WO2017084572A1 - Encryption method for clear-text passwords - Google Patents

Encryption method for clear-text passwords Download PDF

Info

Publication number
WO2017084572A1
WO2017084572A1 PCT/CN2016/106026 CN2016106026W WO2017084572A1 WO 2017084572 A1 WO2017084572 A1 WO 2017084572A1 CN 2016106026 W CN2016106026 W CN 2016106026W WO 2017084572 A1 WO2017084572 A1 WO 2017084572A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
passwords
text box
user
plaintext
Prior art date
Application number
PCT/CN2016/106026
Other languages
French (fr)
Chinese (zh)
Inventor
徐江锋
Original Assignee
徐江锋
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 徐江锋 filed Critical 徐江锋
Publication of WO2017084572A1 publication Critical patent/WO2017084572A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Definitions

  • the present invention relates to the field of all password authentication, and more particularly to the fields of mobile payment, bank payment, and password security used in network account payment.
  • passwords are an important means for us to verify the identity of users. Whether it is bank withdrawals, shopping mall pos machines, securities transactions, mobile payments, web applications, even work logins, access control, etc., passwords are required. However, these passwords are mostly six-digit fixed-digit passwords.
  • the network application passwords also add letters, symbols, capitalization, etc. Although some passwords have added security measures, but frequently lose passwords in public, there are still security risks, such as: An acquaintance is embarrassed to avoid it. The stranger is inconvenient to block it. The criminals are telephoto, causing people to lose property due to the password being sneaked.
  • the network is spoofed by the Trojan virus and phishing websites.
  • the purpose of the present invention is to solve the problem that the existing fixed-value passwords are easily sneaked and leaked, and the security is poor.
  • the network side causes a huge amount of property due to the hacking of the Trojan virus and the phishing website.
  • the problem of loss, and the introduction of a clear text password encryption method is to solve the problem that the existing fixed-value passwords are easily sneaked and leaked, and the security is poor.
  • the technical solution adopted is: a method for encrypting a plaintext password, characterized in that the method is to arrange nine or more labels in an orderly manner in a password input interface, The tags randomly display a candidate character, each tag has a unique location code corresponding thereto; the correct password stored in the password database is a password algorithm set by the user in combination with the location code; when the user is in the password text box of the password input interface Entering the pending password is equivalent to replacing the location code in the cryptographic algorithm with the current one.
  • the position code corresponds to the calculation result obtained by calculating the candidate character to be displayed, and the password verification is passed.
  • the candidate characters randomly displayed in each label are randomly displayed with any number, letter or symbol; or the randomly selected graphic or color is used to replace the candidate characters; or the color is combined with the candidate characters.
  • Each of the labels is arranged in two or more rows, each row being three or more.
  • the number of the password text boxes is 2-6, and each password text box allows one character to be input.
  • the password text box includes more than one real password box, and the rest is a misleading password box; each real password text box is set with a corresponding password algorithm, and the password to be verified is input in the real password text box. Verify; the password to be tested entered in the misleading password box does not need to be verified.
  • the cryptographic algorithm includes a fixed value, a candidate character corresponding to the display of the position code, and an arithmetic operation of the candidate character corresponding to the display of the position code.
  • the number of the password text boxes is four, each password text box allows one character to be input, the first two password text boxes use a set of password algorithms, and the latter two password text boxes use a set of password algorithms.
  • the beneficial effects of the present invention are:
  • the present invention is a simple and fast encryption method capable of inputting a password as a stranger;
  • the correct password stored in the password database is a cryptographic algorithm set by the user in combination with the location code, and is not It is a fixed number or letter preset by the user.
  • the cryptographic algorithm is relatively simple and easy to remember, and can be used mainly for small payment and simplified payment operations. For large payment, a relatively complicated cryptographic algorithm can be used, which requires secondary verification or secondary verification in combination with traditional encryption methods.
  • the encryption method can adopt various algorithms such as force reduction, multiplication, multiplication, position code, fixed value code, misdirect code, color positioning code, etc., the user can select a suitable and easy to remember method to set.
  • DRAWINGS Brief description of the encryption algorithm DRAWINGS
  • FIG. 1 is a schematic diagram of a password input interface of Cases 1 to 4 of the present invention.
  • FIG. 2 is a schematic diagram of a password input interface of Case 5 of the present invention.
  • the encryption method of the plaintext password of the present invention is that more than nine tags are arranged in an orderly manner in the password input interface, and each tag randomly displays one candidate character, and each tag has a unique location code corresponding thereto;
  • the correct password stored in the database is the password algorithm set by the user in combination with the location code; when the password entered by the user in the password text box of the password input interface is equal to replacing the location code in the password algorithm with the candidate to be displayed corresponding to the current location code
  • the calculation result obtained by the character calculation ⁇ the password verification is passed.
  • the above ordered arrangement may be a rectangular array, a circular array, for example: 9 labels, a 3 * 3 rectangular array; 18 labels, a 2 * 9 rectangular array; 27 labels, a 3 * 9 rectangle Array, 12 tags, in a circular array.
  • the candidate character randomly displayed in each label may be randomly displayed with any number, letter or symbol; or the randomly selected graphic or color may be used to replace the candidate character; or the color may be combined with the candidate character.
  • the number of password text boxes is 2 ⁇ 6, and each password text box allows one character to be input.
  • the number of the password text boxes is four, each password text box allows one character to be input, the first two password text boxes use a set of password algorithms, and the latter two password text boxes use a set of password algorithms.
  • 18 labels are displayed in the password input interface, and 18 labels are arranged in a 2*9 rectangular array, that is, divided into upper and lower rows, 9 in each row; the position codes of the upper 9 labels are respectively It is A1 ⁇ A9; the position codes of the next 9 labels are B1 ⁇ B9 respectively; the number of password text boxes is 4, the numbers are respectively Ml, M2, M3, M4; if the user corresponds to the password text boxes M1 and M2 A set of cryptographic algorithms is set to: A2+B1, a set of cryptographic algorithms corresponding to the ciphertext boxes M3 and M4 are set to: A8*A7; as shown in Figure 1, label A2
  • the password text box Ml enters ten digits: "1”
  • the password text box M2 enters the single digit: "3"
  • the text box M4 enters a single digit: "4"; that is, the passwords to be checked in the password text boxes M1, M2, M3, and M4 through the keyboard are "1", "3", "2", "4". ⁇ Verification passed; otherwise, the verification fails, and the candidate characters displayed on all the labels are re-randomly generated.
  • each row of three consecutive labels is a group, and the interval between each group is appropriately increased.
  • the cryptographic algorithm may adopt a fixed value manner, for example, a set of cryptographic algorithms corresponding to the cipher text boxes M3 and M4 are set to fixed values: “8” and "9” Then, in Figure 1, only the passwords to be checked in the password text boxes M1, M2, M3, and M4 through the keyboard are "1", "3", "8", "9", and the password is entered. ⁇ , the correct password for the password text box Ml, M2 is variable, and the correct password for the password text box M3, M4 is a fixed value: "8" and "9".
  • the password text box contains more than one real password box, and the rest is a misleading password box; each real password text box is set with a corresponding password algorithm, and the real password text box is input.
  • the password to be verified needs to be verified; the password to be tested entered in the misleading password box does not need to be verified.
  • the password text boxes M1 and M2 in Case 2 are set as the real password box, and the password text boxes M3 and M4 are set as the misleading password box, then in FIG. 1, the password to be checked is input in the password text boxes M1 and M2 through the keyboard.
  • the candidate character corresponding to the displayed position code is directly equivalent to the cryptographic algorithm.
  • the cipher algorithm corresponding to the cipher text box M1 in FIG. 1 is Al
  • the cipher algorithm corresponding to the cipher text box M2 is B3.
  • the password algorithm corresponding to the password text box M3 is A7
  • the password algorithm corresponding to the password text box M4 is B9; the passwords to be checked in the password text boxes M1, M2, M3, and M4 by the keyboard are "2", "9".
  • 18 labels are displayed in the password input interface, and 18 labels are arranged in a 2*9 rectangular array, that is, divided into upper and lower rows, 9 in each row; each label randomly displays a color
  • the password algorithm is the N-bit color after the preset color; for example: the password algorithm corresponding to the password text box M1 is red + 2 digits, then the password text box M1 should be blue, and the blue color can be directly clicked by the mouse. Label; if there are four password text boxes, and so on.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

An encryption method for clear-text passwords relates to the field of authentication of all passwords, in particular to the field of security of passwords used in mobile terminal payment, bank payment and network account payment, and the like. Technical defects of easiness in peeping and leaking existing fixed-number passwords and poor security and the problem of huge property loss brought by stolen passwords on a network side caused by Trojan horse virus and inveigling of a fishing website are resolved. The method comprises: orderly arrange nine or more labels in a password input interface, each label randomly displaying one to-be-selected character, and each label having an unique position code corresponding to same; correct passwords stored in a password database are a password algorithm set by a user by combining with the position codes; and when to-be-checked passwords input in a password textbox of the password input interface by the user are equal to a computing result obtained by replacing the position codes in the password algorithm into the to-be-selected character correspondingly displayed by a current position code for computation, password authentication succeeds. The encryption method is simple and fast, and passwords can be input in stranger's presence; and correct to-be-checked passwords requiring to be input for each login or payment operation by a user are different, the user does not need to worry about peeping by others, and safety is achieved.

Description

一种明文密码的加密方法 技术领域  Encryption method for plaintext password
[0001] 本发明涉及到所有密码验证领域, 尤其涉及到移动端支付, 银行支付, 网络账 户支付中所使用密码安全等领域。  [0001] The present invention relates to the field of all password authentication, and more particularly to the fields of mobile payment, bank payment, and password security used in network account payment.
背景技术  Background technique
[0002] 在日常生活中, 密码是我们验证用户身份的重要手段, 无论是银行取款, 商场 pos机, 证券交易, 移动支付, 网络应用, 甚至工作登陆, 门禁通行等等, 都需 要输入密码, 但是这些密码大都是六位固定数字密码, 网络应用密码还增加了 字母、 符号、 大小写等形式, 一些密码虽然增加了安全措施, 但是在公共场合 下频繁输密码, 仍然有安全隐患, 比如: 熟人在旁吋不好意思避让, 陌生人在 旁有吋不方便遮挡, 不法分子远距离摄像, 使人们由于密码被偷窥而造成财产 损失, 网络端因木马病毒和钓鱼网站诱骗而导致密码被盗带来巨额财产损失的 问题, 所以用户对当前帐户安全的信任度仍旧不够高, 特别是移动支付领域, 造成移动支付领域推广困难。 支付领域虽然也有小额免密, 但不够灵活, 所以 人们迫切希望能有更安全的措施或方法来保护公民的财产和信息安全。  [0002] In daily life, passwords are an important means for us to verify the identity of users. Whether it is bank withdrawals, shopping mall pos machines, securities transactions, mobile payments, web applications, even work logins, access control, etc., passwords are required. However, these passwords are mostly six-digit fixed-digit passwords. The network application passwords also add letters, symbols, capitalization, etc. Although some passwords have added security measures, but frequently lose passwords in public, there are still security risks, such as: An acquaintance is embarrassed to avoid it. The stranger is inconvenient to block it. The criminals are telephoto, causing people to lose property due to the password being sneaked. The network is spoofed by the Trojan virus and phishing websites. The problem of huge property losses, so the user's trust in the current account security is still not high enough, especially in the field of mobile payment, resulting in difficulty in the promotion of mobile payment. Although the payment field also has a small amount of confidentiality, it is not flexible enough, so people are eager to have safer measures or methods to protect citizens' property and information security.
技术问题  technical problem
[0003] 综上所述, 本发明的目的在于解决现有的固定数值的密码容易被偷窥漏泄, 安 全性差的技术不足, 网络端因木马病毒和钓鱼网站诱骗而导致密码被盗带来巨 额财产损失的问题, 而提出一种明文密码的加密方法。  [0003] In summary, the purpose of the present invention is to solve the problem that the existing fixed-value passwords are easily sneaked and leaked, and the security is poor. The network side causes a huge amount of property due to the hacking of the Trojan virus and the phishing website. The problem of loss, and the introduction of a clear text password encryption method.
问题的解决方案  Problem solution
技术解决方案  Technical solution
[0004] 为解决本发明所提出的技术问题, 采用的技术方案为: 一种明文密码的加密方 法, 其特征在于所述方法是在密码输入界面中有序排列出九个以上的标签, 每 个标签随机显示一个待选字符, 每个标签均有一个唯一与其对应的位置码; 密 码数据库储存的正确密码为用户结合位置码设定的密码算法; 当用户在密码输 入界面的密码文本框中输入的待验密码等于将密码算法中的位置码替换成当前 位置码对应显示的待选字符计算获得的计算结果吋, 密码验证通过。 [0004] In order to solve the technical problem proposed by the present invention, the technical solution adopted is: a method for encrypting a plaintext password, characterized in that the method is to arrange nine or more labels in an orderly manner in a password input interface, The tags randomly display a candidate character, each tag has a unique location code corresponding thereto; the correct password stored in the password database is a password algorithm set by the user in combination with the location code; when the user is in the password text box of the password input interface Entering the pending password is equivalent to replacing the location code in the cryptographic algorithm with the current one. The position code corresponds to the calculation result obtained by calculating the candidate character to be displayed, and the password verification is passed.
[0005] 当用户在密码输入界面的密码文本框中输入的待验密码不等于将密码算法中的 位置码替换成当前位置码对应显示的待选字符计算获得的计算结果吋, 密码验 证失败, 同吋对所有标签上显示的待选字符进行重新生成。  [0005] When the user enters the password to be verified in the password text box of the password input interface is not equal to the calculation result obtained by replacing the location code in the password algorithm with the candidate character displayed corresponding to the current location code, the password verification fails. The peer regenerates the candidate characters displayed on all labels.
[0006] 每个标签随机显示的待选字符为随机显示任意一个数字、 字母或符号; 或者采 用随机显示的图形或颜色取替待选字符; 或者采用颜色与待选字符相组合。  [0006] The candidate characters randomly displayed in each label are randomly displayed with any number, letter or symbol; or the randomly selected graphic or color is used to replace the candidate characters; or the color is combined with the candidate characters.
[0007] 所述各标签排列成两排以上, 每排三个以上。  [0007] Each of the labels is arranged in two or more rows, each row being three or more.
[0008] 所述的密码文本框数量为 2~6个, 每个密码文本框允许输入一位字符。  [0008] The number of the password text boxes is 2-6, and each password text box allows one character to be input.
[0009] 所述的密码文本框包含有一个以上的真实密码框, 其余为误导密码框; 每一个 真实密码文本框设置一个与之对应的密码算法, 真实密码文本框中输入的待验 密码需要进行验证; 误导密码框输入的待验密码无需进行验证。 [0009] The password text box includes more than one real password box, and the rest is a misleading password box; each real password text box is set with a corresponding password algorithm, and the password to be verified is input in the real password text box. Verify; the password to be tested entered in the misleading password box does not need to be verified.
[0010] 所述的密码算法包括有固定值、 位置码对应显示的待选字符、 位置码对应显示 的待选字符算术运算运算。 [0010] The cryptographic algorithm includes a fixed value, a candidate character corresponding to the display of the position code, and an arithmetic operation of the candidate character corresponding to the display of the position code.
[0011] 所述的密码文本框数量为 4个, 每个密码文本框允许输入一位字符, 前面两个 密码文本框采用一组密码算法, 后面两个密码文本框采用一组密码算法。  [0011] The number of the password text boxes is four, each password text box allows one character to be input, the first two password text boxes use a set of password algorithms, and the latter two password text boxes use a set of password algorithms.
发明的有益效果  Advantageous effects of the invention
有益效果  Beneficial effect
[0012] 本发明的有益效果为: 本发明是一种简单、 快捷, 可以当陌生人面输密码的加 密方法; 由于密码数据库储存的正确密码为用户结合位置码设定的密码算法, 而并非是用户预设的固定数字或字母, 每次用户输入的登陆或支付操作所输入 需要的正确待验密码是不相同的, 无须担心被人偷窥, 安全有保障。 密码算法 相对简单易记吋, 主要可用于小额支付, 简化支付操作; 对于大额支付吋, 可 以采用相对较复杂的密码算法, 需进行二次验证, 或结合传统加密方法进行二 次验证。  [0012] The beneficial effects of the present invention are: The present invention is a simple and fast encryption method capable of inputting a password as a stranger; the correct password stored in the password database is a cryptographic algorithm set by the user in combination with the location code, and is not It is a fixed number or letter preset by the user. Each time the user enters the login or payment operation, the correct password to be checked is not the same, and there is no need to worry about being voyeuristic, and it is safe and secure. The cryptographic algorithm is relatively simple and easy to remember, and can be used mainly for small payment and simplified payment operations. For large payment, a relatively complicated cryptographic algorithm can be used, which requires secondary verification or secondary verification in combination with traditional encryption methods.
[0013] 由于此加密方法可采用: 力^ 减、 乘、 混算、 位置码、 固定值码、 误导码、 颜 色定位码等多种算法, 用户可以选择自己适合的易记忆的方法来设定加密算法 对附图的简要说明 附图说明 [0013] Since the encryption method can adopt various algorithms such as force reduction, multiplication, multiplication, position code, fixed value code, misdirect code, color positioning code, etc., the user can select a suitable and easy to remember method to set. Brief description of the encryption algorithm DRAWINGS
[0014] 图 1为本发明案例 1~4的密码输入界面示意图;  1 is a schematic diagram of a password input interface of Cases 1 to 4 of the present invention;
[0015] 图 2为本发明案例 5的密码输入界面示意图。 2 is a schematic diagram of a password input interface of Case 5 of the present invention.
实施该发明的最佳实施例  BEST MODE FOR CARRYING OUT THE INVENTION
本发明的最佳实施方式  BEST MODE FOR CARRYING OUT THE INVENTION
[0016] 以下结合附图本发明优选的具体实施例对本发明的结构作进一步地说明。 [0016] The structure of the present invention will be further described below in conjunction with the preferred embodiments of the present invention.
