CN106209803A - One carries out identity authentication method - Google Patents

One carries out identity authentication method Download PDF

Info

Publication number
CN106209803A
CN106209803A CN201610513845.XA CN201610513845A CN106209803A CN 106209803 A CN106209803 A CN 106209803A CN 201610513845 A CN201610513845 A CN 201610513845A CN 106209803 A CN106209803 A CN 106209803A
Authority
CN
China
Prior art keywords
user
password
carries out
identity authentication
background server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610513845.XA
Other languages
Chinese (zh)
Inventor
任松松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengbao Co Ltd
Original Assignee
Hengbao Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengbao Co Ltd filed Critical Hengbao Co Ltd
Priority to CN201610513845.XA priority Critical patent/CN106209803A/en
Publication of CN106209803A publication Critical patent/CN106209803A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

This application discloses one and carry out identity authentication method, relate to information security field, solve the technical problem that during existing password uses, risk is high.The method comprises the following steps: step S1: user carries out identification number register, and the password that user carries out registering includes primary password and high grade cryptosystem;Step S2: the password of background server record user registration;Step S3: when user uses password, background server completes the authentication to user.The application carries out authenticating user identification during paying user.

Description

One carries out identity authentication method
Technical field
The application relates to information security field, is specifically related to one and carries out identity authentication method.
Background technology
In existing process of exchange, except paying in cash, no matter it is off-line cipher or on-line cipher, is all to pass through password Transactional operation such as consuming, transfer accounts just can be carried out after checking.Existing identification authentication mode is all with the side of checking input password Formula is carried out.
But, there is the defect that password is revealed, the once computer of user, mobile phone, flat board in the mode of current input password Peeped by people when of computer, infection virus or input password, will result in the leakage of password so that the account of user exists Security risk.
Application content
The purpose of the application is to provide a kind of identity authentication method, for reducing the security risk of user account.
For reaching above-mentioned purpose, the application one carries out identity authentication method, comprises the following steps:
Step S1: user carries out identification number register, the password that user carries out registering includes primary password and high grade cryptosystem;
Step S2: the password of background server record user registration;
Step S3: when user uses password, background server completes the authentication to user.
Primary password includes one or more in numeral, letter, gesture password.
High grade cryptosystem is the behavioral pattern password of user.
High grade cryptosystem is explicit registration or implicit registration.
The behavioral pattern password of user is determined by precise time determining method or Fuzzy Time determining method.
Step S1 includes following sub-step:
Step S101: user carries out the registration of primary password;
Step S102: user carries out the registration of high grade cryptosystem.
Step S2 includes following sub-step:
Step S201: the primary password of background server record user;
Step S202: the high grade cryptosystem of background server record user.
Step S3 includes following sub-step:
Step S301: user inputs primary password, completes the certification of primary password;
Step S302: background server inputs behavioral pattern during primary password according to user, completes recognizing of high grade cryptosystem Card;
Step S303: user completes authentication, transaction completes.
From above technical scheme, the application uses the mode that primary password and high grade cryptosystem combine so that user During transaction, not only need to verify the correctness of primary password, in addition it is also necessary to the correctness of checking high grade cryptosystem, significantly drop The low account risk of user, has ensured fund and the information security of user.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present application or technical scheme of the prior art, below will be to embodiment or existing In having technology to describe, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is only this Some embodiments described in application, for those of ordinary skill in the art, it is also possible to obtain other according to these accompanying drawings Accompanying drawing.
Fig. 1 is that the application carries out identity authentication method flow chart;
Fig. 2 is the method flow diagram of the application step S1;
Fig. 3 is the method flow diagram of the application step S2;
Fig. 4 is the method flow diagram of the application step S3.
Detailed description of the invention
For the technical scheme making those skilled in the art be more fully understood that in the application, below in conjunction with the embodiment of the present application In accompanying drawing, the technical scheme in the embodiment of the present application is clearly and completely described, it is clear that described embodiment is only It is only some embodiments of the present application rather than whole embodiments.Based on the embodiment in the application, ordinary skill The every other embodiment that personnel are obtained under not making creative work premise, all should belong to the model of the application protection Enclose.
The embodiment of the present application provide one carry out identity authentication method, user can computer, mobile phone, panel computer, Use the application's to carry out identity authentication method in POS or other equipment, it is achieved the raising of the safe class of user account.
Implement one
The present embodiment provides one to carry out identity authentication method, as it is shown in figure 1, the method comprises the following steps:
Step S1: user carries out identification number register, the password that user carries out registering includes primary password and high grade cryptosystem;
Specifically, step S1 includes following sub-step, as shown in Figure 2:
Step S101: user carries out the registration of primary password;
More specifically, primary password includes one or more in numeral, letter, gesture password, such as, primary password can To be simple numeral, letter, gesture password, it is also possible to gesture password is added in the combination being digital, alphabetical.User is all right When carrying out primary identification number register, primary password is bound with user mobile phone number, in order to the follow-up amendment to primary password Safer more convenient with giving for change.
Step S102: user carries out the registration of high grade cryptosystem;
More specifically, when high grade cryptosystem is preferably the behavioral pattern password of user, such as input primary password between button Time interval, owing to behavioral pattern password depends on the behavioural habits of user, therefore, it has higher safety.
Wherein, the logon mode of high grade cryptosystem can be after primary password has been registered in explicit registration, i.e. user, with user Behavioural habits re-enter primary password, and then complete the registration of high grade cryptosystem.
The time interval between button when the behavioral pattern password of user is input primary password, user carries out senior close Code registration time, the decision method of time interval can be precise time criterion or Fuzzy Time criterion.Specifically, when adopting During by precise time criterion, the time interval between button when background server record user inputs primary password, as long as Within rational time error (time error can carry out self-defined according to the use habit of user), it is legal i.e. to regard as Behavioural habits, behavior custom can be used as high grade cryptosystem, is behavioral pattern password.When using Fuzzy Time criterion, The time interval between button when background server record user inputs primary password, i.e. recorded between the time between button Every, as long as the long time paused longer than the time of short pause i.e. regard as legal behavioral pattern background server and can set phase Long dead time of answering, the value of short dead time, long dead time, short dead time can be a numerical value, it is also possible to be one Individual scope.
Step S2: the password of background server record user registration;
Specifically, step S2 includes following sub-step, as shown in Figure 3:
Step S201: the primary password of background server record user;
More specifically, background server is by the one or many in the primary password of user, i.e. numeral, letter, gesture password Kind, it being stored in the corresponding memory element of background server, background server can be the server of corresponding banking system.
Alternatively, background server also records the cell-phone number used when user registers.
Step S202: the high grade cryptosystem of background server record user;
More specifically, the value of the corresponding high grade cryptosystem of background server record, i.e. use precise time criterion or fuzzy The behavioral pattern password of the user that time criterion records, and high grade cryptosystem is stored in corresponding memory element.
Step S3: when user uses password, completes the authentication to user.
Specifically, step S3 includes following sub-step:
Step S301: user inputs primary password, completes the certification of primary password;
More specifically, background server comparison primary password correctness, if correctly, background server completes from primary The certification of password;If incorrect, then user is allowed to carry out certification again in stipulated number (such as, it is stipulated that number of times is 3 times), if The primary password again inputted is correct, then be verified, if when inputting the number of times upper limit, the password of input is the most incorrect, then after Station server locked the account on same day, and user is optional to forget Password, and again gives for change, or second day logs in the most again.
Step S302: background server inputs behavioral pattern during primary password according to user, completes recognizing of high grade cryptosystem Card;
Preferably, when the decision method of time interval selects precise time criterion, such as, input password 123456, Simply enter the time interval between each numeral in the time interval of input with in the threshold value of time error, be correct behavior Pattern password.Such as, time interval is 0.5s, time error 0.2s, if then two phases of the primary password of input in 0.7s Adjacent character keys, until Password Input completes, i.e. regards as correct behavioral pattern password, if time when inputting each numeral Interval more than 0.7s, is then the behavioral pattern password of mistake.
When the decision method of time interval selects Fuzzy Time criterion, such as, input password 123456, inputted It is short dead time 0.2s when journey inputs 123, also for short dead time 0.2s when inputting 456, time when inputting 34 for long pause Between 0.4s, the behavioral pattern password of the behavioural habits of user, i.e. user under server record, when user inputs primary password, if 1234 is short dead time 0.2s, and 56 is short dead time 0.2s, and 45 is long dead time 0.4s, then with the behavioral pattern registered Password is inconsistent, for the behavioral pattern password of mistake.
Alternatively, when user inputs primary password, high grade cryptosystem is compared by background server simultaneously, if correctly, then Transaction completes;If incorrect, then transmission note is to mobile phone, carries out authentication by note, again inputs high grade cryptosystem, behavior When being accustomed to consistent, it is verified, otherwise, authentication failed, the number of times of short message certification, such as, 3 times can be set herein.
Step S303: user completes authentication, transaction completes.
Embodiment two
The present embodiment also provides for one and carries out identity authentication method, and the method comprises the following steps:
Step S1: user carries out identification number register, the password that user carries out registering includes primary password and high grade cryptosystem;
Specifically, step S1 includes following sub-step:
Step S101: user carries out the registration of primary password;
More specifically, primary password includes one or more in numeral, letter, gesture password, wherein, when primary password During for numeral, one or both in letter, in addition it is also necessary to the cell-phone number of user bound, to improve safety.
Step S102: user carries out the registration of high grade cryptosystem;
More specifically, the behavioral pattern password that high grade cryptosystem is user, such as during input primary password between button time Between be spaced.Owing to behavioral pattern password depends on the behavioural habits of user, therefore, it has higher safety.
Wherein, high grade cryptosystem register that can be that implicit registration, i.e. background server default record user input primary close Behavioural habits during code, as corresponding behavioral pattern password.
The time interval between button when the behavioral pattern password of user is input primary password, user carries out senior close Code registration time, the decision method of time interval can be precise time criterion or Fuzzy Time criterion.Specifically, when adopting During by precise time criterion, under background server default record during the primary password of input, the interval between button, as long as closing Between the time error of reason, i.e. regarding as legal behavioural habits, time error therein can be according to the use habit of user Carry out self-defined.When using Fuzzy Time criterion, during the primary password of background server default record input, between button Interval, as long as the long time paused longer than the time of short pause i.e. regards as legal behavioral pattern, background server can set Fixed corresponding long dead time, the value of short dead time, long dead time, short dead time can be a numerical value, it is also possible to It it is a scope.
Step S2: the password of background server record user registration;
Specifically, step S2 includes following sub-step:
Step S201: the primary password of background server record user;
More specifically, terminal is by the group of one or more in the primary password of user, i.e. numeral, letter, gesture password Closing, be stored in the corresponding memory element of background server, background server is the server of corresponding banking system.
Alternatively, background server have recorded the cell-phone number used when user registers.
Step S202: the high grade cryptosystem of background server record user;
More specifically, the value of the high grade cryptosystem of user under background server default record, i.e. use precise time criterion Or Fuzzy Time criterion records the behavioral pattern password of user, and high grade cryptosystem is stored in corresponding memory element.
Step S3: when user uses password, completes the authentication to user;
Specifically, step S3 includes following sub-step:
Step S301: user inputs primary password, completes the certification of primary password;
More specifically, background server comparison primary password correctness, server completes the certification of primary password.If just Really, then carrying out the certification of high grade cryptosystem, if incorrect, carry out certification again according to input number of times, such as, input number of times is 3 times, If the primary password again inputted is correct, being then verified, if when inputting the number of times upper limit, the password of input is the most incorrect, then Background server locked the account on same day, and user is optional to forget Password, and again gives for change, or second day logs in the most again.
Step S302: background server inputs behavioral pattern during primary password according to user, completes recognizing of high grade cryptosystem Card;
Preferably, when the decision method of time interval selects precise time criterion, such as, password is inputted A1234567, simply enters time interval between each numeral in the time interval threshold value with time error, is just i.e. regarding as True behavioral pattern password, such as, is spaced apart 0.8s between button, and time error is 0.2s, as long as then at 0.6s to 1.0s Two adjacent character keys of the primary password of interior input, until Password Input completes, i.e. regard as correct behavioral pattern close Code, if two adjacent character keys of the primary password of input outside the time range of 0.6s to 1.0s, then regards as the row of mistake For pattern password.
When the decision method of time interval selects Fuzzy Time criterion, such as, the primary password a1234567 of input, It is short dead time 0.2s when input process inputs a12, also for short dead time 0.2s when inputting 345, when inputting 67 is also The short dead time, is long dead time 0.4s during input 23,56, the row of the behavioural habits of user, i.e. user under server record For pattern password.If being short dead time 0.2s during input a12345, being short dead time 0.2s when inputting 67, when inputting 56 being Long dead time 0.4s, then be the behavioral pattern password of mistake.
Alternatively, when user inputs primary password, high grade cryptosystem is compared by background server simultaneously, if correctly, then Transaction completes;If incorrect, then transmission note is to mobile phone, carries out authentication by note, again inputs high grade cryptosystem, behavior When being accustomed to consistent, it is verified, otherwise, authentication failed, the number of times of short message certification, such as, 3 times can be set herein.
Step S303: user completes authentication, transaction completes.
More specifically, after user completes the double authentication of primary password and high grade cryptosystem, transaction completes.
The application uses the mode that primary password and high grade cryptosystem combine so that user is during transaction, not only Need the accuracy of the primary password of checking, in addition it is also necessary to the accuracy of checking high grade cryptosystem, greatly reduce the account risk of user, Fund and the information security of user are ensured.
Although having been described for the preferred embodiment of the application, but those skilled in the art once know basic creation Property concept, then can make other change and amendment to these embodiments.So, claims are intended to be construed to include excellent Select embodiment and fall into all changes and the amendment of the application scope.Obviously, those skilled in the art can be to the application Carry out various change and modification without deviating from spirit and scope.So, if these of the application are revised and modification Belong within the scope of the application claim and equivalent technologies thereof, then the application is also intended to comprise these changes and modification exists In.

Claims (8)

1. one kind carries out identity authentication method, it is characterised in that identity authentication method comprises the following steps:
Step S1: user carries out identification number register, the password that user carries out registering includes primary password and high grade cryptosystem;
Step S2: the password of background server record user registration;
Step S3: when user uses password, background server completes the authentication to user.
Carry out identity authentication method the most as claimed in claim 1, it is characterised in that primary password includes numeral, letter, hands One or more in gesture password.
Carry out identity authentication method the most as claimed in claim 1, it is characterised in that high grade cryptosystem is the behavioral pattern of user Password.
Carry out identity authentication method the most as claimed in claim 3, it is characterised in that high grade cryptosystem is explicit registration or hidden Formula is registered.
Carry out identity authentication method the most as claimed in claim 3, it is characterised in that the behavioral pattern password of user is by essence Really time determining method or Fuzzy Time determining method determine.
Carry out identity authentication method the most as claimed in claim 1, it is characterised in that step S1 includes following sub-step:
Step S101: user carries out the registration of primary password;
Step S102: user carries out the registration of high grade cryptosystem.
Carry out identity authentication method the most as claimed in claim 1, it is characterised in that step S2 includes following sub-step:
Step S201: the primary password of background server record user;
Step S202: the high grade cryptosystem of background server record user.
Carry out identity authentication method the most as claimed in claim 1, it is characterised in that step S3 includes following sub-step:
Step S301: user inputs primary password, completes the certification of primary password;
Step S302: background server inputs behavioral pattern during primary password according to user, completes the certification of high grade cryptosystem;
Step S303: user completes authentication, transaction completes.
CN201610513845.XA 2016-07-01 2016-07-01 One carries out identity authentication method Pending CN106209803A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610513845.XA CN106209803A (en) 2016-07-01 2016-07-01 One carries out identity authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610513845.XA CN106209803A (en) 2016-07-01 2016-07-01 One carries out identity authentication method

Publications (1)

Publication Number Publication Date
CN106209803A true CN106209803A (en) 2016-12-07

Family

ID=57464228

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610513845.XA Pending CN106209803A (en) 2016-07-01 2016-07-01 One carries out identity authentication method

Country Status (1)

Country Link
CN (1) CN106209803A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108075899A (en) * 2018-01-30 2018-05-25 努比亚技术有限公司 A kind of auth method, mobile terminal and computer readable storage medium
CN109951297A (en) * 2019-03-12 2019-06-28 中南民族大学 A kind of identity authorization system and its register method, login method of the reservation privacy of user towards big data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101958892A (en) * 2010-09-16 2011-01-26 汉王科技股份有限公司 Electronic data protection method, device and system based on face recognition
CN102148685A (en) * 2010-02-04 2011-08-10 陈祖石 Method and system for dynamically authenticating password by multi-password seed self-defined by user
CN102833235A (en) * 2012-08-13 2012-12-19 鹤山世达光电科技有限公司 Identity authentication and management device and identity authentication and management method
CN104168329A (en) * 2014-08-28 2014-11-26 尚春明 User secondary authentication method, device and system in cloud computing and Internet
CN104980279A (en) * 2014-10-16 2015-10-14 腾讯科技(深圳)有限公司 Identity authentication method, and related equipment and system
CN105577692A (en) * 2016-02-03 2016-05-11 杭州朗和科技有限公司 Website login authentication method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102148685A (en) * 2010-02-04 2011-08-10 陈祖石 Method and system for dynamically authenticating password by multi-password seed self-defined by user
CN101958892A (en) * 2010-09-16 2011-01-26 汉王科技股份有限公司 Electronic data protection method, device and system based on face recognition
CN102833235A (en) * 2012-08-13 2012-12-19 鹤山世达光电科技有限公司 Identity authentication and management device and identity authentication and management method
CN104168329A (en) * 2014-08-28 2014-11-26 尚春明 User secondary authentication method, device and system in cloud computing and Internet
CN104980279A (en) * 2014-10-16 2015-10-14 腾讯科技(深圳)有限公司 Identity authentication method, and related equipment and system
CN105577692A (en) * 2016-02-03 2016-05-11 杭州朗和科技有限公司 Website login authentication method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108075899A (en) * 2018-01-30 2018-05-25 努比亚技术有限公司 A kind of auth method, mobile terminal and computer readable storage medium
CN108075899B (en) * 2018-01-30 2020-12-01 太仓鸿羽智能科技有限公司 Identity authentication method, mobile terminal and computer readable storage medium
CN109951297A (en) * 2019-03-12 2019-06-28 中南民族大学 A kind of identity authorization system and its register method, login method of the reservation privacy of user towards big data

Similar Documents

Publication Publication Date Title
US9406055B2 (en) Shutting down access to all user accounts
US10050962B2 (en) Determining user authentication requirements along a continuum based on a current state of the user and/or the attributes related to the function requiring authentication
US9971885B2 (en) Determining user authentication requirements based on the current location of the user being within a predetermined area requiring altered authentication requirements
CN103793636B (en) A kind of method of equipment and protection equipment privacy
US20140337956A1 (en) System and method for multifactor authentication and login through smart wrist watch using near field communication
EP2936277B1 (en) Method and apparatus for information verification
US20220076268A1 (en) Method and device for authenticating near-field information, electronic apparatus, and computer storage medium
CN107612880A (en) One kind applies access method and device
US8984599B2 (en) Real time password generation apparatus and method
CN108597066A (en) A kind of caller management method, device and computer readable storage medium
KR101804182B1 (en) Online financial transactions, identity authentication system and method using real cards
CN101655768A (en) Anti-peep password input method
CN104636917A (en) Mobile payment system and method with secure payment function
CN106209803A (en) One carries out identity authentication method
CN107241362A (en) Recognize the method and apparatus that identifying code inputs user identity
CN105653993B (en) A kind of cipher-code input method, device and electronic equipment
KR20150000634A (en) Key input method and apparatus
CN104834441A (en) Touch screen unlocking method and apparatus
CN103761464A (en) Touch device and touch control method
US11341231B2 (en) Data security system for analyzing historical authentication entry attempts to identify misappropriation of security credential and enforce password change
CN103856326A (en) Safety authentication method and device
CN108572779A (en) A kind of combination gesture authentication method, system and mobile terminal
CN111314916A (en) Personalized resource application service system for primary and secondary education
US20140155032A1 (en) Secure processing system for use with a portable communication device
CN104022885A (en) Account security authentication method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20161207

RJ01 Rejection of invention patent application after publication