CN1835435A - Method and system for preventing network user's secrete code from stolen - Google Patents
Method and system for preventing network user's secrete code from stolen Download PDFInfo
- Publication number
- CN1835435A CN1835435A CN 200610071297 CN200610071297A CN1835435A CN 1835435 A CN1835435 A CN 1835435A CN 200610071297 CN200610071297 CN 200610071297 CN 200610071297 A CN200610071297 A CN 200610071297A CN 1835435 A CN1835435 A CN 1835435A
- Authority
- CN
- China
- Prior art keywords
- password
- stolen
- client
- algorithm
- network user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The system includes server-side and client-side, both of them are authenticated each other through password. When the user at client-side logs in the server-side through the client-side, he hasn't need to submit an original password but submits a substitution password generated by a calculation basing on partial data extracted from the original password by using a certain algorithm. The algorithm is accordance with certain rule in order to make deducing the original password by the substation password impossible. The system can automatically alter the algorithm of the substitution password at each time of user log-in so that the original password wouldn't be obtained even so the Troy virus program gets the substitution password.
Description
(1) technical field:
The invention belongs to the computer network field.
(2) background technology:
Internet development is swift and violent now, the pattern of a lot of servers to client appearred in network, usually need the client to import account number cipher in this pattern with logon server, then the service of using server to provide, stored client's various information in the server, can make amendment or use the information of oneself behind client's logon server.Much has economy or other value because have in these information of client, so use illegal means to steal client's account number cipher for ordering about of interests with regard to some unprincipled fellow, so as to stealing the valuable information of client (as the virtual money of Web bank deposit, online game and equipment etc.)." wooden horse " program is exactly modal in these illegal means, the unprincipled fellow is by also moving automatically in the computer of variety of way with " wooden horse " program implantation client, can monitor the action of client's input, transmission account number cipher after " wooden horse " program running, in case reach the requirement of " wooden horse " program, " wooden horse " program will with steal account number cipher and other useful informations send to the account number cipher stealer by electronic mail.Stolen by this method in recent years people is more and more, and stolen property can't be added up." wooden horse " program is difficult to be found usually, during operation without any sign, so make us hard to guard against.Stolen in order to prevent password, the researcher has proposed some guard methods.Announced the method for a kind of dynamic cipher safety system and generation dynamic password in the CN02100841.8 patent document, it comprises that GSM network, short message processing platform, dynamic password generate server, merchant identity checking treatment system and system maintenance management system, carry out the transmission of data to each other by the GSM gateway.This invention produces disposal dynamic cipher at random according to user's phone number, and with the form application of SMS, transmit the dynamic password that this is used for authentication.Prevent to a certain extent to be stolen damnous situation generation by other people to the client because of static password.The topmost shortcoming of this kind method is to use mobile phone, needs to pay the expense of note simultaneously.Announced another kind of solution in the CN200410098462.8 patent document: the hypergene that accesses to your password is grown up to be a useful person, produce the time password table (being called for short password table or table) that a random number is formed respectively according to different users, table is tied on the corresponding account, and offer the user with the form of paper or electronics, the oral again or initial effective code of communication agreement position.Effective code can only be with once, and the time spent effective code will become Next Password in the table next time, if effective code is at the table tail, next effective code becomes in the table first, promptly recycles the password table.This method plays certain antitheft effect, but process is cumbersome, exists the password table not at one's side with regard to out of use situation simultaneously.Also announced a kind of method in the CN200410009913.6 patent document, some electronic product that has occurred (as " the grand password protection " of grand company) on the present market, just be based on the product of this method, its shape such as beeper, per minute can generate a dynamic password.The user also needs to input the password that password protection generates behind the input original password, because this password per minute changes once and each password protection password can only use once, also be difficult to steal account number so stealer has been stolen this number.So just reduced by the danger of steal-number to a certain extent.But the price of password protection is very expensive usually, buys the opening process complexity, also loses easily, is user's unnecessary burden, and need carries, if password protection oneself can't not logined the account number of oneself on hand yet.Be not easy large-scale promotion based on above each point password protection.
(3) summary of the invention:
The present invention can replace the account number cipher that above method is protected the user fully, and fail safe is higher, does not need the user to buy hardware in addition, and, because what use is that the method for pure software does not exist the problem of carrying, losing, can use at any time.Concrete grammar is that the environment at needs is provided with an interactive system, this system is made up of service end and client, service end has the user profile such as " original passwords " that comprises user (client user), when the user passes through accessing server by customer end, directly do not submit user's " original password " to, but " substituting password " that the data in " original password " go out by certain algorithm computation chosen in submission, and whether service end corrects errors the decision user can logon server according to " substituting password ".Like this, " wooden horse " can only tackle algorithm and " substituting password ", as long as algorithm reaches certain requirement, can't backstepping " original password " with algorithm and " substitute password ", and system can change the generation method of " substituting password " when each user logins, and makes the each login service end of client " substituting password " all inequality.Like this, " wooden horse " is even supervisor is stolen to such an extent that " substituting password " also can't obtain " original password " or pass through " substituting password " login service end.Complicated more to carry out inverse operation just difficult more but it should be noted that operation method, but client's complicated operation degree is increased, so should choose operation method more simply and don't easily by the reverse method that cracks.In order to make fail safe higher, easier use, with the following method of appropriate to the occasion employing: the partial data in the random extraction original password participates in calculating, and like this, even gone out to participate in all data of computing by backstepping, what obtain neither a complete password; The algorithm that selects can be represented and sends, make the user motivated, simple to operate with a mathematical formulae; Calculate importation, " substitute password " back, server is also only verified correcting errors of this part, makes " wooden horse " program steal to such an extent that also be difficult to utilize carry out reverse cracking after the input data.
(4) embodiment:
Embodiment 1: as bank system of web, bank can require user " original password " must use 10 numeral when the user applies account number, and account number is the card number of bank's appointment.Service end presets multiple (may be several ten thousand kinds or more) to the algorithm of " original password ", waits picked at random when to be used.When the user logins, fill in after account number sends to service end, a kind of algorithm of service end picked at random of bank sends to client.Such as algorithm is to take the 1st of family password, 3,5,7 and be multiplied by the 9th again, the user is motivated, simple to operate can directly to send 9 of formula (1+3+5+7) * in order to make, suppose that original password is ten passwords of 1234567890, using the formula calculating of front is exactly (1+3+5+7) * 9=144, and then client's input " 144 " just can be by the checking of service end.We can say that this is irreversible algorithm basically, because this is an equation with many unknowns, the result of inverse operation will be the combination that a lot of groups of numerals are arranged.After client's login once, when the client landed again next time, the formula that server sends just may become (2+4+8) * (6+7).To land algorithm all different at every turn, and " the substituting password " of then calculating is also different, and like this, " wooden horse " is even supervisor is stolen to such an extent that " substituting password " also can't be by " substituting password " login service end.And because do not use all data of original password, even gone out to participate in all numerals of computing by backstepping, what obtain neither a complete password.Service end also can change the requirement that the user is provided with the password figure place fully according to actual needs in this example.The algorithm that presets of service end is the program that can generate by certain rule in addition, as select at random in the password several data, select several operators to form the program of formula at random.
The input password " 144 " that calculates in embodiment 2 examples 1 has only 3, if 12 situation simply also may appear in algorithm, guessed easily in this case, guessing at most within 3 can be run into correct 1000 times so, certainly in fact service end can be provided with mistake and once just refuse to pass through and change algorithm, but still have 1/1/1000th probability to be guessed, the method for solution be can optimized Algorithm so that result's figure place increases, strengthen fail safe.The result that can use " logic add " scheduling algorithm to go up in the example such as formula [9 logic adds of (1+3+5+7) * (2+4)] has just become 1446, (logic add is meant dosing on the figure place to have become 4, as 1 logic add 1 is that 11,2 logic adds 3 are 23 or the like).If the result is reached more than 5 have been guessed with regard to more difficult.The computing that this example uses is many, in fact can just can reach approaching effect with less calculating.Key is the design and the selection of algorithm.Should this kind method as safe as a house, but have a very little hidden danger, if often use same computer, and this computer has suffered " wooden horse " program.The calculating process that same password may occur is repeatedly tackled and is finally made " wooden horse " program obtain enough data of separating " equation with many unknowns group ", though difficulty is very big, but have small possibility, and the method for solution is: all do not import after calculating " substituting password ", but the importation, in this example, service end can require to import 3 among 4 results, such as 1,2 in the input results, 4, this uncertain factor can make the difficulty of separating " equation with many unknowns group " increase greatly.In addition, can use " substituting password " to use this law to continue to calculate other " substituting password " again, fail safe is just higher, but the relative complex that process becomes.
In embodiment 3 superincumbent each examples, except that numeral, various alphabetic characters can be made password and use, but want their numerical value of predefined, such as definition A=11 B=12 or the like, make them can be used for calculating, but computational process can relative troubles.
The example of embodiment more than 4 also can be used with traditional password input.As using 2 or a plurality of password, such as the 1st password conventional method, complete input, correct back is in the input of carrying out the 2nd password, and the 2nd password uses the inventive method.The order of certain 2 passwords also can be put upside down, and promptly the 1st password method of the present invention is imported the 2nd password by verifying the back.
Claims (10)
1. method and system that are used for the protecting network user information safety, the method and system that particularly a kind of protecting network user cipher is not stolen, comprise the service end and the client that realize trust by user's " original password ", it is characterized by: when user (client user) passes through client login service end, " original password " of directly not submitting to the user to need protection, but " substituting password " that the data in this " original password " go out by certain algorithm computation chosen in submission; System can change the algorithm of " substituting password " automatically when each login, make the each login service end of client " substituting password " all inequality.
2. the method and system that protecting network user cipher according to claim 1 is not stolen, the mode that it is characterized by the data in the extraction " original password " are that " original password " resolved into a plurality of data arbitrarily and specify in these data one or more at random.