[0017] 本发明明文密码的加密方法是在密码输入界面中有序排列出九个以上的标签, 每个标签随机显示一个待选字符, 每个标签均有一个唯一与其对应的位置码; 密码数据库储存的正确密码为用户结合位置码设定的密码算法; 当用户在密码 输入界面的密码文本框中输入的待验密码等于将密码算法中的位置码替换成当 前位置码对应显示的待选字符计算获得的计算结果吋, 密码验证通过。 当用户 在密码输入界面的密码文本框中输入的待验密码不等于将密码算法中的位置码 替换成当前位置码对应显示的待选字符计算获得的计算结果吋, 密码验证失败 , 同吋对所有标签上显示的待选字符进行重新生成。 [0017] The encryption method of the plaintext password of the present invention is that more than nine tags are arranged in an orderly manner in the password input interface, and each tag randomly displays one candidate character, and each tag has a unique location code corresponding thereto; The correct password stored in the database is the password algorithm set by the user in combination with the location code; when the password entered by the user in the password text box of the password input interface is equal to replacing the location code in the password algorithm with the candidate to be displayed corresponding to the current location code The calculation result obtained by the character calculation 吋, the password verification is passed. When the password to be verified entered by the user in the password text box of the password input interface is not equal to the calculation result obtained by replacing the location code in the password algorithm with the candidate character displayed corresponding to the current location code, the password verification fails, and the pair fails. The candidate characters displayed on all labels are regenerated.
[0018] 其中, 上述有序排列可以是矩形阵列、 环形阵列, 例如: 9个标签, 呈 3*3矩形 阵列; 18个标签, 呈 2*9矩形阵列; 27个标签, 呈 3*9矩形阵列, 12个标签, 呈 环形阵列。 [0018] wherein, the above ordered arrangement may be a rectangular array, a circular array, for example: 9 labels, a 3 * 3 rectangular array; 18 labels, a 2 * 9 rectangular array; 27 labels, a 3 * 9 rectangle Array, 12 tags, in a circular array.
[0019] 每个标签随机显示的待选字符可以为随机显示任意一个数字、 字母或符号; 或 者采用随机显示的图形或颜色取替待选字符; 或者采用颜色与待选字符相组合 。 密码文本框数量为 2~6个, 每个密码文本框允许输入一位字符。 优选为所述的 密码文本框数量为 4个, 每个密码文本框允许输入一位字符, 前面两个密码文本 框采用一组密码算法, 后面两个密码文本框采用一组密码算法。  [0019] The candidate character randomly displayed in each label may be randomly displayed with any number, letter or symbol; or the randomly selected graphic or color may be used to replace the candidate character; or the color may be combined with the candidate character. The number of password text boxes is 2~6, and each password text box allows one character to be input. Preferably, the number of the password text boxes is four, each password text box allows one character to be input, the first two password text boxes use a set of password algorithms, and the latter two password text boxes use a set of password algorithms.
[0020] 案例 1 -运算码加密  [0020] Case 1 - Opcode Encryption
[0021] 参照图 1中所示, 密码输入界面中显示 18个标签, 18个标签呈 2*9矩形阵列, 也 即分成上下两排, 每排 9个; 上排 9个标签的位置码分别为 A1~A9; 下排 9个标签 的位置码分别为 B1~B9; 密码文本框数量为 4个, 其编号分别 Ml、 M2、 M3、 M4 ; 假如当用户将密码文本框 Ml和 M2对应的一组密码算法设定为: A2+B1 , 密码 文本框 M3和 M4对应的一组密码算法设定为: A8*A7; 按图 1中所示的, 标签 A2 、 Bl随机显示的待选字符分别为数字 5、 8, A2+B1 = 5+8 = 13 , 也即是将密码算 法中的位置码替换成当前位置码对应显示的待选字符计算获得的计算结果为 13 , 密码文本框 Ml输入十位数: "1"、 密码文本框 M2输入个位数: "3"; 标签 A8 、 A7随机显示的待选字符分别为数字 3、 8, A8*A7 = 3*8 = 24, 也即是将密码算 法中的位置码替换成当前位置码对应显示的待选字符计算获得的计算结果为 24 , 密码文本框 M3输入十位数: "2"、 密码文本框 M4输入个位数: "4"; 也即是通 过键盘在密码文本框 Ml、 M2、 M3、 M4中依次的待验密码为 "1"、 "3"、 "2"、 "4 "吋验证通过; 否则验证失败, 同吋对所有标签上显示的待选字符进行重新随机 生成。 为了方便用户快速清楚识别标签的位置码, 每排连续三个标签为一组, 每组之间间隔适当增大。 [0021] Referring to FIG. 1, 18 labels are displayed in the password input interface, and 18 labels are arranged in a 2*9 rectangular array, that is, divided into upper and lower rows, 9 in each row; the position codes of the upper 9 labels are respectively It is A1~A9; the position codes of the next 9 labels are B1~B9 respectively; the number of password text boxes is 4, the numbers are respectively Ml, M2, M3, M4; if the user corresponds to the password text boxes M1 and M2 A set of cryptographic algorithms is set to: A2+B1, a set of cryptographic algorithms corresponding to the ciphertext boxes M3 and M4 are set to: A8*A7; as shown in Figure 1, label A2 The candidate characters randomly displayed by Bl are the numbers 5, 8, A2+B1 = 5+8 = 13, which is the calculation obtained by replacing the position code in the cryptographic algorithm with the candidate character corresponding to the current position code. The result is 13, the password text box Ml enters ten digits: "1", the password text box M2 enters the single digit: "3"; the randomly selected characters of the labels A8 and A7 are the numbers 3, 8, A8*A7 = 3*8 = 24, that is, the calculation result obtained by replacing the position code in the cryptographic algorithm with the candidate character displayed corresponding to the current position code is 24, and the cipher text box M3 is input with ten digits: "2", password The text box M4 enters a single digit: "4"; that is, the passwords to be checked in the password text boxes M1, M2, M3, and M4 through the keyboard are "1", "3", "2", "4".吋Verification passed; otherwise, the verification fails, and the candidate characters displayed on all the labels are re-randomly generated. In order to facilitate the user to quickly and clearly identify the position code of the label, each row of three consecutive labels is a group, and the interval between each group is appropriately increased.
[0022] 案例 2—固定值码加密 [0022] Case 2 - Fixed Value Code Encryption
[0023] 为了简化案例 1的密码算法, 便于记忆, 密码算法可以采用固定值的方式, 例 如将密码文本框 M3和 M4对应的一组密码算法设定为固定值: "8"和" 9", 那么图 1中, 只有通过键盘在密码文本框 Ml、 M2、 M3、 M4中依次的待验密码为 "1"、 " 3"、 "8"、 "9"吋验证通过; 每次密码输入吋, 密码文本框 Ml、 M2正确的待验密 码为可变的, 密码文本框 M3、 M4正确的待验密码为固定值: "8"和" 9"。  [0023] In order to simplify the cryptographic algorithm of Case 1, for easy memory, the cryptographic algorithm may adopt a fixed value manner, for example, a set of cryptographic algorithms corresponding to the cipher text boxes M3 and M4 are set to fixed values: "8" and "9" Then, in Figure 1, only the passwords to be checked in the password text boxes M1, M2, M3, and M4 through the keyboard are "1", "3", "8", "9", and the password is entered.吋, the correct password for the password text box Ml, M2 is variable, and the correct password for the password text box M3, M4 is a fixed value: "8" and "9".
[0024] 案例 3—误导码加密  [0024] Case 3 - Misleading Code Encryption
[0025] 为了对案例 2再进一步简化, 密码文本框包含有一个以上的真实密码框, 其余 为误导密码框; 每一个真实密码文本框设置一个与之对应的密码算法, 真实密 码文本框中输入的待验密码需要进行验证; 误导密码框输入的待验密码无需进 行验证。 例如, 将案例 2中密码文本框 Ml、 M2设为真实密码框, 密码文本框 M3 、 M4设为误导密码框, 那么图 1中, 只要通过键盘在密码文本框 Ml、 M2输入待 验密码 "1"、 "3"即可验证通过; 密码文本框 M3、 M4中可以输入任意数字, 目的 在于避免根据密码文本框 Ml、 M2输入待验密码反推出密码文本框 Ml和 M2对应 的密码算法 A2+B1。  [0025] In order to further simplify Case 2, the password text box contains more than one real password box, and the rest is a misleading password box; each real password text box is set with a corresponding password algorithm, and the real password text box is input. The password to be verified needs to be verified; the password to be tested entered in the misleading password box does not need to be verified. For example, if the password text boxes M1 and M2 in Case 2 are set as the real password box, and the password text boxes M3 and M4 are set as the misleading password box, then in FIG. 1, the password to be checked is input in the password text boxes M1 and M2 through the keyboard. 1", "3" can be verified; any number can be entered in the password text box M3, M4, the purpose is to avoid entering the password to be verified according to the password text box Ml, M2, and the password algorithm A2 corresponding to the password text boxes M1 and M2 +B1.
[0026] 案例 4 -位置码加密 Case 4 - Location Code Encryption
[0027] 为简化密码算法, 位置码对应显示的待选字符直接等同密码算法, 例如将图 1 中的密码文本框 Ml对应的密码算法为 Al, 密码文本框 M2对应的密码算法为 B3 , 密码文本框 M3对应的密码算法为 A7, 密码文本框 M4对应的密码算法为 B9; 通过键盘在密码文本框 Ml、 M2、 M3、 M4中依次的待验密码为 "2"、 "9"、 "8"、 "7"吋验证通过; 用户只需记住四个标签的位置码即可, 将标签 Al、 B3、 A7、 B 9每次显示的待选字符输入四个密码文本框 Ml、 M2、 M3、 M4中即可。 [0027] In order to simplify the cryptographic algorithm, the candidate character corresponding to the displayed position code is directly equivalent to the cryptographic algorithm. For example, the cipher algorithm corresponding to the cipher text box M1 in FIG. 1 is Al, and the cipher algorithm corresponding to the cipher text box M2 is B3. The password algorithm corresponding to the password text box M3 is A7, and the password algorithm corresponding to the password text box M4 is B9; the passwords to be checked in the password text boxes M1, M2, M3, and M4 by the keyboard are "2", "9". , "8", "7" 吋 pass the verification; the user only needs to remember the position code of the four labels, and input the candidate characters displayed by the labels Al, B3, A7, B 9 each time into the four password text boxes Ml , M2, M3, M4 can be.
[0028] 例案 5 -颜色定位码加密 [0028] Example 5 - Color Location Code Encryption
[0029] 参照图 2中所示, 密码输入界面中显示 18个标签, 18个标签呈 2*9矩形阵列, 也 即分成上下两排, 每排 9个; 每个标签随机显示一种颜色, 密码算法为预设颜色 之后 N位颜色; 例如: 密码文本框 Ml对应的密码算法为红色 +2位, 那么密码文 本框 Ml中应当为蓝色, 可以通过鼠标直接点击红色之后 2位的蓝色标签; 若密码 文本框有四个, 则以此类推。  [0029] Referring to FIG. 2, 18 labels are displayed in the password input interface, and 18 labels are arranged in a 2*9 rectangular array, that is, divided into upper and lower rows, 9 in each row; each label randomly displays a color, The password algorithm is the N-bit color after the preset color; for example: the password algorithm corresponding to the password text box M1 is red + 2 digits, then the password text box M1 should be blue, and the blue color can be directly clicked by the mouse. Label; if there are four password text boxes, and so on.
[0030] 也可以把例案 5和例案 1-4结合起来, 在随机颜色的标签上, 同吋出现随机数字 [0030] It is also possible to combine case 5 with case 1-4, and random numbers appear on the labels of random colors.
, 根据所选颜色上的数字进行各种运算。 , performs various operations based on the numbers on the selected color.

Claims

权利要求书 Claim
一种明文密码的加密方法, 其特征在于所述方法是在密码输入界面中 有序排列出九个以上的标签, 每个标签随机显示一个待选字符, 每个 标签均有一个唯一与其对应的位置码; 密码数据库储存的正确密码为 用户结合位置码设定的密码算法; 当用户在密码输入界面的密码文本 框中输入的待验密码等于将密码算法中的位置码替换成当前位置码对 应显示的待选字符计算获得的计算结果吋, 密码验证通过。 A method for encrypting a plaintext password, characterized in that the method is that nine or more tags are arranged in an orderly manner in a password input interface, and each tag randomly displays a candidate character, and each tag has a unique corresponding one. The correct password stored in the password database is the password algorithm set by the user in combination with the location code; when the password entered by the user in the password text box of the password input interface is equal to the replacement of the location code in the password algorithm with the current location code The calculated result of the displayed candidate character is calculated, and the password verification is passed.
根据权利要求 1所述的一种明文密码的加密方法, 其特征在于: 当用 户在密码输入界面的密码文本框中输入的待验密码不等于将密码算法 中的位置码替换成当前位置码对应显示的待选字符计算获得的计算结 果吋, 密码验证失败, 同吋对所有标签上显示的待选字符进行重新生 成。 The method for encrypting a plaintext password according to claim 1, wherein: when the password entered by the user in the password text box of the password input interface is not equal to replacing the location code in the password algorithm with the current location code The calculated result of the displayed candidate character is calculated, the password verification fails, and the candidate characters displayed on all the labels are regenerated.
根据权利要求 1所述的一种明文密码的加密方法, 其特征在于: 每个 标签随机显示的待选字符为随机显示任意一个数字、 字母或符号; 或 者采用随机显示的图形或颜色取替待选字符; 或者采用颜色与待选字 符相组合。 The method for encrypting a plaintext password according to claim 1, wherein: the candidate character randomly displayed by each label is randomly displayed with any number, letter or symbol; or the randomly displayed graphic or color is used for replacement. Select a character; or combine colors with the characters to be selected.
根据权利要求 1所述的一种明文密码的加密方法, 其特征在于: 所述 各标签排列成两排以上, 每排三个以上。 The plaintext password encryption method according to claim 1, wherein each of the labels is arranged in two or more rows, each row being three or more.
根据权利要求 1所述的一种明文密码的加密方法, 其特征在于: 所述 的密码文本框数量为 2~6个, 每个密码文本框允许输入一位字符。 根据权利要求 5所述的一种明文密码的加密方法, 其特征在于: 所述 的密码文本框包含有一个以上的真实密码框, 其余为误导密码框; 每 一个真实密码文本框设置一个与之对应的密码算法, 真实密码文本框 中输入的待验密码需要进行验证; 误导密码框输入的待验密码无需进 行验证。 The method for encrypting plaintext passwords according to claim 1, wherein the number of the cipher text boxes is 2-6, and each cipher text box allows one character to be input. The method for encrypting a plaintext password according to claim 5, wherein: the password text box includes more than one real password box, and the rest is a misleading password box; each real password text box is set with a Corresponding cryptographic algorithm, the password to be tested entered in the real password text box needs to be verified; the password to be tested entered in the misleading password box does not need to be verified.
根据权利要求 1所述的一种明文密码的加密方法, 其特征在于: 所述 的密码算法包括有固定值、 位置码对应显示的待选字符、 位置码对应 显示的待选字符算术运算。 [权利要求 8] 根据权利要求 1所述的一种明文密码的加密方法, 其特征在于: 所述 的密码文本框数量为 4个, 每个密码文本框允许输入一位字符, 前面 两个密码文本框采用一组密码算法, 后面两个密码文本框采用一组密 码算法。 The method for encrypting a plaintext password according to claim 1, wherein: the cryptographic algorithm comprises a fixed value, a candidate character corresponding to the position code, and an arithmetic operation of the candidate character corresponding to the position code. [Claim 8] A method for encrypting a plaintext password according to claim 1, wherein: the number of the password text boxes is four, and each password text box allows one character to be input, the first two passwords. The text box uses a set of cryptographic algorithms, and the latter two cipher text boxes use a set of cryptographic algorithms.
PCT/CN2016/106026 2015-11-21 2016-11-16 Encryption method for clear-text passwords WO2017084572A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201510874445.7 2015-11-21
CN201510874445 2015-11-21
CN201511004484.8A CN105406965A (en) 2015-11-21 2015-12-29 Clear-text password encryption method
CN201511004484.8 2015-12-29

Publications (1)

Publication Number Publication Date
WO2017084572A1 true WO2017084572A1 (en) 2017-05-26

Family

ID=55472230

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/106026 WO2017084572A1 (en) 2015-11-21 2016-11-16 Encryption method for clear-text passwords

Country Status (2)

Country Link
CN (1) CN105406965A (en)
WO (1) WO2017084572A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111917728A (en) * 2020-07-08 2020-11-10 五八有限公司 Password verification method and device

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105406965A (en) * 2015-11-21 2016-03-16 徐江锋 Clear-text password encryption method
CN107423615A (en) * 2016-05-24 2017-12-01 华为终端(东莞)有限公司 A kind of method for generating cipher code and user terminal
CN106341229A (en) * 2016-11-03 2017-01-18 北京挖玖电子商务有限公司 Client and method therefor
CN107171797A (en) * 2017-07-18 2017-09-15 郑州云海信息技术有限公司 A kind of data ciphering method and device
CN108345784A (en) * 2018-02-28 2018-07-31 于君 There are the cipher-code input method and equipment of icon and random character segment mark
CN108629177A (en) * 2018-04-24 2018-10-09 上海与德通讯技术有限公司 A kind of unlocking method of intelligent terminal, intelligent terminal and readable storage medium storing program for executing
CN109544149A (en) * 2018-09-28 2019-03-29 珠海横琴现联盛科技发展有限公司 Payment information method for anti-counterfeit based on optical character identification
CN116882997A (en) * 2023-08-08 2023-10-13 重庆嗨客网络科技有限公司 Network security payment method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1564511A (en) * 2004-03-26 2005-01-12 西安海星现代科技股份有限公司 Tokenless dynamic password authenticastion method
CN1848726A (en) * 2005-04-15 2006-10-18 王岳 Dynamic identifying method
CN101217371A (en) * 2008-01-09 2008-07-09 腾讯科技(深圳)有限公司 A method to realize user account verification
CN101702191A (en) * 2009-10-31 2010-05-05 浙江德施曼机电有限公司 Device and method for verifying passwords
CN102469068A (en) * 2010-11-05 2012-05-23 王昭东 Intelligent code management system
CN105406965A (en) * 2015-11-21 2016-03-16 徐江锋 Clear-text password encryption method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101359987A (en) * 2007-08-02 2009-02-04 郝远新 Algorithm cipher
CN103793659B (en) * 2012-10-31 2017-12-22 联想企业解决方案(新加坡)有限公司 Method and system for setting password and method and system for verifying password
CN103259644A (en) * 2013-05-06 2013-08-21 王鹤儒 Cipher machine allowing ciphers to be input by means of coordinates
CN104408363B (en) * 2014-12-25 2018-08-28 绵阳艾佳科技有限公司 Security code system
CN104537300B (en) * 2014-12-25 2019-05-17 绵阳艾佳科技有限公司 Security password setting and verification mode

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1564511A (en) * 2004-03-26 2005-01-12 西安海星现代科技股份有限公司 Tokenless dynamic password authenticastion method
CN1848726A (en) * 2005-04-15 2006-10-18 王岳 Dynamic identifying method
CN101217371A (en) * 2008-01-09 2008-07-09 腾讯科技(深圳)有限公司 A method to realize user account verification
CN101702191A (en) * 2009-10-31 2010-05-05 浙江德施曼机电有限公司 Device and method for verifying passwords
CN102469068A (en) * 2010-11-05 2012-05-23 王昭东 Intelligent code management system
CN105406965A (en) * 2015-11-21 2016-03-16 徐江锋 Clear-text password encryption method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111917728A (en) * 2020-07-08 2020-11-10 五八有限公司 Password verification method and device

Also Published As

Publication number Publication date
CN105406965A (en) 2016-03-16

Similar Documents

Publication Publication Date Title
WO2017084572A1 (en) Encryption method for clear-text passwords
KR100812411B1 (en) Methods and systems for graphical image authentication
US8117458B2 (en) Methods and systems for graphical image authentication
US20140177825A1 (en) Asymmetric Tokenization
US20160127134A1 (en) User authentication system and method
ES2603157T3 (en) Procedure and system for the secure introduction of identification data for the authentication of a transaction made through a self-service terminal
WO2020108118A1 (en) Methods and devices for providing and authenticating two-dimensional code
US9768959B2 (en) Computer security system and method to protect against keystroke logging
CN1523809A (en) Password variable identification verification technique
CN107180342A (en) A kind of guard method of block chain private key, apparatus and system
CN102880305A (en) Keyboard input encryption method and mobile terminal thereof
CN106656471B (en) A kind of guard method and system of user sensitive information
CN106549756A (en) A kind of method and device of encryption
Razvi et al. Implementation of graphical passwords in internet banking for enhanced security
CN107733936A (en) A kind of encryption method of mobile data
JP2016015107A5 (en)
CN111092721B (en) Method and device for setting access password
KR101749304B1 (en) Method and server for improving security of password authentication
JP2013250944A (en) Input information authentification device, server device, and program for input information authentication system and device
CN107889102A (en) The method and apparatus of information encryption and decryption in a kind of short message
Ku et al. Two-factor authentication system based on extended OTP mechanism
Rani et al. A Novel Session Password Security Technique using Textual Color and Images
Mane et al. A Novel Approaches for Visual Authentication Protocols
KR20160079310A (en) Method and server for authenticating password based on pattern information
Rasal et al. Review on the Graphical User Authentication System

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16865749

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16865749

Country of ref document: EP

Kind code of ref document: A1