CN201467167U - Password encoder and password protection system - Google Patents
Password encoder and password protection system Download PDFInfo
- Publication number
- CN201467167U CN201467167U CN2009201107513U CN200920110751U CN201467167U CN 201467167 U CN201467167 U CN 201467167U CN 2009201107513 U CN2009201107513 U CN 2009201107513U CN 200920110751 U CN200920110751 U CN 200920110751U CN 201467167 U CN201467167 U CN 201467167U
- Authority
- CN
- China
- Prior art keywords
- user
- cipher
- unit
- password
- secret value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The utility model discloses a password encoder, which comprises an input unit, a password digest generation unit and a display unit, wherein the input unit is used to receive a dynamic key and a user password which are provided by a user and provide the dynamic key and the user password for the password digest generation unit; the password digest generation unit is used to generate an encrypted value according to the dynamic key, the user password and a Hash function and send the encrypted value to the display unit; and the display unit is used to display the dynamic key and the user password which are received by the input unit and display the encrypted value. The utility model also discloses a password protection system. After the utility model is applied, and since the sent password character sequence is a converted encrypted value, a hacker cannot crack the real password through the encrypted value, and thereby the password input security can be enhanced.
Description
Technical field
The utility model relates to field of information security technology, more specifically, relates to a kind of cryptography device and cipher protection system.
Background technology
Along with constantly popularizing of network application, people often need visit various websites, as electronic business transaction, send and receive e-mail (Email), online chat, online game etc.Before Website login, all need the user to import the username and password of oneself usually.Yet, exist various viruses at present on the net, can when the user inputs password, stealthily note the character that the user imports by keyboard, thereby steal user's password, this just brings very big risk to the user.
In the prior art, generally adopt soft keyboard to prevent that keyboard input from being intercepted and captured by Virus.Specifically comprise: when needs input password, application program provides a patterned keyboard interface, and the user uses the wherein patterned character button of click, and knocking of substituting for key inputs to application program with code characters.In this technology, when the user clicks the character picture buttons, computer system has just received the positional information of click, rather than real character, even thereby input is intercepted and captured by Virus, which character what virus also can't be known input is on earth, has only application program just to know the positional information of each graphic character and the corresponding relation between the character.
The use of soft keyboard can stop viral eavesdroppings to the keyboard input such as Key Logger to a certain extent, but some Viruses still can adopt other method to steal the password of input, such as:
(1) Snipping Tool:
For example, " security robber " virus is intercepted and captured at people's anti-virus center, river in 2004.This virus author has considered soft keyboard input cryptoguard technology.Virus can save as two black and white pictures with user's log-in interface continuously by Snipping Tool after operation, by the calling module that carries picture is sent to the mail recipient of appointment then.The hacker is by to the click location of mouse in the photograph and picture, and that just probably decodes out the user lands number of the account and password, thereby breaks through soft keyboard cryptoguard technology, serious threat stock invester online secorities trading safety.
(2) directly catch character after the soft keyboard input:
Soft keyboard has just been simulated the input of keyboard, through after the conversion process of application program, still can provide real character in the text box of input password.Virus can be obtained the content in the password input text frame by the com interface of web browser, perhaps directly tackles HTML (Hypertext Markup Language) (Http) message that browser sends, and therefrom also can obtain the encrypted message of user's input.
This shows that prevent the technology that password is illegally intercepted although now some have occurred, along with the progress of virus technology, present password input safety still has much room for improvement.
The utility model content
The utility model proposes a kind of cryptography device, to improve the password input safety.
The utility model proposes a kind of cipher protection system, to improve the password input safety.
The technical solution of the utility model is as follows:
A kind of cryptography device comprises input unit, cryptographic summary generation unit and display unit, wherein:
Input unit is used to receive customer-furnished dynamic key and user cipher, and provides described dynamic key and user cipher to the cryptographic summary generation unit;
The cryptographic summary generation unit is used for according to described dynamic key and user cipher and hash (Hash) function generation secret value, and this secret value is sent to display unit;
Display unit is used to show dynamic key and the user cipher that is received by input unit, and shows described secret value.
Described input unit is calculator keyboard or computer keyboard or portable terminal keyboard.
Described Hash function be used for information authentication sign indicating number based on the cipher key Hash hmac algorithm.
