CN1622509A - A super password generation and authentication method - Google Patents
A super password generation and authentication method Download PDFInfo
- Publication number
- CN1622509A CN1622509A CN 200310115149 CN200310115149A CN1622509A CN 1622509 A CN1622509 A CN 1622509A CN 200310115149 CN200310115149 CN 200310115149 CN 200310115149 A CN200310115149 A CN 200310115149A CN 1622509 A CN1622509 A CN 1622509A
- Authority
- CN
- China
- Prior art keywords
- super code
- equipment
- user
- customizing messages
- super
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention discloses method of creating cipher in user's equipment and performing user confirmation. The method includes: 1) creating super cipher with the user's equipment based on the specific information of the user's equipment; and 2) conforming the user in the user's equipment with the super cipher. The super cipher thus created is hard to decipher, safe and convenient.
Description
Technical field
The present invention relates to a kind of generation and authentication method of super code, relate in particular to a kind of generation and authentication method the effective super code of particular device.
Background technology
The network equipment that numerous network equipment supplier in the market provides all has pair restriction of user's operating equipment authority basically, and the method that binding authority uses is that password is set.The personnel that only have this device password could control and operate this network equipment.But this password is easy to forget or people's modification of authority is arranged equally and cause original code unavailable by other, so all equipment all has a super code, this super code can be had the right to use the personnel of map network equipment to use by any.But require necessary difficult memory of this super code and decoding.In case the ordinary password that equipment is provided with is lost, and still can reset ordinary password by using this super code.
Prior network device generally all is provided with above-mentioned two passwords.But existing super code is fixed, and is applicable to the equipment of the same type that this producer is all, i.e. the shared super code of a kind of equipment of a producer.The method that it is realized is very simple, and as shown in Figure 1, in development, specifying a special character string is super code, carries out common when the user inputs password and the super code checking, and both get final product at any one coupling.
There is following shortcoming in the super code of above-mentioned prior art:
1. because the shared super code of a kind of type equipment of producer so in case the super code of the type equipment in a place is illegally stolen, be easy to decode the password of other regional equipment so, brings huge threat for whole network security.
2. because original super code is to be made of with the conventional characters string substantially the present super code that common character is combined into substantially, abcd...xyzAB......XYZ123...... or the like for example is so that the end user remembers easily.But as long as ceaselessly mate with simple monogram, just can be in very short time to decode.Though the equipment supplier also can directly use spcial character in the prior art in super code at present, be to adopt ASCII character substantially.
3. original super code generally is that the equipment supplier writes in development fixed, is to use the people to change, and causes the actual password for " disclosing " of this password easily, and the approach of an intrusion is provided on the contrary.
4. string matching speed is very fast, and matching probability is very big, can't prevent the decoding of professional tool.
Summary of the invention
The generation and the authentication method that the purpose of this invention is to provide a kind of super code guarantee that super code is effective at specific equipment, thereby improve the fail safe of network, and make super code be difficult to be decrypted.
For achieving the above object, the invention provides a kind of method of utilizing user equipment information to generate password and carrying out authentification of user, it is characterized in that this method comprises:
1) subscriber equipment generates super code according to the customizing messages of described equipment;
2) described subscriber equipment utilizes this super code that the user is authenticated.
Preferably, the customizing messages of described subscriber equipment is the MAC Address of described equipment.
Preferably, said method further is included in the user when inputing the password mistake, the step that postpones to wait for.
Use method of the present invention, can make network safer, and make super code more be difficult to decode, make the easy to use and safety of super code.
Description of drawings
Fig. 1 is a prior art system cipher authentication flow chart;
Fig. 2 has schematically shown a figure in the shape library of equipment;
Fig. 3 is the block diagram of encipheror according to an embodiment of the invention;
Fig. 4 is the system password identifying procedure figure of one embodiment of the present of invention.
Embodiment
Below in conjunction with accompanying drawing the preferred embodiments of the present invention are described in detail.
Each network equipment all has oneself network MAC (media interviews control) address, is used for this equipment of sign in network.This MAC Address has uniqueness, and the MAC Address of different equipment is different.Utilize this unique MAC Address can be unique super code of this device customizing.The method that realizes is that the equipment supplier utilizes a super code to generate software this MAC Address is encrypted as one group of character string, forms one unique to the effective super code of this equipment, and offers the user.The super code generator that super code generates software can adopt md5 encryption algorithm (Message-Digest Algorithm 5, md5-challenge), also can use for reference the md5 encryption algorithm and make suitable modification.
For example: the MD5 algorithm is improved to discerns producer and name of product.For example, be 00e0-fc00-6506 as the MAC Address of fruit product, MD5 can be increased to the producer of this equipment and the information of product in the password when calculating the super code of this machine automatically.In addition, also can design the cryptographic algorithm instrument in addition with reference to the algorithm of MD5.
On the other hand, be provided with one and encrypt subprogram in equipment, this is encrypted subprogram and adopts same algorithm.When device start, call this subprogram, and utilize the MAC Address of equipment, generate the value identical, and utilize the super code of the value checking user input that is generated with above-mentioned super code.
As previously mentioned, the super code of prior art is substantially with for example ASCII character formation, the decoding easily of conventional characters string.And the method according to this invention can be used special character, Macintosh on the keyboard that for example uses a computer and additional character key (as ^,<, *-, (), @ or $ or the like), even can also widen figure.
For this reason, in the shape library of equipment, preserve the mutually different fundamental figure suitable, add a tag number for each fundamental figure, thereby can obtain graphical passwords with the ASCII number.Fig. 2 (A) is depicted as one of them.Graphical passwords is very concrete and directly perceived, generally is not easy to pass out of mind, and also disguised better.
Fig. 3 has shown the flow chart of encrypting according to user's MAC address according to an embodiment of the invention.
As shown in Figure 3, in this embodiment, at first obtain the MAC Address of subscriber equipment, for example, the MAC Address of certain network equipment is 00e0-fe00-6506.
Then, this MAC Address being carried out conventional CRC (cyclic redundancy check (CRC)) computing, obtain a numerical value, for example is 43.This value is mapped as a symbol of ASCII character, and it is the element that constitutes figure, (for example "+", its ASCII value is 43).
Simultaneously, also corresponding to a fundamental figure in the shape library that equipment was equipped with, shown in Fig. 2 (B), it is 43 corresponding to the ASCII value to the ASCII value of this mapped symbol (being the ASCII value that above-mentioned MAC Address obtains through the CRC computing).Promptly utilize the crc value of the device mac address that is calculated to obtain a fundamental figure in the shape library and the basic element that constitutes this figure, so just formed graphical passwords.
Obviously, it will be understood by those skilled in the art that the method that generates password is not limited to the method for being enumerated in the above-mentioned example.
Fig. 4 shows the cipher authentication flow chart according to one embodiment of the present of invention.As shown in Figure 4, behind the device start, the device that at first is used to preserve data in the slave unit (generally is EEPROM (an electrically-erasable read-only memory), FLASH (flash memory), and NVRAM (nonvolatile RAM) or the like chip or card) in obtain the ordinary password value that the user is provided with, obtain the MAC value of this equipment then, utilize cryptographic algorithm to obtain a super code corresponding to this device mac address.When the user attempted control and operating equipment, the system prompt user inputed password.If the ordinary password of user input (also super code) is correct, then can obtain the control and the operation power of equipment.If but user's ordinary password loses or forgets, can't import ordinary password, then import super code.The match is successful if the super code of user input, is then thought super code with identical by the MAC Address of equipment being resolved the password that obtains, and the user obtains the right to use of equipment.
In the present invention, super code can by the equipment supplier exclusive software generate.Can make a super code generate software by this software and only be applicable to an equipment, the different super code of each equipment configuration generates software in other words, and this software and equipment are offered the user together.In case the user has forgotten the web-privilege password Web that is provided with,, just can utilize super code to generate the super code that software provides this equipment by supplier as long as the MAC Address of this equipment is provided.Thereby it is very easy to use.
From top narration, as can be seen, use method of the present invention,, therefore, can obtain a unique super code, thereby can accomplish a machine one password according to the MAC Address of this equipment because the MAC value of equipment is unique.The generation software of this super code has only the equipment supplier just to have, so can effectively control the confidentiality of this password.Encryption Tool is write by the equipment supplier fully, so can adjust in real time.While is having a time-delay to wait for behind each cipher authentication, can effectively prevent the professional tool decoding.
As shown in Figure 4, in authentication method of the present invention, increased a time-delay process.Like this, even there is the people to use special technology that super code is carried out letter scanning coupling, but each matching process need use the regular hour.The inventor's experiment shows, even only use time-delay in a second, the longest at password is under 8 the situation, and all the times of coupling are 8 power seconds of 62 to use up common letter.And under the situation that does not add time-delay of routine, when supposing that the device handler dominant frequency is 100M, only need one hour.Both time differences be 10 8 powers doubly.
The user can obtain this password by information platform.This platform is connection device supplier's a bridge, and it can be a company's site, the personnel of user service organization of artificial information counter and company.For the user who requires to obtain super code, need this user that necessary data is provided, comprise personal information, proof of ownership of this equipment (invoice etc.) and MAC Address.
The present invention can also have other implementation, in the equipment that for example super code that generates can be write direct, needn't call the encryption subprogram in use, directly reads in the slave unit to get final product.In addition, super code generator and the encryption algorithm that subprogram adopted are also very versatile and flexible, depend on equipment development personnel's design fully, are not limited to aforementioned algorithm.
More than the preferred embodiments of the present invention are described in detail for illustrative purposes; but those of ordinary skill in the art is to be appreciated that; under the situation of scope and spirit of the present invention; various improvement, interpolation and replacement all are possible, and all in the protection range that claim of the present invention limited.
Claims (9)
1. one kind is utilized user equipment information to generate super code and the method for carrying out authentification of user, it is characterized in that this method comprises:
1) user place equipment generates super code according to the customizing messages of described equipment;
2) described subscriber equipment utilizes this super code that the user is authenticated.
2. method according to claim 1 is characterized in that, includes spcial character and figure in the described super code.
3. method according to claim 2 is characterized in that, described spcial character comprises Macintosh and the additional character key on the computer keyboard.
4. method according to claim 2 is characterized in that, described super code generation method comprises:
1-1) obtain the customizing messages of subscriber equipment;
1-2) the crc value of the described customizing messages of calculating;
1-3) utilize the crc value of described customizing messages to generate corresponding graphical passwords.
5. method according to claim 3, it is characterized in that, include shape library in the described subscriber equipment, preserve the mutually different fundamental figure suitable with the ASCII number in the described shape library, the fundamental figure of being preserved in the described shape library is corresponding one by one with the ASCII value.
6. method according to claim 4 is characterized in that, described step 1-3) comprising:
1-3-1) utilize the crc value of described customizing messages to obtain corresponding ASCII character symbol;
1-3-2) obtain corresponding figure in the described shape library according to described crc value; With
1-3-3) utilize the ASCII character symbol and the figure that are obtained to constitute described graphical passwords.
7. method according to claim 1 is characterized in that, described super code adopts the md5 encryption algorithm that the customizing messages of described subscriber equipment is carried out cryptographic calculation and generates.
8. according to each described method of aforementioned claim, it is characterized in that the customizing messages of described subscriber equipment is the MAC Address of described subscriber equipment.
9. method according to claim 7 is characterized in that, further comprises:
3) when the super code mistake of user's input, after postponing wait, notify the user to re-enter super code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101151496A CN100546242C (en) | 2003-11-24 | 2003-11-24 | A kind of generation of super code and authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101151496A CN100546242C (en) | 2003-11-24 | 2003-11-24 | A kind of generation of super code and authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1622509A true CN1622509A (en) | 2005-06-01 |
| CN100546242C CN100546242C (en) | 2009-09-30 |
Family
ID=34760323
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2003101151496A Expired - Lifetime CN100546242C (en) | 2003-11-24 | 2003-11-24 | A kind of generation of super code and authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100546242C (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100462988C (en) * | 2006-06-29 | 2009-02-18 | 北京飞天诚信科技有限公司 | Method for setting customer flag information |
| CN102347936A (en) * | 2010-07-30 | 2012-02-08 | 国基电子(上海)有限公司 | Network access device and network access method thereof |
| WO2015096501A1 (en) * | 2013-12-25 | 2015-07-02 | 北京奇虎科技有限公司 | Method and apparatus for managing super user password on smart mobile terminal |
| CN104331645B (en) * | 2014-11-24 | 2017-05-10 | 中国航空工业集团公司洛阳电光设备研究所 | Encryption method of test system |
-
2003
- 2003-11-24 CN CNB2003101151496A patent/CN100546242C/en not_active Expired - Lifetime
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100462988C (en) * | 2006-06-29 | 2009-02-18 | 北京飞天诚信科技有限公司 | Method for setting customer flag information |
| US8181869B2 (en) | 2006-06-29 | 2012-05-22 | Feitian Technologies Co., Ltd. | Method for customizing customer identifier |
| CN102347936A (en) * | 2010-07-30 | 2012-02-08 | 国基电子(上海)有限公司 | Network access device and network access method thereof |
| WO2015096501A1 (en) * | 2013-12-25 | 2015-07-02 | 北京奇虎科技有限公司 | Method and apparatus for managing super user password on smart mobile terminal |
| US10176317B2 (en) | 2013-12-25 | 2019-01-08 | Beijing Qihoo Technology Company Limited | Method and apparatus for managing super user password on smart mobile terminal |
| CN104331645B (en) * | 2014-11-24 | 2017-05-10 | 中国航空工业集团公司洛阳电光设备研究所 | Encryption method of test system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100546242C (en) | 2009-09-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1695169B1 (en) | Method and apparatus for incremental code signing | |
| JP2004534333A (en) | Integrated protection method and system for distributed data processing in computer networks | |
| CN106228076B (en) | A kind of picture validation code guard method and system based on SGX | |
| US7805616B1 (en) | Generating and interpreting secure and system dependent software license keys | |
| CN105184181B (en) | File encryption method, file decryption method and file encryption device | |
| CN111614467B (en) | System backdoor defense method and device, computer equipment and storage medium | |
| CN101924734A (en) | Identity authentication method and authentication device based on Web form | |
| CN114499859A (en) | Password verification method, device, equipment and storage medium | |
| CN114626079A (en) | File viewing method, device, equipment and storage medium based on user permission | |
| CN104751042A (en) | Credibility detection method based on password hash and biometric feature recognition | |
| CN112307503A (en) | Signature management method and device and electronic equipment | |
| CN109784072B (en) | Security file management method and system | |
| CN100546242C (en) | A kind of generation of super code and authentication method | |
| CN111949996A (en) | Generation method, encryption method, system, device and medium of security private key | |
| CN107404476B (en) | Method and device for protecting data security in big data cloud environment | |
| CN112507355B (en) | Personal health data storage system based on block chain | |
| CN112968774B (en) | Method, device storage medium and equipment for encrypting and decrypting configuration file | |
| CN109299617A (en) | A kind of file encryption and decryption system | |
| KR100734600B1 (en) | Method of system authentication and security enforcement using self-integrity checking based on the tamper-proof H/W | |
| CN111385083B (en) | Key protection method and key protection system | |
| KR20200080776A (en) | Data security apparatus | |
| CN113642020B (en) | Dynamic encryption method and device for configuration file, electronic equipment and storage medium | |
| CN113609505B (en) | Digital watermark tampering monitoring method based on MD5 encryption | |
| CN112449143B (en) | Implementation method and implementation system of secure video | |
| CN117978399A (en) | Software identity verification method and device based on intelligent password key and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |