CN1564515A - Status authentication system based on double dynamic passwords - Google Patents
Status authentication system based on double dynamic passwords Download PDFInfo
- Publication number
- CN1564515A CN1564515A CN 200410022173 CN200410022173A CN1564515A CN 1564515 A CN1564515 A CN 1564515A CN 200410022173 CN200410022173 CN 200410022173 CN 200410022173 A CN200410022173 A CN 200410022173A CN 1564515 A CN1564515 A CN 1564515A
- Authority
- CN
- China
- Prior art keywords
- card
- user
- authentication
- dynamic password
- sign indicating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The system includes user authentication IC card, card read/write device, front-end authentication processor, background authentication controller and IC card information processor, and IC card writer. IC card information processor carries out operation of writing registration onto card. Front-end authentication processor controls reading card for logging on. Validity of IC and validity of dynamic password are completed by front end authentication processor cooperated with background authentication controller, and IC card information processor.
Description
Technical field:
The present invention is relevant with the computer identity identification system, and is especially relevant with the IC-card identity identification system based on two dynamic passwords.
Background technology:
Along with the financial settlement electronization, pay taxes Electronic Finances such as the bankcard consumption clearing service product of card, individual social insurance card, IC phonecard, POS machine of individual savings card, personal credit card, highway paying card, enterprise has obtained using very widely.But cause the situation of economic loss in various degree to happen occasionally because of the holder reveals password accidentally, this causes the misgivings of people to the electronic accounting fail safe to a certain extent, also has influence on the financial settlement electronization to a certain extent and further develops.Trace it to its cause, what adopt with these electronic clearing systems is that the lower conventional password authentication techniques of security intensity have some relations.The drawback of this authentication techniques maximum is that user password is static, and the user is in case determine its password, just can remain unchanged and repeatedly even long-term the use, thereby easily by other people theft with falsely use.
In addition, in many relating computers system occasion, adopted the dynamic password technology that improves a lot than static password technical security intensity, its typical case is represented as token formula dynamic password generting machanism.This class authentication product reaches the security intensity of dual factors password authentication, meets the requirement of most of concerning security matters occasion security intensity, but who just can obtain the dynamic password sign indicating number because who obtains token, still has potential safety hazard.Simultaneously and since Electronic Finance clearing main adopt be magnetic card or IC-card as user's voucher, the ID authentication mechanism of token formula dynamic password highlights its limitation when Electronic Finance is settled accounts.
The content of invention:
The purpose of this invention is to provide a kind of safely, be applicable to the identity identification system of two dynamic passwords of various IC-cards.
The present invention is achieved in that
The present invention is based on the identity identification system of two dynamic passwords, by user rs authentication IC-card 1, IC-card card reader device 2, front end certified processor 3, backstage controller for authentication 4 sharp IC-card message handlers 5, IC-card write cards device 6 constitutes, there is IC-card sign 81 in the user rs authentication IC-card 1, user ID 82, and can produce random number 83 according to need, all data are transferred to front end certified processor 3 by IC-card card reader device 2, front end certified processor 3 is connected with keyboard 37 and is connected with the network interface card 42 of backstage controller for authentication 4 by port 41, the network interface card 42 of backstage controller for authentication 4 is connected with IC-card message handler 5 by port 41, IC-card message handler 5 is connected with IC-card write cards device 6 with keyboard 57, IC-card write cards device 6 is connected with user rs authentication IC-card 1 by card reader device 2, user's registration information 92 writes in the user rs authentication IC-card 1 by the IC-card write cards device by the database 56 of keyboard 57 input IC-card message handlers 5 and with user identification code 82, when the user inserts IC-card reader device 2 with user rs authentication IC-card 1, the IC-card of reading in the card through reader device 2 identifies 81, user ID 82 and random number 83, front end certified processor 3 at first is transferred to backstage controller for authentication 4 with user identification code 82, backstage controller for authentication 4 is retrieved the user of mating with user identification code 82 and is returned the checked result that whether has match user from the database 56 of IC-card message handler 5, exist under the match user situation and to read the user by front end certified processor 3 and make comparisons with the user identification code 82 in the user rs authentication IC-card 1 by the user identification code 84 of keyboard 37 inputs, if it is inconsistent, front end certified processor 3 is made the termination acts of authentication, consistent, front end certified processor 3 sends dynamicizer password demand application 86 to backstage controller for authentication 4, backstage controller for authentication 4 produces a public message bag 90 and places the information area 46 to use for external reference, simultaneously its random number generator 45 produces random numbers and is processed as dynamic password sign indicating number 88 through central processor CPU 43 and is stored in the readable ram memory 44 standby and send front end certified processor 3 to by port 41, front end certified processor 3 reads random number 83 conversions and is processed as dynamic password sign indicating number 86 from IC-card 1, and with dynamic password sign indicating number 86,88 are shown in the authentication window passes through keyboard 37 inputs as prompting and reception user dynamic password sign indicating number generated code 85, generated code 85 and dynamic password sign indicating number 86 are transferred to backstage controller for authentication 4, backstage controller for authentication 4 reads out dynamic password sign indicating number 88 and prestores from readable ram memory 44 dynamic password composition rule sign indicating number 87, with dynamic password sign indicating number 86,88 carry out combinatorial operation, its result and generated code 85 are relatively, and pass comparative result back front end certified processor 3, determine this authentication whether to pass through by it, as pass through, common message bag 91 of backstage controller for authentication 4 generations is arranged at message area provides external reference to use.