Described cryptography device further comprises map unit,
Described map unit, the secret value mapping that is used for the cryptographic summary generation unit is generated converts the character visible sequence to, and described character visible sequence is sent to display unit shows.
A kind of calculator comprises aforesaid cryptography device.
A kind of portable terminal comprises aforesaid cryptography device.
A kind of cipher protection system comprises user authentication unit and cryptography device, wherein:
User authentication unit, the request that is used to respond the user provides dynamic key to the user, and the user cipher of preserving according to self, described dynamic key and generate secret value with the Hash function of cryptography device agreement, and the secret value that sends when this secret value that generates and cryptography device is when identical, and the user cipher that the judgement user provides is correct;
The cryptography device is used to receive dynamic key and user cipher by user's input, and generates secret value according to the hash Hash function of described user cipher and dynamic key and described agreement, and this secret value is sent to user authentication unit.
Described cryptography device comprises mobile communication module and cryptographic summary generation unit, wherein:
Described mobile communication module is used for receiving the dynamic key that is offered the user by user authentication unit by short message;
The cryptographic summary generation unit is used for according to described user cipher and dynamic key and hash Hash function generation secret value.
Described cryptography device further comprises map unit;
Described map unit, be used for according to the mapping relations of user authentication unit agreement, convert the character visible sequence to calculating the secret value that generates, and described character visible sequence is sent to user authentication unit authenticate;
User authentication unit, be used for converting this secret value that self generates to the character visible sequence according to the mapping relations of this agreement, and the character visible sequence of sending when this character visible sequence and the map unit of self conversion is when identical, and the user cipher that the judgement user provides is correct.
Described Hash function be used for information authentication sign indicating number based on the cipher key Hash hmac algorithm.
From technique scheme as can be seen, cryptography device of the present utility model comprises input unit, cryptographic summary generation unit and display unit.The cryptographic summary generation unit, the user cipher and the hash Hash function that are used for the dynamic key that receives according to the user and user input generate secret value, and this secret value is sent to display unit; Display unit is used to show dynamic key and the user cipher that is received by input unit, and shows described secret value.This shows that use after the utility model embodiment, because the code characters sequence that sends is the secret value through changing, the hacker can't crack true password by this secret value, therefore can improve the password input safety.
And, use after the utility model embodiment, because password is imported by keyboard, the password of input generally all is shown as password the mask of non-text in text box, even the HMAC value of display password, because the HMAC function has one-way, also can not cause password to be cracked, therefore further improved the password input safety.
Also have, even Virus can read the character in the cryptogram frame, perhaps intercepted and captured the cryptogram in the logging request that the user submits to, because the just HMAC value of password that the hacker obtains, can not be by the actual value of this value decryption, also can't directly reset, therefore further improve the fail safe of password authentification again to cipher authentication system.
Description of drawings
Fig. 1 is according to cipher-code input method schematic flow sheet of the present utility model;
Fig. 2 is according to cryptography device structural representation of the present utility model;
Fig. 3 is according to cryptography device profile schematic diagram of the present utility model;
Fig. 4 is according to cipher protection system structural representation of the present utility model;
Fig. 5 is according to cipher code protection method schematic flow sheet of the present utility model;
Fig. 6 is according to cipher protection system login schematic diagram of the present utility model.
Embodiment
For making the purpose of this utility model, technical scheme and advantage express clearlyer, the utility model is further described in more detail below in conjunction with drawings and the specific embodiments.
Fig. 1 is according to cipher-code input method schematic flow sheet of the present utility model.In this method, at first between cipher authentication side and password input side, arrange hash (Hash) function.
As everyone knows, one-way function is a kind of mathematical function.At the input of appointment, utilize one-way function can calculate the result at an easy rate.Yet under the situation of only knowing result of calculation, the value that instead release input but is difficult to accomplish.
Below the Hash function is carried out exemplary illustrated.
The Hash function is called as one-way hash function, is that the message maps that a kind of energy will be grown arbitrarily is the open function of the hash value of fixed length.The result of calculation of Hash function is called as the summary of original input message.The Hash function is used very extensive in cryptography, with various cryptographic algorithm close getting in touch is arranged.
The model of Hash function is as follows:
h=H(M):
Wherein, M is pending message data; H is the Hash function; H is the eap-message digest that generates; Its length is fixed, and irrelevant with the length of M.
The Hash function has more following character:
(1): the Hash function can be applicable to the data block of random length;
(2): the Hash function produces the output of fixed length;
(3): for any given M and H, calculate the h ratio and be easier to, all can realize with hardware and software;
(4): to any given H and h, can't calculate M, this can be referred to as one-way again;
(5): to any given H and M, finding different message M1, make H (M1)=H (M), is infeasible on calculating, and this is referred to as anti-weak collision again;
(6): to any given H, finding different message M1 and M2, make H (M1)=H (M2), is infeasible on calculating, and this is referred to as anti-collision again.
Message Digest 5 commonly used at present has MD5 and SHA1.
Continue below flow process of the present utility model is described.As shown in Figure 1, this method comprises:
Step 101: cipher authentication direction password input side provides dynamic key.
Preferably, when the user of the password side of input side logins at every turn, the capital dynamically generates a dynamic key at random by cipher authentication side, and send this dynamic key to password input side with the form of picture or character, on the display terminal of password input side, this dynamic key picture or character are presented in the login interface, thereby the user can be known this dynamic key.Transmit dynamic key with picture and can strengthen the anti-ability of cracking in the network transmission process,, also can adopt character style to transmit this dynamic key if do not worry to be cracked.Correspondingly, in cipher authentication side, preserve this dynamic key, in follow-up verification process, to be used.
Step 102: password input root is according to user cipher, this dynamic key and should generate secret value by agreement Hash function, and this secret value is sent to cipher authentication side authenticates.
Here, preferably, password input root is used for cipher key Hash (HMAC) value of message authentication according to user cipher, dynamic key and the generation of this agreement Hash function, and this HMAC value is sent to cipher authentication side authenticates.
Step 103: the cipher authentication root is according to the user cipher of self preserving, described dynamic key and should generate secret value by agreement Hash function, and the secret value that sends of this secret value that generates when cipher authentication side and password input side is when identical, and the user cipher that judgement password input side provides is correct.
Here, preferably, the cipher authentication root is according to the user cipher of self preserving, described dynamic key and should generate the HMAC value by agreement Hash function.When the HMAC value that this HMAC value that generates when cipher authentication side and password input side send was identical, the user cipher that judgement password input side provides was correct.
It will be appreciated by those of skill in the art that using the HMAC function to generate secret value only is a kind of exemplary embodiment, and shall not be applied to qualification protection range of the present utility model.In fact, the utility model embodiment can also adopt other function to generate secret value, and the conversion on these functions does not break away from protection range of the present utility model.
Below the HMAC function is elaborated.
On the basis of Hash function, produced the algorithm of a kind of HMAC of being called as again.
The HMAC function can be expressed as:
y=HMAC(x,k,h)
Wherein message is imported in the x representative;
K represents one communication two party institute cipher key shared (dynamic key that provides for cipher authentication direction password input side herein) is provided;
H represents certain hash algorithm (being the hash algorithm of cipher authentication side and password input side agreement), for example common MD5 and SHA1 herein;
Y represents the result of calculation of HMAC function, just a kind of summary of x.
The application process of HMAC function is as follows:
(1): before the transmission data, communication two party negotiates common hash algorithm and HMAC key k by certain mode.Determining and can realizing by protocol interaction of hash algorithm also can arrange to realize by certain system.HMAC key k is dynamic change, and each employed key k of conversational communication is different.
(2): under the situation that k and h determine, the HMAC function has just become a hash function, has one-way and anti-collision, can go out corresponding summary to the cryptographic calculations of input.
(3): after this conversational communication finished, key k just lost efficacy.Later on during logging in system by user, system will produce new shared key k, thereby obtain and the different HMAC value of a preceding communication.
Like this, even the hacker has intercepted and captured the HAMC value of password that the user submits in process of user login, the hacker both can't crack real password (one-way of HMAC), also can't use Replay Attack to pass through the authentication (dynamic of HMAC) of system.
Because (result of calculation h) is a byte sequence to HMAC for x, k, and wherein some byte may be the character that can not show, this brings some troubles may for the transmission and the use of character.In view of this, the utility model embodiment proposes preferred solution.
