CN1466061A - Automatic random disposable code rasing network business safety vertification method - Google Patents
Automatic random disposable code rasing network business safety vertification method Download PDFInfo
- Publication number
- CN1466061A CN1466061A CNA021325545A CN02132554A CN1466061A CN 1466061 A CN1466061 A CN 1466061A CN A021325545 A CNA021325545 A CN A021325545A CN 02132554 A CN02132554 A CN 02132554A CN 1466061 A CN1466061 A CN 1466061A
- Authority
- CN
- China
- Prior art keywords
- user side
- program module
- user
- code
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The inventino refers to a kind of encrypting technology for the computer network, especially a certification method for enhancing the net transaction safety by using automatic random one-off code. It increases a automatic random one-off code centrification system to enhance the safety of the net transaction after the ID code certificating, it realizes the encrypting, decoding-resisting purpose of the net transactions through the code safe device which is inserted in the user's computer, the drive for the code safe device, the server end certificating procedure module, the Applet procedure module which is downloaded to the user end and the user end application. The system has nothing to do withthe primary ID code and the code changes in each accessing. Althrough the code is leaked, the system also can prevent the intruders.
Description
Technical field
The present invention relates to a kind of encryption technology in the enterprising affair transaction of doing business of computer network.Especially a kind of authentication method that improves safety of network trade by the automatic random disposable password.
Background technology
Development and progress along with being the e-commerce technology of media with internet (Internet) make the safety of electrical business that is applied in fields such as finance seem even more important.Present diverse network encryption measures such as the technological means such as SSL, PKI, double density sign indicating number or many passwords that adopt, in use the user need keep password firmly in mind; People are provided with some numerals with association, letter usually for ease of remembering, thereby its password is more easily guessed by other people and translated.The security of existing network trading is reduced greatly, influence further the popularizing and using of electronic commerce network technology in each application.
Summary of the invention
The purpose of this invention is to provide a kind of existing USB interface of subscriber computer of utilizing, the random disposable password of issuing automatically and preserving improves the authentication method of safety of network trade.
For achieving the above object, the present invention adopts following technical scheme: it has the webserver and subscriber computer, by the server-side certificate program module, download to user side the Applet program module, be plugged on the code safety device on the user end computer USB interface, the driver and the user side application program module of this code safety device correspondence formed; The user increases following authentication method in ID password login mode authentication back:
The user ID that server end requires according to the common ID-password login mode of user, with the intrinsic manufacturing ID of permanent USB that has logined in advance at server end of correspondence, user ID, purposes ID and Applet program module send user side to; Wherein the multiple use that purposes ID can corresponding online transaction uses.
The Applet program module and the user side application program module that are sent to user side communicate, and obtain the original code in the code safety device that is plugged on the subscriber computer USB interface by driver;
The Applet program module that downloads to user side sends to this original code the authentication procedure module of server end;
The authentication procedure module authenticates the original code that obtains, if the password legal, that distribution is new; Otherwise, the failure of notice user side certification work;
The authentication procedure module sends to new password the Applet program module of user side; The Applet program module and the user side application program module of user side communicate, and the new password of above-mentioned distribution is stored in the code safety device that is plugged on the subscriber computer USB interface;
The authentication procedure module of the Applet program module announcement server end of user side: the new password preservation that is plugged in the code safety device on the subscriber computer USB interface finishes;
The Applet program module of the authentication procedure module notice user side of server end is received above information;
The Applet program module and the user side application program module of user side communicate, and finish the replacing of new password in the encryption apparatus that is plugged on the subscriber computer USB interface;
The authentication procedure module of the Applet program module announcement server end of user side: the new password change that is plugged in the code safety device on the subscriber computer USB interface is finished;
The new password of authentication procedure module memory of server end;
Carry out concrete online transaction activity.
The described code safety device that is plugged on the user end computer USB interface contains USB driving arrangement, 8-32M storer and microprocessor hardware such as (MCU).
Adopting technique scheme, is exactly after common ID password login authentication, has increased the Verification System of this cover automatic random disposable password again.This Verification System adopts 128-1024 or longer password, and randomly changing all takes place each password and this password is kept in the code safety device that movably is plugged on the subscriber computer USB interface.The user in use needs to remove to use this code safety device as the key, just can enter the user on the network and conclude the business.Without it, can't enter the user on the network at all.Therefore, even common login password is stolen, this cover automated validation system of the present invention can prevent that still illegal person from entering system.The distribution of all passwords of the present invention, preservation and communication are all carried out automatically.That is to say that the present invention has added that again one deck is difficult to the cipher authentication system that cracks more after common ID password login authentication.
