A'發明說明: 【發明所屬之技術領域】 本發明係有關於一種驗證密碼之方法,尤指一種以改 良的密瑪輸入方式進行驗證密碼之方法’係可防止密碼輪 八祿作時的旁觀者竊取密碼内容及密碼長度’更可使密蝎 易柃記憶。 [先前技術】 發明人已於中華民國專利第1268690號揭露一新穎進 態密碼系統,其可避免輸入過程的旁觀者竊取密石馬 的問題,和傳統之文數字序列密碼相比更易記憶,且不容 易被破解。然而,以密碼破解理論觀之,此一密碼系統仍 存有「固定長度」之缺憾,即,縱使每次輸入密碼不同, 但密碼長度仍然相同,若由密碼輸入者身旁窺視或經由其 他管道得知,即使無法取得完整密碼之全貌,但可確定密 碼之長度,如此再由暴力攻擊(Brute Force Attack)等習知之 雄、碼破解方法加以破解,使得此密碼系統之強韌性仍存有 疑慮。 【發明内容】 本發明係關於一種驗證密碼之方法,主要可應用於利 用電子密碼辨識使用人身分之設備。利用識別背景指引使 用者決定一動態密碼,並搭配使用者任意決定之隨機密 瑪’以及預先記錄之且以輸入動態產生的隨機崎為驗證密 5 1334987 碼的手段,本方法具有使密碼不易被旁觀者竊取的功& 尤其在無法避免或確認無他人旁觀輸入密瑪的情、兄下匕如 使用門禁系統、各種軟體系統、電腦資訊词服备^ 观糸統、可儲 存或透過網路取得具隱私性或商業價值資料的個人數彳立& 理器(Personal Digital Assistant)、與自動榧昌 马機(AutomaticA'Invention Description: [Technical Field] The present invention relates to a method for verifying a password, and more particularly to a method for verifying a password by using an improved milma input method. Theft of the password content and the length of the password can make the password easy to remember. [Prior Art] The inventor has disclosed a novel progressive cryptosystem in the Republic of China Patent No. 1268690, which avoids the problem of the bystander of the input process stealing the boulder horse, which is easier to remember than the conventional digital serial cipher, and Not easy to crack. However, with the theory of password cracking, this cryptosystem still has the drawback of "fixed length", that is, even if the password is different each time, the password length is still the same, if it is peeped by the password input person or through other channels. I learned that even if I can't get the full picture of the complete password, I can determine the length of the password. So I can crack it by the well-known male and code cracking methods such as Brute Force Attack, which makes the cryptosystem still have doubts. . SUMMARY OF THE INVENTION The present invention is directed to a method of verifying a password, and is mainly applicable to a device for recognizing a user identity using an electronic password. By using the recognition background to guide the user to determine a dynamic password, and with the user's arbitrarily determined random mega' and pre-recorded and input dynamically generated random singularity to verify the secret 5 1334 987 code, the method has the password is not easy to be Bystanders stealing the work & In particular, it is impossible to avoid or confirm that no one else is watching the input of Mi Ma, such as using the access control system, various software systems, computer information, service, storage, or through the Internet. Get the number of individuals with privacy or business value data, Personal Digital Assistant, and Automatic Mio Chang (Machine)
Teller Machine),本發明可提供極佳的保講 选喝?效果。同 時,也使密碼不易被可重複嘗試登入的自動程式破解 有鑑於先前技術尚待改進之處’本發明二進密 碼長度易為人所取传’而降低破解難度之缺憾^,為達成上 述目的’本發明之一種驗證密碼之方法包括以了步驟: (1)根據預設之識別背景動態產生且顯示—影像,以決 定一動態密碼; (2)輸入該動態密碼和至少一隨機密碼組合而成之密 碼,該隨機密碼係由使用者任意決定; ⑶驗證密碼; (4)結束。 【實施方式】 請參閱第一圖’係本發明之一種驗證密碼之方法之較 佳實施例’使用者在輸入密碼時,係先根據預設之識別背 景動態產生且顯示一影像’以決定一動態密碼(產生動態 密碼方法係先前技術,不再贅述)’但此一動態密碼係根據 一預設之動態規則所配合該識別背景得到,其密碼長度係 為固定,假設其密碼長度為5個字元,且使用者根據指示 1334,987Teller Machine), the present invention provides an excellent guarantee of drinking and drinking. At the same time, it also makes the password difficult to be cracked by the automatic program that can be repeatedly attempted to log in. In view of the improvement of the prior art, the length of the second password is easy to be transmitted by others, and the difficulty of cracking is reduced, in order to achieve the above purpose. A method for verifying a password according to the present invention includes the steps of: (1) dynamically generating and displaying an image according to a preset recognition background to determine a dynamic password; (2) inputting the dynamic password and at least one random password combination. The password is the arbitrarily determined by the user; (3) verifying the password; (4) ending. [Embodiment] Please refer to the first figure, which is a preferred embodiment of a method for verifying a password according to the present invention. When a user inputs a password, the user first dynamically generates and displays an image according to a preset identification background to determine a Dynamic password (the method of generating dynamic password is prior art, and will not be described again). However, this dynamic password is obtained according to a preset dynamic rule. The password length is fixed, and the password length is assumed to be 5 Character, and the user according to the instructions 1334, 987
^出=態密码為AC592,#使用者欲輸人密碼時,係先隨 〜决疋第心機密瑪假設為915,和一第二隨機密碼假 設為7d965 ’再㈣第—隨機密碼、該動態密碼及該第二 隨機密碼之轉料輸人,财輸人之密碼為 915AC5927d965’㈣長度為13個字元;若在相同動態密 碼之It况下使用者隨意決定—第—隨機密碼假設為4奶 ’和一第二隨機密碼假設為P,則輸人之密碼成為 4872AC592p’密踢長度為1(H固字元。系統驗證密碼係根據 輸入之密碼是否存在有動態密碼AC592’以決定使用者是 否通過驗證,每一次密碼輸入之密碼長度均因使用者決定 之不同隨機密碼而有所不同’且完整輸人之密碼包含隨機 密碼和動態密碼,更增添破解難度。本發明之一種驗證密 碼之方法亦可加入至少一固定密碼以取得更強軔(r〇bust )之輸入密碼’使用者係如傳統方式預先記憶第一固定密碼 和第二固定密碼,使用者可使用易於記憶之字元作為密碼 ’例如使用者之名字和生日’假設為Frank和0218,且使 用者根據指示找出動態密碼為AC592,使用者並任意決定 一第一隨機密碼假設為1235,第二隨機密碼假設為9846, 第三隨機密碼假設為6547和第四隨機密碼假設為713,在 輸入密碼時’依第一隨機密碼、第一固定密碼、第二隨機 密碼、動態密碼、第三隨機密碼、第二固定密碼和第四隨 機密碼之順序排列而成。即1235Frank9846AC59265470218713 。當系統欲驗證此密碼時,比對是否有輸入第一固定密碼、 動態密碼和第二固定密碼,且三者上述順序出現,如此可 7 1334987 達到避免窺視者或木馬程式等間諜軟體得知密碼内容和密 碼長度,固定密碼的加入不但不會造成使用者記憶上之不 便,還可增加密碼長度和強軔度,其搭配動態密碼(具有 每次輸入密碼内容不同之功效)和隨機密碼(具有每次輸 入密碼長度不同之功效),使得密碼更加難以遭竊取以及破 解。需注意的是,系統亦可設定為不檢查固定密碼和動態 密碼出現順序,只檢查是否出現固定密碼和動態密碼;總 而言之,以動態密碼、隨機密碼和固定密碼搭配組合而成 之密碼系統均該當為本發明所保護之範圍。 綜上所述,本發明完全符合專利三要件:新穎性、進 步性和產業上的利用性。以新穎性和進步性而言,本發明 解決了上述普遍存在的問題,如在公共與公開的場所使用 驗證密碼的系統,必須在無法避免或確認無他人旁觀輸入 密碼過程的情況下防止密碼不被他人知悉,且更進一步地 使密碼容易記憶,同時又不易被可重複嘗試登入的自動程 式破解;就產業上的利用性而言,利用本發明所衍生的產 品’當可充分滿足目前市場的需求。 本發明在上文中已以較佳實施例揭露,然熟習本項技 術者應理解的是,該實施例僅用於描繪本發明,而不應解 讀為限制本發明之範圍。應注意的是,舉凡與該實施例等 效之變化與置換,均應設為涵蓋於本發明之範疇内。因此 ,本發明之保護範圍當以下文之申請專利範圍所界定者為 準。 8^Out=state password is AC592,#When the user wants to input the password, the user first assumes that the first secret code is 915, and the second random password assumes 7d965 're-(four) first-random password, the dynamic The password and the second random password are transferred, and the password of the financial input is 915AC5927d965' (4) is 13 characters in length; if the same dynamic password is used, the user decides arbitrarily - the first random password is assumed to be 4 The milk 'and a second random password are assumed to be P, then the password of the input becomes 4872AC592p' the secret kick length is 1 (H solid character. The system verification password is based on whether the entered password has a dynamic password AC592' to determine the user. Whether through the verification, the password length of each password input is different according to different random passwords determined by the user', and the complete input password includes a random password and a dynamic password, which further increases the difficulty of cracking. One type of verification password of the present invention The method may also add at least one fixed password to obtain a stronger 〇 (r〇bust) input password. The user pre-memorizes the first fixed password and the second fixed password in a conventional manner. The user can use the easy-to-remember character as the password 'for example, the user's name and birthday', and assumes that Frank and 0218, and the user finds the dynamic password as AC592 according to the instruction, and the user arbitrarily decides that the first random password is assumed to be 1235, the second random password is assumed to be 9846, the third random password is assumed to be 6547, and the fourth random password is assumed to be 713, and when the password is input, 'based on the first random password, the first fixed password, the second random password, the dynamic password, The third random password, the second fixed password, and the fourth random password are sequentially arranged. That is, 1235Frank9846AC59265470218713. When the system wants to verify the password, whether the first fixed password, the dynamic password, and the second fixed password are entered, and The above sequence appears, so that 7 1334987 can avoid the spyware such as the sneak peek or Trojan horse program to know the password content and password length. The addition of the fixed password will not only cause inconvenience to the user, but also increase the password length and strength.轫, with a dynamic password (with different effects each time you enter the password) and random The password (with the effect of entering the password length each time) makes the password more difficult to steal and crack. It should be noted that the system can also be set to not check the order of the fixed password and the dynamic password, only check whether there is a fixed password and dynamic In general, a cryptosystem composed of a combination of a dynamic password, a random password and a fixed password should be protected by the present invention. In summary, the present invention fully complies with the three requirements of the patent: novelty, advancement, and industry. The use of the present invention solves the above-mentioned ubiquitous problems in terms of novelty and advancement, such as the use of a system for verifying passwords in public and public places, which must be avoided or confirmed by no one else to enter the password process. In the case of preventing the password from being known by others, and further making the password easy to remember, and at the same time, it is not easily cracked by an automatic program that can repeatedly attempt to log in; in terms of industrial applicability, the product derived from the invention can be used as Fully meet the needs of the current market. The invention has been described above in terms of the preferred embodiments thereof, and it is understood by those skilled in the art that the present invention is not intended to limit the scope of the invention. It should be noted that variations and permutations that are equivalent to the embodiments are intended to be within the scope of the present invention. Therefore, the scope of protection of the present invention is defined by the scope of the following claims. 8