Further preferred, can set up the mapping relations between the character visible on represented numerical value of byte and the keyboard, password input side is after generating the HMAC value, further will convert the HMAC value to the character visible sequence according to these mapping relations, and this character visible sequence is sent to cipher authentication side authenticate, cipher authentication side also adopts identical mapping relations that the HMAC value of oneself calculating is transformed, and then compare with character visible sequence that password input side is transmitted, when both were identical, the user cipher that judgement password input side provides was correct.
Particularly, can design a mapping table, the represented numerical value (0-255) of byte is mapped as the character visible that can import on the keyboard.After password is through the HMAC function calculation, through this mapping table the byte of output is changed again, just can obtain the sequence of a new character visible, this moment, this sequence still had one-way and anti-collision.The realization of mapping table can multiplely be made up, as long as adopt unified implementation in cipher authentication side and password input side.
Based on above-mentioned analysis, the utility model embodiment has proposed a kind of cryptography device.
Fig. 2 is according to cryptography device structural representation of the present utility model.
As shown in Figure 2, this cryptography device comprises input unit 201, cryptographic summary generation unit 202 and display unit 203.
Cryptographic summary generation unit 202 is used for according to described dynamic key and user cipher and hash (Hash) function generation secret value, and this secret value is sent to display unit 203;
Wherein input unit 201 is the parts that are used for input character.Input unit 201 can only provide the Arabic numerals input of 0-9, and such as the keyboard of calculator, input unit 201 also can provide the input of numeral and English alphabet, such as computer keyboard or cell phone keyboard.
In addition, on the input unit 201 some function keys can also be arranged, press the execution that function key will trigger certain specific function.
The cryptography device that the utility model proposes can have the multiple product form.Such as: the cryptography device that the utility model proposes can be applied to pocket calculating machine, the user just can calculate the HMAC value of password by calculator like this.The cryptography device that the utility model proposes can also be applied in the portable terminal (such as smart mobile phone), the user just can calculate the HMAC value of password by portable terminal like this.
Preferably, the Hash function can for be used for information authentication sign indicating number based on cipher key Hash (HMAC-MD5) algorithm or (HMAC-SHA1) algorithm.It will be appreciated by those of skill in the art that the cryptography device can also adopt the Hash function of other any type, the utility model is to this and indefinite.
In addition, because the result that hmac algorithm calculates is a pseudo random sequence, the span of each byte is 0-255, some value can not be imported by the keyboard of current system, so may also need the cryptographic summary maker again the HMAC value of password to be carried out a code conversion, make the character string of last output meet the employed character set of keyboard. for example can prepare such two kinds of codings:
(1) [0-255] is to the coding of ASCII character visible set.
(2) [0-255] is to the coding of 0-9 numeral.
Wherein, the mapping relations between numerical value and the character are not done concrete regulation in the utility model, multiple scheme can be arranged.
So preferably, the cryptography device further comprises map unit (not illustrating among Fig. 2).Map unit, the secret value mapping that is used for cryptographic summary generation unit 202 is generated converts the character visible sequence to, and described character visible sequence is sent to display unit 203 shows.
Based on the described cryptography device of Fig. 2, can not break away from protection range of the present utility model and produce the embodiment of various ways.Such as: Fig. 3 is according to cryptography device profile schematic diagram of the present utility model.
And the utility model has also proposed a kind of cipher protection system.
Fig. 4 is according to cipher protection system structural representation of the present utility model.
As shown in Figure 4, this system comprises user 401, user authentication unit 402 and cryptography device 403, wherein:
User authentication unit 402, the request that is used to respond the user provides dynamic key to user 401, and the user cipher of preserving according to self, described dynamic key and generate secret value with the Hash function of cryptography device agreement, and the secret value that sends when this secret value that generates and cryptography device 403 is when identical, and the user cipher that the judgement user provides is correct;
Cryptography device 403 is used to receive dynamic key and user cipher by user's 401 inputs, and generates secret value according to the hash Hash function of described user cipher and dynamic key and described agreement, and this secret value is sent to user authentication unit 402.
Here, the authentication both sides must adopt identical hmac algorithm just can guarantee normal authentication with identical character conversion mode.Can adopt concrete message format to come password HMAC value is encapsulated.Such as, the concrete message format of HMAC value can comprise: the coded sequence of algorithm sign, code identification, password HMAC value.
For algorithm sign, can stipulate that " 1 " represent HMAC-MD5, " 2 " represent HMAC-SHA1; ) for code identification, can stipulate that " 1 " representative is converted to the ASCII character visible, " 2 " representative is converted to numerical character.
Cryptography device 403 uses above-mentioned form that result of calculation is encapsulated after calculating the HMAC value of password, and the message after the encapsulation is sent to user authentication unit 402.User authentication unit 402 can be calculated by hmac algorithm and character conversion mode that " algorithm sign " in the message and " code identification " are selected to be complementary with cryptography device 403 automatically.
And cryptography device 403 can also comprise mobile communication module and cryptographic summary generation unit (not illustrating among Fig. 4), wherein:
Mobile communication module is used for receiving the dynamic key that is offered the user by user authentication unit by short message;
The cryptographic summary generation unit is used for according to described user cipher and dynamic key and hash Hash function generation secret value.
Preferably, cryptography device 403 further can comprise map unit (not illustrating among Fig. 4).Map unit, be used for according to the mapping relations of user authentication unit 402 agreement, convert the character visible sequence to calculating the secret value that generates, and described character visible sequence is sent to user authentication unit 402 authenticate; User authentication unit 402, be used for converting this secret value that self generates to the character visible sequence according to the mapping relations of this agreement, and the character visible sequence of sending when this character visible sequence and the map unit of self conversion is when identical, and the user cipher that the judgement user provides is correct.
Preferably, described Hash function be used for information authentication sign indicating number based on cipher key Hash HMAC-MD5 algorithm or HMAC-SHA1 algorithm.It will be appreciated by those of skill in the art that the cryptography device can also adopt the Hash function of other any type, the utility model is to this and indefinite.
Based on flow process shown in Figure 5, the once exemplary complete password authentification process of system shown in Figure 4 is described below.As shown in Figure 5, this method comprises:
Step (1): the user sends logging request to user authentication unit.
Here, the user opens the login interface of website, perhaps moves certain client-side program and connects application system.
Step (2): user authentication unit is returned a login interface to the user.
Here, user authentication unit is that current authen session generates a random string as dynamic key, and returns to the user by login interface, in addition, also provides input username and password HMAC the input frame of value in the login interface.
Step (3): user's operator password encoder calculates the HMAC value of user cipher.
The user imports dynamic key and the user cipher of oneself in the cryptography device, carry out the calculating of hmac algorithm then.
Step (4): the cryptography device shows result of calculation by display screen.
Step (5): the user imports the HMAC value of own password in login interface, submits to logging request to give user authentication unit then.
Step (6): user authentication unit is checked the HMAC value of user cipher, confirms whether the password of user's input is correct.
User authentication unit finds user's password according to user name, and in conjunction with the dynamic key parameter of this authen session, calculates the HMAC value of user cipher.The HMAC value that the HMAC value that oneself is calculated and user submit to compares, if would think that the user has inputed correct password; Otherwise, think the password mistake that the user inputs.
Based on the flow process of Fig. 4 structure and Fig. 5, the utility model can be applied in the multiple situation.Such as, cipher-code input method provided by the utility model can be applied to multiple authentication occasion, and by PC login Web website, perhaps the user goes up the password of input oneself at the Automatic Teller Machine (ATM) of bank as the user.Because the employed login system difference of user, the character that the user can import in login interface is also variant.For example: (1) if use the entrained keyboard input password of PC, the character that the user can import comprises numeral, upper and lower case letter and punctuation mark etc.(2) if use keyboard input password on the ATM, the user then can only input digit.
And, based on the flow process of Fig. 4 structure and Fig. 5, can also adopt the two-factor authentication of HMAC value and short message to come identifying user identity.This two-factor authentication flow process of following labor.
Step (1), the user sends the request of obtaining dynamic key to user authentication unit, needs to comprise username information in this request message.
Such as, Fig. 6 is according to cipher protection system login schematic diagram of the present utility model.Open the login interface of a website as the user.Input user name therein, click the button of " obtaining dynamic key " then, will send a request message that obtains current authentication session dynamic key, will comprise username information in this message to the certificate server of website.
