TW201042972A - Method for password protection - Google Patents

Method for password protection Download PDF

Info

Publication number
TW201042972A
TW201042972A TW98117181A TW98117181A TW201042972A TW 201042972 A TW201042972 A TW 201042972A TW 98117181 A TW98117181 A TW 98117181A TW 98117181 A TW98117181 A TW 98117181A TW 201042972 A TW201042972 A TW 201042972A
Authority
TW
Taiwan
Prior art keywords
password
information
password information
input
user
Prior art date
Application number
TW98117181A
Other languages
Chinese (zh)
Inventor
Kim-Yeung Sip
Original Assignee
Hon Hai Prec Ind Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hon Hai Prec Ind Co Ltd filed Critical Hon Hai Prec Ind Co Ltd
Priority to TW98117181A priority Critical patent/TW201042972A/en
Publication of TW201042972A publication Critical patent/TW201042972A/en

Links

Abstract

A method for password protection includes steps of recording user information to be authenticated and password information input by an input device in response to user's operations, wherein the password information includes dynamic passwords input according to a predetermined encrypting rule; generating password authentication information corresponding to the user information to be authenticated based on the encrypting rule and authentication commands input by the input device in response to user's operations; comparing the password information with the password authentication information to verify the password information.

Description

201042972 '六、發明說明: . 【發明所屬之技術領域】 本發明涉及資訊安全領域,特別涉及一種密碼保護方 法。 【先前技術】 密碼保護在日常生活當中隨處可見,如電腦密碼,密 〇碼門鎖’銀行密碼等。通常狀況下,用戶都是利用鍵盤輸 入自己的用戶名(m)和密碼。然而,由於輸入鍵盤都很 統一,導致用戶密碼容易被人偷窺或者猜測到,從而使得 用戶的資訊得不到有效的保護。 【發明内容】 鑒於此,有必要提供一種保密性能更高的密碼保護方 法。 〇 一種密碼保護方法,包括如下步驟: 記錄輸入設備因回應用戶的輸入操作而產生的待認 證用戶資訊及輸入密碼資訊,該輸入密碼資訊包括按照預 定的加密規則輸入的動態密碼資訊; 根據輪入設備因回應用戶的輸入操作而產生的驗證 命令及存儲的加密規則生成與待認證用戶資訊相對應的 認證密碼資訊; 將產生的輸入密碼資訊與生成的認證密碼資訊進行 3 201042972 比較,進行密碼驗證。 , 上述密碼保護方法可根據用戶存儲的預定的加密規 則生成動態的密碼資訊,並將用戶提供的輸入密碼資訊與 認證密碼資訊比較以完成密碼驗證。由於密碼資訊是根據 存儲的加密規則不斷變化的,窺視者藉由窺視途徑無法得 知加密規則,故不能獲得正確密碼資訊,從而使得用戶的 資訊得到有效保護。 ❹ 【實施方式】 本實施方式提供一種密碼保護方法,該密碼保護方法 可由存儲在電子設備的記憶體中的一組程式碼來表示。電 子設備在執行該密碼保護方法後,電子設備回應用戶的註 冊操作而開始執行密碼設置功能。電子設備回應用戶的登 陸操作而開始執行密碼驗證功能時:先根據存儲的加密規 Q 則生成動態的密碼資訊,再將輸入密碼資訊與密碼資訊進 行比較以完成密碼驗證。其中,電子設備可以為行動電 話、個人數位助理(PDA)、筆記本電腦、臺式電腦等。 如圖1所示,其為一較佳實施方式的密碼保護方法中 設置密碼的流程圖,包括如下步驟: 步驟S200,以預設形式在顯示設備上顯示密碼設置介 面及加密規則列表。其中,該加密規則列表為用戶提供多 種加密規則,用戶根據選擇的加密規則設置動態的密碼資 201042972 訊。如圖2所示,在電子設備50的顯示幕51上顯示密碼設 置介面511及密碼規則列表513。密碼規則列表513中包括 有多個加密規則,例如,加密規則可為“利用電子設備的 當前所處地理位置作為加密資訊”、“利用電子設備當前 的系統日期及時間為加密資訊”。 步驟S202,記錄輸入設備因回應用戶在密碼設置介面 上的輸入操作而產生的固定密碼資訊。例如,用戶可以用 〇 字元、數位等作為固定密碼資訊。輸入設備可以為滑鼠、 鍵盤等。 步驟S204,獲取用戶利用輸入設備在加密規則列表上 所選擇的加密規則。例如,用戶可以藉由電子設備50上的 實體按鈕52選擇“獲取電子設備當前的系統日期及時間 為密碼資訊”的加密規則。其中,步驟S202及步驟S204可 以互換。 ❹ 步驟S208,存儲固定密碼資訊及選擇的加密規則。其 中,固定密碼資訊及選擇的加密規則存儲在電子設備50 中〇 如圖3所示,其為一較佳實施方式的密碼保護方法中 驗證密碼的流程圖,包括如下步驟: 步驟S300,以預設形式在顯示設備上顯示密碼輸入介 面。如圖4所示,在電子設備50的顯示幕51上顯示密碼輸 入介面515、系統日期及時間介面517。 5 201042972 、 步驟S302,記錄輸入設備因回應用戶在密碼輸入介面 上的輸入操作而產生的輸入密碼資訊。其中,輸入密碼資 訊包括固定密碼資訊及加密資訊。例如,固定密碼資訊為 字串“ABC” 。加密資訊由用戶在進行密碼註冊時所選擇 的加密規則來確定。例如,用戶在進行密碼註冊時所選擇 的加密規則為“選擇電子設備當前的系統曰期及時間為 密碼資訊”,此時加密資訊為電子設備50所顯示的當前的 Ο 系統日期及時間。用戶根據曰期顯示幕51上顯示的日期及 時間輸入加密資訊“0805061555” 及固定密碼資訊。其 中,固定密碼資訊及加密資訊可以按照預定的規則進行組 合,以增強密碼存儲和傳輸的安全性,例如,將加密資訊 與固定密碼資訊混合,輸入密碼資訊的格式可以為 “080506” + “ABC” + “1555”,或者 “A” + “080506” + “B” + “1555” + “C” 。 © 步驟S304,接收用戶的確認操作。例如,用戶藉由電 子設備50的實體按鈕52完成確認操作。 步驟S306,回應用戶的確認操作,根據待認證的用 戶,按照存儲的加密規則及固定密碼資訊生成與待認證用 戶相對應的認證密碼資訊。例如,電子設備50回應用戶的 確認操作,根據“選擇電子設備當前的系統曰期及時間為 加密資訊”的加密規則,獲取其當前的系統曰期及時間作 為加密資訊,並按照預定的格式生成,根據加密資訊及存 6 201042972 儲的固定密碼資訊生成認證密碼資訊。其中,獲取的系統 _ 時間要與用戶所輸入的時間相適應。在本實施方式中,系 統時間精確到分鐘,電子設備50獲取的系統曰期及時間為 “080506” 、“1555” ,固定密碼資訊為“ABC” ,生成 的認證密碼資訊格式可為“A” + “080506” + “B” + “1555” + “C” 。 步驟S308,比較產生的輸入密碼資訊與生成的認證密 〇 碼資訊是否相匹配。如果產生的輸入密碼資訊與生成的認 證密碼資訊不匹配,則跳轉到步驟S310執行;如果產生的 輸入密碼資訊與生成的認證密碼資訊相匹配,則跳轉到步 驟S312執行。 步驟S310,在顯示的密碼輸入介面顯示密碼錯誤提示 資訊。在顯示密碼錯誤提示資訊後跳轉到步驟S300執行。 步驟S312,用戶認證通過,進入歡迎介面,使用戶有 © 許可權操作該電子設備50或者進行特定的交易。 在其他實施方式中,在步驟S308中,可按照一定的順 序規則來比較固定密碼資訊和動態密碼資訊,例如,直接 將存儲的固定密碼資訊、獲取的系統時間及系統日期與輸 入密碼資訊比較,來完成密碼驗證。例如,先將獲取的系 統時間與輸入密碼資訊中的系統時間比較,如果判斷出兩 者相同,再進行固定密碼資訊及系統日期的比較。另外, 用戶也可以選擇多個加密規則來提高密碼的複雜性:例 7 201042972 如,用戶選擇“利用電子設備的當前所處地理位置作為加 . 密資訊”、“獲取電子設備當前的系統曰期及時間為加密 ^ 資訊”兩個加密規則;相應的,進行密碼驗證時,用戶根 據電子設備50顯示在顯示幕51上的位置資訊、系統時間及 系統日期輸入對應的資料以使電子設備50產生輸入密碼 資訊,電子設備50根據該兩個規則獲取位置資訊、系統時 間及系統日期後完成密碼驗證。位置資訊為電子設備50中 〇 GPS定位模組提供的經度值及緯度值。 利用上述密碼保護方法,根據用戶存儲的預定的加密 規則生成動態的密碼資訊,將用戶提供的輸入密碼資訊與 認證密碼資訊比較以完成密碼驗證。由於密碼資訊是根據 存儲的加密規則不斷變化的,窺視者藉由窺視途徑無法得 知加密規則,故不能獲得正確密碼資訊,從而使得用戶的 資訊得到有效保護。 【圖式簡單說明】 圖1係一較佳實施方式的密碼保護方法中設置密碼的 流程圖。 圖2係圖1中密碼保護方法的密碼設置介面示意圖。 圖3係一較佳實施方式的密碼保護方法中驗證密碼的 流程圖。 圖4係圖3中密碼保護方法的密碼輸入介面示意圖。 8 201042972 【主要元件符號說明】 電子設備 密碼設置介面 密碼輸入介面 設置密碼方法 密碼驗證方法 50 顯示幕 51 511 密碼規則列表 513 515 系統日期及時間介面517 S200-208 S300-312201042972 'VI. Description of the Invention: 1. Field of the Invention The present invention relates to the field of information security, and in particular to a method of password protection. [Prior Art] Password protection can be seen everywhere in daily life, such as computer passwords, password locks, bank passwords, etc. Under normal circumstances, users use the keyboard to enter their own username (m) and password. However, since the input keyboards are uniform, the user's password is easily sneaked or guessed, so that the user's information is not effectively protected. SUMMARY OF THE INVENTION In view of this, it is necessary to provide a password protection method with higher security performance. The method for protecting a password includes the following steps: recording information about the user to be authenticated and inputting password information generated by the input device in response to the input operation of the user, the input password information including dynamic password information input according to a predetermined encryption rule; The authentication command generated by the input device in response to the user's input operation and the stored encryption rule generate authentication password information corresponding to the user information to be authenticated; the generated input password information is compared with the generated authentication password information 3 201042972, and the password is compared verification. The password protection method generates dynamic password information according to a predetermined encryption rule stored by the user, and compares the input password information provided by the user with the authentication password information to complete the password verification. Since the password information is constantly changing according to the stored encryption rules, the peeper cannot know the encryption rule by the peeping path, so the correct password information cannot be obtained, so that the user's information is effectively protected. [Embodiment] The present embodiment provides a password protection method, which can be represented by a set of code codes stored in a memory of an electronic device. After the electronic device performs the password protection method, the electronic device starts to perform the password setting function in response to the user's registration operation. When the electronic device starts to perform the password verification function in response to the user's login operation, the dynamic password information is generated according to the stored encryption rule, and then the input password information is compared with the password information to complete the password verification. Among them, the electronic device can be a mobile phone, a personal digital assistant (PDA), a notebook computer, a desktop computer, and the like. As shown in FIG. 1, a flowchart for setting a password in a password protection method according to a preferred embodiment includes the following steps: Step S200: Display a password setting interface and a list of encryption rules on a display device in a preset form. The encryption rule list provides multiple encryption rules for the user, and the user sets a dynamic password resource according to the selected encryption rule. As shown in FIG. 2, a password setting interface 511 and a password rule list 513 are displayed on the display screen 51 of the electronic device 50. The password rule list 513 includes a plurality of encryption rules. For example, the encryption rule may be "using the current geographic location of the electronic device as the encrypted information" and "using the current system date and time of the electronic device as the encrypted information". Step S202, recording the fixed password information generated by the input device in response to the user's input operation on the password setting interface. For example, users can use 〇 characters, digits, etc. as fixed password information. The input device can be a mouse, a keyboard, or the like. Step S204: Acquire an encryption rule selected by the user on the encryption rule list by using the input device. For example, the user can select an encryption rule that "acquires the current system date and time of the electronic device as password information" by the physical button 52 on the electronic device 50. Wherein, step S202 and step S204 can be interchanged. ❹ Step S208, storing the fixed password information and the selected encryption rule. The fixed password information and the selected encryption rule are stored in the electronic device 50, as shown in FIG. 3, which is a flowchart for verifying the password in the password protection method of a preferred embodiment, and includes the following steps: Step S300: Set the form to display the password input interface on the display device. As shown in FIG. 4, a password input interface 515, a system date and time interface 517 are displayed on the display screen 51 of the electronic device 50. 5 201042972, step S302, recording the input password information generated by the input device in response to the user's input operation on the password input interface. Among them, the input password information includes fixed password information and encrypted information. For example, the fixed password information is the string "ABC". The encrypted information is determined by the encryption rules selected by the user when registering the password. For example, the encryption rule selected by the user when performing password registration is "select the current system period and time of the electronic device as password information", and the encrypted information is the current system date and time displayed by the electronic device 50. The user inputs the encrypted information "0805061555" and the fixed password information according to the date and time displayed on the screen 51. The fixed password information and the encrypted information may be combined according to predetermined rules to enhance the security of password storage and transmission. For example, the encrypted information is mixed with the fixed password information, and the format of the input password information may be “080506” + “ABC” ” + “1555”, or “A” + “080506” + “B” + “1555” + “C”. © step S304, a confirmation operation of the user is received. For example, the user completes the confirmation operation by the physical button 52 of the electronic device 50. Step S306, in response to the user's confirmation operation, according to the user to be authenticated, the authentication password information corresponding to the user to be authenticated is generated according to the stored encryption rule and the fixed password information. For example, the electronic device 50 responds to the user's confirmation operation, and obtains the current system time and time as the encrypted information according to the encryption rule of “selecting the current system time and time of the electronic device as the encrypted information”, and generates the data according to the predetermined format. According to the encrypted information and the stored password information stored in 201042972, the authentication password information is generated. Among them, the acquired system _ time should be compatible with the time entered by the user. In this embodiment, the system time is accurate to the minute, the system period and time acquired by the electronic device 50 are “080506” and “1555”, the fixed password information is “ABC”, and the generated authentication password information format can be “A”. + "080506" + "B" + "1555" + "C". Step S308, comparing whether the generated input password information matches the generated authentication password information. If the generated input password information does not match the generated authentication password information, the process jumps to step S310; if the generated input password information matches the generated authentication password information, the process jumps to step S312. In step S310, a password error prompt information is displayed on the displayed password input interface. After the password error prompt information is displayed, the process jumps to step S300 to execute. In step S312, the user authentication passes, and the welcome interface is entered, so that the user has the permission to operate the electronic device 50 or perform a specific transaction. In other embodiments, in step S308, the fixed password information and the dynamic password information may be compared according to a certain order rule, for example, the stored fixed password information, the acquired system time, and the system date are directly compared with the input password information. To complete the password verification. For example, compare the acquired system time with the system time in the input password information. If it is determined that the two are the same, then compare the fixed password information with the system date. In addition, the user can also select multiple encryption rules to improve the complexity of the password: Example 7 201042972 For example, the user selects “Using the current geographic location of the electronic device as the encryption information” and “acquiring the current system of the electronic device. And the time is the encryption ^ information" two encryption rules; correspondingly, when the password verification is performed, the user inputs the corresponding data according to the position information, the system time and the system date displayed on the display screen 51 by the electronic device 50 to cause the electronic device 50 to generate Entering the password information, the electronic device 50 completes the password verification after obtaining the location information, the system time, and the system date according to the two rules. The location information is the longitude value and the latitude value provided by the GPS positioning module in the electronic device 50. The password protection method is used to generate dynamic password information according to a predetermined encryption rule stored by the user, and the input password information provided by the user is compared with the authentication password information to complete the password verification. Since the password information is constantly changing according to the stored encryption rules, the peeper cannot know the encryption rule by the peeping path, so the correct password information cannot be obtained, so that the user's information is effectively protected. BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a flow chart showing the setting of a password in a password protection method according to a preferred embodiment. 2 is a schematic diagram of a password setting interface of the password protection method in FIG. 1. Figure 3 is a flow chart showing the verification of a password in a password protection method of a preferred embodiment. 4 is a schematic diagram of a password input interface of the password protection method in FIG. 8 201042972 [Description of main component symbols] Electronic device Password setting interface Password input interface Setting password method Password verification method 50 Display screen 51 511 Password rule list 513 515 System date and time interface 517 S200-208 S300-312

Claims (1)

201042972 七、申請專利範圍·· r一種密碼保護方法,包括如下步驟: 記錄輸入設備因回應用戶輸入操作而產生的待認證 用戶資訊及輸入密碼資訊,該輸入密碼資訊包括按照預定 的加密規則輸入的動態密碼資訊; 根據輸入設備因回應用戶輸入操作而產生的驗證命 令生成與待認證用戶資訊相對應的認證密碼資訊; 將產生的輸入密碼資訊與生成的認證密碼資訊進行 比較,進行密碼驗證。 2. 如申請專利範圍第丨項所述之密碼保護方法,其中所 述加密規則是由用戶從加密規則列表上的一系列加密規 則中選取的一個或者多個。 3. 如申請專利範圍第2項所述之密碼保護方法,其中還 包括以下步驟: 以預設形式在顯示設備上顯示加密規則列表; ❹ 獲取用戶利用輸入設備在加密規則列表上所選擇的 加密規則; 存儲選擇的加密規則。 4. 如申請專利範圍第1項所述之密碼保護方法,其中該 輸入密碼資訊還包括固定密碼資訊。 _ 5.如申請專利範圍第4項所述之密碼保護方法,其中該 輸入岔碼=貝汛中的固定密碼資訊與動態密碼資訊以預設 排列方式合成。 6·如申請專利範圍第4項所述之密碼保護方法,其中將 201042972 產生的輸入密碼資訊與生成的認證密碼資訊進行比較進 _ 行密碼驗證的步驟具體為: 比較輸入密碼資訊中的動態密碼資訊與認證密碼資 訊中的動態密碼資訊; 在該輸入密碼資訊中的動態密碼資訊與認證密碼資 訊中的動態密碼資訊相匹配時,比較輸入密碼資訊中的固 密碼定資訊與認證密碼資訊中的固定密碼資訊。 7. 如申請專利範圍第2項所述之密碼保護方法,其中該 加密規則包括當前的系統日期、時間、地理位置中的一個 或多個。 8. 如申請專利範圍第7項所述之密碼保護方法,其中該 動態密碼資訊為電子設備當前的系統曰期及時間; 在生成認證密碼資訊的步驟中還包括以下步驟: 獲取電子設備當前的系統曰期及時間; 根據該系統日期及時間生成該認證密碼資訊。 Q 9.如申請專利範圍第7項所述之密碼保護方法,其中 該加密資訊為電子設備的位置資訊。 10.如申請專利範圍第9項所述之密碼保護方法,其 中: 在生成密碼資訊的步驟中還包括以下步驟: 獲取電子設備中定位模組產生的位置資訊; 根據該位置貧訊生成該認證密碼貧訊。 11201042972 VII. Patent application scope·· r A password protection method includes the following steps: recording the information of the user to be authenticated and the input password information generated by the input device in response to the user input operation, the input password information includes input according to a predetermined encryption rule. Dynamic password information; generating authentication password information corresponding to the user information to be authenticated according to the verification command generated by the input device in response to the user input operation; comparing the generated input password information with the generated authentication password information to perform password verification. 2. The method of claim 1, wherein the encryption rule is one or more selected by a user from a series of encryption rules on a list of encryption rules. 3. The password protection method as claimed in claim 2, further comprising the steps of: displaying the encryption rule list on the display device in a preset form; ❹ obtaining the encryption selected by the user on the encryption rule list by using the input device Rules; store the selected encryption rules. 4. The method for protecting a password as described in claim 1, wherein the input password information further includes fixed password information. _ 5. The password protection method according to claim 4, wherein the input password = fixed password information and dynamic password information in the shell are synthesized in a preset arrangement. 6. The password protection method according to item 4 of the patent application scope, wherein comparing the input password information generated by 201042972 with the generated authentication password information into the password verification step is as follows: Comparing the dynamic password in the input password information Dynamic password information in the information and authentication password information; when the dynamic password information in the input password information matches the dynamic password information in the authentication password information, the comparison between the password information and the authentication password information in the input password information is compared. Fixed password information. 7. The password protection method of claim 2, wherein the encryption rule comprises one or more of a current system date, time, and geographic location. 8. The password protection method according to claim 7, wherein the dynamic password information is a current system period and time of the electronic device; and the step of generating the authentication password information further includes the following steps: acquiring the current electronic device System expiration and time; Generate the authentication password information according to the date and time of the system. Q 9. The password protection method according to claim 7, wherein the encrypted information is location information of the electronic device. 10. The password protection method according to claim 9, wherein: the step of generating the password information further comprises the steps of: acquiring location information generated by the positioning module in the electronic device; generating the authentication according to the location information Password is poor. 11
TW98117181A 2009-05-22 2009-05-22 Method for password protection TW201042972A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW98117181A TW201042972A (en) 2009-05-22 2009-05-22 Method for password protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW98117181A TW201042972A (en) 2009-05-22 2009-05-22 Method for password protection

Publications (1)

Publication Number Publication Date
TW201042972A true TW201042972A (en) 2010-12-01

Family

ID=45000755

Family Applications (1)

Application Number Title Priority Date Filing Date
TW98117181A TW201042972A (en) 2009-05-22 2009-05-22 Method for password protection

Country Status (1)

Country Link
TW (1) TW201042972A (en)

Similar Documents

Publication Publication Date Title
US9286466B2 (en) Registration and authentication of computing devices using a digital skeleton key
EP3337209B1 (en) Method, apparatus and computer readable storage medium for secure context-aware password management
EP2702719B1 (en) Method and system for managing information on mobile devices
US10848304B2 (en) Public-private key pair protected password manager
US9165128B1 (en) System and method of securing content from public display on a mobile communication device
US20150039908A1 (en) System and Method for Securing A Credential Vault On A Trusted Computing Base
CN101877195A (en) Password protection method
US9160744B1 (en) Increasing entropy for password and key generation on a mobile device
US20160127134A1 (en) User authentication system and method
KR20140054172A (en) Method and apparatus for using a multi-factor password or a dynamic password for enhanced security on a device
CN113452678A (en) Login information input method, login information storage method and related device
JP2009104314A (en) Image selection authentication system, authentication server device, image selection authentication method, and image selection authentication program
CN103297391A (en) Graphical dynamic password inputting and verifying method
JP2016505985A (en) Passcode management method and apparatus
JP2004213117A (en) Authentication system
JP2016133994A (en) Authentication server apparatus, program, and authentication method
Mannan et al. Passwords for both mobile and desktop computers: ObPwd for Firefox and Android
CN101859504B (en) Electronic device and password protection method thereof
JP2011134306A (en) Electronic device, and password protection method used therefor
JP2007299353A (en) Password generator and program for making computer operate as password generator
US7715560B2 (en) Systems and methods for hiding a data group
CN113672886A (en) Prompting method and device
US20180196929A1 (en) Data input method, and electronic device and system for implementing the data input method
TW201042972A (en) Method for password protection
JP2006268411A (en) Method and system for authenticating remote accessing user by using living body data and user device