CN100459495C - Password dynamic enciphering inputmethod of public emipering mode - Google Patents
Password dynamic enciphering inputmethod of public emipering mode Download PDFInfo
- Publication number
- CN100459495C CN100459495C CNB2004100110192A CN200410011019A CN100459495C CN 100459495 C CN100459495 C CN 100459495C CN B2004100110192 A CNB2004100110192 A CN B2004100110192A CN 200410011019 A CN200410011019 A CN 200410011019A CN 100459495 C CN100459495 C CN 100459495C
- Authority
- CN
- China
- Prior art keywords
- password
- encryption
- symbol
- input
- numeral
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
An electronic random numeral generator generates three ciphered safe levels and a random unpredictable dynamic key to be input to the real password, a user selects primary, middle and high three different levels selected by user, an input unit transmits the request information to CPU which generates dynamic key according to the levels and ciphers all numerals and symbols used in the password to be displayed to the user together with the ciphered numerals and symbols in light of this key and their relationship, the user transmits the ciphered real password to the CPU by the input unit to be deciphered and sent out by an output unit. If the password is right, it is allowed to access, if not, it is refused, the memory unit is used for storing real password and corrected real password.
Description
Technical field
The present invention relates to a kind of password dynamic encryption input method of public encryption mode, particularly relate to the electronics random number generator and dynamically generate three encryption safe ranks and unpredictable at random dynamic key, the method for importing again after the password dynamic encryption.
Background technology
Password claims that also password is the method for the most widely used a kind of identifying user identity legitimacy.The user who authorizes has one and is different from the sign ID (user name, account number, or even magnetic card) of other user in the system and has only the secret password of oneself knowing (PW or PIN).If the user thinks login system, just must import the personal information (as user name, password etc.) of oneself, system judges its legitimacy thus, thereby implements access control.And the input of this personal information is disclosed, even also can be subjected to hacker's supervision on the net, therefore there is very big risk, the dynamic password formation method of the comparison safety of generally acknowledging relates to the detailed process complexity because of it at present, and need special password maker sometimes, to the ripe inadequately user of computer is to be difficult for grasping, therefore having limited it popularizes and promotes, there is not true password in dynamic password thus again, can't come the known unsafe factor of user (lose or be cracked as the password maker) is guaranteed by revising true password, so applicability be not strong.
Solve this class problem, can disclose when needing the password input on the one hand, promptly adopt the password dynamic encryption, the result that the user imports when different time is imported is different, so just be not afraid of others and steal a glance in various manners, what promptly others saw is not true password, on the other hand, most users do not need special study just can grasp this method, promptly need to adopt easy easy-to-use encryption method.Higher for fail safe in addition, also must adopt maltilevel security mechanism, promptly, also should have the alterability of true password except that true password when constant each input difference.Only accomplish that these could guarantee fail safe to greatest extent.
U.S. Pat-4720860 has disclosed a kind of dynamic password authentication system, and it uses a static variable and an input parameter that comes from the dynamic variable of time as the cryptographic algorithm of maintaining secrecy.Store a fixed code in the dynamic password maker of every authorized user, simultaneously on the surface of this maker also the marking this fixed code, in case forget, the dynamic password maker just generates a uncertain dynamic password automatically every a regular time interval (for example every a minute), it is that this maker fixed code generates by providing cryptographic algorithm as static variable, in a single day authorized user will ask visit, just transmits fixed code of oneself and the shown dynamic password of maker at that time to authentication node.Whether authentication node uses identical algorithm also to generate a dynamic password, mate to determine this password and user password, though improve to some extent in later patents US-4885778 but still password life device need be arranged.And the method that adopts in patent ZL-00106192.5 still needs password to give birth to device, though the method has certain fail safe, can only be suitable for the extra high professional user of security requirement, and inconvenience is popularized.Lose and will the user be caused heavy losses and work as the password maker.
Be dynamic on the invention surface more than, but be not dynamically in essence, because it is the password that generates is promptly relevant with fixed code (or user name), simultaneously relevant with the time again.Be that dynamic password is the function (promptly fixedly algorithm) of fixed code and time, not so the system that do not guarantee is to User Recognition, can pretend to be real user fully once cracked this functional relation by other people, this moment, real user can not be revised the password of oneself again, so its practicality is not fine.
Summary of the invention:
The present invention seeks to the method that input encrypted in the personal information that need openly input the user such as user name and password etc., guaranteed safety of user information, stopped to make the open loss that causes to the user of password because of importing true password.The present invention has adopted provides method of encrypting to user profile, is encrypted and is imported by the user, thereby realize the purpose of its open input message safety.In order to be applicable to dissimilar users' requirement, now encipherment scheme (or encryption safe rank) is divided into Three Estate, be that the encryption safe rank is elementary, middle rank and senior, the user can select different encryption safe ranks according to actual needs, thereby the different demands of dissimilar users have been satisfied to safety, but, make fail safe higher owing to have the mechanism of change password.
Purpose of the present invention is achieved through the following technical solutions:
The present invention is that dynamically to generate three encryption safe ranks and unpredictable at random dynamic key by the electronics random number generator be the password table, to the method for importing again after the password dynamic encryption, at the beginning of the encryption safe rank is, in, a Senior Three rank, the user gives request message transmission CPU and generates the encryption safe class information by input unit, be prompted to the user by display unit, the user inputs to CPU with the encryption level information that chooses, CPU generates dissimilar dynamic key according to different encryption safe ranks, and will be used for all numerals of password or symbol and encrypt relation and be shown to the user by display unit, the user is according to display reminding, true password is carried out encryption, and be transferred to CPU by input unit, CPU is encrypted according to key, decryption processing, obtain true password, password is correct, then the output unit user is legal, allow the instruction of visit, password is incorrect, then can carry out three inputs at most, if all incorrect, then output unit sends the refusal operational order.When the user needs change password, can reselect the encryption safe rank after, encrypt the new true password of input again.Memory cell is used to store true password and amended true password.
