CN102571341A - Authentication system and method based on dynamic image - Google Patents
Authentication system and method based on dynamic image Download PDFInfo
- Publication number
- CN102571341A CN102571341A CN2010106213982A CN201010621398A CN102571341A CN 102571341 A CN102571341 A CN 102571341A CN 2010106213982 A CN2010106213982 A CN 2010106213982A CN 201010621398 A CN201010621398 A CN 201010621398A CN 102571341 A CN102571341 A CN 102571341A
- Authority
- CN
- China
- Prior art keywords
- dynamic image
- server
- random sequence
- ciphertext
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Collating Specific Patterns (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides an authentication system and method based on a dynamic image. The authentication system based on the dynamic image comprises an encryption machine, a dynamic image generator, a first server, a user terminal and a second server, wherein the encryption machine is used for transmitting a random sequence, a random sequence cipher text and one-to-one corresponding relation to the dynamic image generator and analyzing code position information to obtain a code; the dynamic image generator is used for generating a task descriptor and transmitting a dynamic image and the task descriptor to the first server; the first server is used for transmitting the dynamic image and the task descriptor to the user terminal; the user terminal is used for transmitting the code position information and the task descriptor to the second server; and the second server is used for obtaining the random sequence cipher text from the image generator and obtaining a code cipher text from the encryption machine. The authentication system and method disclosed by the invention have the advantages of guarantee on the safety, lower cost and convenience in use.
Description
Technical field
The present invention relates to Verification System, relate in particular to remote authentication method based on dynamic image.
Background technology
Because it is also more and more wider that the develop rapidly of industries such as bank, traffic, network, communication, information security have been penetrated into the related field of various aspects and the information security of people's daily life.The difficulty and the importance of information security are also more and more outstanding.Identity authentication is just more and more paid attention to by people as the core technology of information security industry.Usually image authentication sign indicating number and information safety devices carry out identity authentication.
The image authentication sign indicating number is the image that a width of cloth contains character or numeral, and this characters in images or data are guaranteeing under the identifiable prerequisite of human vision usually, is twisted or adds some noises, to increase the difficulty of automatic program identification.Utilizing the image authentication sign indicating number to carry out identity when assert, system can require the user to answer in this image, to have shown which literal or character, when system is correctly answered, confirmed as authentication and pass through, otherwise do not pass through.
For the image authentication sign indicating number; Malicious user can be agreed to pull the whole identifying code image that contains alphabet through machine program very much; Crack means through character separation etc. then, extract alphabet, thereby can crack the picture identifying code of publishing picture from background noise.Therefore, the risk that is cracked is bigger, and fail safe is not high.
Information safety devices (for example being USB Key, time dynamic password generator) is connected with computer through the data communication interface of computer, and has the key systematic function, but the safe storage key presets AES.The information safety devices computing relevant with key allows in that device is inner fully, and intelligent key apparatus has anti-characteristic of attacking, and fail safe is higher.But the common cost of information safety devices is higher, and the user need carry, and uses comparatively trouble.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of Verification System and authentication method based on dynamic image, when guaranteeing fail safe, cost is lower and easy to use.
To achieve these goals, the present invention provides a kind of Verification System based on dynamic image, and said Verification System comprises:
Encryption equipment; It is configured to respond, and the dynamic image that comes from the dynamic image maker generates the request generation and there is the random sequence of one-to-one relationship in keying sequence and according to first AES it is encrypted generation random sequence ciphertext; Random sequence, random sequence ciphertext and one-to-one relationship are sent to the dynamic image maker, and according to first AES, random sequence ciphertext and one-to-one relationship password position information are resolved and to obtain password and it to be encrypted to generate and send the password ciphertext to second server according to second AES;
The dynamic image maker; It is configured to generate request in response to the dynamic image from first server and generates task descriptor and dynamic image generation request is forwarded to encryption equipment; In conjunction with the random sequence ciphertext of task descriptor storage from encryption equipment; Generation comprises the dynamic image of random sequence, keying sequence and both one-to-one relationships, sends dynamic image and task descriptor to the first server;
First server, it is configured to generate and send the dynamic image generation and asks to the dynamic image maker dynamic image that receives and task descriptor to be forwarded to user terminal;
User terminal, its be configured to be used for from the first server receiving dynamic image and task descriptor and send password position information and task descriptor to second server;
Second server; Be used for to be sent to from the task descriptor that user terminal receives image composer and obtain dynamic password position ciphertext; Dynamic password position ciphertext is sent encryption equipment with the dynamic password positional information, and obtain the password ciphertext from said encryption equipment.
Preferably, in Verification System of the present invention, said Verification System also comprises transaction processor, wherein
Said second server further is configured to generate the transaction message that comprises password ciphertext and transaction data and this transaction message is sent to transaction processor;
Said transaction processor is configured to obtain this transaction message, handles this transaction message, generates and sends the transaction message processing result information to second server.
Preferably, in Verification System of the present invention, said second server further is configured to is forwarded to said user terminal with said transaction message processing result information.
Preferably, in Verification System of the present invention, said first AES is identical with second AES.
Preferably, in Verification System of the present invention, said first AES is different with second AES.
The present invention also provides the method for carrying out authentication of the Verification System of a kind of utilization based on dynamic image, and said Verification System comprises encryption equipment, dynamic image maker, first server, user terminal and second server, and said authentication method may further comprise the steps:
A1, first server generate and send the dynamic image generation and ask to the dynamic image maker;
A2, dynamic image maker generate task descriptor and transmit said dynamic image generation and ask to encryption equipment;
A3, said encryption equipment generate with keying sequence and have the random sequence of one-to-one relationship and according to first AES it is encrypted generation random sequence ciphertext, and random sequence, random sequence ciphertext and one-to-one relationship are sent to the dynamic image maker;
A4, said dynamic image maker combine task descriptor storage random sequence ciphertext, generate the dynamic image that comprises random sequence, keying sequence and both one-to-one relationships;
A5, said dynamic image maker send dynamic image and task descriptor to the first server;
A6, first server are forwarded to user terminal with said dynamic image and task descriptor;
A7, said user terminal receive said dynamic image and task descriptor, and through said user terminal input password position information, said service terminal is sent in second server with password position information and task descriptor;
A8, said second server are sent to the dynamic image maker to obtain the random sequence ciphertext with task descriptor, and random sequence ciphertext and password position information are sent to encryption equipment;
A9, said encryption equipment resolve password position information according to first AES, random sequence ciphertext and one-to-one relationship and obtain password and with being sent to second server after the password encryption to carry out authentication.
Preferably, in authentication method of the present invention, said Verification System also comprises transaction processor, wherein steps A 9 further following steps:
Second server generates the transaction message that comprises password ciphertext and transaction data and this transaction message is sent to transaction processor;
Transaction processor obtains this transaction message, handles this transaction message, generates and sends the transaction message processing result information to second server.
Preferably, in authentication method of the present invention, steps A 9 further following steps:
Said second server is forwarded to said user terminal with said transaction message processing result information.
Preferably, in authentication method of the present invention, said first AES is identical with second AES.
Preferably, in authentication method of the present invention, said first AES is different with second AES.
Technique effect of the present invention is: when guaranteeing fail safe, cost is lower and easy to use.
Description of drawings
Fig. 1 is the schematic diagram according to the Verification System of embodiment of the present invention;
Fig. 2 is the sketch map according to the dynamic image of embodiment of the present invention;
Fig. 3 is the indicative flowchart according to the authentication method of embodiment of the present invention.
Embodiment
To combine accompanying drawing to describe the preferred embodiments of the present invention in detail below, identical in the accompanying drawings reference number is represented components identical.
Fig. 1 is the schematic diagram according to the Verification System of embodiment of the present invention.As shown in the figure, this Verification System comprises encryption equipment 10, dynamic image maker 20, first server 30, user terminal 40, second server 50 and transaction processor 60.
Dynamic image maker 20 generates request in response to the dynamic image from first server 30 and generates task descriptor and dynamic image generation request is forwarded to encryption equipment 10; In conjunction with the random sequence ciphertext of task descriptor storage from encryption equipment 10; Generation comprises the dynamic image (as shown in Figure 2) of random sequence, keying sequence and both one-to-one relationships, sends dynamic image and task descriptor to the first server 30;
First server 30 generates and sends the dynamic image generation and asks to dynamic image maker 20, and will be forwarded to user terminal 40 from dynamic image and the task descriptor that dynamic image composer 20 receives;
User terminal 40 is from first server, 30 receiving dynamic images and task descriptor and send password position information and task descriptor to second server 50;
Transaction processor 60 obtain from second server 50 transaction message, handle this transaction message, generate and send transaction message processing result information to second server 50.In view of being the common practise of this area for handling transaction message, this paper repeats no more at this.
Fig. 1 is the exemplary embodiment that is merely according to the Verification System based on dynamic image of the present invention.Those skilled in the art can also make amendment and not break away from protection scope of the present invention it.
For example, can omit transaction processing system 60.At this moment, password that first server 40 relatively receives and the password of storing in advance, if consistent, then definite authentication is passed through, and does not pass through otherwise confirm as authentication, and sends corresponding authentication through information informing user terminal 30.Perhaps after first server 40 receives Crypted password, Crypted password is deciphered.Carry out above-mentioned steps afterwards and carry out authentication.
Fig. 2 is the sketch map according to the dynamic image of embodiment of the present invention.As shown in the figure, dynamic image maker 10 generates dynamic image as shown in Figure 2, and wherein in Fig. 2, last row is a random sequence, and following row is a keying sequence.Though, in Fig. 2, random sequence and keying sequence be depicted as comprise identical element, it also can comprise different elements, only need have one-to-one relationship between the two.For example, one in random sequence and the keying sequence is the sequence of numeral " 0-9 ", and another is literal " zero a-nines' " sequence.
On user terminal 30, the user is through user terminal 30 input password position information (being the positional information of each corresponding password) with this dynamic image output.For example, password is 927188, and the user then imports password position information 130577.This password position information and task descriptor are sent to first processor carry out handled, draw password thereby resolve by first processor.
Fig. 3 is the indicative flowchart according to the authentication method of embodiment of the present invention.
Authentication method of the present invention may further comprise the steps:
A1, first server generate and send the dynamic image generation and ask to the dynamic image maker;
A2, dynamic image maker generate task descriptor and transmit the dynamic image generation and ask to encryption equipment;
A3, encryption equipment generate with keying sequence and have the random sequence of one-to-one relationship and according to first AES it is encrypted generation random sequence ciphertext, and random sequence, random sequence ciphertext and one-to-one relationship are sent to the dynamic image maker;
A4, dynamic image maker combine task descriptor storage random sequence ciphertext, generate the dynamic image that comprises random sequence, keying sequence and both one-to-one relationships;
A5, dynamic image maker send dynamic image and task descriptor to the first server;
A6, first server are forwarded to user terminal with dynamic image and task descriptor;
A7, user terminal receiving dynamic image and task descriptor, through user terminal input password position information, service terminal is sent in second server with password position information and task descriptor;
A8, second server are sent to the dynamic image maker to obtain the random sequence ciphertext with task descriptor, and random sequence ciphertext and password position information are sent to encryption equipment;
A9, encryption equipment resolve password position information according to first AES, random sequence ciphertext and one-to-one relationship and obtain password and with being sent to second server after the password encryption to carry out authentication.
Steps A 9 further following steps: second server generates the transaction message that comprises password ciphertext and transaction data and this transaction message is sent to transaction processor; Transaction processor obtains this transaction message, handles this transaction message, generates and sends the transaction message processing result information to second server.Preferably, after second server is received the transaction message processing result information, the transaction message processing result information is forwarded to user terminal.
In the present invention, those skilled in the art first AES and second AES are set to identical or different according to actual needs.
In the present invention, first server and second server (perhaps user terminal) separately can guarantee that server does not obtain the password position information of random sequence and user input simultaneously, and guarantee that wherein steps A 5 can be on a link with A6.
In addition, have only user and encryption equipment can access the plaintext of PIN.Further guaranteed safety of data.
In view of these instructions, those of ordinary skill in the art will expect other embodiments of the invention, combination and modification easily.Therefore, when combining above-mentioned explanation and accompanying drawing to read, the present invention only is defined by the claims.
Claims (10)
1. the Verification System based on dynamic image is characterized in that, said Verification System comprises:
Encryption equipment; It is configured to respond, and the dynamic image that comes from the dynamic image maker generates the request generation and there is the random sequence of one-to-one relationship in keying sequence and according to first AES it is encrypted generation random sequence ciphertext; Random sequence, random sequence ciphertext and one-to-one relationship are sent to the dynamic image maker, and according to first AES, random sequence ciphertext and one-to-one relationship password position information are resolved and to obtain password and it to be encrypted to generate and send the password ciphertext to second server according to second AES;
The dynamic image maker; It is configured to generate request in response to the dynamic image from first server and generates task descriptor and dynamic image generation request is forwarded to encryption equipment; In conjunction with the random sequence ciphertext of task descriptor storage from encryption equipment; Generation comprises the dynamic image of random sequence, keying sequence and both one-to-one relationships, sends dynamic image and task descriptor to the first server;
First server, it is configured to generate and send the dynamic image generation and asks to the dynamic image maker dynamic image that receives and task descriptor to be forwarded to user terminal;
User terminal, its be configured to be used for from the first server receiving dynamic image and task descriptor and send password position information and task descriptor to second server;
Second server; Be used for to be sent to from the task descriptor that user terminal receives image composer and obtain dynamic password position ciphertext; Dynamic password position ciphertext is sent encryption equipment with the dynamic password positional information, and obtain the password ciphertext from said encryption equipment.
2. Verification System as claimed in claim 1 is characterized in that said Verification System also comprises transaction processor, wherein
Said second server further is configured to generate the transaction message that comprises password ciphertext and transaction data and this transaction message is sent to transaction processor;
Said transaction processor is configured to obtain this transaction message, handles this transaction message, generates and sends the transaction message processing result information to second server.
3. Verification System as claimed in claim 2 is characterized in that, said second server further is configured to is forwarded to said user terminal with said transaction message processing result information.
4. like each described Verification System in the claim 1 to 3, it is characterized in that said first AES is identical with second AES.
5. like each described Verification System in the claim 1 to 3, it is characterized in that said first AES is different with second AES.
6. a utilization is based on the method for carrying out authentication of the Verification System of dynamic image, and said Verification System comprises encryption equipment, dynamic image maker, first server, user terminal and second server, it is characterized in that, said authentication method may further comprise the steps:
A1, first server generate and send the dynamic image generation and ask to the dynamic image maker;
A2, dynamic image maker generate task descriptor and transmit said dynamic image generation and ask to encryption equipment;
A3, said encryption equipment generate with keying sequence and have the random sequence of one-to-one relationship and according to first AES it is encrypted generation random sequence ciphertext, and random sequence, random sequence ciphertext and one-to-one relationship are sent to the dynamic image maker;
A4, said dynamic image maker combine task descriptor storage random sequence ciphertext, generate the dynamic image that comprises random sequence, keying sequence and both one-to-one relationships;
A5, said dynamic image maker send dynamic image and task descriptor to the first server;
A6, first server are forwarded to user terminal with said dynamic image and task descriptor;
A7, said user terminal receive said dynamic image and task descriptor, and through said user terminal input password position information, said service terminal is sent in second server with password position information and task descriptor;
A8, said second server are sent to the dynamic image maker to obtain the random sequence ciphertext with task descriptor, and random sequence ciphertext and password position information are sent to encryption equipment;
A9, said encryption equipment resolve password position information according to first AES, random sequence ciphertext and one-to-one relationship and obtain password and with being sent to second server after the password encryption to carry out authentication.
7. authentication method as claimed in claim 6 is characterized in that said Verification System also comprises transaction processor, wherein steps A 9 further following steps:
Second server generates the transaction message that comprises password ciphertext and transaction data and this transaction message is sent to transaction processor;
Transaction processor obtains this transaction message, handles this transaction message, generates and sends the transaction message processing result information to second server.
8. authentication method as claimed in claim 7 is characterized in that, steps A 9 further following steps:
Said second server is forwarded to said user terminal with said transaction message processing result information.
9. like each described authentication method in the claim 6 to 8, it is characterized in that said first AES is identical with second AES.
10. like each described authentication method in the claim 6 to 8, it is characterized in that said first AES is different with second AES.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010621398.2A CN102571341B (en) | 2010-12-31 | 2010-12-31 | A kind of Verification System based on dynamic image and authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010621398.2A CN102571341B (en) | 2010-12-31 | 2010-12-31 | A kind of Verification System based on dynamic image and authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102571341A true CN102571341A (en) | 2012-07-11 |
| CN102571341B CN102571341B (en) | 2015-09-16 |
Family
ID=46415883
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010621398.2A Active CN102571341B (en) | 2010-12-31 | 2010-12-31 | A kind of Verification System based on dynamic image and authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102571341B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102801724A (en) * | 2012-08-09 | 2012-11-28 | 长城瑞通(北京)科技有限公司 | Identity authentication method combining graphic image with dynamic password |
| CN105095701A (en) * | 2014-05-06 | 2015-11-25 | 黄熙镜 | User authentication method and device and terminal equipment |
| CN106790495A (en) * | 2013-07-08 | 2017-05-31 | 玛链(上海)网络技术有限公司 | A kind of communication system and mobile terminal and background server |
| CN108563959A (en) * | 2018-04-24 | 2018-09-21 | 努比亚技术有限公司 | File encrypting method, device and computer storage media |
| CN113435897A (en) * | 2021-07-06 | 2021-09-24 | 中国银行股份有限公司 | Method and system for payment verification based on GIF dynamic picture processing |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101166091A (en) * | 2006-10-19 | 2008-04-23 | 阿里巴巴公司 | A dynamic password authentication method and service end system |
| KR20090016934A (en) * | 2007-08-13 | 2009-02-18 | 삼성전자주식회사 | Method and apparatus for providing user authentication function in portable communication system |
| CN101577697A (en) * | 2008-05-07 | 2009-11-11 | 深圳市络道科技有限公司 | Authentication method and authentication system for enforced bidirectional dynamic password |
-
2010
- 2010-12-31 CN CN201010621398.2A patent/CN102571341B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101166091A (en) * | 2006-10-19 | 2008-04-23 | 阿里巴巴公司 | A dynamic password authentication method and service end system |
| KR20090016934A (en) * | 2007-08-13 | 2009-02-18 | 삼성전자주식회사 | Method and apparatus for providing user authentication function in portable communication system |
| CN101577697A (en) * | 2008-05-07 | 2009-11-11 | 深圳市络道科技有限公司 | Authentication method and authentication system for enforced bidirectional dynamic password |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102801724A (en) * | 2012-08-09 | 2012-11-28 | 长城瑞通(北京)科技有限公司 | Identity authentication method combining graphic image with dynamic password |
| CN106790495A (en) * | 2013-07-08 | 2017-05-31 | 玛链(上海)网络技术有限公司 | A kind of communication system and mobile terminal and background server |
| CN106790017A (en) * | 2013-07-08 | 2017-05-31 | 江苏凌空网络股份有限公司 | The device that a kind of use bar code image is communicated |
| CN106850542A (en) * | 2013-07-08 | 2017-06-13 | 江苏凌空网络股份有限公司 | A kind of method that use bar code image is communicated |
| CN105095701A (en) * | 2014-05-06 | 2015-11-25 | 黄熙镜 | User authentication method and device and terminal equipment |
| CN108563959A (en) * | 2018-04-24 | 2018-09-21 | 努比亚技术有限公司 | File encrypting method, device and computer storage media |
| CN113435897A (en) * | 2021-07-06 | 2021-09-24 | 中国银行股份有限公司 | Method and system for payment verification based on GIF dynamic picture processing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102571341B (en) | 2015-09-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101710032B1 (en) | Apparatus and system for preventing product falsification based on electronic documents content and method thereof | |
| JP6296060B2 (en) | How to use an analog digital (AD) signature with additional confirmation to sign a document | |
| CN101897165B (en) | Method of authentication of users in data processing systems | |
| RU2018105186A (en) | VERIFICATION OF PORTABLE CONSUMER DEVICES | |
| CN110086608A (en) | User authen method, device, computer equipment and computer readable storage medium | |
| CN104008351B (en) | Window application completeness check system, method and device | |
| US20180211021A1 (en) | Authentication device, authentication system, and authentication method | |
| CN107302435B (en) | Identity information processing method and system and corresponding server | |
| CN107231331A (en) | Obtain, issue the implementation method and device of electronic certificate | |
| CN106888089A (en) | The method and system of Electronic Signature and the mobile communication terminal for Electronic Signature | |
| CN102769531A (en) | Identity authentication device and method thereof | |
| CN103929411B (en) | Information displaying method, terminal, safety server and system | |
| CN107592308A (en) | A kind of two server multiple-factor authentication method towards mobile payment scene | |
| CN106534171B (en) | Security authentication method, device and terminal | |
| US20150149784A1 (en) | Communication method utilizing fingerprint information authentication | |
| CN104361293B (en) | Method and device for generating and distinguishing paper anti-counterfeiting file | |
| CN107871081A (en) | A kind of computer information safe system | |
| JP2015088080A (en) | Authentication system, authentication method, and program | |
| CN106572082A (en) | Approval signature verifying method, mobile device, terminal device and system | |
| CN102571341A (en) | Authentication system and method based on dynamic image | |
| CN107465649A (en) | Control method of electronic device, terminal and control system | |
| CN105741116A (en) | Fast payment method, apparatus and system | |
| CN106503527A (en) | A kind of method and apparatus of electronic document fingerprint signature | |
| CN109299588A (en) | A kind of seal device and its method of affixing one's seal | |
| US20150379305A1 (en) | Digitised Handwritten Signature Authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |