CN101662364A - Method and system for safe login - Google Patents

Abstract

The invention discloses a method and a system for safe login and belongs to the field of information safety. The method includes the following steps: information safety equipment is connected with a computer to generate a dynamic password; according to the dynamic password and login authentication information stored in the dynamic password, a URL is pieced up, wherein the login authentication information at least comprises a user name and a static password; the information safety equipment automatically opens a browser through the computer, fills the URL and transmits the URL to a web server;the web server receives the URL and analyzes the URL to obtain the login authentication information and the dynamic password; the web server authenticates the login authentication information and thedynamic password; if both of the two are authenticated to be right, the login succeeds, thus returning back to the page where the login succeeds; otherwise, the login fails.

Description

A kind of method and system that lands safely

Technical field

The present invention relates to information security field, particularly a kind of method and system that lands safely.

Background technology

Along with the application of network technology in people's daily life more and more widely, people have more and more depended on network and have carried out a lot of daily routines, for example utilize that network is done shopping, office, amusement etc.Also just because of the reinforcement of network application, also arising at the historic moment in the various websites of convenient service that provide, makes the quantity of website constantly increase.Each website is in order to distinguish client identity authentication and authenticity thereof; generally all can require the user to register its own ID; if a user uses different ID and password on different websites, under the situation that the user does not often land, usually can forget the situation of ID and/or password so.Simultaneously, in the registration process of number of site (for example shopping website, Web bank etc.), often need important informations such as user's enrollment status card number, living addresses, therefore and may include the electronic money that is used to conclude the business that the user deposits in the account of website, the fail safe for the log-on message of user in the website also is a very important test.

At present, a large amount of fishing websites occurred on network, checking has threatened the safety of userspersonal information and even individual interest.Fishing website imitates the log-in interface of real website fully, and a shade of difference is just arranged on URL, and the user can not notice the difference that these are small substantially if not very carefully observing generally speaking.For example real website can be www.i***.com.cn, then might be www.1***.com.cn at the fishing website of this real website.In case the user enters fishing website, these Fishing net standing-meetings require the user to input logon informations such as its ID and password as real website, and after the user inputs password with regard to the ID and the password of recording user, and behavior such as steal, cause the leakage of user's important information.

In order to prevent the generation of above-mentioned this situation as far as possible, dynamic technique has been released in a lot of real websites, promptly provides an electronic equipment by the website to validated user, and this electronic equipment internal comprises the algorithm that generates dynamic password.When the user lands this website, on the basis of its input static password, also need use above-mentioned electronic equipment to generate dynamic password and input, when static password and dynamic password all were proved to be successful, the website just allowed this user successfully to land.

Dynamic password claims the OTP technology again, and it needs two parameters when using algorithm to generate dynamic password, and one is seed information, and one is dynamic factor.Wherein seed information is that OTP equipment vendors or certification authority are a static factor of the unique distribution of each OTP equipment, it is a changeless parameter, but the static factor in each OTP equipment all is different, so even each OTP equipment adopts identical algorithm also can not generate identical dynamic password; Dynamic factor adopts the method based on time or incident to generate, because time or incident are to be in the variation always, so the dynamic password that same OTP equipment generates also is at every turn all different, therefore can prevent the attack of fishing website effectively.

In realizing process of the present invention, the inventor finds that there is following shortcoming at least in above-mentioned prior art:

At first, a large amount of ID and the memory of password have increased the burden of user in landing the website process undoubtedly;

Secondly, the input of the multiple password of static password and dynamic password has also increased user's the loaded down with trivial details property of landing when fail safe improves.

Therefore, the too loaded down with trivial details or shortage fail safe of existing landfall process.

Summary of the invention

For fail safe that improves existing login method and the burden that reduces user's landfall process, the embodiment of the invention provides a kind of method and system that lands safely.Technical scheme is as follows:

A kind of method that lands safely, described method comprises:

Information safety devices and computer connect;

Described information safety devices generate dynamic password and according to described dynamic password and storage inside thereof land authorization information, website information is pieced together and is landed URL;

The automatic open any browser of described computer is filled the described URL that lands, and sends the described URL of landing to Website server;

Described Website server receives the described URL that lands, and the described URL of landing is resolved, and obtains described authorization information and the described dynamic password of landing;

Described Website server lands authorization information and described dynamic password is verified to described;

If all checking is correct, then land success, return the page that lands success;

Otherwise, land failure.

A kind of method that lands safely, described method comprises:

Information safety devices and computer connect, and report from as USB flash disk or compact disk equipment to described computer, start automatic running program;

Described information safety devices generate dynamic password and according to described dynamic password and storage inside thereof land authorization information, website information is pieced together and is landed URL;

The automatic open any browser of described computer is filled the described URL that lands, and sends the described URL of landing to Website server;

Described Website server receives the described URL that lands, and the described URL of landing is resolved, and obtains described authorization information and the described dynamic password of landing;

Described Website server lands authorization information and described dynamic password is verified to described;

If all checking is correct, then land success, return the page that lands success;

Otherwise, land failure.

A kind of method that lands safely, described method comprises:

Information safety devices and computer connect;

Information safety devices receives the affirmation information of user's input, and reporting the equipment of itself type to described computer again is USB flash disk or compact disk equipment, starts automatic running program;

Described information safety devices generate dynamic password and according to described dynamic password and storage inside thereof land authorization information, website information is pieced together and is landed URL;

The automatic open any browser of described computer is filled the described URL that lands, and sends the described URL of landing to Website server;

Described Website server receives the described URL that lands, and the described URL of landing is resolved, and obtains described authorization information and the described dynamic password of landing;

Described Website server lands authorization information and described dynamic password is verified to described;

If all checking is correct, then land success, return the page that lands success;

Otherwise, land failure.

A kind of system that lands safely, described system comprises: information safety devices, computer and Website server;

Described information safety devices comprises:

Link block is used for described information safety devices and described computer connects;

Dynamic password generation modules is used to generate dynamic password;

URL pieces together module, is used for piecing together URL according to the authorization information of landing of described dynamic password and storage inside thereof, and the described authorization information of landing comprises user name and static password at least;

Described computer comprises:

Open packing module, be used for, and fill described URL in the relevant position of browser by automatic running program or the automatic open any browser of monitoring program;

Sending module is used to send described URL to described Website server;

Described Website server comprises:

Receive parsing module, be used to receive described URL, described URL is resolved, obtain described authorization information and the described dynamic password of landing;

Authentication module is used for landing authorization information and described dynamic password is verified to described, if all checking is correct, then lands success, returns the page that lands success, otherwise, land failure.

The beneficial effect that the technical scheme that the embodiment of the invention provides is brought is:

Automatic input by information safety devices realization username and password has increased the convenience that the website is landed; And the checking that has added dynamic password in landfall process has increased the fail safe of account.

Description of drawings

Fig. 1 is the method flow diagram that lands safely that provides in the embodiment of the invention 1;

Fig. 2 is the method flow diagram that lands safely that provides in the embodiment of the invention 2;

Fig. 3 is the method flow diagram that lands safely that provides in the embodiment of the invention 3;

Fig. 4 is the method flow diagram that lands safely that provides in the embodiment of the invention 4;

Fig. 5 is the method flow diagram that lands safely that provides in the embodiment of the invention 5;

Fig. 6 is the method flow diagram that lands safely that provides in the embodiment of the invention 6;

Fig. 7 is the method flow diagram that lands safely that provides in the embodiment of the invention 7;

Fig. 8 is the structural representation of the system that lands safely that provides in the embodiment of the invention 8;

Fig. 9 is the another kind of structural representation of the system that lands safely that provides in the embodiment of the invention 8.

Embodiment

For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.

Embodiment 1

Referring to Fig. 1, present embodiment provides a kind of method that lands safely, during the method that provided when using present embodiment, monitoring program need be installed in computer in advance, described monitoring program can adopt the mode monitor message safety means of poll whether to produce dynamic password and piece together the URL that lands that finishes, and obtain this URL, what this method was concrete comprises:

Step 101, information safety devices and computer connect;

Step 102, information safety devices generates dynamic password;

Wherein, store the required information of dynamic password that generates in the information safety devices, comprise seed information and dynamic factor, and be built-in with safe dynamic password algorithm, can calculate dynamic password according to seed information and dynamic factor, described dynamic password algorithm can be based on the algorithm of time or incident, and described seed information is for generating the static factor of dynamic password, and the seed information of each information safety devices is unique.

Step 103, information safety devices read user name, static password and the website information of its storage inside, generate to land URL;

In the present embodiment, information safety devices is pieced together the method for landing URL and is comprised following two kinds at least: piece together the URL of canonical form and the URL of non-standard form.

The URL of canonical form pieces together method:

Wherein, stored user's user name, the website information of landing in the information safety devices in advance, static password, mailbox that can also store the user etc. lands the authorization information of website indispensability, and wherein, website information comprises URL address, website or virtual Domain Name etc.; These information write in the time of can being the information safety devices initialization, also can be user's acquired information safety means after, by what write after the authentication.Land authorization information and dynamic password with what information safety devices used storage in advance below, describe according to the standard URL method of piecing together.

In the present embodiment, be that example describes this step to land the Internet bank, the wherein required authorization information of landing comprises user name, static password and dynamic password.The user of storage myname by name, static password are 123456 in advance in the middle of the information safety devices; The dynamic password that generates in the step 102 is 84546, and so, the URL that lands that information safety devices is pieced together with the URL combined method of standard can be as follows:

https://ibsbjstar.ccb.com.cn/login？username＝myname&psd＝123456&otp＝845456

Wherein " ibsbjstar.ccb.com.cn " is the bank main address, " login " lands handling procedure for webpage, " username=myname " expression login user myname by name, the password of " psd " expression is 123456, the dynamic password that use is landed in " otp " expression is 845456.

The URL method of piecing together of non-standard form comprises: land URL and use the algorithm of inverible transform that URL is handled two kinds of methods to piece together with the rule of Website server agreement;

1) information safety devices lands URL to piece together with the rule of Website server agreement:

Information safety devices according to user name, the static password of its storage inside, land network address etc. and land and take off-gauge URL form when the dynamic password that generates in authorization information and the step 102 carries out piecing together of URL, for example information safety devices and Website server can be decided through consultation the rule that rule is promptly made an appointment jointly, keyword, the list separator of promptly common agreement URL, piece together order, combined method etc., resolve as long as the clear and definite above-mentioned rule of Website server just can be carried out URL, whether the checking user has the authority of landing the website to get final product.

For example, custom rule can for, landing URL first is the Website server address, the back adopts "/" respectively user name, static password, dynamic password to be carried out segmentation, can piece together out the following URL of landing in this enforcement:

https://ibsbjstar.ccb.com.cn/login/myname/123456/845456

2) algorithm of use inverible transform is handled URL and is obtained landing URL:

Information safety devices read its storage inside user name, static password, land network address etc. and land the dynamic password that generates in authorization information and the step 102 and piece together URL, this URL method of piecing together can be for standard, also can piece together according to the rule of making an appointment in the method one, for convenience of explanation, we claim that this URL is middle URL, in the middle of obtaining behind the URL, it is carried out inverible transform obtain the URL that lands that finally in browser, fills;

At this, we are that following URL describes with the middle URL that obtains:

https://ibsbjstar.ccb.com.cn/login？username＝myname&psd＝123456&otp＝845456

Wherein " ibsbjstar.ccb.com.cn " is the bank main address, " login " lands handling procedure for webpage, " username=myname " expression login user myname by name, the password of " psd " expression is 123456, the dynamic password that use is landed in " otp " expression is 845456.

In the present embodiment, the method that middle URL is carried out inverible transform has a variety of, can for: the dynamic password codomain of middle URL is carried out conversion, also other parts after " login " (as the codomain part of user name codomain part, static password) can be carried out conversion, also the whole parts after " login " can be carried out conversion.The purpose of doing like this is camouflage URL, makes that landing URL can not directly be discerned by human eye, causes the leakage of user name, encrypted message, also can solve the situation of not supporting Chinese among the URL.

Preferably, middle URL is carried out conversion can adopt reversible transform process methods such as base64 coding, secret key encryption, in the present embodiment, preferably adopting base64 is example, adopt respectively to dynamic password codomain part, and " login " after whole parts carry out conversion and describe.Wherein, base64 is used to one of coded system of transmitting by the 8bit syllabified code, is used in and transmits long identification information under the HTTP environment.

When using the base64 coding that the dynamic password codomain is partly carried out conversion, can obtain the following URL of landing:

https://ibsbjstar.ccb.com.cn/login？username＝myname&psd＝123456&otp＝bXluYW1l

When using the base64 coding that the whole parts behind the character " login " are carried out conversion, can obtain the following URL of landing:

https://ibsbjstar.ccb.com.cn/login/dXNlcm5hbWU9bXluYW11JnBzZD0xMjM0NTYmb3RwPTg0NTQ1Ng＝＝

In the present invention, the network address of the described URL of landing for finally being used for browser is filled, browser conducts interviews to the website by landing URL, comprises the network address that the user will visit and authorization information etc. among the described URL of landing.

Step 104, monitoring program are obtained and are landed URL, and open any browser, fill URL, land the website;

Step 105, Website server receives and lands URL, resolves landing URL, obtains user name, static password and dynamic password;

Wherein, Website server is to corresponding respectively in the method landing URL and resolve and the step 103:

When information safety devices is pieced together when landing URL according to the URL of canonical form, promptly according to the URL form of standard and the keyword of agreement, user name among the URL (myname), static password (123456) and dynamic password (845456) are parsed, so that carry out follow-up authentication processing;

When information safety devices used the rule make an appointment to piece together to land URL, Website server used the rule of making an appointment to resolve and obtain user name, static password, dynamic password landing URL;

The algorithm that uses inverible transform when information safety devices is handled when obtaining landing URL URL, when URL is landed in two generations of information safety devices using method, Website server to land URL carry out inverse transformation obtain in the middle of URL, resolve according to corresponding rule again and obtain user name, static password, dynamic password, corresponding rule can be the rule of standard, also can be the rule of making an appointment;

Step 106, Website server is according to the user name that parses, and the static password of this user name correspondence is searched by portion within it, and the static password among the URL is verified;

If the static password that parses is correct, then execution in step 107;

If the static password that parses is incorrect, then execution in step 109;

Wherein, understanding within it in the Website server, portion stores user name in advance, reaches and the corresponding static password of user name.

Step 107, Website server authenticates dynamic password;

If correct, execution in step 108;

If mistake, execution in step 109;

Wherein, Website server process that dynamic password is verified is specifically as follows:

Website server is according to the user name portion's seed information and present dynamic factor of searching the information safety devices that this user name holds within it, and identical dynamic password algorithm generates a dynamic password in utilization and the information safety devices, use above-mentioned dynamic password and the dynamic password that parses to compare, if compare successfully, think that then dynamic cipher verification is successful; Otherwise, authentification failure.

Perhaps

Website server is according to the user name portion's seed information and present dynamic factor of searching the information safety devices that this user name holds within it, and the utilization dynamic password algorithm identical with the information safety devices exhibition generates one group of dynamic password, Website server is compared above-mentioned one group of dynamic password and the dynamic password that parses, if wherein there is one to compare successfully, think that then dynamic cipher verification is successful; Otherwise, authentification failure.

When generated dynamic password as dynamic factor service time, Website server can also comprise before dynamic password is authenticated: whether the dynamic password that the Website server checking parses used; It is the dynamic password that Website server writes down preceding several authentication successs of this authentication dynamic password, the dynamic password that parses is compared with it,, think that then the dynamic password that parses was used if there is identical situation, then authentification failure finishes landfall process.

In the present embodiment, in the step 106 in the checking of static password and the step 107 to the verification operation of dynamic password, order can be changed mutually, preferably, with being verified as earlier to static password as optimal case;

Step 108 is landed success, and Website server returns the page that lands success;

Step 109, authentication failed finishes to land or point out mistake.

The embodiment of the invention provides a kind of method that lands safely, and the automatic input by information safety devices realization username and password has increased the convenience that the website is landed; And the checking that has added dynamic password in landfall process has increased the fail safe of account.

Embodiment 2

Referring to Fig. 2, present embodiment provides a kind of method that lands safely, and the difference of the method that provides among this method and the embodiment 1 is, information safety devices is generated OTP to be improved, it is controllable making information safety devices generate OTP, makes to land safelyr, and this method comprises:

Step 201, information safety devices and computer connect;

Step 202, prompting user input validation information;

Wherein, above-mentioned prompting user input validation information, confirm whether generate dynamic password or do not land the website and can point out user's input validation information by information safety devices, also can make computer prompted user input validation information, perhaps computer and information safety devices are pointed out user's input validation information simultaneously.

The mode of information safety devices prompting user input validation information can for:

On information safety devices, install or carry sound-producing device, inquire by the mode of sounding whether the user generates dynamic password;

And/or

Mount display or indicator light on information safety devices point out the user whether to generate dynamic password by the mode that shows;

The mode of computer prompted user input validation information can for:

Whether computer screen or sound-producing device prompting user generate dynamic password.

Step 203 receives the affirmation information that the user imports, and information safety devices generates dynamic password;

Wherein, the method for user's input validation information can for:

The user is by pressing the button that is provided with on the information safety devices or input equipment (keyboard, mouse etc.) the input validation information by main frame;

No matter be information safety devices, still after computer has received user's affirmation information, information safety devices generates dynamic password automatically according to its built-in dynamic password generation modules, and is identical in the method for described generation dynamic password and the step 102, repeats no more here.

Step 204, information safety devices read user name, static password and the website information of its storage inside, generate to land URL;

Wherein, in the present embodiment, information safety devices piece together land URL mode with in the step 103, can be the URL of canonical form or the URL of non-standard form, concrete grammar is seen in the step 103 and to be described, and repeats no more here;

Step 205, monitoring program are obtained and are landed URL, and open any browser, fill URL, land the website;

Wherein, monitoring program adopts the mode monitor message safety means of poll whether to land URL and generates, and obtains the URL that lands of generation, finishes the operation of open any browser, filling URL, access websites.

Step 206, Website server receives and lands URL, resolves landing URL, obtains user name, static password and dynamic password;

Wherein, Website server is to corresponding respectively in the method landing URL and resolve and the step 204.

Step 207, Website server is according to the user name that parses, and the static password of this user name correspondence is searched by portion within it, and the static password among the URL is verified;

Wherein, understanding within it in the Website server, portion stores user name in advance, reaches and the corresponding static password of user name.

If the static password that parses is correct, then execution in step 208;

If the static password that parses is incorrect, then execution in step 210;

Step 208, Website server authenticates dynamic password;

If correct, execution in step 209;

If mistake, execution in step 210;

Wherein, Website server is identical to the proof procedure of dynamic password in the process that Website server is verified dynamic password and the embodiment step 107, repeats no more here.

In the present embodiment, in the step 207 in the checking of static password and the step 208 to the verification operation of dynamic password, order can be changed mutually, preferably, with being verified as earlier to static password as optimal case.

Step 209 is landed success, and Website server returns the page that lands success;

Step 210, authentication failed finishes to land or point out mistake.

The embodiment of the invention provides a kind of method that lands safely, and the automatic input by information safety devices realization username and password has increased the convenience that the website is landed; And the checking that has added dynamic password in landfall process has increased the fail safe of account.

Embodiment 3

Referring to Fig. 3, present embodiment provides a kind of method that lands safely, and the difference of the method that provides in this method and embodiment 1 and 2 is, with computer that information safety devices is connected in do not need to install in advance monitoring program, feasible operation is more convenient, and concrete grammar is as follows:

Step 301, information safety devices and computer connect, and state its device type to computer;

Wherein, the device type of information safety devices has a variety of, and in embodiments of the present invention, is divided into the device type with information safety devices: CD or USB flash disk equipment and non-CD and USB flash disk equipment are example.Wherein, non-CD and USB flash disk equipment can be HID (Human Interface Device, human interface device) equipment, CCID (USB Chip/Smart Card Interface Devices, USB chip intelligent card equipment) equipment, SCSI (Small Computer System Interface, minihose system interface) etc.

In present embodiment 3, information safety devices and computer connect, and state that to computer its device type is CD or USB flash disk equipment, the purpose of doing like this is can be so that equipment has AutoPlay function, after information safety devices inserts computer, the autorun.inf file of storing in the automatic operation information safety means, and the program of appointment among the operation autorun.inf, the program of above-mentioned appointment in the present embodiment is an automatic running program, described automatic running program can be finished obtaining of URL, and has automatic open any browser, the function that URL lands the website is landed in filling;

Step 302, information safety devices generates dynamic password;

Wherein, the method that information safety devices generates dynamic password repeats no more here with among the embodiment 1 described in the step 102.

Step 303, information safety devices read user name, static password and the website information of its storage inside, generate to land URL;

Wherein, in the present embodiment, information safety devices piece together land URL mode with in embodiment 1 step 103, can be the URL of canonical form or the URL of non-standard form, concrete grammar is seen in the step 103 and to be described, and repeats no more here.

Step 304, the automatic open any browser of computer, what generate in the filling step 303 lands URL, lands the website;

Wherein, the automatic open any browser of computer realizes by automatic running program, after automatic running program gets access to and lands URL, starts also automatic filling of browser program and lands URL, the operation of the website that conducts interviews.

In the present invention, the network address of the described URL of landing for finally being used for browser is filled, browser conducts interviews to the website by landing URL, comprises the network address that the user will visit and authorization information etc. among the described URL of landing.

Step 305, Website server receives and lands URL, and above-mentioned URL is resolved;

When Website server receives when landing URL, this URL that receives is resolved, piecing together the method for landing URL according to information safety devices in the step 303 resolves landing URL accordingly, user name among the URL (myname), static password (123456) and dynamic password (845456) are parsed, so that carry out follow-up authentication processing.

Step 306, Website server is according to the user name that parses, and the static password of this user name correspondence is searched by portion within it, and the static password among the URL is verified;

If the static password that parses is correct, then execution in step 307;

If the static password that parses is incorrect, then execution in step 309;

Wherein, understanding within it in the Website server, portion stores user name in advance, reaches and the corresponding static password of user name.

Step 307, Website server is verified dynamic password;

If correct, then execution in step 308;

If incorrect, then execution in step 309;

Wherein, Website server repeats no more here to identical in the verification method of dynamic password and embodiment 1 step 107;

In the present embodiment, be example only, but not in order to the sequencing of conditioning step 306 and 307, the execution sequence of step 306 and step 307 can exchange to carry out step 307 after carry out step 306 earlier.

Step 308 is landed success, and Website server returns the page that lands success;

Step 309, authentication failed finishes to land or point out mistake.

The embodiment of the invention provides a kind of method that lands safely, and the automatic input by information safety devices realization username and password has increased the convenience that the website is landed; And the checking that has added dynamic password in landfall process has increased the fail safe of account.

Embodiment 4

Referring to Fig. 4, present embodiment provides a kind of method that lands safely, the difference of the method that provides among this method and the embodiment 3 is, a monitoring program will be installed in computer automatically, whether land URL produce, and can add the control button if being used for monitoring, information security is generated at one's side land URL and control, make and to land safelyr that this method comprises:

Step 401, information safety devices and computer connect, and state that to computer its device type is CD or USB flash disk equipment;

Wherein, the device type of information safety devices has a variety of, and in embodiments of the present invention, is divided into the device type with information safety devices: CD or USB flash disk equipment and non-CD and USB flash disk equipment are example.In the present embodiment, information safety devices and computer connect, and state that to computer the device type of oneself is CD or USB flash disk equipment, can realize AutoPlay function by this, as described in embodiment 3 steps 301.

Step 402, according to the device type of information safety devices, information safety devices carries out initialization procedure;

When information safety devices when computer states that its device type is CD or USB flash disk equipment, CD that information safety devices provides by computer system or USB flash disk be the function of operation automatically, starts automatic running program; The monitoring program that this automatic running program will be stored in the information safety devices is installed in the computer automatically, this monitoring program of computer run, whether this monitoring program can take the mode monitor message safety means of poll to have OTP to generate or not landing URL generates, and can also finish the function of automatic open any browser, filling URL, access websites.

Step 403, information safety devices generates dynamic password;

What wherein, information safety devices generation dynamic password was concrete can comprise two kinds of methods:

Method one:

After monitoring program installation in the step 402, information safety devices is waited for user's input validation information, after receiving confirmation, generate dynamic password, using the benefit of this kind method to make information safety devices generate dynamic password and land the website automatically is to control, also have fail safe when having fail safe, the mode of above-mentioned generation dynamic password can be the mode based on time or incident.

Wherein, the method for user's input validation information can for:

The user is by pressing the button that is provided with on the information safety devices or input equipment (keyboard, mouse etc.) the input validation information by main frame;

Method two:

After monitoring program installation in the step 402, computer sends instruction to information safety devices, announcement information safety means monitoring program has been installed end, generate dynamic password, the benefit of using this kind method is the automaticity height, simple to operation, the mode of above-mentioned generation dynamic password can be the mode based on time or incident.

Step 404, information safety devices read user name, static password and the website information of its storage inside, generate to land URL;

Wherein, in the present embodiment, information safety devices piece together land URL mode with in embodiment 1 step 103, can generate the URL of canonical form or the URL of non-standard form, concrete grammar is seen in embodiment 1 step 103 and to be described, and repeats no more here.

Step 405, the automatic open any browser of computer, what generate in the filling step 403 lands URL, lands the website;

Wherein, the automatic open any browser of computer realizes by monitoring program, after monitoring program gets access to and lands URL, starts also automatic filling of browser program and lands URL, the operation of the website that conducts interviews.

In the present invention, the network address of the described URL of landing for finally being used for browser is filled, browser conducts interviews to the website by landing URL, comprises the network address that the user will visit and authorization information etc. among the described URL of landing.

Step 406, Website server receives and lands URL, and the above-mentioned URL of landing is resolved;

When Website server receives when landing URL, this URL that receives is resolved, piecing together the method for landing URL according to information safety devices in the step 404 resolves landing URL accordingly, user name among the URL (myname), static password (123456) and dynamic password (845456) are parsed, so that carry out follow-up authentication processing.

Step 407, Website server is according to the user name that parses, and the static password of this user name correspondence is searched by portion within it, and the static password among the URL is verified;

If the static password that parses is correct, then execution in step 408;

If the static password that parses is incorrect, then execution in step 410;

Wherein, understanding within it in the Website server, portion stores user name in advance, reaches and the corresponding static password of user name.

Step 408, Website server is verified dynamic password;

If correct, then execution in step 409;

If incorrect, then execution in step 410;

Wherein, Website server repeats no more here to identical in the verification method of dynamic password and embodiment 1 step 107;

In the present embodiment, be example only, but not in order to the sequencing of conditioning step 407 and 408, the execution sequence of step 407 and step 408 can exchange to carry out step 408 after carry out step 407 earlier.

Step 409 is landed success, and Website server returns the page that lands success;

Step 410, authentication failed finishes to land or point out mistake.

The embodiment of the invention provides a kind of method that lands safely, and the automatic input by information safety devices realization username and password has increased the convenience that the website is landed; And the checking that has added dynamic password in landfall process has increased the fail safe of account.

Embodiment 5

Referring to Fig. 5, present embodiment provides a kind of method that lands safely, the difference of the method that provides among this method and the embodiment 3,4 is, information safety devices no longer is claimed as pass dish or USB flash disk equipment when inserting computer, affirmation information by user's input starts automatic running program, make and land the website for what can control, this method comprises:

Step 501, information safety devices and computer connect, and state that to computer its device type is non-CD or USB flash disk equipment;

Wherein, the device type of information safety devices has a variety of, and in embodiments of the present invention, is divided into the device type with information safety devices: CD or USB flash disk equipment and non-CD and USB flash disk equipment are example.In present embodiment step 501, with the information safety devices is that USB interface describes, information safety devices and computer connect, main frame is enumerated information safety devices, it oneself is HID equipment that information safety devices is reported in device descriptor, the purpose of reporting to non-CD or USB flash disk equipment is that information safety devices can move from computer in power taking, but can not activate AutoPlay function again;

Non-CD and USB flash disk equipment can comprise HID, SCSI, CCID equipment etc., and present embodiment describes with HID equipment.

In the present embodiment, step 501 can also for, information safety devices and computer connect, and do not report the device type of self to computer, just the interface of USB interface as power taking are used.

Step 502, prompting user input validation information;

Wherein, above-mentioned prompting user input validation information, confirm whether generate dynamic password or do not land the website and can point out user's input validation information by information safety devices, also can make computer prompted user input validation information, perhaps computer and information safety devices are pointed out user's input validation information simultaneously.

The mode of information safety devices prompting user input validation information can for:

On information safety devices, install or carry sound-producing device, inquire by the mode of sounding whether the user generates dynamic password;

And/or

Mount display or indicator light on information safety devices point out the user whether to generate dynamic password by the mode that shows.

The mode of computer prompted user input validation information can for:

Whether computer screen or sound-producing device prompting user generate dynamic password.

Step 503 receives the affirmation information that the user imports, and reporting device type again is USB flash disk or compact disk equipment, starts automatic running program;

Above-mentioned automatic running program startup method is with identical described in embodiment 3 steps 301, and has equally and can finish obtaining of URL, and has automatic open any browser, fills and land the function that URL lands the website.

The device type that information safety devices is reported oneself again be the method for USB flash disk or compact disk equipment concrete be:

Receive the affirmation information of user's input when information safety devices after, simulate the power-on and power-off operation, resend device descriptor, and the device type of report oneself in this descriptor is USB flash disk or compact disk equipment;

For simulation power-on and power-off operation, the embodiment of the invention adopts USB interface to be connected with computer with information safety devices and describes, information safety devices simulation power-on and power-off change realization by the level on the control usb signal line, such as by giving low level of usb signal line earlier, realize for again high level of usb signal line; Also can be in high-impedance state by the usb signal line realizes; Can also be built-in with the main control chip of usb bus reset function by use, realize by writing the relevant control bit of its inner register.

When step 501 adopts the second way, information safety devices and computer connect, not when computer is reported the device type of self, information safety devices receives the affirmation information of user's input, information safety devices is to computer transmitting apparatus descriptor, and the device type of reporting oneself is USB flash disk or compact disk equipment.

Step 504, information safety devices generates dynamic password;

Wherein, the method that information safety devices generates dynamic password repeats no more here with among the embodiment 1 described in the step 102.

Step 505, information safety devices read user name, static password and the website information of its storage inside, generate to land URL;

Wherein, in the present embodiment, information safety devices piece together land URL mode with in embodiment 1 step 103, can generate the URL of canonical form or the URL of non-standard form, concrete grammar is seen in embodiment 1 step 103 and to be described, and repeats no more here.

Step 506, computer are filled and are landed URL by the automatic open any browser of automatic running program, land the website;

Step 507, Website server receives and lands URL, and the above-mentioned URL of landing is resolved;

When Website server receives when landing URL, this URL that receives is resolved, piecing together the method for landing URL according to information safety devices in the step 505 resolves landing URL accordingly, user name among the URL (myname), static password (123456) and dynamic password (845456) are parsed, so that carry out follow-up authentication processing.

Step 508, Website server is according to the user name that parses, and the static password of this user name correspondence is searched by portion within it, and the static password among the URL is verified;

If the static password that parses is correct, then execution in step 509;

If the static password that parses is incorrect, then execution in step 511;

Wherein, understanding within it in the Website server, portion stores user name in advance, reaches and the corresponding static password of user name.

Step 509, Website server is verified dynamic password;

If correct, then execution in step 510;

If incorrect, then execution in step 511;

Wherein, Website server repeats no more here to identical in the verification method of dynamic password and embodiment 1 step 107.

In the present embodiment, be example only, but not in order to the sequencing of conditioning step 508 and 509, the execution sequence of step 508 and step 509 can exchange to carry out step 509 after carry out step 508 earlier.

Step 510 is landed success, and Website server returns the page that lands success;

Step 511, authentication failed finishes to land or point out mistake.

The embodiment of the invention provides a kind of method that lands safely, and the automatic input by information safety devices realization username and password has increased the convenience that the website is landed; And the checking that has added dynamic password in landfall process has increased the fail safe of account.

Embodiment 6

Referring to Fig. 6, present embodiment provides a kind of method that lands safely, the difference of the method that provides among this method and the embodiment 5 is, a monitoring program need be installed in computer, automatically open, fill the function of landing URL and landing the website by what this monitoring program was finished browser, and no longer by automatic running program, this method comprises:

Step 601, information safety devices and computer connect, and state that to computer its device type is non-CD or USB flash disk equipment;

Wherein, the device type of information safety devices has a variety of, and in embodiments of the present invention, is divided into the device type with information safety devices: CD or USB flash disk equipment and non-CD and USB flash disk equipment are example.In present embodiment step 601, be that USB interface describes with the information safety devices, information safety devices and computer connect, and main frame is enumerated information safety devices, and it oneself is HID equipment that information safety devices is reported in device descriptor;

Non-CD and USB flash disk equipment can comprise HID, SCSI, CCID equipment etc., and present embodiment describes with HID equipment.

In the present embodiment, step 601 can also for, information safety devices and computer connect, and do not report the device type of self to computer, just the interface of USB interface as power taking are used.

Step 602, prompting user input validation information;

Wherein, above-mentioned prompting user input validation information, confirm whether generate dynamic password or do not land the website and can point out user's input validation information by information safety devices, also can make computer prompted user input validation information, perhaps computer and information safety devices are pointed out user's input validation information simultaneously.

The mode of information safety devices prompting user input validation information can for:

On information safety devices, install or carry sound-producing device, inquire by the mode of sounding whether the user generates dynamic password;

And/or

Mount display or indicator light on information safety devices point out the user whether to generate dynamic password by the mode that shows;

The mode of computer prompted user input validation information can for:

Whether computer screen or sound-producing device prompting user generate dynamic password.

Step 603, information safety devices receive the affirmation information of user's input, and reporting device type again is USB flash disk or compact disk equipment, monitoring program are installed to main frame by AutoPlay function;

Wherein, identical in the method for reporting device type again and be USB flash disk or compact disk equipment and embodiment 5 steps 503 after above-mentioned information safety devices receives the confirmation information, repeat no more here.

After USB flash disk or compact disk equipment and computer connect, the function that computer system provides can read the autorun.inf file of storing in USB flash disk or the CD automatically, and the fixed program of operation autorun.inf document, we move automatically by this monitoring program are installed in the computer, this monitoring program can be finished whether information safety devices is generated dynamic password and land URL and carry out poll, when landing the URL generation, obtain this and land URL, automatically open any browser is filled the function of landing URL and access websites.

When step 601 adopts the second way, information safety devices and computer connect, not when computer is reported the device type of self, information safety devices receives the affirmation information of user's input, information safety devices is to computer transmitting apparatus descriptor, the device type of reporting oneself is USB flash disk or compact disk equipment, monitoring program is installed to main frame by AutoPlay function.

Step 604, after the monitoring program installation, computer sends instruction to information safety devices, and announcement information safety means monitoring program has been installed end, generates dynamic password;

Wherein, the method that information safety devices generates dynamic password repeats no more here with among the embodiment 1 described in the step 102.

Step 605, information safety devices read user name, static password and the website information of its storage inside, generate to land URL;

Wherein, in the present embodiment, information safety devices piece together land URL mode with in embodiment 1 step 103, can generate the URL of canonical form or the URL of non-standard form, concrete grammar is seen in embodiment 1 step 103 and to be described, and repeats no more here.

Step 606, computer is filled the above-mentioned URL that lands by the automatic open any browser of monitoring program, lands the website;

Step 607, Website server receives and lands URL, and the above-mentioned URL of landing is resolved;

When Website server receives when landing URL, this URL that receives is resolved, piecing together the method for landing URL according to information safety devices in the step 605 resolves landing URL accordingly, user name among the URL (myname), static password (123456) and dynamic password (845456) are parsed, so that carry out follow-up authentication processing.

Step 608, Website server is according to the user name that parses, and the static password of this user name correspondence is searched by portion within it, and the static password among the URL is verified;

If the static password that parses is correct, then execution in step 609;

If the static password that parses is incorrect, then execution in step 611;

Wherein, understanding within it in the Website server, portion stores user name in advance, reaches and the corresponding static password of user name.

Step 609, Website server is verified dynamic password;

If correct, then execution in step 610;

If incorrect, then execution in step 611;

Wherein, Website server repeats no more here to identical in the verification method of dynamic password and embodiment 1 step 107.

In the present embodiment, be example only, but not in order to the sequencing of conditioning step 608 and 609, the execution sequence of step 608 and step 609 can exchange to carry out step 609 after carry out step 608 earlier.

Step 610 is landed success, and Website server returns the page that lands success;

Step 611, authentication failed finishes to land or point out mistake.

The embodiment of the invention provides a kind of method that lands safely, and the automatic input by information safety devices realization username and password has increased the convenience that the website is landed; And the checking that has added dynamic password in landfall process has increased the fail safe of account.

Embodiment 7

Referring to Fig. 7, present embodiment provides a kind of method that lands safely, the difference of the method that provides among this method and the embodiment 6 is, installing in computer also needs once more input validation information could generate dynamic password after the monitoring program and piece together and land URL, and this method comprises:

Step 701, information safety devices and computer connect, and state that to computer its device type is non-CD or USB flash disk equipment;

Wherein, the device type of information safety devices has a variety of, and in embodiments of the present invention, is divided into the device type with information safety devices: CD or USB flash disk equipment and non-CD and USB flash disk equipment are example.In present embodiment step 701, be that USB interface describes with the information safety devices, information safety devices and computer connect, and main frame is enumerated information safety devices, and it oneself is HID equipment that information safety devices is reported in device descriptor;

Non-CD and USB flash disk equipment can comprise HID, SCSI, CCID equipment etc., and present embodiment describes with HID equipment.

In the present embodiment, step 701 can also for, information safety devices and computer connect, and do not report the device type of self to computer, just the interface of USB interface as power taking are used.

Step 702, prompting user input validation information;

In this step, prompting user's input validation information of same above embodiment can take by on the information safety devices or computer prompted user input validation information.

Step 703 receives the affirmation information that the user imports, and reporting device type to computer again is USB flash disk or compact disk equipment, monitoring program is installed to main frame by AutoPlay function;

In the present embodiment, different with embodiment 6, information safety devices is received the installation process that confirmation is only finished monitoring program, and does not generate dynamic password and land URL.

Wherein, identical in the method for reporting device type again and be USB flash disk or compact disk equipment and embodiment 5 steps 503 after above-mentioned information safety devices receives the confirmation information, repeat no more here.

After USB flash disk or compact disk equipment and computer connect, the function that computer system provides can read the autorun.inf file of storing in USB flash disk or the CD automatically, and the fixed program of operation autorun.inf document, we move automatically by this monitoring program are installed in the computer, this monitoring program can be finished whether information safety devices is generated dynamic password and land URL and carry out poll, when landing the URL generation, obtain this and land URL, automatically open any browser is filled the function of landing URL and access websites;

In this step, the method for the affirmation information of reception user input is identical with above embodiment, repeats no more here.

When step 701 adopts the second way, information safety devices and computer connect, not when computer is reported the device type of self, information safety devices receives the affirmation information of user's input, information safety devices is to computer transmitting apparatus descriptor, the device type of reporting oneself is USB flash disk or compact disk equipment, monitoring program is installed to main frame by AutoPlay function.

Step 704, the prompting user imports second confirmation;

After step 703 finished, monitoring program was installed and is finished, and can whether land the website by information safety devices or computer prompted user, after user's input validation information, carried out next procedure;

In the present embodiment, the benefit that just generates the method for dynamic password after use input second confirmation is, whether generate by second confirmation control dynamic password, under the situation of monitoring program installation, can repeat to land the website, for example, after the user lands the website, closed this website, just can land this website once more as long as import second confirmation once more.

Step 705 receives second confirmation that the user imports, and generates dynamic password;

Wherein, receive user's input second confirmation can for, information safety devices is equipped with input module, receive second confirmation of user's input by input module, also can be second confirmation, and second confirmation be conveyed to information safety devices by computer by computer input device reception user input;

The algorithm that information safety devices generates dynamic password is identical with step 102 among the embodiment 1, repeats no more here.

Step 706, information safety devices read user name, static password and the website information of its storage inside, generate to land URL;

Wherein, in the present embodiment, information safety devices piece together land URL mode with in embodiment 1 step 103, can generate the URL of canonical form or the URL of non-standard form, concrete grammar is seen in embodiment 1 step 103 and to be described, and repeats no more here.

Step 707, computer is filled the above-mentioned URL that lands by the automatic open any browser of monitoring program, lands the website;

Step 708, Website server receives and lands URL, and the above-mentioned URL of landing is resolved;

When Website server receives when landing URL, this URL that receives is resolved, piecing together the method for landing URL according to information safety devices in the step 605 resolves landing URL accordingly, user name among the URL (myname), static password (123456) and dynamic password (845456) are parsed, so that carry out follow-up authentication processing.

Step 709, Website server is according to the user name that parses, and the static password of this user name correspondence is searched by portion within it, and the static password among the URL is verified;

If the static password that parses is correct, then execution in step 710;

If the static password that parses is incorrect, then execution in step 712;

Wherein, understanding within it in the Website server, portion stores user name in advance, reaches and the corresponding static password of user name.

Step 710, Website server is verified dynamic password;

If correct, then execution in step 711;

If incorrect, then execution in step 712;

Wherein, Website server repeats no more here to identical in the verification method of dynamic password and embodiment 1 step 107.

In the present embodiment, be example only, but not in order to the sequencing of conditioning step 709 and 710, the execution sequence of step 709 and step 710 can exchange to carry out step 710 after carry out step 709 earlier.

Step 711 is landed success, and Website server returns the page that lands success;

Step 712, authentication failed finishes to land or point out mistake.

The embodiment of the invention provides a kind of method that lands safely, and the automatic input by information safety devices realization username and password has increased the convenience that the website is landed; And the checking that has added dynamic password in landfall process has increased the fail safe of account.

Need to prove that also in above embodiment 1 to embodiment 7, before information safety devices generated dynamic password, all can add an operation: the identity to the user was verified.More safe by the process of landing that the method can make, only have the legal right to use of this information equipment, just can land the website with this equipment;

Wherein, the method that the user is carried out authentication can be the mode of PIN code or user biological feature identification.Living things feature recognition comprises fingerprint recognition, iris recognition etc.

Embodiment 8

Referring to Fig. 8, the embodiment of the invention provides a kind of system that lands safely, and concrete method realizes the description in can reference example 1, and this system comprises: information safety devices 801, computer 802 and Website server 803;

Wherein, referring to Fig. 9, information safety devices 801 comprises:

Link block 801A is used for information safety devices and computer connects;

Dynamic password generation modules 801B is used to generate dynamic password;

URL pieces together module 801C, is used for piecing together URL according to the authorization information of landing of dynamic password and storage inside thereof, lands authorization information and comprises user name and static password at least;

Computer 802 comprises:

Open packing module 802A, be used for, and fill URL in the relevant position of browser by automatic running program or the automatic open any browser of monitoring program;

Sending module 802B is used to send URL to Website server 803;

Website server 803 comprises:

Receive parsing module 803A, be used to receive URL, URL is resolved, obtain landing authorization information and dynamic password;

Authentication module 803B is used for landing authorization information and dynamic password is verified;

If all checking is correct, then land success, return the page that lands success;

Otherwise, land failure.

Further, information safety devices 801 can also comprise:

Reminding module 801D is used to point out the user's input validation information and/or second confirmation;

Receiver module 801E is used to receive the affirmation information and/or second confirmation that the user imports;

Accordingly, dynamic password generation modules 801B is used for:

After receiver module 801E receives the confirmation the information or second confirmation, generate dynamic password.

Further, information safety devices 801 can also comprise:

Declaration module 801F is used for the device type of information safety devices 801 to computer 802 statements self, and device type comprises CD or USB flash disk kind equipment and non-CD and USB flash disk kind equipment;

Initialization module 801G is used for carrying out initialization according to the device type of information safety devices 801;

After initialization is finished, reminding module 801D prompting user input validation information.

The initialization module 801G of information safety devices 801 specifically comprises:

First module is used for when device type that computer 802 is not pre-installed monitoring program and information safety devices is CD or USB flash disk kind equipment, and CD that provides by computer system or USB flash disk be the function on automatic running program of operation automatically; The monitoring program that automatic running program will be stored in the information safety devices is installed in the computer automatically; The computer run monitoring program;

Unit second is used for when device type that computer 802 is not pre-installed monitoring program and information safety devices is non-CD and USB flash disk kind equipment, and information safety devices is from the interface power taking of computer.

The reminding module 801D of information safety devices 801 specifically comprises:

Display unit, be used for the mode that shows by display screen point out user's input validation information;

And/or

Voice unit is used for pointing out user's input validation information by the mode of voice broadcast.

Further, information safety devices 801 also comprises:

Authentication module 801H is used for user's identity is verified.

Wherein, authentication module 801H specifically comprises:

First module is used to verify user's PIN code;

And/or

Unit second is used for the user is carried out living things feature recognition.

Wherein, URL pieces together module 801C and specifically comprises:

First module is used for piecing together rule according to the URL of standard, with dynamic password and storage inside thereof land authorization information, website information scrabbles up URL;

Perhaps

Unit second is used for according to the rule of making an appointment with Website server 803, with dynamic password and storage inside thereof land authorization information, website information scrabbles up URL;

Perhaps,

Unit the 3rd, be used for URL according to standard piece together rule or with the rule of Website server agreement, land authorization information, website information and dynamic password according to its storage inside scrabble up middle URL, and information safety devices uses pre-defined algorithm to carry out inverible transform to middle URL and obtains landing URL.

Wherein, pre-defined algorithm is the base64 encryption algorithm.

The packing module 802A that opens of computer 802 specifically comprises:

First module is used for when the device type of information safety devices is CD or USB flash disk kind equipment, and monitoring program is monitored carrying out safety means, when information safety devices finish URL piece together operation after, monitoring program is obtained URL, and automatic open any browser, fills URL in the relevant position;

Unit second, be used for when the device type of information safety devices is non-CD and USB flash disk kind equipment, information safety devices simulation power-on and power-off, again state that to computer its device type is CD or USB flash disk kind equipment, start AutoPlay function, make the computer starting browser by AutoPlay function, and fill URL in the relevant position.

The reception parsing module 803A of Website server 803 specifically comprises:

First module is used to receive URL, and according to the resolution rules of making an appointment, URL is resolved, and obtains landing authorization information and dynamic password;

Perhaps

Unit second is used to receive URL, and according to the reversible algorithm of predetermined algorithm in advance, URL is carried out inverse transformation, and URL in the middle of obtaining according to the resolution rules of making an appointment, resolves middle URL again, obtains logon information and dynamic password.

The authentication module 803B of Website server 803 specifically comprises:

First searches the unit, is used for searching the static password of the user name correspondence of its storage inside according to the user name of landing authorization information;

First comparing unit is used for the static password that lands authorization information is compared with the static password that finds;

If identical, then land authorization information and be proved to be successful;

If different, then land the authorization information authentication failed.

Under a kind of execution mode, the authentication module 803B of Website server 803 also comprises:

Second searches the unit, is used for according to landing the user name of authorization information, searches the seed information and the dynamic factor of the information safety devices correspondence that the user of its storage inside holds;

The dynamic password generation unit is used for generating dynamic password according to seed information and dynamic factor;

Second comparing unit is used for the dynamic password that generates is compared with the dynamic password that parses;

If identical, then dynamic password verification success;

If different, then dynamic password verification failure.

Under the another kind of execution mode, the authentication module 803B of Website server 803 also comprises:

Second searches the unit, is used for according to landing the user name of authorization information, searches the seed information and the dynamic factor of the information safety devices correspondence that the user of its storage inside holds;

The dynamic password generation unit is used for generating at least one dynamic password according to seed information and dynamic factor;

Second comparing unit is used for the dynamic password that generates is compared with the dynamic password that parses;

If have a dynamic password identical in the dynamic password that generates with the dynamic password that parses, then dynamic password verification success;

If there be not the dynamic password identical in the dynamic password that generates with the dynamic password that parses, the dynamic password verification failure.

Wherein, the dynamic password generation modules 801B of information safety devices 801 generates the dynamic factor that dynamic password uses and is time or incident;

Accordingly, when 801 service times of information safety devices generated dynamic password as dynamic factor, Website server 803 also comprised:

Judge module 803C is used to judge whether the dynamic password that information safety devices 801 generates used;

If used, then dynamic cipher verification failure;

If do not use, then verify dynamic password.

Through the above description of the embodiments, the those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.And, a kind of safe login system that is provided in the present embodiment, supported in the method that can from embodiment 1 to embodiment 7, be provided, can be corresponding in the function of described each module and the method.

The embodiment of the invention provides a kind of system that lands safely, and the automatic input by information safety devices realization username and password has increased the convenience that the website is landed; And the checking that has added dynamic password in landfall process has increased the fail safe of account; Also the URL that lands is improved simultaneously, make that the process of landing is safer.

Below only be preferred embodiment of the present invention, or not within the spirit and principles in the present invention not all in order to restriction the present invention, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (66)

1, a kind of method that lands safely is characterized in that, described method comprises:

Information safety devices and computer connect;

Described information safety devices generate dynamic password and according to described dynamic password and storage inside thereof land authorization information, website information is pieced together and is landed URL;

The automatic open any browser of described computer is filled the described URL that lands, and sends the described URL of landing to Website server;

Described Website server receives the described URL that lands, and the described URL of landing is resolved, and obtains described authorization information and the described dynamic password of landing;

Described Website server lands authorization information and described dynamic password is verified to described;

If all checking is correct, then land success, return the page that lands success;

Otherwise, land failure.

2, the method for claim 1 is characterized in that, before described information safety devices and computer connected, described method also comprised:

Described computer is installed monitoring program, and whether described monitoring program is used to monitor described information safety devices and generates and land URL, and obtains the described URL of landing after information safety devices generates the described URL of landing, and open any browser is landed the website automatically.

3, the method for claim 1 is characterized in that, described information safety devices generates before the dynamic password, and described method also comprises:

Described information safety devices and/or described computer prompted user input validation information;

When described information safety devices and/or described computer receive the affirmation information of user's input, described information safety devices generates dynamic password.

4, method as claimed in claim 3 is characterized in that, described information safety devices and/or described computer prompted user input validation information specifically comprise:

Described information safety devices is pointed out user's input validation information by the mode that display screen shows;

And/or

Described information safety devices is pointed out user's input validation information by the mode of voice broadcast;

And/or

Described computer is by its display screen prompting user input validation information.

5, the method for claim 1 is characterized in that, described information safety devices generates before the dynamic password, and described method also comprises:

Identity to the user is verified.

6, method as claimed in claim 5 is characterized in that, described identity to described user is verified specifically and comprised:

Verify described user's PIN code;

And/or

Described user is carried out living things feature recognition.

7, the method for claim 1 is characterized in that, the described authorization information of landing comprises user name, static password at least;

Described website information comprises URL address, website, virtual Domain Name.

8, the method for claim 1 is characterized in that, described information safety devices according to described dynamic password and storage inside thereof land authorization information, website information is pieced together and is landed URL, specifically comprise:

Described information safety devices is according to the URL rule of standard, with described dynamic password and storage inside thereof land authorization information, website information scrabbles up and lands URL;

Perhaps

Described information safety devices is according to the rule of making an appointment with described Website server, with described dynamic password and storage inside thereof land authorization information, website information scrabbles up and lands URL;

Perhaps

Described information safety devices is according to the URL rule of standard or the rule of making an appointment with described Website server, land authorization information, website information and described dynamic password according to its storage inside scrabble up middle URL, and described information safety devices uses pre-defined algorithm to carry out inverible transform to URL in the middle of described and obtains URL.

9, method as claimed in claim 8, it is characterized in that, the rule of making an appointment with described Website server is described information safety devices and described Website server keyword, the list separator of arranging URL jointly, pieces together order, combined method, can reach described information safety devices and described Website server and all discern and therefrom can parse dynamic password and the described rule of landing authorization information.

10, method as claimed in claim 8 is characterized in that, described pre-defined algorithm comprises the base64 encryption algorithm.

11, method as claimed in claim 2 is characterized in that, the automatic open any browser of described computer is filled described URL, realizes by described monitoring program.

12, the method for claim 1 is characterized in that, described Website server is resolved the described URL of landing, and specifically comprises:

Described Website server is resolved the described URL of landing according to the URL rule of standard, obtains landing authorization information and dynamic password;

Perhaps

Described Website server according to the rule of described Website server agreement, the described URL of landing is resolved, obtain landing authorization information and dynamic password;

Perhaps

But described Website server basis is the inverse approach of predetermined algorithm in advance, the described URL of landing is carried out inverse transformation, and URL in the middle of obtaining is again according to the URL rule of standard or the rule of making an appointment with described Website server, URL in the middle of described is resolved, obtain logon information and dynamic password.

13, the method for claim 1 is characterized in that, described Website server is verified the described authorization information of landing, specifically comprised:

Described Website server is searched the static password of the described user name correspondence of its storage inside according to the described user name of landing in the authorization information;

The described static password that lands in the authorization information is compared with the described static password that finds;

If identical, then describedly land authorization information and be proved to be successful;

If different, the then described authorization information authentication failed of landing.

14, the method for claim 1 is characterized in that, described Website server is verified described dynamic password, specifically comprised:

Described Website server is according to the described user name of landing in the authorization information, search the seed information and the dynamic factor of the information safety devices correspondence that the described user of its storage inside holds, and, the dynamic password of described generation is compared with the dynamic password that parses according to described seed information and described dynamic factor generation dynamic password;

If identical, then described dynamic password verification success;

If different, then described dynamic password verification failure.

15, the method for claim 1 is characterized in that, described Website server is verified described dynamic password, specifically comprised:

Described Website server is according to the described user name of landing in the authorization information, search the seed information and the dynamic factor of the information safety devices correspondence that the described user of its storage inside holds, and generate at least one dynamic password according to described seed information and described dynamic factor, the dynamic password of described generation is compared with the dynamic password that parses;

If there is a dynamic password identical in the dynamic password of described generation with the described dynamic password that parses, then described dynamic password verification success;

If do not have and the identical dynamic password of the described dynamic password that parses in the dynamic password of described generation, described dynamic password verification failure.

16, the method for claim 1 is characterized in that, the dynamic factor that described information safety devices generation dynamic password uses is time or incident;

Accordingly, when described information safety devices service time generated dynamic password as dynamic factor, described Website server verified that before the described dynamic password, described method also comprises:

Judge whether the dynamic password that described information safety devices generates used;

If used, then described dynamic cipher verification failure;

If do not use, then verify described dynamic password.

17, a kind of method that lands safely is characterized in that, described method comprises:

Information safety devices and computer connect, and report from as USB flash disk or compact disk equipment to described computer, start automatic running program;

Described information safety devices generate dynamic password and according to described dynamic password and storage inside thereof land authorization information, website information is pieced together and is landed URL;

The automatic open any browser of described computer is filled the described URL that lands, and sends the described URL of landing to Website server;

Described Website server receives the described URL that lands, and the described URL of landing is resolved, and obtains described authorization information and the described dynamic password of landing;

Described Website server lands authorization information and described dynamic password is verified to described;

If all checking is correct, then land success, return the page that lands success;

Otherwise, land failure.

18, method as claimed in claim 17 is characterized in that, described startup automatic running program also comprises:

Described information safety devices is installed monitoring program in described computer by automatic running program, whether described monitoring program is used to monitor described information safety devices and generates and land URL, and after generating the described URL of landing, information safety devices obtains the described URL of landing, automatically open any browser is landed the website.

19, method as claimed in claim 17 is characterized in that, described information safety devices generates before the dynamic password, and described method also comprises:

Identity to the user is verified.

20, method as claimed in claim 19 is characterized in that, described identity to described user is verified specifically and comprised:

Verify described user's PIN code;

And/or

Described user is carried out living things feature recognition.

21, method as claimed in claim 17 is characterized in that, the described authorization information of landing comprises user name, static password at least;

Described website information comprises URL address, website, virtual Domain Name.

As claim 17 or 18 described methods, it is characterized in that 22, the automatic open any browser of described computer is filled the described URL that lands, concrete comprises:

Described computer is filled the described URL that lands by the automatic open any browser of described automatic running program;

Perhaps

Described computer is filled the described URL that lands by the automatic open any browser of described monitoring program.

As claim 17 or 18 described methods, it is characterized in that 23, described information safety devices also comprises before generating dynamic password:

Described information safety devices and/or described computer prompted user input validation information; When described information safety devices and/or described computer receive the affirmation information of user's input, described information safety devices generates dynamic password;

Perhaps

Described monitoring program after the installation, notifies described information safety devices to generate dynamic password in described computer.

24, method as claimed in claim 23 is characterized in that, described information safety devices and/or described computer prompted user input validation information specifically comprise:

Described information safety devices is pointed out user's input validation information by the mode that display screen shows;

And/or

Described information safety devices is pointed out user's input validation information by the mode of voice broadcast;

And/or

Described computer is by its display screen prompting user input validation information.

25, method as claimed in claim 17 is characterized in that, described information safety devices according to described dynamic password and storage inside thereof land authorization information, website information is pieced together and is landed URL, specifically comprise:

Described information safety devices is according to the URL rule of standard, with described dynamic password and storage inside thereof land authorization information, website information scrabbles up and lands URL;

Perhaps

Described information safety devices is according to the rule of making an appointment with described Website server, with described dynamic password and storage inside thereof land authorization information, website information scrabbles up and lands URL;

Perhaps

Described information safety devices is according to the URL rule of standard or the rule of making an appointment with described Website server, land authorization information, website information and described dynamic password according to its storage inside scrabble up middle URL, and described information safety devices uses pre-defined algorithm to carry out inverible transform to URL in the middle of described and obtains URL.

26, method as claimed in claim 25, it is characterized in that, the rule of making an appointment with described Website server is described information safety devices and described Website server keyword, the list separator of arranging URL jointly, pieces together order, combined method, can reach described information safety devices and described Website server and all discern and therefrom can parse dynamic password and the described rule of landing authorization information.

27, method as claimed in claim 25 is characterized in that, described pre-defined algorithm comprises the base64 encryption algorithm.

28, method as claimed in claim 17 is characterized in that, described Website server is resolved the described URL of landing, and specifically comprises:

Described Website server is resolved the described URL of landing according to the URL rule of standard, obtains landing authorization information and dynamic password;

Perhaps

Described Website server according to the rule of described Website server agreement, the described URL of landing is resolved, obtain landing authorization information and dynamic password;

Perhaps

But described Website server basis is the inverse approach of predetermined algorithm in advance, the described URL of landing is carried out inverse transformation, and URL in the middle of obtaining is according to the URL of the standard rule or the rule of making an appointment with described Website server, URL in the middle of described is resolved, obtain logon information and dynamic password.

29, method as claimed in claim 17 is characterized in that, described Website server is verified the described authorization information of landing, specifically comprised:

Described Website server is searched the static password of the described user name correspondence of its storage inside according to the described user name of landing in the authorization information;

The described static password that lands in the authorization information is compared with the described static password that finds;

If identical, then describedly land authorization information and be proved to be successful;

If different, the then described authorization information authentication failed of landing.

30, method as claimed in claim 17 is characterized in that, described Website server is verified described dynamic password, specifically comprised:

Described Website server is according to the described user name of landing in the authorization information, search the seed information and the dynamic factor of the information safety devices correspondence that the described user of its storage inside holds, and, the dynamic password of described generation is compared with the dynamic password that parses according to described seed information and described dynamic factor generation dynamic password;

If identical, then described dynamic password verification success;

If different, then described dynamic password verification failure.

31, method as claimed in claim 17 is characterized in that, described Website server is verified described dynamic password, specifically comprised:

Described Website server is according to the described user name of landing in the authorization information, search the seed information and the dynamic factor of the information safety devices correspondence that the described user of its storage inside holds, and generate at least one dynamic password according to described seed information and described dynamic factor, the dynamic password of described generation is compared with the dynamic password that parses;

If there is a dynamic password identical in the dynamic password of described generation with the described dynamic password that parses, then described dynamic password verification success;

If do not have and the identical dynamic password of the described dynamic password that parses in the dynamic password of described generation, described dynamic password verification failure.

32, method as claimed in claim 17 is characterized in that, the dynamic factor that described information safety devices generation dynamic password uses is time or incident;

Accordingly, when described information safety devices service time generated dynamic password as dynamic factor, described Website server verified that before the described dynamic password, described method also comprises:

Judge whether the dynamic password that described information safety devices generates used;

If used, then described dynamic cipher verification failure;

If do not use, then verify described dynamic password.

33, a kind of method that lands safely is characterized in that, described method comprises:

Information safety devices and computer connect;

Information safety devices receives the affirmation information of user's input, and reporting the equipment of itself type to described computer is USB flash disk or compact disk equipment, starts automatic running program;

Described information safety devices generate dynamic password and according to described dynamic password and storage inside thereof land authorization information, website information is pieced together and is landed URL;

The automatic open any browser of described computer is filled the described URL that lands, and sends the described URL of landing to Website server;

Described Website server receives the described URL that lands, and the described URL of landing is resolved, and obtains described authorization information and the described dynamic password of landing;

Described Website server lands authorization information and described dynamic password is verified to described;

If all checking is correct, then land success, return the page that lands success;

Otherwise, land failure.

34, method as claimed in claim 33 is characterized in that, described information safety devices and computer connect, and specifically comprise:

Information safety devices and computer connect, and do not report the equipment of itself type, only carry out power taking;

Perhaps

Information safety devices and computer connect, and the device type of reporting oneself to described computer is non-CD or USB flash disk equipment.

35, method as claimed in claim 33 is characterized in that, described information safety devices receives before the affirmation information of user's input, also comprises:

Described information safety devices and/or described computer prompted user input validation information.

36, method as claimed in claim 35 is characterized in that, described information safety devices and/or described computer prompted user input validation information specifically comprise:

Described information safety devices is pointed out user's input validation information by the mode that display screen shows;

And/or

Described information safety devices is pointed out user's input validation information by the mode of voice broadcast;

And/or

Described computer is by its display screen prompting user input validation information.

37, method as claimed in claim 33 is characterized in that, described startup automatic running program also comprises:

Described information safety devices is installed monitoring program in described computer by automatic running program, whether described monitoring program is monitored described information safety devices and is generated and land URL, and after generating the described URL of landing, information safety devices obtains the described URL of landing, automatically open any browser is landed the website.

38, method as claimed in claim 33 is characterized in that, described information safety devices generates before the dynamic password, and described method also comprises:

Identity to described user is verified.

39, method as claimed in claim 38 is characterized in that, described identity to described user is verified specifically and comprised:

Verify described user's PIN code;

And/or

Described user is carried out living things feature recognition.

40, method as claimed in claim 33 is characterized in that, the described authorization information of landing comprises user name, static password at least;

Described website information comprises URL address, website, virtual Domain Name.

41, method as claimed in claim 33 is characterized in that, the automatic open any browser of described computer is filled the described URL that lands, and concrete comprises:

Described computer is filled the described URL that lands by the automatic open any browser of described automatic running program;

Perhaps

Described computer is filled the described URL that lands by the automatic open any browser of described monitoring program.

42, method as claimed in claim 41 is characterized in that, when described computer by the automatic open any browser of described monitoring program, fill describedly when landing URL, described information equipment also comprises before generating dynamic password:

Described information safety devices and/or described computer prompted user import second confirmation;

Receive second confirmation of user's input when described information safety devices and/or described computer after, described information safety devices generates dynamic password;

Perhaps

Described monitoring program after the installation, notifies described information safety devices to generate dynamic password in described computer.

43, method as claimed in claim 42 is characterized in that, described information safety devices and/or described computer prompted user import second confirmation, specifically comprise:

Described information safety devices points out the user to import second confirmation by the mode that display screen shows;

And/or

Described information safety devices points out the user to import second confirmation by the mode of voice broadcast;

And/or

Described computer is imported second confirmation by its display screen prompting user.

44, method as claimed in claim 33 is characterized in that, described information safety devices according to described dynamic password and storage inside thereof land authorization information, website information is pieced together and is landed URL, specifically comprise:

Described information safety devices is according to the URL rule of standard, with described dynamic password and storage inside thereof land authorization information, website information scrabbles up and lands URL;

Perhaps

Described information safety devices is according to the rule of making an appointment with described Website server, with described dynamic password and storage inside thereof land authorization information, website information scrabbles up and lands URL;

Perhaps

Described information safety devices is according to the URL rule of standard or the rule of making an appointment with described Website server, land authorization information, website information and described dynamic password according to its storage inside scrabble up middle URL, and described information safety devices uses pre-defined algorithm to carry out inverible transform to URL in the middle of described and obtains URL.

45, method as claimed in claim 44, it is characterized in that, the rule of making an appointment with described Website server is described information safety devices and described Website server keyword, the list separator of arranging URL jointly, pieces together order, combined method, can reach described information safety devices and described Website server and all discern and therefrom can parse dynamic password and the described rule of landing authorization information.

46, method as claimed in claim 44 is characterized in that, described pre-defined algorithm comprises the base64 encryption algorithm.

47, method as claimed in claim 33 is characterized in that, described Website server is resolved the described URL of landing, and specifically comprises:

Described Website server is resolved the described URL of landing according to the URL rule of standard, obtains landing authorization information and dynamic password;

Perhaps

Described Website server according to the rule of described Website server agreement, the described URL of landing is resolved, obtain landing authorization information and dynamic password;

Perhaps

But described Website server basis is the inverse approach of predetermined algorithm in advance, the described URL of landing is carried out inverse transformation, and URL in the middle of obtaining is according to the URL of the standard rule or the rule of making an appointment with described Website server, URL in the middle of described is resolved, obtain logon information and dynamic password.

48, method as claimed in claim 33 is characterized in that, described Website server is verified the described authorization information of landing, specifically comprised:

Described Website server is searched the static password of the described user name correspondence of its storage inside according to the described user name of landing in the authorization information;

The described static password that lands in the authorization information is compared with the described static password that finds;

If identical, then describedly land authorization information and be proved to be successful;

If different, the then described authorization information authentication failed of landing.

49, method as claimed in claim 33 is characterized in that, described Website server is verified described dynamic password, specifically comprised:

Described Website server is according to the described user name of landing in the authorization information, search the seed information and the dynamic factor of the information safety devices correspondence that the described user of its storage inside holds, and, the dynamic password of described generation is compared with the dynamic password that parses according to described seed information and described dynamic factor generation dynamic password;

If identical, then described dynamic password verification success;

If different, then described dynamic password verification failure.

50, method as claimed in claim 33 is characterized in that, described Website server is verified described dynamic password, specifically comprised:

Described Website server is according to the described user name of landing in the authorization information, search the seed information and the dynamic factor of the information safety devices correspondence that the described user of its storage inside holds, and generate at least one dynamic password according to described seed information and described dynamic factor, the dynamic password of described generation is compared with the dynamic password that parses;

If there is a dynamic password identical in the dynamic password of described generation with the described dynamic password that parses, then described dynamic password verification success;

If do not have and the identical dynamic password of the described dynamic password that parses in the dynamic password of described generation, described dynamic password verification failure.

51, method as claimed in claim 33 is characterized in that, the dynamic factor that described information safety devices generation dynamic password uses is time or incident;

Accordingly, when described information safety devices service time generated dynamic password as dynamic factor, described Website server verified that before the described dynamic password, described method also comprises:

Judge whether the dynamic password that described information safety devices generates used;

If used, then described dynamic cipher verification failure;

If do not use, then verify described dynamic password.

52, a kind of system that lands safely is characterized in that, described system comprises: information safety devices, computer and Website server;

Described information safety devices comprises:

Link block is used for described information safety devices and described computer connects;

Dynamic password generation modules is used to generate dynamic password;

URL pieces together module, be used for according to described dynamic password and storage inside thereof land authorization information, website information is pieced together URL, the described authorization information of landing comprises user name and static password at least;

Described computer comprises:

Open packing module, be used for, and fill described URL in the relevant position of browser by automatic running program or the automatic open any browser of monitoring program;

Sending module is used to send described URL to described Website server;

Described Website server comprises:

Receive parsing module, be used to receive described URL, described URL is resolved, obtain described authorization information and the described dynamic password of landing;

Authentication module is used for landing authorization information and described dynamic password is verified to described, if all checking is correct, then lands success, returns the page that lands success, otherwise, land failure.

53, system as claimed in claim 52 is characterized in that, described information safety devices also comprises:

Reminding module is used to point out the user's input validation information and/or second confirmation;

Receiver module is used to receive the affirmation information and/or second confirmation that the user imports;

Accordingly, described dynamic password generation modules is used for:

After described receiver module receives the described confirmation or second confirmation, generate dynamic password.

54, system as claimed in claim 52 is characterized in that, described information safety devices also comprises:

Declaration module is used for the device type of described information safety devices to described computer statement self, and described device type comprises CD or USB flash disk kind equipment and non-CD and USB flash disk kind equipment;

Initialization module is used for carrying out initialization according to the device type of described information safety devices;

After described initialization is finished, described reminding module prompting user input validation information.

55, system as claimed in claim 54 is characterized in that, described initialization module specifically comprises:

First module is used for when device type that described computer is not pre-installed monitoring program and described information safety devices is CD or USB flash disk kind equipment, and CD that provides by computer system or USB flash disk be the function on automatic running program of operation automatically; The monitoring program that described automatic running program will be stored in the described information safety devices is installed in the described computer automatically;

Unit second is used for when device type that described computer is not pre-installed monitoring program and described information safety devices is non-CD and USB flash disk kind equipment, and described information safety devices is from the interface power taking of described computer.

56, system as claimed in claim 53 is characterized in that, described reminding module specifically comprises:

Display unit, be used for the mode that shows by display screen point out user's input validation information;

And/or

Voice unit is used for pointing out user's input validation information by the mode of voice broadcast.

57, system as claimed in claim 52 is characterized in that, described information safety devices also comprises:

Authentication module is used for described user's identity is verified.

58, system as claimed in claim 57 is characterized in that, described authentication module specifically comprises:

First module is used to verify described user's PIN code;

And/or

Unit second is used for described user is carried out living things feature recognition.

59, system as claimed in claim 52 is characterized in that, described URL pieces together module, specifically comprises:

First module is used for piecing together rule according to the URL of standard, with described dynamic password and storage inside thereof land authorization information, website information scrabbles up URL;

Perhaps

Unit second is used for according to the rule of making an appointment with described Website server, with dynamic password and storage inside thereof land authorization information, website information scrabbles up URL;

Perhaps

Unit the 3rd, be used for URL according to standard piece together rule or with the resolution rules of described Website server agreement, land authorization information, website information and described dynamic password according to its storage inside scrabble up middle URL, and described information safety devices uses pre-defined algorithm to carry out inverible transform to URL in the middle of described and obtains landing URL.

60, system as claimed in claim 59 is characterized in that, described pre-defined algorithm comprises the base64 encryption algorithm.

61, system as claimed in claim 55 is characterized in that, the packing module of opening of described computer specifically comprises:

First module, be used for when the device type of described information safety devices is CD or USB flash disk kind equipment, described monitoring program is monitored the described safety means that carry out, when described information safety devices finish described URL piece together operation after, described monitoring program is obtained described URL, and automatic open any browser, fill described URL in the relevant position;

Unit second, be used for when the device type of described information safety devices is non-CD and USB flash disk kind equipment, described information safety devices simulation power-on and power-off, again state that to described computer its device type is CD or USB flash disk kind equipment, start AutoPlay function, make the computer starting browser by described AutoPlay function, and fill described URL in the relevant position.

62, system as claimed in claim 52 is characterized in that, the reception parsing module of described Website server specifically comprises:

First module is used to receive described URL, and according to the resolution rules of making an appointment, described URL is resolved, and obtains landing authorization information and dynamic password;

Perhaps

Unit second is used to receive described URL, and according to the reversible algorithm of predetermined algorithm in advance, described URL is carried out inverse transformation, and URL in the middle of obtaining again according to the resolution rules of making an appointment, resolves URL in the middle of described, obtains logon information and dynamic password.

63, system as claimed in claim 52 is characterized in that, the authentication module of described Website server specifically comprises:

First searches the unit, is used for the user name of landing authorization information according to described, searches the static password of the described user name correspondence of its storage inside;

First comparing unit is used for the described static password that lands authorization information is compared with the described static password that finds;

If identical, then describedly land authorization information and be proved to be successful;

If different, the then described authorization information authentication failed of landing.

64, system as claimed in claim 52 is characterized in that, the authentication module of described Website server also comprises:

Second searches the unit, is used for the user name of landing authorization information according to described, searches the seed information and the dynamic factor of the information safety devices correspondence that the described user of its storage inside holds;

The dynamic password generation unit is used for generating dynamic password according to described seed information and described dynamic factor;

Second comparing unit is used for the dynamic password of described generation is compared with the dynamic password that parses;

If identical, then described dynamic password verification success;

If different, then described dynamic password verification failure.

65, system as claimed in claim 52 is characterized in that, described Website server authentication module also comprises:

Second searches the unit, is used for the user name of landing authorization information according to described, searches the seed information and the dynamic factor of the information safety devices correspondence that the described user of its storage inside holds;

The dynamic password generation unit is used for generating at least one dynamic password according to described seed information and described dynamic factor;

Second comparing unit is used for the dynamic password of described generation is compared with the dynamic password that parses;

If there is a dynamic password identical in the dynamic password of described generation with the described dynamic password that parses, then described dynamic password verification success;

If do not have and the identical dynamic password of the described dynamic password that parses in the dynamic password of described generation, described dynamic password verification failure.

66, system as claimed in claim 52 is characterized in that, the dynamic factor that the dynamic password generation modules generation dynamic password of described information safety devices uses is time or incident;

Accordingly, when described information safety devices service time generated dynamic password as dynamic factor, described Website server also comprised:

Judge module is used to judge whether the dynamic password that described information safety devices generates used;

If used, then described dynamic cipher verification failure;

If do not use, then verify described dynamic password.

Images