As a further improvement on the present invention, described server-side certificate program module is for embedding the general application program in the server end Web system.
The described Applet program module that downloads to user side is the standard A pplet program of being write as with the JAVA language that is embedded in the HTML.
The described driver that is plugged on the code safety device correspondence on the user end computer USB interface is suitable for Windows2000, WindowsXP, WindowsME, the program of moving in the operating systems such as Linux simultaneously for using C language and assembly language to write.
Described user side application program is for being kept at system program in the user end computer.
Further improve as of the present invention, the described code safety device that is plugged on the user end computer USB interface also comprises the driving arrangement of a display and this display.
Authentication method of the present invention is compared with the safety prevention measure of existing network trade transaction has following advantage: after carrying out common ID password login authentication mode, the Verification System that has increased the automatic random disposable password again is to strengthen the security protection of network trade transaction; Because of the behind of Verification System of the present invention in common password login authentication, the password of its password and common ID password login authentication does not have any relation and visits its password at every turn and all changing, and can worry even the password of common ID password login authentication mode is revealed yet; Because nearly all subscriber computer all has USB interface, therefore has application fields; For example online share certificate transaction, Web bank, online auction, web-based teaching, shopping online comprise various online commercial activities such as utilizing credit card or other Payment Methods clearing; Introducing the present invention utilizes the technology of computer serial bus access that the computer system of user side is had no effect, and is less to the network trade transaction systematic influence of server end; Not only server end authenticates user side, conversely, user side is obtained the permanent intrinsic manufacturing ID of the code safety device that is plugged on the USB interface by system application, user ID, the corresponding data that purposes ID and server send compares, server end is authenticated, so have reliable security performance; The code safety device volume that is plugged on the USB interface is less, is easy to carry.
Description of drawings
Fig. 1 improves the authentication method technical scheme structural representation of safety of network trade for automatic random disposable password of the present invention.
Be plugged on the electrical block diagram of the code safety device on the subscriber computer USB interface in the authentication method of Fig. 2 for automatic random disposable password raising safety of network trade of the present invention.
Fig. 3 is the outline program process flow diagram of user side application program module of the present invention.
Fig. 4 is the outline program process flow diagram of server-side certificate program module of the present invention.
Fig. 5 is the outline program process flow diagram of Applet program module among the present invention.
Embodiment
As shown in Figure 1, comprise: the webserver, subscriber computer, by server-side certificate program module 4, download to user side Applet program module 5, be plugged on the code safety device 1 on the user end computer USB interface, the driver 2 and the user side application program module 3 of this code safety device correspondence formed; The ID password login authentication mode that user advanced person works normal before each transaction is promptly imported username and password; After above-mentioned common authentication is passed through, will increase following authentication method automatically: server end sends the intrinsic manufacturing ID of permanent USB, user ID, purposes ID and the Applet program module that this user logins in advance to user side; The multiple use that purposes ID can corresponding online transaction wherein.
The Applet program module 5 that is sent to user side communicates with user side application program module 3, and the original code of obtaining in the code safety device 1 that is plugged on the USB interface by driver 2 is the random disposable password of last transaction;
The Applet program module 5 that downloads to user side sends to this original code the authentication procedure module 4 of server end;
4 pairs of original codes that obtain of authentication procedure module authenticate, if the password legal, that distribution is new; As not, then notify the failure of user side certification work;
The authentication procedure module 4 of the Applet program module 5 announcement server ends of user side: the new password preservation that is plugged in the code safety device 1 on the subscriber computer USB interface finishes;
After the Applet program module 5 of the authentication procedure module 4 notice user sides of server end is received above information, the Applet program module 5 of user side communicates with user side application program module 3, finishes more changing jobs of new password in the code safety device 1 that is plugged on the subscriber computer USB interface;
The authentication procedure module 4 of the Applet program module 5 announcement server ends of user side: the new password change that is plugged in the code safety device 1 on the subscriber computer USB interface is finished;
The new password of authentication procedure module 4 memories of server end;
Carry out concrete online transaction activity.
The liquid crystal display driving arrangement (as shown in Figure 2) that the described code safety device 1 that is plugged on the subscriber computer USB interface contains USB driving arrangement, 8-32M storer and microprocessor (MCU) and small-sized liquid crystal display LCD, links to each other with liquid crystal display.The code safety device 1 that is plugged on the subscriber computer USB interface is a kind of computer peripheral based on computer universal serial bus interface (USB interface).Be mainly used in and preserve the random disposable password and communicate with subscriber computer.This equipment has a permanent intrinsic manufacturing ID, has uniqueness to be used for differentiation and login user identity.
The length of the disposal password in the storer is 128-1024 or longer.User ID is used to distinguish different purposes, makes an equipment be used for a plurality of purposes.For example user ID 1 is used for the online transaction account of certain securities broker company; User ID 2 is used for the online account of certain bank; User ID 3 is used for certain web-based teaching account, and user ID 4 is used for (the showing as table 1) such as encryptions of certain software.Each bar record in the storer has current and last two passwords, the processing when being mainly used in communication and system's generation obstacle.
| Purposes | User ID | 1 | | Purposes 1 disposal password (current) | |
| Purposes | User ID | 2 | | Purposes 2 disposal passwords (current) | |
| Purposes nID | User ID n | Purposes n disposal password (last time) | Purposes n disposal password (current) | Purposes n records and narrates abbreviation |
Table 1 storage mode and content
The driver that is plugged on the code safety device correspondence on the user end computer USB interface is for using C language and assembly language written program, so that the softward interview of computing machine is plugged on the code safety device on the USB interface.The effect of this driver is the requirement according to the client application module, and the code safety device that is plugged on the computing machine USB interface is carried out read-write operation.
Show that as Fig. 3 the client application module is a kind of system level program in the user end computer, works, and stops when system closing when system start-up.Under Windows operating system, it is a server program, and under UNIX or linux system, it is an invoked program in system start-up Shell.Its effect be with webpage in the Applet program communicate, as requested visit be plugged on code safety device correspondence on the USB interface driver to realize that this code safety device is carried out read-write operation.Thereby make the interior Applet program module of webpage carry out read-write operation to this code safety device indirectly, to reach the purpose that obtains and preserve the random disposable password.
Show that as Fig. 4 the authentication procedure module of server end is the intrasystem general application program of Web that is embedded in server end; Its effect is to communicate to receive the password and the necessary communication information from user side with user side; The calling party log form is to authenticate the random disposable password; For the new random disposable password of legal users distribution; After obtaining being plugged on the USB interface new password in the code safety device and upgrading successful information, upgrade the corresponding password in user's log form.
Show that as Fig. 5 user side Applet program module is the standard A pplet program with the JAVA language compilation that is embedded in the HTML.This Applet program is the JAVA program in the executable HTML of being embedded on browser.The Applet program module of user side and the authentication procedure module of server end, user side application program module communicate, and take on communication agent effect between the two.Because Applet program module of the present invention will communicate with the client application module, so need to use the security and encryption technology of JAVA.
In actual use code safety device is inserted the USB interface of subscriber computer, operating system detects a new external hardware USB device, and operating system is searched the driver that has been mounted; If do not find with prompting user installation driver and user side application program module, install driver and user side application program module and with its startup; Utilize corresponding service (as online share certificate transaction), pull up the code safety device on the USB interface, utilize and finish.The Web system importing certificate program module of server end; With the relevant webpage of authentication and embed Applet program of the present invention; Set up user's log form, distribute and the initialization user ID; Initialization is also issued user's USB code safety device.
The present invention compares with the safety prevention measure of existing network trade transaction and has following advantage: in the behind of common ID password login authentication mode, the Verification System that has increased the automatic random disposable password is again strengthened the security protection of network trade transaction; The user still uses common ID pin mode login, can not increase trouble to the user of foregrounding.Because of Verification System of the present invention is in common ID login authentication behind, the authentication password that the password of its password and common ID password login authentication mode does not have any relation and each visit is all changing, and also needn't worry even the password of common ID password login authentication mode is revealed.The code safety device that is plugged on the USB interface is portable equipment and common door key sizableness, so easy to carry; Because of nearly all computing machine all has USB interface, so have application fields; Introducing the present invention simultaneously has no effect to the computer system of user side; Influence to the network trade transaction system of server end is also very little.Authentication method of the present invention not only server end authenticates client, conversely, user side also can be obtained the permanent intrinsic manufacturing ID of the code safety device that is plugged on the USB interface by system application, user ID, the corresponding data that purposes ID and server send compares, and server end is authenticated; So have reliable security performance.
