CN102571341B - A kind of Verification System based on dynamic image and authentication method - Google Patents
A kind of Verification System based on dynamic image and authentication method Download PDFInfo
- Publication number
- CN102571341B CN102571341B CN201010621398.2A CN201010621398A CN102571341B CN 102571341 B CN102571341 B CN 102571341B CN 201010621398 A CN201010621398 A CN 201010621398A CN 102571341 B CN102571341 B CN 102571341B
- Authority
- CN
- China
- Prior art keywords
- dynamic image
- server
- random sequence
- task descriptor
- user terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention provides a kind of Verification System based on dynamic image and authentication method.Should comprise based on the Verification System of dynamic image: encryption equipment, and random sequence, random sequence ciphertext and one-to-one relationship were sent to dynamic image generator and password position information are carried out to parsing acquisition password; Dynamic image generator, generates task descriptor and sends dynamic image and task descriptor to first server; First server, for by dynamic image and task descriptor to user terminal; User terminal, for sending password position information and task descriptor to second server; And second server, for obtaining random sequence ciphertext from image composer, and obtain cryptographic secret from encryption equipment.System and method of the present invention is while guarantee fail safe, and cost is lower and easy to use.
Description
Technical field
The present invention relates to Verification System, particularly relate to the remote authentication method based on dynamic image.
Background technology
Due to the develop rapidly of the industries such as bank, traffic, network, communication, information security has penetrated into the various aspects of people's daily life and field involved by information security is also more and more wider.Difficulty and the importance of information security are also more and more outstanding.Identity authentication as the core technology of information security industry, just more and more by people are paid attention to.Usual image authentication code and information safety devices carry out identity authentication.
Image authentication code is the image that a width contains character or numeral, and the character in this image or data usually, under the identifiable prerequisite of guarantee human vision, are twisted or add some noises, to increase the difficulty of automatic program identification.When utilizing image authentication code to carry out identity identification, system can require that user answers and show which word or character in this image, when system is correctly answered, is defined as certification and passes through, otherwise do not pass through.
For image authentication code, malicious user can be agreed to pull whole identifying code image containing alphabet by machine program very much, then crack means by character separation etc., extract alphabet from background noise, thus picture identifying code of publishing picture can be cracked.Therefore, the risk be cracked is comparatively large, and fail safe is not high.
Information safety devices (being such as USB Key, time dynamic password generator) is connected with computer by the data communication interface of computer, and has secret generating function, can safe storage key, preset cryptographic algorithm.The computing that information safety devices is relevant to key allows in device inside completely, and intelligent key apparatus has the feature of attack resistance, and fail safe is higher.But the usual cost of information safety devices is higher, and user needs to carry with, and uses and comparatively bothers.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of Verification System based on dynamic image and authentication method, while guarantee fail safe, cost is lower and easy to use.
To achieve these goals, the invention provides a kind of Verification System based on dynamic image, described Verification System comprises:
Encryption equipment, it is configured to respond the dynamic image coming from dynamic image generator and generates request and generate the random sequence that there is one-to-one relationship with keying sequence and to be encrypted it according to the first cryptographic algorithm and generate random sequence ciphertext, random sequence, random sequence ciphertext and one-to-one relationship are sent to dynamic image generator, and according to the first cryptographic algorithm, random sequence ciphertext and one-to-one relationship to password position information carry out parsing obtain password and according to the second cryptographic algorithm to its be encrypted generate and send cryptographic secret to second server;
Dynamic image generator, it is configured to generate request in response to the dynamic image from first server and generates task descriptor and dynamic image is generated request forward to encryption equipment, the random sequence ciphertext from encryption equipment is stored in conjunction with task descriptor, generate the dynamic image comprising random sequence, keying sequence and both one-to-one relationships, transmission dynamic image and task descriptor are to first server;
First server, it is configured to generate and send dynamic image and generates request to dynamic image generator, and the dynamic image received and task descriptor are forwarded to user terminal;
User terminal, it is configured to for sending password position information and task descriptor to second server from first server receiving dynamic image and task descriptor;
Second server, dynamic password position ciphertext is obtained for the task descriptor received from user terminal being sent to image composer, dynamic password position ciphertext is sent encryption equipment together with dynamic password positional information, and obtains cryptographic secret from described encryption equipment.
Preferably, in Verification System of the present invention, described Verification System also comprises transaction processor, wherein
Described second server is further configured to generation and comprises the transaction message of cryptographic secret and transaction data and this transaction message is sent to transaction processor;
Described transaction processor is configured to obtain this transaction message, processes this transaction message, generates and sends transaction message processing result information to second server.
Preferably, in Verification System of the present invention, described second server is further configured to and described transaction message processing result information is forwarded to described user terminal.
Preferably, in Verification System of the present invention, described first cryptographic algorithm is identical with the second cryptographic algorithm.
Preferably, in Verification System of the present invention, described first cryptographic algorithm is different with the second cryptographic algorithm.
The present invention also provides a kind of utilization based on the method for carrying out certification of the Verification System of dynamic image, and described Verification System comprises encryption equipment, dynamic image generator, first server, user terminal and second server, and described authentication method comprises the following steps:
A1, first server generate and send dynamic image and generate request to dynamic image generator;
A2, dynamic image generator generate task descriptor and forward described dynamic image and generate request to encryption equipment;
A3, described encryption equipment generate the random sequence that there is one-to-one relationship with keying sequence and to be encrypted it according to the first cryptographic algorithm and generate random sequence ciphertext, and random sequence, random sequence ciphertext and one-to-one relationship are sent to dynamic image generator;
A4, described dynamic image generator store random sequence ciphertext in conjunction with task descriptor, generate the dynamic image comprising random sequence, keying sequence and both one-to-one relationships;
A5, described dynamic image generator transmission dynamic image and task descriptor are to first server;
Described dynamic image and task descriptor are forwarded to user terminal by A6, first server;
A7, described user terminal receive described dynamic image and task descriptor, and by described user terminal input password position information, password position information and task descriptor are sent to second server by described user terminal;
Task descriptor is sent to dynamic image generator to obtain random sequence ciphertext by A8, described second server, and random sequence ciphertext and password position information are sent to encryption equipment;
A9, described encryption equipment carry out parsing according to the first cryptographic algorithm, random sequence ciphertext and one-to-one relationship to password position information and obtain password and will be sent to second server after password encryption to carry out certification.
Preferably, in authentication method of the present invention, described Verification System also comprises transaction processor, wherein steps A 9 following steps further:
Second server generation comprises the transaction message of cryptographic secret and transaction data and this transaction message is sent to transaction processor;
Transaction processor obtains this transaction message, processes this transaction message, generates and sends transaction message processing result information to second server.
Preferably, in authentication method of the present invention, steps A 9 is following steps further:
Described transaction message processing result information is forwarded to described user terminal by described second server.
Preferably, in authentication method of the present invention, described first cryptographic algorithm is identical with the second cryptographic algorithm.
Preferably, in authentication method of the present invention, described first cryptographic algorithm is different with the second cryptographic algorithm.
Technique effect of the present invention is: while guarantee fail safe, cost is lower and easy to use.
Accompanying drawing explanation
Fig. 1 is the schematic diagram of the Verification System according to embodiment of the present invention;
Fig. 2 is the schematic diagram of the dynamic image according to embodiment of the present invention;
Fig. 3 is the indicative flowchart of the authentication method according to embodiment of the present invention.
Embodiment
Describe the preferred embodiments of the present invention in detail below in conjunction with accompanying drawing, reference number identical in the accompanying drawings represents identical element.
Fig. 1 is the schematic diagram of the Verification System according to embodiment of the present invention.As shown in the figure, this Verification System comprises encryption equipment 10, dynamic image generator 20, first server 30, user terminal 40, second server 50 and transaction processor 60.
Encryption equipment 10, generate request in response to the dynamic image coming from dynamic image generator 20 to generate the random sequence that there is one-to-one relationship with keying sequence and to be encrypted it according to the first cryptographic algorithm and generate random sequence ciphertext, by random sequence, random sequence ciphertext and one-to-one relationship are sent to dynamic image generator 20, and can according to the first cryptographic algorithm, random sequence ciphertext and one-to-one relationship are carried out parsing to the password position information from second server 50 and are obtained password and to be encrypted it according to the second cryptographic algorithm and generate and send cryptographic secret to second server 50,
Dynamic image generator 20 generates request in response to the dynamic image from first server 30 and generates task descriptor and dynamic image generated request forward to encryption equipment 10, the random sequence ciphertext from encryption equipment 10 is stored in conjunction with task descriptor, generate the dynamic image (as shown in Figure 2) comprising random sequence, keying sequence and both one-to-one relationships, transmission dynamic image and task descriptor are to first server 30;
First server 30 generates and sends dynamic image and generates request to dynamic image generator 20, and the dynamic image received from dynamic image generator 20 and task descriptor are forwarded to user terminal 40;
User terminal 40 is from first server 30 receiving dynamic image and task descriptor and send password position information and task descriptor to second server 50;
The task descriptor received from user terminal 40 is sent to image composer 20 and obtains dynamic password position ciphertext by second server 50, dynamic password position ciphertext is sent encryption equipment 10 together with dynamic password positional information thus obtains cryptographic secret from encryption equipment 10, generation comprises the transaction message of cryptographic secret and transaction data and this transaction message is sent to transaction processor 60, and obtains transaction message processing result information from transaction processor 60 and transaction message processing result information is forwarded to user terminal 40.
Transaction processor 60 obtain from second server 50 transaction message, process this transaction message, generate and send transaction message processing result information to second server 50.In view of being the common practise of this area for process transaction message, do not repeat them here herein.
Fig. 1 is only the exemplary embodiment according to the Verification System based on dynamic image of the present invention.Those skilled in the art can also modify to it and not depart from protection scope of the present invention.
Such as, transaction processing system 60 can be omitted.Now, first server 40 compares the password received and the password prestored, if unanimously, then determines that certification is passed through, otherwise is defined as certification and does not pass through, and sends corresponding certification not by message notice user terminal 30.Or after first server 40 receives Crypted password, Crypted password is decrypted.Carry out above-mentioned steps afterwards and carry out certification.
Fig. 2 is the schematic diagram of the dynamic image according to embodiment of the present invention.As shown in the figure, dynamic image generator 10 generates dynamic image as shown in Figure 2, and wherein in fig. 2, upper row is random sequence, and lower row is keying sequence.Although in fig. 2, random sequence and keying sequence are depicted as and comprise identical element, it also can comprise different elements, only needs to there is one-to-one relationship between the two.Such as, one in random sequence and keying sequence is the sequence of numeral " 0-9 ", and another is the sequence of word " zero-nine ".
Exported on user terminal 30 by this dynamic image, user inputs password position information (i.e. the positional information of each corresponding password) by user terminal 30.Such as, password is 927188, and user then inputs password position information 130577.This password position information and task descriptor are sent to first processor and carry out respective handling by first processor, thus parsing draws password.
Fig. 3 is the indicative flowchart of the authentication method according to embodiment of the present invention.
Authentication method of the present invention comprises the following steps:
A1, first server generate and send dynamic image and generate request to dynamic image generator;
A2, dynamic image generator generate task descriptor and forward dynamic image and generate request to encryption equipment;
A3, encryption equipment generate the random sequence that there is one-to-one relationship with keying sequence and to be encrypted it according to the first cryptographic algorithm and generate random sequence ciphertext, and random sequence, random sequence ciphertext and one-to-one relationship are sent to dynamic image generator;
A4, dynamic image generator store random sequence ciphertext in conjunction with task descriptor, generate the dynamic image comprising random sequence, keying sequence and both one-to-one relationships;
A5, dynamic image generator transmission dynamic image and task descriptor are to first server;
Dynamic image and task descriptor are forwarded to user terminal by A6, first server;
A7, user terminal receiving dynamic image and task descriptor, by user terminal input password position information, password position information and task descriptor are sent to second server by user terminal;
Task descriptor is sent to dynamic image generator to obtain random sequence ciphertext by A8, second server, and random sequence ciphertext and password position information are sent to encryption equipment;
A9, encryption equipment carry out parsing according to the first cryptographic algorithm, random sequence ciphertext and one-to-one relationship to password position information and obtain password and will be sent to second server after password encryption to carry out certification.
Steps A 9 is following steps further: second server generation comprises the transaction message of cryptographic secret and transaction data and this transaction message is sent to transaction processor; Transaction processor obtains this transaction message, processes this transaction message, generates and sends transaction message processing result information to second server.Preferably, after second server receives transaction message processing result information, transaction message processing result information is forwarded to user terminal.
In the present invention, the first cryptographic algorithm and the second cryptographic algorithm can be set to identical or different by those skilled in the art according to actual needs.
In the present invention, first server and second server (or user terminal) are separately, can obtain the password position information of random sequence and user's input by Deterministic service device simultaneously, and ensure that wherein steps A 5 and A6 can not on links.
In addition, user and encryption equipment is only had can to obtain the plaintext of PIN.Further ensure the fail safe of data.
In view of these instructions, those of ordinary skill in the art will easily expect other embodiments of the invention, combination and amendment.Therefore, when reading in conjunction with above-mentioned explanation and accompanying drawing, the present invention is only defined by the claims.
Claims (10)
1. based on a Verification System for dynamic image, it is characterized in that, described Verification System comprises:
Encryption equipment, it is configured to respond the dynamic image coming from dynamic image generator and generates request and generate the random sequence that there is one-to-one relationship with keying sequence and to be encrypted it according to the first cryptographic algorithm and generate random sequence ciphertext, by random sequence, random sequence ciphertext and one-to-one relationship are sent to dynamic image generator, and according to the first cryptographic algorithm, random sequence ciphertext and one-to-one relationship are carried out parsing to password position information and are obtained password and be encrypted generating cipher ciphertext according to the second cryptographic algorithm to it, and send cryptographic secret to second server,
Dynamic image generator, it is configured to generate request in response to the dynamic image from first server and generates task descriptor and dynamic image is generated request forward to encryption equipment, the random sequence ciphertext from encryption equipment is stored in conjunction with task descriptor, generate the dynamic image comprising random sequence, keying sequence and both one-to-one relationships, transmission dynamic image and task descriptor are to first server;
First server, it is configured to generate and send dynamic image and generates request to dynamic image generator, and the dynamic image received and task descriptor are forwarded to user terminal;
User terminal, it is configured to for sending password position information and task descriptor to second server from first server receiving dynamic image and task descriptor, and wherein said password position information inputs from described user terminal;
Second server, for the task descriptor received from user terminal being sent to dynamic image generator to obtain random sequence ciphertext, being sent to encryption equipment by random sequence ciphertext, and obtaining cryptographic secret from described encryption equipment together with password position information.
2. Verification System as claimed in claim 1, it is characterized in that, described Verification System also comprises transaction processor, wherein
Described second server is further configured to generation and comprises the transaction message of cryptographic secret and transaction data and this transaction message is sent to transaction processor;
Described transaction processor is configured to obtain this transaction message, processes this transaction message, generates and sends transaction message processing result information to second server.
3. Verification System as claimed in claim 2, it is characterized in that, described second server is further configured to and described transaction message processing result information is forwarded to described user terminal.
4. Verification System as claimed any one in claims 1 to 3, it is characterized in that, described first cryptographic algorithm is identical with the second cryptographic algorithm.
5. Verification System as claimed any one in claims 1 to 3, it is characterized in that, described first cryptographic algorithm is different with the second cryptographic algorithm.
6. utilize the Verification System based on dynamic image to carry out a method for certification, described Verification System comprises encryption equipment, dynamic image generator, first server, user terminal and second server, it is characterized in that, described authentication method comprises the following steps:
A1, first server generate and send dynamic image and generate request to dynamic image generator;
A2, dynamic image generator generate task descriptor and forward described dynamic image and generate request to encryption equipment;
A3, described encryption equipment generate the random sequence that there is one-to-one relationship with keying sequence and to be encrypted it according to the first cryptographic algorithm and generate random sequence ciphertext, and random sequence, random sequence ciphertext and one-to-one relationship are sent to dynamic image generator;
A4, described dynamic image generator store random sequence ciphertext in conjunction with task descriptor, generate the dynamic image comprising random sequence, keying sequence and both one-to-one relationships;
A5, described dynamic image generator transmission dynamic image and task descriptor are to first server;
Described dynamic image and task descriptor are forwarded to user terminal by A6, first server;
A7, described user terminal receive described dynamic image and task descriptor, and by described user terminal input password position information, password position information and task descriptor are sent to second server by described user terminal;
Task descriptor is sent to dynamic image generator to obtain random sequence ciphertext by A8, described second server, and random sequence ciphertext and password position information are sent to encryption equipment;
A9, described encryption equipment carry out parsing according to the first cryptographic algorithm, random sequence ciphertext and one-to-one relationship to password position information and obtain password and will be sent to second server after password encryption to carry out certification.
7. authentication method as claimed in claim 6, it is characterized in that, described Verification System also comprises transaction processor, and wherein steps A 9 is further comprising the steps:
Second server generation comprises the transaction message of cryptographic secret and transaction data and this transaction message is sent to transaction processor;
Transaction processor obtains this transaction message, processes this transaction message, generates and sends transaction message processing result information to second server.
8. authentication method as claimed in claim 7, it is characterized in that, steps A 9 is further comprising the steps:
Described transaction message processing result information is forwarded to described user terminal by described second server.
9. the authentication method according to any one of claim 6 to 8, is characterized in that, described first cryptographic algorithm is identical with the second cryptographic algorithm.
10. the authentication method according to any one of claim 6 to 8, is characterized in that, described first cryptographic algorithm is different with the second cryptographic algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010621398.2A CN102571341B (en) | 2010-12-31 | 2010-12-31 | A kind of Verification System based on dynamic image and authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010621398.2A CN102571341B (en) | 2010-12-31 | 2010-12-31 | A kind of Verification System based on dynamic image and authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102571341A CN102571341A (en) | 2012-07-11 |
| CN102571341B true CN102571341B (en) | 2015-09-16 |
Family
ID=46415883
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010621398.2A Active CN102571341B (en) | 2010-12-31 | 2010-12-31 | A kind of Verification System based on dynamic image and authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102571341B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102801724A (en) * | 2012-08-09 | 2012-11-28 | 长城瑞通(北京)科技有限公司 | Identity authentication method combining graphic image with dynamic password |
| CN106850542A (en) * | 2013-07-08 | 2017-06-13 | 江苏凌空网络股份有限公司 | A kind of method that use bar code image is communicated |
| CN105095701A (en) * | 2014-05-06 | 2015-11-25 | 黄熙镜 | User authentication method and device and terminal equipment |
| CN108563959A (en) * | 2018-04-24 | 2018-09-21 | 努比亚技术有限公司 | File encrypting method, device and computer storage media |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101166091A (en) * | 2006-10-19 | 2008-04-23 | 阿里巴巴公司 | A dynamic password authentication method and service end system |
| CN101577697A (en) * | 2008-05-07 | 2009-11-11 | 深圳市络道科技有限公司 | Authentication method and authentication system for enforced bidirectional dynamic password |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101359035B1 (en) * | 2007-08-13 | 2014-02-06 | 삼성전자주식회사 | Method and apparatus for providing user authentication function in portable communication system |
-
2010
- 2010-12-31 CN CN201010621398.2A patent/CN102571341B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101166091A (en) * | 2006-10-19 | 2008-04-23 | 阿里巴巴公司 | A dynamic password authentication method and service end system |
| CN101577697A (en) * | 2008-05-07 | 2009-11-11 | 深圳市络道科技有限公司 | Authentication method and authentication system for enforced bidirectional dynamic password |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102571341A (en) | 2012-07-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101897165B (en) | Method of authentication of users in data processing systems | |
| CN103440444B (en) | The signing method of electronic contract | |
| EP3324572B1 (en) | Information transmission method and mobile device | |
| CN104579649B (en) | Personal identification method and system | |
| CN109067801A (en) | A kind of identity identifying method, identification authentication system and computer-readable medium | |
| CN103905204B (en) | The transmission method and Transmission system of data | |
| CN105812366B (en) | Server, anti-crawler system and anti-crawler verification method | |
| CN104322003B (en) | Cryptographic authentication and identification method using real-time encryption | |
| CN105427099A (en) | Network authentication method for secure electronic transactions | |
| CN106330850A (en) | Biological characteristic-based security verification method, client and server | |
| US10147092B2 (en) | System and method for signing and authenticating secure transactions through a communications network | |
| CN107592308A (en) | A kind of two server multiple-factor authentication method towards mobile payment scene | |
| CN101292496A (en) | Method and devices for carrying out cryptographic operations in a client-server network | |
| CN104486087B (en) | A kind of digital signature method based on remote hardware security module | |
| CN101420302A (en) | Safe identification method and device | |
| CN106453361A (en) | A safety protection method and system for network information | |
| JP2009272671A (en) | Secret authentication system | |
| CN104820814A (en) | Second-generation ID card anti-counterfeiting verification system | |
| CN102739403A (en) | Identity authentication method and device for dynamic token | |
| CN107465649A (en) | Control method of electronic device, terminal and control system | |
| CN110505055A (en) | Based on unsymmetrical key pond to and key card outer net access identity authentication method and system | |
| CN108401494B (en) | Method and system for transmitting data | |
| CN102468962A (en) | Method for personal identity authentication utilizing a personal cryptographic device | |
| CN111262852B (en) | Business card signing and issuing method and system based on block chain | |
| CN102571341B (en) | A kind of Verification System based on dynamic image and authentication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |