The application is to be to submit on December 12nd, 2013 applying date application No. is 201310671803.5, entitled
The divisional application of Chinese invention patent application based on the synchronous cryptographic system of Internet of Things.
Specific embodiment
In embodiments of the present invention, management information system presets the corresponding relationship of user and user password, Yi Jijian
Corresponding relationship, object security code and the object of vertical user password and object security code protect the corresponding relationship of equipment;In this way, system can be by object
In conjunction with Internet of Things corresponding to step coding submit to user object protect equipment, by user using object security code by Internet of Things coding mapping at
Modification logging.The embodiment of the invention also includes system is same with Internet of Things according to user, object guarantor equipment, modification logging, user password etc.
Corresponding relationship between step closes to identify user identity and tracking illegal user according to modification logging and the corresponding of Internet of Things synchronization
System, the user password corresponding relationship synchronous with Internet of Things are come the anti-repudiation relationship established between user and system.According to the correspondence
Relationship, system establish one time between reliable modification logging and system between cryptographic relationship and user password and system
Two-pass cipher relationship.
Shown in Figure 1, the method for the embodiment of the present invention comprises the steps of:
Step 11, user has code and corresponding account, password and equipment of uniqueness etc..
Specific implementation process is as follows:
When user opens an account, system invests one group of unique code of every user, the code can store in card or other set
In standby.User selects user password and object security code and is stored in the account of system foundation, and user's selection and binding object guarantor set
It is standby.
Step 12, the management information system of the embodiment of the present invention, the corresponding relationship established between user and user password are used
Corresponding relationship between family password and object security code, and establish the corresponding relationship between object security code and object guarantor's equipment.
Firstly, system establishes the first corresponding relationship of user and user password, user password and object security code are then established
The second corresponding relationship.Object protects the equipment that equipment inclusion is protected module and selected by system intialization in user, and such as mobile device is put down
Plate or portable or desktop computer, USB device, card-type device etc., system are established object accordingly and are protected between equipment and object security code
Third corresponding relationship.
Step 13, according to the Internet of Things corresponding relationship generation between user and system in conjunction with step.
Specific implementation process, can be as follows:
Firstly, we are by the terminal of 1. personal code work card insertion system, for example, ATM machine, POS machine, sales counter front end machine etc.;Or
It is that 2. user passes through system terminal input code or password;Either, 3. the processes such as network platform of user's login system claim
For landfall process.User's code related with landfall process and card, password, equipment etc. be known as user or user terminal, system with
The related terminal of landfall process, post, equipment, platform etc. are known as system or system terminal, and system is according to user's login system
Internet of Things corresponding relationship in the process, it is synchronous to establish the Internet of Things between user and system, including between user and system terminal
First Internet of Things are synchronous, the second Internet of Things between modification logging and system terminal are synchronous, the between user password and system terminal
Three Internet of Things are synchronous.
Step 14, user by Internet of Things synchronization map at modification logging, and submission system.
Realization process includes but is not limited to, firstly, system is according between user and system terminal when user's login system
Internet of Things corresponding relationship, the first Internet of Things established between user and system terminal are synchronous;Then, the first Internet of Things are synchronized and are compiled by system
Code encodes A at Internet of Things, and the object for being sent to user protects equipment.
The first Internet of Things that object guarantor's equipment of user receives system transmission synchronize corresponding Internet of Things coding A, use object security code A
Internet of Things coding A is mapped to modification logging A, then modification logging A is submitted to by system by system terminal by user.
System terminal is sent to system after receiving the modification logging A that user submits;System is according to modification logging A and system
Internet of Things corresponding relationship between terminal, it is synchronous come the second Internet of Things for establishing between modification logging A and system terminal.System mentions respectively
Take the first Internet of Things synchronize in element related with user and the second Internet of Things it is synchronous in the first verifying of element related with system construction
Internet of Things are synchronous;Then, system synchronizes corresponding personal code work according to the first Internet of Things and obtains corresponding object security code B, reuses
First verifying Internet of Things are synchronized corresponding Internet of Things coding B and are mapped to modification logging B by the object security code B;And if only if logging in
When password A is equal to modification logging B, the Internet of Things established between this user, modification logging A and system synchronize corresponding establishment, object
The third corresponding relationship protected between equipment and object security code is verified, between modification logging A and system a cryptographic relationship
It sets up.
Step 15, user submits user password to system.
Realization process includes but is not limited to that after the modification logging that user submits obtains system verifying, system terminal allows simultaneously
Receive user and submits user password.
User submits user password A by system terminal, and user password A is sent to system by system terminal;System according to
Internet of Things corresponding relationship between user password A and system terminal, come the third object established between user password A and system terminal
In conjunction with step.Firstly, system extract respectively the first Internet of Things synchronize in element related with user, the second Internet of Things it is synchronous in set with object guarantor
Standby related element is synchronous in conjunction with the second verifying Internet of Things of element related with system in step construction with third object one;Then, system
Corresponding personal code work is synchronized according to the first Internet of Things and obtains corresponding object security code C, reuses the object security code C for second
Verifying Internet of Things synchronize corresponding Internet of Things coding C and are mapped to modification logging C;And if only if modification logging C is equal to modification logging A
When, the first Internet of Things are obtained further according to the corresponding relationship and synchronize corresponding personal code work, and are used according to the first corresponding relationship
User password B corresponding to the code of family;And if only if when user password A is equal to user password B, between user and user password
The first corresponding relationship be verified, two-pass cipher relationship between user password A and system is set up.
The embodiment of the present invention is described in further detail with reference to the accompanying drawings of the specification.
The embodiment of the present invention is one of synchronous with Internet of Things, i.e., user logs in bank management information system by ATM in bank
System carries out for account operation, wherein personal code work is stored in card, and user selects mobile phone to protect equipment as object.Reference Fig. 2,
Process is protected based on the synchronous object of Internet of Things for the embodiment of the present invention, it is specific to execute shown in steps are as follows:
Step 201, in the MIS in the bank of the embodiment of the present invention, the code of every user all existence anduniquess passes through
The data of filing of user can be inquired or be verified to this code, account information, account's flowing water, user password, object security code, object guarantor set
It is standby, Internet of Things are synchronous, modification logging etc., and these user informations have corresponding information coding.In the process of user's login system
In, user's related code synchronous with Internet of Things and card, password, terminal, equipment, platform, time and address etc. have corresponding letter
Breath coding.
Step 202, the MIS in the bank of the embodiment of the present invention is established corresponding database for every user, is used
In storage user information, Internet of Things it is synchronous and its between corresponding relationship.During user's login system, system is same with Internet of Things
Walking related terminal, equipment, platform, time and address etc. also has corresponding information coding.
Step 203, according to the Internet of Things process of user's login system, the Internet of Things established between user and system are synchronous.
During the Internet of Things of user's login system of the embodiment of the present invention, system establish 1. personal code work card and ATM machine it
Between the first Internet of Things it is synchronous;2. the second Internet of Things between modification logging and ATM machine are synchronous;3. between user password and ATM machine
Third Internet of Things are synchronous.
Sub-step 211 establishes the Internet of Things relationship of user and landfall process.
It is assumed that personal code work is 4,367 4,238 1,313 0,497 633, user is at the plug-in card time embodiment of the present invention
2013 0820 0928 57;Then, system uses personal code work and user's plug-in card time, logs in ATM machine to establish the user
Internet of Things relationship.
Sub-step 221 establishes the Internet of Things relationship of system and landfall process.
The embodiment of the present invention is it is further assumed that the ATM machine code that logs in of user's plug-in card is 8,600 7551, ATM machine address
Code be 610,041 02 08, ATM machine receive user's plug-in card time be 2,013 0,820 092857;Then, system uses ATM machine generation
Code, ATM machine address code and ATM machine receive user's plug-in card time, to establish the Internet of Things relationship of system and landfall process.
Step 204, the Internet of Things for needing object to protect are obtained and synchronize corresponding Internet of Things coding.
User logs in banking system by ATM machine using personal code work card, and system is according between personal code work card and ATM machine
Internet of Things relationship to establish the first Internet of Things synchronous.Wherein, personal code work uses 19 decimal codeds;ATM machine code uses 8
Decimal coded;The Internet of Things time uses 14 decimal codeds of date Hour Minute Second;Station address is identical as ATM machine address,
Its code is made of 6 line number+2 of postcode+2 codings, for example, ATM machine address:Sichuan Chengdu Renminnan Road four sections No. 21
Postcode be 610041, Construction Bank's line number be 02, which is encoded to 08;According to above-mentioned corresponding relationship, system obtain user with
The first Internet of Things between ATM machine synchronize corresponding Internet of Things coding, specific as follows:
Personal code work:4367 4238 1313 0497 633
Station address:610041 02 08
The Internet of Things time:2013 0820 0928 57
ATM machine code:8600 7551
ATM machine address:610041 02 08
Sub-step 222, system establish user's corresponding relationship synchronous with the first Internet of Things.
System extracts personal code work when user's login system, for example, the personal code work of the embodiment of the present invention is assumed to be
4367 4,238 1,313 0,497 633, and the personal code work corresponding relationship synchronous with the first Internet of Things is established accordingly.
Sub-step 212, user setting object security code.
User selects one group of number as object security code and saves in systems.Present embodiment assumes that object security code is
100757。
Sub-step 213, user's candidate protect equipment.
System intialization simultaneously binds object guarantor's module in object guarantor's equipment that user selects, and each object, which protects module, corresponding generation
Code.In the present embodiment, user selects mobile phone to protect equipment as object;It is assumed that user mobile phone identification code is
357683002201996, it is 02 028 00870219 that object, which protects block code,.
Step 205, user synchronizes corresponding Internet of Things according to the first Internet of Things and encodes, and mapping generates modification logging, and passes through
ATM machine window submits to system.
The generation of modification logging includes but is not limited to following manner:
In the embodiment of the present invention, modification logging is made of 6 decimal numbers, by user using object guarantor's module and in object security code
The lower mapping of control generates;Wherein, object security code is made of 6 decimal numbers, presets and be stored in system, example for user
Such as, 100757.System intialization protects module coding in the object that the object of user is protected in equipment ,+area code+can be set by Routing Number
Standby serial number forms, for example, 02 028 00870219.Object, which protects module, can use one-way function algorithm, for convenience of description, this reality
It applies an object and protects module using the MD5 algorithm of one-way Hash algorithm, and generate modification logging using mapping ruler and coding rule.
Coding rule can be to be formed to by the obtained mapping digital combination of mapping ruler, for example, first that mapping is the digital position 1-8
After 9-16 step-by-step exclusive or, take respectively first 1 and 2, it is 8 and 9 intermediate, rear 15 and 16 bit mapping it is digital, then it is pressed respectively
10 remainder of mould:
Mapping ruler:MD5 (MD5 (MD5 ((Internet of Things coding)+object protects module)+object security code))
Internet of Things coding:4367 4238 1313 0495 633
610041 02 08
2013 0820 0928 57
8600 7551
610041 02 08
Object protects module:02 028 00870219
Object security code:10 07 57
Mapping is digital:3MUaidRJEDpIfjxD
Modification logging:37 49 08
Sub-step 223, it is synchronous that system according to the Internet of Things relationship between modification logging and ATM machine establishes the second Internet of Things.
Personal code work:4367 4238 1313 0495 633
Modification logging:37 49 08
Station address:610041 02 08
The Internet of Things time:2013 0820 0929 36
ATM machine code:8600 7551
ATM machine address:610041 02 08
Sub-step 214 establishes the corresponding relationship of user and user password.
User selects one group of number as user password and saves in systems, present embodiment assumes that, the use of user's selection
Family password is 680820, and system establishes the corresponding relationship with user password according to personal code work.
Step 206, user password is submitted to system by ATM machine window by user.
After ATM machine receives the user password of user's submission, system is sent jointly to together with ATM machine element.
Sub-step 224, it is synchronous that system according to the Internet of Things relationship between user password and ATM machine establishes third Internet of Things.
Personal code work:4367 4238 1313 0495 633
User password:68 08 20
Station address:610041 02 08
The Internet of Things time:2013 0820 0930 19
ATM machine code:8600 7551
ATM machine address:610041 02 08
The embodiment of the present invention includes system is synchronous according to the Internet of Things between user and system and object is protected to identify user identity and chase after
Track user information, referring to Fig. 3, detailed process is as follows:
Step 301, when user establishes account, system distributes to the unique personal code work of the user, and establishes the personal code work pair
User password, object security code and the object answered protect equipment;It is specific as follows:
Personal code work:4367 4238 1313 0495 633
User password:68 08 20
Object security code:10 07 57
Object protects equipment:357683002201996
Step 302, system intialization object is protected module and is protected in equipment in the object of user, and it is close with user further to establish personal code work
Code, user password and object security code, object security code and object protect the corresponding relationship between module;It is as follows that object protects block code:
Object protects module:02 028 00870219
Step 303, user's login system:System is according to the Internet of Things corresponding relationship between user and system terminal, to establish first
Internet of Things are synchronous.
Sub-step 311, system establish user's corresponding Internet of Things relationship synchronous with the first Internet of Things according to step 303.
Personal code work:4367 4238 1313 0495 633
Station address:610041 02 08
The plug-in card time:2013 0820 0928 57
Sub-step 321, system establish system terminal corresponding Internet of Things relationship synchronous with the first Internet of Things according to step 303.
ATM machine code:8600 7551
ATM machine address:610041 02 08
Step 304, user inputs modification logging by ATM machine window;System is according to the object between modification logging and system terminal
Join corresponding relationship, it is synchronous to establish the second Internet of Things.
As follows, corresponding code is synchronized for the second Internet of Things:
Modification logging:37 49 08
Station address:610041 02 08
The Internet of Things time:2013 0820 0929 36
ATM machine code:8600 7551
ATM machine address:610041 02 08
Sub-step 312, system is protected according to Internet of Things information and object, come the anti-repudiation relationship established between user and system.
1. the Internet of Things information of user's confirmation:The object that Internet of Things information is shown in user is protected in equipment, after needing user to verify really
Recognize.
Personal code work:4367 4238 1313 0495 633
Address name:* vibration is peaceful
Station address:Sichuan Chengdu Renminnan Road four sections No. 21
The plug-in card time:2013 0820 0928 57
ATM machine code:8600 7551
ATM machine address:Sichuan Chengdu Renminnan Road four sections No. 21
2. object breath information-preserving corresponding to the modification logging that user generates:User carries out object to object breath information-preserving using object security code and protects label
Name.
Personal code work:4367 4238 1313 0495 633
Address name:* vibration is peaceful
User mobile phone:357683002201996
Object protects module:02 028 00870219
Object protects the time:2013 0820 0929 66
Object security code:10 07 57
Station address:610041 02 08
The plug-in card time:2013 0820 0928 57
ATM machine code:8600 7551
ATM machine address:610041 02 08
Sub-step 322, system protect to identify user identity according to modification logging and object.
1. the first Internet of Things synchronize element:
Personal code work:4367 4238 1313 0495 633
Address name:* vibration is peaceful
ATM machine code:8600 7551
2. the second Internet of Things synchronize element:
The plug-in card time:2013 0820 0928 57
ATM machine address:610041 02 08
3. system extracts the synchronous element of the first Internet of Things element synchronous with the second Internet of Things respectively and carries out the verifying that object protects signature.
Step 305, user inputs user password by ATM machine window;System is according between user password and system terminal
Internet of Things corresponding relationship, it is synchronous to establish third Internet of Things.
As follows, corresponding code is synchronized for third Internet of Things:
User password:68 08 20
Station address:610041 02 08
The Internet of Things time:2013 0820 0930 19;
ATM machine code:8600 7551
ATM machine address:610041 02 08
Sub-step 323, system protect to identify user identity according to user password and object.
1. the first Internet of Things synchronize element:
Personal code work:4367 4238 1313 0495 633
Address name:* vibration is peaceful
ATM machine code:8600 7551
2. the second Internet of Things synchronize element:
The plug-in card time:2013 0820 0928 57
ATM machine address:610041 02 08
3. system verifies the synchronous element of third Internet of Things according to the synchronous element of the first Internet of Things element synchronous with the second Internet of Things.
Sub-step 313, user use user password and object security code, and by confirmation object it is information-preserving breath come establish with system it
Between relation of trust.
The above method can construct a kind of device of two-pass cipher synchronous based on Internet of Things according to the present invention, referring to Fig. 4,
Device of the embodiment of the present invention based on the synchronous two-pass cipher of Internet of Things include:Memory module 451, Internet of Things module 452, object protect mould
Block 453.
Memory module 451 protects module 453 with Internet of Things module 452 and object respectively and is connected, for saving:1. user information and
Between corresponding relationship;2. the Internet of Things between user and system are synchronous;3. user synchronizes relevant code to Internet of Things, password, sets
It is standby etc.;4. system synchronizes relevant terminal, post, equipment and platform etc. to Internet of Things.
Internet of Things module 452 is connected with memory module 451, for generating during user's login system;1. user with
Internet of Things between system are synchronous;2. the Internet of Things between modification logging and system are synchronous;3. the Internet of Things between user password and system
It is synchronous.
Object protects module 453, is connected with memory module 451,1. for Internet of Things to be synchronized to corresponding code, by coding rule
It is encoded into Internet of Things coding;2. for Internet of Things coding mapping to be generated modification logging.
Device described in the embodiment of the present invention also includes:Identification module 461, tracing module 462 and authentication module 463.
Identification module 461 is connected with memory module 451, for identifying user's body according to Internet of Things synchronization and object breath information-preserving
Part:1. identifying the user identity of modification logging;2. identifying the user identity of user password.
Tracing module 462 is connected with identification module 461 and memory module 451, for what is saved according to memory module 451
User and the system corresponding relationship synchronous with Internet of Things, during tracking user's login system:1. code related to user, close
Code, equipment, address and time etc.;2. terminal system-related, equipment, platform, address and time etc..
Authentication module 463 is connected with identification module 461 and memory module 451, for 1. according between user and system
Internet of Things are synchronous, Internet of Things between modification logging and system synchronize verify modification logging;2. according to the object between user and system
Internet of Things in conjunction with the Internet of Things between step, modification logging and system between synchronous, user password and system synchronize close to verify user
Code.
Device described in the embodiment of the present invention, wherein memory module 451 further includes the first memory module, the second storage mould
Block, third memory module, the 4th memory module, the 5th memory module, the 6th memory module and the 7th memory module:
First memory module, for saving the first corresponding relationship between personal code work and user password;
Second memory module, for saving the second corresponding relationship between user password and object security code;
Third memory module, for saving the third corresponding relationship between object security code and object guarantor's module;
4th memory module, for save object protect module it is synchronous with Internet of Things between the 4th corresponding relationship;
5th memory module, it is synchronous for saving the first Internet of Things between user and system;
6th memory module, it is synchronous for saving the second Internet of Things between modification logging and system;
7th memory module, it is synchronous for saving the third Internet of Things between user password and system.
Device described in the embodiment of the present invention, wherein object protects module 452 and also includes:
First extraction module, for extract the first Internet of Things synchronize in code;
Second extraction module, for extract the second Internet of Things synchronize in code;
Third extraction module, for extract third Internet of Things synchronize in code.
Device described in the embodiment of the present invention, wherein object is protected module 453 and further included:
The coding method of code is arranged in coding rule, system;
Internet of Things are synchronized corresponding code coding according to coding rule and encoded at Internet of Things by coding module;
The object that Internet of Things synchronization or Internet of Things coding are sent to user is protected equipment by sending module, system;
Receiving module, user protect Internet of Things transmitted by equipment reception system using object and encode;
Mapping block, user is using object security code by Internet of Things coding mapping at modification logging.
Anti-repudiation module, for system to send Internet of Things coding in plain text, it is synchronous that user checks Internet of Things accordingly:1. confirm, user
Module mapping, which is protected, using object generates this modification logging;Or it is re-mapped comprising digital signature and generates this modification logging;2. negating
When, user protects module using object and submits refusal information to system;Or stop this logon operation.
Device described in the embodiment of the present invention, wherein memory module 451 further includes:
The close guarantor's module of password, 1. system carries out cryptoguard to user password using one-way hash function, so that user password exists
It is ciphertext always under storage state;2. system carries out object security code using user password ciphertext as key or part of key close
Code protection.
Password authentication module, the user password progress hash operations that system input user using one-way hash function at
Family cryptographic secret, then the user password ciphertext is compared with the user password ciphertext of storage.