CN1324038A - Enciphering and deciphering method via telephone and IC card - Google Patents
Enciphering and deciphering method via telephone and IC card Download PDFInfo
- Publication number
- CN1324038A CN1324038A CN 00115660 CN00115660A CN1324038A CN 1324038 A CN1324038 A CN 1324038A CN 00115660 CN00115660 CN 00115660 CN 00115660 A CN00115660 A CN 00115660A CN 1324038 A CN1324038 A CN 1324038A
- Authority
- CN
- China
- Prior art keywords
- card
- password
- computer
- encrypt
- decrypt
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
A enciphering and deciphering method with telephone and IC card adds cipher code on the user's computer which can make remote (or local) identificatino of the user's status. The special content stored in IC card will be read out by the server when the remote (or local) communication is carrying on and the content read out will be compared with the special content stored in the server to identify the user's status in remote (or local) for reaching the aim of identification by the hardware. In addition, it also can be made by adding encipherment on the software of the network and then down loading it to prevent from capture by the illegal user.
Description
The present invention is a kind of method of encrypt and decrypt, particularly a kind of method of carrying out encrypt and decrypt by computer and IC-card.
Continuous development along with network technology, the information of server end (Server) and client (Client) transmits frequent day by day, but the information of not all server end all is (for example the developing some teaching softwares that are placed on the website voluntarily by manufacturer) that gratuitously provides, server end has only the effective client hardware of identification, just can provide some service, therefore it is lower to press for cost, and level of encryption is higher, the method for handled easily.
Tradition pure software encryption method is oolhiu interactive user identification (Interactive identification) method, its objective is that long-range (or short range) differentiate user's identity.The method can be with solving some important problem, for example be used for controlling and managing the employee come in and go out buildings, user in order to remote computer is done access control, computer can with its to the server on the network do access control, can be in order to as " enemy and we's identification " and traditional user's recognition methods, i.e. pass code or password (Password) etc. on military.
Because the mankind are slow to remember random number, therefore all be to select for use sentence short, easily note usually, so when user's long-range (or short range) login input pass code, because of the password limited bits as password, and deciphered by the people easily in the upload procedure, and then opportunity is arranged to the assailant.
In addition; if the verifier directly passed in password, also will threaten to the confidentiality of password, because the user must share a common secret with the verifier in advance; and the verifier must be protected the secret of sharing, so the difficulty on its technology being arranged on carrying out and maintaining secrecy.
So in known technology, often use a kind of oolhiu interactive user recognition methods that does not need both sides to share secret in advance, but must have a so-called key signature center (Key Authentication Center; KAC) be in charge of all users.Therefore every user must be to the registration of key signature center, and the legal user who has only registration to finish could use these methods to discern, and in identifying, key signature center need not to get involved.
And sign in the encryption method at center by key now, utilizing IC-card is a desirable selection.Because with low cost, add density height, technology difficulty degree of reading and also more easily grasp.And the general IC phonecard that uses, IC electricity charge card, IC bank card etc. have not all been heard by counterfeit situation, this shows that it adds the height of density.
In view of the foregoing invention background, the present invention utilizes computer and IC-card to mutually combine, and also is about to user's computer and adds password, reaches hardware and does the knowledge purpose, simultaneously also to software cryptography on the website.
Method proposed by the invention is when client is served by the access to netwoks web site requests, and at the IC-card that server end is visited the user earlier, relatively whether the content of " password " is correct, if not right, for illegal user would refuse request.
In addition, if really there is illegal user to make identical password, as long as on the website, find there are two (or more than) when identical password is surfed the Net at the same time, then also can not allow request.
Therefore, of the present inventionly carry out the method for encrypt and decrypt by computer and IC-card, this method comprises the following step at least:
The user end to server end sends services request;
Produce a private cipher key at this server end, and transmit public-key cryptography to this client;
Utilize the disclosure key that this IC-card password encryption is formed ciphertext blocks;
Utilize this private cipher key that this ciphertext blocks deciphering is obtained password 1;
Read the password 2 in the server end database:
Confirm that this password 1 is identical with this password 2;
Respond this services request at this server end;
Produce a data encryption standards password in this client;
Utilize this private cipher key to solve this data encryption standards password at this server end;
Utilize this data encryption standards password to use and pass to this client after downloaded software is encrypted; And
Utilize this data encryption standards password should use the downloaded software deciphering, obtain this application downloaded software.
Relevant detailed content of the present invention and technology, conjunction with figs. is described as follows:
Fig. 1 is a hardware connection layout of the present invention;
Fig. 2 is the process flow diagram of the first embodiment of the present invention; And
Fig. 3 is the process flow diagram of the second embodiment of the present invention.
Computer applications is combined with the IC-card technology, just user's computer is added password, to reach the purpose of long-range (or short range) user identification.Wherein in IC-card, stored certain content, when carrying out long-range (or short range) communication, server is by separating the certain content of reading in the IC-card in confidence, and compare with certain content that server is preserved, user's status that promptly can authenticating remote (or short range), to reach the purpose of hardware identification, download again after also can encrypting simultaneously to the software on the website, prevent illegal user's intercepting.
According to method of carrying out encrypt and decrypt by computer and IC-card provided by the present invention, its hardware line as shown in Figure 1, IC-card 101 is inserted in the IC-card read-write equipment 102, do with computer 104 by RS232 interface 103 and to be connected, make between IC-card 101 and the computer 104 and can carry out the identification and the transmission of data effectively.
Fig. 2 is the process flow diagram of the first embodiment of the present invention, and at first client 201 is sent services request to server end 202, produces a private cipher key at server end 202, and transmits public-key cryptography (step 203); Read IC-card password (step 206) this moment from IC-card 205 after client 201 is received the disclosure key (step 204), and encrypt formation ciphertext blocks (step 207); And utilize private cipher key that this ciphertext blocks deciphering is obtained password 1 (step 208), then will read the password 2 (step 209) in the server database, whether password comparison 1 and password 2 identical (step 210), if inequality, then be illegal user, refusal request (step 211); If comparative result is identical, then be legal user, allow request (step 212).
In step 207, after encrypting the formation ciphertext blocks, produce data encryption standards (Data EncryptionStandard, DES) password (step 213), this DES password is a block enciphered method, that is a certain size Plaintext block or ciphertext blocks are done the work of encrypting or deciphering.Utilize public key encryption DES password, and send server end (step 214) to; This moment is at server end 202, utilize private cipher key to solve DES password (step 215), to use with the DES password and pass to client (step 216) after downloaded software is encrypted, this moment, the user can utilize the DES password with software decryption, the downloaded software that is applied (step 217).
The process flow diagram of the second embodiment of the present invention as shown in Figure 3, similarly client 301 is sent services request to server end 302, produce random number (step 303) at server end 202, then receive and transmit random number (step 304) in client 301, by IC-card 305 actuating logic computings (step 306), and obtaining result 3 (step 307), client 301 reads and is sent to server end 202 (step 308) with result 3 again; When server end (Server) 202 produces a random number (step 303), carry out logical operation (step 3D9); And obtain result 4 (step 310); Then comparative result 3 and result 4 whether identical (step 311), if inequality, then be illegal user, refusal is asked (step 312); If identical, then be legal user, allow request (step 313).In addition, when password 3 that (or more than) is identical if find there are two or password 4 are surfed the Net at the same time, then also can not allow request.
Though the present invention discloses as above with aforesaid preferred embodiment; right its is not in order to limiting the present invention, anyly has the knack of this technical field person, without departing from the spirit and scope of the present invention; when can doing a little change and retouching, so protection scope of the present invention is as the criterion when looking the appended claim book.
Claims (10)
1. one kind is carried out the method for encrypt and decrypt by computer and IC-card, and this method comprises the following step at least:
The user end to server end sends services request;
Produce a private cipher key at this server end, and transmit public-key cryptography to this client;
Utilize the disclosure key that this IC-card password encryption is formed ciphertext blocks;
Utilize this private cipher key that this ciphertext blocks deciphering is obtained password 1;
Read the password 2 in the server end database:
Confirm that this password 1 is identical with this password 2;
Respond this services request at this server end;
Produce a data encryption standards password in this client;
Utilize this private cipher key to solve this data encryption standards password at this server end;
Utilize this data encryption standards password to use and pass to this client after downloaded software is encrypted; And
Utilize this data encryption standards password should use the downloaded software deciphering, obtain this application downloaded software.
2. as claimed in claim 1ly carry out the method for encrypt and decrypt, it is characterized in that above-mentioned IC-card is to be coupled in the IC-card read-write equipment by computer and IC-card.
3. as claimed in claim 2ly carry out the method for encrypt and decrypt, it is characterized in that above-mentioned IC-card read-write equipment is done with this client computer by the RS232 interface and is connected by computer and IC-card.
4. as claimed in claim 1ly carry out the method for encrypt and decrypt, it is characterized in that above-mentioned data encryption standards is that a block is encrypted algorithm by computer and IC-card.
5. as claimed in claim 1ly carry out the method for encrypt and decrypt, it is characterized in that, also comprise by computer and IC-card: when finding a plurality of password 1, the step of refusal request.
6. as claimed in claim 1ly carry out the method for encrypt and decrypt, it is characterized in that above-mentioned finishing before this server end is responded the step of this services request can also be finished in following recognition methods by computer and IC-card:
This client is sent this services request to this server end;
Produce a random number at this server end;
This client is received and is transmitted this random number to this IC-card;
Nationality is by this IC-card actuating logic computing, and obtains result 3;
This client reads and transmits this result 3 to this server end;
Should select and compile computing by this client executing, and obtain result 4; And
Confirm that this password 3 is identical with this password 4.
7. as claimed in claim 6ly carry out the method for encrypt and decrypt, it is characterized in that above-mentioned IC-card is coupled in the IC-card read-write equipment by computer and IC-card.
8. as claimed in claim 7ly carry out the method for encrypt and decrypt, it is characterized in that above-mentioned IC-card read-write equipment is done with these client's 4 computers by the RS232 interface and is connected by computer and IC-card.
9. as claimed in claim 6ly carry out the method for encrypt and decrypt by computer and IC-card, its feature in, also comprise: when finding a plurality of password 3, the step of refusal request.
10. as claimed in claim 6ly carry out the method for encrypt and decrypt, it is characterized in that, also comprise by computer and IC-card: when finding a plurality of password 4, the step of refusal request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 00115660 CN1122930C (en) | 2000-05-11 | 2000-05-11 | Enciphering and deciphering method via telephone and IC card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 00115660 CN1122930C (en) | 2000-05-11 | 2000-05-11 | Enciphering and deciphering method via telephone and IC card |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1324038A true CN1324038A (en) | 2001-11-28 |
| CN1122930C CN1122930C (en) | 2003-10-01 |
Family
ID=4585104
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 00115660 Expired - Fee Related CN1122930C (en) | 2000-05-11 | 2000-05-11 | Enciphering and deciphering method via telephone and IC card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1122930C (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1310464C (en) * | 2002-09-24 | 2007-04-11 | 黎明网络有限公司 | Method for safe data transmission based on public cipher key architecture and apparatus thereof |
| CN100514906C (en) * | 2004-01-09 | 2009-07-15 | 索尼株式会社 | Information processing system |
| CN101340436B (en) * | 2008-08-14 | 2011-05-11 | 普天信息技术研究院有限公司 | Method and apparatus implementing remote access control based on portable memory apparatus |
-
2000
- 2000-05-11 CN CN 00115660 patent/CN1122930C/en not_active Expired - Fee Related
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1310464C (en) * | 2002-09-24 | 2007-04-11 | 黎明网络有限公司 | Method for safe data transmission based on public cipher key architecture and apparatus thereof |
| CN100514906C (en) * | 2004-01-09 | 2009-07-15 | 索尼株式会社 | Information processing system |
| CN101340436B (en) * | 2008-08-14 | 2011-05-11 | 普天信息技术研究院有限公司 | Method and apparatus implementing remote access control based on portable memory apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1122930C (en) | 2003-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5935248A (en) | Security level control apparatus and method for a network securing communications between parties without presetting the security level | |
| CN1714529B (en) | Domain-based digital-rights management system with easy and secure device enrollment | |
| JP2883243B2 (en) | Remote party authentication / encryption key distribution method | |
| CN100518411C (en) | Dynamic cipher system and method based on mobile communication terminal | |
| US20070255960A1 (en) | System and method for validating a network session | |
| CN108900298B (en) | Quantum cipher watermark-based private block chain honest node authentication access method | |
| CA2330958A1 (en) | User authentication using a virtual private key | |
| CN1327662A (en) | Method and apparatus for secure distribution of public/private key pairs | |
| CN103188081A (en) | Systems and methods for distributing and securing data | |
| CN1395776A (en) | Method for issuing an electronic identity | |
| IL137099A (en) | Method for carrying out secure digital signature and a system therefor | |
| JPH07325785A (en) | Network user identifying method, ciphering communication method, application client and server | |
| CN106792501A (en) | A kind of LBS customer locations and privacy of identities guard method | |
| GB2404535A (en) | Secure transmission of data via an intermediary which cannot access the data | |
| CN1645797A (en) | Method for optimizing safety data transmission in digital copyright managing system | |
| JPH09147072A (en) | Personal authentication system, personal authentication card and center equipment | |
| US20120131347A1 (en) | Securing of electronic transactions | |
| US20100005303A1 (en) | Universal authentication method | |
| CN1303778C (en) | Method and apparatus for secure distribution of authentication credentials to roaming users | |
| CN1329418A (en) | Method for authenticating network user identity and method for overcoming user password loophole in Kerberous authentication system | |
| CN1122930C (en) | Enciphering and deciphering method via telephone and IC card | |
| JP2002157223A (en) | Service providing system | |
| Zhao et al. | Card user authentication based on generalized image morphing | |
| CN111541708B (en) | Identity authentication method based on power distribution | |
| JPS6143034A (en) | Method for identifying opposite party between center and user |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: YINGHUADA(NAN JING) TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: YINGYEDA GROUP(NANJING) ELECTRONIC TECHNOLOGY CO.,LTD Effective date: 20041112 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20041112 Address after: 210006 Pai Road, Jiangning economic and Technological Development Zone, Nanjing, Jiangsu Patentee after: Inventec (Nanjing) Technology Co., Ltd. Address before: Nanjing City, Jiangsu province 210006 Crane Street No. 100 Patentee before: Yingyeda Group (Nanjing) Electronic Technology Co., Ltd. |
|
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20031001 Termination date: 20100511 |