CN106209803A - One carries out identity authentication method - Google Patents
One carries out identity authentication method Download PDFInfo
- Publication number
- CN106209803A CN106209803A CN201610513845.XA CN201610513845A CN106209803A CN 106209803 A CN106209803 A CN 106209803A CN 201610513845 A CN201610513845 A CN 201610513845A CN 106209803 A CN106209803 A CN 106209803A
- Authority
- CN
- China
- Prior art keywords
- user
- password
- carries out
- identity authentication
- background server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
This application discloses one and carry out identity authentication method, relate to information security field, solve the technical problem that during existing password uses, risk is high.The method comprises the following steps: step S1: user carries out identification number register, and the password that user carries out registering includes primary password and high grade cryptosystem;Step S2: the password of background server record user registration;Step S3: when user uses password, background server completes the authentication to user.The application carries out authenticating user identification during paying user.
Description
Technical field
The application relates to information security field, is specifically related to one and carries out identity authentication method.
Background technology
In existing process of exchange, except paying in cash, no matter it is off-line cipher or on-line cipher, is all to pass through password
Transactional operation such as consuming, transfer accounts just can be carried out after checking.Existing identification authentication mode is all with the side of checking input password
Formula is carried out.
But, there is the defect that password is revealed, the once computer of user, mobile phone, flat board in the mode of current input password
Peeped by people when of computer, infection virus or input password, will result in the leakage of password so that the account of user exists
Security risk.
Application content
The purpose of the application is to provide a kind of identity authentication method, for reducing the security risk of user account.
For reaching above-mentioned purpose, the application one carries out identity authentication method, comprises the following steps:
Step S1: user carries out identification number register, the password that user carries out registering includes primary password and high grade cryptosystem;
Step S2: the password of background server record user registration;
Step S3: when user uses password, background server completes the authentication to user.
Primary password includes one or more in numeral, letter, gesture password.
High grade cryptosystem is the behavioral pattern password of user.
High grade cryptosystem is explicit registration or implicit registration.
The behavioral pattern password of user is determined by precise time determining method or Fuzzy Time determining method.
Step S1 includes following sub-step:
Step S101: user carries out the registration of primary password;
Step S102: user carries out the registration of high grade cryptosystem.
Step S2 includes following sub-step:
Step S201: the primary password of background server record user;
Step S202: the high grade cryptosystem of background server record user.
Step S3 includes following sub-step:
Step S301: user inputs primary password, completes the certification of primary password;
Step S302: background server inputs behavioral pattern during primary password according to user, completes recognizing of high grade cryptosystem
Card;
Step S303: user completes authentication, transaction completes.
From above technical scheme, the application uses the mode that primary password and high grade cryptosystem combine so that user
During transaction, not only need to verify the correctness of primary password, in addition it is also necessary to the correctness of checking high grade cryptosystem, significantly drop
The low account risk of user, has ensured fund and the information security of user.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present application or technical scheme of the prior art, below will be to embodiment or existing
In having technology to describe, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is only this
Some embodiments described in application, for those of ordinary skill in the art, it is also possible to obtain other according to these accompanying drawings
Accompanying drawing.
Fig. 1 is that the application carries out identity authentication method flow chart;
Fig. 2 is the method flow diagram of the application step S1;
Fig. 3 is the method flow diagram of the application step S2;
Fig. 4 is the method flow diagram of the application step S3.
Detailed description of the invention
For the technical scheme making those skilled in the art be more fully understood that in the application, below in conjunction with the embodiment of the present application
In accompanying drawing, the technical scheme in the embodiment of the present application is clearly and completely described, it is clear that described embodiment is only
It is only some embodiments of the present application rather than whole embodiments.Based on the embodiment in the application, ordinary skill
The every other embodiment that personnel are obtained under not making creative work premise, all should belong to the model of the application protection
Enclose.
The embodiment of the present application provide one carry out identity authentication method, user can computer, mobile phone, panel computer,
Use the application's to carry out identity authentication method in POS or other equipment, it is achieved the raising of the safe class of user account.
