CN105612728A (en) | Secured data channel authentication implying a shared secret | |
CN200993803Y (en) | Internet banking system safety terminal | |
CN110098925A (en) | Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system | |
CN108616516A (en) | A kind of third party's plaintext password method of calibration based on multiple encryption algorithms | |
KR20130019929A (en) | How to use certificate by using secure reader | |
CN106911625B (en) | Text processing method, device and system for safe input method | |
CN109660490A (en) | Data processing method, device, system and storage medium | |
KR101800503B1 (en) | Transaction signing and authentication system for multichannel electronic commerce and method thereof | |
Nashwan et al. | Mutual chain authentication protocol for SPAN transactions in Saudi Arabian banking |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160817 |
|
RJ01 | Rejection of invention patent application after publication |