CN106789079A - Identity identifying method, disposal password electronic installation and system - Google Patents
Identity identifying method, disposal password electronic installation and system Download PDFInfo
- Publication number
- CN106789079A CN106789079A CN201611261811.2A CN201611261811A CN106789079A CN 106789079 A CN106789079 A CN 106789079A CN 201611261811 A CN201611261811 A CN 201611261811A CN 106789079 A CN106789079 A CN 106789079A
- Authority
- CN
- China
- Prior art keywords
- disposal password
- password
- list
- disposal
- electronic installation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The identity identifying method based on disposal password, disposal password electronic installation and system are the embodiment of the invention provides, method is:Electronic installation triggers according to user and an effective disposal password is exported in the disposal password list for prestoring thereon in order, and the password will be imported into authentication center together with unique mark or the user account mark of the electronic installation;The list of corresponding disposal password backstage is found again in authentication center, then judge whether the disposal password of input is effective according to the list, authentication success is confirmed if effectively, and the disposal password that will be input into just now turns into invalid, prevent from reusing, embody disposable feature.Asynchronous system disposal password technology is the method use, unlike synchronous mode technology needs high cost to go to dispose running environment.Therefore, using embodiment of the present invention technical scheme, simple with system deployment, low cost is safe and reliable, the advantages of convenient use.
Description
Technical field
The present invention relates to information security certification technical field, more particularly to one kind carries out authentication based on disposal password
Method, disposal password electronic installation and system.
Background technology
At present, disposal password(One-time Password, write a Chinese character in simplified form OTP)Technology be widely used in bank, security,
The occasions such as network game, shopping online, E-Government, large enterprises inside, are that the property safety of user is carried with reference to original static password
More solid protection is supplied.Two kinds of passwords simultaneously protect under, one-man both taken you disposal password token or
Password card, knows your static password again, is possible to break through your account.Disposal password technology can be according to implementation
It is divided into synchronous mode and asynchronous system.The synchronous mode token device that we use on Vehicles Collected from Market(Synchronous Token)Be
Preserved in token device with one a reference value of authentication server identical, be such as accurate to the time of microsecond, or set with keeper
One for putting can variable value.Token device based on time synchronized is referred to as time synchronized token (Clock-based Token), and
Then it is referred to as count synchronization token (Counter-based Token) based on variable numerical computations.They generate disposal password
Mode it is roughly the same, be all using changing the exclusive key of token, to add token device with the variable of server sync as two
Individual parameter, one disposal password for being used for login system of generation.And authentication server end can then use identical variable and calculation
Method treatment is stored in the user cipher in database, if the phase that the disposal password and authentication server of user's offer are calculated
Together, it is possible to prove that the user is the validated user of system.There is asynchronous system token device using asynchronous system(Asynchronous
Token), papery password card.Because synchronous mode token device needs and authentication server consistent time or numerical variable,
So the deployment of synchronous mode token device and maintenance be not light., then without this shortcoming, it need not for asynchronous system token device
Authentication server is safeguarded and the time between token device or variable synchronization.Asynchronous system token device takes challenge-answer
(Challenge-Response)Disposal password generating mode, after user proposes logging request, authentication server is by root
A numeral is returned to according to the password of user input, after user will be calculated in this numeral input to token device again, meter
Calculate result and return to authentication server, authentication server also can carry out identical calculation procedure and enter the input of result and user
Row compares, and such as two values are identical, then be verified, and user can be with accessing system.It is root using the password card of the papery of asynchronous system
The coordinate value provided according to server finds corresponding password on the password card and returns to server, and server is according to return value
Judge whether user is legal.From the aforegoing it can be seen that using the system of synchronous mode, technical merit, running environment to technical staff
Software and hardware requirement, be all very high, or even some companies do not reach these requirements, have to be using the certification of third company
System.Further, as the construction of system expands, the insecurity of system, unstability, the uncontrollability of cost are by day
Benefit is prominent.And the system for using asynchronous system, exist using very cumbersome if challenge-answer, easily error, and need defeated
Enter challenge information and require that providing many buttons can make token sufficiently bulky;Difficulty is searched using discovery if password card, and
Password quantity always very little, can be reused and caused dangerous on paper.Except disposal password technology, make by the way
The problem existed with extensive USBKEY equipment:Needing installation driver and associated user end component could use, and exist simultaneous
Capacitive, ease of use issues, and terminal is may be only available at present, it is impossible to make in channels such as mobile phone, intelligent terminal, TVs
With;Meanwhile, this kind of mode still suffers from the risk of altered data due to there is all too many levels between upper layer application and bottom encrypted signature
Be remotely controlled, cause the risk of malicious exploitation user certificate.Therefore how convenient, safety, at low cost using disposable
Password will seem extremely important.
The content of the invention
The embodiment of the present invention provides the identity identifying method based on disposal password, disposal password electronic installation and is
System, has used asynchronous system disposal password technology, and substantial amounts of disposal password is stored in disposal password electronic installation, and this one
Secondary property cryptography electronic device is triggered and just exports a new password, it is not necessary to challenges-answers, convenient use is used to solve
To solve the problems, such as to be proposed in above-mentioned background technology.
To achieve the above object, the present invention provides following technical scheme.
1. a kind of identity identifying method, including step is as follows:
Step S110:Disposal password electronic installation is triggered in the disposal password list for prestoring thereon in order according to user
Find first state and be the disposal password of first state, and export the disposal password and change its state for the second state,
The disposal password will be imported into authentication center, and be together imported into authentication center also has the disposal password
Unique mark or the user account mark of electronic installation, the foregoing disposal password list for prestoring is comprising multiple disposable
Password, each disposal password is made up of numeral, letter, symbol, unique in list, and corresponding original state is all the first shape
State, foregoing user account mark is that, for finding corresponding unique user account, it includes user account number, user name
At least one in title, identification card number, telephone number and E-mail address, can also include user account login password;
Step S120:Disposal password electronic installation unique mark or user account mark of the authentication center according to input
The list of corresponding disposal password backstage is found in knowledge, if the user account mark of input is incorrect or after can not find disposal password
Platform list then confirms that authentication fails, and the list of foregoing disposal password backstage is to be pre-stored in the authentication center
On, disposal password backstage list correspond to the disposal password list on a disposal password electronic installation, they
Between have identical quantity, password value, order, each disposal password of the disposal password backstage list is corresponding initial
State is all the third state, and the authentication central store disposal password electronic installation unique mark and disposal password
The corresponding relation of backstage list, in the case of user account binding disposal password electronic installation, the authentication center
Also stores the corresponding relation of user account information and disposal password electronic installation unique mark;
Step S130:The authentication center according to disposal password backstage list judge be input into just now it is disposable close
Whether effectively code, performs step S140 and S150 if effectively, if judged result to confirm authentication failure if invalid, before
Described judges that a disposal password refers to effectively on the disposal password backstage according to a disposal password backstage list
Can find the password in list, and its corresponding state is the third state, it is foregoing according to a disposal password after
Platform list judge disposal password it is invalid refer to that can not find the password, Huo Zheneng in the disposal password backstage list
The password is found in the disposal password backstage list but its corresponding state is not the third state;
Step S140:The authentication center confirms authentication success;
Step S150:The disposal password that the authentication center will be input into just now in the list of the disposal password backstage
As invalid, described turn into invalid a disposal password in a disposal password backstage list refers to by the password
Corresponding state is changed to the 4th state from the third state in the disposal password backstage list, or directly by the password from this
Deleted in the list of disposal password backstage.
Preferably, after the step 5, also step S160:The authentication center is described disposable close
All passwords before the disposal password inputing just now is sequentially located in code backstage list all turn into invalid.
Preferably, in the step S110, the specific method that the disposal password electronic installation exports a password is
One or more combination in below:
Cryptogram is shown by display screen;
Password bar code is shown by display screen;
Password Quick Response Code is shown by display screen;
Connected by USB and exported;
Exported by bluetooth connection;
By near-field communication(Near Field Communication,NFC)Output;
By radio frequency identification(Radio Frequency Identification,RFID)Output;
Exported by language.
2. a kind of disposal password electronic installation, including:Disposal password management module, output module, trigger module, its
In:
Disposal password management module, for the disposal password list that prestores, is also used for receiving the trigger signal of trigger module
First state is found for the disposal password of first state is defeated by output module from disposal password list in order afterwards
Go out and the cryptographic state is changed to the second state;
Output module, for output password;
Trigger module, for producing trigger signal to disposal password management module.
Preferably, the electronic installation also includes disposal password electronic installation unique mark, for identifying affiliated
It is unique in system.
Preferably, the electronic installation also includes biological characteristic authentication module, for only passing through the module biological characteristic
Disposal password could be exported after certification, so-called biological characteristic refers to the features such as fingerprint, iris, face, vocal print.
Preferably, the output module includes display screen, USB(Universal Serial Bus, USB)
Interface, bluetooth(Bluetooth)Element, near-field communication(Near Field Communication,NFC)Element, radio frequency identification
(Radio Frequency Identification,RFID)One or more in electronic tag, sound pronunciation element, wherein
Display screen can be used to show text, bar code or the Quick Response Code of password.
3. a kind of identity authorization system, including disposal password electronic installation, authentication center, client, wherein:
Disposal password electronic installation includes disposal password management module, output module, trigger module;The disposal password
Management module, for the disposal password list that prestores, is also used for receiving after the trigger signal of trigger module in order from once
Property cipher list in find disposal password that first state is first state by output module output and by the password shape
State is changed to the second state;The output module, for output password;The trigger module, for producing trigger signal to once
Property Password Management module;Each disposal password electronic installation has its unique mark in system;
Authentication center, including disposal password background module, the disposal password background module are used to prestore disposably
The list of password backstage and its and the corresponding relation between disposal password electronic installation unique mark, disposal password backstage row
A valid password is turned into invalid on table, is additionally configured to:Remove to judge the close of input according to the list of disposal password backstage
Whether effectively code, and confirms that authentication is successful and in the list of disposal password backstage that this is close when judged result is effective
Code turns into invalid;
Client, the information for obtaining user input with user mutual, for authentication center.
Preferably, the authentication center also includes user's background module, and user's background module is used for managing use
Family account, record user account information and disposal password electronics dress after user bound account and disposal password electronic installation
Put the corresponding relation between unique mark.
Preferably, the output module of the disposal password electronic installation includes display screen, USB(Universal
Serial Bus, USB)Interface, bluetooth(Bluetooth)Element, near-field communication(Near Field
Communication, NFC)Element, radio frequency identification(Radio Frequency Identification, RFID)Electronics mark
Sign, one or more in sound pronunciation element, wherein display screen can be used to show text, bar code or the Quick Response Code of password.
Compared with prior art, the beneficial effects of the invention are as follows:Present invention uses asynchronous system disposal password technology, no
As synchronous mode technology needs high cost to go to dispose running environment;Meanwhile, password is disposable feature, it is ensured that safety, and close
Code allows numeral, letter, symbol, and the pure digi-tal password meeting safety compared with equal length is a lot, if along with disposal password exists
All it is in electronic installation and authentication center if encryption is stored, then security performance is very high;In addition, not chosen in
War-answer or look for the process of password according to coordinate on password card.Therefore, using embodiment of the present invention technical scheme, with being
System deployment is simple, and low cost is safe and reliable, the advantages of convenient use.
Brief description of the drawings
Technical scheme in order to illustrate more clearly the embodiments of the present invention, below will be to that will use needed for embodiment description
Accompanying drawing be briefly described.It should be evident that drawings in the following description are some embodiments of the present invention, it is only used for showing
Go out the purpose of preferred embodiment, and be not considered as limitation of the present invention.In the accompanying drawings:
Fig. 1 is the schematic flow sheet of the identity identifying method of the embodiment of the present invention one;
Fig. 2 is the composition schematic diagram of the disposal password electronic installation of the embodiment of the present invention two;
Fig. 3 is the composition schematic diagram of the identity authorization system method of the embodiment of the present invention three.
Specific embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
1. embodiment one.
As shown in figure 1, providing a kind of identity identifying method in the embodiment of the present invention, comprise the following steps.
The disposal password row that step S110, disposal password electronic installation prestore thereon in order according to user's triggering
First state is found on table and is the disposal password of first state, and exported the disposal password and change its state for the second shape
State, the disposal password will be imported into authentication center, and be together imported into authentication center also has this disposable
Unique mark or the user account mark of cryptography electronic device.
Specifically, the described disposal password list for prestoring includes multiple disposal passwords, each disposal password by
Numeral, letter, symbol composition, unique in list, corresponding original state is all first state;It can be seen that these are disposable
Than the pure digi-tal password of other equal lengths, such as the password algorithmically calculated in synchronous mode token device can pacify password
It is complete a lot;It has been greatly reduced in view of current storage cost, the number of the disposal password that the disposal password list is included
Amount can be very big, can be with enough a very long time.Described user account mark is for finding corresponding unique user
Account, it includes at least one in user account number, user's name, identification card number, telephone number and E-mail address, can also wrap
Include user account login password.
Preferably, the specific method that the disposal password electronic installation exports a password be it is following in one kind or many
Plant combination:
Cryptogram is shown by display screen;
Password bar code is shown by display screen;
Password Quick Response Code is shown by display screen;
Connected by USB and exported;
Exported by bluetooth connection;
By near-field communication(Near Field Communication,NFC)Output;
By radio frequency identification(Radio Frequency Identification,RFID)Output;
Exported by language.
Step S120, the authentication center are according to the disposal password electronic installation unique mark or user's account being input into
Family mark finds the list of corresponding disposal password backstage, if the user account mark of input is incorrect or can not find disposable close
Code backstage list then confirms that authentication fails.
Specifically, described disposal password backstage list is pre-stored on the authentication center, and one disposable
The list of password backstage correspond to the disposal password list on a disposal password electronic installation, there is identical between them
Quantity, password value, order, the corresponding original state of each disposal password of the disposal password backstage list is the 3rd shape
State;The authentication central store the correspondence of disposal password electronic installation unique mark and the list of disposal password backstage
Relation, in the case of user account binding disposal password electronic installation, the authentication center also stores user's account
The corresponding relation of family information and disposal password electronic installation unique mark.Before the use, it is necessary to data initialization process, can
To be:Authentication center produce it is a collection of by numeral, letter, symbol constitute at random, without repeat disposal password, then by
Its data copy is to disposal password electronic installation;Can also be produced by disposal password electronic installation a collection of disposable close
Code, then by its data copy to authentication center;It is also possible that a collection of disposal password is produced by specific purpose tool, then
Its data is copied to disposal password electronic installation and authentication center respectively.Data copy process can be will be disposable
Cryptography electronic device and authentication center are directly connected to, it is also possible to by intermediary, and the intermediary can be hand
Computer, mobile storage disposal password electronic installation, mobile intelligent terminal or specific purpose tool etc. are carried, data copy is gone over.
If password quantity is enough, for domestic consumer, typically in the term of validity of disposal password electronic installation, such as 3 years, within all
It is enough.And for severe user, if finding, significant portion disposal password is all previously used, and will consider what is more renewed
Disposal password electronic installation re-executes data initialization process.In order to safer, when real system is disposed, once
Property code data can be with encrypting storing, it is necessary to use then decryption processing again.
Step S130, the authentication center judge to be input into just now once according to disposal password backstage list
Property password whether effectively, step S140 and S150 are performed if effectively, if judged result to confirm authentication failure if invalid.
Specifically, it is described to judge that a disposal password refers to effectively at this according to a disposal password backstage list
The password can be found in the list of disposal password backstage, and its corresponding state is the third state, it is foregoing according to one
The list of individual disposal password backstage judge disposal password it is invalid refer to that can not be looked in the disposal password backstage list
To the password, or the password can be found in the disposal password backstage list but its corresponding state is not the third state.
Step S140, the authentication center confirm authentication success.
Step S150, the authentication center are disposable by what is be input into just now in the list of the disposal password backstage
Password turns into invalid, prevents from reusing, and embodies disposable feature.
Specifically, it is described in a disposal password backstage list by a disposal password turn into it is invalid refer to by
The password corresponding state in the disposal password backstage list is changed to the 4th state from the third state, or directly that this is close
Code is deleted from the disposal password backstage list.
Step S160:The authentication center handle is sequentially located in the list of the disposal password backstage and was input into just now
Disposal password before all passwords all turn into it is invalid.
This step purpose:Order will be made to come all passwords before the password of user input just now, even if not having also
It was transfused to, and also can all turns into invalid, more ensured the safe handling of disposal password electronic installation.
Step S170:The authentication center confirms authentication failure.
2. embodiment two.
Based on above-mentioned technical proposal, as shown in Fig. 2 the embodiment of the present invention also provides a kind of disposal password electronic installation,
The disposal password electronic installation 200 includes disposal password management module 210, output module 220, trigger module 230, its
In:
Disposal password management module 210, for the disposal password list that prestores, is also used for receiving touching for trigger module 230
The disposal password that first state is first state is found after signalling from disposal password list in order pass through output
Module 220 exports and the cryptographic state is changed into the second state;
Output module 220, for output password;
Trigger module 230, for producing trigger signal to disposal password management module 210.
Preferably, to distinguish disposal password electronic installation, every disposal password electronic installation has system where it
Interior unique disposal password electronic installation unique mark 290.
Preferably, the electronic installation also includes biological characteristic authentication module, for only passing through the module biological characteristic
Disposal password could be exported after certification, so-called biological characteristic refers to the features such as fingerprint, iris, face, vocal print.
Preferably, the output module 220 includes display screen, USB(Universal Serial Bus, general serial
Bus)Interface, bluetooth(Bluetooth)Element, near-field communication(Near Field Communication, NFC)Element, penetrate
Frequency is recognized(Radio Frequency Identification, RFID)One or many in electronic tag, sound pronunciation element
Individual, wherein display screen can be used to show text, bar code or the Quick Response Code of password.
Specifically, disposal password management module 210 prestores disposal password list, it is described prestore it is disposable close
Code list includes multiple disposal passwords, and each disposal password is made up of numeral, letter, symbol, unique in list, correspondence
Original state all be first state;It has been greatly reduced in view of current storage cost, the disposal password list is included
The quantity of disposal password can be very big, can be with enough a very long time.Obviously, the disposal password of the present embodiment can be with
Comprising numeral, letter, symbol, in the case of same password length, compared with the password of existing use pure digi-tal, such as synchronously
The password algorithmically calculated in formula token device, can be safe a lot.The disposal password electronic installation 200 exports one
The method of disposal password is:Trigger module 230 produces trigger signal to disposal password management module according to user's triggering
210, disposal password management module 210 is received after the trigger signal of trigger module 230 in order from disposal password list
In find the disposal password that first state is first state and exported by output module 220 and the cryptographic state is changed to the
Two-state, prevents from reusing, and embodies disposable feature.
3. embodiment three.
Based on above-mentioned technical proposal, as shown in figure 3, the embodiment of the present invention also provides a kind of identity authorization system, including with
The upper disposal password electronic installation 200, authentication center 400, client 450, detailed description sees below.
Disposal password electronic installation 200 includes disposal password management module 210, output module 220, trigger module
230, the disposal password management module 210, for the disposal password list that prestores, is also used for receiving trigger module 230
Trigger signal after found from disposal password list in order first state be first state disposal password pass through
Output module 220 exports and the cryptographic state is changed into the second state;The output module 220, for output password;It is described to touch
Hair module 230, for producing trigger signal to disposal password management module 210;It is disposable close in whole system to distinguish
Code electronic installation, every disposal password electronic installation has unique disposal password electronic installation unique mark in system
290。
Authentication center 400, including disposal password background module 410, the disposal password background module 410 are used
In prestore the list of disposal password backstage and its and corresponding relation between disposal password electronic installation unique mark 290,
A valid password is turned into invalid in the list of disposal password backstage, is additionally configured to:Gone according to the list of disposal password backstage
Whether effectively to judge a password for input, and confirmation authentication is successful and in disposal password when judged result is effective
The password is turned into invalid in the list of backstage.
Client 450, the information for obtaining user input with user mutual, for authentication center.
Preferably, the authentication center 400 also includes user's background module 420, and user's background module 420 is used
Record user account and disposal password electricity to manage user account, when the user bound account and disposal password electronic installation after
Corresponding relation between sub-device unique mark 290.The method for specifically binding user account and disposal password electronic installation,
Can be that keeper directly specifies user account and disposal password electronic installation when disposal password electronic installation is provided
Corresponding relation;Can also after User logs in account, be input into the disposal password electronic installation unique mark 290 to be bound
And the disposal password of the output of disposal password electronic installation 200, confirm that these information have through disposal password background module 410
After effect, the correspondence pass between the record user account of user's background module 420 and disposal password electronic installation unique mark 290
System.
Specifically, the system flow of the present embodiment includes below step.
Step A:The disposal password row that disposal password electronic installation 200 prestores thereon in order according to user's triggering
First state is found on table and is the disposal password of first state, and exported the disposal password and change its state for the second shape
State, the disposal password will be imported into authentication center, and be together imported into authentication center 400 also has this once
Property cryptography electronic device unique mark 290 or user account mark, the foregoing disposal password list for prestoring includes
Multiple disposal passwords, each disposal password is made up of numeral, letter, symbol, unique in list, corresponding original state
All it is first state, foregoing user account mark is that it includes user for finding corresponding unique user account
At least one in account number, user's name, identification card number, telephone number and E-mail address, can also log in including user account
Password.
Step B:Disposal password electronic installation unique mark 290 or use of the authentication center 400 according to input
Family account identification finds the list of corresponding disposal password backstage, if the user account of input is identified through user's background module 420
Be judged as it is incorrect or can not find the list of disposal password backstage then confirm authentication fail, foregoing disposal password
Backstage list is a disposal password in the disposal password background module 410 being pre-stored on the authentication center 400
Backstage list correspond to the disposal password in disposable Password Management module 210 on a disposal password electronic installation 200
List, there is identical quantity, password value, order between them, each disposal password of the disposal password backstage list
Corresponding original state is all the third state, and the disposal password background module 410 on the authentication center 400 is also stored
The corresponding relation of disposal password electronic installation unique mark 290 and the list of disposal password backstage, in user account binding
In the case of disposal password electronic installation 200, the user's background module 420 on the authentication center 400 also stores
The corresponding relation of user account information and disposal password electronic installation unique mark 290.Before the use, it is necessary to data are initial
Change process, Ke Yishi:Disposal password background module 410 on authentication center 400 produces a collection of by numeral, letter, symbol
Number random composition, without the disposal password for repeating, then by its data copy to the last time of disposal password electronic installation 200
Property Password Management module 210;Can also be produced by disposable Password Management module 210 on disposal password electronic installation 200
A collection of disposal password, then by the disposal password background module 410 in its data copy to authentication center 400;Also
Can be that a collection of disposal password is produced by specific purpose tool, its data is then copied to disposal password electronic installation respectively
Disposal password background module 410 on 200 in disposable Password Management module 210 and authentication center 400.Data copy
Process can be directly connected to disposal password electronic installation 200 and authentication center 400, it is also possible to by centre
Medium, the intermediary can be laptop computer, mobile storage disposal password electronic installation, mobile intelligent terminal or special
Instrument etc., data copy is gone over.If password quantity is enough, for domestic consumer, typically in disposal password electronic installation
The term of validity, such as 3 years, within be all enough.And for severe user, if find significant portion disposal password all by
It is used, then to consider the disposal password electronic installation that more renews or re-execute data initialization process.In order to more pacify
Entirely, when real system is disposed, disposal password data can be with encrypting storing, it is necessary to use then decryption processing again.
Step C:Disposal password background module 410 on the authentication center 400 is according to the disposal password
Whether effectively backstage list judges the disposal password being input into just now, step below step is performed if effectively, if judged result
Be it is invalid then confirm authentication failure, it is foregoing according to a disposal password backstage list judge one disposably it is close
Code refers to effectively that the password can be found in the disposal password backstage list, and its corresponding state is the third state, preceding
Described in face according to a disposal password backstage list judge disposal password it is invalid refer to can not be disposable close at this
The password is found in code backstage list, or the password but its corresponding state can be found in the disposal password backstage list
It is not the third state.
Step D:The authentication center 400 confirms authentication success.
Step E:Disposal password background module 410 on the authentication center 400 is after the disposal password
The disposal password that will be input into just now in platform list turns into invalid, prevents from reusing, and embodies disposable feature;Described
It refers in the disposal password by the password to turn into invalid a disposal password in a disposal password backstage list
Corresponding state is changed to the 4th state from the third state in the list of backstage, or directly by the password from the disposal password backstage
Deleted in list.
Step F:Disposal password background module 410 on the authentication center 400 is in the disposal password
All passwords before the disposal password inputing just now is sequentially located in the list of backstage all turn into invalid, and this will arrange order
All passwords before the password of user input just now, even if not being transfused to also, it is invalid also all to turn into, and more ensures
The safe handling of disposal password electronic installation.
Finally it should be noted that:Above example is only used to illustrate the technical scheme of the embodiment of the present invention, rather than it is limited
System;Although being described in detail to the embodiment of the present invention with reference to the foregoing embodiments, one of ordinary skill in the art should
Understand:It can still modify to the technical scheme described in foregoing embodiments, or to which part technical characteristic
Carry out equivalent;And these modifications or replacement, the essence of appropriate technical solution is departed from each reality of the embodiment of the present invention
Apply the spirit and scope of a technical scheme.
Claims (10)
1. a kind of identity identifying method, it is characterised in that as follows including step:
Step S110:Disposal password electronic installation is triggered in the disposal password list for prestoring thereon in order according to user
Find first state and be the disposal password of first state, and export the disposal password and change its state for the second state,
The disposal password will be imported into authentication center, and be together imported into authentication center also has the disposal password
Unique mark or the user account mark of electronic installation, the foregoing disposal password list for prestoring is comprising multiple disposable
Password, each disposal password is made up of numeral, letter, symbol, unique in list, and corresponding original state is all the first shape
State, foregoing user account mark is that, for finding corresponding unique user account, it includes user account number, user name
At least one in title, identification card number, telephone number and E-mail address, can also include user account login password;
Step S120:Disposal password electronic installation unique mark or user account mark of the authentication center according to input
The list of corresponding disposal password backstage is found in knowledge, if the user account mark of input is incorrect or after can not find disposal password
Platform list then confirms that authentication fails, and the list of foregoing disposal password backstage is to be pre-stored in the authentication center
On, disposal password backstage list correspond to the disposal password list on a disposal password electronic installation, they
Between have identical quantity, password value, order, each disposal password of the disposal password backstage list is corresponding initial
State is all the third state, and the authentication central store disposal password electronic installation unique mark and disposal password
The corresponding relation of backstage list, in the case of user account binding disposal password electronic installation, the authentication center
Also stores the corresponding relation of user account information and disposal password electronic installation unique mark;
Step S130:The authentication center according to disposal password backstage list judge be input into just now it is disposable close
Whether effectively code, performs step S140 and S150 if effectively, if judged result to confirm authentication failure if invalid, before
Described judges that a disposal password refers to effectively on the disposal password backstage according to a disposal password backstage list
Can find the password in list, and its corresponding state is the third state, it is foregoing according to a disposal password after
Platform list judge disposal password it is invalid refer to that can not find the password, Huo Zheneng in the disposal password backstage list
The password is found in the disposal password backstage list but its corresponding state is not the third state;
Step S140:The authentication center confirms authentication success;
Step S150:The disposal password that the authentication center will be input into just now in the list of the disposal password backstage
As invalid, described turn into invalid a disposal password in a disposal password backstage list refers to by the password
Corresponding state is changed to the 4th state from the third state in the disposal password backstage list, or directly by the password from this
Deleted in the list of disposal password backstage.
2. method according to claim 1, it is characterised in that after the step 5, also step S160:The body
Part authentication center is all before the disposal password being input into just now being sequentially located in the list of the disposal password backstage
Password all turns into invalid.
3. the method according to any one of claim 1 to 2, it is characterised in that in the step S110, it is described disposable close
Code electronic installation export a password specific method be it is following in one or more combination:
Cryptogram is shown by display screen;
Password bar code is shown by display screen;
Password Quick Response Code is shown by display screen;
Connected by USB and exported;
Exported by bluetooth connection;
By near-field communication(Near Field Communication,NFC)Output;
By radio frequency identification(Radio Frequency Identification,RFID)Output;
Exported by language.
4. a kind of disposal password electronic installation, it is characterised in that including:Disposal password management module, output module, triggering
Module, wherein:
Disposal password management module, for the disposal password list that prestores, is also used for receiving the trigger signal of trigger module
First state is found for the disposal password of first state is defeated by output module from disposal password list in order afterwards
Go out and the cryptographic state is changed to the second state;
Output module, for output password;
Trigger module, for producing trigger signal to disposal password management module.
5. disposal password electronic installation according to claim 4, it is characterised in that the electronic installation also includes once
Property cryptography electronic device unique mark, it is unique for identifying in affiliated system.
6. disposal password electronic installation according to claim 4, it is characterised in that the electronic installation also includes biology
Feature verification module, for only by the way that disposal password, so-called biological characteristic could be exported after the module biological characteristic authentication
Refer to the features such as fingerprint, iris, face, vocal print.
7. the disposal password electronic installation according to any one of claim 4 to 6, it is characterised in that the output module
Including display screen, USB(Universal Serial Bus, USB)Interface, bluetooth(Bluetooth)It is element, near
Field communication(Near Field Communication,NFC)Element, radio frequency identification(Radio Frequency
Identification,RFID)One or more in electronic tag, sound pronunciation element, wherein display screen can be used to show
The text of password, bar code or Quick Response Code.
8. a kind of identity authorization system, it is characterised in that including disposal password electronic installation, authentication center, client,
Wherein:
Disposal password electronic installation includes disposal password management module, output module, trigger module;The disposal password
Management module, for the disposal password list that prestores, is also used for receiving after the trigger signal of trigger module in order from once
Property cipher list in find disposal password that first state is first state by output module output and by the password shape
State is changed to the second state;The output module, for output password;The trigger module, for producing trigger signal to once
Property Password Management module;Each disposal password electronic installation has its unique mark in system;
Authentication center, including disposal password background module, the disposal password background module are used to prestore disposably
The list of password backstage and its and the corresponding relation between disposal password electronic installation unique mark, disposal password backstage row
A valid password is turned into invalid on table, is additionally configured to:Remove to judge the close of input according to the list of disposal password backstage
Whether effectively code, and confirms that authentication is successful and in the list of disposal password backstage that this is close when judged result is effective
Code turns into invalid;
Client, the information for obtaining user input with user mutual, for authentication center.
9. system according to claim 8, it is characterised in that the authentication center also includes user's background module,
User's background module is for managing user account, when user bound account and disposal password electronic installation postscript employ family
Corresponding relation between account information and disposal password electronic installation unique mark.
10. the system according to any one of claim 8 to 9, it is characterised in that the disposal password electronic installation it is defeated
Going out module includes display screen, USB(Universal Serial Bus, USB)Interface, bluetooth(Bluetooth)Unit
Part, near-field communication(Near Field Communication,NFC)Element, radio frequency identification(Radio Frequency
Identification,RFID)One or more in electronic tag, sound pronunciation element, wherein display screen can be used to show
The text of password, bar code or Quick Response Code.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611261811.2A CN106789079A (en) | 2016-12-30 | 2016-12-30 | Identity identifying method, disposal password electronic installation and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611261811.2A CN106789079A (en) | 2016-12-30 | 2016-12-30 | Identity identifying method, disposal password electronic installation and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106789079A true CN106789079A (en) | 2017-05-31 |
Family
ID=58953900
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611261811.2A Pending CN106789079A (en) | 2016-12-30 | 2016-12-30 | Identity identifying method, disposal password electronic installation and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106789079A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107480988A (en) * | 2017-07-28 | 2017-12-15 | 贵州眯果创意科技有限公司 | A kind of block chain realizes the supervisory systems of stock exchange |
WO2023071100A1 (en) * | 2021-10-26 | 2023-05-04 | 苏州浪潮智能科技有限公司 | Password protection method and apparatus, and medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1703002A (en) * | 2005-07-05 | 2005-11-30 | 江苏乐希科技有限公司 | Portable one-time dynamic password generator and security authentication system using the same |
CN101102194A (en) * | 2007-07-31 | 2008-01-09 | 北京飞天诚信科技有限公司 | A method for OTP device and identity authentication with this device |
CN102467774A (en) * | 2010-11-17 | 2012-05-23 | 戴胜祝 | Cryptosystem with anti-recording function |
US20120233675A1 (en) * | 2011-03-09 | 2012-09-13 | Computer Associates Think, Inc. | Authentication with massively pre-generated one-time passwords |
CN104077690A (en) * | 2014-06-24 | 2014-10-01 | 北京安讯奔科技有限责任公司 | One-time password generation method and device, authentication method and authentication system |
-
2016
- 2016-12-30 CN CN201611261811.2A patent/CN106789079A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1703002A (en) * | 2005-07-05 | 2005-11-30 | 江苏乐希科技有限公司 | Portable one-time dynamic password generator and security authentication system using the same |
CN101102194A (en) * | 2007-07-31 | 2008-01-09 | 北京飞天诚信科技有限公司 | A method for OTP device and identity authentication with this device |
CN102467774A (en) * | 2010-11-17 | 2012-05-23 | 戴胜祝 | Cryptosystem with anti-recording function |
US20120233675A1 (en) * | 2011-03-09 | 2012-09-13 | Computer Associates Think, Inc. | Authentication with massively pre-generated one-time passwords |
CN104077690A (en) * | 2014-06-24 | 2014-10-01 | 北京安讯奔科技有限责任公司 | One-time password generation method and device, authentication method and authentication system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107480988A (en) * | 2017-07-28 | 2017-12-15 | 贵州眯果创意科技有限公司 | A kind of block chain realizes the supervisory systems of stock exchange |
WO2023071100A1 (en) * | 2021-10-26 | 2023-05-04 | 苏州浪潮智能科技有限公司 | Password protection method and apparatus, and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9350548B2 (en) | Two factor authentication using a protected pin-like passcode | |
US9858401B2 (en) | Securing transactions against cyberattacks | |
US10021091B2 (en) | Secure authorization systems and methods | |
CN102804200B (en) | Two-factor user authentication system, and method therefor | |
US8140855B2 (en) | Security-enhanced log in | |
CN101272237B (en) | Method and system for automatically generating and filling login information | |
CN103929306B (en) | The approaches to IM of intelligent cipher key equipment and intelligent cipher key equipment | |
CN106060078B (en) | User information encryption method, register method and verification method applied to cloud platform | |
US9847874B2 (en) | Intermediary organization account asset protection via an encoded physical mechanism | |
WO2012154367A2 (en) | Secure user credential control | |
US20080010453A1 (en) | Method and apparatus for one time password access to portable credential entry and memory storage devices | |
CN105430014B (en) | A kind of single-point logging method and its system | |
JP2012212211A (en) | Authentication cooperation system and authentication cooperation method | |
CN106850228A (en) | A kind of foundation of portable intelligent password management system and operating method | |
KR20080087917A (en) | System for certify one-time password, system for issue a seed, and method for generating one-time password | |
KR101202245B1 (en) | System and Method For Transferring Money Using OTP Generated From Account Number | |
US8176533B1 (en) | Complementary client and user authentication scheme | |
GB2554082A (en) | User sign-in and authentication without passwords | |
CN114760070A (en) | Digital certificate issuing method, digital certificate issuing center and readable storage medium | |
CN106789079A (en) | Identity identifying method, disposal password electronic installation and system | |
CN106533681A (en) | Attribute attestation method and system supporting partial presentation | |
CN115208676B (en) | Data encryption method and system based on blockchain technology | |
US10972286B2 (en) | Token-based authentication with signed message | |
CN114697113B (en) | Multiparty privacy calculation method, device and system based on hardware accelerator card | |
Vorster et al. | Violations of good security practices in graphical passwords schemes: Enterprise constraints on scheme-design |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170531 |
|
WD01 | Invention patent application deemed withdrawn after publication |