CN100557556C - The online data encrypt and decrypt - Google Patents
The online data encrypt and decrypt Download PDFInfo
- Publication number
- CN100557556C CN100557556C CNB2005800298378A CN200580029837A CN100557556C CN 100557556 C CN100557556 C CN 100557556C CN B2005800298378 A CNB2005800298378 A CN B2005800298378A CN 200580029837 A CN200580029837 A CN 200580029837A CN 100557556 C CN100557556 C CN 100557556C
- Authority
- CN
- China
- Prior art keywords
- user
- image
- identifier
- server
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
For the data of being transmitted on the computer implemented network provide the System and method for of encrypt and decrypt, preferable way is, when being input into subscriber computer, for the authentification of user identifier data such as password provides encrypt and decrypt.Described System and method for makes the final user select a mark (214) according to one of the element of random alignment in the first of a graph image (202) reasonablely.A second portion (200) of graph image comprises an arrangement (230) of the possible element of any independent authentication identifier sequence, and its adjacent first is located.Described System and method for impels each element of user's input identifier by mobile mark selected with mark selected and a selected element appearing at the authentication identifier of the outer part required first of aliging substantially.According to an embodiment, image section is concentric wheel disc (200,202).According to another embodiment, image section is arranged by adjacent row (226,230).
Description
The disclosed a part of content of patent document comprises content protected by copyright.Work as patent document, be the disclosed content of this patent appear at patent office of acceptance patent document or the record in the time, this copyright owner does not oppose anyone to patent document, i.e. duplicating of the disclosed content of this patent, but all remain with all copyrights in any case at other.
Technical field
Generally speaking, the present invention relates to be used for the System and method for that provides encrypt and decrypt to comprise authentication to the issued transaction that will on Internet or other network, carry out, and relate to and be suitable for the user interface that in such System and method for, uses.
Background technology
Company and individual are constantly increasing by the amount of the online issued transaction that Internet carried out always with surprising rapidity.Responsive private identity information is generally used for the authentication to the user who carries out online issued transaction.The Internet issued transaction is to the increase that identity information uses, and caused these information to be blocked simultaneously and the increase of the danger that is stolen.Identity is stolen and is referred to someone uses other people password, user name, social insurance number, credit card number or other sign individual under situation about agreeing without other people information fraud that time violates.According to the investigation of in September, 2003 Federal Trade Commission (FTC), 2,730 ten thousand Americans encountered during nearest 5 years is crossed identity and is stolen, and wherein, only just has 9,900,000 people to meet with identity in 2002 and steals.According to the investigation of FTC, identity in 2002 is stolen and is caused company and financial institution to lose about altogether 48,000,000,000 dollars, it is said that the consumer who is injured has suffered 5,000,000,000 dollars economic loss.
A kind of form that identity is stolen is, the criminal offence of using the social engineering attack that is called " phishing " to implement.According to Internet encyclopedia Wikipedia, phishing is defined as by disguising oneself as such information is had the reliable people of real demand, with fraud to obtaining such as the rogue of sensitive personal information such as password and credit card details.Usually, phishing swindle conspiracy uses a camouflage Web website to generate email message, make the email message picture at first from a service provider trusty, for example the request that submits necessary information from the requirement of a certain bank or a certain businessman is such, appears on the Web website.The phishing email message generally includes and the linking of Web website, and also belong to the service provider as these links, but in fact, these links is used by " phisher ".The Web website of camouflage is attempted user cheating, lures that the user provides their password or other responsive personal information into.
The another kind of form that identity is stolen is, the criminal offence of using the attack that is called " pharming " to implement.In such attack, only be intended to implement the software of crime, the common mode of kidnapping or poisoning by DNS misleads website or acting server in rogue to the user of ignorant.Pharming has utilized the susceptibility of dns server software, and this susceptibility is for the hacker obtains the domain name of website, causes the business of this Web website of guiding another Web website that led again, and providing may.Dns server resolves machine into their actual address to the Internet name for being responsible for, and they are used as Internet " road sign (signposts) ".If receiving the Web website of the business that institute leads again is a pseudo-Web website, for example be a copy of a certain bank website, then can use it for " phish " or be used to steal computer user's password, PIN number, account number and/or other security information.
Various other rogue mechanism that are used to obtain the security information that the user imports are that people are familiar with.For example, comprise that the software of spying of Key Logger, click register and screen capture register is that people are very familiar to, and be used to this purpose.In addition, other type spy software, for example, spy on part, scout part, non-virus disease spare, hacker's utility routine, monitor that utility routine and Troy also are that people extremely understand.Again for example, " evil twins " attack and are also just becoming general day by day.Evil twins are a kind of homemade wireless access points, are also referred to as " focus ", and legal wireless access point of its disguise as is not to be the individual or company's information of collecting under the situation that the final user was discovered.The assailant its oneself be positioned at access point near, and allow its computer discovery legal access put employed name and radio frequency.It uses identical name then, by his radiofrequency signal of this frequency emission.For the present invention, spying software is anyly to help to obtain without permission such as the software program about the information of individual or mechanism.Usually spy software and also oneself is stashed, do not found by the user.Typically situation is, spies software and unanimously it oneself is installed on the user's computer without the user, and supervision or control are to the use of this equipment then.Each keystroke of user, all chat conversations, the Web website that all are accessed, each user and browser alternately, each application that is performed, document and all texts and image that each is printed, all may be spied software and be caught.Usually, spy software and can preserve the data of being caught partly, with/or the third party of the data transmission of being caught on Internet, modal situation is, under the situation of not discovering or agreeing, carry out this preservation and transmission without the user for the user.Key Logger and click register also may be the form of the hardware of the hardware that is connected between keyboard/mouse device cable and the computing machine or keyboard/mouse device device interior.
Use it for the another kind of the swindling taker that obtains secret, sensitive personal information and be called " (over the shoulder) behind " scouter.This scouter reads user's display in the dark, to obtain the information such as alphanumeric information or other form.For example, keypad and keyboard image are used for traditional graphical user interface that user data is imported, also are subject to the attack of schemes such as click register, screen capture register.By a unique graph image, for example by each alphanumeric character in the pixel presentation graphic interface that comprises numerical value 1.The screen capture register utilizes optical character identification (OCR) technology, click and corresponding alphanumeric graphic is deciphered, with the alphanumeric text characters of the reality of the ID that finds out the user and password.Perfect screen capture register also have the inspection that utilizes graph image and and size characteristic, with find out which identifier alphanumeric character corresponding to the data input during user's the ability of selected each graph image of click.Under these modes, or even when graphical user interface had rearranged the order of the alphanumeric character on keypad or the keyboard, the screen capture register also can obtain personal information.
Known antiviral and anti-scouting part software product is attempted to make the user can take precautions against some identity to steal.Yet these products can not provide the safety precaution of stealing, because they are natural reaction.Therefore, they all depend on a reproducible signature.Must constantly be upgraded them, and the only available degree that has been updated to them.They always are subject to the attack of the new virus or the form of attack.Therefore, the use to expired antiviral and anti-scouting part file provides the protection of minimum degree, at most, can be used for preventing that computer data is subjected to outside threat.Therefore, a shortcoming of these products is, must be constantly more new anti-virus and the anti-employed information of part program of scouting, to reflect newfound scheme.Except the current property that keeps Virus Info, described system also must periodically scan potential infection.
Firewall software provides an available additional defence line to the user.Firewall software is installed in (individual or company's fire wall) on the user's computer, with the warning user: a program in the user's computer whether under the situation that the user does not know or the user does not agree just in accesses network.Yet if a Troy jeopardizes one through the program of mandate and the safety of port, fire wall allows Troy by the port transmission data.
Transmission control protocol/Internet protocol (TCP/IP) is the basic communication agreement of Internet and some dedicated network.Hypertext transmission protocol secure (HTTPS) is a kind of safe Internet communication protocol based on TCP/IP, and it has used one to allow to use data stream encrypted to carry out the secure socket layer (ssl) agreement that secure data transmits.The fundamental purpose of HTTPS is in a kind of safe mode, to obtain the hypertext object from the remote host such as the Web page or leaf.Ssl protocol allows client computer, comprises Web browser and http server, connects a safety to communicate.SSL is used to encryption, source authentication and data integrity protect the mechanism of the information that is exchanged to be provided on unsafe public network as a kind of.These agreements have all been used in many E-business applications, to guarantee the safe transmission between server and the Internet.
Another shortcoming of the system that people were familiar with is that they rely on the people to some extent and remove to keep their safe condition.As described above, although taked safety precaution, but still may jeopardize user's the information and the safety of system.Other is taken precautions against the method that people were familiar with that identity steals and comprises: require the user to use one " token " in user's system or keep a digital certificate, to be used for the authentication during the registration process.Token is generally a required credit card of a certain service provider's of access system or the authenticate device of a key chain size.Token usually show change in time, with network on the numerical value that certificate server is synchronous.Token also can use a kind of inquiry at server/answer scheme.This method requires user to have token, and also imports the information that is used to authenticate except that password and PIN (PIN) according to token.Use a problem of token to be, except the safety that keeps desired password and PIN, the user also must keep the safety of token.In addition, with the losing or damage relevant consumer and support expense also to cause more problem of token.Therefore, also need a kind of security information that can be that safety guarantee is provided, but do not need to create and keep the expensive System and method for of hardware device to prevent that identity from stealing.
Summary of the invention
By the user interface that can encrypt the authentification of user voucher when being input into data in the user's computer is provided, and on computer implemented network actual provide to any can be by the encrypt and decrypt of the data of symbolic representation, according to System and method for of the present invention, overcome the shortcoming of known system and method, wherein, the symbol of expression data, for example, can be for usually by word processing or alphanumeric or other symbol that other software provided, and can be in such network or other symbol of being handled on such network.
An advantage according to System and method for of the present invention is, they provide the encryption to the authentification of user voucher in when input, therefore avoided information to be present in user's computer Anywhere with primitive form, thereby the information that prevented is subject to the weakness of tackling in user's computer, and is subject to the injury that rogue is in succession used.
Another advantage is that these System and method fors do not rely on and are used to prevent the stolen token of final user's online identity, card and other similar hardware unit, digital certificate, antivirus software or personal fire wall scheme.
More broadly, the invention provides such method, system and interface: be used for when being input into a client computers, carrying out data encryption, and in case at concrete issued transaction on the network or dialogue a user name is provided in long-range, a legal server, then in the enterprising line data deciphering of this server.Preferable way is to make that described data are to be used for identity data that this user is authenticated, wherein, create a correct authentication identifier at described user, and it is stored in the remote server, promptly it attempts to carry out before the dialogue of a concrete issued transaction therein, and the identification identifier that this is correct is stored in this remote server.Authentication identifier for by a certain predetermined order with/or a certain predetermined space, numerical value or other relation element that pre-determines number, character or the symbol arranged.A kind of encryption method and system comprise selects a basic graph image, generate the key data value that base is encrypted, by graphic interface randomly with limitedly at x axle and y axle top offset, randomly distort graphic interface, randomly distort the file size of graphic interface and the graphic interface that distorts randomly inspection and in any one or more action, give graphic attribute key assignments randomly.Generally speaking, deciphering at this method and system comprises that the user clicks a key on graphical keypad or the keyboard, transmission is searched corresponding key data value then at the key data value of the encryption of giving in advance of alphanumeric interface with at the shift value of dynamic socket from corresponding ciphered data.The System and method for of another kind of invention comprises a computer implemented system, be used for being provided at of the encryption of the moment that is input into a subscriber computer that communicates with a certain computer network of identifier to user identifier, and use the deciphering to identifier of a figure wheel disc interface to a server place that is arranged in a remote site on the network, wherein, figure wheel disc interface is made up of two on the graphoscope predefined zones, wherein, in first zone, user identifier comprises from by selected more than one alphanumeric element a certain tactic one group of predetermined alphanumeric character.Second area comprises a group element or the identifier that is called mark, and preferable way is mark of each sector, and preferable way is to be a non-alphanumeric characters.Then, by this second area of final user's displacement, so that the desirable identifier of each in its position and the first area sequentially is complementary, promptly by from one group of predetermined mark, choosing a known predetermined mark, then mark selected is input in the system, realizes this coupling.After each user imports an identifier elements, described predetermined tag set is carried out randomization.Owing to when beginning of conversation, know user name, displacement and the user identifier that is provided in server, so action that server can the anti-user of pushing away takes, with the sign mark selected, and one after the other the identifier that the user imported is associated with predetermined identifier, thereby can authenticates the user.
Server is adapted to pass through displacement is associated with first element at the user identifier of the previous user name that provides, initially determine one with the first user-selected relevant user-selected mark of sector.
With reference to following description, claims and accompanying drawing, with the present invention may be better understood these and other embodiment, characteristic, aspect and advantage.
Description of drawings
When combining with accompanying drawing 1~30, with reference to the following detailed description, above-mentioned aspect of the present invention, characteristic and significant advantage thereof, the easy to understand more that will become, in these figure:
Fig. 1 has illustrated an exemplary prior art systems that is used to import authentification of user;
But Fig. 2 has illustrated the exemplary prior art keypad graphical user interface of an input authentication information;
But Fig. 3 has illustrated the exemplary prior art keyboard graphical user interface of an input authentication information;
Fig. 4 is a block scheme, and a typical prior art system that can make the user information on the subscriber computer that connects via a certain network is input into a computer/server has been described;
Fig. 5 has illustrated a prior art keyboard image, and this keyboard image will help the explanation to the new features of embodiments of the invention illustrated in Fig. 6~10;
Fig. 6 has illustrated the keyboard figure authentication interface of the higher-security of preferred a, distortion type according to an embodiment of the invention;
That Fig. 7 has illustrated is preferred according to one of an optional embodiment of the present invention, the keyboard figure authentication interface of the higher-security of distortion type;
That Fig. 8 has illustrated is preferred according to one of an optional embodiment of the present invention, the keyboard figure authentication interface of the higher-security of distortion type;
That Fig. 9 has illustrated is preferred according to one of an optional embodiment of the present invention, the keyboard figure authentication interface of the higher-security of file size type;
That Figure 10 has illustrated is preferred according to one of an optional embodiment of the present invention, the keyboard figure authentication interface of the higher-security of file size type;
That Figure 11 has illustrated is preferred according to one of an optional embodiment of the present invention, the keyboard figure authentication interface of the higher-security of hash type;
That Figure 12 has illustrated is preferred according to one of an optional embodiment of the present invention, the keyboard figure authentication interface of the higher-security of hash type;
Figure 13 has illustrated a prior art keyboard image, and this keyboard image will help the explanation to the new features of embodiments of the invention illustrated in Figure 14~18;
Figure 14 has illustrated according to one of an optional embodiment of the present invention preferred, as to be offset the higher-security of type keyboard figure authentication interface;
Figure 15 has illustrated according to one of an optional embodiment of the present invention preferred, as to be offset the higher-security of type keyboard figure authentication interface;
Figure 16 has illustrated according to one of an optional embodiment of the present invention preferred, as to be offset the higher-security of type keyboard figure authentication interface;
Figure 17 has illustrated the keyboard figure authentication interface according to the higher-security of one of an optional embodiment of the present invention preferred, inspection and type;
Figure 18 has illustrated the keyboard figure authentication interface according to the higher-security of one of an optional embodiment of the present invention preferred, inspection and type;
Figure 19 is a block scheme, has illustrated at the user side of the embodiment of Fig. 6~18 and a preferred encrypt and decrypt process on the server end;
That Figure 20 has illustrated is preferred according to one of an optional embodiment of the present invention, the keyboard figure authentication interface of the higher-security of motion graphics roulette style;
Figure 21 has illustrated the keyboard figure authentication interface according to the higher-security of preferred, the dynamic slide plate type of an optional embodiment of the present invention;
Figure 22 is a block scheme, and a preferred encrypt and decrypt process at non-user individual mark embodiment of the present invention has been described;
Figure 23 is a block scheme, and a preferred encrypt and decrypt process at user individual mark embodiment of the present invention has been described;
Figure 24 is a block scheme, and a preferred client processes flow process of the encrypt and decrypt that is used for embodiments of the invention has been described;
Figure 25 is a block scheme, has illustrated that a prior art client/server that is used for verification process is mutual;
Figure 26 is a block scheme, has illustrated that a preferred client/server encryption and that be used for embodiments of the invention is mutual;
Figure 27 is a block scheme, and a verification process has been described;
Figure 28 is a block scheme, and a preferred verification process that is used for embodiments of the invention has been described;
Figure 29 is a preferred pseudo-source code of realizing having listed the encrypt and decrypt process;
Figure 30 is a preferred pseudo-source code of realizing having listed figure of the present invention;
Use reference marks or name indication wherein described some parts, aspect or characteristic among each figure.Public reference marks in more than one figure has been indicated identical parts, aspect or the characteristic shown in each figure.
The applicability of the present invention on industry and realization mode of the present invention
In an embodiment according to the present invention, for the issued transaction on Internet or other network, by a real-time image processing process and by creating image at random in real time before service time in addition, and do not make by the uncertain set order of the data of the actual input of interface because of it, thereby can make image avoid it is carried out any illegal or unwarranted decoding trial effectively, as early as possible, promptly be not later than information is input into moment in the user's computer, realization is to the encrypt and decrypt of information or data, information wherein or data, for example, can be user authentication information, with/or represent the data of out of Memory.Therefore, on any such network, information and date is not vulnerable to steal.Below, with reference to Fig. 1~30, contrast with prior art system and method, several embodiment of encryption and decryption System and method for of the present invention are described.As being explained, most of preferred embodiments of the present invention are used for the authentication to the user, with the security of guaranteeing that Internet or other web transactions are handled.Yet the present invention has quite wide scope, and can carry out encrypt and decrypt to information vulnerable, that represented by symbol, but also they can be transmitted on a computer implemented network.
In order on Internet or other computer network, to carry out online issued transaction, the user uses keyboard, Genius mouse or other input equipment usually, utilize a Web browser that is connected in Internet or other computer network, import the personal information of his or her sensitivity.Fig. 1 has illustrated and has been used for an exemplary legacy system [20] and a verification process that user's the voucher based on a unique user name (user ID) and password is verified.In this example, will comprise a user ID and a password by the authentication information that the user is imported, wherein user ID and password include a plurality of elements.
For various embodiments of the present invention, term " identifier " reality can refer to any with known to the user data and the user had or with the relevant information of user-dependent some attribute.For example, such identifier can comprise name, account number, Social Security Number, address, password, PIN (PIN).In addition, for various embodiments of the present invention, term " element " is used for the context of identifier, actually can be any symbol that described system discerns.
Generally, in traditional System and method for, for as user ID and password, preferable way is to make that element is a alphanumeric symbol by a certain particular order setting.Typical user ID and password are made of a character string of being imported via keyboard [22] when computing equipment [24] is upward carried out a Web browser.On a display shown in [28], provide typical user's input interface [26] to the user by browser.As selection, also can carry out the user's data input via click to a graph image of numeric keypad [30], as shown in Figure 2, perhaps, carry out the user's data input, as shown in Figure 3 via click to an image of keyboard [32].Fig. 2 is that the final user enters password/one of the spendable digital interface of code/PIN typical expression, and wherein, the final user realizes this input by clicking the corresponding site of this interface.This interface is permitted input only alphanumeric information (when each key is used to represent some letters or other symbol), can provide other symbol or icon but can be revised as keypad.Fig. 3 is that the final user enters password/one of the spendable alphanumeric keyboard interface of code/PIN typical expression, and wherein, the final user realizes this input by clicking this interface.
Fig. 4 is a block scheme, and a kind of typical exemplary prior art systems [39] has been described, it comprises a subscriber computer [40], and a computer user [42] who goes up input information at computing machine [40].Safety problem is not all considered in the design of computing machine and Internet.Safety problem is a kind of consideration afterwards, and describe to this figure illustrative the user and used his or her computing machine different weakness in a canonical system of the enterprising normal issued transaction that works of Internet, or the possible data point that is vulnerable to attack.Via a network, computing machine [40] is connected in a computer/server [49].As illustrated in fig. 4, can locate in [47], for example use HTTPS, being transferred to remote server [49] before from user's computer system [39], sensitive information is encrypted by network.Yet system [39] and computing machine [40] information of being subject to are stolen, because at the point that is input into computing machine [40] with call between the point of ciphering process, information still is in its primitive form.For the present invention, the leak (loophole) [41] that is referred to as a little between data input point and the data encryption point.Meaning property description as shown in Figure 4, the user locates to create private data in [42], and locate at [41A], by one or more IO equipment [43], it is input in the user's computer system, next by a kind of unencrypted form, locate at [41B], CPU and one or more kernel and one or more supporting chip via [45] are located flow into operating system (OS) [44], locate to flow into one or more application [46] at [41C] then.At the 41D place, the unencrypted data then outwards flow, wherein, locate it is encrypted in [47], and it is passed to OS[44 via path [41E], [41F]] and one or more I/O equipment [43], next, use one or more router or other network connection device shown in [48], via path [41H], locate it is transmitted in server [49] at [41G] by computing machine [40].As an illustrative result, for concrete leak [41A~41H] described above, and the vulnerable point of network, can be subjected to the threat of catching such as the operation in cross-site shell script, Key Logger, click register, screen grabber and the middleware software, promptly they can catch be in that it is original, the sensitive information of encrypted form in advance.Therefore, may jeopardize the safety of network, even the data of leaving user machine system are being carried out under the situation of encrypting.This is because can be in leak Anywhere, for example in the leak shown in position [41A~41H] Anywhere, for example in any point, bypass cryptographic protocol or the safety that jeopardizes cryptographic protocol along data stream.
Embodiments of the invention provide such System and method for: can import the data such as the authentification of user voucher, its encryption to authentication information is not later than input point, thus shutoff these leaks.
Fig. 5 has illustrated a traditional graphical keypad [52] that is used to describe several embodiments of the present invention.Fig. 6~8 have illustrated several preferred safe keypad graphic interfaces [54], [56], [58], by comprising the distortion of the keypad that is used for data input selection, these safe keypad graphic interfaces are changed or dispose, so that the security that is higher than conventional security to be provided.Preferable way is the keypad image that replaces distortion continually with the image of other distortion, for example, at each dialogue, replaces the keypad image of distortion.Because their " pattern distortion " calls distortion type to these embodiment.Compare the user's that distorted keypad interface with the conventional keypad interface [52] of Fig. 5.
Distortion can make human user numerical value or other symbol in the identification image at an easy rate, but prevents or hindered that the concrete key that screen grabber/OCR and x-y coordinate recorder are clicked Genius mouse or other positioning equipment with described interface is linked.Although Fig. 6 has described a kind of exemplary distortion, but can generate the in fact infinitely a large amount of displacement of image of distortion numerical value, letter or other symbol and the combination of distortion in the limited range of graphoscope window along x axle or y axle, net result is the possibility that has reduced the unwarranted decoding of described image.For example, compare with the spatial relationship shown in the prior art keypad of Fig. 5, Fig. 7 has illustrated such keypad [56]: it is distorted, to provide or to show a mutual different spatial relationship of described numerical value and characteristic on the keypad.In Fig. 8, graphical keypad [58] interface of another distortion has been described.In this embodiment, be illustrated by the broken lines the background characteristics of keypad [58], to show in the conventional keypad of having used with Fig. 5 employed color or gray level shade different colors or the setting of gray level shade are set.In the keypad or keyboard data input interface of these distortion types, in each dialogue, provide the interface of different distortion to the user by server.Each dialogue, the difference distortion and the displacement of docking port may more or less be carried out more than once.
The basis that the computer screen display message is successfully stolen is, catches screen display, uses other input in future of coming information of forecasting then.When every next authentication dialog began, server sent a different image to client computer, thereby make the information of being caught was become difficult as the basis of predicting future behaviour.
For the embodiment of Fig. 6~8, use various traditional mathematical methods and algorithm, for example use quality/distortion/noise/pixel/wait filter method, the image that distorts is possible.Next, can on server, choose these images in real time randomly, then they be shown to the final user.Can use various algorithm in real time, also they can be put on image in advance, and they are stored in the database.
Fig. 9 and 10 has illustrated the graphic interface of the another kind of type of available, preferred, optional embodiment of the present invention.In Fig. 9, interface [60] has been described, it has a gray background [62] around the keypad surface of key, and wherein each key comprises a numerical value.In such embodiment, docking port [60] adds shade, and determines to add the degree of shade by one or more random image Processing Algorithm.Under this mode, a large amount of possible displacement and combination to keypad are provided, in addition, preferable way is to provide a different interface at each user session.The size of the reality of the file of any graph image only is a function of pixel/inch represented in the resolution of image or the image.These resolution or pixel/inch have also been determined the quality of image.Then, server can be filled essential extra value randomly to same image, to generate different file sizes, and a rogue entity can not be used for them accurately to identify the image that is shown to the final user effectively, because the file size of each described similar image visually may be inequality.
Find out at an easy rate that also the type of the embodiment of Fig. 6~10 is not limited to the use to keypad.But, also can use the interface of keyboard or other type.In addition, among the interface embodiment (but not shown) of this type of being discussed herein and other type, can be in computer screen x axle and very little amount of y axial translation.A displacement has like this strengthened the difficulty of data shown in data recorder type software is accurately caught on the screen, and the user and via network with the coupled legal server of user's computer, be easy to recognize this displacement.With reference to Figure 10, Figure 10 has illustrated another example that adds the shade type of encrypt/decrypt.Herein, keypad [64] has a background [66] that is depicted as the background of the keypad that is different from Fig. 9 or Fig. 5.
Can use traditional programmatics, employed among generation the present invention, and the displacement in the computer screen image as described herein, change of background, shake and distortion.Knowing with user and legal server how the image of described data will appear on traditional image display compares, when on the screen that the space or the file content relation of the image of input data appears at the user, these displacements, change of background, shake and distortion concern it is effective for the space or the file content of the image that changes the data of importing.Preferable way is to make these spaces and file content relationship change very little, be about to them and all remain on main window and one or more file that is used for generating main window, and preferable way is to carry out these variations randomly, as being described.Therefore, can fully hide these spaces and file content relationship change, to stop the decoding of computer program to institute's ciphered data.
With reference to Figure 11 and 12, the graphic interface embodiment of another kind of type of the present invention is described.These iamge descriptions the click of response user logarithm value, the real data that on network, is sent.Generate these values in real time by server, with image they are sent in client computer then.When click was made an explanation, then client computer sent it back server to the data that are endowed in advance.Server is easy to identify corresponding image according to the value of storage in advance.Therefore, these two figure have illustrated a kind of hash type encrypting/decrypting method of the present invention and system.In the left side of Figure 11, shown a traditional keypad image [68].On the right side, by dotted line the demonstration [70] of a hash has been described, its each key has some letters of arranging by random order.In this embodiment, server is used for sending the reflection instruction to client computer, and consequently, for example, when the user imported one ' 0 ', client computer was ' ej ' to ' 0 ' reflection, and ' ej ' is transmitted in server.For each authentication dialog, server sends a different reflection instruction set, so that for each authentication dialog, can carry out the transmission of a diverse reflection and verify data.Figure 12 has described same traditional small keyboard information [68] in the left side, so that this characteristic to be described, but it has a different hash and show [72], with the different reflection instruction set that client computers sent of expression server to the user.Compare with the demonstration of Figure 11, the demonstration [72] of gathering have at each key one different, be preferably randomized set of letters.Can find out obviously that other identifies demonstration, for example image of keyboard or other type and other symbol, solid line and keypad hash shown in also can be used for.In addition, owing to during each authentication dialog, used reflections at random, different, almost be impossible so steal user's security information by preferable way.
With reference to Figure 13~16, other preferred embodiment of the present invention that uses an offset-type encrypt/decrypt has been described in Figure 13~16.These images have been represented in the x of a bigger external context meta shift value interface and the effect of y value.Randomly x and y value " shake " or adjust a limited value, so that clean effect is: when catching, be not easy x, y with mouse position and sit target value and be used to the accurate numerical value of inferring/identifying that the final user clicks.For example, in Figure 13, a prior art keypad [74] is described as a reference point of Figure 14~16.In Figure 14, server sends keypad (as locating by dotted line described in [the 78]) data of the position that expression describes in [76] place by solid line to client computers.For each authentication dialog, use one to use a kind of different image that algorithm generated, preferably generate at random of videoing, so that the input that can not easily duplicate user's identifier.In the figure, the keypad of being videoed is described as solid line keypad image shows [76], compare, it is shown downwards, is offset to the right with keypad position [78] shown on the client computers.Figure 15 has represented a different reflection at the dialogue of different authentication, in Figure 15, the keypad image [82] that shows from client computers in the solid line keypad image of being created on the server [80] to the right, upwards skew.In Figure 16, following, left skew in the real diagram picture of being created on the server [84] of being videoed shown keypad image [86] on the client computers display.For the present invention, term " shake " is defined as means the distortion type shown in Figure 14~16, and this term is used for " shake " interface procedure.
Figure 17~18 have illustrated the Data Input Interface at the another kind of type of an alternative embodiment of the invention, such Data Input Interface are called the encrypting/decrypting data input interface of inspection and type.Each pixel in image has two unique dimension identifiers, and this two dimension identifier is defined by its position in image determined ' x ' and ' y ' value.Each pixel also has the value relevant with its color component, and in R, a G, B system, color component comprises a value at each color.Figure 17 has described the rgb value of the pixel of a sampled pixel in the numerical value 7 that is used for representing the numerical value interface.By getting unique value of R, G, B, and these values are made an addition to x, y value, can determine the total value that this pixel is represented.The total value of a pixel, one group of pixel and a complete image may be not equal to the total value of another image, even only exist in one of R, the G of a concrete pixel or B value under the situation of difference a little.As shown in Figure 17, keypad [88] has a key [90] that is loaded with the numerical value of describing by a certain predetermined color 7.This numerical value 7 is associated with its x and y position and red (R or ' r '), green (G or ' g ') and blue (B or ' b ') color value.By getting unique value of giving each color among R, G, the B, and these values are made an addition to x, y value, can determine to represent value of described pixel.Repeat this process by pixel, can determine a total value of the part of image or image at each pixel or a selected number.Frame among Figure 17 [92] is represented 6 adjacent pixels, and they have different shade settings, shows to have some difference at least one value in 5 values.As illustrated in fig. 17, in frame [94], ' x ' value of being given for ' 70 ', ' y ' value of being given for ' 111 ', given red, promptly ' r ' value be ' 211 ', given green, promptly ' g ' value is 211 and the indigo plant of being given, and promptly ' b ' value is ' 211.By the value of one ' j ' expression at this pixel.Give an adjacent pixels value by same mode, as shown in frame [96], wherein, unique difference is, for ' x ' value that is ' 71 ', is changed to 1 in ' x ' value, so, obtain at one of this pixel different value, promptly poor is 1 ' w '.Similar, Figure 18 has illustrated a keypad image [98], with and be positioned at ' 7 ' of same position, but have different ' r ', ' g ' and ' b ' value, therefore, its ' j ' is worth different.In addition, compare with the corresponding pixel ' w ' among Figure 17, described adjacent pixels has different ' r ', ' g ' and ' b ' value.So the file size of an image may be not equal to the file size of another image, even in one of R, the G of a pixel or B value, exist under the situation of small difference.Utilize these small difference, by changing the attribute of screen display randomly, preferably change the attribute of screen display randomly at each user session, implementing in these systems then that unwarranted information steals is suitable difficulty, so that is impossible.Also can be the coloured image of these change application in grayscale image or non-RGB type.
Use the file size illustrated in Fig. 9~10 and 17~18 and the encryption of inspection and type, the image of keypad or keyboard or other form of can distorting, so that the entire image on the keyboard with/or the image of each single key will obtain a different inspection and with/or file size, catch the sign of each single key to avoid perfect screen capture register.
Figure 19 is a block scheme, a typical implementation procedure at encrypt and decrypt type illustrated in Fig. 5~18 has been described, and at a typical implementation procedure of dynamic encryption/decryption method illustrated in Figure 20~21 and system, as being described.As described, with on the client computers, promptly the employed process of client and server end of the system that is used for keypad and/or keyboard figure authentication interface embodiment shown in Fig. 5-18 is compared, and has used an independently process on server.As can be seen from Figure 19, the encrypt and decrypt process is actually asymmetrical, because compare with encryption side, deciphering side has related to less step.
Preferable way is to use safe, unique keyboard figure authentication interface of type illustrated in process establishment Fig. 5~18 of 3 steps.In first step, generate the key of an encryption, and it is mapped across a unique graphic character of keyboard.In next procedure, in the limited range of a bigger X, Y-axis, displacement keyboard graph image randomly.In third step, use known image processing algorithm, graph image distorts limitedly.In this case, term " distortion " and variant thereof refer to any variation at the variation described above that attribute carried out of one or more file that is used for generating the graph image demonstration on client computer and the server computer.Distortion, the level or the degree of promptly encrypting these images only are subjected to the restriction that the final user visually deciphers the ability of each keyboard key image.Preferable way is that each example of the use of the above encrypting step docking port of order is unique, deciphers the difficulty of time dependent image with increase.
As can be seen, preferable way is to make decrypting process comprise two steps in Figure 19.In first decryption step, the user visually deciphers the keyboard of being encrypted (X, Y displacement and picture distortion are two steps that are used to encrypt), and selects a key on the keyboard interface, with input authentication information.In second decryption step,, on server, the keyboard reflection is decrypted by searching accurate reflection.From above description, can obviously find out, a concrete authentification of user dialogue comprises: a user name is provided in server, therefore, he is own to occur as particular user in case someone makes, and used any System and method in encryption/deciphering system of the present invention and the method successfully to import verify data (or other code), then server can be mated concrete verify data (or other code) with this user.For various embodiments of the present invention, preferable way is, username information is input in the network, and when a beginning of conversation, uses the cipher mode of 128 traditional bits, sends it to server.Under this mode, can the user of nominal be authenticated, consequently (1) can be by the user of authentication, rather than unwarranted user, the user who promptly assumes another's name, the web transactions that carries out is in succession handled; And (2) made verify data itself avoid, or avoid the abuse of unwarranted software, people or other entity substantially.
Figure 20 has illustrated a motion graphics wheel disc multiple-factor interface according to another embodiment of the invention, this interface can carry out encrypt/decrypt to the authentication information that is input into computer system best, the wherein said authentication information that is input into computer system is to use click and keyboard navigation to be imported, and is used for a series of predetermined alphanumeric elements (identifier) are alignd with one of a series of graphical symbols.
Also can be predetermined or logic that the service supplier is predetermined according to the final user, generate colors/icons/shapes/forms as the mark on the wheel disc.Thereby can make the final user create described wheel disc, and after this described wheel disc can be designated the wheel disc of she or he personalization.
Because the user has selected the mark in the motion, so present embodiment is called dynamic system and method.Use traditional technology, on server, generate the wheel disc graphical user interface (GUI) [200] shown in Figure 20, and preferable way is to make it comprise two concentric wheel discs [202] and [204] that are used for encrypting in the data input point.The user is via in the navigation click on " right arrow " button [206] and use navigation click on the keyboard be rotated counterclockwise and " left arrow button " [208] that are used to turn clockwise, simply the username field [210] on the outer wheel disc of guiding of the reference point on the interior wheel disc [202] [204] or the next element of password field [212], with each element of input data.Select to be positioned at a reference point on the wheel disc [202] by the user, also be referred to as mark, this user was known to unique when this reference point also was input.So the sign of a concrete element of user ID, password etc. is not stranger's finding, comprise not being various software and " behind " the scouter findings spied.In other words, the user selects the reference point mark of his/her imagination, i.e. a virtual mark.The user goes up interior wheel disc [202] a selected element of the identifier on selected reference point/virtual tag outer wheel disc of guiding [204] simply, first letter of the user ID in username field [210] or the password field [212] for example is with the input identifier element.Also identifier is called code or access code herein.Be labeled as the computer user unique known to, preferable way is to make it at session, remains unchanged during all elements of identifier is input into system.The user is first element of input code at first, for example user ID.Then, user's every next element of input code sequentially.After first identifier elements of mark selected and n element was aligned, the user clicked ' NEXT (next one) ' button, with an element of so encrypting of input code.Preferable way is, at this moment, then wheel disc [202] and [204] last symbol are carried out randomization, then, the user rotates interior wheel disc [202] once more, so that in selected symbol on the wheel disc be complementary with the next element of code, perhaps successively the next element of itself and code is adjacent to be located, and click ' NEXT ' once more.Then, system is to the Server Transport data, promptly to Server Transport that when after selecting and having imported first element, screen display having been carried out randomization, static until wheel disc [202], the actual number of degrees that interior wheel disc [202] had moved, or the data of swing offset.In other words, displacement information is sent in server as the number of degrees, certain other form of the displacement of the wheel disc [202] that has been produced when perhaps having selected second element by representative of consumer is sent in server to displacement information.Repeat to click ' NEXT ', the process so that mark selected and next code element are mated successively of wheel disc [202] in randomization, the rotation carried out in described demonstration, till being input in the system to all n code element at described concrete identifier.
Usually, putting in order of identifier elements and label symbol left in the database, and send it to GUI by network, to be shown by an array format by server.Can also programme to server,, any encrypted form in other encrypted form be put on glyph image with before they being sent by network, as described earlier, with reference to Fig. 5~19.In a preferred embodiment, preferable way is, when being input in the system, putting in order of label symbol carried out randomization to an element of code at every turn, can realize this processing by traditional technology.Although also can carry out randomization to putting in order of identifier elements, in this embodiment, preferable way is for great majority are used, they not to be carried out randomization at each session.
For another embodiment that is not illustrated, can carry out personalisation process to the symbol of mark and the set of data element, perhaps make its uniqueization, and, perhaps be provided with by the service provider based on user's preference.This uniqueness can also guarantee that the user is using correct authenticating device/GUI.This optional characteristic has been removed the possibility that sends a GUI who is used to import the identical, illegal of his or her voucher, verify data or other code or pretends to the final user effectively.
In preferred a realization, by come the index of offset marker array with respect to the identifier array, calculate or GUI that definite user interactions caused on displacement.Then, by network, the shift value of resulting each marked index at each element is sent in server.It is programmed using, so that it knows that next, server can use the displacement corresponding to the input of first element of identifier, determines to have selected which mark at this dialogue user under the situation of server of correct code.Then, server can pass through checking: displacement in succession only corresponding to the displacement of user at this dialogue mark selected, authenticates each element in succession.
As selection, as can be seen from Figure 20, also can use ' ENTER (input) ' button to indicate all elements of having imported username field [210] or password field [212].These shown button indicator only are exemplary, in an embodiment of the present invention, also can use other button indicator.As selection, in other is used, also can remove ' ENTER ' button.For example, for being for the system of predetermined, regular length such as the authentication identifier of user name or password wherein, ' ENTER ' button may be unwanted.
Same with regard to the type of encrypt/decrypt illustrated in fig. 20, preferable way is, the element of being imported is not presented in username field [210] or the password field [212], does like this to help to prevent that ' behind ' scouter from seeing this information.Can be presented at an asterisk or other suitable symbol in each field, with the input of expression element.With regard to the embodiment of Figure 20 type of the present invention, preferable way is to make term " identifier " refer to user ID, password and/or PIN.Yet as described above, in fact this term can refer to that the user wishes to encrypt and be input into any information in the system.For example, such identifier can comprise name, account number, social insurance number, address and telephone number.In addition, as described above, term " element " in fact can be any symbol of being discerned by system.Typical situation is, in order to be used for the context of user ID and password, the alphanumeric symbol of element for being provided with by a certain particular order.With regard to various embodiments of the present invention, term " mark " in fact also can mean any symbol that system discerns.For convenience's sake, preferable way is that order is labeled as non-alphameric sign.
According to the preferred embodiment of type shown in Figure 20, make server that randomized flag sequence is pre-installed in the mark array.As selection, consider and to use numerous identifiers, also can generate a plurality of mark candidate set that generate at random, and provide a plurality of additional set that can under the situation of using RESET (resetting) button, use, as shown in Figure 20, but the mark candidate of not numbered in Figure 20 set is further explained this hereinafter with reference to Figure 21.For example, preferable way is, for the identifier of 4 elements, for example " BANK ", the number of candidate's tag set is at least 20 (20), therefore, at each mark, provides five (5) the individual marks of resetting.
As discussed above, the value of the expression displacement relevant with the input of each element of an identifier is sent in server, and is deciphered by server.Because server knows that the user is at the correct element of the selected any concrete mark of concrete authentication information and possible marking behavior, and the details of image, for example " shake ", file size, inspection and, the combination of the image detail of distortion, skew and these types, so server can be inferred tagged element according to desired logic.In such some were used, the block scheme of Figure 19 also was suitable for, but it must comprise relevant with wheel type encryption/decryption actions described herein and use the step of these actions.
The logic of roulette style process is: know the server of first letter of desired identifier, search the mark that the user selects to import first identifier elements.Then, server is also known and will be used for the possible mark of this dialogue.For second and each input in succession of identifier, whether server identification and checking have used identical and correct mark.So system can judge whether the user has imported correct authentication identifier at described dialogue.Displacement coordinate is at concrete dialogue, in case and end-of-dialogue, just can not can use again.As can be seen, such encrypt and decrypt always can use unique when being input into system, that generate at random and can effectively prevent the displacement information stolen.
With regard to an example of a plurality of set of creating randomized mark at each dialogue, the interior wheel disc [202] that has at first by first set of the possible mark of random order tissue has been described in the demonstration of Figure 20.To the input of an element of identifier data get example each time after, with the mark on the wheel disc in the mark replacement of having carried out randomization in the next one set, mark in the set of wherein the next one is by server definition or in addition randomization, as described above.
As an example of an element importing an identifier, and with reference to Figure 20, the identifier of supposing the user is word ' BANK '.According to the present invention, input for this identifier, the user has selected ten six (16) the individual parts of describing of annular section advisably, promptly comprise a mark in one of the sector of underlined interface, more than this comprise underlined interface be called interior wheel disc [202].As shown in Figure 20, used 16 such sectors, yet, a interface also can be used, and such interface also is in scope of the present invention with more or less sector.For an application of using 60 identifier elements, best number of labels is 16, and therefore best sector number also is 16.
And for example shown in Figure 20,
, promptly ' heart ' mark is arranged in sector [214].Sector [214] is adjacent to the inboard of outer wheel disc [204], and extends to [214B] from [214A].Element on the wheel disc shown in Figure 20 and the type of sector, characteristic, shape, color, configuration and number are exemplary.In fact, can use the element of any kind, characteristic and number, and in fact they can have shape, size and the configuration of infinite number.Also as shown in Figure 20, the sector [214] of interior wheel disc [202] is adjacent to the identifier elements ' baZY ' in one group of sector that is positioned in outer wheel disc [204] of selecting at random, element ' baZY ' radially is positioned at the outside of sector [214], and has essentially identical shape and size.In a word, such dynamic system is exercisable, as long as identifier elements is placed in the zone of interface, mark is placed in the second area of interface and gets final product, these zones can be moved relative to each other, and can make identifier elements and user-selected mark corresponding mutually.
In this example, the user is by start button [206] and [208], wheel disc [202] in the guiding, rotating interior wheel disc [202], so that can be the mark of user's selection and first element alignment of identifier, promptly
Align with ' B '.Preferable way is that this system is programmed, so that can fix on mark along each direction in the scope in several years of element of identifier, and still is in the alignment scope of being considered.In other words, can be defined as the distance range between each element of user-selected mark and identifier acceptable.In case alignd, the user stops the rotation of internal wheel disc [202], and clicks ' NEXT ' button.Then, system provides second set of mark, promptly identical mark, but aspect order, server has carried out randomization to them.Then, system is ready to, and allows the next element of user's input identifier.Next, the user starts button [206] and [208] that are used to rotate interior wheel disc once more, with mark selected and next element alignment, clicks ' NEXT ' button then, as described above.Next, the user repeats this process at each all the other element of identifier, so that can import each remaining element one by one by suitable order.
Preferable way is, provides ' ENTER ' button to the user, starts this button indication and imported last of identifier, i.e. n element.As selection, in unwanted occasion, be under the situation of predetermined, regular length for example at identifier, do not need ' ENTER ' button.
According to an optional embodiment, interior and outer wheel disc, and sector can be for interchangeable.In other words, can be placed on mark on the sector of outer wheel disc, and can be selected, and interior wheel disc will comprise identifier elements from a sector of outer wheel disc.In another optional embodiment, can be made as outer wheel disc rotatable.
Figure 21 has illustrated dynamic, the pattern authentication interface of another kind of type, and wherein the user selects the mark in the motion process, comprises the relative motion in the zone of identifier elements, and the motion of mark is linear relatively, rather than rotation.According to generating colors/icons/shapes/forms, perhaps give final user's PIN by the final user or by the predetermined logic of service provider as the mark on the lower bar.This also can make the final user identify personalized slide plate.
In the embodiment of Figure 21, described interface is called slide plate display or slide plate encryption [216].Alphanumeric among Figure 20 and shown in Figure 21 or non-alphameric sign are exemplary, that is, also can use other graphical symbol and image to put into practice the present invention.In addition, each regional shape, style, configuration, painted, the orientation also can be different, as long as the relative motion between identifier elements and the mark is provided, and can be measured and got final product.Slide plate display [216] selectively comprises a user name input field [218], password input field [220] and optional arrow button [222] and [224], when starting, arrow button [222] and [224] are used for the part or the zone of relative another part or regional mobile display.In the embodiment of Figure 21, on another, locate two zones by row, one.Each zone or row are divided into the unit, and preferable way is to make them have be approximately identical size, can be positioned at one on another.So slide plate display [216] comprises one movably descending [226], descending [226] have a plurality of unit, and each unit has a mark, for example spade or trump symbol [228], for this example, be under the letter ' B ' one '
'; And fixing up [230].In operating process, by using the navigation click to ' left arrow ' button [222] and ' right arrow ' button [224], movable ground slide displacement descending [226].Press and the identical mode of the displacement with wheel disc embodiment discussed above shown in Figure 20, with respect to fixing up [230], measure the displacement of movably descending [226] of slide plate display [216], the displacement of this type that different is is for linear, rather than radially.In case the user has imported data by using ' NEXT ' button [232] to show, then the shift value that is input into the example in the system at each identifier elements is sent in server, and is deciphered by server.So, at the action of slide plate display [216], be similar to the action of the wheel disc embodiment of Figure 20 to the Server Transport displacement information, different is, the displacement of slide plate display [216] is linear, and the displacement of wheel disc display [200] is for rotation.
Preferable way provides ' RESET ' button [234], so that the user can restart to input user name, password or other identifier or code.Also can be with other embodiment, for example with shown in Figure 20, but the embodiment that is not numbered uses the ability of similarly resetting.As selection, icon [236] also can be provided, preferable way is to provide in image, is used for the input state of the element of explicit identification symbol field, to show what elements of having inputed user name or password.Preferable way is not show the element of being imported in username field [218] or password field [220], and the scouter observes described field information because this helps to prevent " behind ".As selection, can in the input importation, show an asterisk, to represent the input of each element.
According to an optional embodiment, can exchange the row shown in Figure 21, promptly can top line can be configured to by the user it be slided marker configurations for being selected from top line, with leader label, and can be configured to end row to comprise the possible element of identifier.
As selection, also can for example, customize the photo turn to animal, people, landscape, perhaps any other image at element and the mark in each row of the element on the wheel disc of a certain customization Figure 20 and mark and/or Figure 21.As selection, mark also can use known to the user with the predefined logic of server.
User interface in Figure 20 and 21 is described as having two identifiers, for example, the user name and password.Yet the present invention also is confined to two factors, also can comprise the more factor within the scope of the invention.For example, can also add a PIN code, so that encryption/deciphering system becomes the system of 3 identifiers.
Preferable way is to generate each graphic interface shown in above each figure, and the traditional software that common those of skill in the art were familiar with in use the field of the invention, for example use MACROMEDIA FLASH type software or JAVA type software, perhaps use the SVG standard, it is sent in subscriber equipment.In disclosed herein each preferred embodiment, FLASH software is used to generate graphic interface.
Can carry out personalisation process to employed interface among the present invention according to the user name of before display interface, being inputed.Personalization attributes can be made of the colors/shapes/actual data that is presented on this interface.The personalization of interface allows the user to know: this is not the interface of creating under unwitting situation, and under the phishing situation, such interface can occur.In phishing, the rogue entity attempts to create again an interface, makes this interface personalization help to prevent phishing, because phisher faces great difficulty, perhaps impotentia is duplicated the interface of such personalization, therefore helps to realize maintaining secrecy of final user.Such application is called mutual verification process.
In addition, although described specific embodiments of the invention, the structure to various modifications of the present invention, change, optional structure and equivalence is also included within the scope of the present invention.
Therefore, this instructions and accompanying drawing should be regarded as illustrative, rather than restrictive.Yet, can obviously find out, can be under the situation of of the present invention wide in range design that does not deviate from claims to be set forth and scope, the present invention is added, reduces, deletes and other modification and variation.
Below, with reference to Figure 22~30, the block scheme of various treatment characteristics of the present invention is described.In Figure 22, server obtains being used for the embodiment of Figure 20 or 21 and the mark of the non-user individual described in Figure 20 or 21 embodiment, and from available mark, select ' z ' individual mark of some randomly, then these marks are back to the display of client computers.As shown in Figure 23, used substantially the same process, except in obtaining the process of mark, access a database that comprises the user individual mark, and selected described tag set, and before these tag sets are back to client computers, they have been carried out randomization.In the block scheme of Figure 24, a preferred treatment scheme at the client computers place has been described, wherein, process starts from the user and enters registration page.Then, client computer perhaps from local machine load application, and is fetched one of randomized list from server.Next, the element of user's input identifier or other code, then, client computers by network data transmission in server.Next, these data of server process, and if import successfully at the data of described identifier, then turn to down one page.If unsuccessful, then server is back to client computers to control, obtaining another randomized list, and continues this process as before.
Figure 25 is a block scheme, has illustrated that the client/server that is carried out under the situation of not encrypted is mutual, and Figure 26 has illustrated that under the situation of encrypting this is mutual.In Figure 25, client computers is sent a request, and server obtains list, and this tabulation is back to client computer.In Figure 26, carried out similarly alternately, different is, server is also before obtaining list and this list is back to client computer, to being decrypted from the data that client computer received.Figure 27 has illustrated that described authentication is mutual, wherein, in case alternatively to deciphering, to the indication information that these data authenticate and server returns a success or failure to client computer then from the data that client computer received.In Figure 28, described verification process in detail, therefore,,, use the mark selected tabulation, the character of displacement map to the mark at this dialogue when beginning during this process.Then, being stored in password in the database, judge which mark the user at identifier, has for example selected at first element of password as the foundation of exploratory judgement.Next, system confirm remaining identifier elements, and whether the correct element of definite identifier mates successively with each element by the displacement that relatively mark produced.If carried out whole correct couplings, then server sends the indication information of ' success ', is successful with the indication authentication.If there are not to realize all correct couplings, then server sends the indication information of ' failure ', and restarts this process.
As an example of the code of employed reflection type among the embodiment that can be used for Fig. 6~19, Figure 29, and, some typical, the preferred false codes that to be used are provided at Figure 20~21, Figure 30.Yet, can think that the common those of skill in the art in this field are familiar with all such codings, and concrete application can be provided at an easy rate with reference to regard to the required coding of the described characteristic of the present invention of each accompanying drawing with regard to realizing herein.
Claims (17)
1. computer implemented encryption and decryption system comprises:
Server, it is configured to generate graphical user interface, wherein, graphical user interface comprises first image that is adjacent to be provided with second image, first image and second image comprise a plurality of parts, each part in first image comprises the image of the subclass of the set of representing predetermined identifier elements, each part in second image comprises the image of at least one label symbol in the set of predetermined label symbol, graphical user interface also comprises the image of first navigation button, and first navigation button causes second image when being activated first moves to the second place with respect to first image from the primary importance with respect to first image;
With the computing machine of server communication, wherein, this computing machine is configured to:
Receive graphical user interface from server;
To user's display graphics user interface;
Receive a plurality of user's inputs that are used to input the user identifier that is associated with user name from the user, wherein, user identifier comprises n the user identifier element of selecting from the set of described predetermined identifier elements, described a plurality of user's input comprises a plurality of startups of first navigation button, described a plurality of startup causes second image to be subjected to displacement, make second image user-selected part with corresponding to the partial continuous of first image of the identifier elements in the user identifier aim at; And
By transmitting the data of the displacement of representing second image, user identifier is transferred to server with the form of encrypting, wherein, response receives these data, and server is configured to:
Determine the displacement of second image from these data, and the first user identifier element of definite user identifier and
Be associated with the first user identifier element of user identifier by displacement, determine user-selected label symbol with user-selected part correlation connection with second image.
2. system according to claim 1, wherein, predetermined identifier elements is alphanumeric.
3. system according to claim 1, wherein, during a user session on the network, at least once by a described predetermined identifier elements of selecting at random of series arrangement.
4. system according to claim 1, wherein, first image is the wheel dish type.
5. system according to claim 4, wherein, wheel dish type image packets is drawn together more than one sector.
6. system according to claim 4, wherein, wheel dish type image is radially expanded the profile of second image.
7. system according to claim 1, wherein, second image is the wheel dish type.
8. system according to claim 7, wherein, wheel dish type image packets is drawn together more than one sector.
9. system according to claim 1, wherein, predetermined label symbol comprises the symbol of non-alphanumeric.
10. system according to claim 1, wherein, the predetermined label symbol in the set of described predetermined label symbol is at least once tactic by what select at random during a user session on the network.
11. system according to claim 1, wherein, the set of described predetermined label symbol only comprises non-alphameric sign.
12. system according to claim 1, wherein, each part of second image only comprises a label symbol.
13. system according to claim 1, wherein, first image is rectilinear.
14. system according to claim 1, wherein, second image is rectilinear.
15. system according to claim 13, wherein, first image has more than one section.
16. system according to claim 14, wherein, second image has more than one section.
17. system according to claim 1, also comprise and be adapted to pass through the label symbol of selecting according to user name, displacement data and user, determine each the user identifier element in n the user identifier element, the server that the user identifier that the form with encryption is received from computing machine is decrypted.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US58581804P | 2004-07-07 | 2004-07-07 | |
| US60/585,818 | 2004-07-07 | ||
| US11/169,564 | 2005-06-29 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101027630A CN101027630A (en) | 2007-08-29 |
| CN100557556C true CN100557556C (en) | 2009-11-04 |
Family
ID=38744860
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005800298378A Active CN100557556C (en) | 2004-07-07 | 2005-07-07 | The online data encrypt and decrypt |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100557556C (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101499907B (en) * | 2009-02-19 | 2011-04-06 | 西安电子科技大学 | Shoulder surfing preventing identity authentication system and method based on dynamic image password |
| CN101882188B (en) * | 2010-06-07 | 2012-11-07 | 天地融科技股份有限公司 | Method and device for enhancing data input security of electronic signature tool |
| US9576122B2 (en) | 2011-04-25 | 2017-02-21 | Softlayer Technologies, Inc. | System and method for secure data entry |
| CN103597428B (en) * | 2012-06-14 | 2017-02-15 | 软质层科技公司 | System and method for secure data entry |
| CN103580861B (en) * | 2012-07-24 | 2017-03-01 | 阿里巴巴集团控股有限公司 | A kind of dynamic security certification method and system |
| GB201520760D0 (en) * | 2015-05-27 | 2016-01-06 | Mypinpad Ltd And Licentia Group Ltd | Encoding methods and systems |
| KR101710998B1 (en) * | 2015-09-23 | 2017-03-02 | 주식회사 하렉스인포텍 | Method of user authentication using a variable keypad and, the system thereof |
| CN110213043A (en) * | 2019-05-09 | 2019-09-06 | 国家计算机网络与信息安全管理中心 | A kind of clustering functionality test method based on Java |
| CN112367555B (en) * | 2020-11-11 | 2023-03-24 | 深圳市睿鑫通科技有限公司 | gps data encryption and gps video track playing system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5428349A (en) * | 1992-10-01 | 1995-06-27 | Baker; Daniel G. | Nondisclosing password entry system |
| US5949348A (en) * | 1992-08-17 | 1999-09-07 | Ncr Corporation | Method and apparatus for variable keyboard display |
| US6658574B1 (en) * | 1999-06-21 | 2003-12-02 | International Business Machines Corporation | Method for non-disclosing password entry |
-
2005
- 2005-07-07 CN CNB2005800298378A patent/CN100557556C/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5949348A (en) * | 1992-08-17 | 1999-09-07 | Ncr Corporation | Method and apparatus for variable keyboard display |
| US5428349A (en) * | 1992-10-01 | 1995-06-27 | Baker; Daniel G. | Nondisclosing password entry system |
| US6658574B1 (en) * | 1999-06-21 | 2003-12-02 | International Business Machines Corporation | Method for non-disclosing password entry |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101027630A (en) | 2007-08-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101601222B (en) | Online data encryption and decryption | |
| JP5153327B2 (en) | Online data encryption and decryption | |
| CN100557556C (en) | The online data encrypt and decrypt | |
| US7908645B2 (en) | System and method for fraud monitoring, detection, and tiered user authentication | |
| US10555169B2 (en) | System and method for dynamic multifactor authentication | |
| JP2017507552A (en) | Method and apparatus for providing client-side score-based authentication | |
| JP2006520047A (en) | Method and system for enabling remote message creation | |
| Pakojwar et al. | Security in online banking services-A comparative study | |
| Zhou et al. | Beware of your screen: Anonymous fingerprinting of device screens for off-line payment protection | |
| JP2007065789A (en) | Authentication system and method | |
| Slyman et al. | An evaluation of hypothetical attacks against the PassWindow authentication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |