WO2007087748A1 - Système de protection contre le vol pour compte de réseau et procédé correspondant - Google Patents

Système de protection contre le vol pour compte de réseau et procédé correspondant Download PDF

Info

Publication number
WO2007087748A1
WO2007087748A1 PCT/CN2007/000294 CN2007000294W WO2007087748A1 WO 2007087748 A1 WO2007087748 A1 WO 2007087748A1 CN 2007000294 W CN2007000294 W CN 2007000294W WO 2007087748 A1 WO2007087748 A1 WO 2007087748A1
Authority
WO
WIPO (PCT)
Prior art keywords
network account
account
client
theft device
external network
Prior art date
Application number
PCT/CN2007/000294
Other languages
English (en)
Chinese (zh)
Inventor
Tao Huang
Original Assignee
Tao Huang
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tao Huang filed Critical Tao Huang
Publication of WO2007087748A1 publication Critical patent/WO2007087748A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Definitions

  • the invention belongs to the field of computer and network information security, and relates to a network identity authentication system and a method thereof, and in particular to a network account anti-theft system and a method thereof. Background technique
  • USB Key USB Token
  • RSA SecurlD Authentication Token Smart Cards
  • USB Authenticators SafeNet's iKey System!
  • Smart Key Smart Key
  • Datakey Gemplus smart card
  • Epass authentication lock etc.
  • the most commonly used are the RSA SecurlD authentication token and SafeNet's iKey series.
  • the RSA SecurlD identity authentication token adopts a dynamic password system, which is composed of a password token of the client side and an authentication server of the application system end.
  • the authentication server is the core part of the entire system. It is connected to the application server through the LAN to authenticate all Internet users.
  • the authentication system When the user logs in to the application system, the authentication system generates a dynamic password on the dedicated chip of the password token and the authentication server according to the security algorithm. After comparison, if the two passwords are the same, the user is a legitimate user, otherwise it is an illegal user. Dynamic passwords change every minute. When the user logs in, he or she can log in according to the current dynamic password displayed on the token, plus a personal identification number.
  • the RSA SecurlD authentication token also has the following drawbacks:
  • the USB token represented by SafeNet's iKey series generally uses the following methods: 1. The server or client obtains a random number and sends it to the other party.
  • Encryption and decryption task calls, operations, intermediate result storage, result checking, ciphertext synthesis, or decomposition are not all done within the iKey, requiring client application software to participate.
  • the configuration of the iKey can be directly operated by the merchant's software on the client, and there are various dangers caused by hackers breaking the merchant software.
  • USB KEY technologies have implemented hash algorithms, public key algorithms, random number generation, and symmetric key algorithms in some or all of the devices.
  • the invocation of the encryption and decryption process, the decomposition of the plaintext and ciphertext, the result verification, the algorithm selection, and the parameter configuration all involve part or all of the client software participation.
  • the technical problem to be solved by the present invention is to provide a network account anti-theft system and a method thereof, which can effectively prevent a hacker from illegally entering a user account by bypassing the encryption authentication under the premise of being convenient to use.
  • the technical solution adopted by the present invention is to provide a network account anti-theft method, which includes the following steps: a, connecting an external network account anti-theft device having a unique serial number to the client;
  • the external network account anti-theft device encrypts the account verification information (such as the account user password, the serial number of the network account anti-theft device, etc., and the account user password is generally the account user's ⁇ intensity password or the second-level password). Requesting the account verification information ciphertext of the login to the server;
  • the network account anti-theft device uploads the information such as the account verification information ciphertext and the account number of the account to be uploaded to the application server through the client;
  • the application server decrypts the account verification information cipher from the external network account anti-theft device, and checks the account verification information (the account user password, the serial number, etc., the account user password is generally an account number).
  • the application server checks whether all the information is correct. If it is correct, the access is allowed. If there is an error, the access is stopped.
  • the task call, operation, storage of intermediate results, result check, synthesis or decomposition of plaintext and ciphertext of the encryption and decryption itself are completely carried out inside the user's external network account anti-theft device.
  • the present invention further includes the following method for periodically confirming valid online, comprising the following steps: the application server periodically sends a verification handshake signal encrypted by a dynamic encryption and a public key algorithm; and the external network account anti-theft device decrypts the verification handshake signal. ;
  • the network account anti-theft device generates an encrypted response handshake response ciphertext
  • the external network account anti-theft device uploads the handshake response ciphertext and the account number to the application server through the client through the network;
  • the application server decrypts the handshake response ciphertext
  • the application server checks whether all the information is correct, and continues to service if there is no error. If it is wrong, the connected application service is stopped.
  • the network account anti-theft method of the present invention further includes a method for exiting the service, including the following steps: when the client application login needs to be logged out, the client sends an exit service request to the application server, and the application server stops the accessed service;
  • the client prompts the user to remove the external network account anti-theft device.
  • the network account anti-theft method of the present invention further includes a method for synchronously adjusting the dynamic encryption/decryption circuit, which is specifically:
  • the network authentication server or the application server sends a synchronization adjustment signal to the external network account anti-theft device, thereby triggering the external network account anti-theft device to perform synchronization adjustment to maintain synchronization with the network authentication management server or the application server.
  • the network account anti-theft method of the present invention further includes a multi-application, multi-account simple login method, including the following steps: calling a client application login program;
  • the client login program sends an application service code or feature word corresponding to the currently logged-in application to the external network account anti-theft device;
  • the external network account anti-theft device sends all the accounts under the application service code or feature word stored in the internal to the client;
  • the client login program displays all accounts received from the external network account anti-theft device for the user to select;
  • the user selects the login account on the client and enters the login password.
  • the client login program sends the selected account information and login password to the external network account anti-theft device; the external network account anti-theft device checks whether the account information and the login password sent by the client are correct, and if there is an error, the login is stopped, if not, then Continue with step b.
  • the login password may be the owner password of the external network account anti-theft device or the primary password that the user can easily remember.
  • the external network account anti-theft device storing, in the external network account anti-theft device, a plurality of application service codes or feature words, and allowing some or all of the application service codes or feature words to be sold or issued to the network account in the external network account anti-theft device.
  • the application service is not bound. After the external network account anti-theft device is sold or issued to each user of the network account, the application service is additionally bound without changing the core confidential data area.
  • the network authentication server or the application server sends the encrypted synchronization adjustment signal to the external network account anti-theft device, and the external network account anti-theft device receives the synchronization adjustment.
  • the present invention also provides a network account anti-theft system, including: a client; and:
  • the external network account anti-theft device is connected to the client, and is used for encrypting the account verification information and the like by the dynamic encryption and the public key algorithm to generate an account verification information ciphertext for requesting login to the server;
  • the information ciphertext and the account number are uploaded to the application server on the network through the client; each of the external network account anti-theft devices has a unique serial number, and the core confidential data area that the client cannot access in any mode is internally provided.
  • 'Application server which decrypts and dynamically decrypts the account verification information ciphertext requested by the external network account anti-theft device through the public key algorithm, checks the account verification information, checks whether all the information is correct, and allows access without error. If there is an error, stop accessing;
  • the special programming device is configured to program the core confidential data area and other areas in the non-volatile memory in the external network account anti-theft device after being checked by the secure handshake communication protocol.
  • the network authentication server can be used to provide synchronization adjustment and other account anti-theft system management services.
  • the external network account anti-theft device includes:
  • a first random sequence generator for generating a configurable random sequence
  • non-volatile memory for storing serial number, account information, user password of an account (generally an account user's strength password or secondary password), a local public key, a private key, a coefficient factor of a random sequence, and the like;
  • Public key algorithm encryption circuit performing public key algorithm encryption
  • the control unit is mainly used to call the related information to synthesize the account verification information, the encryption operation call, and configure the first
  • the machine sequence generator performs synchronous adjustment according to the decrypted synchronization signal, and communicates with the client through the peripheral interface.
  • a second random sequence generator for generating a configurable random sequence
  • the public key algorithm decryption circuit decrypts the information by using a private key stored in the non-volatile memory
  • the control unit is mainly used for decrypting the operation call, configuring the second random sequence generator, etc., and verifying whether the serial number included in the signal sent by the application server after decryption is consistent with the serial number stored in the non-volatile memory. According to the decrypted synchronization signal, the synchronization is adjusted, and the client communicates through the peripheral interface.
  • the network account anti-theft device may also include a first random sequence generator for generating a configurable random sequence
  • non-volatile memory for storing serial number, account information, user password of an account (generally a high-strength password or a secondary password of an account user), a local public key, a private key, a coefficient factor of a random sequence, and the like;
  • the public key algorithm encryption circuit encrypts the account verification information and the account information stored in the non-volatile memory by a public key algorithm
  • the dynamic encryption circuit dynamically encrypts the encryption result of the public key algorithm by using a random sequence generated by the first random sequence generator
  • the control unit is mainly used for calling related information to synthesize account verification information, encrypting operation call, configuring the first random sequence generator, performing synchronous adjustment on the first random sequence generator according to the decrypted synchronization signal, and the client through the peripheral interface communication.
  • a second random sequence generator for generating a configurable random sequence
  • the dynamic decryption circuit dynamically decrypts the verification handshake signal encrypted by the dynamic encryption and public key algorithm periodically sent by the application server by using a random sequence generated by the second random sequence generator;
  • the public key algorithm decryption circuit decrypts the dynamically decrypted information by using a private key stored in the non-volatile memory
  • the control unit is mainly used for decrypting the operation call, configuring the second random sequence generator, etc., and verifying whether the serial number included in the signal sent by the application server after decryption is consistent with the serial number stored in the non-volatile memory. And synchronizing the second random sequence generator according to the decrypted synchronization signal from the application server, communicating with the client through the peripheral interface, and the like.
  • the external network account anti-theft device further includes:
  • a memory for storing intermediate data and working with the control unit
  • the network account anti-theft device may further comprise: a programming peripheral interface connected to the programming device, the interface needs to be activated by the communication protocol and the programming device verification handshake authentication;
  • the core confidential data area is disposed in a non-volatile memory, and is used for storing core confidential data such as a private key, a serial number, and the like that are not allowed to be accessed by an external device other than the programming device;
  • the control unit can be used to verify the handshake communication protocol between the programming peripheral interface and the programming device, and only allow the allowed specific module to access the core confidential data area in the non-volatile memory, and prohibit the interface that can be connected with the client.
  • the circuit accesses the core confidential data area and certain registers of each encryption and decryption circuit.
  • the invention combines the dynamic sequence agreed by the application server end and the external encryption anti-theft device for dynamic encryption and public key algorithm encryption, and the task call, the operation, the storage of the intermediate result, the result check, the plaintext and the encryption and decryption of the client itself.
  • the synthesis or decomposition of the ciphertext is completely carried out in the device (even in a single SOC chip in the device), regardless of the client software, and does not leave traces of data on the client hard disk, and there are any modes inside the chip.
  • the user has one device at hand, and can log in to multiple accounts on servers of different or the same service content on a client such as any PC or laptop connected to the network.
  • the network account anti-theft device can display on the client according to the specific application number corresponding to the currently logged-in client software and let the client select the account currently required to log in, and input a password for confirming the identity of the device owner, without inputting an account. , random numbers, etc., so login is easy to use.
  • FIG. 1 is a schematic structural diagram of a network account anti-theft system of the present invention.
  • FIG. 2 is a schematic structural diagram of an external network account anti-theft device of the present invention.
  • 3 is a flow chart of the network account anti-theft method of the present invention. detailed description
  • the network account anti-theft system of the present invention includes: an external network account anti-theft device 1, a client 2,
  • the application server 4, the network authentication management server 5, the programming device 6, the external network account anti-theft device and the client are connected through various communication interfaces such as USB, serial port, infrared, Bluetooth, etc., the client and the application server, and the network authentication management
  • the servers are connected via a network 3 (Internet, local area network, wireless network, etc.).
  • the external network account anti-theft device is connected to the client, and is used for verifying account information (such as an internally stored account user password (generally an account user's high-intensity password or a second-level password), a serial number, and an account information.
  • account information such as an internally stored account user password (generally an account user's high-intensity password or a second-level password), a serial number, and an account information.
  • the application server which requests the login account verification information ciphertext from the server to be decrypted and dynamically decrypted by the public key algorithm, and checks the user password of the account (generally the high-strength password or the secondary password of the account user) and the sequence. No information, etc., to check whether all information is correct, if it is correct, access is allowed, and if there is an error, access is stopped.
  • the programming device is configured to program the core confidential data area and other areas in the non-volatile memory in the external network account anti-theft device after being checked by the secure handshake communication protocol.
  • the external network account anti-theft device includes:
  • the non-volatile memory 11 is configured to store a coefficient component of the random sequence, a serial number, account information, a user password of the account (generally an account strength password or a secondary password of the account user), a local public key, a private key, and the like;
  • the first random sequence generator 7 is configured to generate a configurable random sequence according to a coefficient factor stored in the nonvolatile memory 11;
  • the dynamic encryption circuit 8 dynamically encrypts the serial number, account information, and the like stored in the nonvolatile memory 11 by using a random sequence generated by the first random sequence generator 7.
  • the public key encryption circuit 9 performs the public key encryption on the dynamically encrypted information
  • a second random sequence generator 19 configured to generate a configurable random sequence according to a coefficient factor stored in the nonvolatile memory 11;
  • the public key decryption circuit 16 performs a public key algorithm decryption on the verification handshake signal encrypted by the dynamic encryption and public key algorithm periodically sent by the application server by using the private key stored in the nonvolatile memory 11;
  • the dynamic decryption circuit 17 the information decrypted by the public key is dynamically decrypted by the random sequence generated by the second random sequence generator 19;
  • the control circuit 10 is configured to be used for calling the related information to synthesize the account verification information, and the encryption and decryption operation is called to configure the first random sequence generator to verify the serial number and the nonvolatile state of the signal sent by the application server after being decrypted. Whether the serial numbers stored in the sexual memory 11 are identical. Configuring a first random sequence generator ⁇ and a second random sequence The generator 19 and other modules trigger the first random sequence generator 7 and the second random sequence generator 19 to perform synchronization adjustment according to the synchronization adjustment signal, and the control interface circuit completes the communication protocol with the client.
  • the memory 18 is configured to store intermediate data and cooperate with the control unit 10.
  • the path selector 12 is configured to select a different interface control circuit 13, 14 to communicate with the client 2, and a programming peripheral interface 15 connected to the programming device, the interface needs to be authenticated by the communication handshake protocol and the programming device to be activated,
  • the core data area 20 and other data areas in the nonvolatile memory 11 are accessed and burned using the account security system dedicated programming device 6 in the secure mode.
  • the core confidential data area 20 is disposed in the non-volatile memory 11 for storing core secret data such as a private key, a serial number, and the like that are not allowed to be accessed by an external device other than the dedicated programming device;
  • the control unit 10 can also be used to verify the communication handshake protocol of the programming peripheral interface 15 and the dedicated programming device, and only allow the specific module to be allowed (such as the activated programming peripheral interface 15, the random sequence generator, the public key).
  • the encryption and decryption circuit, the dynamic encryption/decryption circuit, etc. can access the core confidential data area 20 in the non-volatile memory 11, and prohibit the interface circuit that can be connected to the client from accessing the core confidential data area 20 and some registers of the encryption and decryption circuits. .
  • the core secret data area in the non-volatile memory cannot be accessed through the client interface 13 or 14 in any mode. Therefore, hackers cannot access, steal, or tamper with data in core secret areas through the network and clients.
  • the network authentication server or the application server is configured to send a synchronization adjustment signal (transmitted by the public key algorithm to encrypt the ciphertext mode) to the external network account anti-theft device, thereby triggering the first random sequence generator 7 Synchronizing with the second random sequence generator 19 (e.g., resetting at the synchronization point state) to maintain synchronization with the random sequence of the network authentication management server 5 or the application server 4 (i.e., causing the random sequencer to be in a consistent state, such as Both are reset to their initial state).
  • a synchronization adjustment signal transmitted by the public key algorithm to encrypt the ciphertext mode
  • the order of the dynamic encryption circuit 8 and the public key encryption circuit 9 in the data path may be interchanged, and the order of the public key decryption circuit 16 and the dynamic decryption circuit 17 in the data path may also be interchanged, but The encryption and decryption order of the server corresponds.
  • the main process of the network account anti-theft method of the present invention is as follows:
  • Each external network anti-theft device 1 has a unique serial number burned in the internal non-volatile memory 11. The serial number between any two external network anti-theft devices 1 is different.
  • the non-volatile memory 11 in the external network account anti-theft device also stores an application number, a key, a random sequence generator factor, and the like, and a plurality of network accounts of the user,
  • Step 1 The user connects the external network account anti-theft device 1 to the client 2,
  • Step 2 The control unit 10 configures other modules in the external network account anti-theft device 1
  • Step 3 User client 2 Open the client application login interface.
  • Step 4 The client login program sends the application service code or feature word to the external network account anti-theft device, and informs the external network account anti-theft device 1 which application is currently logged in (such as the service platform B provided by the operator A), step 5, the external network
  • the account anti-theft device sends all the accounts under the application service code or feature word stored internally to the client:
  • the external network account anti-theft device 1 sends all the network accounts under the non-volatile storage port 11 (such as the service platform B provided by the operator A) to the client 2;
  • Step 6 The client login program displays the network account anti-theft device 1 for all accounts under the application, and the user selects the account to be logged in. (If there is only one, it can be automatically selected):
  • Step 7 The user fills in the login password (multiple accounts can use the same password, or different passwords, which can also be the owner password of the external network account anti-theft device or the primary password that the user can easily remember);
  • Step 8 The client login program of the client 2 transmits the password of the account selected by the user to the external network account anti-theft device through the interface.
  • Step 9 external network account anti-theft device 1 check to confirm whether the account password is correct; if there is a mistake, stop logging in, if the password is correct, continue to step 10;
  • Step 10 the control unit 10, the serial number stored in the non-volatile memory 11, the user password corresponding to the selected account (generally the high-intensity password or the second-level password of the account user, not the owner password of the device), and the account
  • the necessary information, the check sequence, and the like constitute account verification information, and together with the random sequence generated by the first random sequence generator 7, are dynamically encrypted by the dynamic encryption circuit 8, and the encrypted result is further subjected to the public key algorithm encryption circuit 9.
  • the login request ciphertext is generated; (the dynamic encryption algorithm and the public key encryption algorithm are both prior art and can be implemented in various manners.
  • the dynamic encryption method is specifically The configurable random series generated by the first random sequence generator 7 is subjected to a bitwise exclusive OR operation with data such as a serial number stored in the nonvolatile memory port, necessary information in the corresponding account, and the like. (The order of the public key algorithm and the dynamic encryption algorithm can be exchanged, but it needs to correspond to the application server decryption operation order)
  • Step 11 the external network account anti-theft device will request the login account verification information ciphertext and account number to the server 2 to the client 2;
  • Step 12 The application login program of the client 2 passes the network 3 to check the account verification information ciphertext and account of the login.
  • Step 13 The application server 4 passes the public key algorithm and dynamic decryption of the account verification information cipher requesting to log in, and checks the user password of the account (generally the high-strength password or the secondary password of the account user), the serial number, and the like. Step 14. The application server 4 checks whether all the information is correct. If there is an error, stop logging in, if it is correct, continue with step 15;
  • Step 15 The application server notifies the client, and the client software of the client 2 and the server software of the application server 4 normally serve the user.
  • the present invention may further include: the application server 4 may select whether to time and the external network account anti-theft device connected to the client 2 according to the needs of the operator. 1 The handshake is confirmed by an encrypted method to confirm that the login is always valid.
  • Step 16 The application server 4 periodically sends the verification handshake signal encrypted by the dynamic encryption and the public key algorithm to the external network account anti-theft device through the client 2;
  • Step 17 The external network account anti-theft device decrypts and verifies the verification handshake signal: first, the public key decryption circuit 16 decrypts the private key in the non-volatile memory 11 with a public key algorithm, and then uses the dynamic decryption circuit 17 The sequence generated by the second random sequencer generator 19 is dynamically decrypted.
  • the control unit 10 confirms that the serial number contained in the data sent by the application server 4 is confirmed in comparison with the serial number of the current local external network account anti-theft device 1 used by the user; (the order of the public key algorithm and the dynamic decryption algorithm can be exchanged, But it needs to correspond to the application server encryption operation order)
  • Step 18 The external network account anti-theft device 1 dynamically encrypts the random sequence generated by the first random sequence generator 7, the serial number stored in the non-volatile memory 11, and the necessary information in the corresponding account through the dynamic encryption circuit 8.
  • the public key encryption circuit 9 generates a handshake response message after public key encryption; (the order of the public key algorithm and the dynamic encryption algorithm can be exchanged, but needs to correspond to the application server decryption operation order)
  • Step 19 The external network account anti-theft device uploads the generated handshake response ciphertext and account number from the network 3 to the application server 4 through the client 2;
  • Step 20 The application server 4 decrypts the handshake response ciphertext through the public key algorithm and the dynamic decryption step 21, and the application server 4 checks whether all the information is correct. If the error is correct, the normal login is maintained; otherwise, the login is stopped, and the client is stopped. Software for user service.
  • the server can select whether to synchronize with the external network account of the user terminal according to the needs of the network application.
  • the anti-theft device uses an encrypted method to confirm that the login is always valid. The handshake should be automatically performed. In the case that the external network account anti-theft device is normal and effective, it is not required. The user manually intervenes and does not interfere with the application running.
  • the external encryption anti-theft device reserves and provides a plurality of application service codes or feature words in the non-volatile memory 11, wherein some or all of the application service codes or feature words are sold or issued to the network account anti-theft device for each user's fashion. No application services are bound. After the network account anti-theft device is sold or issued to each user of the network account, the application service may be additionally bound and the account information related to the application service may be saved without changing the core confidential data area.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un système de protection contre le vol pour compte de réseau et un procédé correspondant, le procédé technique comprenant essentiellement les étapes suivantes: a) un appareil externe de protection contre le vol avec un numéro de série unique est connecté au client; b) l'appareil externe de protection contre le vol génère un cryptographe d'information de vérification de compte pour une demande d'ouverture de session au serveur après le chiffrement de l'information de vérification de compte; c) l'appareil externe de protection contre le vol transmet le cryptographe de vérification de compte et le compte au serveur d'application sur le réseau à travers le client; d) le serveur d'application déchiffre le cryptographe d'information de vérification de compte, et vérifie l'information de vérification de compte; e) le serveur d'application vérifie l'ensemble de l'information afin de déterminer s'il y a erreur. Dans le système décrit, le programme de tâches de chiffrement et de déchiffrement, le calcul, le stockage du résultat intermédiaire, la vérification du résultat, et la combinaison et la séparation du texte et du cryptographe sont toutes traitées au sein de l'appareil.
PCT/CN2007/000294 2006-01-26 2007-01-26 Système de protection contre le vol pour compte de réseau et procédé correspondant WO2007087748A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 200610023658 CN1808975B (zh) 2006-01-26 2006-01-26 一种网络帐号防盗系统及其方法
CN200610023658.X 2006-01-26

Publications (1)

Publication Number Publication Date
WO2007087748A1 true WO2007087748A1 (fr) 2007-08-09

Family

ID=36840682

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/000294 WO2007087748A1 (fr) 2006-01-26 2007-01-26 Système de protection contre le vol pour compte de réseau et procédé correspondant

Country Status (2)

Country Link
CN (1) CN1808975B (fr)
WO (1) WO2007087748A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110535850A (zh) * 2019-08-26 2019-12-03 腾讯科技(武汉)有限公司 帐号登录的处理方法和装置、存储介质及电子装置
CN111711628A (zh) * 2020-06-16 2020-09-25 北京字节跳动网络技术有限公司 网络通信身份认证方法、装置、系统、设备及存储介质

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101170676B (zh) * 2007-11-19 2010-09-29 中兴通讯股份有限公司 交互式网络电视系统用户登录信息加密方法及系统
CN102523503B (zh) * 2011-12-19 2014-08-20 华为技术有限公司 一种视频点播控制方法及相关设备、系统
CN108322508B (zh) * 2017-12-28 2021-07-13 天地融科技股份有限公司 一种利用安全设备执行安全操作的方法及系统
CN112134885A (zh) * 2020-09-23 2020-12-25 国网江苏省电力有限公司泰州供电分公司 一种互联网终端访问加密的方法和系统
CN112637378B (zh) * 2020-12-23 2023-02-03 携程旅游信息技术(上海)有限公司 基于用户的网络地址关联方法、系统、设备及存储介质
CN114344915A (zh) * 2021-12-29 2022-04-15 深圳方舟互动科技有限公司 基于ai智能识别的网络游戏交互方法

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020046188A1 (en) * 2000-06-12 2002-04-18 Burges Ronald Llewellyn Electronic deposit box system
CN1595948A (zh) * 2003-09-10 2005-03-16 华为技术有限公司 一种通过手机获取一次性密码的方法

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6851060B1 (en) * 1999-07-15 2005-02-01 International Business Machines Corporation User control of web browser user data
CN1232067C (zh) * 2001-01-03 2005-12-14 周学军 一次一密自循环平衡态下数据加密传输交换的方法及软封闭式管理系统
FR2825209A1 (fr) * 2001-05-23 2002-11-29 Thomson Licensing Sa Dispositifs et procede de securisation et d'identification de messages
CN1310464C (zh) * 2002-09-24 2007-04-11 黎明网络有限公司 一种基于公开密钥体系的数据安全传输的方法及其装置
CN100492968C (zh) * 2004-11-26 2009-05-27 王小矿 基于动态密码的防伪方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020046188A1 (en) * 2000-06-12 2002-04-18 Burges Ronald Llewellyn Electronic deposit box system
CN1595948A (zh) * 2003-09-10 2005-03-16 华为技术有限公司 一种通过手机获取一次性密码的方法

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110535850A (zh) * 2019-08-26 2019-12-03 腾讯科技(武汉)有限公司 帐号登录的处理方法和装置、存储介质及电子装置
CN110535850B (zh) * 2019-08-26 2022-07-29 腾讯科技(武汉)有限公司 帐号登录的处理方法和装置、存储介质及电子装置
CN111711628A (zh) * 2020-06-16 2020-09-25 北京字节跳动网络技术有限公司 网络通信身份认证方法、装置、系统、设备及存储介质
CN111711628B (zh) * 2020-06-16 2022-10-21 北京字节跳动网络技术有限公司 网络通信身份认证方法、装置、系统、设备及存储介质

Also Published As

Publication number Publication date
CN1808975B (zh) 2010-09-08
CN1808975A (zh) 2006-07-26

Similar Documents

Publication Publication Date Title
US8930700B2 (en) Remote device secure data file storage system and method
US6230272B1 (en) System and method for protecting a multipurpose data string used for both decrypting data and for authenticating a user
US11501294B2 (en) Method and device for providing and obtaining graphic code information, and terminal
EP1349034B1 (fr) Système de fourniture de services dans lequel des services sont fournis d'un appareil de fourniture de services à un appareil d'utilisateur de services via unréseau
US7155616B1 (en) Computer network comprising network authentication facilities implemented in a disk drive
US6983381B2 (en) Methods for pre-authentication of users using one-time passwords
US9160732B2 (en) System and methods for online authentication
JP4617763B2 (ja) 機器認証システム、機器認証サーバ、端末機器、機器認証方法、および機器認証プログラム
US7181762B2 (en) Apparatus for pre-authentication of users using one-time passwords
CN104798083B (zh) 用于验证访问请求的方法和系统
US6044154A (en) Remote generated, device identifier key for use with a dual-key reflexive encryption security system
US8209753B2 (en) Universal secure messaging for remote security tokens
CN109076090B (zh) 更新生物特征数据模板
US20050044367A1 (en) Enabling and disabling software features
US20100191967A1 (en) Client apparatus, server apparatus, and program
RU2584500C2 (ru) Криптографический способ аутентификации и идентификации с шифрованием в реальном времени
US9443068B2 (en) System and method for preventing unauthorized access to information
WO2007087748A1 (fr) Système de protection contre le vol pour compte de réseau et procédé correspondant
WO2007132946A1 (fr) Dispositif d'authentification utilisant un élément de génération de nombre aléatoire intrinsèque ou de nombre pseudo-aléatoire, appareil d'authentification et procédé d'authentification
US8397281B2 (en) Service assisted secret provisioning
EP3513539B1 (fr) Connexion et authentification d'utilisateur sans mot de passe
CN102025748B (zh) 获取Kerberos认证方式的用户名的方法、装置和系统
WO2017050152A1 (fr) Système de sécurité de mot de passe adopté par un appareil mobile et procédé de saisie de mot de passe sécurisé de celui-ci
JP2006522507A (ja) セキュア通信システム及びセキュア通信方法
JP2004528624A (ja) ワンタイムパスワードを用いてユーザを事前認証する装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07710844

Country of ref document: EP

Kind code of ref document: A1