The present invention is a kind of dynamic input method of true password of public encryption mode, this method utilizes computer system to realize, by CPU, display unit, input unit, output unit, memory cell with can form, it is characterized in that comprising the steps: by the user that the information that display unit provides is carried out encryption
1.1 when the user stamps the card or visits by mode requests such as networks, at first dynamically generate the tick lables of three different encryption safe rank correspondences and the numeral flag 301 of representative by CPU 103 electronics random number generators;
1.2 dynamically show three different encryption safe ranks selection displayed map 101-1 by display unit 101, its position 201 is not fixed;
Other selects 302 to be dynamic 1.3 the user is to three encryption safe levels, and it is elementary, intermediate and senior that rank is divided into;
When 1.4 the rank of selecting as the user is elementary and intermediate, once dynamically generate corresponding key by CPU, the primary key 303-1 that generates is complete zero, be true password with encrypt after password identical, middle rank key 303-2 can be used for the numeral of password or a kind of method that rearranges of symbol, is a kind of single table substitution cipher;
1.5 numeral or the symbol 315 that all can be used for password carried out encryption by primary key 303-1, intermediate key 303-2;
1.6 a kind of corresponding relation according to key is encryption 304 to the process that true password converts encrypted ones to;
1.7 on display unit enciphered message displayed map 101-2, can see the shown encrypt relation of different encryption safe ranks, promptly 401,402;
1.8 the encryption safe rank that the user selects according to oneself, according to the encrypt relation that shows on 401,402, by input unit 104, true password 305-1 is imported in the disposable encryption of user;
1.9 CPU adopts identical key, and encrypted ones is converted to true password, promptly is decrypted to handle 306;
When 1.10 the rank of selecting as the user is senior, be word for word to encrypt, unified deciphering, its key is a kind of multilist substitution cipher, at first is 1 promptly 311 with encrypted ones figure place variable k definition initial value, and generates the key 303-3 of k position password;
1.11 the key 303-3 of k position password will be used for the encrypt relation 313 that the numeral of password or symbol 315 carry out encryption 304 and show k position password, promptly show on 401,402;
Whether finish 314 1.12 differentiate input,, encrypt input k position password 305-2, again figure place variable k is increased by 1, and repeat above process, until finishing if input is not finished;
1.13 if input is finished, the input validation key is represented to import and is finished, and is decrypted processing 306 according to key;
To true password encryption, 1.14 CPU is decrypted into true password to the user on the basis of above-mentioned elementary, intermediate, senior three level of securitys, is not true password match? 307;
1.15 consistent with the true password 316 that system memory unit reads, password correctly promptly mates, then output unit sends: the user is legal, allows the instruction 308 of visit or operation, simultaneously to key 317 zero clearings;
1.16 inconsistent with the true password 316 that system memory unit reads, password incorrect (not matching), the user need reselect the encryption safe rank, and encrypts input once more;
1.17 judge the number of times that do not match, does the number of times that do not match reach three times not? 309;
1.18 all do not pass through if encrypt input for 3 times, then 106 couples of users of output unit send: refusing user's operational order 310;
1.19 when the user need revise true password, will determine that at first new true password begins 500 again;
1.20, encrypt the new true password 501 of input by above-mentioned steps according to the encryption safe rank that the user selects;
Whether reach 2 times 502 1.21 judge the input number of times, if not enough twice need are encrypted input again;
1.22 whether twice true password is identical 503, if difference then should be encrypted twice true password of input again, as if identical, revises successfully;
1.23 revise the true password 504 of cell stores, revise and finish 505.
As described in 1.1 steps, CPU can dynamically generate random number, and can carry out basic logic operations, generates key, and the dynamic encryption of information is provided, and the user is imported deciphering;
As described in 1.2 steps, the selection of dynamic encryption level of security can be pointed out and show to display unit, points out and the encryption method that shows true password is corresponding relation and shows input state;
Have and to select the encryption safe rank by the information that display unit provides as 1.3,1.4 described users, can keep true password firmly in mind, and be the encryption that corresponding relation is realized true password, and can realize the input of encrypted ones by the encryption information that display unit provides;
As described in 1.8 steps, the input unit 104 with information input function is an input equipment, can import encryption safe rank and encrypted ones that the user selects, as keyboard, mouse etc.
As three different encryption safe ranks as described in 1.2,1.3 steps is that three different values that CPU utilizes the electronics random number generator dynamically to generate are 0~9 integer representative; The encryption level of acquiescence is elementary, and its display position is at random;
As key under the described different encryption safe ranks of 1.4,1.5,1.6,1.9,1.10,1.11 steps is to utilize the electronics random number generator dynamically to generate key, finishes encrypting and decrypting processing back zero clearing.
As key and display unit as described in 1.4,1.5,1.6,1.7,1.9,1.10 steps, key is that the numeral of encryption front and back or a kind of corresponding relation of symbol are substitution cipher, openly be presented at the screen below correspondingly with two row, wherein first behavior shows numeral or the symbol 401 that can be used for true password in order, numeral or symbol that numeral during corresponding numeral or symbol 402 in a following behavior encrypted ones, encryption are gone first exactly or symbol correspondence change the second row correspondence position into; The encryption that the user implements true password is exactly by the true password of basis after the prompting selection encryption safe rank of display unit, and according to the encryption method of screen prompt, password and the input after corresponding the encryption found out in disposable (elementary, middle rank) or step-by-step (senior) in second row; One of the every input of password, show on 403 one * number, the input figure place is identical with the figure place of password.
As described in 1.9 steps, when CPU is received the input validation signal, by with encrypt identical dynamic key, the encrypted ones of user's input is decrypted, promptly by the reverse corresponding true password that obtains of corresponding relation when encrypting.
That three different random integers are as described represented respectively is elementary, middle rank and senior three encryption safe ranks, and when encryption safe level when being elementary, its key is zero entirely, and promptly shown two line number words or symbol content and position are identical; When the encryption safe rank is middle rank, its key is that a kind of single table substitution cipher is a kind of replacement one to one, numeral that this moment is different or symbol are different after encrypting, what identical numeral or symbol were encrypted must be identical, all numerals or the symbol that will can be used for password by this key are encrypted, and be presented in second row 402 of display unit, and first row 401 is numeral or symbol before the unencryption; When encryption safe rank when being senior, key is a multilist substitution cipher, its corresponding relation will be according to the figure place difference of password and one of the every at once input of difference, to show substitution cipher with a list, to can be used for all numerals of password or symbol carries out word for word or step-by-step is encrypted by this key, behind every encryption one word or one, change the password table, numeral that this moment is identical or symbol may be different after encrypting, different numerals or symbol may be identical after encrypting, all numerals or the symbol that will can be used for password by this key are encrypted, and are presented in second row 402 of display unit.
If it is dynamic that described three encryption safe ranks are selected, comprise that the position that three ranks show is uncertain, and the numeral of each rank correspondence is uncertain, CPU utilizes random number generator to generate three different 0~9 denumerable, as i, j, k, here to represent the encryption safe rank be elementary to i, on behalf of the encryption safe rank, j be middle rank, it is senior that k represents the encryption safe rank, and three positions can be with three numbers 1,2,3 expressions, the while 1,2,3 represent that also the encryption safe rank is respectively elementary, intermediate and senior, CPU utilizes random number generator to this three numbers random alignment once more, obtaining other concrete display position of three levels, is 3 as first number, input k when then first position indicating encryption safe rank is senior, second number is 1, input i when then second position indicating encryption safe rank is elementary, the 3rd number is 2, input j when then the 3rd position indicating encryption safe rank is middle rank.
When if described encryption safe rank is elementary, its key is zero entirely, so its encrypt relation is O
i→ S
i, i=0,1,2 ..., k-1, this moment, k can be used for the numeral of password or the number of symbol, (O here
iAnd S
iBefore representative is encrypted respectively with encrypt after numeral or symbol, as follows) this moment CPU directly with O
iAs S
i, i.e. O
i=S
i, when corresponding to numeral, O
i=i, i=0,1,2...9, when corresponding to numeral or symbol, O
iAnd S
iCan be 0 to 9 numeral or upper and lower case letter and symbol etc.;
If when described encryption safe rank was middle rank, its encrypt relation was O
i→ S
i, i=0,1,2 ..., k-1, this moment, k can be used for the numeral of password or the number of symbol, and by the substitution cipher encryption method, CPU is with O
i, rearrange and obtain S
i, form a kind of replacement, i=0 here, 1,2 ..., k-1 encrypts by this kind method, and different encryption methods is total
Kind, n<k here, or k! Individual, n>k here, n is the figure place of true password;
If described encryption safe rank is senior, its encrypt relation is for being O
i→ S
Ij, this moment O
iNumeral or symbol before representative is encrypted, S
IjRepresent before the i bit encryption and numeral or symbol after encrypting, system is with O
iAgain press arbitrary order to O by the difference of figure place i
iThe full arrangement and obtain S
Ij, i=0,1 ... n-1; J=0,1 ... k-1, promptly form the multilist substitution cipher, k is the numeral that can be used for encrypting or the number of character here, because replacement is for multilist, the total n of encryption method that this moment is different
kIndividual, wherein n is the figure place of password.
When if described encryption safe rank is elementary and intermediate, when the user imports, when entering the password interface of display unit, at first display unit shows encrypt relation, be true password with encrypt after the corresponding relation of password be monoalphabetic cipher, promptly single table replacement, disposable numeral that finds true password of user's this moment or symbol correspond to numeral and the symbol after the encryption, and once input in order, and confirm.
When if described encryption level is senior, when the user imports, when entering the password interface of display unit, display unit shows that encrypt relation is a polyalphabetic cipher, it is the multilist replacement, its password table is a plurality of tables, it is password table of each needs of password, only show a password table during screen display, i.e. the Crypted password table of this password that will import at that time is when this bit encryption password has been imported, the password table is updated to the password table of next position immediately, by turn import in order according to the prompting of password table this moment, and confirm.Advantage of the present invention and good effect:
1. really realized the dynamic generation of key: because the key that is used for encrypting and decrypting among the present invention is the random number that generates when the user asks to login or concludes the business, and withdrawing from or automatic clear during closing the transaction the dynamic characteristic that the dynamic generation that has therefore really realized key uses that the back is dynamically removed etc.
2. ciphering process is realized by the user: in whole encrypting and decrypting process, because the commentaries on classics of the ciphering process of true password is realized by the user, true password does not occur in input process, password after the just encryption of user's input, even same user is when importing for the second time, encrypted ones all can be different, therefore, do not leak when being afraid of the password input, really realized the dynamic password input when true password is constant.
3. the selection of encryption safe rank is dynamic with demonstration: for making transaction safer, the selection of the level of security among the present invention also is dynamic, promptly the position of different stage is not fixed on three positions of appointment, numeral that each rank is used is unfixed, even minimum like this level of security, because others does not know its level of security, still has good fail safe.
4. prevent to decode function: the main purpose of decoding is to decode key, and the present invention dynamically produces key, and all different at every turn, it is meaningless therefore to decode key, if the content of encryption rule and input not simultaneously, intactly in sight, just can guarantee fail safe.As bank's automatic-teller-machine systems, when others will see input information, just can not see encryption rule simultaneously, unless use video tape recorder record input information down, simultaneously again with camera according to the information on the sub-screen, just can decode.But this is easy to be found by the user, if the true password of user's time update is then decoded and will be failed.For network application, the input that the hacker can only the monitoring user keyboard is difficult for monitoring all the elements of user's screen display, and therefore, it also is safe that input method of the present invention is used for network, so its preventing decryption function is very strong.For encryption safe rank three, can be described as safest, because the user can autotelicly go in the true password each concrete numeral and encrypt after numeral, and input, even but others is also seeing screen prompt simultaneously, be difficult to accomplish to see clearly the particular content of all corresponding relations and your input, and the user sees it is autotelic, only see the encrypted result of corresponding positions, and the password table changes at once when the user inputs a certain position password, and generation Xinmi City code table, and prompting input next bit, the user does not stop the long time when the password of a certain position of input because the content of password table is added continuous variation more like this, and then others (code breaker) is difficult to obtain your true password.In addition, the present invention does not have specific installation, the destructiveness loss that has prevented concentrated decoding or the user has been caused because of device losses.
5. method is easy is easy to practicality: the method that the present invention relates to just produces and is suitable for different other random keys of encryption safe level, encryption method is provided, input is deciphered and affirmation, and what encrypt employing is safe substitution cipher, so has simple and practical characteristics.
6. applicable surface is very wide: from application point, not only can be used for particular places such as bank debits, can also be used for the various application on the network, as login of the Internet bank, shopping at network, online game, online chat and various members etc.From user perspective owing to adopted different encryption safe ranks, for same application, can satisfy dissimilar users' demand to greatest extent, as the bank debits system, can use the former system that withdraws the money as long as only recognize the people of numeral, then use minimum level of security, still get final product with former method input, can select the encryption safe rank according to different requirements for skilled user is middle rank or senior.From compatible angle, apply close processing because the encryption safe rank is unreal when being elementary, therefore the same with input method and original system, the compatible characteristic of former system does not know that owing to others' encryption level still has certain fail safe simultaneously.Native system also can be used for password (password) the encryption input of advanced digital coded lock in addition.
7. change very little to existing system, do not need specific installation: because the present invention has just added other function that an encryption processing module does not change original system before the input validation in original system, therefore only need software upgrading to get final product, do not need independent equipment, make the present invention very easily promote.
8. because the present invention still has the function of change password, even find that input is monitored as long as the timely true password of (before password is not cracked) time update then can increase the fail safe of system greatly.
Description of drawings
Fig. 1 is the dynamic input method block diagram of a kind of password of public encryption mode.
Fig. 2 is the dynamic input method flow chart of a kind of password of public encryption mode.
The true password modification process of Fig. 3 figure.
Fig. 4 display unit encryption safe rank is selected displayed map.
Fig. 5 display unit enciphered message displayed map.
Execution mode
Password is directly to import true password in the original system, can replace its password for the pairing program technic of the present invention and import pairing interface and module, and other parts all can be constant, can move after the compiling.
The user is by after stamping the card or otherwise entering operation interface, at first enter selection interface 101-1 as shown in Figure 1, require the user to select the difficulty or ease rank this moment, rank is distinguished delegation's other Three Estates of encryption safe level with three the different numerals at random in 0 to 9 these 10 numerals, the user must select a certain rank, if do not select the encryption safe rank that can enter acquiescence automatically, as elementary some seconds (as three seconds).
To select level of security be elementary or default level during as the encryption safe standard as the user, and user's input method is consistent with existing traditional input mode, so its compatibility is good.As select in the screen display 201 of interface 101-1 that the 3rd position point out at this moment for the encryption safe rank be elementary, random number corresponding is 4, then the user imports 4, or do not import, spend some seconds, enter password inputting interface 101-2 this moment, can find that encrypt relation 401 participants 402 are identical, user's old password is " 123 ", then still import " 123 " this moment and press acknowledgement key and get final product, be equivalent to CPU 103 and be left intact because key 301 is zero full this moment, directly verifies 305.
When the user selects level of security is that middle rank is during as the encryption safe standard, press corresponding relation 401 and 402, password after the encryption is corresponding one by one with the numeral in the old password, can be disposable true password correspondence be found new password and disposable enter new password after the encryption, though unprincipled fellow's this moment can sniff input results but be useless, because this result is only effective at this moment, even the password of input also can be different when the same card was drawn for the second time, therefore can avoid causing damage because of password leaks, as select first position indicating in the screen display 201 of interface 101-1 be middle rank for the encryption safe rank, random number corresponding is 0, then the user imports 0, enter password inputting interface 101-2 this moment, can be by encrypt relation 401 and 402 the corresponding password that finds after the encryption, if user's old password is " 123 ", and corresponding relation by 401 and 402, if 1-〉4,2-〉9,3-〉2 ("-" is that corresponding relation is following identical here, password after then this moment input is encrypted be that " 492 " are also pressed acknowledgement key and got final product, even this moment, others saw that " 492 " also are useless, because true password is " 123 ".
When the user selects level of security senior during as the encryption safe standard, it encrypts basic principle and level of security is that middle rank is similar, but it is inequality, it is the relation of on the basis of level of security, removing disposable correspondence for middle rank, make the multilist corresponding relation into, promptly when a certain when position of entering password, corresponding relation 402 changes next substitution list at once into, what show is the corresponding relation of next bit, because the password table that different positions needs in the password is different, therefore different digital encryptions can be become identical numeral, therefore the quantity of its encrypted ones is with the exponential increase of figure place, thereby the decoding difficulty that makes the password after the encryption increases greatly or even can not decode (as using numeral, upper and lower case letter and symbol are as password) can be used for online securities futures exchange fully, the Internet banks etc. are to the safety system that has certain requirements, for example select second position indicating in the screen display 201 of interface 101-1 for the encryption safe rank be senior, random number corresponding is 5, then the user imports 5, enter password inputting interface 101-2 this moment, can find each of password after the encryption by the correspondence of encrypt relation 401 participants 402.
For example: user's old password be " 1a! ", and by 401 and 402 corresponding relation, in primary password table, establish 1-*; this moment is input * earlier, and then this moment, password table 402 changed, and second password of prompting input, again by corresponding relation 401 and 402; find a-〉0, input 0 back corresponding relation 401 and 402 is updated once more, at this moment as if!-x then imports x again and confirms and get final product this moment, can find that thus old password is " 1a! " password after the encryption is " * 0x ".
If only use numeral as password, for example: when word only peeked in password, true password is 123, and 1-in the first password table〉4, first input 4 this moment, and prompting is imported second, 2-in the second password table〉8, first input 8 this moment, and prompting is imported the 3rd, 3-in the 3rd password table〉4, actual input 4 this moment also press acknowledgement key, and end of input then, true here password are 123 and the actual encrypted ones of importing is 484, wherein contain with number but do not have identical number in the true password, so fail safe is higher.
When the user selects the encryption safe rank is elementary, middle rank or when senior, press said process input, password of every input, show on 403 one * number, the input figure place is identical with the password figure place, empirical tests is consistent with the system true password in Central Plains, show on the screen that password is correct, allows visit.When all not passing through checking through three inputs, then explicit user is illegal on the screen, and stops every operation, and the user sends operation requests up to next bit.
When the user needs change password, repeat to import twice by said process, and the password that satisfies after the deciphering is identical, then revises successfully.
Fig. 1 is a block diagram of the present invention.104 is input units among the figure, when the user logins by input unit 104 or stamps the card transaction, input unit is given processing unit 103 with request message transmission, CPU 103 is shown to user 105 by display unit 101 with encryption safe rank selection information, user 105 passes to CPU 103 with the encryption safe rank that chooses by input unit 104 by input unit, other selects to generate dynamic key to CPU 103 according to the encryption safe level, and will can be used for all numerals of password or symbol and give user 105 by display unit 101 by numeral after this secret key encryption or symbol, the user is the corresponding relation of screen display according to encrypt relation, with the i.e. property or word for word encrypt again of true password encryption of oneself, and inputing to CPU 103 by input unit 104, be decrypted into true password by CPU 103 this moment.True password after memory cell is used to store the true password of user and stores user's modification.Output unit 106 is this method and extraneous interface section, and the user is legal, then allows further operation or visit by output unit, and the user is illegal, then can not further visit by output unit.
Here, CPU 103 is to have the processor that produces functions such as random number, can be single-chip microcomputer, main frame or server etc.Can generate random number, be used to represent different encryption safe ranks and generate key under the different encryption safe ranks, and can encrypt, decryption processing; Display unit 101 is the various displays that can have information display function, is used to show the prompting of other prompting of encryption safe level and encryption rule; User 105 that can encryption, be meant that the user can see display unit prompts displayed information clearly, and the encryption method of the own true password of understanding, can carry out encryption to oneself true password by a certain encryption safe rank, here, as long as can see numeral or symbol clearly, and the processing that can replace by the substitution rule of screen prompt, the usefulness that oneself true password is replaced into encrypted ones per family can; Computer keyboard, numeric keypad, touch screen and some keyboard specials etc. of information such as input unit 104 can be can input character, symbol are used for input digit and symbol; Memory cell 102 can be password information of storing among disk file, network data library file and the ROM etc.
Fig. 2 is a flow chart of the present invention, and this figure is the detailed description of Fig. 1, and display unit 101 is broken down into demonstration 201 of encryption safe rank and encrypt relation demonstration 401,402 among Fig. 1; CPU 103 is decomposed into the encryption safe rank and generates processing and produce 303 corresponding to other key of different encryption safe levels, also comprise parts such as encryption 304, decryption processing 306, optionally numeral is possible numeral or the symbol that can be used for password with symbol 315.
When the user by stamping the card or when visiting by network requests, at first by processing unit 103 generate different level of securitys sign 301, be the diverse location sign of different level of security correspondences and the numeral flag of representative, show different level of securitys by display unit 101-1, select 302 by the user this moment, when the level of security of selecting when being elementary or intermediate, system once generates corresponding encryption key 303-1,303-2, key among the 303-1 is complete zero, key among the 303-2 is to can be used for the numeral of password or a kind of method that rearranges of symbol, key carries out encryption 304 with numeral or the symbol that all can be used for password thus, and by display unit 101 demonstration encryption methods 401,402, this moment, the user can be disposable with the true password encryption of oneself and by input unit 104 input 305-1, system then deciphers 306 with identical key to it, and when the level of security of selecting with the user when being senior, at the beginning of with level of security being, what middle rank was different is not to be the true password of disposable encryption, but word for word encrypt, unified deciphering, its characteristics are, to point out the figure place variable k of the encrypted ones of input to be defined as 1, promptly 311, to level of security is that middle rank is similar, generate a kind of key 303-3 of aligning method, the key numeral or the symbol 315 that will be used for password carries out encryption thus, and show encrypt relation 311 (promptly 401,402), do not finish if import this moment, then import the encrypted result of corresponding positions, figure place variable k adds 1, and repeat above process, finish until input, this moment the input validation key, the expression input is finished, and by decryption processing 306 deciphering, encryption input for above three kinds of level of securitys, whether the result who decrypts is that differentiation 307 done in true password, consistent with the true password 316 that system memory unit reads, illustrate that then the user is legal, allow user capture, and to key zero clearing 317, if do not conform to, then can repeat above process and promptly reselect level of security, and encrypt and import, if three inputs are not all passed through, but then refusing user's grasps 310.
Fig. 3 is true password modification process figure, user after the login is through the 500 true passwords that begin to revise oneself, decide the new true password of oneself earlier, the new true password of process encryption input of pressing Fig. 2 is that the encryption safe rank is selected by elder generation, and by importing 501 behind the new true password encryption of prompting with oneself, judge that the number of times of encrypting the new true password of input is if not enough twice of number of times is encrypted enter new password again this moment again, if enough twice, judge then whether the true password after twice deciphering is identical, if identical, then revise successfully, and revise memory cell 504, if unsuccessful, also to encrypt twice new true password of input again.
Fig. 4 display unit encryption safe rank is selected displayed map, 201a, 201b and 201c are for being used to show three other positions of encryption safe level, but specifically which position display is any rank, to determine at random by CPU, and the numeral of each rank representative also is at random, 403 are the input prompt frame, when the random number of representing different stage is difficult for being found, the position of different stage correspondence also can be fixed, can be safely elementary other with rank as default security level, when promptly rank not being selected, CPU entered this level of security automatically after some seconds.
Fig. 5 is a display unit enciphered message displayed map, be that encrypted ones shows and inputting interface, be the password input frame this moment 403, can be shown as " * " number during input, 401 and 402 is to be used to show that the information indicating of encrypt relation is capable, and first row 401 is for can be used for the numeral or the symbol of password, its order can be a consecutive order clocklike, but second row 402 is numeral or symbol after encrypting, and it is elementary removing the encryption safe rank, all irregular.
Claims (9)
1. the password dynamic encryption input method of a public encryption method, this method utilizes computer system to realize, by CPU (103), display unit (101), input unit (104), output unit (106), memory cell (102) with can form, it is characterized in that comprising the steps: by the user (105) that the information that display unit provides is carried out encryption
1.1 when the user stamps the card or visits by the network mode request, at first dynamically generate the tick lables of three different encryption safe rank correspondences and the numeral flag (301) of representative by CPU (103) electronics random number generator;
1.2 dynamically show three different encryption safe ranks selection displayed map (101-1) by display unit (101), its position (201) are not fixed;
1.3 the user is dynamic to three other selections of encryption safe level (302), rank is divided into elementary, middle rank and senior is when the user selects to enter step 1.4 when elementary or intermediate, when the user selects to enter step 1.15 when senior;
When 1.4 the encryption safe rank of selecting as the user is elementary and intermediate, once dynamically generate corresponding key by CPU, the primary key (303-1) that generates is complete zero, be true password with encrypt after password identical, middle rank key (303-2) is a kind of single table substitution cipher for can be used for the numeral of password or a kind of method that rearranges of symbol;
1.5 numeral or the symbol (315) that all can be used for password carried out encryption by primary key (303-1), intermediate key (303-2);
1.6 the process of encryption (304) is according to key, true password to be converted to encrypted ones;
1.7 on display unit enciphered message displayed map (101-2), can see the shown encrypt relation of different encryption safe ranks, i.e. numeral or symbol (402) after numeral before the unencryption or symbol (401), the encryption;
1.8 the user is according to the encryption safe rank of oneself selecting, numeral or symbol (402) according to the numeral before the unencryption or symbol (401), after encrypting are gone up the encrypt relation that shows, by input unit (104), true password (305-1) is imported in the disposable encryption of user;
1.9 CPU (103) adopts identical key, and encrypted ones is converted to true password, promptly is decrypted processing (306);
1.10 the result that CPU (103) decrypts with true password match denys? CPU is done differentiation (307);
1.11 consistent with the true password (316) that system memory unit reads, password correctly promptly mates, then output unit (106) sends: the user is legal, allows the instruction (308) of visit or operation, simultaneously to key (317) zero clearing;
1.12 inconsistent with the true password (316) that system memory unit reads, password is incorrect promptly not to match, and judges the number of times that do not match, does the number of times that do not match reach three times not? (309);
If, then return step 1.1 1.13 do not reach three times;
1.14 all do not pass through if encrypt input for 3 times, then output unit (106) sends refusal operational order (310), process ends to the user;
1.15 according to step 1.3, when the rank of selecting as the user is senior, be word for word to encrypt, unified deciphering, its key is a kind of multilist substitution cipher, is 1 (311) with encrypted ones figure place variable k definition initial value at first, and generates the key (303-3) of k position password;
1.16 the key (303-3) of k position password will be used for the encrypt relation (313) that the numeral of password or symbol (315) carry out encryption (304) and show k position password, promptly numeral before unencryption or symbol (401), the numeral after encrypting or symbol (402) are gone up and are shown;
Whether finish (314) 1.17 differentiate input,, encrypt input k position password (305-2), again figure place variable k is increased by 1, regenerate the key (303-3) of k position password, and repeating step 1.16 is to step 1.17 process, until finishing if input is not finished;
1.18 if input is finished, the input validation key is represented to import and is finished, and is decrypted processing (306) according to key;
1.19 carry out step 1.10-1.14.
2. a kind of according to claim 1 password dynamic encryption input method of public encryption mode is characterized in that:
As described in step 1.1, CPU (103) can dynamically generate random number, and can carry out logical operation, generates key, and the dynamic encryption of information is provided, and the user is imported deciphering;
As described in step 1.2, the selection of dynamic encryption level of security can be pointed out and show to display unit (101), points out and the encryption method that shows true password promptly shows corresponding relation and shows input state;
Have and to select the encryption safe rank by the information that display unit (101) provide as step 1.3,1.4 described users, can keep true password firmly in mind, and be the encryption that corresponding relation is realized true password, and can realize the input of encrypted ones by the encryption information that display unit (101) provides;
As described in step 1.8, the input unit (104) with information input function is an input equipment, can import encryption safe rank and encrypted ones that the user selects.
3. a kind of according to claim 1 password dynamic encryption input method of public encryption mode is characterized in that:
As three different encryption safe ranks as described in the step 1.2,1.3 is that three different values that CPU (103) utilizes the electronics random number generator dynamically to generate are 0~9 integer representative; The encryption level of acquiescence is elementary, and its display position is at random;
Key is to utilize the electronics random number generator dynamically to generate key during as step 1.4,1.5,1.6,1.9,1.15,1.16 described different encryption safe ranks, zero clearing after finishing encryption, decryption processing (317).
4. a kind of according to claim 1 password dynamic encryption input method of public encryption mode is characterized in that:
As key as described in the step 1.4,1.5,1.6,1.7,1.9,1.15, key is that the numeral of encryption front and back or a kind of corresponding relation of symbol are substitution cipher, openly be presented at the screen below correspondingly with two row, wherein first behavior shows numeral or the symbol (401) that can be used for password in order, numeral or symbol that numeral during corresponding numeral or symbol (402) in a following behavior encrypted ones, encryption are gone first exactly or symbol correspondence change the second row correspondence position into; The encryption that the user implements true password is exactly by the true password of basis behind the prompting selection encryption level of display unit, and, in second row, find out or password and input after corresponding the encryption are found out in senior step-by-step by elementary, middle rank is disposable according to the encryption method of screen prompt; One of the every input of password, input prompt frame (403) go up to show one * number, the figure place of input is identical with the password figure place.
5. a kind of according to claim 1 password dynamic encryption input method of public encryption mode is characterized in that:
As described in step 1.9, when CPU is received the input validation signal, by with encrypt identical dynamic key, the encrypted ones of user's input is decrypted processings (306), i.e. the reverse corresponding true password that obtains of corresponding relation by with encryption the time.
6. as the password dynamic encryption input method of a kind of public encryption mode as described in the claim 3, it is characterized in that:
That three different values as described are that 0~9 integer is represented respectively is elementary, middle rank and senior three encryption safe ranks, and when encryption safe level when being elementary, its key is zero entirely, and promptly shown two line number words or symbol content and position are identical; When the encryption safe rank is middle rank, its key is that a kind of single table substitution cipher is a kind of replacement one to one, numeral that this moment is different or symbol are different after encrypting, what identical numeral or symbol were encrypted must be identical, to can be used for all numerals of password or symbol is encrypted by this key, and be presented in second row (402) of display unit and first row (401) is numeral or symbol before the unencryption; When encryption safe rank when being senior, key is a multilist substitution cipher, its corresponding relation will be according to the figure place difference of password and difference is one of every input, to show substitution cipher with a list, to can be used for all numerals of password or symbol carries out word for word or step-by-step is encrypted by this key, behind every encryption one word or one, change the password table, numeral that this moment is identical or symbol may be different after encrypting, different numerals or symbol may be identical after encrypting, all numerals or the symbol that will can be used for password by this key are encrypted, and are presented in second row (402) of display unit.
7. as the password dynamic encryption input method of a kind of public encryption mode as described in the claim 6, it is characterized in that:
When if described encryption safe rank is elementary, its key is zero entirely, so its encrypt relation is O
i→ S
i, i=0,1,2 ..., k-1, this moment, k can be used for the numeral of password or the number of symbol, O here
iAnd S
iRepresent before encrypting respectively and numeral or symbol after encrypting, as follows, CPU is directly with O at this moment
iAs S
i, i.e. O
i=S
i, when corresponding to numeral, O
i=i, i=0,1,2...9, when corresponding to numeral or symbol, O
iAnd S
iCan be 0 to 9 numeral or upper and lower case letter and symbol etc.;
If when described encryption safe rank was middle rank, its encrypt relation was O
i→ S
i, i=0,1,2 ..., k-1, this moment, k can be used for the numeral of password or the number of symbol, and by the substitution cipher encryption method, CPU is with O
i, rearrange and obtain S
i, form a kind of replacement, i=0 here, 1,2 ..., k-1 encrypts by this kind method, and different encryption methods is total
Kind, n<k here, or k! Individual, n>k here, n is the figure place of true password;
If described encryption safe rank is senior, its encrypt relation is for being O
i→ S
Ii, this moment O
iNumeral or symbol before representative is encrypted, S
IiRepresent before the i bit encryption and numeral or symbol after encrypting, system is with O
iAgain press arbitrary order to O by the difference of figure place i
iThe full arrangement and obtain S
Ij, i=0,1 ... n-1; J=0,1 ... k-1, promptly form the multilist substitution cipher, k is the numeral that can be used for encrypting or the number of character here, because replacement is for multilist, the total n of encryption method that this moment is different
kIndividual, wherein n is the figure place of password.
8. as the password dynamic encryption input method of a kind of public encryption mode as described in the claim 7, it is characterized in that:
When if described encryption safe rank is elementary and intermediate, when the user imports, when entering the password interface of display unit, at first display unit shows encrypt relation, be true password with encrypt after the corresponding relation of password be monoalphabetic cipher, promptly single table replacement, disposable numeral that finds true password of user's this moment or symbol correspond to numeral and the symbol after the encryption, and once input in order, and confirm.
9. as the password dynamic encryption input method of a kind of public encryption mode as described in the claim 7, it is characterized in that:
When if described encryption level is senior, when the user imports, when entering the password interface of display unit, display unit shows that encrypt relation is a polyalphabetic cipher, it is the multilist replacement, its password table is a plurality of tables, it is password table of each needs of password, only show a password table during screen display, i.e. the Crypted password table of this password that will import at that time is when this bit encryption password has been imported, the password table is updated to the password table of next position immediately, by turn import in order according to the prompting of password table this moment, and confirm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100110192A CN100459495C (en) | 2004-08-01 | 2004-08-01 | Password dynamic enciphering inputmethod of public emipering mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100110192A CN100459495C (en) | 2004-08-01 | 2004-08-01 | Password dynamic enciphering inputmethod of public emipering mode |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1599313A CN1599313A (en) | 2005-03-23 |
| CN100459495C true CN100459495C (en) | 2009-02-04 |
Family
ID=34662680
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100110192A Expired - Fee Related CN100459495C (en) | 2004-08-01 | 2004-08-01 | Password dynamic enciphering inputmethod of public emipering mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100459495C (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100445923C (en) * | 2005-09-23 | 2008-12-24 | 鸿富锦精密工业(深圳)有限公司 | Computer protection system and method |
| CN100556042C (en) | 2006-03-10 | 2009-10-28 | 腾讯科技(深圳)有限公司 | A kind of accounts security management system and method based on instant messaging |
| JP4798088B2 (en) * | 2007-07-11 | 2011-10-19 | 沖電気工業株式会社 | Input display device |
| US8761402B2 (en) * | 2007-09-28 | 2014-06-24 | Sandisk Technologies Inc. | System and methods for digital content distribution |
| JP5374752B2 (en) * | 2009-01-19 | 2013-12-25 | 株式会社東芝 | Protection control measurement system and apparatus, and data transmission method |
| CN101819662A (en) * | 2010-01-27 | 2010-09-01 | 江苏华安高技术安防产业有限公司 | Communication terminal for realizing means of payment based on handwriting identification and realization method thereof |
| CN101783805B (en) * | 2010-03-01 | 2013-04-17 | 田耕 | Method for encrypting communication by adopting dynamic vector matrix |
| CN103166924B (en) * | 2011-12-14 | 2017-11-03 | 中国银联股份有限公司 | The security information interaction system and method for feature based Parameter analysis |
| CN103324303A (en) * | 2013-07-16 | 2013-09-25 | 褚万青 | Random code input method and random code unlocking method |
| CN105306200B (en) * | 2014-06-09 | 2019-06-21 | 腾讯科技(深圳)有限公司 | The encryption method and device of network account password |
| CN107204918A (en) * | 2016-03-16 | 2017-09-26 | 无锡十月中宸科技有限公司 | A kind of Yunan County's full gateway and cloud security system |
| CN107204917A (en) * | 2016-03-16 | 2017-09-26 | 无锡十月中宸科技有限公司 | A kind of Yunan County's full gateway and cloud security system |
| US10146927B2 (en) * | 2017-04-03 | 2018-12-04 | Fujitsu Limited | Dynamic keypad for access code input |
| CN110598421B (en) * | 2018-06-13 | 2021-10-15 | 杭州海康威视数字技术股份有限公司 | Two-dimensional code encryption method and device and two-dimensional code decryption method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2000074345A1 (en) * | 1999-05-28 | 2000-12-07 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for secure communication |
| JP2002281558A (en) * | 2001-03-19 | 2002-09-27 | Ntt Docomo Inc | Mobile communication terminal equipment and server |
| CN1479483A (en) * | 2002-08-26 | 2004-03-03 | 联想(北京)有限公司 | Method of realizing safe and reliable interconnection between network equipments |
| CN1512355A (en) * | 2002-12-30 | 2004-07-14 | 成都三零盛安信息系统有限公司 | Code signature verifying method of ELF file form |
-
2004
- 2004-08-01 CN CNB2004100110192A patent/CN100459495C/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2000074345A1 (en) * | 1999-05-28 | 2000-12-07 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for secure communication |
| JP2002281558A (en) * | 2001-03-19 | 2002-09-27 | Ntt Docomo Inc | Mobile communication terminal equipment and server |
| CN1479483A (en) * | 2002-08-26 | 2004-03-03 | 联想(北京)有限公司 | Method of realizing safe and reliable interconnection between network equipments |
| CN1512355A (en) * | 2002-12-30 | 2004-07-14 | 成都三零盛安信息系统有限公司 | Code signature verifying method of ELF file form |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1599313A (en) | 2005-03-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100432889C (en) | System and method providing disconnected authentication | |
| CN100533456C (en) | Security code production method and methods of using the same, and programmable device therefor | |
| CN104270338B (en) | Method and its system that a kind of electronic identity registration and certification are logged in | |
| CN102782694B (en) | Apparatus, method and system for data security | |
| CN102932136B (en) | Systems and methods for managing cryptographic keys | |
| CN100576196C (en) | Content enciphering method, system and utilize this encryption method that the method for content is provided by network | |
| CN101765996B (en) | Device and method for remote authentication and transaction signatures | |
| CN101569132B (en) | Systems and methods for distributing and securing data | |
| US9467293B1 (en) | Generating authentication codes associated with devices | |
| RU2584500C2 (en) | Cryptographic authentication and identification method with real-time encryption | |
| CN105052072A (en) | Remote authentication and transaction signatures | |
| CN100459495C (en) | Password dynamic enciphering inputmethod of public emipering mode | |
| CN105103488A (en) | Policy enforcement with associated data | |
| CN101999132A (en) | A strong authentication token generating one-time passwords and signatures upon server credential verification | |
| CN101401341A (en) | Secure data parser method and system | |
| CN102187619A (en) | Authentication system | |
| CN109711834B (en) | Address management method for block chain cold wallet | |
| CN108199847A (en) | Security processing method, computer equipment and storage medium | |
| CN112653556A (en) | TOKEN-based micro-service security authentication method, device and storage medium | |
| CN101924734A (en) | Identity authentication method and authentication device based on Web form | |
| CN111107095A (en) | Public password management system based on hybrid encryption | |
| CN1980127A (en) | Command identifying method and command identifying method | |
| KR101577058B1 (en) | Method for Registering OTP Creation Condition | |
| WO2011058629A1 (en) | Information management system | |
| Davaanaym et al. | A ping pong based one-time-passwords authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090204 Termination date: 20150801 |
|
| EXPY | Termination of patent right or utility model |