Step (2): user authentication unit sends a note that comprises current authentication session dynamic key to user's portable terminal.Here, user authentication unit finds the cell-phone number that this user had before registered according to user name in account database, pass through Short Message Service Gateway then, portable terminal to the user sends note, transmits the dynamic key that user authentication unit is provided for the current authentication session therein.
Step (3): the user utilizes the cryptography device that is embedded in the portable terminal to calculate the HMAC value of user cipher.Here, to input dynamic key of the cryptography device in the customer mobile terminal and user cipher, carry out HMAC then and calculate.
Step (4): the cryptography device in the portable terminal shows result of calculation by mobile terminal display screen.
Step (5): the user imports the result of calculation of cryptography device in login interface, submits to logging request to give user authentication unit then.
Step (6): user authentication unit is checked the HMAC value of user cipher, confirms whether the password of user's input is correct.
In above-mentioned verification process, whether user authentication unit has not only checked the user to know and the corresponding password of account number, also check the user whether to hold the portable terminal that is associated with account, thereby finished two-factor authentication, improved the fail safe of User Recognition more.
In sum, in the utility model embodiment, at first between cipher authentication side and password input side, arrange hash Hash function, password input root generates secret value according to dynamic key and this agreement Hash function that user cipher, cipher authentication side provide, and this secret value is sent to cipher authentication side authenticate, the cipher authentication root is according to the user cipher of self preserving, dynamic key and should generate secret value by agreement Hash function, and the secret value that sends when this secret value and password input side is when identical, judges that the user cipher that password input side provides is correct.
Cryptography device of the present utility model comprises input unit, cryptographic summary generation unit and display unit.The cryptographic summary generation unit, the user cipher and the hash Hash function that are used for the dynamic key that receives according to the user and user input generate secret value, and this secret value is sent to display unit; Display unit is used to show dynamic key and the user cipher that is received by input unit, and shows described secret value.This shows that use after the utility model embodiment, because the code characters sequence that sends is the secret value through changing, the hacker can't crack true password by this secret value, therefore can improve the password input safety.
And, use after the utility model embodiment, because password is imported by keyboard, the password of input generally all is shown as password the mask of non-text in text box, even the HMAC value of display password, because the HMAC function has one-way, also can not cause password to be cracked, therefore further improved the password input safety.
Also have, even Virus can read the character in the cryptogram frame, perhaps intercepted and captured the cryptogram in the logging request that the user submits to, because the just HMAC value of password that the hacker obtains, can not be by the actual value of this value decryption, also can't directly reset, therefore further improve the fail safe of password authentification again to cipher authentication system.
In addition, come identifying user identity, further improved the fail safe of password authentification by the two-factor authentication of HMAC value and short message.
The above is preferred embodiment of the present utility model only, is not to be used to limit protection range of the present utility model.All within spirit of the present utility model and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within the protection range of the present utility model.
Claims (10)
1. a cryptography device is characterized in that, comprises input unit, cryptographic summary generation unit and display unit, wherein:
Input unit is used to receive customer-furnished dynamic key and user cipher, and provides described dynamic key and user cipher to the cryptographic summary generation unit;
The cryptographic summary generation unit is used for according to described dynamic key and user cipher and hash Hash function generation secret value, and this secret value is sent to display unit;
Display unit is used to show dynamic key and the user cipher that is received by input unit, and shows described secret value.
2. cryptography device according to claim 1 is characterized in that, described input unit is calculator keyboard or computer keyboard or portable terminal keyboard.
3. cryptography device according to claim 1 and 2 is characterized in that, described Hash function be used for information authentication sign indicating number based on the cipher key Hash hmac algorithm.
4. cryptography device according to claim 1 and 2 is characterized in that, described cryptography device further comprises map unit,
Described map unit, the secret value mapping that is used for the cryptographic summary generation unit is generated converts the character visible sequence to, and described character visible sequence is sent to display unit shows.
5. a calculator is characterized in that, comprises cryptography device as claimed in claim 1.
6. a portable terminal is characterized in that, comprises cryptography device as claimed in claim 1.
7. a cipher protection system is characterized in that, comprises user authentication unit and cryptography device, wherein:
User authentication unit, the request that is used to respond the user provides dynamic key to the user, and the user cipher of preserving according to self, described dynamic key and generate secret value with the Hash function of cryptography device agreement, and the secret value that sends when this secret value that generates and cryptography device is when identical, and the user cipher that the judgement user provides is correct;
The cryptography device is used to receive dynamic key and user cipher by user's input, and generates secret value according to the hash Hash function of described user cipher and dynamic key and described agreement, and this secret value is sent to user authentication unit.
8. cipher protection system according to claim 7 is characterized in that, described cryptography device comprises mobile communication module and cryptographic summary generation unit, wherein:
Described mobile communication module is used for receiving the dynamic key that is offered the user by user authentication unit by short message;
The cryptographic summary generation unit is used for according to described user cipher and dynamic key and hash Hash function generation secret value.
9. cipher protection system according to claim 7 is characterized in that, described cryptography device further comprises map unit;
Described map unit, be used for according to the mapping relations of user authentication unit agreement, convert the character visible sequence to calculating the secret value that generates, and described character visible sequence is sent to user authentication unit authenticate;
User authentication unit, be used for converting this secret value that self generates to the character visible sequence according to the mapping relations of this agreement, and the character visible sequence of sending when this character visible sequence and the map unit of self conversion is when identical, and the user cipher that the judgement user provides is correct.
10. cipher protection system according to claim 7 is characterized in that, described Hash function be used for information authentication sign indicating number based on the cipher key Hash hmac algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009201107513U CN201467167U (en) | 2009-08-07 | 2009-08-07 | Password encoder and password protection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009201107513U CN201467167U (en) | 2009-08-07 | 2009-08-07 | Password encoder and password protection system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201467167U true CN201467167U (en) | 2010-05-12 |
Family
ID=42394513
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009201107513U Expired - Fee Related CN201467167U (en) | 2009-08-07 | 2009-08-07 | Password encoder and password protection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201467167U (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102222188A (en) * | 2011-06-09 | 2011-10-19 | 昆明有色冶金设计研究院股份公司 | Information system user password generation method |
| CN102402655A (en) * | 2010-09-17 | 2012-04-04 | 上海中标软件有限公司 | Dynamic password setting method for virtual machine |
| CN102681652A (en) * | 2011-03-09 | 2012-09-19 | 联想(北京)有限公司 | Security input achieving method and terminal |
| CN103580874A (en) * | 2013-11-15 | 2014-02-12 | 清华大学 | Identity authentication method and system and password protection device |
| CN103780379A (en) * | 2012-10-19 | 2014-05-07 | 阿里巴巴集团控股有限公司 | Password encryption method and system, and cryptographic check method and system |
| CN105281901A (en) * | 2015-09-24 | 2016-01-27 | 浪潮集团有限公司 | Encryption method for cloud tenant key information |
| CN105786181A (en) * | 2011-03-09 | 2016-07-20 | 联想(北京)有限公司 | Method for achieving secure input and terminal |
| CN106712933A (en) * | 2016-11-21 | 2017-05-24 | 北京洋浦伟业科技发展有限公司 | Identity authentication method and device based on mobile Internet terminal |
| CN109412791A (en) * | 2018-11-29 | 2019-03-01 | 北京三快在线科技有限公司 | Key information processing method, device, electronic equipment and computer-readable medium |
| CN114584291A (en) * | 2022-02-18 | 2022-06-03 | 杭州代码狗科技有限公司 | Key protection method, device, equipment and storage medium based on HMAC algorithm |
-
2009
- 2009-08-07 CN CN2009201107513U patent/CN201467167U/en not_active Expired - Fee Related
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102402655A (en) * | 2010-09-17 | 2012-04-04 | 上海中标软件有限公司 | Dynamic password setting method for virtual machine |
| CN105786181B (en) * | 2011-03-09 | 2018-12-14 | 联想(北京)有限公司 | A kind of implementation method and terminal inputted safely |
| CN105808139B (en) * | 2011-03-09 | 2019-02-05 | 联想(北京)有限公司 | A kind of implementation method and terminal inputted safely |
| CN102681652B (en) * | 2011-03-09 | 2016-03-30 | 联想(北京)有限公司 | A kind of implementation method of safety input and terminal |
| CN105786181A (en) * | 2011-03-09 | 2016-07-20 | 联想(北京)有限公司 | Method for achieving secure input and terminal |
| CN102681652A (en) * | 2011-03-09 | 2012-09-19 | 联想(北京)有限公司 | Security input achieving method and terminal |
| CN105808139A (en) * | 2011-03-09 | 2016-07-27 | 联想(北京)有限公司 | Implementation method of secure input and secure input terminal |
| CN102222188A (en) * | 2011-06-09 | 2011-10-19 | 昆明有色冶金设计研究院股份公司 | Information system user password generation method |
| CN103780379A (en) * | 2012-10-19 | 2014-05-07 | 阿里巴巴集团控股有限公司 | Password encryption method and system, and cryptographic check method and system |
| CN103780379B (en) * | 2012-10-19 | 2017-09-19 | 阿里巴巴集团控股有限公司 | Cipher encrypting method and system and cryptographic check method and system |
| CN103580874B (en) * | 2013-11-15 | 2017-01-04 | 清华大学 | Identity identifying method, system and cipher protection apparatus |
| CN103580874A (en) * | 2013-11-15 | 2014-02-12 | 清华大学 | Identity authentication method and system and password protection device |
| CN105281901A (en) * | 2015-09-24 | 2016-01-27 | 浪潮集团有限公司 | Encryption method for cloud tenant key information |
| CN106712933A (en) * | 2016-11-21 | 2017-05-24 | 北京洋浦伟业科技发展有限公司 | Identity authentication method and device based on mobile Internet terminal |
| CN109412791A (en) * | 2018-11-29 | 2019-03-01 | 北京三快在线科技有限公司 | Key information processing method, device, electronic equipment and computer-readable medium |
| CN109412791B (en) * | 2018-11-29 | 2019-11-22 | 北京三快在线科技有限公司 | Key information processing method, device, electronic equipment and computer-readable medium |
| CN114584291A (en) * | 2022-02-18 | 2022-06-03 | 杭州代码狗科技有限公司 | Key protection method, device, equipment and storage medium based on HMAC algorithm |
| CN114584291B (en) * | 2022-02-18 | 2023-12-29 | 杭州代码狗科技有限公司 | Key protection method, device, equipment and storage medium based on HMAC algorithm |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN201467167U (en) | Password encoder and password protection system | |
| CN101291227A (en) | Password inputting method, device and system | |
| CN104838629B (en) | Use mobile device and the method and system that are authenticated by means of certificate to user | |
| US8381272B1 (en) | Systems and methods for strengthening web credentials | |
| CN101459513B (en) | Computer and transmitting method of security information for authentication | |
| KR101589192B1 (en) | Identity authentication and management device and method thereof | |
| EP2166697A1 (en) | Method and system for authenticating a user by means of a mobile device | |
| CN103679436A (en) | Electronic contract security system and method based on biological information identification | |
| KR20150077446A (en) | Method for signing electronic documents with an analog-digital signature with additional verification | |
| US20080284565A1 (en) | Apparatus, System and Methods for Supporting an Authentication Process | |
| CN103514410A (en) | Dependable preservation and evidence collection system and method for electronic contract | |
| WO2013117019A1 (en) | Method and device for system login based on dynamic password generated autonomously by user | |
| CN104541475A (en) | Abstracted and randomized one-time passwords for transactional authentication | |
| US20150312252A1 (en) | Method of allowing establishment of a secure session between a device and a server | |
| CN101589569A (en) | Secure password distribution to a client device of a network | |
| CN101808077B (en) | Information security input processing system and method and smart card | |
| CN105827395A (en) | Network user authentication method | |
| CN103269328A (en) | Authentication system based on graphic information exchange and method thereof | |
| US10437971B2 (en) | Secure authentication of a user of a device during a session with a connected server | |
| CN103024706A (en) | Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication | |
| ITTO20130513A1 (en) | SYSTEM AND METHOD FOR FILTERING ELECTRONIC MESSAGES | |
| EP2514135B1 (en) | Systems and methods for authenticating a server by combining image recognition with codes | |
| TWI540874B (en) | Identity authentication method, device and system | |
| KR20120093598A (en) | System and method for transferring money using otp generated from account number | |
| CA2797353C (en) | Secure authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100512 Termination date: 20100807 |