Implement one
The present embodiment provides one to carry out identity authentication method, as it is shown in figure 1, the method comprises the following steps:
Step S1: user carries out identification number register, the password that user carries out registering includes primary password and high grade cryptosystem;
Specifically, step S1 includes following sub-step, as shown in Figure 2:
Step S101: user carries out the registration of primary password;
More specifically, primary password includes one or more in numeral, letter, gesture password, such as, primary password can
To be simple numeral, letter, gesture password, it is also possible to gesture password is added in the combination being digital, alphabetical.User is all right
When carrying out primary identification number register, primary password is bound with user mobile phone number, in order to the follow-up amendment to primary password
Safer more convenient with giving for change.
Step S102: user carries out the registration of high grade cryptosystem;
More specifically, when high grade cryptosystem is preferably the behavioral pattern password of user, such as input primary password between button
Time interval, owing to behavioral pattern password depends on the behavioural habits of user, therefore, it has higher safety.
Wherein, the logon mode of high grade cryptosystem can be after primary password has been registered in explicit registration, i.e. user, with user
Behavioural habits re-enter primary password, and then complete the registration of high grade cryptosystem.
The time interval between button when the behavioral pattern password of user is input primary password, user carries out senior close
Code registration time, the decision method of time interval can be precise time criterion or Fuzzy Time criterion.Specifically, when adopting
During by precise time criterion, the time interval between button when background server record user inputs primary password, as long as
Within rational time error (time error can carry out self-defined according to the use habit of user), it is legal i.e. to regard as
Behavioural habits, behavior custom can be used as high grade cryptosystem, is behavioral pattern password.When using Fuzzy Time criterion,
The time interval between button when background server record user inputs primary password, i.e. recorded between the time between button
Every, as long as the long time paused longer than the time of short pause i.e. regard as legal behavioral pattern background server and can set phase
Long dead time of answering, the value of short dead time, long dead time, short dead time can be a numerical value, it is also possible to be one
Individual scope.
Step S2: the password of background server record user registration;
Specifically, step S2 includes following sub-step, as shown in Figure 3:
Step S201: the primary password of background server record user;
More specifically, background server is by the one or many in the primary password of user, i.e. numeral, letter, gesture password
Kind, it being stored in the corresponding memory element of background server, background server can be the server of corresponding banking system.
Alternatively, background server also records the cell-phone number used when user registers.
Step S202: the high grade cryptosystem of background server record user;
More specifically, the value of the corresponding high grade cryptosystem of background server record, i.e. use precise time criterion or fuzzy
The behavioral pattern password of the user that time criterion records, and high grade cryptosystem is stored in corresponding memory element.
Step S3: when user uses password, completes the authentication to user.
Specifically, step S3 includes following sub-step:
Step S301: user inputs primary password, completes the certification of primary password;
More specifically, background server comparison primary password correctness, if correctly, background server completes from primary
The certification of password;If incorrect, then user is allowed to carry out certification again in stipulated number (such as, it is stipulated that number of times is 3 times), if
The primary password again inputted is correct, then be verified, if when inputting the number of times upper limit, the password of input is the most incorrect, then after
Station server locked the account on same day, and user is optional to forget Password, and again gives for change, or second day logs in the most again.
Step S302: background server inputs behavioral pattern during primary password according to user, completes recognizing of high grade cryptosystem
Card;
Preferably, when the decision method of time interval selects precise time criterion, such as, input password 123456,
Simply enter the time interval between each numeral in the time interval of input with in the threshold value of time error, be correct behavior
Pattern password.Such as, time interval is 0.5s, time error 0.2s, if then two phases of the primary password of input in 0.7s
Adjacent character keys, until Password Input completes, i.e. regards as correct behavioral pattern password, if time when inputting each numeral
Interval more than 0.7s, is then the behavioral pattern password of mistake.
When the decision method of time interval selects Fuzzy Time criterion, such as, input password 123456, inputted
It is short dead time 0.2s when journey inputs 123, also for short dead time 0.2s when inputting 456, time when inputting 34 for long pause
Between 0.4s, the behavioral pattern password of the behavioural habits of user, i.e. user under server record, when user inputs primary password, if
1234 is short dead time 0.2s, and 56 is short dead time 0.2s, and 45 is long dead time 0.4s, then with the behavioral pattern registered
Password is inconsistent, for the behavioral pattern password of mistake.
Alternatively, when user inputs primary password, high grade cryptosystem is compared by background server simultaneously, if correctly, then
Transaction completes;If incorrect, then transmission note is to mobile phone, carries out authentication by note, again inputs high grade cryptosystem, behavior
When being accustomed to consistent, it is verified, otherwise, authentication failed, the number of times of short message certification, such as, 3 times can be set herein.
Step S303: user completes authentication, transaction completes.
Embodiment two
The present embodiment also provides for one and carries out identity authentication method, and the method comprises the following steps:
Step S1: user carries out identification number register, the password that user carries out registering includes primary password and high grade cryptosystem;
Specifically, step S1 includes following sub-step:
Step S101: user carries out the registration of primary password;
More specifically, primary password includes one or more in numeral, letter, gesture password, wherein, when primary password
During for numeral, one or both in letter, in addition it is also necessary to the cell-phone number of user bound, to improve safety.
Step S102: user carries out the registration of high grade cryptosystem;
More specifically, the behavioral pattern password that high grade cryptosystem is user, such as during input primary password between button time
Between be spaced.Owing to behavioral pattern password depends on the behavioural habits of user, therefore, it has higher safety.
Wherein, high grade cryptosystem register that can be that implicit registration, i.e. background server default record user input primary close
Behavioural habits during code, as corresponding behavioral pattern password.
The time interval between button when the behavioral pattern password of user is input primary password, user carries out senior close
Code registration time, the decision method of time interval can be precise time criterion or Fuzzy Time criterion.Specifically, when adopting
During by precise time criterion, under background server default record during the primary password of input, the interval between button, as long as closing
Between the time error of reason, i.e. regarding as legal behavioural habits, time error therein can be according to the use habit of user
Carry out self-defined.When using Fuzzy Time criterion, during the primary password of background server default record input, between button
Interval, as long as the long time paused longer than the time of short pause i.e. regards as legal behavioral pattern, background server can set
Fixed corresponding long dead time, the value of short dead time, long dead time, short dead time can be a numerical value, it is also possible to
It it is a scope.
Step S2: the password of background server record user registration;
Specifically, step S2 includes following sub-step:
Step S201: the primary password of background server record user;
More specifically, terminal is by the group of one or more in the primary password of user, i.e. numeral, letter, gesture password
Closing, be stored in the corresponding memory element of background server, background server is the server of corresponding banking system.
Alternatively, background server have recorded the cell-phone number used when user registers.
Step S202: the high grade cryptosystem of background server record user;
More specifically, the value of the high grade cryptosystem of user under background server default record, i.e. use precise time criterion
Or Fuzzy Time criterion records the behavioral pattern password of user, and high grade cryptosystem is stored in corresponding memory element.
Step S3: when user uses password, completes the authentication to user;
Specifically, step S3 includes following sub-step:
Step S301: user inputs primary password, completes the certification of primary password;
More specifically, background server comparison primary password correctness, server completes the certification of primary password.If just
Really, then carrying out the certification of high grade cryptosystem, if incorrect, carry out certification again according to input number of times, such as, input number of times is 3 times,
If the primary password again inputted is correct, being then verified, if when inputting the number of times upper limit, the password of input is the most incorrect, then
Background server locked the account on same day, and user is optional to forget Password, and again gives for change, or second day logs in the most again.
Step S302: background server inputs behavioral pattern during primary password according to user, completes recognizing of high grade cryptosystem
Card;
Preferably, when the decision method of time interval selects precise time criterion, such as, password is inputted
A1234567, simply enters time interval between each numeral in the time interval threshold value with time error, is just i.e. regarding as
True behavioral pattern password, such as, is spaced apart 0.8s between button, and time error is 0.2s, as long as then at 0.6s to 1.0s
Two adjacent character keys of the primary password of interior input, until Password Input completes, i.e. regard as correct behavioral pattern close
Code, if two adjacent character keys of the primary password of input outside the time range of 0.6s to 1.0s, then regards as the row of mistake
For pattern password.
When the decision method of time interval selects Fuzzy Time criterion, such as, the primary password a1234567 of input,
It is short dead time 0.2s when input process inputs a12, also for short dead time 0.2s when inputting 345, when inputting 67 is also
The short dead time, is long dead time 0.4s during input 23,56, the row of the behavioural habits of user, i.e. user under server record
For pattern password.If being short dead time 0.2s during input a12345, being short dead time 0.2s when inputting 67, when inputting 56 being
Long dead time 0.4s, then be the behavioral pattern password of mistake.
Alternatively, when user inputs primary password, high grade cryptosystem is compared by background server simultaneously, if correctly, then
Transaction completes;If incorrect, then transmission note is to mobile phone, carries out authentication by note, again inputs high grade cryptosystem, behavior
When being accustomed to consistent, it is verified, otherwise, authentication failed, the number of times of short message certification, such as, 3 times can be set herein.
Step S303: user completes authentication, transaction completes.
More specifically, after user completes the double authentication of primary password and high grade cryptosystem, transaction completes.
The application uses the mode that primary password and high grade cryptosystem combine so that user is during transaction, not only
Need the accuracy of the primary password of checking, in addition it is also necessary to the accuracy of checking high grade cryptosystem, greatly reduce the account risk of user,
Fund and the information security of user are ensured.
Although having been described for the preferred embodiment of the application, but those skilled in the art once know basic creation
Property concept, then can make other change and amendment to these embodiments.So, claims are intended to be construed to include excellent
Select embodiment and fall into all changes and the amendment of the application scope.Obviously, those skilled in the art can be to the application
Carry out various change and modification without deviating from spirit and scope.So, if these of the application are revised and modification
Belong within the scope of the application claim and equivalent technologies thereof, then the application is also intended to comprise these changes and modification exists
In.
Claims (8)
1. one kind carries out identity authentication method, it is characterised in that identity authentication method comprises the following steps:
Step S1: user carries out identification number register, the password that user carries out registering includes primary password and high grade cryptosystem;
Step S2: the password of background server record user registration;
Step S3: when user uses password, background server completes the authentication to user.
Carry out identity authentication method the most as claimed in claim 1, it is characterised in that primary password includes numeral, letter, hands
One or more in gesture password.
Carry out identity authentication method the most as claimed in claim 1, it is characterised in that high grade cryptosystem is the behavioral pattern of user
Password.
Carry out identity authentication method the most as claimed in claim 3, it is characterised in that high grade cryptosystem is explicit registration or hidden
Formula is registered.
Carry out identity authentication method the most as claimed in claim 3, it is characterised in that the behavioral pattern password of user is by essence
Really time determining method or Fuzzy Time determining method determine.
Carry out identity authentication method the most as claimed in claim 1, it is characterised in that step S1 includes following sub-step:
Step S101: user carries out the registration of primary password;
Step S102: user carries out the registration of high grade cryptosystem.
Carry out identity authentication method the most as claimed in claim 1, it is characterised in that step S2 includes following sub-step:
Step S201: the primary password of background server record user;
Step S202: the high grade cryptosystem of background server record user.
Carry out identity authentication method the most as claimed in claim 1, it is characterised in that step S3 includes following sub-step:
Step S301: user inputs primary password, completes the certification of primary password;
Step S302: background server inputs behavioral pattern during primary password according to user, completes the certification of high grade cryptosystem;
Step S303: user completes authentication, transaction completes.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610513845.XA CN106209803A (en) | 2016-07-01 | 2016-07-01 | One carries out identity authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610513845.XA CN106209803A (en) | 2016-07-01 | 2016-07-01 | One carries out identity authentication method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106209803A true CN106209803A (en) | 2016-12-07 |
Family
ID=57464228
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610513845.XA Pending CN106209803A (en) | 2016-07-01 | 2016-07-01 | One carries out identity authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106209803A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108075899A (en) * | 2018-01-30 | 2018-05-25 | 努比亚技术有限公司 | A kind of auth method, mobile terminal and computer readable storage medium |
CN109951297A (en) * | 2019-03-12 | 2019-06-28 | 中南民族大学 | A kind of identity authorization system and its register method, login method of the reservation privacy of user towards big data |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101958892A (en) * | 2010-09-16 | 2011-01-26 | 汉王科技股份有限公司 | Electronic data protection method, device and system based on face recognition |
CN102148685A (en) * | 2010-02-04 | 2011-08-10 | 陈祖石 | Method and system for dynamically authenticating password by multi-password seed self-defined by user |
CN102833235A (en) * | 2012-08-13 | 2012-12-19 | 鹤山世达光电科技有限公司 | Identity authentication and management device and identity authentication and management method |
CN104168329A (en) * | 2014-08-28 | 2014-11-26 | 尚春明 | User secondary authentication method, device and system in cloud computing and Internet |
CN104980279A (en) * | 2014-10-16 | 2015-10-14 | 腾讯科技(深圳)有限公司 | Identity authentication method, and related equipment and system |
CN105577692A (en) * | 2016-02-03 | 2016-05-11 | 杭州朗和科技有限公司 | Website login authentication method and device |
-
2016
- 2016-07-01 CN CN201610513845.XA patent/CN106209803A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102148685A (en) * | 2010-02-04 | 2011-08-10 | 陈祖石 | Method and system for dynamically authenticating password by multi-password seed self-defined by user |
CN101958892A (en) * | 2010-09-16 | 2011-01-26 | 汉王科技股份有限公司 | Electronic data protection method, device and system based on face recognition |
CN102833235A (en) * | 2012-08-13 | 2012-12-19 | 鹤山世达光电科技有限公司 | Identity authentication and management device and identity authentication and management method |
CN104168329A (en) * | 2014-08-28 | 2014-11-26 | 尚春明 | User secondary authentication method, device and system in cloud computing and Internet |
CN104980279A (en) * | 2014-10-16 | 2015-10-14 | 腾讯科技(深圳)有限公司 | Identity authentication method, and related equipment and system |
CN105577692A (en) * | 2016-02-03 | 2016-05-11 | 杭州朗和科技有限公司 | Website login authentication method and device |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108075899A (en) * | 2018-01-30 | 2018-05-25 | 努比亚技术有限公司 | A kind of auth method, mobile terminal and computer readable storage medium |
CN108075899B (en) * | 2018-01-30 | 2020-12-01 | 太仓鸿羽智能科技有限公司 | Identity authentication method, mobile terminal and computer readable storage medium |
CN109951297A (en) * | 2019-03-12 | 2019-06-28 | 中南民族大学 | A kind of identity authorization system and its register method, login method of the reservation privacy of user towards big data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9406055B2 (en) | Shutting down access to all user accounts | |
US10050962B2 (en) | Determining user authentication requirements along a continuum based on a current state of the user and/or the attributes related to the function requiring authentication | |
US9971885B2 (en) | Determining user authentication requirements based on the current location of the user being within a predetermined area requiring altered authentication requirements | |
CN103793636B (en) | A kind of method of equipment and protection equipment privacy | |
US20140337956A1 (en) | System and method for multifactor authentication and login through smart wrist watch using near field communication | |
EP2936277B1 (en) | Method and apparatus for information verification | |
US20220076268A1 (en) | Method and device for authenticating near-field information, electronic apparatus, and computer storage medium | |
CN107612880A (en) | One kind applies access method and device | |
US8984599B2 (en) | Real time password generation apparatus and method | |
CN108597066A (en) | A kind of caller management method, device and computer readable storage medium | |
KR101804182B1 (en) | Online financial transactions, identity authentication system and method using real cards | |
CN101655768A (en) | Anti-peep password input method | |
CN104636917A (en) | Mobile payment system and method with secure payment function | |
CN106209803A (en) | One carries out identity authentication method | |
CN107241362A (en) | Recognize the method and apparatus that identifying code inputs user identity | |
CN105653993B (en) | A kind of cipher-code input method, device and electronic equipment | |
KR20150000634A (en) | Key input method and apparatus | |
CN104834441A (en) | Touch screen unlocking method and apparatus | |
CN103761464A (en) | Touch device and touch control method | |
US11341231B2 (en) | Data security system for analyzing historical authentication entry attempts to identify misappropriation of security credential and enforce password change | |
CN103856326A (en) | Safety authentication method and device | |
CN108572779A (en) | A kind of combination gesture authentication method, system and mobile terminal | |
CN111314916A (en) | Personalized resource application service system for primary and secondary education | |
US20140155032A1 (en) | Secure processing system for use with a portable communication device | |
CN104022885A (en) | Account security authentication method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161207 |
|
RJ01 | Rejection of invention patent application after publication |