CN1585330A - Network identify certificating method and apparatus - Google Patents
Network identify certificating method and apparatus Download PDFInfo
- Publication number
- CN1585330A CN1585330A CN 03153597 CN03153597A CN1585330A CN 1585330 A CN1585330 A CN 1585330A CN 03153597 CN03153597 CN 03153597 CN 03153597 A CN03153597 A CN 03153597A CN 1585330 A CN1585330 A CN 1585330A
- Authority
- CN
- China
- Prior art keywords
- authentication
- networking
- key
- user
- website
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention includes following steps: the user keeps an authentication key; when he logins a certain website to make a financial transaction there is no need to input any password or authentication materials, the network authentication center interacts with the authentication key with calculation function to make encoding and decoding and to produce an encryption passport material that is transmitted back through user's computer and website to the network authentication center; through comparing with the original material the user's authentication is completed.
Description
Technical field
The present invention is about a kind of networking identity identifying method and device, especially refer to that a kind of user of utilization holds and the authentication key of tool encoding function and third party networking authentication center crossing operation generation pass data, the method that authentication is used when logining specific website not or carrying out the networking financial transaction, it can further promote internet trade safety, and can make the user need not remember and import password, and the convenience of promoting its operation.
Background technology
Because Internet is quick and borderless characteristic, has broken through the restriction of the time and space simultaneously, makes many industries have an optimistic view of the huge business opportunity that Internet is implied, for example various types of ecommerce, online game, networking financial transaction or the like.Although but the advantage of Internet quick and convenient is unquestionable, the problem on its still derived many laws and safety:
With regard to the most popular online game in the present Asian-Pacific area, player's account number, the stolen situation of password emerge in an endless stream, and no matter the player is or the Internet bar, all can't effectively stop the generation of the incident of usurping at home.Aspect the financial transaction of networking, there is increasing netizen to see through networking bank and pays behaviors such as account, account transfer and stock exchange again based on having much to do factors such as reaching the internet trade quick and convenient; But when adding networking banks or Internet stock trading, all user applies must fill in big document and very loaded down with trivial details, and all must input user's account number (ID or User name) and password (Password) etc. when concluding the business at every turn or transferring accounts, more inconvenient is that the user need keep these data at any time firmly in mind, its inconvenience is promptly well imagined, even when the user suddenly must conclude the business, still must note not using others' computer, stolen to avoid user's account number and password, although present networking bank mechanism is all used the safety encipher mechanism of SSL128 position, and authenticate through the world, promoting its fail safe, but that its operation ease still has is to be strengthened.Reason is the increase along with the internet trade type, the user utilizes the chance of account number cipher to increase, general user is based on convenient memory, may login the website and the authentication mechanism of all uses with single account number cipher, and this kind mode danger is that in a single day account number cipher is stolen, and the fail safe of all website transaction is all gone with making.Otherwise,, and, then must increase the inconvenience of user's data memory at the different account number cipher of different login authentication requirements set if avoid taking place this kind situation.
From the above, although the networking provides the user bigger transaction facility, its transaction crisis of hiding also can not be ignored, so how to take into account the convenience and the fail safe of internet trade, obviously needs to be further reviewed, and seeks feasible solution.
Summary of the invention
For solving foregoing problems, main purpose of the present invention is promptly providing a kind of user need not remember and import password, but can effectively guarantee the networking identity identifying method of transaction security.
Cooperate a networking authentication center when the user carries out various internet trade, to carry out flow process security management and control and authentication for reaching the authentication key that major technique means that aforementioned purpose takes are held by a user; It comprises the following steps:
Activate ID authentication mechanism;
Read the basic document of authentication key by user's computer, and deliver to networking authentication center;
Prescribe a time limit and single random test data by networking authentication center passback one, and keep a backup;
The random test data of passback is encoded with inner private key by the authentication key, and networking authentication center is given in loopback;
Take out the random test data of backup by networking authentication center and encode, and compare with echo back data according to this, produce the private key of dynamically issuing licence after errorless again through comparing with a symmetrical private key;
Utilize the private key of dynamically issuing licence that one pass data are carried out coding encrypting, and send the pass data of encrypting back to the user computer;
User's computer is delivered to pass data and is desired the application website logining or conclude the business, sends pass data back to networking authentication center by this website again;
Networking authentication center is decrypted the pass data of loopback with the private key of dynamically issuing licence, and as identical with original pass data, promptly finishes user's authentication.
The present invention's time purpose is at the authentication key that a kind of tool accidental enciphering calculation function is provided.
Aforesaid authentication key includes:
One microprocessor is used to carry out the encryption and decryption calculation function;
One on-line interface is for linking with user's computer;
One ciphering unit is as the usefulness of scrambled;
One memory group is for storing key basic document and temporary random test data.
Aforementioned microprocessor adopts reduced instruction set computing (RISC) function.
Aforesaid on-line interface is the above compatibility interface of USB1.1.
Aforesaid ciphering unit uses the AES128Bits~256Bits of high safety standard or uses RSA, DES, 3DES, MD5, MD2, the SHA-1 etc. of Generally Recognized as safe standard.
Aforementioned memory group comprises read-only memory, random access memory and the electricity internal memory of erasing.
Description of drawings
Fig. 1 is a system schematic of the present invention.
Fig. 2 is a flow chart of the present invention.
Fig. 3 authenticates the calcspar of key for the present invention.
The figure number explanation
10 user's computers, 20 networking authentication centers
30 use website 40 authentication keys
41 microprocessors, 42 on-line interfaces
43 ciphering units, 44 memory group
Embodiment
At first see also shown in Figure 1ly, be system schematic of the present invention, mainly see through Internet and use website 30 with a networking authentication center 20 and respectively and link by user's computer 10; Wherein, use website 30 users and desire to login the website of using or concluding the business, user's computer 10 links again an authentication key 40, carries out user's authentication to cooperate the networking authentication center 20 that links when logining this application website 30 or carrying out financial transaction; As shown in Figure 2, its concrete steps include:
Use the website or carry out promptly activating ID authentication mechanisms 201 must be through the trading activity of authentication the time when the user desires to login by using website 30;
After ID authentication mechanism activates, promptly read the basic document of authentication key 40, and deliver to the step 202 of networking authentication center 20, for the networking 20 identification users of authentication center by user's computer 10;
By networking authentication center 20 passback one in limited time and single random test data give the step 203 of user's computer 10, and keep a backup; The content of this random test data does not limit form, and it is by random number generation at random, and content has unpredictability;
User's computer 10 is promptly delivered to authentication key 40 after receiving the random test data, with the private key of internal preset this random test data is encrypted 204 by authentication key 40, and networking authentication center 20 is given in loopback; Aforementioned authentication key 40 default private keys can use AES128~256 (Bits) of high safety standard or RSA, DES, 3DES, MD5, MD2, the SHA-1 etc. of Generally Recognized as safe standard;
The random test data of being taken out backup by networking authentication center 20 is same as the asymmetric private key of establishing private key in the authentication key 40 with one and encodes, and compare with the data of user's computer 10 loopbacks according to this, produce the private key 205 of dynamically issuing licence after errorless again through comparing; This private key of dynamically issuing licence is the usefulness that pass data are encrypted, and it is single and free restriction, will cease to be in force automatically after after a while;
The prostatitis person is that authentication key 40 sees through first authentication means that user's computer 10 is carried out with networking authentication center 20, it comprises that further one is executed in networking authentication center 20, user's computer 10 and uses second authentication means of 30 of websites, and it comprises that step is as follows: (still seeing also shown in Figure 2)
Utilize the private key of dynamically issuing licence that one pass data are carried out coding encrypting, and the pass data of encrypting is delivered to user's computer 10 steps 206;
User's computer 10 will be delivered to through the pass data of encrypting and desire the application website 30 logining or conclude the business, send pass data back to networking authentication center 20 steps 207 by this application website 30 via Internet again;
Networking authentication center 20 is decrypted 208 with the private key of dynamically issuing licence to the pass data of loopback, and according to this with original pass data comparison 209, as check and conform to, be about to the comparison result notice and use website 210 and finish user's authentication.
Can find out the idiographic flow of identity identifying method of the present invention by above-mentioned explanation, by can obviously finding out in the preceding method, when the user logins specific website or carries out the particular transaction behavior, must not import any account number cipher, it need only make the computer of an authentication key and its use link, and see through this computer respectively with networking authentication center and use the website and link, when user's identity need be confirmed in the application website, promptly activate aforementioned authentication mechanism, promptly after the cryptographic calculation that intersects by this authentication key and networking authentication center and the checking, to produce the pass data through dynamic encryption, this pass data is except that being temporary in networking authentication center, also deliver to and use the website via user's computer, sending networking authentication center back to by the application website again compares, and the comparison result notice is used the website by networking authentication center, to finish authentication, can obviously find out by aforementioned flow process, the user does not carry out any account number for the website of logining or concluding the business, the input of password or encryption and decryption computing, owing to do not import also not computing, so the situation that account number or password are usurped can not take place.
Again, when the user logins different websites or carries out other trading activity, aforesaid flow process will be by execution again, meaning is about to produce brand-new random test data, dynamically issues licence private key and pass data to carry out the authentication of another time, it can exempt the user must remember the loaded down with trivial details shop problem of importing different account number ciphers in response to different web sites, and account number cipher subjects to steal situation about usurping can to avoid different web sites to use on the same group fully.
See also shown in Figure 3ly as for aforementioned authentication key 40 1 feasible concrete structures, it includes:
One microprocessor 41 is used to carry out the encryption and decryption calculation function; It can adopt reduced instruction set computing (RISC) function, that is is made of a low order processor and gets final product, and helps the reduction of manufacturing cost;
One on-line interface 42 is with the compatibility interface more than the USB1.1, for linking with user's computer;
One ciphering unit 43 is as the usefulness of scrambled; When taking high safety standard, it can use AES128~256 (Bits); When taking the Generally Recognized as safe standard, then can use encryption technologies such as RSA, DES, 3DES, MD5, MD2, SHA-1;
One memory group 44, it comprises read-only memory (ROM), random access memory (RAM) and the electricity internal memory (EEPROM) etc. of erasing, for storing key basic document and temporary random test data.
Because this authentication key system adopts USB as on-line interface, compare the contact type memory card that both is useful on authentication purposes, IC-card, smart card etc., it need not dispose calculating punch in addition, because of most computer is all supported USB interface, and aforementioned authentication key is compatible HID interface, so need not install driver, characteristic with plug and play is so obviously be better than using various contact the/non-contact IC card, the smart card of configuration calculating punch on versatility and convenience.
The characteristic of aforementioned again authentication key is just like the digital signature in the real-life seal and the world, networking, safe in utilization for guaranteeing it, except that making it possess the uniqueness, other gives its non-reproduction, it is specifically done in the direct burned microprocessor 41 of private key (being generally a lot of data) in the genealogy of law order authentication key, through finish private key burned after, promptly be used for the outside and import/read/is revising/importing big electric current on the I/O pin of repair information, its internal wiring is blown, and isolate fully with the outside.By this, the authentication key is finished once manufacturing, except that the database of networking authentication center 20 still prestores the private key data of this authentication key, and any having no way of per capita by the circuit structure taking-up private key data of authentication key 40.Is the data of having passed through private key and ciphering unit 43 coding encryptings as for user's computer 10 through the master data that 42 pairs of authentications of on-line interface key 40 reads, so other people also can't obtain the private key data by user's computer 10.
Based on individual use habit and the security protection that many one decks are provided, can give authentication key one itself and enable password in addition, this enables password and does not transmit on the networking, when then tying up to the binding of authentication key and user's computer, promptly be required input, meet, can enable this authentication key as password.
Can fully understand concrete technology contents of the present invention and operation principle through above stated specification, apply to the authentication purposes of following occasion with these designs at least:
1. networking recreation status authentication.
2. the utilization of government bodies' electronization: in the e-cooperative work flow process, can provide fail safe high status identification mechanism, digital signature and data encryption function.
Networking bank and line go to bank the transaction authentication.
4. the transaction security mechanism of ecommerce.
5. electronic health record safety control.
6. the safety certification of national level/military affairs/enterprise's secret and the authentication of inner networking.
So by as can be known aforementioned, the present invention not only simplifies logining of user or the operating type when concluding the business, the lifting of the transaction security of more taking into account, apply to simultaneously the authentication in various fields widely, this shows, the present invention has possessed significant practicality and progressive, and meets the patent of invention important document, and application is mentioned in the whence in accordance with the law.
Claims (11)
1. a networking identity identifying method is characterized in that, the networking authentication center that the authentication key cooperation one that is linked by user's computer links through the networking carries out authentication when the user is logined the website or carries out online trading; It has:
One first authentication means, be executed between authentication key and the networking authentication center, after obtaining authentication key basic document by networking authentication center, send random test data give the authentication key carry out returning networking authentication center again behind the coding encrypting, networking authentication center encodes to backup random test data with the same terms, and with the data comparison of passback, generation one private key of dynamically issuing licence through verifying after;
One second authentication means, with the dynamic authentication private key that first authentication means produces one pass data is encrypted, deliver to through user's computer and to desire the website logining or conclude the business, by this website pass data is delivered to networking authentication center, after being decrypted, compare, and the comparison result notice is logined or business site with original pass data with the private key of dynamically issuing licence.
2. networking as claimed in claim 1 identity identifying method is characterized in that, described first authentication means comprises the following steps:
Activate ID authentication mechanism;
Read the basic document of authentication key by user's computer, and deliver to networking authentication center;
Prescribe a time limit and single random test data by networking authentication center passback one, and keep a backup;
The random test data of passback is encoded with inner private key by the authentication key, and networking authentication center is given in loopback;
Take out the random test data of backup by networking authentication center and encode, and compare with echo back data according to this, produce the private key of dynamically issuing licence after errorless again through comparing with a symmetrical private key.
3. networking as claimed in claim 2 identity identifying method is characterized in that, described second authentication means comprises the following steps:
Utilize the private key of dynamically issuing licence that one pass data are carried out coding encrypting, and send the pass data of encrypting back to the user computer;
User's computer is delivered to pass data and is desired the application website logining or conclude the business, sends pass data back to networking authentication center by this website again;
Networking authentication center is decrypted the pass data of loopback with the private key of dynamically issuing licence, and with original pass data comparison, and the website that the comparison result notice is logined or concluded the business is to finish user's authentication.
4. as claim 1 or 2 or 3 described networking identity identifying methods, it is characterized in that the inner encryption key default with networking authentication center of this authentication key uses 128~256 of AES when taking high safety standard.
5. as claim 1 or 2 or 3 described networking identity identifying methods, it is characterized in that the inner encryption key default with networking authentication center of this authentication key uses RSA, DES, 3DES, MD5, MD2, SHA-1 encryption technology when taking the Generally Recognized as safe standard.
6. an authentication key that is used for the networking authentication is characterized in that, includes:
One microprocessor is used to carry out the encryption and decryption calculation function;
One on-line interface is for linking with user's computer;
One ciphering unit is as the usefulness of scrambled;
One memory group is for storing key basic document and temporary random test data.
7. as being used for the authentication key of networking authentication as described in the claim 6, it is characterized in that this microprocessor adopts reduced instruction set computing.
8. as being used for the authentication key of networking authentication as described in the claim 6, it is characterized in that this on-line interface is the compatibility interface of USB more than 1.1.
9. as being used for the authentication key of networking authentication as described in the claim 6, it is characterized in that this ciphering unit adopts 128~256 of the AES of high safety standard.
10. as being used for the authentication key of networking authentication as described in the claim 6, it is characterized in that this ciphering unit adopts RSA, DES, 3DES, MD5, MD2, the SHA-1 of Generally Recognized as safe standard.
11., it is characterized in that this memory group comprises read-only memory, random access memory and the electricity internal memory of erasing as being used for the authentication key of networking authentication as described in the claim 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03153597 CN1585330A (en) | 2003-08-18 | 2003-08-18 | Network identify certificating method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03153597 CN1585330A (en) | 2003-08-18 | 2003-08-18 | Network identify certificating method and apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1585330A true CN1585330A (en) | 2005-02-23 |
Family
ID=34597778
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03153597 Pending CN1585330A (en) | 2003-08-18 | 2003-08-18 | Network identify certificating method and apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1585330A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103026728A (en) * | 2010-07-23 | 2013-04-03 | 晶像股份有限公司 | Mechanism for internal processing of content through partial authentication on secondary channel |
| TWI707285B (en) * | 2018-04-20 | 2020-10-11 | 兆豐國際商業銀行股份有限公司 | A system and a method for mobile transaction in enterprise |
| CN112562130A (en) * | 2020-12-03 | 2021-03-26 | 广东电网有限责任公司中山供电局 | Anti-electricity-stealing intelligent lock system of centralized electricity meter box |
-
2003
- 2003-08-18 CN CN 03153597 patent/CN1585330A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103026728A (en) * | 2010-07-23 | 2013-04-03 | 晶像股份有限公司 | Mechanism for internal processing of content through partial authentication on secondary channel |
| CN103026728B (en) * | 2010-07-23 | 2019-01-18 | 美国莱迪思半导体公司 | For the mechanism of inter-process to be carried out to content by the partial authentication on secondary channel |
| TWI707285B (en) * | 2018-04-20 | 2020-10-11 | 兆豐國際商業銀行股份有限公司 | A system and a method for mobile transaction in enterprise |
| CN112562130A (en) * | 2020-12-03 | 2021-03-26 | 广东电网有限责任公司中山供电局 | Anti-electricity-stealing intelligent lock system of centralized electricity meter box |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1326629A (en) | Method and system for authenticating and utilizing secure resources in computer system | |
| US20110289318A1 (en) | System and Method for Online Digital Signature and Verification | |
| KR20060127080A (en) | User authentication method based on the utilization of biometric identification techniques and related architecture | |
| CN1889432A (en) | Long-distance password identifying method based on smart card, smart card, server and system | |
| CN1661961A (en) | Method, a hardware token, and a computer program for authentication | |
| CN1336051A (en) | Method and system for the application of a safety marking | |
| CN101420302A (en) | Safe identification method and device | |
| CN101335754B (en) | Method for information verification using remote server | |
| CN100337423C (en) | Method of handling secrecy, authentication, authority management and dispersion control for electronic files | |
| CN2609069Y (en) | Fingerprint digital autograph device | |
| CN106203137B (en) | A kind of classified papers access safety system | |
| CN1427575A (en) | Electronic cipher formation and checking method | |
| CN101212301B (en) | Authentication device and method | |
| JP2009272737A (en) | Secret authentication system | |
| CN101552671A (en) | Network identity authentication method based on U-disk and dynamic differential password and system thereof | |
| CN101262348A (en) | USB digital signature device and its operation method | |
| CN101547098B (en) | Method and system for security certification of public network data transmission | |
| CN1585330A (en) | Network identify certificating method and apparatus | |
| CA3227278A1 (en) | Methods and systems for generating and validating uses of digital credentials and other documents | |
| CN105227562B (en) | The key business data transmission mediation device and its application method of identity-based verifying | |
| CN111539032B (en) | Electronic signature application system resistant to quantum computing disruption and implementation method thereof | |
| CN201207651Y (en) | USB digital autograph device | |
| CN110445756B (en) | Method for realizing searchable encryption audit logs in cloud storage | |
| CN113468596A (en) | Multi-element identity authentication method and system for power grid data outsourcing calculation | |
| CN109412754B (en) | Data storage, distribution and access method of coding cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |