200837596 九、發明說明: 【發明所屬之技術領域】 本發明係有關於一種驗證密碼之方法,尤指一種以改 良的密碼輸入方式進行驗證密碼之方法,係可防止密碼輸 入操作時的旁觀者竊取密碼内容及密碼長度,更可使密碼 易於記憶。 【先前技術】 發明人已於中華民國專利第1268690號揭露一新穎進 步之動態密碼系統’其可避免輸入過程的旁觀者竊取密碼 、 的問題,和傳統之文數字序列密碼相比更易記憶,且不容 ^ 易被破解。然而,以密碼破解理論觀之,此一密碼系統仍 存有「固定長度」之缺憾,即,縱使每次輸入密碼不同, 但密竭長度仍然相同,若由密碼輸入者身旁窺視或經由其 ◎ 他官這得知,即使無法取得完整密碼之全貌,但可確定密 碼之長度,如此再由暴力攻擊(Brute Force Attack)等習知之 密碼破解方法加以破解,使得此密碼系統之強韌性仍存有 疑慮。 【發明内容】 " 本發明係關於一種驗證密碼之方法,主要可應用於利 , 用私子密碼辨識使用人身分之設備。利用識別背景指引使 用者決定一動態密碼,並搭配使用者任意決定之隨機密 碼’以及預先記錄之且以輸入動態產生的隨機碼為驗證密 5 200837596 碼的手段,本方法具有使密碼不易被旁觀者竊取的功能。 尤其在無法避免或確認無他人旁觀輸入密碼的情況下,如 使用門禁系統、各種軟體系統、電腦資訊伺服系統、可儲 存或透過網路取得具隱私性或商業價值資料的個人數位處 理器(Personal Digital Assistant)、與自動櫃員機(Am〇matic200837596 IX. Description of the Invention: [Technical Field] The present invention relates to a method for verifying a password, and more particularly to a method for verifying a password by an improved password input method, which prevents a bystander from stealing during a password input operation. The password content and password length make the password easy to remember. [Prior Art] The inventor has disclosed a novel and progressive dynamic cryptosystem in the Republic of China Patent No. 1268690, which avoids the problem of bystanders entering the process of stealing passwords, and is more memorable than conventional digital serial ciphers, and Can not be easily broken. However, with the theory of password cracking, this cryptosystem still has the shortcoming of "fixed length", that is, even if the password is different each time, the length of exhaustion is still the same, if it is peeped by the password input person or through it ◎ His official knows that even if the full picture of the complete password cannot be obtained, the length of the password can be determined, and then the password cracking method such as Brute Force Attack is used to crack, so that the strong toughness of the cryptosystem remains. Have doubts. SUMMARY OF THE INVENTION The present invention relates to a method for verifying a password, which is mainly applicable to a device for identifying a user identity by using a private sub-password. Using the identification background to guide the user to determine a dynamic password, and with the random password arbitrarily determined by the user and the pre-recorded random code generated by the input dynamics as a means of verifying the password 5 200837596 code, the method has the function of making the password difficult to stand by The function of stealing. Especially in the case of inability to avoid or confirm that no one else is on the side of entering a password, such as access control systems, various software systems, computer information servo systems, personal digital processors that can store or access private or commercial value data via the Internet (Personal Digital Assistant), with ATM (Am〇matic
Teller Machine) ’本發明可提供極佳的保護密碼效果。同 日守’也使洽、碼不易被可重複嘗試登入的自動程式破解。 有鑑於先别技術尚待改進之處,本發明致力於改進密 碼長度易為人所取得,而降低破解難度之缺憾,為達成上 述目的,本發明之一種驗證密碼之方法包括以下步驟: (1) 根據預设之識別背景動態產生且顯示一影像,以決 定一動態密碼; (2) 輸入該動悲德·碼和至少一隨機密碼組合而成之密 碼,該隨機密碼係由使用者任意決定; (3) 驗證密碼; (4) 結束。 【實施方式】 請參閱第一圖,係本發明之一種驗證密碼之方法之較 佳實施例’使用者在輸入密碼時,係先根據預設之識別背 景動態產生且顯示一影像,以決定一動態密碼(產生動態 密碼方法係先前技術,不再贅述),但此一動態密碼係根據 一預設之動態規則所配合該識別背景得到,其密碼長度係 為固定,假設其密碼長度為5個字元,且使用者根據指示 200837596 找出動態密碼為AC592,當使用者欲輸入密碼時,係先隨 意決定一第一隨機密碼假設為915,和一第二隨機密碼假 設為7d965,再以該第一隨機密碼、該動態密碼及該第二 « 隨機密碼之順序依序輸入,則其輸入之密碼為 915AC5927d965,密碼長度為13個字元;若在相同動態密 碼之情況下使用者隨意決定一第一隨機密碼假設為4872 ,和一第二隨機密碼假設為p,則輸入之密碼成為 ζ) 4872AC592P,密碼長度為10個字元。系統驗證密碼係根據 輸入之密碼是否存在有動態密碼AC592,以決定使用者是 否通過驗證,每一次密碼輸入之密碼長度均因使用者決定 之不同隨機密碼而有所不同,且完整輸入之密碼包含隨機 ^ 密碼和動態密碼,更增添破解難度。本發明之一種驗證密 碼之方法亦可加入至少一固定密碼以取得更強軔(r〇bust )之輸入密碼,使用者係如傳統方式預先記憶第一固定密碼 和第二固定密碼,使用者可使用易於記憶之字元作為密碼 〇 ,例如使用者之名字和生日,假設為Frank和0218,且使 用者根據指示找出動態密碼為AC592,使用者並任意決定 一第一隨機密碼假設為1235,第二隨機密碼假設為9846, 第三隨機密碼假設為6547和第四隨機密碼假設為713,在 輸入密碼時,依第一隨機密碼、第一固定密碼、第二隨機 # 密碼、動態密碼、第三隨機密碼、第二固定密碼和第四隨 • 機密瑪之順序排列而成。即1235Frank9846AC59265470218713 。當系統欲驗證此密碼時,比對是否有輸入第一固定密碼、 動態密碼和第二固定密碼,且三者上述順序出現,如此可 7 200837596 達到避免窺視者或木馬程式等間諜軟體得知密碼内容和密 碼長度’固定密碼的加入不但不會造成使用者記憶上之不 便’還可增加密碼長度和強軔度,其搭配動態密碼(具有 每次輪入密碼内容不同之功效)和隨機密碼(具有每次輸 入在、碼長度不同之功效),使得密碼更加難以遭竊取以及破 解。需注意的是,系統亦可設定為不檢查固定密碼和動態 在碼出現順序,只檢查是否出現固定密碼和動態密碼;總 而3之’以動態密碼、隨機密碼和固定密碼搭配組合而成 之始、竭系統均該當為本發明所保護之範圍。 综上所述,本發明完全符合專利三要件··新穎性、進 步性和產業上的利用性。以新穎性和進步性而言,本發明 解决了上述普遍存在的問題,如在公共與公開的場所使用 宓2密碼的系統,必須在無法避免或確認無他人旁觀輸入 叫=過程的情況下防止密碼不被他人知悉,且更進一步地 2饴螞容易記憶,同時又不易被可重複嘗試登入的自動程 二破就產業上的利用性而言,利用本發明所衍生的產 备可充分滿足目前市場的需求。 術本發明在上文中已以較佳實施例揭露,然熟習本項技 應理解的是’該實施例僅用於财本發明,而不應解 制本發明之。應注意的是,舉凡與該實施例等 ,變化與置換’均應設為涵蓋於本發明之料内。因此 準發明之保護範圍當以下文之申請專利範園所界定者為 200837596 【圖式簡單說明】 第一圖係為本發明驗證密碼之方法之較佳實施例。 【主要元件符號說明】Teller Machine) 'The invention provides an excellent password protection effect. On the same day, the ‘and the code is not easy to be cracked by the automatic program that can be repeatedly tried to log in. In view of the fact that the prior art needs to be improved, the present invention is directed to improving the length of the password, which is easy to obtain and reduces the difficulty of cracking. To achieve the above object, a method for verifying a password according to the present invention includes the following steps: Dynamically generating and displaying an image according to the preset recognition background to determine a dynamic password; (2) inputting a combination of the spoof code and at least one random password, the random password is arbitrarily determined by the user (3) Verify the password; (4) End. [Embodiment] Please refer to the first figure, which is a preferred embodiment of the method for verifying a password according to the present invention. When a user inputs a password, the user first dynamically generates and displays an image according to the preset recognition background to determine a The dynamic password (the method of generating the dynamic password is the prior art, and will not be described again), but the dynamic password is obtained according to a predetermined dynamic rule, and the password length is fixed, and the password length is assumed to be 5 Character, and the user finds the dynamic password as AC592 according to the instruction 200837596. When the user wants to input the password, the user first arbitrarily decides that a first random password is assumed to be 915, and a second random password is assumed to be 7d965, and then The first random password, the dynamic password and the second «random password are sequentially input, and the input password is 915AC5927d965, and the password length is 13 characters; if the same dynamic password is used, the user randomly decides one. The first random password is assumed to be 4872, and a second random password is assumed to be p, then the entered password becomes ζ) 4872AC592P, and the password length is 10 Characters. The system verification password is based on whether the entered password has a dynamic password AC592 to determine whether the user has passed the verification. The password length of each password input is different according to different random passwords determined by the user, and the complete input password includes Random ^ passwords and dynamic passwords add to the difficulty of cracking. The method for verifying the password of the present invention may also add at least one fixed password to obtain a stronger input password, and the user may pre-memorize the first fixed password and the second fixed password in a conventional manner. Use the easy-to-remember character as the password, such as the user's name and birthday, assuming that Frank and 0218, and the user finds the dynamic password as AC592 according to the instruction, and the user arbitrarily decides that the first random password is assumed to be 1235. The second random password is assumed to be 9846, the third random password is assumed to be 6547, and the fourth random password is assumed to be 713. When the password is input, according to the first random password, the first fixed password, the second random # password, the dynamic password, the first The three random passwords, the second fixed password, and the fourth random minima are arranged in the order. That is 1235Frank9846AC59265470218713. When the system wants to verify the password, whether the first fixed password, the dynamic password and the second fixed password are entered, and the above three sequences appear, so that the system can avoid the spy software such as the peeper or the Trojan. Content and password length 'The addition of a fixed password will not only cause inconvenience to the user's memory. It can also increase the length and strength of the password. It is combined with a dynamic password (with different effects for each round of password content) and a random password ( It has the effect of different input length and code length, which makes the password more difficult to steal and crack. It should be noted that the system can also be set to not check the fixed password and the dynamic order of the code, only check whether there is a fixed password and a dynamic password; in general, the combination of the dynamic password, the random password and the fixed password Both the initial and exhaustive systems should be protected by the present invention. In summary, the present invention fully complies with the three requirements of the patent, novelty, advancement, and industrial applicability. In terms of novelty and advancement, the present invention solves the above-mentioned ubiquitous problems, such as systems that use 宓2 ciphers in public and public places, and must be prevented in the event that it is impossible to avoid or confirm that no one is watching the input = process. The password is not known to others, and further, it is easy to remember, and at the same time, it is not easy to be re-examined by the automatic process. The industrial use of the invention can fully satisfy the current production. Market demand. The invention has been disclosed in the above preferred embodiments, and it is understood that the present invention is intended to be used only for the purpose of the invention. It should be noted that variations and substitutions are to be included in the materials of the present invention. Therefore, the scope of protection of the quasi-invention is defined as the following in the following patent application garden: 200837596 [Simplified description of the drawings] The first figure is a preferred embodiment of the method for verifying a password according to the present invention. [Main component symbol description]