Claims (6)
1, a kind of automatic random disposable password improves the authentication method of safety of network trade, comprise: the webserver, subscriber computer is characterized in that: by server-side certificate program module (4), download to user side Applet program module (5), be plugged on the code safety device (1) on the user end computer USB interface, the driver (2) and the user side application program module (3) of this code safety device correspondence formed; The user increases following authentication method automatically after common ID-password login mode authentication:
The user ID that server end requires according to the common ID-password login mode of user, with the intrinsic manufacturing ID of permanent USB that has logined in advance at server end of correspondence, user ID, purposes ID and Applet program module send user side to;
The Applet program module (5) that is sent to user side communicates with user side application program module (3), obtains the original code in the code safety device (1) that is plugged on the USB interface by driver (2);
The Applet program module (5) that downloads to user side sends to this original code the authentication procedure module (4) of server end;
Above-mentioned authentication procedure module (4) authenticates the original code that obtains, if the password legal, that distribution is new; Otherwise, the failure of notice user side certification work;
Authentication procedure module (4) sends to new password the Applet program module (5) of user side; The Applet program module (5) of user side and user side application program module (3) communicate, and the new password of above-mentioned distribution is stored in the code safety device (1) that is plugged on the subscriber computer USB interface;
The authentication procedure module (4) of Applet program module (5) the announcement server end of user side: the new password preservation that is plugged in the code safety device (1) on the subscriber computer USB interface finishes;
The Applet program module (5) of authentication procedure module (4) the notice user side of server end is received above information;
The Applet program module (5) of user side communicates with user side application program module (3), finishes the replacing of the interior new password of encryption apparatus (1) that is plugged on the subscriber computer USB interface;
The authentication procedure module (4) of Applet program module (5) the announcement server end of user side: the new password change that is plugged in the code safety device (1) on the subscriber computer USB interface is finished;
The new password of authentication procedure module (4) memory of server end;
Carry out concrete online transaction activity,
The described code safety device (1) that is plugged on the subscriber computer USB interface contains hardware such as USB driving arrangement, 8-32M storer and microprocessor.
2, random disposable password according to claim 1 improves the authentication method of safety of network trade, it is characterized in that: described server-side certificate program module (4) is for embedding the general application program in the server end Web system.
3, random disposable password according to claim 1 improves the authentication method of safety of network trade, it is characterized in that: the described Applet program module (5) that downloads to user side is for being embedded in the standard A pplet program of being write as with the JAVA language in the HTML.
4, random disposable password according to claim 1 improves the authentication method of safety of network trade, it is characterized in that: the described corresponding driver of code safety device (1) on the user end computer USB interface that is plugged on is for using C language and assembly language and write and being suitable for Windows2000, WindowsXP, WindowsME, the program of moving in the operating systems such as Linux.
5, random disposable password according to claim 1 improves the authentication method of safety of network trade, it is characterized in that: described user side application program (3) is for being kept at the system program in the user end computer.
6, random disposable password according to claim 1 improves the authentication method of safety of network trade, and it is characterized in that: the described code safety device (1) that is plugged on the user end computer USB interface also comprises the driving arrangement of a display and this display.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02132554 CN1226688C (en) | 2002-07-04 | 2002-07-04 | Automatic random disposable code rasing network business safety vertification method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02132554 CN1226688C (en) | 2002-07-04 | 2002-07-04 | Automatic random disposable code rasing network business safety vertification method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1466061A true CN1466061A (en) | 2004-01-07 |
| CN1226688C CN1226688C (en) | 2005-11-09 |
Family
ID=34145217
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 02132554 Expired - Fee Related CN1226688C (en) | 2002-07-04 | 2002-07-04 | Automatic random disposable code rasing network business safety vertification method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1226688C (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100341362C (en) * | 2004-06-16 | 2007-10-03 | 乐金电子(中国)研究开发中心有限公司 | Security processing method for transmission and receive of mobile communication terminal |
| CN100464336C (en) * | 2005-06-14 | 2009-02-25 | 华为技术有限公司 | Method for controlling system account right |
| CN101102195B (en) * | 2006-07-06 | 2010-08-18 | 美国凹凸微系有限公司 | Safety method for accessing and protecting network device |
| CN1922845B (en) * | 2004-02-23 | 2010-10-06 | 弗里塞恩公司 | Token authentication system and method |
| CN1829225B (en) * | 2005-03-04 | 2011-09-21 | 微软公司 | Method and system for safely disclosing identity over the internet |
| CN101478397B (en) * | 2008-12-24 | 2012-01-18 | 北京握奇数据系统有限公司 | Method and system for authentication of public telephone card and public telephone machine |
| CN102171971B (en) * | 2008-06-23 | 2014-04-23 | 德国捷德有限公司 | Releasing a service on an electronic appliance |
| CN102176225B (en) * | 2005-07-08 | 2014-07-09 | 三因迪斯克技术有限公司 | Mass storage device with automated credentials loading |
| WO2016123823A1 (en) * | 2015-02-06 | 2016-08-11 | 宇龙计算机通信科技(深圳)有限公司 | Data interaction method, apparatus and system |
| CN106685938A (en) * | 2016-12-16 | 2017-05-17 | 杭州迪普科技股份有限公司 | Method for generating protection configuration for login page and apparatus thereof |
-
2002
- 2002-07-04 CN CN 02132554 patent/CN1226688C/en not_active Expired - Fee Related
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1922845B (en) * | 2004-02-23 | 2010-10-06 | 弗里塞恩公司 | Token authentication system and method |
| CN100341362C (en) * | 2004-06-16 | 2007-10-03 | 乐金电子(中国)研究开发中心有限公司 | Security processing method for transmission and receive of mobile communication terminal |
| CN1829225B (en) * | 2005-03-04 | 2011-09-21 | 微软公司 | Method and system for safely disclosing identity over the internet |
| CN100464336C (en) * | 2005-06-14 | 2009-02-25 | 华为技术有限公司 | Method for controlling system account right |
| CN102176225B (en) * | 2005-07-08 | 2014-07-09 | 三因迪斯克技术有限公司 | Mass storage device with automated credentials loading |
| CN101102195B (en) * | 2006-07-06 | 2010-08-18 | 美国凹凸微系有限公司 | Safety method for accessing and protecting network device |
| CN102171971B (en) * | 2008-06-23 | 2014-04-23 | 德国捷德有限公司 | Releasing a service on an electronic appliance |
| CN101478397B (en) * | 2008-12-24 | 2012-01-18 | 北京握奇数据系统有限公司 | Method and system for authentication of public telephone card and public telephone machine |
| WO2016123823A1 (en) * | 2015-02-06 | 2016-08-11 | 宇龙计算机通信科技(深圳)有限公司 | Data interaction method, apparatus and system |
| CN106685938A (en) * | 2016-12-16 | 2017-05-17 | 杭州迪普科技股份有限公司 | Method for generating protection configuration for login page and apparatus thereof |
| CN106685938B (en) * | 2016-12-16 | 2019-07-05 | 杭州迪普科技股份有限公司 | A kind of method and apparatus generating protection configuration for login page |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1226688C (en) | 2005-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA3060421C (en) | Systems and mechanism to control the lifetime of an access token dynamically based on access token use | |
| US8661520B2 (en) | Systems and methods for identification and authentication of a user | |
| US7548890B2 (en) | Systems and methods for identification and authentication of a user | |
| US7909245B1 (en) | Network based method of providing access to information | |
| US9426134B2 (en) | Method and systems for the authentication of a user | |
| DE602004012996T2 (en) | METHOD AND DEVICE FOR AUTHENTICATING USERS AND WEBSITES | |
| JP4420201B2 (en) | Authentication method using hardware token, hardware token, computer apparatus, and program | |
| US8171287B2 (en) | Access control system for information services based on a hardware and software signature of a requesting device | |
| US20010045451A1 (en) | Method and system for token-based authentication | |
| US20070107050A1 (en) | Simple two-factor authentication | |
| US20070180263A1 (en) | Identification and remote network access using biometric recognition | |
| WO2008127431A2 (en) | Systems and methods for identification and authentication of a user | |
| US9847874B2 (en) | Intermediary organization account asset protection via an encoded physical mechanism | |
| CN1703002A (en) | Portable one-time dynamic password generator and security authentication system using the same | |
| US20090220075A1 (en) | Multifactor authentication system and methodology | |
| US20010034721A1 (en) | System and method for providing services to a remote user through a network | |
| CN109981588B (en) | Data transaction service processing method and system based on block chain | |
| CN1588853A (en) | Uniform identication method and system based on network | |
| CN1226688C (en) | Automatic random disposable code rasing network business safety vertification method | |
| CN2865145Y (en) | Portable disposable dynamic code generator and safety identification system using this | |
| US20060129828A1 (en) | Method which is able to centralize the administration of the user registered information across networks | |
| NO985951L (en) | Improving or relating to Internet communication | |
| US20180167202A1 (en) | Account asset protection via an encoded physical mechanism | |
| CN112862484A (en) | Secure payment method and device based on multi-terminal interaction | |
| CN116383799A (en) | Business processing method and device based on applet and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |