CN1929374A - Dynamic password number theft-prevention - Google Patents
Dynamic password number theft-prevention Download PDFInfo
- Publication number
- CN1929374A CN1929374A CN 200510098312 CN200510098312A CN1929374A CN 1929374 A CN1929374 A CN 1929374A CN 200510098312 CN200510098312 CN 200510098312 CN 200510098312 A CN200510098312 A CN 200510098312A CN 1929374 A CN1929374 A CN 1929374A
- Authority
- CN
- China
- Prior art keywords
- prevention
- dynamic password
- password number
- user
- theft
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
This invention relates to dynamic order anti-theft system with low cost, which solves current Internet identification test problem and adopts independent computer hardwires through codes signal formula and integrates with servo random codes to generate dynamic order to make the order with large discrete to achieve one update order.
Description
Technical field
When the present invention relates under insecure environments user identity confirmed; make the Change Password that the user can be simple, effective, frequent; prevent that the password fixed from being stolen by wooden horse, virus or other rogue programs or people with malicious motive; especially the user account number that carries out online transaction, object for appreciation online game in the Internet bar is protected, be mainly used in the account number security fields.
Background technology
Along with Internet development, various tradition are used and have been moved on the network, because the inborn deficiency in the Internet, give some lawless persons with opportunity, they utilize wooden horse, virus or other rogue programs to steal other people account, reach the purpose of making profit with this, annual because of the stolen case that causes of online game account number grows with each passing day, endangered users' interests greatly.
At present, at this problem, many solutions have been arranged, but the scheme technology that has is too complicated, it is too high to popularize equipment cost difficult, that have, the clear-cut information of just encrypting input that the user can't stand, have by software, and the result causes being absorbed in a long-term technology seasaw battle because of the opening of operating system eventually, do not have good anti-theft effect, the still user who finally stands to lose.
In fact, effective method is to use the password of the each input in family all different, and the password that need to import next time is at random, unpredictable, and also can't reduce according to the password of intercepting and capturing, dynamic password card is exactly typical scheme, but because shortcomings such as high, the time synchronized precision prescribed height of its manufacturing cost can't promote always.
Summary of the invention
After the present invention is exactly the merits and demerits of antitheft scheme more than having taken into full account, in conjunction with modern electronic technology, network technology, a kind of novel, cheap, easy-to-use, the safe antitheft scheme of proposition.
This scheme has related to the equipment E1 of similar and a calculator, can when using E1 for the first time, import a unique identifier KEY, E1 is by algorithm F (X, Y) with the input the irreversible S3 of being converted into of information S2 and be shown to the user, because this equipment and computer are independent, so whole conversion process wooden horse or virus can't be stolen, this point also is the core of this programme;
Procedure involved in the present invention can embody in order to following scheme, and step comprises:
A. suppose that the user is in advance with among the unique identifying number KEY input equipment E1 who distributes to he (she);
B. the user sets up related with the account of oneself KEY in the steps A;
The user imports account S1 when C. logining;
D. system gives user prompt random information S2;
E. the user imports S2 among the E1, and (X Y) changes S2 into S3 to E1 in conjunction with predefined KEY and by non-reversible algorithm F;
F. the user imports S3 as password, confirms that the correctness of S3 is promptly finished identity validation;
Security declaration:
A. because S2 is a random information, so the S3 that calculates is unpredictable;
B. because each user's KEY is inequality, so even identical S2 also can produce different S3;
C. owing to adopting one-way algorithm, so (X Y) also can't obtain KEY by intercepting and capturing S3 and cracking F;
D. under the situation that can't obtain KEY, just can't crack the value of S3 according to S2;
E. because the character of composition S2, S3, KEY is a lot,, nearly 4,300,000,000 kinds of variations are arranged also even only use numeral;
If F. adopt the mode of conjecture, the probability that cracks is less than 1/1000000000th;
The invention characteristics:
1.E1 algorithm is open;
2.E1 need not to solidify different KEY, can produce in batches, with low cost;
3. the clock synchronization issue that does not have common dynamic password card;
4. use simply, fail safe is good;
Description of drawings
Fig. 1 is for using the step schematic diagram of this invention in the Figure of description;
Embodiment
Procedure involved in the present invention can embody in order to following scheme, and step comprises:
1. produce a kind of equipment E1 of similar and calculator, can when using E1 for the first time, allow the user import a unique identifier KEY who distributes to him;
2. the user at first set up related by WEB mode and the account number of oneself KEY before login system;
3. in the login interface of system, import the account S1 of oneself;
4. system produces an identifying code S2 at random according to S1 and be shown to user's (can just show) on the current display screen of user;
5. the user imports the S2 that sees among the E1, and has obtained the S3 that E1 calculates;
6. again S2 is input in the password input frame of login interface;
7. system's usefulness account form identical with E1 calculates a value and S3 comparison, if identical, the expression user identity is legal, otherwise promptly is illegal user;
The computational methods that above step relates to are a lot, can adopt here CRC check, MD5 etc. can, so long as unidirectional just passable;
Claims (8)
1. dynamic password number theft-prevention is used for preventing that in fly-by-night network environment the encrypted message that causes when using single password to carry out identity validation is stolen, and is characterized in that:
A. suppose that the user is in advance with among the unique identifying number KEY input equipment E1 who distributes to he (she);
B. the user sets up related with the account of oneself KEY in the steps A;
The user imports account S1 when C. logining;
D. system gives user prompt random information S2;
E. the user imports S2 among the E1, and (X Y) changes S2 into S3 to E1 in conjunction with predefined KEY and by non-reversible algorithm F;
F. the user imports S3 as password, confirms that the correctness of S3 is promptly finished identity validation.
2. dynamic password number theft-prevention as claimed in claim 1 is characterized in that: steps A, B can carry out one or many, but each KEY value must be identical.
3. dynamic password number theft-prevention as claimed in claim 1 is characterized in that: do not have inevitable order requirement between described step D, E, F and the described step C.
4. dynamic password number theft-prevention as claimed in claim 1 is characterized in that: (X Y) can adopt any transfer algorithm, checking algorithm and cryptographic means to S2 to the algorithm F of S3 in the described step e.
5. dynamic password number theft-prevention as claimed in claim 1 is characterized in that: described each step can be finished in same equipment, also can finish in distinct device.
6. dynamic password number theft-prevention as claimed in claim 1 is characterized in that: among the described step C among S1, the step D in S2, the step e S3 comprise and be not limited only to the ASC character.
7. dynamic password number theft-prevention as claimed in claim 1 is characterized in that: among the described step C among S1, the step D in S2, the step e demonstration of S3 be not limited only to mode word.
8. dynamic password number theft-prevention as claimed in claim 1 is characterized in that: S2 confirms the correctness of S3 in the conversion of S3 and the step F in the described step e, can adopt identical algorithms or algorithms of different, also can adopt asymmetric arithmetic.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510098312 CN1929374A (en) | 2005-09-08 | 2005-09-08 | Dynamic password number theft-prevention |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510098312 CN1929374A (en) | 2005-09-08 | 2005-09-08 | Dynamic password number theft-prevention |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1929374A true CN1929374A (en) | 2007-03-14 |
Family
ID=37859176
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200510098312 Pending CN1929374A (en) | 2005-09-08 | 2005-09-08 | Dynamic password number theft-prevention |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1929374A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101473314B (en) * | 2006-06-15 | 2011-07-06 | 微软公司 | Entering confidential information on an untrusted machine |
| CN102609646A (en) * | 2012-01-20 | 2012-07-25 | 华为终端有限公司 | Information protection method, information protection device and terminal equipment |
-
2005
- 2005-09-08 CN CN 200510098312 patent/CN1929374A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101473314B (en) * | 2006-06-15 | 2011-07-06 | 微软公司 | Entering confidential information on an untrusted machine |
| CN102609646A (en) * | 2012-01-20 | 2012-07-25 | 华为终端有限公司 | Information protection method, information protection device and terminal equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9729538B2 (en) | System, method and process for detecting advanced and targeted attacks with the recoupling of kerberos authentication and authorization | |
| CN101557287A (en) | Method for identity identification according to characteristics of user keystroke | |
| CN103310160B (en) | A kind of method, system and device preventing webpage to be tampered | |
| Roichman et al. | Fine-grained access control to web databases | |
| JP2005071202A (en) | System for mutual authentication between user and system | |
| CN101588352A (en) | Method and system for ensuring security of operating environment | |
| CN101877636A (en) | Equation password encryption method | |
| CN1929374A (en) | Dynamic password number theft-prevention | |
| US20130268764A1 (en) | Data event authentication and verification system | |
| CN106295384A (en) | A kind of big data platform access control method, device and certificate server | |
| US20190065712A1 (en) | Method, computer program, and system to realize and guard over a secure input routine based on their behavior | |
| CN106933605A (en) | A kind of intelligent progress recognizing control method and system | |
| CN105187409B (en) | A kind of device authorization system and its authorization method | |
| CN110032862B (en) | Dynamic data protection method and device for preventing database attack | |
| CN106534115A (en) | Electronic medical record system design based on domestic cipher algorithm and method | |
| CN103166968A (en) | Method of realizing effectively network real name system | |
| CN216122450U (en) | Power grid safety audit system | |
| CN105391727A (en) | System login method based on mobile terminal | |
| CN112016119B (en) | Autonomous identity management method based on block chain | |
| JP4641121B2 (en) | How to create and register a login password | |
| Nanda et al. | Oracle Privacy Security Auditing: Includes Federal Law Compliance with HIPAA, Sarbanes-Oxley & the Gramm-Leach-Bliley Act GLB | |
| CN114822796A (en) | Vaccine distribution management system and method based on intelligent contract and contract platform | |
| CN114218176A (en) | Cross-platform data secure sharing and exchanging method | |
| CN113130036A (en) | New crown vaccine management system and method based on Etheng | |
| CN108268761A (en) | A kind of method of password authentication and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |