CN103780399A - Timed user authentication method - Google Patents
Timed user authentication method Download PDFInfo
- Publication number
- CN103780399A CN103780399A CN201410078200.9A CN201410078200A CN103780399A CN 103780399 A CN103780399 A CN 103780399A CN 201410078200 A CN201410078200 A CN 201410078200A CN 103780399 A CN103780399 A CN 103780399A
- Authority
- CN
- China
- Prior art keywords
- user
- content
- prompting thing
- password
- thing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a user authentication method. The user authentication method is characterized in that firstly, a user can set an own password rule subjectively and initiatively so that the own password rule of the user is different, and secondly, a specific reminder is needed for logging in every time; and the two characteristics of the user authentication method effectively prevents passwords from being stolen by Trojans and also from being cracked by guessing by other people or by violence. Obviously, the new password authentication technology has high-strength protection capability and is applicable to various fields requiring security authentication.
Description
Technical field
The present invention relates to informationization technology and safety certification field, be specifically related to a kind of user authen method.
Background technology
Along with popularizing of informationization technology, people's life be unable to do without password everywhere, computer login, webpage login, software login and bank account all need password, so, the password quantity that individual grasps is more and more, is inconvenient to remember and manage, and along with the upgrading of development and the unlawful means of hacking technique, traditional cipher verification technique is relatively backward, is easily stolen utilization by lawless person.
Use the method for mobile phone Receipt Validation code to guarantee login security although now have, but this needs user to have mobile phone, region to have mobile phone signal, and at mobile phone signal, bad or people also there will be identifying code forward delay interval in using login platform more, delays user login operation.According to up-to-date science and technology news report, having had illegal molecule sets up " pseudo-base station " and realizes cellphone subscriber's password is tackled, that is to say, even if use mobile phone Receipt Validation code, can not accomplish safety very, and people are often subject to the interference of " fishing website ", once careless, real encrypted message will be revealed, bring about great losses.
Therefore, we need a kind of new cryptographic technique to protect our information security, reach the object of safe and secret, handled easily, convenient memory.
Summary of the invention
In order to address the above problem, the invention provides a kind of user authen method, make people can more safely carry out authentication.
In order to realize goal of the invention, the invention provides following method of operation:
User, in verification process, needs to use prompting thing; The content of described prompting thing can change; User is according to the content change situation of described prompting thing and make common decision of password rule by oneself and when carry out alternately with system, and system authenticates user according to situation alternately.
Described prompting thing can be the suggestion content that system generates, and can be also the equipment that information can be provided to user.
The content of described prompting thing can be numeral, letter, symbol, figure and all can be from the content of visually distinguishing.
The content of described prompting thing can be along with the time changes and changes, and can be also to change after manual operation.
The described password rule of making by oneself can be arranged by User Defined, can design the password rule different from other users.
The described password rule of making by oneself must arrange in conjunction with described prompting thing.
User sends when mutual system, system acquisition now described prompting thing content and authenticate in conjunction with user's the password rule of making by oneself.
This identity identifying method, requiring user to carry out in particular moment and system alternately could be by system authentication, and in each login process, this mutual moment is not identical, other people are difficult to grasp user's the login moment, therefore, this authentication mode can effectively stop other people illegal login system.
In sum, this method has realized extraordinary safety certification, is applicable to being very much applied to various system safety checkings.
[accompanying drawing explanation]
The picture that the explanation of this accompanying drawing provides, for auxiliary a further understanding of the present invention, forms the application's a part, does not form inappropriate limitation of the present invention, in the accompanying drawings:
Fig. 1 is case one login interface
Fig. 2 is that the password of case one and case two arranges interface
Fig. 3 is case two login interfaces
Fig. 4 is autocue
[embodiment]
In the present invention, need to use prompting thing, prompting thing can have various ways, two kinds of typical prompting things is illustrated to implementation method to everybody respectively below.
Case study on implementation one (virtual prompting thing):
Prompting thing is the variation chart that system generates, as shown in Figure 1, A table and B table are exactly the prompting thing that system generates, wherein, numeral in A, two forms of B is system is processed rear generation numeral to the time: the numeral in A form changed once every 10 seconds, the corresponding specific numeral of special time; Numeral in B form is generated at random by system at first, then in each numeral, increases progressively 1 every 1 second, when numeral is incremented to while being greater than 9, becomes 0, so iterative cycles.This prompting thing can be realized by programming, result of variations is presented on to login interface and checks for user.
Password rule arranges:
Except common password is set, user also will set a rule, in the time that user logins, just need to determine correct login time node in conjunction with prompting thing by this rule, and this rule is exactly to make password rule by oneself.
In Fig. 2, user in conjunction with prompting thing set rule: first choose A table the 1 lattice, then choose B table the 2 lattice, then below input computing formula, rule implication is: be multiplied by 2 unitss that add again 1 result if the second lattice numeral of B table equals numeral in A table the first lattice, rule is set up so.Can find out, user can freely customize unlimited kind rule, and fail safe is very high.
Operating procedure and authentication principles:
User opens login interface, system log (SYSLOG) time t1, and user estimates the variation of prompting thing, when prompting thing changes to that time that meets user and make by oneself password rule, i.e. correct login time node, user clicks login button immediately.User clicks after login button, the click time, t2 was submitted to system together with user name, password, system is authentication of users name and password first, and then read user according to user name make password rule by oneself, then calculate A, B according to t1 and t2 and show the numeral that should occur, more corresponding numeral is updated to making by oneself in password rule of user, if rule is set up, an authentication success so, otherwise authentification failure!
Example explains orally:
At the login interface of Fig. 1, according to user's rule, read the numeral " 1 " in A form the 1st lattice, substitution formula " A*2+1 " again, result of calculation is exactly " 3 ", before numeral in A table does not change so, if when B table the 2 lattice numerals become " 3 ", user will click login button at once.If user has missed the current time because of carelessness, with regard to after waiting numeral in A table to change, again calculate the numeral that B table should be corresponding so, correct logining when digital appears in B table again again by the time.
Case study on implementation two (entity prompting thing):
Prompting thing is autocue, and as shown in Figure 4, its effect is exactly the B table that replaces case a kind of.Its operation principle is identical with case one, just slightly different in method of operation.
Example explains orally:
As shown in Figure 3, login interface has removed B table, changes the autocue of being held by user and replaces.User, after login interface input username and password, presses the switch of autocue, demonstrates numeral (Fig. 4) on autocue screen, and the 2nd bit digital in Fig. 4 is just equivalent to the numeral in the 2nd lattice of a kind of B table of case.In the time that this numeral becomes " 3 ", user clicks login button, and system starts authentication.
Can be found out by above-mentioned two cases, user is except inputting correct username and password, between also will pinching on time, click login button, evening, login all can be rejected login too early or excessively, and each timing node is also different, the people who does not know user cipher rule cannot hold login time node accurately, thereby provides again one deck guarantee for secure log.
Except two above-mentioned cases, can also there is the prompting thing of multiple version, can make according to demand in actual applications variation, but its cardinal principle is all the same, be all user to be logined to the moment limit.
More than describe preferred embodiment of the present invention in detail, should be appreciated that the ordinary skill of this area just can design according to the present invention be made many modifications and variations without creative work.Therefore, all technical staff in the art according to the present invention design on prior art basis by logic analysis, reasoning or according to the available technical scheme of limited experiment, all should have among the determined protection range of these claims.
Claims (7)
1. a user authen method, is characterized in that, comprising: user, in verification process, needs to use prompting thing; The content of described prompting thing can change; User is according to the content change situation of described prompting thing and make common decision of password rule by oneself and when carry out alternately with system, and system authenticates user according to situation alternately.
2. a kind of user authen method according to claim 1, is characterized in that: described prompting thing can be the suggestion content that system generates, and can be also the equipment that information can be provided to user.
3. a kind of user authen method according to claim 1, is characterized in that: the content of described prompting thing can be numeral, letter, symbol, figure and all can be from the content of visually distinguishing.
4. a kind of user authen method according to claim 1, is characterized in that: the content of described prompting thing can be along with the time changes and changes, and can be also to change after manual operation.
5. a kind of user authen method according to claim 1, is characterized in that: described in make password rule by oneself and can be arranged by User Defined, can design the password rule different from other users.
6. a kind of user authen method according to claim 1, is characterized in that: described in make password rule by oneself and must arrange in conjunction with described prompting thing.
7. a kind of user authen method according to claim 1, is characterized in that: user sends when mutual system, system acquisition now described prompting thing content and authenticate in conjunction with user's the password rule of making by oneself.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410078200.9A CN103780399A (en) | 2014-03-05 | 2014-03-05 | Timed user authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410078200.9A CN103780399A (en) | 2014-03-05 | 2014-03-05 | Timed user authentication method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103780399A true CN103780399A (en) | 2014-05-07 |
Family
ID=50572273
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410078200.9A Pending CN103780399A (en) | 2014-03-05 | 2014-03-05 | Timed user authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103780399A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106101099A (en) * | 2016-06-13 | 2016-11-09 | 无锡天脉聚源传媒科技有限公司 | A kind of login validation method and device |
-
2014
- 2014-03-05 CN CN201410078200.9A patent/CN103780399A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106101099A (en) * | 2016-06-13 | 2016-11-09 | 无锡天脉聚源传媒科技有限公司 | A kind of login validation method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10574648B2 (en) | Methods and systems for user authentication | |
| Grosse et al. | Authentication at scale | |
| US8510816B2 (en) | Security device provisioning | |
| US20190305955A1 (en) | Push notification authentication | |
| US20180254904A1 (en) | Integrated authentication system for authentication using single-use random numbers | |
| Archana et al. | Survey on usable and secure two-factor authentication | |
| US20140304510A1 (en) | Secure authentication system with automatic cancellation of fraudulent operations | |
| Quermann et al. | The state of user authentication in the wild | |
| Jadhao et al. | Survey on authentication password techniques | |
| Sain et al. | A survey on the security in cyber physical system with multi-factor authentication | |
| Shaju et al. | BISC authentication algorithm: An efficient new authentication algorithm using three factor authentication for mobile banking | |
| Singh et al. | A 3-level multifactor Authentication scheme for cloud computing | |
| RU2730386C2 (en) | Authentication and encryption system and method with interception protection | |
| Singhal et al. | Software tokens based two factor authentication scheme | |
| Mehraj et al. | Contemplation of effective security measures in access management from adoptability perspective | |
| CN105590044A (en) | Information authentication method and apparatus | |
| Choksi | Comparative study on authentication schemes for cloud computing | |
| Zhao et al. | Asynchronous challenge-response authentication solution based on smart card in cloud environment | |
| CN103780399A (en) | Timed user authentication method | |
| Mohammed et al. | Password-based Authentication in Computer Security: Why is it still there | |
| Eldow et al. | Literature review of authentication layer for public cloud computing: a meta-analysis | |
| Kim et al. | Biometric authentication technology trends in smart device environment | |
| CN106713214A (en) | Method and system for carrying out identity authentication among multiple authorization systems | |
| KR20150104667A (en) | Authentication method | |
| Balilo et al. | Design of physical authentication based on OTP KeyPad |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140507 |
|
| WD01 | Invention patent application deemed withdrawn after publication |