CN106997432A - Picture password authentication method and picture password authentication device - Google Patents
Picture password authentication method and picture password authentication device Download PDFInfo
- Publication number
- CN106997432A CN106997432A CN201710345986.XA CN201710345986A CN106997432A CN 106997432 A CN106997432 A CN 106997432A CN 201710345986 A CN201710345986 A CN 201710345986A CN 106997432 A CN106997432 A CN 106997432A
- Authority
- CN
- China
- Prior art keywords
- picture
- certification
- password
- user
- symbol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Abstract
The invention discloses a kind of picture password authentication method and picture password authentication device, including:Certification request is initiated, certification request includes the unique mark related to user;Certification picture is obtained according to unique mark, and plus multiple pictures formation picture group;It is required that user selects a picture;The picture that user is selected is as background picture, and alternative symbol formation sign matrix when being generated with picture password;Allow user's moving symbol matrix in background picture so that certification symbol is moved to position during picture password generation;Determine whether user have selected correct background picture, and determine same position when whether the certification symbol is moved into picture password generation, if all correct, user authentication success, otherwise, authentification failure.The authentication method and authentication device reliability of the present invention is high, is less prone to the problems such as being stolen, reveal.
Description
Technical field
The present invention relates to cipher authentication technique, more particularly to a kind of picture password authentication method and picture password certification dress
Put.
Background technology
With the continuous progress of computer technology, various PCs, notebook, tablet personal computer, smart mobile phone are increasingly
Popularization, no matter to individual or company user, the safety of computer system also becomes more and more important.And flying with internet
Speed development, the situation of network security is also increasingly sophisticated changeable, and people pay attention to network security increasingly, and authentication is ubiquitous,
Most of certification with character password form occur, such as operating system login password, website password, game identification number, client password,
Cell phone password etc..
However, there are many shortcomings in such character password, such as the most frequently used authentication means in the presence of possible
It is stolen, reveals, spying on, Brute Force, hitting many problems such as storehouse, memory difficulty, is difficult to meet under the new situation
Computer system and network security demand.
Steal:Hacker steals user cipher by technological means (such as keyboard record, de- storehouse, fishing website, fishing mailbox).
Leakage:After one network system is captured by hacker, the system even user cipher of other systems are often revealed,
User is not good at also revealing password (for example writing on paper slip password) due to keeping.
Spy on:In input cryptographic processes, other people can spy on typing cryptographic processes, so as to obtain password.
Brute Force:Hacker utilizes dictionary Brute Force password.
Hit storehouse:The user name password that hacker is revealed using a website or system, mass is attempted to log in another net
Stand or system.
Memory difficulty:Complicated cryptographic consumer is not remembered, and too simply or too rule is easily cracked again.
In view of the above problems, the problem of overcoming above-mentioned such or such in the urgent need to a kind of cipher authentication technique.
The content of the invention
The invention provides a kind of picture password authentication techniques, the technology solves the upper of conventional characters cipher authentication presence
State problem.
It should be noted that the term " computer system " referred in the present invention is sensu lato term, it may include example
Such as server, PC, notebook computer, tablet personal computer, smart mobile phone, it both can be such as server and individual's electricity
Brain, the combination of smart mobile phone or single computer equipment.In addition, " computer equipment " is also a sensu lato art
Language, can be such as server, PC, notebook computer, tablet personal computer, smart mobile phone.
In addition, in the method description of the present invention, may be numbered to each step, however, such numbering is only
Description merely for convenience, and be not meant to, these methods must successively be carried out according to listed sequence number, unless, in the de-scription
It is manifestly intended that the sequencing or logical relation these steps based on context that perform these steps must be first laggard
OK.Otherwise, the execution sequence of these steps can be adjusted as needed.
According to an embodiment of the invention there is provided a kind of picture password authentication method, including:Receive picture password
Certification request, the picture password certification request includes the unique mark related to user;Obtained according to the unique mark
The certification picture that picture password is set when generating, and add multiple picture formation picture groups;By user from the picture group
One picture of selection is set to background picture;The character and figure of the alternative symbol when picture password is generated will at least be included
Sign matrix is formed, is overlapped on the background picture;User is allowed to move the sign matrix on the background picture so that
The certification symbol of user's selection is moved to desired locations when picture password is generated during the picture password generation, it is then determined that with
Whether family have selected correct background picture, and determine whether the certification symbol is moved into the desired locations, if all
Correctly, then certification success, otherwise, authentification failure.
Preferably, in above-mentioned picture password authentication method, it is additionally included in before the setting background picture, user is selected
The one picture selected is cut into multiple picture blocks;And when setting the background picture, by user from the multiple figure
The picture block selected in tile is set to the background picture.
Preferably, in above-mentioned picture password authentication method, the area of the sign matrix is more than the background picture
Area, and the part being located at outside the background picture of the sign matrix is not presented to user.
Preferably, in above-mentioned picture password authentication method, if when picture password is generated, user needs colour blindness special purpose chart
Storehouse, then in picture password verification process, picture, character and the figure that the computer system is provided are the special figure of colour blindness
Piece, character and figure.
Preferably, in above-mentioned picture password authentication method, the symbol square is moved on the background picture in user
During battle array, coordinate position of the symbol of each in sign matrix in the background picture is not shown, and determine the certification symbol
During the desired locations whether being moved into when picture password is generated, as long as the coordinate position of the certification symbol is given birth to picture password
Into when the deviation of coordinate position judge that the certification symbol is moved into the desired locations within a predetermined range, then.
Preferably, in above-mentioned picture password authentication method, the symbol square is moved on the background picture in user
During battle array, coordinate position of each symbol in the background picture in display sign matrix;And it is determined that the certification symbol
During the desired locations whether being moved into when picture password is generated, judge whether the coordinate position of the certification symbol is close with picture
Coordinate position during code generation is identical.
Preferably, in above-mentioned picture password authentication method, after the picture password certification request is received, it is desirable to obtain
Take the system environmental information of user equipment, and according to the system environmental information confirm the user equipment system environments whether
Safety, picture password certification request is received if safety is confirmed, otherwise, refuses picture password certification request.
Preferably, in above-mentioned picture password authentication method, when the picture password certification request of same unique mark connects
Continuous mistake pre-determined number, then do not receive the picture password certification request of the unique mark in the given time.
Preferably, in above-mentioned picture password authentication method, when the picture password certification request of same unique mark connects
Continuous mistake pre-determined number, then require that user otherwise verifies identity, after being verified, it is allowed to which user resets picture and recognized
Card password or the picture password certification request initiated again.
Preferably, in above-mentioned picture password authentication method, if user have selected multiple certification symbols when password is generated,
Remaining certification symbol in the multiple certification symbol is then directed to, order when being generated according to picture password allows user in institute successively
State the mobile sign matrix on background picture so that the certification symbol of user's selection is moved to during the picture password generation
Desired locations when picture password is generated.
According to another implementation of the invention there is provided a kind of picture password authentication device, including:Certification request connects
Module is received, picture password certification request is received, the picture password certification request includes the unique mark related to user;Picture
Group forms module, the certification picture set when picture password is generated is obtained according to the unique mark, and add multiple figures
Piece formation picture group;Background picture setup module, Background is set to by the picture that user selects from the picture group
Piece;Sign matrix formation module, by the character at least including the alternative symbol when picture password is generated and figure formation symbol
Matrix, is overlapped on the background picture;Picture password authentication module, allows user to move the symbol on the background picture
Matrix so that the certification symbol of user's selection is moved to desired locations when picture password is generated during the picture password generation,
It is then determined that whether user have selected correct background picture, and determine whether the certification symbol is moved into the expectation
Position, if all correct, certification success, otherwise, authentification failure.
The present invention is authenticated using above-mentioned picture password authentication method and device, solves conventional characters cipher authentication
The problem of existing, compared with conventional cipher certification, is solved or is improved one or more problems of following aspect by the present invention:
Steal:The present invention can effectively prevent situation about being stolen, by authentication modes such as picture color, character positions,
In the absence of the possibility being stolen.
Reveal, spy on:Even if user has other people to spy on during typing picture password, be not easy to leakage certification symbol with
And the character position of certification.
Brute Force:Due to the presence of service end strategy, this user of multiple authentification failure can be frozen, and environmental monitoring
Module can monitor exception call, prevent Brute Force.
Hit storehouse:Due in the absence of conventional characters password, so this problem is not present.
Memory difficulty:User is according to picture and character certification, and the character password than remembering complicated is easily a lot.
Brief description of the drawings
Fig. 1 shows the structural representation of picture password generating means according to an embodiment of the invention.
Fig. 2 shows the structural representation of picture password authentication device according to an embodiment of the invention.
Fig. 3 shows a kind of schematic block diagram of computer system according to the present invention.
Fig. 4 shows the schematic flow sheet of the picture password generation method according to an embodiment of the invention.
Fig. 5 shows the schematic block diagram of another computer system according to the present invention.
Fig. 6 shows the schematic flow sheet of the picture password generation method according to another embodiment of the present invention.
Fig. 7 shows the schematic flow sheet of the picture password authentication method according to an embodiment of the invention.
Fig. 8 shows the schematic flow sheet of the picture password authentication method according to another embodiment of the present invention.
Embodiment
It is referring to the drawings in conjunction with the embodiments, right for the objects, technical solutions and advantages of the present invention are more clearly understood
The present invention is further described.
Fig. 1 shows the structural representation of picture password generating means according to an embodiment of the invention.Fig. 1 figure
Piece password generating apparatus 1000 includes certification picture setup module 1100, background picture setup module 1200, alternative symbol and set
Module 1300, certification symbol setup module 1400, sign matrix formation module 1500 and picture password generation module 1600.
Certification picture setup module 1100, will be uploaded by user or is set to by picture of the user in computer system
Certification picture for certification;Or certification picture is directly specified from the picture of the computer system and makes the certification picture
Show user.
Background picture setup module 1200, background picture is set using the certification picture.
Alternative symbol setup module 1300, it is desirable to character or figure that user inputs or provided from the computer system
It is middle to select at least one character or figure alternately symbol.
Certification symbol setup module 1400, at least one character or figure that will be selected by user from the alternative symbol
It is set to certification symbol.
Sign matrix formation module 1500, uses the multiple characters or graphic hotsopt symbol including at least the alternative symbol
Matrix, and the sign matrix is overlapped on the background picture and highlight a certification symbol.
Picture password generation module 1600, allows user to drag the sign matrix so that the certification symbol highlighted is located at
Desired locations in the background picture are to generate picture password.
Fig. 2 shows the structural representation of picture password authentication device according to an embodiment of the invention.Fig. 2 picture
Cipher authentication device 2000 includes certification request receiving module 2100, picture group formation module 2200, background picture setup module
2300th, sign matrix formation module 2400 and picture password authentication module 2500.
Certification request receiving module 2100, receive picture password certification request, the picture password certification request include with
The related unique mark of user;Picture group formation module 2200, obtains according to the unique mark and is set when picture password is generated
The certification picture put, and add multiple picture formation picture groups;Background picture setup module 2300, by user from the picture
The picture selected in group is set to background picture;Sign matrix formation module 2400, will at least be included in picture password life
Into when alternative symbol character and figure formation sign matrix, overlap on the background picture;Picture password authentication module
2500, allow user to move the sign matrix on the background picture so that user's selection during the picture password generation
Certification symbol is moved to desired locations during picture password generation, it is then determined that whether user have selected correct background picture,
And desired locations when whether the certification symbol is moved into picture password generation are determined, if all correct, certification success,
Otherwise, authentification failure.
The present invention can be used for different computer systems, it will be appreciated by persons skilled in the art that the picture of the above
In password generating apparatus 1000 and picture password authentication device 2000 function of modules can for example, by following authentication modules,
Application module etc. is realized.The present invention can be used for the computer system of for example multiple computer equipment compositions, especially by net
Multiple computer equipments that network is connected, picture password generation and authentication method using the present invention, can greatly enhance net
Network safety.For example, Fig. 3 shows the schematic block diagram of computer system 10.Computer system 10 may include server 100 and use
Family equipment 200.For brevity, a user equipment 200 is illustrate only in figure 3, however it is possible to have multiple identical or not
Same user equipment 200, user equipment 200 can be such as PC, tablet personal computer, smart mobile phone.User equipment 200
It can be connected via network 300 with server 100.Network 300 can be such as internet, LAN, 3G network, 4G networks, indigo plant
Tooth network etc..
Server 100 may include authentication module 110 and big data and machine learning engine 120.Authentication module 110 is in password
Set and related processing is carried out in verification process.Big data and the request of the processing environment safety check of machine learning engine 120, example
Such as confirm whether the system environments of user equipment is safe according to the system environmental information of user equipment.User equipment 200 may include
Application module 210 and safety monitoring module 220.Application module 210 can be such as PC, tablet personal computer, smart mobile phone
Deng application program or operating system, website client end etc..Safety monitoring module 220 collects the system environments letter of user equipment
Breath, and the system environmental information is uploaded to server 100.
Fig. 4 shows the schematic flow sheet of the picture password generation method according to an embodiment of the invention.For example,
, can be by comprising the following steps when user needs to register some application programs or website, it is necessary to set user cipher
Method be configured.
Referring to Fig. 4, in step s 110, safety monitoring module 220 collects the system environments letter of current user equipment 200
Breath, and given server 100.Specifically, it can be for example by certification system environmental information to be sent into server 100
Module 110 is transmitted to big data and machine learning engine 120 or is transmitted directly to big data and machine learning engine
120。
In the step s 120, by server, such as big data and machine learning engine 120 are true according to the system environmental information
Whether the system environments for recognizing user equipment 200 is safe, and subsequent step is performed if safety is confirmed.If it is determined that it is dangerous, then in step
Rapid S130 refusals perform subsequent step.During refusal registration, for example, it can inform that user system environment is dangerous.Big data and machine
Study engine 120 can also determine what risk is user system environment have according to system environmental information, and be prompted to use
Family, can also point out user which kind of measure can be taken to improve system environments.If for example, detecting user equipment has keyboard
Spyware is recorded, client can be pointed out to there is the risk that character input is recorded, corresponding software should be deleted or antivirus is utilized
Software carries out antivirus processing.Step S110~S130 is not necessary, it is preferred that performing these steps, sets close to reduce
The risk that code is stolen.
In step S140, certification picture is set, specifically, by being uploaded by user or the tool selected from computer system 10
The picture for having multiple characteristic points is provided for the certification picture of certification;Or have from the picture in computer system 10 is specified
The picture of multiple characteristic points is as certification picture and by the certification picture presentation to user.The certification figure of computer system 10 itself
Piece collection can be included in the application module 210 of the authentication module 110 of server 100 or user equipment 200, and can be by recognizing
Module 110 or application module 210 is demonstrate,proved to specify certification picture.
" picture with multiple characteristic points " described herein refers in the picture of non-fully uniformity, picture at least
The sites different from other positions, lines or the region that can recognize that with some users so that user will subsequently refer to
Character matrix is placed on after ad-hoc location, can relatively easily reappear placement action.That is, due to having on picture
Characteristic point so that after picture password is set, in certification, user can be relatively easily by the certification in character matrix
Symbol is restored to the ad-hoc location.Characteristic point in picture is more, and the possibility that picture password is cracked or revealed is lower, so
And, characteristic point is excessive and each characteristic point between it is excessively approximate (be for example only that a large amount of intensive stains are distributed in whole figure
Situation on piece), increase reappears difficulty, the convenience reduction of authentication authorization and accounting operation.Therefore, select picture when can slightly screen with
Take into account secrecy and ease for use.Picture with multiple characteristic points can be such as personage's picture, scenery picture, any scribble
Deng as long as with some characteristic points.
In step S150, certification picture is cut into multiple picture blocks including multiple characteristic points.This operation can be by example
Such as authentication module 110 of server 100 or the application module 210 of user equipment 200 are performed, and are preferably performed by authentication module 110.
In step S160, the picture block that user selects is set to background picture.This operation can be by for example servicing
The authentication module 110 of device 100 or the application module 210 of user equipment 200 are performed, and are preferably performed by application module 210.
In step S170, it is desirable to which user inputs at least one character or figure or the word provided from computer system 10
At least one character or figure alternately symbol are selected in symbol or figure.It is required that user's input or can be by the step of select
The authentication module 110 of such as server 100 or the application module 210 of user equipment 200 are performed, and are preferably held by application module 210
OK.Here, the character or figure that computer system 10 is provided can be included in authentication module 110 or application module 210, preferably
It is included in authentication module 110.In this step, alternative symbol both can be user's input, can be to be selected from department of computer science again
What system was provided, or both combinations.
In step S180, at least one character or figure for being selected from the alternative symbol by user are set to recognize
Demonstrate,prove symbol.This operation can be performed by the authentication module 110 of such as server 100 or the application module 210 of user equipment 200, excellent
Choosing is performed by authentication module 110.The certification symbol can be different colours, different fonts, digital, the special symbol of different brightness
Number, the alphabetic character and figure of different language.In the case where selecting multiple certification symbols, multiple certification symbols can both have
Character, can there is figure again.
In step S190, using the multiple characters or graphic hotsopt sign matrix including at least the alternative symbol, and
And the sign matrix is overlapped on the background picture and highlight a certification symbol.This step can be by for example taking
The authentication module 110 of business device 100 or the application module 210 of user equipment 200 are performed, and are preferably performed by application module 210.Here
Highlight can be such as overstriking, it is highlighted, flicker.
In this step, depending on the symbolic number in sign matrix can be according to different application scenarios, in sign matrix
Symbol can be repeated.In addition, the area of overlapping sign matrix on background picture can be less than or equal to the face of background picture
Product, it is preferred that the area of sign matrix is more than the area of background picture, thus a part of symbol of sign matrix is located at background
Outside picture.In certification, the part outside background picture can not be shown, only display is located at the symbol in the range of background picture
Number, thus, for example, reduce further because the risk that picture password is revealed caused by peeping.
In step s 200, it is desirable to which user drags the sign matrix so that one certification symbol and the background
A characteristic point on picture is overlapped.This step can by such as server 100 authentication module 110 or user equipment 200
Application module 210 is performed, and is preferably performed by application module 210.
In step S210, also other certification symbols being not provided with are determined whether, if also had, repeat step S190
With step S200;
In step S220, picture password verification process is previewed to user, it is desirable to which user completes simulation verification process, if with
Family simulation authentification failure then re-starts picture password generation, that is, returns and perform step S140 and subsequent step.If simulation is recognized
Demonstrate,prove successfully, then terminate picture password generating process.Password generation and authentication mode due to the present invention are a kind of brand-new sides
Formula, therefore, previews verification process to user, can improve the experience of user, certainly, this process is not essential, can be with other
Mode is to instruction manual verification process.Although in addition, requiring what simulation certification nor is it necessary that, authenticating step is simulated in increase
The reliability of picture password setting can be mentioned, it is ensured that the setting of user in the provisioning process without maloperation or before forgetting
Picture block, certification symbol etc..Simulation verification process may be referred to hereafter described in verification process similarly set.
Certainly, can be by beyond certification picture, background picture, background picture in the setting processing of each above-mentioned step
Picture block, alternative symbol, certification symbol and certification symbol respectively to the final position relation of background picture with and user it is related
Unique mark associated storage in the server.The unique mark related to user, for example, can be user name, Yong Hushe
Standby title, IP address, phone number etc..Thus, it is convenient to be used in certification by the authentication module.
In above-mentioned picture password generation method, by certification picture segmentation, the picture block after segmentation is set to background
Picture, however, it is also possible to omit picture segmentation step, is directly set to background picture by the certification picture that user selects.Omit
The segmentation of certification picture, can simplify password and set and verification process.And the picture block after segmentation is set to background picture, can
Further to strengthen the confidentiality of password.Specifically whether split certification picture, can be selected according to different applications.
In above-mentioned picture password generation method, the position of sign matrix is set by the characteristic point of picture.However,
Can also be by pointing out the coordinate position of certification symbol to set.For example, in step s 200, sign matrix is dragged in user
When, the coordinate of display certification symbol on background picture, or stop dragging in user, it is determined that after placement location, display is recognized
Demonstrate,prove the position coordinates of symbol.So in cipher authentication, the coordinate position of certification symbol when user can generate according to password
Carry out moving symbol matrix.By coordinate position set-up mode, even if user uploads the unconspicuous picture of feature, even uniform face
During the picture of color, can also successfully it be configured and certification.
It is contemplated that the present invention may be use with being the computer system of single computer equipment, for example, stepped in the operating system of unit
In the case that record, mobile phone are logged in, picture password generation and authentication method using the present invention can strengthen the peace of stand-alone device
Entirely.For example, Fig. 5 shows the schematic block diagram of computer system 30.Computer system 30 can be single computer equipment.Should
Computer equipment can be such as PC, tablet personal computer, smart mobile phone.Computer system 30 may include authentication module
310 and application module 320.Although in addition, authentication module 310 and application module 320 are two independent modules, certification mould here
Block can also as application module a part.
Fig. 6 shows the schematic flow sheet of the picture password generation method according to another embodiment of the present invention.In list
When carrying out password generation on machine equipment, the step S340 in Fig. 6 is carried out first, certification picture is set, specifically, will be by user
Upload or the picture with multiple characteristic points selected from computer system 30 are provided for the certification picture of certification;Or from meter
Picture in calculation machine system 30 specifies the picture with multiple characteristic points as certification picture and by the certification picture presentation to use
Family.The certification pictures of computer system 30 itself can be included in authentication module 310 or application module 320, and can be with
Certification picture is specified by authentication module 310 or application module 320.
In step S350, certification picture is cut into multiple picture blocks including multiple characteristic points.This operation can be by example
Such as authentication module 310 or application module 320 are performed, and are preferably performed by authentication module 310.
In step S360, the picture block that user selects is set to background picture.This operation can be by such as certification
Module 310 or application module 320 are performed, and are preferably performed by application module 320.
In step S370, it is desirable to which user inputs at least one character or figure or the word provided from computer system 30
At least one character or figure alternately symbol are selected in symbol or figure.It is required that user's input or can be by the step of select
Such as authentication module 310 or application module 320 are performed, and are preferably performed by application module 320.Here, computer system 30 is provided
Character or figure can be included in authentication module 310 or application module 320, be preferably included in authentication module 310.Herein
Step, alternative symbol both can be user's input, provided selected from computer system again, or both groups
Close.
In step S380, at least one character or figure for being selected from the alternative symbol by user are set to recognize
Demonstrate,prove symbol.This operation can be performed by such as authentication module 310 or application module 320, preferably be performed by authentication module 310.It is described
Certification symbol can be different colours, different fonts, the numeral of different brightness, additional character, different language alphabetic character with
And figure.
In step S390, using the multiple characters or graphic hotsopt sign matrix including at least the alternative symbol, and
And the sign matrix is overlapped on the background picture and highlight a certification symbol.This step can be by for example recognizing
Card module 310 or application module 320 are performed, and are preferably performed by application module 320.Highlighting here can for example be added
Slightly, highlighted, flicker etc..
In this step, depending on the symbolic number in sign matrix can be according to different application scenarios, in sign matrix
Symbol can be repeated.In addition, the area of overlapping sign matrix on background picture can be less than or equal to the face of background picture
Product, it is preferred that the area of sign matrix is more than the area of background picture, thus a part of symbol of sign matrix is located at background
Outside picture.In certification, the part outside background picture can not be shown, only display is located at the symbol in the range of background picture
Number, thus, for example, reduce further because the risk that picture password is revealed caused by peeping.
In step S400, it is desirable to which user drags the sign matrix so that one certification symbol and the background
A characteristic point on picture is overlapped.This step can be performed by such as authentication module 310 or application module 320, preferably by answering
Performed with module 320.
In step S410, also other certification symbols being not provided with are determined whether, if also had, repeat step S390
With step S400.
In the step s 420, picture password verification process is previewed to user, it is desirable to which user completes simulation verification process, if with
Family simulation authentification failure then re-starts picture password generation, that is, returns and perform step S340 and subsequent step.If simulation is recognized
Demonstrate,prove successfully, then terminate picture password generating process.Password generation and authentication mode due to the present invention are a kind of brand-new sides
Formula, therefore, previews verification process to user, can improve the experience of user, certainly, this process is not essential, can be with other
Mode is to instruction manual verification process.Although in addition, requiring what simulation certification nor is it necessary that, authenticating step is simulated in increase
The reliability of picture password setting can be mentioned, it is ensured that the setting of user in the provisioning process without maloperation or before forgetting
Picture block, certification symbol etc..Simulation verification process may be referred to hereafter described in verification process similarly set.
Certainly, in the setting processing of each above-mentioned step, by the figure beyond certification picture, background picture, background picture
Tile, alternative symbol, certification symbol and certification symbol respectively to the final position relation of background picture with and user it is related
Unique mark associated storage is in computer system 30.Thus, it is convenient to be used in certification by the authentication module 310.
In above-mentioned picture password generation method, by certification picture segmentation, the picture block after segmentation is set to background
Picture, however, it is also possible to omit picture segmentation step, is directly set to background picture by the certification picture that user selects.It is preferred that
Picture block after segmentation is set to background picture, thus further strengthens the confidentiality of password.
Equally, can also be by pointing out the coordinate position of certification symbol to set in the picture password generation method more than
The position of set symbol matrix.
Fig. 7 shows the schematic flow sheet of the picture password authentication method according to an embodiment of the invention.Fig. 7's
Cipher authentication process can be used for Fig. 3 computer system, and may correspond to Fig. 4 picture password generating process.For example, with
, it is necessary to which user carries out cipher authentication when family needs to log in some application programs or website, it can be carried out for example, by the following manner.
Reference picture 7, in step S510, the picture password certification that authentication module 110 receives the initiation of application module 210 please
Ask, the picture password certification request includes the unique mark related to user.Authentication module 110 after certification request is received,
Need the system environments for confirming user equipment 200 whether safe.Therefore, in step S520, the safety monitoring of user equipment 200
The collection system environmental information of module 220, and send it to server 100.System environmental information is sent into server 100 can
Be big data and machine learning engine 120 are for example transmitted to by authentication module 110 or be transmitted directly to big data and
Machine learning engine 120.
Then, it is true according to the system environmental information by the big data and machine learning engine 130 in step S530
Whether the system environments for recognizing the user equipment is safe, receives picture password certification request if safety is confirmed, performs follow-up walk
Suddenly, otherwise, then picture password certification request is refused in step S540.It can inform that user system environment is uneasy during refusal certification
Entirely.Big data and machine learning engine 120 can also determine what risk is user system environment have according to system environmental information,
And user is prompted to, it can also point out user which kind of measure can be taken to improve system environments.If for example, detecting use
There is keyboard record spyware in family equipment, client can be pointed out to there is the risk that character input is recorded, and should delete corresponding soft
Part carries out antivirus processing using antivirus software.Step S520~S540 is not necessary, it is preferred that performing these steps
Suddenly, the risk that is stolen of password is set to reduce.
In the case of system environments safety, step S550 is performed, authentication module 110 is obtained in picture according to unique mark
The certification picture that password is set when generating, and plus multiple pictures formation picture group, then by picture group and corresponding figure
Piece identity is sent to application module 210.Picture identity can be picture number, picture name etc..In step S560
In, application module 210 by the picture presentation of each in picture group to user, and allow user select a picture, then, in step
The picture identity of the picture is sent to authentication module 110 in S570.
In step S580, the picture that user selects is cut into many of each self-contained multiple characteristic points by authentication module 110
After individual picture block, and multiple picture blocks and corresponding picture block identity are sent to application module 210;In step S590
In, multiple picture blocks are showed user by application module 210, and allow user to select a picture block;Then, in step S600
In, the picture block identity for the picture block that application module 210 selects user is sent to authentication module 110.Obviously, if user
Correct certification picture is have selected in step S560, then the cutting mode in S580 sets the cutting mode in stage with password
Equally.
In addition, in step S610, alternative symbol when authentication module 110 generates picture password is sent to application module
210.This step can also be carried to before such as step S550.
In step S620, the picture block that application module 210 selects user, and will at least as background picture
Character and figure formation sign matrix including the alternative symbol, show user on background picture.
In addition, the area of overlapping sign matrix on background picture can be less than or equal to the area of background picture, but
Be preferred sign matrix area be more than background picture area, thus a part of symbol of sign matrix be located at background picture it
Outside.Also, in this step S620, the part outside background picture can not be shown, only display is located at background picture scope
Interior symbol, thus, for example, reduce further because the risk that picture password is revealed caused by peeping.
In step S630, application module 210 requires user's moving symbol matrix in background picture so that close in picture
The certification symbol of user's selection is moved to same characteristic features point when picture password is generated during code generation;If the user when password is generated
Multiple certification symbols are have selected, then order when being generated according to picture password is successively to this step of the multiple certification semiology analysis
Suddenly.
In step S640, authentication module 110 determines whether user have selected correct background picture, and determines described
Whether certification symbol is moved into same position during picture password generation, if all correct, and otherwise user authentication success, is used
Family authentification failure.When it is determined that whether certification symbol is moved into same position when picture password is generated, it can set certain
Tolerance, that is to say, that as long as certification symbol is moved to former setting nearby coordinates by user, it is possible to think that being moved to original sets
Positioning is put.Ease for use can so be improved.
If user is not authenticated the segmentation of picture, but directly set certification picture when setting picture password
For background picture, then in above-mentioned picture password verification process, above-mentioned step S580 to S600 is omitted.Also, in step
In S620, the picture that application module 210 selects user is used as background picture.
In addition, in step S620, sign matrix can form predetermined different matrixes every time, or be randomly formed,
It is preferred that being randomly formed, sign matrix is different when the matrix being consequently formed is generated with picture password, and in certification, user only needs
Certification symbol (the certification symbol for selecting setting in picture password generating process by user) in sign matrix is moved to
The same position on picture when password is generated.If the certification symbol of user's selection is occurred in that in a matrix when password is generated
Two or more times, then same position on picture is i.e. when only needing to any one certification symbol being moved to password generation
Can.Two can be included because in certification, sign matrix is different when sign matrix is generated with picture password, and in matrix
Or more certification symbol, and in certification, certification symbol will not be highlighted, so, in verification process, even if someone
Whole verification process is peeped, the verification process can not be also repeated.Further, since features described above, even if to watch this repeatedly close by people
The verification process of code, it is also difficult to find its certification rule.And existing character password verification process does not obviously accomplish this point.
In step S630, user can determine whether to be moved to position when password is set by the characteristic point on background picture
Put.However, it is also possible to determine whether to be moved to correct position by the coordinate position of certification symbol, for example, for moving
While matrix, the coordinate position of the symbol of each in sign matrix is prompted to user, user's movement matrix until certification symbol
Coordinate position it is identical with the position of password generation phase untill.Position is determined by coordinate, can be accurate by certification symbol
Ground is moved to set location, simultaneously as every time certification when sign matrix it is all different, and by all symbols in sign matrix
Coordinate be all prompted to user, even if side someone peeps, it is certification symbol also not know which symbol, therefore, it is impossible to reappear
The verification process.
Moreover, this password also be difficult to by hacking technique means (such as keyboard record) steal, Brute Force.Moreover,
The picture password of the present invention is convenient to be remembered, and is also revealed in the absence of because of (password is write on paper slip) accidentally is taken care of.Therefore, this hair
Bright method for generating cipher code and cipher authentication process have the technical effect that conventional cipher is incomparable, and its security is high.
In addition, when the continuous wrong pre-determined number of the picture password certification request of same unique mark, may be set in pre-
The picture password certification request of the unique mark is not received in fixing time.For example, continuous five authentication errors, may be set in number
No longer receive the certification request of the unique mark in hour.Or, when the picture password certification request of same unique mark connects
Continuous mistake pre-determined number, then require that user otherwise verifies identity, after being verified, it is allowed to which user resets picture and recognized
Card password or the picture password certification request initiated again.Other verification identity modes can be, such as finger print identifying, on
Pass identity document certification, answer the authentication modes such as the problem of pre-setting or its combination.Or, if could be arranged to same
The certification frequency of the picture password certification request of unique mark reaches the threshold value of setting, then refuses the picture password certification request,
For example, same unique mark initiated ten picture password certification requests in three minutes, then refuse subsequent picture password and recognize
Card request.In addition, the authentication module 110 of server 100 can also use black and white lists strategy, if certification IP is in white list
Hold, then agree to continue with certification, otherwise, refuse certification.
Fig. 8 shows the schematic flow sheet of the picture password authentication method according to another embodiment of the present invention.Fig. 8's
Cipher authentication process can be used for Fig. 5 computer system 30, and may correspond to Fig. 6 picture password generating process.For example,
, can be for example, by the following manner when the operating system login of User logs in unit, mobile phone login, application software are logged in
It is authenticated.
Reference picture 8, in step S710, the picture password certification that authentication module 310 receives the initiation of application module 320 please
Ask, the picture password certification request includes the unique mark related to user.
Step S750, authentication module 310 obtains the certification picture set when picture password is generated according to unique mark, and
And plus multiple pictures formation picture group, picture group and corresponding picture identity are then sent to application module 320.
Picture identity can be picture number, picture name etc..In step S760, application module 320 is by each in picture group
Picture presentation allows user to select a picture to user, then, sends out the picture identity of the picture in step S770
Give authentication module 310.
In step S780, the picture that user selects is cut into many of each self-contained multiple characteristic points by authentication module 310
After individual picture block, and multiple picture blocks and corresponding picture block identity are sent to application module 320;In step S790
In, multiple picture blocks are showed user by application module 320, and allow user to select a picture block;Then, in step S800
In, the picture block identity for the picture block that application module 320 selects user is sent to authentication module 310.Obviously, if user
Correct certification picture is have selected in step S760, then the cutting mode in S780 sets the cutting mode in stage with password
Equally.
In addition, in step S810, alternative symbol when authentication module 310 generates picture password is sent to application module
320.This step can also be carried to before such as step S750.
In step S820, the picture block that application module 320 selects user, and will at least as background picture
Character and figure including the alternative symbol are randomly formed sign matrix, and user is showed on background picture.
In addition, the area of overlapping sign matrix on background picture can be less than or equal to the area of background picture, but
Be preferred sign matrix area be more than background picture area, thus a part of symbol of sign matrix be located at background picture it
Outside.Also, in this step S820, the part outside background picture can not be shown, only display is located at background picture scope
Interior symbol, thus, for example, reduce further because the risk that picture password is revealed caused by peeping.
In step S830, application module 320 requires user's moving symbol matrix in background picture so that close in picture
The certification symbol of user's selection is moved to same characteristic features point when picture password is generated during code generation;If the user when password is generated
Multiple certification symbols are have selected, then order when being generated according to picture password is successively to this step of the multiple certification semiology analysis
Suddenly.
In step S840, authentication module 310 determines whether user have selected correct background picture, and determines described
Whether certification symbol is moved into same position during picture password generation, if all correct, and otherwise user authentication success, is used
Family authentification failure.
If user is not authenticated the segmentation of picture, but directly set certification picture when setting picture password
For background picture, then in above-mentioned picture password verification process, above-mentioned step S780 to S800 is omitted.Also, in step
In S820, the picture that application module 320 selects user is used as background picture.
Furthermore, it is necessary to explanation, in step S820, what sign matrix was randomly formed, thus, it may be possible to and picture
Sign matrix is different when password is generated, and in certification, user is only needed to the certification symbol (picture password in sign matrix
The certification symbol set is selected by user in generating process) same position that is moved on the picture when password is generated.
If the certification symbol of user's selection occurs in that two or more times in a matrix when password is generated, only need to recognize any one
Card symbol is moved to the same position on picture when password is generated.Because in certification, sign matrix is randomly generated
, and two or more certification symbols can be included in matrix, and in certification, certification symbol will not be highlighted,
So, in verification process, even if someone peeps whole verification process, it can not also repeat the verification process.Further, since above-mentioned
Feature, even if people watch the verification process of this password repeatedly, it is also difficult to find its certification rule.And existing character password is recognized
Card process does not obviously accomplish this point.
In step S830, user can determine whether to be moved to position when password is set by the characteristic point on background picture
Put.However, as described above, can similarly determine whether to be moved to correct position by the coordinate position of certification symbol.
Moreover, this password also be difficult to by hacking technique means (such as keyboard record) steal, Brute Force.Moreover,
The picture password of the present invention is convenient to be remembered, and is also revealed in the absence of because of (password is write on paper slip) accidentally is taken care of.Therefore, this hair
Bright method for generating cipher code and cipher authentication process have the technical effect that conventional cipher is incomparable, and its security is high.
In addition, when the continuous wrong pre-determined number of the picture password certification request of same unique mark, may be set in pre-
The picture password certification request of the unique mark is not received in fixing time.For example, continuous five authentication errors, may be set in number
No longer receive the certification request of the unique mark in hour.Or, when the picture password certification request of same unique mark connects
Continuous mistake pre-determined number, then require that user otherwise verifies identity, after being verified, it is allowed to which user resets picture and recognized
Card password or the picture password certification request initiated again.Other verification identity modes can be, such as finger print identifying, on
Pass identity document certification, answer the authentication modes such as the problem of pre-setting or its combination.Or, if could be arranged to same
The certification frequency of the picture password certification request of unique mark reaches the threshold value of setting, then refuses the picture password certification request,
For example, same unique mark initiated ten picture password certification requests in three minutes, then refuse subsequent picture password and recognize
Card request.
In addition, it is contemplated that the special circumstances of colour blindness user, can first be asked the user whether to need when setting picture password
Want the special picture library of colour blindness, if it is desired, then in password generation and verification process, it is special that computer system provides the user colour blindness
Picture, character and figure.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
God is with principle, and any modification, equivalent substitution and improvements done etc. should be included within the scope of protection of the invention.
Claims (10)
1. a kind of picture password authentication method, it is characterised in that including:
Picture password certification request is received, the picture password certification request includes the unique mark related to user;
The certification picture set when picture password is generated is obtained according to the unique mark, and adds multiple picture formation figures
Piece group;
The picture that user is selected from the picture group is set to background picture;
By the character at least including the alternative symbol when picture password is generated and figure formation sign matrix, the back of the body is overlapped
On scape picture;
User is allowed to move the sign matrix on the background picture so that user's selection recognizes during the picture password generation
Card symbol is moved to desired locations during picture password generation, it is then determined that whether user have selected correct background picture, and
And determine whether the certification symbol is moved into the desired locations, and if all correct, certification success, otherwise, authentification failure.
2. picture password authentication method as claimed in claim 1, it is characterised in that be additionally included in the setting background picture it
Before, one picture that user selects is cut into multiple picture blocks;
And when setting the background picture, the picture block that user selects from the multiple picture block is set to institute
State background picture.
3. picture password authentication method as claimed in claim 1, it is characterised in that the area of the sign matrix is more than described
The area of background picture, and the part being located at outside the background picture of the sign matrix is not presented to user.
4. picture password authentication method as claimed in claim 1, it is characterised in that if when picture password is generated, Yong Huxu
The special picture library of colour blindness is wanted, then in picture password verification process, picture, character and the figure that computer system is provided are that colour blindness is special
Picture, character and figure.
5. picture password authentication method as claimed in claim 1, it is characterised in that moved in user on the background picture
During the sign matrix, coordinate position of the symbol of each in sign matrix in the background picture is not shown, and determine institute
State certification symbol whether be moved into picture password generation when desired locations when, as long as the coordinate position of the certification symbol with
The deviation of coordinate position when picture password is generated judges that the certification symbol is moved into the expectation within a predetermined range, then
Position.
6. picture password authentication method as claimed in claim 1, it is characterised in that moved in user on the background picture
During the sign matrix, coordinate position of each symbol in the background picture in display sign matrix;And it is determined that institute
State certification symbol whether be moved into picture password generation when desired locations when, judging the coordinate position of the certification symbol is
No coordinate position when being generated with picture password is identical.
7. picture password authentication method as claimed in claim 1, it is characterised in that please receiving the picture password certification
After asking, it is desirable to obtain the system environmental information of user equipment, and confirm the user equipment according to the system environmental information
Whether system environments is safe, and picture password certification request is received if safety is confirmed, otherwise, refuses picture password certification request.
8. picture password authentication method as claimed in claim 1, it is characterised in that when the picture password of same unique mark
The continuous wrong pre-determined number of certification request, then do not receive the picture password certification request of the unique mark in the given time.
9. picture password authentication method as claimed in claim 1, it is characterised in that if when password is generated user have selected it is many
Individual certification symbol, then for remaining certification symbol in the multiple certification symbol, order when being generated according to picture password according to
The secondary user's mobile sign matrix on the background picture that allows so that the certification of user's selection during the picture password generation
Symbol is moved to the desired locations when picture password is generated.
10. a kind of picture password authentication device, it is characterised in that including:
Certification request receiving module, receives picture password certification request, and the picture password certification request includes related to user
Unique mark;
Picture group formation module, the certification picture set when picture password is generated is obtained according to the unique mark, and add
Add a picture formation picture group;
Background picture setup module, background picture is set to by the picture that user selects from the picture group;
Sign matrix formation module, by the character at least including the alternative symbol when picture password is generated and figure formation symbol
Matrix, is overlapped on the background picture;
Picture password authentication module, allows user to move the sign matrix on the background picture so that the picture password
The certification symbol that user selects during generation is moved to desired locations during picture password generation, it is then determined that whether user have selected
Correct background picture, and determine whether the certification symbol is moved into the desired locations, if all correct, certification into
Work(, otherwise, authentification failure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710345986.XA CN106997432A (en) | 2017-05-17 | 2017-05-17 | Picture password authentication method and picture password authentication device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710345986.XA CN106997432A (en) | 2017-05-17 | 2017-05-17 | Picture password authentication method and picture password authentication device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106997432A true CN106997432A (en) | 2017-08-01 |
Family
ID=59435029
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710345986.XA Pending CN106997432A (en) | 2017-05-17 | 2017-05-17 | Picture password authentication method and picture password authentication device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106997432A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107577933A (en) * | 2017-08-22 | 2018-01-12 | 广东欧珀移动通信有限公司 | Using login method and device, computer equipment, computer-readable recording medium |
| CN109145569A (en) * | 2018-07-20 | 2019-01-04 | 厦门大学嘉庚学院 | A kind of password generation system and method based on slice figure |
| CN109274719A (en) * | 2018-08-23 | 2019-01-25 | 深圳点猫科技有限公司 | A kind of picture breaker point continuous transmission method and electronic equipment based on educational system |
| CN113421087A (en) * | 2018-06-12 | 2021-09-21 | 创新先进技术有限公司 | Payment processing method and device and server |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101183463A (en) * | 2007-12-19 | 2008-05-21 | 腾讯科技(深圳)有限公司 | Picture validation code generating method and device |
| CN101901312A (en) * | 2009-05-27 | 2010-12-01 | 鸿富锦精密工业(深圳)有限公司 | Password protection method |
| CN103310146A (en) * | 2012-03-15 | 2013-09-18 | 宇龙计算机通信科技(深圳)有限公司 | Picture password protection method and terminal |
-
2017
- 2017-05-17 CN CN201710345986.XA patent/CN106997432A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101183463A (en) * | 2007-12-19 | 2008-05-21 | 腾讯科技(深圳)有限公司 | Picture validation code generating method and device |
| CN101901312A (en) * | 2009-05-27 | 2010-12-01 | 鸿富锦精密工业(深圳)有限公司 | Password protection method |
| CN103310146A (en) * | 2012-03-15 | 2013-09-18 | 宇龙计算机通信科技(深圳)有限公司 | Picture password protection method and terminal |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107577933A (en) * | 2017-08-22 | 2018-01-12 | 广东欧珀移动通信有限公司 | Using login method and device, computer equipment, computer-readable recording medium |
| CN107577933B (en) * | 2017-08-22 | 2020-01-10 | Oppo广东移动通信有限公司 | Application login method and device, computer equipment and computer readable storage medium |
| CN113421087A (en) * | 2018-06-12 | 2021-09-21 | 创新先进技术有限公司 | Payment processing method and device and server |
| CN109145569A (en) * | 2018-07-20 | 2019-01-04 | 厦门大学嘉庚学院 | A kind of password generation system and method based on slice figure |
| CN109145569B (en) * | 2018-07-20 | 2022-05-06 | 厦门大学嘉庚学院 | Password generation system and method based on slice graph |
| CN109274719A (en) * | 2018-08-23 | 2019-01-25 | 深圳点猫科技有限公司 | A kind of picture breaker point continuous transmission method and electronic equipment based on educational system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9032498B1 (en) | Method for changing authentication for a legacy access interface | |
| CN104065621B (en) | A kind of auth method of third party's service, client and system | |
| US9185096B2 (en) | Identity verification | |
| US10848304B2 (en) | Public-private key pair protected password manager | |
| US20160205098A1 (en) | Identity verifying method, apparatus and system, and related devices | |
| US20130023240A1 (en) | System and method for transaction security responsive to a signed authentication | |
| US20170085561A1 (en) | Key storage device and method for using same | |
| JP2007525767A (en) | User authentication | |
| KR101383761B1 (en) | User authentication system and method thereof | |
| US9258123B2 (en) | Multi-layered color-sensitive passwords | |
| US11496462B2 (en) | Secure multifactor authentication with push authentication | |
| CN106997432A (en) | Picture password authentication method and picture password authentication device | |
| WO2015032281A1 (en) | Method and system for generating and processing challenge-response tests | |
| US20110185174A1 (en) | System and Method for Providing a One-Time Key for Identification | |
| CN111143812B (en) | Login authentication method based on graphics | |
| Khedr | Improved keylogging and shoulder-surfing resistant visual two-factor authentication protocol | |
| KR101027228B1 (en) | User-authentication apparatus for internet security, user-authentication method for internet security, and recorded medium recording the same | |
| CN109075972B (en) | System and method for password anti-theft authentication and encryption | |
| CN107169341A (en) | Picture password generation method and picture password generating means | |
| TW201738793A (en) | High-safety user multi-authentication system and method | |
| KR101850929B1 (en) | Authentication system using location information and th method thereof | |
| JP2007065789A (en) | Authentication system and method | |
| KR20080109580A (en) | Server certification system and method thereof | |
| JP2006302116A (en) | Authentication system, authentication server, terminal device, authentication method and program | |
| WO2016055835A1 (en) | Graphical passwords system and a method for authenticating a user of a computer system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170801 |
|
| RJ01 | Rejection of invention patent application after publication |