CN103840940A - Method for achieving database information authentication through IC - Google Patents
Method for achieving database information authentication through IC Download PDFInfo
- Publication number
- CN103840940A CN103840940A CN201210504417.2A CN201210504417A CN103840940A CN 103840940 A CN103840940 A CN 103840940A CN 201210504417 A CN201210504417 A CN 201210504417A CN 103840940 A CN103840940 A CN 103840940A
- Authority
- CN
- China
- Prior art keywords
- authentication
- password
- database
- user
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a method for achieving database information authentication through an IC and relates to practical application of the IC authentication technology in the public security traffic industry. By encrypting and storing information including a user name, passwords, a database address, a database user and passwords in the IC, when starting up, a starting system firstly reads the database information in the IC to be connected with a database and then reads the user name and the passwords after being connected with the database to submit the user name and the passwords to perform authentication. Login is achieved only after the authentication succeeds.
Description
Technical field
The present invention relates to the practical application of IC-card authenticating identity authentication techniques in public security traffic control industry, by the information encryptions such as database address, database user and password are stored in IC-card, first the database information reading in IC at startup service system comes connection data storehouse, after successful connection, at input username and password, submit to and do authentication.Be proved to be successful the system of being allowed for access afterwards.
Background technology
In information system, also substantially can be divided into these three kinds to user's authentication means, only be referred to as single-factor certification by the identity that meets to prove a people of a condition, owing to only using a kind of condition judgment user's identity easily by counterfeit, the identity that can prove by combining two kinds of different conditions a people, is referred to as double factor authentication.
Identity identifying technology, from whether using hardware can be divided into software authentication and hardware identification, needs the condition of checking from certification, can be divided into single-factor certification and double factor authentication.From authentication information, can be divided into static certification and dynamic authentication.The development of identity identifying technology, has experienced from software authentication to hardware identification, authenticates to double factor authentication from single-factor, authenticates to the process of dynamic authentication from static state.In computer and network system, conventional identification authentication mode mainly contains following several now:
1, usemame/password mode
Usemame/password is to be the most also the most frequently used identity identifying method, and it is the checking means based on " what you know ".Each user's password is set by this user oneself, only has him just to know by oneself, as long as therefore can correctly input password, computer just thinks that he is exactly this user.But in fact, because many users forget Password in order to prevent, often adopt such as own or household's birthday, telephone number etc. and easily guessed that by other people the significant character string arriving is as password, or password is copied at one and oneself thought safe place, this all exists many potential safety hazards, very easily causes password to reveal.Enable to ensure that user cipher is not leaked, because password is static data, and need in calculator memory He in network, transmit in proof procedure, and the authorization information that each proof procedure uses is all identical, the audiomonitor that is easy to reside in trojan horse program or the network in calculator memory is intercepted and captured.Therefore usemame/password mode is a kind of is the identification authentication mode being absolutely unsafe.There is no that any fail safe can say.
2, IC-card certification
IC-card is a kind of card of built-in integrated circuit, has the data relevant to user identity in card, and IC-card by special device fabrication, can be thought not reproducible hardware by special manufacturer.IC-card is carried by validated user, IC-card must be inserted to special card reader and read information wherein, with the identity of authentication of users when login.IC-card certification is the means based on " what you have ", ensures that by IC-card hardware is not reproducible user identity can be by not counterfeit.But due to the data that at every turn read from IC-card or static, scan or the technology such as network monitoring is still easy to be truncated to user's authentication information by internal memory.Therefore still there is basic potential safety hazard in the mode of static checking.
3, dynamic password
Dynamic password technology be a kind of user's of allowing password according to time or the continuous dynamic change of access times, each password is expendable technology only.It adopts a kind of specialized hardware that is referred to as dynamic token, built-in power, password generating chip and display screen, and password generating chip moves special cryptographic algorithm, generates current password and is presented on display screen according to current time or access times.Certificate server adopts identical algorithm to calculate current valid password.When using, user only need to, by the current password input client computer showing on dynamic token, can realize the confirmation of identity.Because the password of each use must be produced by dynamic token, only have validated user just to hold this hardware, so need only password authentification by just thinking that this user's identity is reliable.And the each password using of user is not identical, even if hacker has intercepted and captured password one time, also cannot utilize this password to carry out the identity of counterfeit validated user.
Dynamic password technology adopts the method for one-time pad, has effectively ensured the fail safe of user identity.If but client hardware can not keep good synchronizeing with time or the number of times of server, and the problem that validated user cannot log in just may occur.And when user logins, also need to input a lot of irregular password by keyboard at every turn, will redo once misunderstand or input by mistake, user's use is very inconvenient.
4, biological characteristic authentication
Biological characteristic authentication refers to the technology that adopts everyone unique biological characteristic to carry out identifying user identity.Common are fingerprint recognition, iris recognition etc.In theory, biological characteristic authentication is the most reliable identification authentication mode, because its direct end user's physical features represents everyone digital identity, it is negligible that different people has the possibility of identical biological characteristic, therefore hardly may be by counterfeit.
Biological characteristic authentication, based on biometrics identification technology, is subject to the impact of biometrics identification technology maturity till now, adopts biological characteristic authentication also to have larger limitation.First, the Stability and veracity of living things feature recognition need to improve, if particularly user's body is subject to the impact of sick and wounded or spot, often causes normally identifying the situation that causes validated user to log in.Secondly, because research and development drop into large and output is less, the cost of biological characteristic authentication system is very high, is only suitable at present in the very high occasion of some security requirements, as the use such as bank, army, also cannot accomplishing spread.
5, USB Key certification
Identification authentication mode based on USB Key is a kind of convenience growing up in recent years, safe, economic identity identifying technology, its adopts the combine double strong factor certification mode of one-time pad of software and hardware, has solved well the contradiction between fail safe and ease for use.USB Key is a kind of hardware device of USB interface, and its built-in single-chip microcomputer or intelligent card chip can be stored user's key or digital certificate, utilizes the built-in cryptographic algorithm of USB Key to realize the certification to user identity.Mainly contain two kinds of application models based on USB Key identity authorization system: the one, based on impact/corresponding certification mode, the 2nd, based on the certification mode of PKI system.
Based on above elaboration, because this project is Fare Collection System, general region municipal public security bureau's vehicle management institute business set-fee of a year is generally all at several ten million yuan greatly, the safety of system is even more important, so this project is selected usemame/password authentication techniques and the set of USB Key authentication techniques, the fail safe that has greatly improved system.
Summary of the invention
The object of the invention is to: on the basis of general IC-card Identity Authentication Mode, database relevant information is also stored in IC, first system can connect different databases according to different IC subscriber card and then carry out authentication, has so both strengthened the flexibility that the fail safe of system has also improved system.The present invention has expanded IC-card Identity Authentication Mode.
Embodiment
Embodiment mono-
Interface system is examined in stake, this system adopts the development mode of C/S, mainly in this area, each examination hall is used, because native system place to use is many, environment for use complexity, adopts IC-card authentication so taking into account system fail safe is determined, considers that system database password may often need amendment, determine and the relevant information of database is also kept in IC-card, while use, system is obtained the relevant information of database dynamically from IC-card at every turn simultaneously.
The process of the present embodiment is:
First in the time of the write operation person's IC-card information of backstage, database address, user are write into together with password simultaneously.
Secondly when client operation person inserts after IC-card login system, the database information that first system reads in IC comes connection data storehouse, after successful connection, at the username and password reading in IC-card, submits to and does authentication.Be proved to be successful the system of being allowed for access afterwards.
Claims (1)
1. on the basis of general IC-card Identity Authentication Mode, database relevant information is also stored in IC, first system can connect different databases according to different IC subscriber card and then carry out authentication, has so both strengthened the flexibility that the fail safe of system has also improved system.The present invention has expanded IC-card Identity Authentication Mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210504417.2A CN103840940A (en) | 2012-11-27 | 2012-11-27 | Method for achieving database information authentication through IC |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210504417.2A CN103840940A (en) | 2012-11-27 | 2012-11-27 | Method for achieving database information authentication through IC |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103840940A true CN103840940A (en) | 2014-06-04 |
Family
ID=50804109
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210504417.2A Pending CN103840940A (en) | 2012-11-27 | 2012-11-27 | Method for achieving database information authentication through IC |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103840940A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104426666A (en) * | 2013-09-06 | 2015-03-18 | 镇江精英软件科技有限公司 | Method for realizing user information verification of management system by IC (integrated circuit) board |
-
2012
- 2012-11-27 CN CN201210504417.2A patent/CN103840940A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104426666A (en) * | 2013-09-06 | 2015-03-18 | 镇江精英软件科技有限公司 | Method for realizing user information verification of management system by IC (integrated circuit) board |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109951489B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
| US10142324B2 (en) | Method for reading attributes from an ID token | |
| CN106549920B (en) | Login information input method, login information storage method and related device | |
| WO2017000829A1 (en) | Method for checking security based on biological features, client and server | |
| JP4420201B2 (en) | Authentication method using hardware token, hardware token, computer apparatus, and program | |
| US20080120698A1 (en) | Systems and methods for authenticating a device | |
| US20080120707A1 (en) | Systems and methods for authenticating a device by a centralized data server | |
| CN107294721A (en) | The method and apparatus of identity registration, certification based on biological characteristic | |
| CN102456102A (en) | Method for carrying out identity recertification on particular operation of information system by using Usb key technology | |
| JP2012530311A (en) | How to log into a mobile radio network | |
| CN107231331A (en) | Obtain, issue the implementation method and device of electronic certificate | |
| CN108965222A (en) | Identity identifying method, system and computer readable storage medium | |
| CN111131202A (en) | Identity authentication method and system based on multiple information authentication | |
| CN106789059A (en) | A kind of long-range two-way access control system and method based on trust computing | |
| US10482225B1 (en) | Method of authorization dialog organizing | |
| Singhal et al. | Software tokens based two factor authentication scheme | |
| US9977886B2 (en) | Methods, apparatus and computer programs for entity authentication | |
| WO2021244471A1 (en) | Real-name authentication method and device | |
| Yohan et al. | Dynamic multi-factor authentication for smartphone | |
| CN103049686A (en) | Method for verifying information of database and user through universal serial bus (Usb) key | |
| Iyanda et al. | Development of two-factor authentication login system using dynamic password with SMS verification | |
| CN102457484A (en) | Method for checking user information by combining user name/password authentication and check code | |
| CN102045165A (en) | Method for implementing database and user information verification by using IC card | |
| CN103840940A (en) | Method for achieving database information authentication through IC | |
| Singh | Multi-factor authentication and their approaches |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140604 |