It is synthetic that dynamic password composition rule sign indicating number 87 is pressed gear interlock shape by dynamic password sign indicating number 86,88, and promptly the character of two password codes is synthetic by single sequence number.
It is synthetic that dynamic password composition rule sign indicating number 87 connects two gear meshing shapes by dynamic password sign indicating number 86,88, and promptly the character of two password codes is synthetic by two sequence numbers.
Again the first character is moved to the position, end or position, end character is moved to the first place after dynamically composition rule sign indicating number 87 is directly connected by dynamic password sign indicating number 86,88.
To be positioned at two characters that two the first character Slide positions maybe will be positioned at the position, end after dynamic password composition rule sign indicating number 87 is directly connected by dynamic password sign indicating number 86,88 by dynamic password sign indicating number 86,88 again and move to the first place.
Composition rule sign indicating number 87 is by coded representation.
User identification code 82 is made up of user and individual static password, IC-card sign 81 is an alphabetic string, random number 83 is the inside IC-card number of neocaine, be numeric string, when blank user rs authentication IC-card 1 inserts in the IC-card card reader device 2, with user identification code 82, IC-card sign 81 writes IC-card 1 to IC-card message handler 5 through IC-card write cards device 6, and new IC-card 1 hands over the user to preserve use.
User rs authentication IC-card 1 is a CPU type IC-card, the random number 83 that this card produced has the value characteristics all inequality of the random number that the different cards different time produced, said IC-card reader device 2 and IC-card write cards device 6 adopts the common card-reading apparatus supporting with IC-card 1, front end certified processor 3, backstage controller for authentication 4 and IC-card message handler 5 are common personal computer.
The present invention has following excellent characteristics:
One. described system and method, its dynamic password sign indicating number partly is made up of for 86 liang dynamic password sign indicating number 88 and dynamic password sign indicating number, this two partly sign indicating number produce by backstage controller for authentication 4 and IC-card 1 these two different separate hardware respectively, and by separately independently transmission channel transmit.
Two. described system and method, its dynamic password is final result determined jointly by controller for authentication 4, IC-card 1 and three aspects of individual subscriber, wherein by controller for authentication 4 decision dynamic password sign indicating numbers 88, the reset condition value of dynamic password sign indicating number 86 is provided and generates dynamic password sign indicating number 86 by IC-card 1 through 3 processing of front end certified processor, by individual subscriber decision combined method and the final synthetic result of dynamic password, it is harmonious only to work as the three, is just authenticated and passes through.
Three. described system and method, adopt two stage authentication techniques, static informations such as the system banner of phase I check IC-card, user ID, the static authentication of meaning, second stage inspection user dynamic password, the dynamic authentication of meaning.
Above-mentioned three characteristics improve a lot fail safe of the present invention, can be widely used in various financial settlement IC-cards.
Description of drawings:
Fig. 1 is a system block diagram of the present invention
Fig. 2 is a processing logic schematic flow sheet of the present invention
Fig. 3 makes the use-case description list for dynamic password rule of combination of the present invention
Fig. 4 is a system of the present invention backstage authentication control and treatment flow graph
Fig. 5 is a system dynamics password combination process chart of the present invention
Fig. 6 is each data form defined declaration in the user's registration information database of the present invention
Fig. 7 makes the use-case description list for dynamic password rule of combination of the present invention
Fig. 8 is the synthetic password rule schema of monodentate.
Embodiment:
Two dynamic password authentication identifying methods and system based on IC-card, its system is by user rs authentication IC-card 1, IC-card card reader device 2, front end certified processor 3, backstage controller for authentication 4 and IC-card message handler 5, IC-card write cards device 6 constitutes, user rs authentication IC-card 1 is the subscriber identification card of native system, there is IC-card sign 81 in the card, user ID 82, and can produce random number 83 according to need, the DOL Data Output Line of IC-card card reader device 2 inserts the com port 31 of front end certified processor 3, finish the IC-card data read and be transferred to the work of front end certified processor 3, front end certified processor 3 is finished the IC-card Card Reader, receive keyboard input and foreground checking, its keyboard jack 33 is connected with keyboard 37, port 32 by built-in network interface card 34 carries out network with backstage controller for authentication 4 and is connected, this processor at first reads the IC-card sign 81 of user rs authentication IC-card 1 from com port 31, user ID 82, be stored among the RAM36, after judging that IC-card identifies the current sign of 81 genus systems, by port 32 user ID 82 is sent to backstage controller for authentication 4, after receiving the identification information that authentication that backstage controller for authentication 4 passes back passes through, read the user ID input 84 of user by keyboard 37 inputs, compare with the user ID 82 that reads from IC-card, when the two conforms to, send the identification information that the authentication of this stage is passed through to backstage controller for authentication 4, then, receive the dynamic password sign indicating number 1 that backstage controller for authentication 4 transmits, the random number 83 that is stored among the RAM36 is converted to dynamic password sign indicating number 2 86 according to certain rule processing, provide the user reference with dynamic password sign indicating number 2 88, receive the synthetic dynamic password input code 85 of user by keyboard 37 inputs, should sign indicating number and dynamic password sign indicating number 2 86 be transferred to backstage controller for authentication 4 together and carry out the backstage authentication processing, when sign 89 is passed through in the authentication that receives backstage controller for authentication 4 feedbacks, and when the value of this flag information for " by " time permits the user and enters system, the port 41 of backstage controller for authentication 4 by network interface card 42 carries out network with front end certified processor 3 with IC-card message handler 5 and is connected, finish mutual transfer of data, receive the user ID 82 that front end certified processor 3 provides from port 41 after, from the user's registration information database 56 of card information processor 5, obtain this user's user ID 93 by network, with 87 yards of the dynamic password composition rules of reserving, it is standby in RAM44 to preserve dynamic password composition rule 87, check with this user ID 93 and user ID input 84, checked result is fed back to front end certified processor 3, when checked result when being correct, produce one and indicate that this user has been positioned over the visit use that applications is provided in the message area 46 by the common message bag 90 of phase I authentication and with this message bag 90, when receiving the dynamic password sign indicating number application signal that front end certified processor 3 sends, random number generator 45 wherein produces random numbers and is dynamic password sign indicating number 1 through the CPU43 processed, it is standby and be sent to front end certified processor 3 by port 41 in RAM44 to preserve this sign indicating number, after this, import at 85 o'clock at the dynamic password sign indicating number 2 86 and the synthetic password that receive 3 transmission of front end certified processor by port 41, from RAM44, take out 87 yards of dynamic password sign indicating number 1 and dynamic password composition rules, dynamic password sign indicating number 1 and dynamic password sign indicating number 2 86 are made up according to password composition rule 17 pairing synthetic methods, this combined result and synthetic password input 85 compare, and the 3 feedback authentications of forward end certified processor are by sign 89, when the verifying dynamic password result when passing through, produce one and indicate that this user has been positioned over the visit use that applications is provided in the message area 46 by the common message bag 91 of second stage authentication and with this message bag 91, the port 53 of card information processor 5 by network interface card 54 carries out network with backstage controller for authentication 4 and is connected, connect the keyboard input that input keyboard 57 receives user's registration information 92 by keyboard jack 52, finish the IC-card information processing, login IC-card selling information, and user's registration information charged in the user's registration information database 56, its com port 51 is connected with IC-card write cards device 6, when new user's registration is finished, this user's user ID 82 writes user rs authentication IC-card 1 by IC-card write cards device 6, inquiry and with Query Result user ID 93 from user's registration information database 56 when data query request signal 95 that backstage controller for authentication 4 is sent, dynamic password composition rule 87 sends to backstage controller for authentication 4 by the port 53 of network interface card 54; Described user rs authentication IC-card 1 adopts CPU type IC-card, and the random number 83 that this card produced has the value characteristics all inequality of the random number 83 that the different cards different time produced;
Described IC-card reader device 2 and IC-card write cards device 6 adopt and the supporting common read-write card equipment of IC-card;
Described front end certified processor 3, backstage controller for authentication 4 and IC-card message handler 5 adopt common personal computer PC structure.
System according to the invention constitutes, and its system handles flow process is as follows:
1, card is write in registration: finished by described IC-card message handler 5, its work comprise relevant information and user identification code such as user name that the user is provided, numbering, user's classification and the password composition rule sign indicating number selecting to determine by the keyboard typing, data record writes a new IC-card 1 through IC-card write cards device 6 with user identification code 82 then in user's registration information database 56;
2, login Card Reader: finish by front end certified processor 3 control, when the user inserts IC-card reader device 2 with user rs authentication IC-card 1, read IC-card in the card through reader device 2 and identify 81 and user ID 82;
3, phase I checking-IC-card legitimate verification: by front end certified processor 3, backstage controller for authentication 4, IC-card message handler 5 and login user are collaborative to be finished, its process is: front end certified processor 3 is at first judged the legitimacy of IC-card identification code 81, user identification code 82 in will blocking then is transferred to backstage controller for authentication 4, backstage controller for authentication 4 is retrieved the user with the user ID coupling from the user's registration information database 56 of IC-card message handler 5, and return the checked result that whether has match user, there is the user identification code 84 that reads user's input under the match user situation by front end certified processor 3, make comparisons with the user identification code 82 in the IC-card, if it is inconsistent, promptly accusing the IC-card legitimate verification does not pass through, front end certified processor 3 is made the termination acts of authentication, verifying by under the situation, front end certified processor 3 sends the flag information that the phase I checking has been passed through to backstage controller for authentication 4, this flag information is received by backstage controller for authentication 4 as send the application of dynamic password demand to backstage controller for authentication 4 simultaneously, backstage controller for authentication 4 will produce a public message bag 90, indicate this registrant to pass through the phase I checking, use so that related application to be provided;
4, second stage checking-verifying dynamic password: by front end certified processor 3, backstage controller for authentication 4 and login user are collaborative to be finished, its process is: backstage controller for authentication 4 produces a random number, conversion is processed as dynamic password substring 1, be transferred to front end certified processor 3, front end certified processor 3 reads a random number 83 conversions and is processed as dynamic password substring 2 86 from IC-card, front end certified processor 3 is shown in the authentication window with these two dynamic password substrings, prompting also receives the user by the synthetic input 85 of the dynamic password sign indicating number of keyboard input, to make up dynamic password input 85 and be transferred to backstage controller for authentication 4 by dynamic password substring 2 86, backstage controller for authentication 4 carries out combinatorial operation according to dynamic password rule of combination 87 with dynamic password substring 1 and dynamic password substring 2 86, the combination dynamic password input 85 that its result and the transmission of front end certified processor come relatively, and pass comparative result back front end certified processor 3, front end certified processor 3 receives authentication result and determines this authentication whether to pass through according to this, backstage controller for authentication 4 will produce a public message bag 91 simultaneously, indicate this registrant to pass through the second stage checking, use so that related application to be provided.
System configuration of the present invention is referring to accompanying drawing 1.Wherein:
1=CPU type IC-card
2=IC card card reader device
3=front end certified processor
4=backstage controller for authentication
5=IC card information processor
6=IC card write cards device
The COM communication special purpose interface of 31=front end certified processor 3 is used for being connected with IC-card card reader device 2
The network connection port of 32=front end certified processor 3, i.e. network interface card 34 and outside connectivity port
The keyboard interface of 33=front end certified processor 3
The built-in network interface card of 34=front end certified processor 3
The central processing unit (CPU) of 35=front end certified processor 3
The internal storage (RAM) of 36=front end certified processor 3
The keyboard of 37=front end certified processor 3
The network connection port of 41=backstage controller for authentication 4, i.e. network interface card 34 and outside connectivity port
The built-in network interface card of 42=backstage controller for authentication 4
The central processing unit (CPU) of 43=backstage controller for authentication 4
The internal storage (RAM) of 44=backstage controller for authentication 4
The randomizer of 45=backstage controller for authentication 4
The public message district of 46=backstage controller for authentication 4 is data-interfaces that native system provides external system or application
The COM communication special purpose interface of 51=IC card information processor 5 is used for being connected with IC-card write cards device 6
The keyboard interface of 52=IC card information processor 5
The network connection port of 53=IC card information processor 5, i.e. network interface card 54 and outside connectivity port
The built-in network interface card of 54=IC card information processor 5
The central processing unit (CPU) of 55=IC card information processor 5
The information of registered users database of 56=IC card information processor 5
The keyboard of 57=IC card information processor 5
81=IC card identification code, one of system's static authentication key element comprises manufacturer's identification code or system-specific identification code and IC-card sequence number etc., is write when IC-card is made or is write when the new user of native system registers by manufacturer
The 82=user identification code, one of system's static authentication key element can be user's name, personal code work or account number and the static password sign indicating number that system determines, this sign indicating number is by IC-card message handler 5 generation and write through IC-card write cards device 6 to new user's hair fastener the time
83=IC card random number, one of system's static authentication key element is produced at random by IC-card, is a string numeral and character string of forming of the English alphabet of A-Z by 0-9, and each IC-card is different at the number average at random that different time produced, and has system's uniqueness
84=user ID input, one of system's static authentication key element by a character string of user's input, is used for the contrast of the user identification code stored with IC-card
The synthetic password input of 85=, system dynamics authentication key element is a CHAR, the composition rule combination back input that two dynamic password substrings that provided according to system by the user and this user reserve when registration
86=dynamic password sign indicating number two, one of system dynamics authentication key element is the CHAR that random number that the front end certified processor produces according to IC-card obtains after particular conversion is handled
87=dynamic password composition rule, one of system dynamics authentication key element, it is the rule that the synthetic dynamic password of user must be observed and the verification of system dynamics password is used, select the composition rule storehouse that dynamic password composition rule in the native system is provided from system by the user when new user registers definite, rule make use-case referring to " the dynamic password rule of combination makes the use-case description list " in the accompanying drawing seven
88=dynamic password sign indicating number one, one of system dynamics authentication key element is the CHAR that the backstage controller for authentication produces at random and obtains after particular conversion is handled
89=authentication is by sign, by the backstage controller for authentication at this user that login user is provided after through static authentication and dynamic authentication flag information of validated user whether
90=common message bag 1 is confirming that by the backstage controller for authentication static state authentication back of login user by the phase I produces, and comprises the information such as user ID, login host address, login time of login user, and applications is provided
91=common message bag 2 is produced after the dynamic authentication of login user by second stage confirming by the backstage controller for authentication, comprises the information such as user ID, login host address, login time of login user, and applications is provided
The 92=user's registration information, input system when new user registers comprises user name, numbering, user's classification etc.
The user ID that 93=is provided by the IC-card message handler can be user's name, personal code work or account number and the static password sign indicating number that system determines, this sign indicating number offers the backstage controller for authentication by the IC-card message handler in static verification process
95=information inquiring request signal, the backstage controller for authentication sends to the IC-card message handler when logging in system by user, with the inquiry of request user profile.
The identity identifying method of system according to the invention and processing procedure is as follows:
User's registration:
When the registered user is authorized as the legal user of system or application, the user provides relevant information and user identification code and selects to determine a kind of password composition rule to system, system is writing system identification code and user identification code in new user's IC-card, and the password combination regular code that these user profile, user identification code, user are selected and the card number information of the IC-card of authorizing record system, and the new IC-card that produces gives the user to preserve use;
Authenticating user identification:
1. Card Reader: the user inserts the IC-card reader device with individual IC-card, and the front end certified processor is read and be transferred to IC-card sign and user ID in the card through reader device;
2. phase I checking-IC-card legitimate verification:
1. the front end certified processor is at first judged the IC-card identification code whether for this yarn system allows the identification code that uses,
2. the user identification code in will blocking then is transferred to the backstage controller for authentication, and the backstage controller for authentication is retrieved the user with the user ID coupling from the user's registration information database of IC-card message handler, and returns the checked result that whether has match user,
When 3. having coupling, read the user identification code of user's keyboard input, compare,, promptly accuse the IC-card legitimate verification and do not pass through if inconsistent with user identification code in the IC-card by the front end certified processor,
4. if consistent, the front end certified processor sends dynamic password one demand application to the backstage controller for authentication;
3. second stage is verified a verifying dynamic password:
1. the backstage controller for authentication produces a random number, and conversion is processed as dynamic password substring one, is transferred to the front end certified processor,
2. the front end certified processor reads random number conversion and is processed as dynamic password substring two from IC-card,
3. front end certified processor dynamic password substring one that the backstage controller for authentication is transmitted and the dynamic password substring two that is produced by IC-card are shown in the authentication window, and the prompting user carries out the input of dynamic password code combination,
4. the user finishes combination and the input that is combined as dynamic password by dynamic password substring one and dynamic password substring two according to the rule of combination of reserving,
5. after the front end certified processor receives the combination dynamic password of user's input, the dynamic password substring two that makes up dynamic password and produced by IC-card is transferred to the backstage controller for authentication,
6. the backstage controller for authentication carries out combinatorial operation according to the dynamic password rule of combination that the user reserves with dynamic password substring one and the next dynamic password substring two of transmission, the combination dynamic password sign indicating number that its result and the transmission of front end certified processor come relatively, and pass comparative result back the front end certified processor
7. the front end certified processor receives authentication result and determines this authentication whether to pass through according to this.
System handles flow process of the present invention is referring to accompanying drawing 2.
System front end authentication processing flow process of the present invention is referring to accompanying drawing 3.
System of the present invention backstage authentication control and treatment flow graph is referring to accompanying drawing 4.
System dynamics password combination handling process of the present invention is referring to accompanying drawing 5.
System data tableau format of the present invention is referring to accompanying drawing 6.
For further specifying the present invention, as follows especially exemplified by embodiment.But content of the present invention is not limited only to content related among the embodiment.
Do following supposition in this example earlier:
Suppose 1: new user * * apply for the registration of, it is the system user sign that system adopts user name and individual static password, and the user of reservation is called " AAAAAA ", user ID (static password) " 66668888 ", the inside IC-card of neocaine number is 987654321, and the card of IC-card is designated " ZYXW ";
Suppose 2: the backstage controller for authentication of system to the algorithm that random number is converted to dynamic password word string one is: with this random number is character string by digital translation earlier, and intercepting uses preceding 4 characters of this character string as dynamic password word string one then;
Suppose 3: the front end certified processor of system to the algorithm that the random number that reads from IC-card is converted to dynamic password word string two is: with this random number is character string by digital translation earlier, and intercepting uses preceding 4 characters of this character string as dynamic password word string two then;
Suppose 4: the dynamic password composition rule that the user selectes in this example be code be ' A001 ' monodentate normally, this rule illustrates referring to accompanying drawing eight.
New user's registration:
1. the IC-card message handler of native system receives the keyboard input of new user's user name AAAAAA, static password 66668888 and relevant information;
2.IC the card information processor provides the dynamic password composition rule coded message that dynamic password composition rule instruction card information is for reference and the reception user selects for use, suppose that it is the composition rule of ' A001 ' that this user selects code for use, should rule called after ' monodentate is normally ' in native system;
3.IC the CPU of card information processor deposits this user's information such as depositor's title, user name AAAAAA, static password 66668888, IC-card inside card number 987654321 and dynamic password composition rule sign indicating number A001 among the user's registration form tet_usertable and IC-card registration form tet_ic of registered user's registration information database in;
4. operating personnel insert a blank IC-card in the IC-card write cards device, and the IC-card message handler of native system writes IC-card with user name AAAAAA and static password 66668888 as user ID through the IC-card write cards device;
5. neocaine is paid the user and is preserved use.
The authentication of logging in system by user:
The user at first inserts IC card reader with individual IC-card, and system enters the authenticating user identification program.Its handling process is as follows:
1. the front end certified processor at first reads the IC-card identification information in the IC-card, judges whether to be " ZYXW ", is not then to point out mistake and stop this authentication, if then continue to handle;
2. the front end certified processor at first reads the user ID in the IC-card, is transferred to the backstage controller for authentication;
3. after the backstage controller for authentication receives user totem information, the record that user's registration form tet_usertable in the retrieval user registration information database and user ID are complementary, and return the result's report that whether has match user;
4. front end certified processor video data is handled window, submit to the user to input user name and static password, user name in this input information and the IC-card and static password are relatively, judge the legal use of this user with this to IC-card, if it is consistent, then send the flag information that static checking is passed through to the backstage controller for authentication, otherwise repeat the input and the proof procedure of certain number of times, checking is all accused mistake and is then withdrawed from authentication processing in the number of times that limits;
5. the backstage controller for authentication is after receiving the flag information that the static state checking as the phase I that the front end certified processor sends passes through, produce common message bag 1, automatically generate a random number then, be assumed to ' 234567890123 ', system intercepts preceding four characters, be converted to dynamic password substring one " 2345 ", be transferred to the front end certified processor;
6. the front end certified processor reads a random number from IC-card, be assumed to ' 987654321 ', system intercepts preceding four characters, be converted to dynamic password substring two " 9876 ", be shown in the authentication window with dynamic password substring one " 2345 ", and the prompting user carries out the input of dynamic password code combination;
7. the user finishes the combinatorial input that is combined as dynamic password by dynamic password substring one and dynamic password substring two according to the rule of combination A001 combined method of reserving;
8. after the front end certified processor receives the combination dynamic password of user's input, the dynamic password substring two that makes up dynamic password and generate according to the random number processing that IC-card produces is transferred to the backstage controller for authentication;
9. the backstage controller for authentication carries out combinatorial operation according to the dynamic password rule of combination that the user reserves with dynamic password substring one and the next dynamic password substring two of transmission, the combination dynamic password sign indicating number that its result and the transmission of front end certified processor come relatively, judge whether to be " 29384756 ", and pass comparative result back the front end certified processor, and under more consistent situation, produce common message bag 2, finish the dynamic authentication of second stage with this;
10. the front end certified processor receives the dynamic password authentication result that the backstage controller for authentication is sent, if its result be " by ", then allow the user to enter operating system or application-specific, otherwise repeat dynamic password input and the proof procedure of the above-mentioned steps 7-9 of certain number of times, verify that in the number of times that limits all accusing mistake then refuses to enter.
Claims (8)
1, a kind of identity identification system based on two dynamic passwords, it is characterized in that by user rs authentication IC-card (1), IC-card card reader device (2), front end certified processor (3), backstage controller for authentication (4) and IC-card message handler (5), IC-card write cards device (6) constitutes, there is IC-card sign (81) in the user rs authentication IC-card (1), user ID (82), and can produce random number (83) according to need, all data are transferred to front end certified processor (3) by IC-card card reader device (2), front end certified processor (3) is connected with keyboard (37) and is connected with the network interface card (42) of backstage controller for authentication (4) by port (41), the network interface card (42) of backstage controller for authentication (4) is connected with IC-card message handler (5) by port (41), IC-card message handler (5) is connected with IC-card write cards device (6) with keyboard (57), IC-card write cards device (6) is connected with user rs authentication IC-card (1) by card reader device (2), user's registration information (92) writes in the user rs authentication IC-card (1) by the IC-card write cards device by the database (56) of keyboard (57) input IC-card message handler (5) and with user identification code (82), when the user inserts IC-card reader device (2) with user rs authentication IC-card (1), the IC-card of reading in the card through reader device (2) identifies (81), user ID 82 and random number (83), front end certified processor (3) at first is transferred to backstage controller for authentication (4) with user identification code (82), backstage controller for authentication (4) is retrieved the user of mating with user identification code (82) and is returned the checked result that whether has match user from the database (56) of IC-card message handler (5), exist under the match user situation and to read the user by front end certified processor (3) and make comparisons with the user identification code (82) in the user rs authentication IC-card (1) by the user identification code (84) of keyboard (37) input, if it is inconsistent, front end certified processor (3) is made the termination acts of authentication, consistent, front end certified processor (3) sends dynamicizer password demand application (86) to backstage controller for authentication (4), backstage controller for authentication (4) produces a public message bag (90) and places the information area (46) to use for external reference, simultaneously its random number generator (45) produces a random number and is processed as dynamic password sign indicating number (88) through central processor CPU (43) and is stored in the readable ram memory (44) standby and send front end certified processor (3) to by port (41), front end certified processor (3) reads random number (83) conversion and is processed as dynamic password sign indicating number (86) from IC-card (1), and with dynamic password sign indicating number (86,88) be shown in the authentication window passes through keyboard (37) input as prompting and reception user dynamic password sign indicating number generated code (85), generated code (85) and dynamic password sign indicating number (86) are transferred to backstage controller for authentication (4), backstage controller for authentication (4) reads out dynamic password sign indicating number (88) and prestores from readable ram memory (44) dynamic password composition rule sign indicating number (87), with dynamic password sign indicating number (86), (88) carry out combinatorial operation, its result and generated code (85) are relatively, and pass comparative result back front end certified processor (3), determine this authentication whether to pass through by it, as pass through, backstage controller for authentication (a 4) common message bag of generation (91) is arranged at message area provides external reference to use.
2, system according to claim 1 is characterized in that said dynamic password composition rule sign indicating number (87) by dynamic password sign indicating number (86), and it is synthetic that (88) press gear interlock shape, and promptly the character of two password codes is synthetic by single sequence number.
3, system according to claim 1, it is synthetic to it is characterized in that said dynamic password composition rule sign indicating number (87) connects two gear meshing shapes by dynamic password sign indicating number (86,88), and promptly the character of two password codes is synthetic by two sequence numbers.
4, system according to claim 1 is characterized in that the first character being moved to the position, end again or position, end character being moved to the first place after said dynamic composition rule sign indicating number (87) is directly connected by dynamic password sign indicating number (86,88).
5, system according to claim 1, it is characterized in that dynamic password composition rule sign indicating number (87) is by dynamic password sign indicating number (86,88) move last two characters that maybe will be positioned at last by two characters that will be positioned at the first place after the direct connection of dynamic password sign indicating number (86,88) again and move to the first place.
6, system according to claim 1 is characterized in that composition rule sign indicating number (87) is by coded representation.
7, system according to claim 1, it is characterized in that user identification code (82) is made up of user and individual static password, IC-card sign (81) is an alphabetic string, random number (83) is the inside IC-card number of neocaine, be numeric string, in blank user rs authentication IC-card (1) inserts IC-card card reader device (2), IC-card message handler (5) through IC-card write cards device (6) with user identification code (82), IC-card sign (81) writes IC-card (1), and new IC-card (1) hands over the user to preserve use.
8, system according to claim 1, it is characterized in that described user rs authentication IC-card (1) is a CPU type IC-card, the random number that this card produced (83) has the value characteristics all inequality of the random number that the different cards different time produced, said IC-card reader device (2) and IC-card write cards device (6) adopt and the supporting common card-reading apparatus of IC-card (1), front end certified processor (3), backstage controller for authentication (4) and IC-card message handler (5) are common personal computer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200410022173XA CN100364261C (en) | 2004-03-31 | 2004-03-31 | Status authentication system based on double dynamic passwords |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200410022173XA CN100364261C (en) | 2004-03-31 | 2004-03-31 | Status authentication system based on double dynamic passwords |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1564515A true CN1564515A (en) | 2005-01-12 |
| CN100364261C CN100364261C (en) | 2008-01-23 |
Family
ID=34479942
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB200410022173XA Expired - Fee Related CN100364261C (en) | 2004-03-31 | 2004-03-31 | Status authentication system based on double dynamic passwords |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100364261C (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101576945A (en) * | 2008-12-31 | 2009-11-11 | 北京飞天诚信科技有限公司 | Multifunctional card reader and realization method thereof |
| CN101860528A (en) * | 2009-04-10 | 2010-10-13 | 索尼公司 | Authenticating device, authentication method and program |
| CN101212303B (en) * | 2007-12-24 | 2010-10-13 | 北京飞天诚信科技有限公司 | Dynamic password output method, dynamic password generation method and device |
| CN101582762B (en) * | 2009-04-02 | 2011-07-13 | 北京飞天诚信科技有限公司 | Method and system for identity authentication based on dynamic password |
| CN102130767A (en) * | 2011-01-25 | 2011-07-20 | 北京飞天诚信科技有限公司 | One-time password communication realization system and method |
| CN101739593B (en) * | 2009-12-07 | 2012-01-04 | 佛山市安讯智能科技有限公司 | Safety certification method of medium access control codes of integrated circuit cards |
| CN101656611B (en) * | 2008-08-19 | 2012-07-25 | 夏普株式会社 | Authentication system, terminal and information processing device |
| CN101807994B (en) * | 2009-12-18 | 2012-07-25 | 北京握奇数据系统有限公司 | Method and system for application data transmission of IC card |
| CN101546453B (en) * | 2008-03-25 | 2013-02-06 | 海尔集团公司 | Method and device for authenticating IC card |
| CN104038342A (en) * | 2013-03-08 | 2014-09-10 | 中外建设信息有限责任公司 | Security certification system and method |
| CN104283852A (en) * | 2013-07-08 | 2015-01-14 | 中国电信股份有限公司 | Mobile application single-sign-on authentication method, system, client side and server side |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101630372B (en) * | 2009-08-07 | 2012-04-18 | 飞天诚信科技股份有限公司 | Method for verifying IC card, equipment and system thereof |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1337803A (en) * | 2001-07-03 | 2002-02-27 | 上海复旦微电子股份有限公司 | Enciphering method and circuit for safe communication of IC card data |
| JP2004015667A (en) * | 2002-06-10 | 2004-01-15 | Takeshi Sakamura | Inter ic card encryption communication method, inter ic card encryption communication in electronic ticket distribution system, and ic card |
-
2004
- 2004-03-31 CN CNB200410022173XA patent/CN100364261C/en not_active Expired - Fee Related
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101212303B (en) * | 2007-12-24 | 2010-10-13 | 北京飞天诚信科技有限公司 | Dynamic password output method, dynamic password generation method and device |
| CN101546453B (en) * | 2008-03-25 | 2013-02-06 | 海尔集团公司 | Method and device for authenticating IC card |
| CN101656611B (en) * | 2008-08-19 | 2012-07-25 | 夏普株式会社 | Authentication system, terminal and information processing device |
| CN101576945A (en) * | 2008-12-31 | 2009-11-11 | 北京飞天诚信科技有限公司 | Multifunctional card reader and realization method thereof |
| CN101576945B (en) * | 2008-12-31 | 2012-12-12 | 飞天诚信科技股份有限公司 | Multifunctional card reader and realization method thereof |
| CN101582762B (en) * | 2009-04-02 | 2011-07-13 | 北京飞天诚信科技有限公司 | Method and system for identity authentication based on dynamic password |
| CN101860528A (en) * | 2009-04-10 | 2010-10-13 | 索尼公司 | Authenticating device, authentication method and program |
| CN101860528B (en) * | 2009-04-10 | 2013-05-29 | 索尼公司 | Authentication device and authentication method |
| CN101739593B (en) * | 2009-12-07 | 2012-01-04 | 佛山市安讯智能科技有限公司 | Safety certification method of medium access control codes of integrated circuit cards |
| CN101807994B (en) * | 2009-12-18 | 2012-07-25 | 北京握奇数据系统有限公司 | Method and system for application data transmission of IC card |
| CN102130767A (en) * | 2011-01-25 | 2011-07-20 | 北京飞天诚信科技有限公司 | One-time password communication realization system and method |
| CN102130767B (en) * | 2011-01-25 | 2013-02-13 | 飞天诚信科技股份有限公司 | One-time password communication realization system and method |
| CN104038342A (en) * | 2013-03-08 | 2014-09-10 | 中外建设信息有限责任公司 | Security certification system and method |
| CN104283852A (en) * | 2013-07-08 | 2015-01-14 | 中国电信股份有限公司 | Mobile application single-sign-on authentication method, system, client side and server side |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100364261C (en) | 2008-01-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8392975B1 (en) | Method and system for image-based user authentication | |
| CN1514978A (en) | Automated transaction machine digital signature system and method | |
| CN104683114B (en) | Based on the identity identifying method of finger print information | |
| US20040230810A1 (en) | Method, system and computer program product for multiple biometric template screening | |
| CN1353386A (en) | Card business confirmation method using finger print information and its system | |
| CN1520090A (en) | System and method of authenticating validity and dropoff | |
| CN104852895A (en) | Card authentication for OAuth supported cloud services on a multi-function device | |
| CN1564515A (en) | Status authentication system based on double dynamic passwords | |
| US9985961B2 (en) | Information processing system and authentication method | |
| CN1818919A (en) | Permission verification and verifying system for electronic file | |
| CN101208702A (en) | Architecture for computer-implemented authentication and authorization | |
| CN1518235A (en) | Identification system of electronic busness and its implementing method | |
| CN103455965A (en) | Verification image based verification method, device and server | |
| JP2008257701A (en) | Authentication system | |
| CN1409835A (en) | Computerised device for accrediting data application to software and service | |
| CN1949780A (en) | Network message leaving system and leaving message filtering method | |
| CN101641721A (en) | Biometric matching method and apparatus | |
| CN1897530A (en) | Financial-transaction terminal for processing information carrier according to USB interface normalization and its operation | |
| CN1432148A (en) | Method for protection against fraudulent modification of data sent to secure electronic medium | |
| JP2008199618A (en) | Method, system, and computer program for using personal communication device to obtain additional information | |
| US10657244B2 (en) | Identity authentication method and apparatus | |
| US9223947B2 (en) | Authentication apparatus and computer-readable medium storing authentication program code | |
| CN1643551A (en) | Method and system for user authentication in a digital communication system | |
| CN1459073A (en) | Method and arrangement for identifying and processing commands in digital images, where user marks the command, for example by encircling it | |
| CN1547144A (en) | Internet safety payment system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080123 Termination date: 20110331 |