3. the method and system that protecting network user cipher according to claim 1 is not stolen, the algorithm that it is characterized by and calculate " substituting password " are fixed multiple or non-fixed but can generate by certain rule.
4. the method and system that protecting network user cipher according to claim 1 is not stolen, it is characterized by and calculate " substituting password " after, the user according to the requirement that has obtained selectively submit to " substituting password " in a part verify to service end.
5. the method and system that protecting network user cipher according to claim 1 is not stolen, it is characterized by this algorithm and be add, subtract, multiplication and division, logic add, root, the various mathematical algorithms of idempotent and their combinatorial operation.
6. the method and system that protecting network user cipher according to claim 1 is not stolen, it is characterized by this algorithm can represent with a mathematical formulae.
7. the method and system that protecting network user cipher according to claim 1 is not stolen is characterized by the algorithm that calculates " substituting password " and is generated by service end, sends to client during use.
8. the method and system that protecting network user cipher according to claim 1 is not stolen is characterized by the algorithm that calculates " substituting password " and is generated by client, sends to service end during use.
9. the method and system that protecting network user cipher according to claim 1 is not stolen; " original password " that it is characterized by client sets in advance and is numeral; English alphabet and other can be used for the character of password, and be defined as can computing unit (composing no value for different characters).
10. the method and system that protecting network user cipher according to claim 1 is not stolen is characterized by, and this method and system is used with traditional cipher-code input method in actual applications.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610071297 CN1835435A (en) | 2006-04-03 | 2006-04-03 | Method and system for preventing network user's secrete code from stolen |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610071297 CN1835435A (en) | 2006-04-03 | 2006-04-03 | Method and system for preventing network user's secrete code from stolen |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1835435A true CN1835435A (en) | 2006-09-20 |
Family
ID=37003054
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610071297 Pending CN1835435A (en) | 2006-04-03 | 2006-04-03 | Method and system for preventing network user's secrete code from stolen |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1835435A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101944914A (en) * | 2010-09-19 | 2011-01-12 | 刘继峰 | Method for dynamic combination of account numbers and passwords |
| CN103036852A (en) * | 2011-09-29 | 2013-04-10 | 北大方正集团有限公司 | Method and device for achieving network login |
| CN105516126A (en) * | 2015-12-04 | 2016-04-20 | 上海斐讯数据通信技术有限公司 | System and method for generating simple password on webpage end |
-
2006
- 2006-04-03 CN CN 200610071297 patent/CN1835435A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101944914A (en) * | 2010-09-19 | 2011-01-12 | 刘继峰 | Method for dynamic combination of account numbers and passwords |
| CN103036852A (en) * | 2011-09-29 | 2013-04-10 | 北大方正集团有限公司 | Method and device for achieving network login |
| CN103036852B (en) * | 2011-09-29 | 2015-10-28 | 北大方正集团有限公司 | A kind of method and device realizing network entry |
| CN105516126A (en) * | 2015-12-04 | 2016-04-20 | 上海斐讯数据通信技术有限公司 | System and method for generating simple password on webpage end |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104541475B (en) | User authen method, user authentication device and security ststem | |
| CN106797371B (en) | Method and system for user authentication | |
| US8117458B2 (en) | Methods and systems for graphical image authentication | |
| US8850519B2 (en) | Methods and systems for graphical image authentication | |
| US7266693B1 (en) | Validated mutual authentication | |
| AU2005318933B2 (en) | Authentication device and/or method | |
| EP1829281B1 (en) | Authentication device and/or method | |
| US20110231913A1 (en) | System and methods of determining computational puzzle difficulty for challenge-response authentication | |
| EP2020114A2 (en) | Graphical image authentication and security system | |
| CN105723376A (en) | Systems and Methods for Verifying a User Based on Reputational Information | |
| Patel et al. | DAuth: A decentralized web authentication system using Ethereum based blockchain | |
| AU2004282865B2 (en) | Authentication system | |
| CN103236927A (en) | Dynamic-identification-based authentication method and system | |
| JP6701359B2 (en) | Dynamic graphical password-based network registration method and system | |
| CN101577697A (en) | Authentication method and authentication system for enforced bidirectional dynamic password | |
| CN101359987A (en) | Algorithm cipher | |
| CN1835435A (en) | Method and system for preventing network user's secrete code from stolen | |
| CN1716852B (en) | Formula cipher combined graph prompting interactive dynamic cipher checking mode | |
| CN101425118A (en) | Dynamic password generating method | |
| CN102291238A (en) | Network user identity authentication method | |
| CN101355426A (en) | Method and system for authenticating identification based on dynamic password | |
| US7958540B2 (en) | Method for conducting real-time execution of transactions in a network | |
| Hallam-Baker | The dotcrime manifesto: How to stop internet crime | |
| CN104618359A (en) | Method and system for reinforcing user login process security | |
| Golla et al. | " I want my money back!" Limiting Online Password-Guessing Financially. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |