CN105871546A - Verification method combining static password and dynamic password and terminal equipment - Google Patents

Verification method combining static password and dynamic password and terminal equipment Download PDF

Info

Publication number
CN105871546A
CN105871546A CN201610392886.8A CN201610392886A CN105871546A CN 105871546 A CN105871546 A CN 105871546A CN 201610392886 A CN201610392886 A CN 201610392886A CN 105871546 A CN105871546 A CN 105871546A
Authority
CN
China
Prior art keywords
password
dynamic password
dynamic
static
user
Prior art date
Application number
CN201610392886.8A
Other languages
Chinese (zh)
Inventor
张雪莱
Original Assignee
张雪莱
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 张雪莱 filed Critical 张雪莱
Priority to CN201610392886.8A priority Critical patent/CN105871546A/en
Publication of CN105871546A publication Critical patent/CN105871546A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communication using a plurality of keys or algorithms

Abstract

The invention relates to a dynamic password verification method, which is characterized in that a password input by a user includes two parts of characters including static characters and dynamic characters; a dynamic password calculation method is appointed by the user in advance during account creating or setting; the calculation method uses variable data such as use date to obtain the dynamic password used for verification through single conversion; when password verification is needed, the user inputs the static password and the dynamic password obtained through simple calculation on the terminal equipment or the client software interface; or a character string obtained by using the dynamic password and the static password is used for submitting the verification; the terminal equipment or the client software decomposes the obtained input into the static password and the dynamic password character strings, or the dynamic password is used for decrypting the input character string to obtain the static password; a server compares the received encrypted static password with the prestored user password; if required, the received dynamic password is compared with the character string obtained according to the identical algorithm; whether the verification can be passed or not is judged.

Description

Verification method that a kind of static password is combined with dynamic password and terminal unit

Technical field

The present invention relates to a kind of method of password authentication and corresponding terminal unit, it is adaptable to software client or operating system log in and fiscard disappears Expense etc. needs the application of code authentication.

Background technology

Generally we use fixing static password when logging in software account or use bank card.If static password is illegally accessed and malice just uses Huge loss can be caused.Currently used bank card can be suitable by replicating magnetic stripe, snooping password and refitted vehicles POS record magnetic stripe and button Sequence is decoded and steals brush.Dynamic password is the scheme of the safety promoting system further, and traditional dynamic password relies on extra scrambler etc. independently to set Standby or through approach transmission such as SMSs, independent encryption device is relatively costly, and short message password still has the risk intercepted and captured by Trojan software.

Summary of the invention

The technical problem to be solved is the cryptographic system of the safety designing a kind of low cost.

Technical scheme provided by the present invention is: use the scheme that static password is combined with dynamic password, and dynamic password uses between user and authentication The character that numeral in consentient variable data, such as current time of day and this dealing money and current page ad-hoc location show, passes through The simple transformation such as four arithmetic operation place-exchange obtain.So advantage of design is that password is easily remembered, dynamic password need not extras, password Calculating parameter need not transmit between a client and a server because of without being intercepted and captured by illegal software with algorithm;Be combined with static password and make system liter Level is simple steadily;If the peep of cipher or stolen without worry account by illegal software intercepting and capturing of input during certain checking.

Detailed description of the invention

The dynamic password needs that this programme relates to are assignment algorithm when creating or arranging account, it is provided that multiple computing formula selects for user, such as (being not limited to) provides the operator between 2 to 3 optional variablees and variable, and each variable can be month, date, time, week Numeral and former positions of the amount of money of this transaction or the inverted order of above-mentioned several variable, it is also possible to be certain fixed value or current page ad-hoc location The character of display.If needing to limit the figure place of dynamic password, also setting and blocking or the strategy of cover.Assume certain user setup dynamic password formula For: the inverted order+32 of current month+current date, current date is 05 month 09 day, then the dynamic password generated is: 05+90+32=127, if Limit Password Length as 2 and take latter two, then password position 27.

The password of user's input is combined into by static password and dynamic password.Static password can be unified with whole system with the built-up sequence of dynamic password Regulation, it is also possible to set by user oneself.The 2nd 3rd of such as password is dynamic password;Or first 6 is static password, latter 2 are State password.The static password assuming user is 123456, and this dynamic password to be used of concluding the business is 78, and the front two of agreement password is the closeest Code, then the password of this secondary input is 78123456.

When needing to verify password, user inputs static password and the dynamic password formed through simple computation on terminal unit or client software interface Combining characters string, submit to checking;The input of acquisition is divided into static password character string and dynamic password character string also by terminal unit or client software It is sent to server authentication respectively after encryption;Server receive encryption static password with the user cipher comparison pre-saved, the encryption received Dynamic password follows the character string comparison drawn according to identical algorithms, only this two strings password to be all consistent just can be by checking.

User can also use and use dynamic password to obtain the password string of this secondary input as the method for key encryption static password, this AES by Arranging during user setup account, the general algorithm using step-by-step superposition etc. to be easy to mental arithmetic, terminal unit or client software are transported according to the inverse of AES Calculate deciphering and obtain the static password of server authentication to be sent to.Such as static password is 123456, and this dynamic password used is 21, and encryption is calculated Method be the password that every two superposition dynamic passwords then input be 123456+212121=335577, client subtracts 212121 335577 and obtains 123456 conventionally send server authentication.

Claims (8)

1. a dynamic password authentication method, it is characterised in that the password of user's input comprises static and dynamic two parts character, Yong Hu Create or arrange account's current events and first arrange the computational methods that a few positions of password are dynamic password and dynamic password, these computational methods The numeral that uses between user and authentication in consentient variable data, such as current time of day and this dealing money or work as The character of ad-hoc location on the front page, the dynamic password used when the simple transformation such as four arithmetic operation place-exchange are verified; When needing to verify password, user inputs static password and through simple computation formation on terminal unit or client software interface Dynamic password, submits checking to;The input of acquisition is divided into static password character string and dynamic password by terminal unit or client software It is sent to server authentication after character string respectively encryption;Server is close with the user pre-saved the encryption static password received Code comparison, follows the character string comparison drawn according to identical algorithms, only this two strings password to be all consistent the encryption dynamic password received Just can be by checking.
2. the dynamic password authentication method as described in claim 1, it is characterised in that as a kind of reduction procedure, dynamic password is not Through encrypting step.
3. using a bank card POS machine for dynamic password authentication method described in claim 1 or 2, it is characterized in that can be disposable Input static password and the combining characters string of dynamic password, and isolate dynamic password part and static password part, according to service The security requirements of device side uploads the message data of two passwords of checking.
4. use a bank card POS machine for dynamic password authentication method described in claim 1 or 2, it is characterized in that first inputting Static password or dynamic password character string, upload checking data according to the security requirements of server side, then according to server side Further requirement in response message, it is desirable to user inputs another password and uploads checking.
5. one kind uses the software client of dynamic password authentication method login described in claim 1 or 2, Web page or operation system System.
6. a dynamic password authentication method, it is characterised in that the password of user's input is close with dynamic password for the static state that key is encrypted Code, user is creating or is arranging account's current events and first arrange source and arrangement, the computational methods of conversion of dynamic password, arranging simultaneously Dynamic password is used to use consentient change between user and authentication as the algorithm of key simple encryption static password, this source Numeral in amount data, such as current time of day and this dealing money or the display character of current page ad-hoc location, pass through The dynamic password used when the simple transformation of the computational methods of definition is verified;When needing to verify password, user is at terminal unit Or input, through the static password of the simple encryption using dynamic password as key, submits checking on client software interface;Terminal The input obtained is utilized the dynamic password obtaining this transaction use according to usersaccount information in advance to make by equipment or client software It is sent to server authentication after encrypting according to the security requirements of server software after obtaining static password character string for secret key decryption;Clothes Business device is consistent, with the user cipher ciphertext comparison pre-saved, such as two string passwords, the static password ciphertext received then by checking.
7. use a bank card POS machine for dynamic password authentication method described in claim 6, it is characterized in that obtaining when swiping the card being somebody's turn to do The dynamic password that this transaction of user is to be used, during checking password, the password deciphering to user's input obtains static password character string, And upload checking data according to the security requirements of server side.
8. one kind uses software client, Web page or the operating system that dynamic password authentication method described in claim 6 logs in.
CN201610392886.8A 2016-05-24 2016-05-24 Verification method combining static password and dynamic password and terminal equipment CN105871546A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610392886.8A CN105871546A (en) 2016-05-24 2016-05-24 Verification method combining static password and dynamic password and terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610392886.8A CN105871546A (en) 2016-05-24 2016-05-24 Verification method combining static password and dynamic password and terminal equipment

Publications (1)

Publication Number Publication Date
CN105871546A true CN105871546A (en) 2016-08-17

Family

ID=56676853

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610392886.8A CN105871546A (en) 2016-05-24 2016-05-24 Verification method combining static password and dynamic password and terminal equipment

Country Status (1)

Country Link
CN (1) CN105871546A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106341229A (en) * 2016-11-03 2017-01-18 北京挖玖电子商务有限公司 Client and method therefor
CN107292161A (en) * 2017-06-27 2017-10-24 姚新波 A kind of composing method of variable fingerprint digital dynamic password
CN108279589A (en) * 2017-12-11 2018-07-13 广州朔月电子科技有限公司 A kind of programmed method, system and the device of heat pump liquid-crystal controller
CN108462571A (en) * 2017-02-20 2018-08-28 申彦伦 A method of generating Crypted password using dynamic digital

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101425118A (en) * 2007-10-28 2009-05-06 徐强 Dynamic password generating method
CN101166091B (en) * 2006-10-19 2010-08-11 阿里巴巴集团控股有限公司 A dynamic password authentication method and service end system
CN101800644A (en) * 2010-01-11 2010-08-11 上海众烁信息科技有限公司 Computer security protection system and method based on dynamic countersign
CN103268669A (en) * 2013-05-20 2013-08-28 广州广电运通金融电子股份有限公司 Password input system and input method for self-service financial device
CN103607274A (en) * 2013-10-22 2014-02-26 周灿旭 Method adopting static passwords as source to generate dynamic passwords
CN105337729A (en) * 2015-11-19 2016-02-17 广东欧珀移动通信有限公司 Encryption method and device of mobile terminal and mobile terminal

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101166091B (en) * 2006-10-19 2010-08-11 阿里巴巴集团控股有限公司 A dynamic password authentication method and service end system
CN101425118A (en) * 2007-10-28 2009-05-06 徐强 Dynamic password generating method
CN101800644A (en) * 2010-01-11 2010-08-11 上海众烁信息科技有限公司 Computer security protection system and method based on dynamic countersign
CN103268669A (en) * 2013-05-20 2013-08-28 广州广电运通金融电子股份有限公司 Password input system and input method for self-service financial device
CN103607274A (en) * 2013-10-22 2014-02-26 周灿旭 Method adopting static passwords as source to generate dynamic passwords
CN105337729A (en) * 2015-11-19 2016-02-17 广东欧珀移动通信有限公司 Encryption method and device of mobile terminal and mobile terminal

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106341229A (en) * 2016-11-03 2017-01-18 北京挖玖电子商务有限公司 Client and method therefor
CN108462571A (en) * 2017-02-20 2018-08-28 申彦伦 A method of generating Crypted password using dynamic digital
CN108462571B (en) * 2017-02-20 2020-10-02 申彦伦 Method for generating encrypted password by using dynamic number
CN107292161A (en) * 2017-06-27 2017-10-24 姚新波 A kind of composing method of variable fingerprint digital dynamic password
CN108279589A (en) * 2017-12-11 2018-07-13 广州朔月电子科技有限公司 A kind of programmed method, system and the device of heat pump liquid-crystal controller

Similar Documents

Publication Publication Date Title
US10389533B2 (en) Methods for secure cryptogram generation
US20190364032A1 (en) Method for carrying out a two-factor authentication
US10666428B2 (en) Efficient methods for protecting identity in authenticated transmissions
US20200021441A1 (en) Methods for secure credential provisioning
CN103701609B (en) A kind of server and the method and system operating terminal two-way authentication
US20180144114A1 (en) Securing Blockchain Transactions Against Cyberattacks
CN104094270B (en) User certificate is protected for computing device
US10419416B2 (en) Encryption and decryption techniques using shuffle function
US8850218B2 (en) OTP generation using a camouflaged key
US10516536B2 (en) Method and apparatus for logging into medical devices
CN102075522B (en) Secure certification and transaction method with combination of digital certificate and one-time password
CN103685282B (en) A kind of identity identifying method based on single-sign-on
JP5165982B2 (en) Method, system, and storage medium storing computer program for providing mutual authentication for radio frequency identification (RFID) security
CN107079034B (en) Identity authentication method, terminal equipment, authentication server and electronic equipment
EP2639997B1 (en) Method and system for secure access of a first computer to a second computer
DE102012219618B4 (en) A method of creating a soft token, computer program product, and service computer system
CN100561916C (en) A kind of method and system that upgrades authenticate key
CN102880960B (en) Based on the payment by using short messages method and system of fingerprint recognition mobile phone
CN102946392B (en) A kind of url data encrypted transmission method and system
CN111355749A (en) Efficient method for authenticated communication
CN107810617A (en) Secret certification and supply
CN1689297B (en) Method of preventing unauthorized distribution and use of electronic keys using a key seed
JP6370407B2 (en) O2O secure settlement method and O2O secure settlement system
CN101005361B (en) Server and software protection method and system
US9218493B2 (en) Key camouflaging using a machine identifier

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160817