CN1925396A - Method and device for improving utilization security of network information product - Google Patents
Method and device for improving utilization security of network information product Download PDFInfo
- Publication number
- CN1925396A CN1925396A CN 200610113135 CN200610113135A CN1925396A CN 1925396 A CN1925396 A CN 1925396A CN 200610113135 CN200610113135 CN 200610113135 CN 200610113135 A CN200610113135 A CN 200610113135A CN 1925396 A CN1925396 A CN 1925396A
- Authority
- CN
- China
- Prior art keywords
- safety devices
- key
- information
- user
- network information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
This invention provides one method and system to improve network information product safety in information safety technique field, wherein, the method comprises the following steps: initiating information safety device; generating information safety device keys through agent for user identification; through test user uses network information product. This invention also provides one system to improve information product and the system comprises information safety device, agent initial module, operator memory module and key identification module.
Description
Technical field
The present invention relates to field of information security technology, particularly a kind of method and system of utilizing information safety devices to improve the network information product fail safe.
Background technology
Along with the high speed development of computer technology, increasing user's custom utilizes the convenient and rich in natural resources of network to finish every work.This has saved the time to a certain extent, has improved work efficiency, promoted the Internet further develop and perfect.But, along with the continuous development of high-tech means, network offer convenience to people and amusement in, also exist great potential safety hazard.
Network information product comprises the internet resource that a series of payings such as online game, network program request, Web education are used.
The development of authenticating user identification technology has improved the fail safe of user network ID to a certain extent; but prior art is in the identifying user identity legitimacy; number of the account and cipher safety aspect exist a lot of defectives on the protection user network; generally speaking; the user is if want to login some website; perhaps use some network information product (as to enter network game system; or download some software); all to pass through loaded down with trivial details authentication process itself; network information product for some payings; then need the user enough to buy the some card of certain face amount in the sales section of appointment; number of the account and password by the input point card are finished the process of supplementing with money, obtain the qualification of using network information product or increase service time.
The symmetric key cipher system is the authentication mode of the PKI system used always, and in the asymmetric key cipher system, encryption key and decruption key have nothing in common with each other, can only be with corresponding with it private key deciphering with the data of public key encryption.The digital signature of public key system had both guaranteed the confidentiality of information, guaranteed that again information has non repudiation, its principle is: at first will be expressly with the side's of being verified private key signature, obtain digital signature, then digital signature is sent to authentication, authentication is decrypted with the PKI of the side of being verified, and last and original text compares, and verifies.
HMAC-Hash is a kind of impulse response authentication mode commonly used.HMAC-Hash is that hash algorithm also claims one-way Hash algorithm to the reinforcement of Hash (Hash) algorithm, is meant under the situation of known operations result and algorithm also the algorithm that can not backwards calculation goes out raw information.Hash function has a kind of like this function: it is to the output that the input information (being commonly called as seed) of different length produces regular length, and the output of this regular length is called " hash " or " Message digest (eap-message digest) " of former input information.HMAC (keyed-Hashing Message Authentication Code) with key in conjunction with the Hash computing, and each computing all has random data to participate in, with the result data difference that guarantees that each verification process produces, even there is malefactor to intercept and capture certain verify data like this, also can't be by authentication next time.
Network system is confirmed the process of user identity, generally all is by requiring the user to input number of the account and password is confirmed its legitimacy, and this just brings the loaded down with trivial details property and the insecurity of authentication aspect to the user.With game player is example, and on the one hand, the user just needs to register particular account number and the password that matches if be thought of as the player who plays into difference, and method is more loaded down with trivial details; On the other hand, different numbers of the account and password that the game player held are not only loaded down with trivial details, and the number of the account and the password of registration be easy to be stolen very easily by network monitoring by others, or use special technique to steal, once be stolen, will bring economy or emotional distress to game player and operator.
Summary of the invention
The present invention provides a kind of method and system that improve the network information product safety in utilization in order to solve the problem of using network information product poor stability and complex operation in the prior art.Described technical scheme is as follows:
A kind of method that improves the network information product safety in utilization said method comprising the steps of:
Steps A: after the agent obtains information safety devices, information safety devices is carried out initialization generate key, and described key is fed back to network information product operator;
Step B: after described key is received by operator, described key and network information product bound be stored on the server;
Step C: the user obtains through carrying out authentication behind the information safety devices of binding, and after authentication was passed through, the user used described network information product.
Described steps A comprises that also the agent writes identification number in described information safety devices inside, and described identification number is fed back to network information product operator.
Also comprise before the described steps A:
After network information product operator obtains information safety devices, write identification number in described information safety devices inside, and described identification number is deposited in the server, then described information safety devices is provided to the agent.
Described step C comprises:
C1: import the PIN code of described information safety devices or whether user's biological characteristic validation user is the legal holder of this information safety devices by the user;
C2: the key on the described server by utilizing information safety devices authenticates the user, and after authentication was passed through, the user used described network information product.
Described step C2 verifies to the key in the described information safety devices that for the network information product carrier server utilizes asymmetric key mechanisms after checking was passed through, the user obtained to use the qualification of described network software.
Described step C2 verifies to the key in the described information safety devices that for the network information product carrier server utilizes impulse response mechanism after checking was passed through, the user obtained to use the qualification of described network software.
Described network information product comprises online game software, Web education software or network media program-requesting software.
Described information safety devices is stored at least one key.
Described information safety devices connects by USB interface and main frame.
The present invention provides a kind of system that improves the network information product safety in utilization simultaneously, and described system comprises:
Information safety devices is used for storage networking information products or user profile;
Agent initial module after being used for the agent and obtaining information safety devices, is carried out initialization to information safety devices and is generated key;
Operator's stored information module is used to deposit key and identification number;
The key authentication module, the key that is used on the server by utilizing information safety devices authenticates the user.
Described agent initial module also is used for the agent and writes identification number in described information safety devices inside.
Described information safety devices specifically comprises:
The authenticating user identification module, whether be used for information safety devices internal verification user is the legal holder of information safety devices;
Cipher key storage block is used for the key that the storage agent merchant generates when information safety devices is carried out initialization;
Communication module is used to realize the data communication between information safety devices and the main frame;
Computing module is used to utilize key to carry out the algorithm computing.
Described key authentication module specifically comprises:
The unsymmetrical key authentication ' unit is used for the network information product carrier server and utilizes asymmetric key mechanisms that the key of described information safety devices is verified, after checking was passed through, the user obtained to use the qualification of described network software;
The impulse response authentication ' unit is used for the network information product carrier server and utilizes impulse response mechanism that the key of described information safety devices is verified, after checking was passed through, the user obtained to use the qualification of described network software.
The beneficial effect that technical scheme of the present invention is brought is:
By key is arranged in the information safety devices, simplify operational ton and workflow that the user uses network information product, popularize easily; Improve the fail safe of network user's private information, prevent the loss that brings because of private information is stolen.
Description of drawings
Fig. 1 be the embodiment of the invention 1 provide to the initialized method flow diagram of information safety devices;
Fig. 2 is the identifying user identity that provides of the embodiment of the invention 1 and the method flow diagram of key;
Fig. 3 is that the another kind that provides of the embodiment of the invention 2 is to the initialized method flow diagram of information safety devices;
Fig. 4 is the system schematic of the raising network information product safety in utilization that provides of the embodiment of the invention 3.
Embodiment
The invention will be further described below in conjunction with the drawings and specific embodiments, but not as a limitation of the invention.
By the initialization to information safety devices, portion generates key within it, after the user obtains this information safety devices, utilizes this information safety devices to use the multiple network information products by network information product agent (being called for short the agent).This information safety devices is a kind of device that has processor and memory, is mainly used in the safety of message transmission, information stores and to the audit and the field of identity authentication of the Network Transmission information content, has anti-characteristic of attacking, and fail safe is high.
The concrete method of network information product of using may further comprise the steps:
1) after the agent obtains information safety devices, information safety devices is carried out initialization, generate key, and it is fed back to network information product operator place.
2) user obtains above-mentioned information safety devices, only needs just can use required network information product by relevant authentication.
In the following embodiments, network information product is that example describes with the online game, and operator is an online game operator, is responsible for building network game server, finish work such as renewal to diverse network recreation, upgrading, mandate, and provide technical support the agent; The agent is the online game agent, is responsible for finishing the initialization to information safety devices, and information safety devices being provided to the user at the inner key that generates of information safety devices; The user is the game player.
Embodiment 1
As shown in Figure 1, the initialized method of information safety devices specifically be may further comprise the steps:
Step 101: the recreation agent obtains information safety devices from information safety devices manufacturer.
Step 102: the agent writes this information safety devices to the information safety devices initialization promptly at the inner generation of information safety devices key, and with identification number.
Key can be not only one, and identification number can only corresponding key, also can corresponding a plurality of keys.Not only one of the identification number that information safety devices writes is selected as the case may be.Identification number comprises the particular data that is comprised in user account, hardware sequence number or the network information product, in the present embodiment, identification number is a user account, be mainly used in when user's logging in network game server carries out key verification, the key that with it be complementary of game server program by depositing in advance in the identification number retrieve user data storehouse, and, the corresponding key in its inside is carried out verification by client-side program visit information safety means.
Step 103: the agent is information safety devices set key and identification number are fed back to recreation operator.
The corresponding a plurality of agents of recreation operator, the agent can be carved into CD to key in the information safety devices and identification number to recreation operator, or sends to recreation operator by escape way.
Step 104: after the key and identification number that the agent sends received by recreation operator, it is deposited in the customer data base record.
When storing, each identification number is bound storage with corresponding key, and the corresponding recreation of key.
Step 105: recreation operator sends confirmation to the agent, promptly sends information safety devices usage license information to the agent.
The usage license refers to realize the binding of online game relevant information and hardware device that after the relevant information of operator with agent's feedback of playing deposits customer data base in the user just can use after getting access to information safety devices.
Step 106: the user is connected information safety devices after getting access to above-mentioned information safety devices from the agent with computer, obtain game player's qualification, and the process of specifically obtaining game player's qualification as shown in Figure 2.
Step 201: after the user was connected to computer with information safety devices, logging in network game server end was selected required recreation.
Wherein, information safety devices is connected with computer by USB interface.
Step 202: client-side program authenticates user identity, and to confirm that the user is the legal holder of hardware device, by authentication, then execution in step 203 as if the user, otherwise execution in step 205.
Confirm that the user comprises PIN code authentication, biological characteristic authentication for the legal holder's of hardware device authentication mode.In the present embodiment, the process of authentication is to verify by the information safety devices PIN code of user's input whether it is the legal holder of this information safety devices, this process is carried out by the information safety devices internal processes, whether by the PIN code of verified users input correct, judge whether the user is legal information safety means holders if being specially the information safety devices internal processes.
Step 203: carrier server authenticates the key of information safety devices inside.
Concrete authentication method can adopt asymmetric key cipher system or HMAC-Hash algorithm to carry out.Adopt the concrete steps of asymmetric key cipher system authentication to comprise:
After the recreation of user's selected network, network game server end produces a random string and sends to information safety devices by client;
Information safety devices utilizes key that random string is carried out digital signature;
Information safety devices returns to network game server end by client with digital signature;
The public key verifications digital signature that the network game server end utilization is corresponding with it.
Adopt the concrete steps of HMAC-Hash algorithm authentication to comprise:
After the recreation of user's selected network, network game server end produces a random string and sends to information safety devices by client;
Information safety devices utilizes key and HMAC-Hash algorithm that random string is calculated, and obtains the A that makes a summary, and returns to network game server end by client;
Network game server end utilizes key and HMAC-Hash algorithm that the random string of its generation is calculated, and obtains the B that makes a summary;
Relatively whether A is identical with B for network game server end.If comparative result is identical, then execution in step 204, otherwise execution in step 205.
Step 204: the user gets permission to enter selected games system, becomes the player of this recreation.
Step 205: the login of game server refusing user's enters this games system.
Embodiment 2
In the present embodiment, the user uses the process of information safety devices with embodiment 1, but in the present embodiment, the recreation agent has write identification number in advance from the information safety devices inside that operator obtains, as shown in Figure 3:
Step 301: online game operator obtains information safety devices from the hardware manufacturer.
Step 302: recreation operator writes identification number in information safety devices inside, and it is deposited in the database of game server.
In the present embodiment, identification number is mainly used in when user's logging in network game server carries out key verification, the game server program detects the key of depositing in advance in the customer data base that is complementary with it by identification number, and, the corresponding key in its inside is carried out verification by client-side program visit information safety means.
Step 303: the agent obtains information safety devices from operator.
Step 304: the agent generates the key that matches according to the game identifier of information safety devices inside number in that each hardware device is inner, and feeds back to recreation operator.
Step 305: recreation operator deposits the key of agent's feedback in the customer data base record in.
Step 306: recreation operator sends confirmation to the agent, promptly sends information safety devices usage license information to the agent.
The usage license refers to realize the binding of online game relevant information and information safety devices that after the relevant information of operator with agent's feedback of playing deposits database in the user just can use after getting access to information safety devices.
Step 307: the user gets access to above-mentioned information safety devices from the agent, just can enter the heterogeneous networks recreation, obtains game player's qualification, and its process repeats no more as shown in Figure 2 here.
Embodiment 3
Referring to Fig. 4, the present invention has also improved a kind of system that improves the network information product safety in utilization, comprising:
Information safety devices is used for storage networking information products or user profile;
Agent initial module after being used for the agent and obtaining information safety devices, is carried out initialization to information safety devices and is generated key;
Operator's stored information module is used to deposit key and identification number;
The key authentication module, the key that is used on the server by utilizing information safety devices authenticates the user.
Wherein, agent initial module also is used for the agent and writes identification number in information safety devices inside.
Information safety devices specifically comprises:
The authenticating user identification module, whether be used for information safety devices internal verification user is the legal holder of information safety devices;
Cipher key storage block is used for the key that the storage agent merchant generates when information safety devices is carried out initialization;
Communication module is used to realize the data communication between information safety devices and the main frame;
Computing module is used to utilize key to carry out the algorithm computing.
The key authentication module specifically comprises:
The unsymmetrical key authentication ' unit is used for the network information product carrier server and utilizes asymmetric key mechanisms that the key of information safety devices is verified, after checking was passed through, the user obtained to use the qualification of network software;
The impulse response authentication ' unit is used for the network information product carrier server and utilizes impulse response mechanism that the key of information safety devices is verified, after checking was passed through, the user obtained to use the qualification of network software.
Above embodiment is more preferably embodiment a kind of of the present invention, and the common variation that those skilled in the art carries out in the technical solution of the present invention scope and replacing all should be included in protection scope of the present invention.
Claims (13)
1. a method that improves the network information product safety in utilization is characterized in that, said method comprising the steps of:
Steps A: after the agent obtains information safety devices, information safety devices is carried out initialization generate key, and described key is fed back to network information product operator;
Step B: after described key is received by operator, described key and network information product bound be stored on the server;
Step C: the user obtains through carrying out authentication behind the information safety devices of binding, and after authentication was passed through, the user used described network information product.
2. the method for raising network information product safety in utilization as claimed in claim 1 is characterized in that, described steps A comprises that also the agent writes identification number in described information safety devices inside, and described identification number is fed back to network information product operator.
3. the method for raising network information product safety in utilization as claimed in claim 1 is characterized in that, also comprises before the described steps A:
After network information product operator obtains information safety devices, write identification number in described information safety devices inside, and described identification number is deposited in the server, then described information safety devices is provided to the agent.
4. the method for raising network information product safety in utilization as claimed in claim 1 is characterized in that, described step C comprises:
C1: import the PIN code of described information safety devices or whether user's biological characteristic validation user is the legal holder of this information safety devices by the user;
C2: the key on the described server by utilizing information safety devices authenticates the user, and after authentication was passed through, the user used described network information product.
5. the method for raising network information product safety in utilization as claimed in claim 4, it is characterized in that, described step C2 verifies the key in the described information safety devices for the network information product carrier server utilizes asymmetric key mechanisms, after checking was passed through, the user obtained to use the qualification of described network software.
6. the method for raising network information product safety in utilization as claimed in claim 4, it is characterized in that, described step C2 verifies the key in the described information safety devices for the network information product carrier server utilizes impulse response mechanism, after checking was passed through, the user obtained to use the qualification of described network software.
7. as the method for any described raising network information product of the claim safety in utilization among the claim 1-6, it is characterized in that described network information product comprises online game software, Web education software or network media program-requesting software.
8. as the method for any described raising network information product of the claim safety in utilization among the claim 1-6, it is characterized in that described information safety devices is stored at least one key.
9. as the method for any described raising network information product of the claim safety in utilization among the claim 1-6, it is characterized in that described information safety devices connects by USB interface and main frame.
10. a system that improves the network information product safety in utilization is characterized in that, described system comprises:
Information safety devices is used for storage networking information products or user profile;
Agent initial module after being used for the agent and obtaining information safety devices, is carried out initialization to information safety devices and is generated key;
Operator's stored information module is used to deposit key and identification number;
The key authentication module, the key that is used on the server by utilizing information safety devices authenticates the user.
11. the system of raising network information product safety in utilization as claimed in claim 10 is characterized in that, described agent initial module also is used for the agent and writes identification number in described information safety devices inside.
12. the system of raising network information product safety in utilization as claimed in claim 10 is characterized in that, described information safety devices specifically comprises:
The authenticating user identification module, whether be used for information safety devices internal verification user is the legal holder of information safety devices;
Cipher key storage block is used for the key that the storage agent merchant generates when information safety devices is carried out initialization;
Communication module is used to realize the data communication between information safety devices and the main frame;
Computing module is used to utilize key to carry out the algorithm computing.
13. the system of raising network information product safety in utilization as claimed in claim 10 is characterized in that, described key authentication module specifically comprises:
The unsymmetrical key authentication ' unit is used for the network information product carrier server and utilizes asymmetric key mechanisms that the key of described information safety devices is verified, after checking was passed through, the user obtained to use the qualification of described network software;
The impulse response authentication ' unit is used for the network information product carrier server and utilizes impulse response mechanism that the key of described information safety devices is verified, after checking was passed through, the user obtained to use the qualification of described network software.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006101131354A CN1925396B (en) | 2006-09-15 | 2006-09-15 | Method and device for improving utilization security of network information product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006101131354A CN1925396B (en) | 2006-09-15 | 2006-09-15 | Method and device for improving utilization security of network information product |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1925396A true CN1925396A (en) | 2007-03-07 |
| CN1925396B CN1925396B (en) | 2011-07-20 |
Family
ID=37817887
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006101131354A Active CN1925396B (en) | 2006-09-15 | 2006-09-15 | Method and device for improving utilization security of network information product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1925396B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150459B (en) * | 2007-10-30 | 2010-06-02 | 北京飞天诚信科技有限公司 | Method and system for improving safety of information safety device |
| WO2014071886A1 (en) * | 2012-11-09 | 2014-05-15 | 华为终端有限公司 | Information configuration method, device and system |
| CN105491077A (en) * | 2016-02-26 | 2016-04-13 | 浙江维尔科技股份有限公司 | Identity authentication system |
| CN105791277A (en) * | 2016-02-26 | 2016-07-20 | 浙江维尔科技股份有限公司 | Identity authentication method |
| CN105790951A (en) * | 2016-02-26 | 2016-07-20 | 浙江维尔科技股份有限公司 | Identity authentication device and intelligent terminal |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1338841A (en) * | 2000-08-11 | 2002-03-06 | 海南格方网络安全有限公司 | Intelligent key for security authentication of computer |
| CN1346110A (en) * | 2000-09-30 | 2002-04-24 | 刘耀民 | Network platform based software protection and sales system |
-
2006
- 2006-09-15 CN CN2006101131354A patent/CN1925396B/en active Active
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150459B (en) * | 2007-10-30 | 2010-06-02 | 北京飞天诚信科技有限公司 | Method and system for improving safety of information safety device |
| WO2014071886A1 (en) * | 2012-11-09 | 2014-05-15 | 华为终端有限公司 | Information configuration method, device and system |
| CN105491077A (en) * | 2016-02-26 | 2016-04-13 | 浙江维尔科技股份有限公司 | Identity authentication system |
| CN105791277A (en) * | 2016-02-26 | 2016-07-20 | 浙江维尔科技股份有限公司 | Identity authentication method |
| CN105790951A (en) * | 2016-02-26 | 2016-07-20 | 浙江维尔科技股份有限公司 | Identity authentication device and intelligent terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1925396B (en) | 2011-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1409836A (en) | Computer system for application by accreditation access | |
| CN100337478C (en) | A private key acquiring method for use in set-top box | |
| CN1315268C (en) | Method for authenticating users | |
| CN1879072A (en) | System and method providing disconnected authentication | |
| CN1859108A (en) | Data downloading system and method for controlling downloading business effectiveness | |
| CN1682204A (en) | Certification processing hardware, certification processing system and use management hardware | |
| CN103491084B (en) | The authentication method of a kind of client and device | |
| WO2007104243A1 (en) | The managing system of accounts security based on the instant message and its method | |
| CN1505309A (en) | Securely processing client credentials used for web-based access to resources | |
| CN1474332A (en) | Method and device for distributing content by on-line metwork | |
| CN1744100A (en) | Licensing the use of software to a particular user | |
| CN1929381A (en) | Network based software protection method | |
| CN1547142A (en) | A dynamic identity certification method and system | |
| CN1897523A (en) | System and method for realizing single-point login | |
| CN1956449A (en) | Encipher transmission method and equipment system for preventing cpying data resource | |
| CN1852094A (en) | Method and system for protecting account of network business user | |
| CN1875564A (en) | Methods and apparatus for providing application credentials | |
| CN101038612A (en) | Method for generating licence and method and apparatus for providing contents using the same | |
| CN101075866A (en) | Method and system for loading message on Internet | |
| CN1831865A (en) | Electronic bank safety authorization system and method based on CPK | |
| CN1934823A (en) | Anonymous authentication method | |
| CN1925396A (en) | Method and device for improving utilization security of network information product | |
| CN101034985A (en) | Method and system for the anti-counterfeit of the mobile phone with the dynamic code | |
| CN1921395A (en) | Method and system for improving security of network software | |
| CN1822541A (en) | Device and method for controlling computer access |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230630 Address after: 100080 no.1501, 68 North Fourth Ring Road West, Haidian District, Beijing Patentee after: BEIJING CERTIFICATE AUTHORITY Address before: 100085 17th floor, block B, Huizhi building, No.9 Xueqing Road, Haidian District, Beijing Patentee before: Feitian Technologies Co.,Ltd. |
|
| TR01 | Transfer of patent right |