CN101216867A - A logging-on process cipher protection method by means of background synchronization - Google Patents
A logging-on process cipher protection method by means of background synchronization Download PDFInfo
- Publication number
- CN101216867A CN101216867A CNA2007100512048A CN200710051204A CN101216867A CN 101216867 A CN101216867 A CN 101216867A CN A2007100512048 A CNA2007100512048 A CN A2007100512048A CN 200710051204 A CN200710051204 A CN 200710051204A CN 101216867 A CN101216867 A CN 101216867A
- Authority
- CN
- China
- Prior art keywords
- login
- account number
- password
- finish
- cipher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to the computer field, in particular to a password protection method which utilizes a background synchronization method to complete the login process. The method comprises the following steps: an account password is encrypted and saved in a local file via a computer software; the software automatically captures and locks application procedures, client software or web pages, which need to login, at the background of an operation system, then decrypts and sends the account password under a protection state, confirms, submits and simultaneously completes the login process; then the account password information in a memory is cleaned up, thereby protecting each detail in the processes of transporting and submitting the password on a local computer. The invention effectively prevents the harmful procedure from stealing the account password of a user; the user does not need to enter the account password at each time, and the filling and login process is completed automatically by the software; in addition, the invention has the advantages of safety, rapidity and good protection effects on instant messaging, network games, e-business, internet banking, forum blogs, client software and various login applications.
Description
Technical field
The invention provides a kind of cipher code protection method that utilizes the background synchronization mode to finish login process, belong to field of computer technology.
Background technology
Along with popularizing of internet, applications; actual life is virtual to be present principal character and trend; the protection of information security, individual privacy, virtual assets seems and is even more important; the most common guard method is exactly a password; but password also brings a lot of troubles, if password is stolen when ensureing for our necessary security; our important information, individual privacy may be revealed, and virtual assets, trade secret, funds on deposit may be stolen.
The stolen situation of network cipher is serious day by day at present, be subjected to the attack of harmful programs such as wooden horse, virus, hacker according to the most reasons of statistics, a lot of hackers of appearance and trojan horse program can be walked around antivirus software on the network, also have some wooden horses even can initiatively close antivirus software, most wooden horse wright blazers adopt modes such as keyboard record, Snipping Tool, internal memory scanning, interception, fishing, steal other people account number cipher, illegally obtain other people's money, virtual assets and individual privacy, cause economic loss and very big moral injury for stolen user.
There has been the user of computer network more than 100,000,000 in China now; application such as instant messaging, E-mail address, online game, ecommerce, Web bank, forum's password, individual blog all need the account number cipher login; therefore develop cryptoguard software; prevent steal-number, have great economic worth and social effect.
Trojan horse is stolen the principle of account number cipher:
1, keyboard record: a lot of Trojan for stealing numbers viruses come down to utilize keyboard " hook " program to monitor and the keystroke of recording user moves, and the password of noting by the mail sending module handle of self sends to hacker's appointment mailbox then.
Tackle the keystroke record, it is exactly that soft keyboard also is dummy keyboard by the soft keyboard input that a kind of commonplace method is arranged at present, the user is when the input password, open soft keyboard earlier, select corresponding letter input with mouse then, so just can avoid the wooden horse record keystroke.
2, Snipping Tool: the soft keyboard input makes uses the wooden horse of keystroke recording technique to lose effect; but new trojan horse can save as plurality of pictures with user's login interface continuously by Snipping Tool; be sent to the mail recipient of appointment then by the calling module that carries; the hacker is by the click location to mouse in the photograph and picture; just probably decode out user's login account and password, thereby break through soft keyboard cryptoguard technology.
3, internal memory scanning interception: after the trojan horse operation, it detects by the process of Hook technology to all programs in the system, relevant calling of API monitored, trojan horse is by searching specific handle, window or key word, can tackle the keyboard among the Windows, mouse, duplicate, incident such as stickup, perhaps directly read process unencrypted account number cipher, perhaps to the event interception that calls of other api functions, this wooden horse has very strong disguise, does not have very effective preventive means at present.
4, fishing: phishing is attacked, the malicious websites renowned company's homepage that disguises oneself as, utilize the address spoofing leak of domain name similarity and IE browser, inveigle the netizen to input number of the account and password, and by malicious script program plantation trojan horse, lure that more users visit this website and cause infection into, the network cheat utilizes these false websites, steal registrant's number of the account, password, bring massive losses for relevant departments and industry, make people produce bigger query, seriously hindered the development of e-commerce industry for the security of online transaction behavior.
Prevent the solution of steal-number at present:
1, antivirus software: for the harmful programs of having known such as trojan horse, antivirus software adopts technology such as virus signature filtration, comprise special wooden horse killing software, similar on design concept, technical thought, for new rogue program, antivirus software exploring new technology and method, is not obtained substantive breakthroughs at present yet yet;
2, fire wall: adopt port to detect technology such as control, some fire wall has the overanxious technology of condition code, such as responsive character for settings such as account number ciphers, forbid sending and transmitting, in case but the encrypted transmission of account number cipher, perhaps utilize normal port such as 80 grades to send, fire wall is also powerless;
3, PIN code card in kind: PIN code card in kind is a soft keyboard input technology modified, and PIN code card issuing expense in kind and cost height only are applied in the part website of bank at present;
4, phone, note authentication, this mode cost is higher, does not generally adopt;
Technological means is for preventing that steal-number from also not having complete solution at present.
Summary of the invention
The objective of the invention is at the prior art deficiency, and a kind of cipher code protection method that utilizes the background synchronization mode to finish login process is provided, prevent that harmful program from stealing account number cipher in process of user login.
In order to achieve the above object, the present invention takes following scheme:
The cipher code protection method that utilizes the background synchronization mode to finish login process of the present invention; it is characterized in that safety of account number cipher being sent in application program, client software or the webpage of needs login on the operating system backstage; and determine to submit to; finish login process synchronously; the protection transmission of password on local computer and the safety of submission, further comprising the steps of:
1) account number cipher of encrypting storing user input;
2) determine account number cipher input frame field attribute, submit button characteristic information or positional value in application program, client software or the web interface;
3) account number cipher that will preserve and the application program, client software or the Webpage correlation that need login;
4) in internal memory, captured application program, client software or webpage that the user of operation on computers need login, its title and other eigenwerts are revised in locking;
5) in internal memory, the account number cipher deciphering with association transmits corresponding input frame, and determines to submit to, finishes all login process synchronously;
6) information such as password in the removing internal memory discharge the window that reduction locks.
Wherein, described step 1) is that the user will import account number cipher and is saved in the file, and having adopted cipher mode is in order to protect the data security of user account number password in this locality, to prepare for safety transmits.
Wherein, described step 2), be to determine login interface input frame and submit button characteristic information, be convenient to account number cipher accurately be sent into and finished friendship by process, determine delivering position for finishing login process synchronously.
Wherein, described step 1) and step 2) uninevitable context, step 3) is to determine login window and account number cipher corresponding relation, guarantees that transmission information is accurate.
Wherein, described step 4) is the catch lock login window, revises its title or other eigenwerts and be the wooden horse in order to prevent that some from tackling by application program, client window or web interface principal character.
Wherein, described step 5), be to finish login process,, be sent to the input frame of login window correspondence the account number cipher deciphering, and determine to submit to, send into account number, send into password, submit login to, these three steps are to finish on the operating system backstage by other softwares, and especially sending into password and submitting login to is the synchronizing thread that has higher order precedence's power, by continuous execution, rice is finished the final step of login;
Need not the keyboard input, need not click; also need not the soft keyboard input; make the wooden horse of keyboard record, Snipping Tool lack scope for their abilities; account number cipher just reads in the internal memory from file when needs are imported; and still deposit in the mode of ciphertext, just be decrypted when really submitting data to, this process is protected relevant internal memory; allow other process can't read real data, prevent internal memory sweep type wooden horse.
Wherein, described step 6) is to carry out the internal memory cleaning after submission is finished, in case internal memory scanning wooden horse recovers the login window eigenwert then, can not use login window exert an influence.
The present invention can prevent keyboard " hook ", Snipping Tool, internal memory scanning, interception, " phishing " camouflage swindle; avoid each link leak of manual input; each details in the protection transport process; therefore; effectively prevent important information leakages such as account number cipher, various logins are used and are played a very good protection to instant messaging, online game, ecommerce, Web bank, forum's blog etc.
Description of drawings
Fig. 1 is a principle of work process flow diagram one of the present invention;
Fig. 2 is a principle of work flowchart 2 of the present invention;
Fig. 3 is the present invention's " account number cipher management " user interface synoptic diagram;
Fig. 4 is the present invention's " login protection automatically " user interface synoptic diagram;
Fig. 5 is the present invention's " self-defined login protection " user interface synoptic diagram.
Embodiment
With reference to description of drawings, the cipher code protection method that utilizes the method for synchronization to finish login process of the present invention is provided preferred example.
Example 1:
The cryptoguard of application program, client software and webpage; be applicable to online game, instant communication client, other local applications, various webpages etc.; needing to gather in advance to determine account number, password and submission frame information, is principle of work process flow diagram one of the present invention as Fig. 1, its flow process:
1, add account number cipher, encrypting storing is in this software, as Fig. 3 the present invention " account number cipher management " user interface synoptic diagram;
2, gather characteristic informations such as account number, password input frame and submit button positional value in application program, client software or the webpage of determining to need to login, adding saving as a login protection item record automatically, is the present invention's " login protection automatically " user interface synoptic diagram as Fig. 4;
3, application program, client software or the Webpage correlation of selecting corresponding account number cipher and needing in the login protection item record automatically to login be the present invention's " login is protected automatically " user interface synoptic diagram as Fig. 4;
4, operation needs application program, client software or the webpage of login, clicks Fig. 4 " login " button, and this software captures the login window of the application program, client software or the webpage that need login, and its title and other eigenwerts are revised in locking;
5, determine that the account number cipher that collects submits frame information to, user's account number cipher deciphering is sent to corresponding input frame, and determines to submit to, finish whole login process on the backstage;
6, remove the information such as account number cipher in the internal memory, discharge the window of reduction locking.
Example 2:
The cryptoguard of webpage login; be applicable to Website pages such as E-mail address, ecommerce, Web bank, forum's password, individual blog; can determine account number cipher submission frame information by feature field in the webpage, be principle of work flowchart 2 of the present invention as Fig. 2, its flow process:
1, add account number cipher, encrypting storing is in this software, as Fig. 3 the present invention " account number cipher management " user interface synoptic diagram;
2, adding webpage title and the URL address that needs login, save as a self-defined login protection item record, is the present invention's " self-defined login protection " user interface synoptic diagram as Fig. 5;
3, selecting webpage title and URL address correlation in corresponding account number cipher and " self-defined login protection " item record to get up, is the present invention's " self-defined login protection " user interface synoptic diagram as Fig. 5;
4, open the webpage that needs login, click Fig. 4 " login " button, this software can capture webpage title and the URL address that needs login, and its title and other eigenwerts are revised in locking;
5, determine account number cipher submission frame information by the feature field such as password in the judgement webpage, user's account number cipher deciphering is sent to the account number cipher input frame of correspondence, and determines submission, finish whole login process on the backstage;
6, the information such as account number cipher in the removing internal memory discharge the window that reduction locks.
The invention provides a kind of cipher code protection method that utilizes the background synchronization mode to finish login process, prevent that harmful program from stealing account number cipher in process of user login, and can login various client softwares and webpage automatically.All within above-mentioned spirit of the present invention and principle, any modification of being done, replace and improvement etc. on an equal basis, all should be included within the claim scope of the present invention.
Claims (5)
1. utilize the background synchronization mode to finish the cipher code protection method of login process; it is characterized in that safety of account number cipher being sent in application program, client software or the webpage of needs login on the operating system backstage; and determine to submit to; finish login process synchronously; the protection transmission of password on local computer and the safety of submission, further comprising the steps of:
1) account number cipher of encrypting storing user input;
2) determine account number cipher input frame field attribute, submit button characteristic information or positional value in application program, client software or the web interface;
3) account number cipher that will preserve and corresponding application program, client software or Webpage correlation;
4) in internal memory, captured application program, client software or webpage that the user of operation on computers need login, its title and other eigenwerts are revised in locking;
5) in internal memory, the account number cipher deciphering with association is sent to corresponding input frame, and determines to submit to, finishes all login process synchronously;
6) information such as password in the removing internal memory discharge the window that reduction locks.
2. the cipher code protection method that utilizes the background synchronization mode to finish login process as claimed in claim 1; 3), step 1), step it is characterized in that: step::: 5); no matter be to adopt keyboard and mouse to duplicate additive methods such as stickup; the user account number password is not the window that directly is filled up to required login by the user; but fill in other software the insides earlier, account number cipher is sent into the application client software or the webpage of required login by other softwares.
3. the cipher code protection method that utilizes the background synchronization mode to finish login process as claimed in claim 1; it is characterized in that: step: 2); determine field attribute, characteristic information or positional value in logging program or the window interface; perhaps other means and methodses obtain account number, password and submission corresponding informance; perhaps other interface functions or order; all be information such as account number, password and submission to be sent into assigned address, finish login process by other softwares.
4. the cipher code protection method that utilizes the background synchronization mode to finish login process as claimed in claim 1; it is characterized in that: step: 5); send into password and submit login to; these two steps are to finish on the operating system backstage by other softwares; can show on the foreground and also can not show; sending into password and submitting login to is continuous execution; from programming, can use different language; adopt diverse ways; it can be the simulating keyboard mouse; can be interface function or order, finish the final step of login continuously.
5. the cipher code protection method that utilizes the background synchronization mode to finish login process as claimed in claim 1; 4), step it is characterized in that: step:: 6); the account number cipher that guarantee is sent into reduces the possibility that is read by other programs interceptions before submission and the safety after submitting to.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100512048A CN101216867A (en) | 2007-01-05 | 2007-01-05 | A logging-on process cipher protection method by means of background synchronization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100512048A CN101216867A (en) | 2007-01-05 | 2007-01-05 | A logging-on process cipher protection method by means of background synchronization |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101216867A true CN101216867A (en) | 2008-07-09 |
Family
ID=39623299
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007100512048A Pending CN101216867A (en) | 2007-01-05 | 2007-01-05 | A logging-on process cipher protection method by means of background synchronization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101216867A (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102129533A (en) * | 2011-04-14 | 2011-07-20 | 北京思创银联科技股份有限公司 | Method for improving security of personal financial self-service equipment |
| CN102347836A (en) * | 2010-04-30 | 2012-02-08 | 龚华清 | Electronic document protected view system and method |
| CN102867362A (en) * | 2012-08-16 | 2013-01-09 | 广东世纪网通信设备有限公司 | Method, device and system for locking bank card by telephone |
| CN102891841A (en) * | 2012-08-17 | 2013-01-23 | 广东世纪网通信设备有限公司 | Method, device and system for locking Internet bank account |
| CN103067339A (en) * | 2011-10-20 | 2013-04-24 | 深圳市快播科技有限公司 | Multi-account secure login method and system of client-side web games |
| CN103634301A (en) * | 2013-11-14 | 2014-03-12 | 新浪网技术(中国)有限公司 | Client side and method for accessing private data stored in server by user |
| CN104092550A (en) * | 2014-07-23 | 2014-10-08 | 三星电子(中国)研发中心 | Password protection method, system and device |
| CN104091119A (en) * | 2014-06-03 | 2014-10-08 | 深圳天珑无线科技有限公司 | Mobile terminal as well as protection method and protection system of data in mobile terminal |
| WO2015058701A1 (en) * | 2013-10-23 | 2015-04-30 | 北京奇虎科技有限公司 | Method and device for inter-application communication based on suspending operation panel |
| CN104636662A (en) * | 2013-11-15 | 2015-05-20 | 华为技术有限公司 | Data processing method and terminal device |
| CN104657687A (en) * | 2013-11-21 | 2015-05-27 | 深圳富泰宏精密工业有限公司 | System and method for memorizing and quickly inputting password |
| CN105656878A (en) * | 2015-11-27 | 2016-06-08 | 努比亚技术有限公司 | Verification method and device based on mobile terminal |
| CN105721144A (en) * | 2016-02-02 | 2016-06-29 | 广东欧珀移动通信有限公司 | Password storage method of wireless network access point and terminal |
| CN105897903A (en) * | 2016-05-09 | 2016-08-24 | 深圳市永兴元科技有限公司 | Web page login method and device |
| CN107066876A (en) * | 2017-01-18 | 2017-08-18 | 捷开通讯(深圳)有限公司 | The Password Management device and management method of a kind of automatic setting password |
| CN108540431A (en) * | 2017-03-03 | 2018-09-14 | 阿里巴巴集团控股有限公司 | The recognition methods of account type, device and system |
| CN109033874A (en) * | 2018-07-19 | 2018-12-18 | 数海信息技术有限公司 | A kind of polygonal color login method and system of several Android programs of Hisense's breath based on SQlite database |
| CN113987392A (en) * | 2021-09-29 | 2022-01-28 | 深圳融安网络科技有限公司 | Webpage page control method and device and computer readable storage medium |
-
2007
- 2007-01-05 CN CNA2007100512048A patent/CN101216867A/en active Pending
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102347836A (en) * | 2010-04-30 | 2012-02-08 | 龚华清 | Electronic document protected view system and method |
| CN102129533A (en) * | 2011-04-14 | 2011-07-20 | 北京思创银联科技股份有限公司 | Method for improving security of personal financial self-service equipment |
| CN103067339A (en) * | 2011-10-20 | 2013-04-24 | 深圳市快播科技有限公司 | Multi-account secure login method and system of client-side web games |
| CN102867362A (en) * | 2012-08-16 | 2013-01-09 | 广东世纪网通信设备有限公司 | Method, device and system for locking bank card by telephone |
| CN102891841A (en) * | 2012-08-17 | 2013-01-23 | 广东世纪网通信设备有限公司 | Method, device and system for locking Internet bank account |
| CN102891841B (en) * | 2012-08-17 | 2016-03-30 | 广东世纪网通信设备有限公司 | The method of a kind of Web bank Account lockout, device and system |
| WO2015058701A1 (en) * | 2013-10-23 | 2015-04-30 | 北京奇虎科技有限公司 | Method and device for inter-application communication based on suspending operation panel |
| CN103634301B (en) * | 2013-11-14 | 2017-01-04 | 新浪网技术(中国)有限公司 | The method of the private data of user's storage in client and access server thereof |
| CN103634301A (en) * | 2013-11-14 | 2014-03-12 | 新浪网技术(中国)有限公司 | Client side and method for accessing private data stored in server by user |
| CN104636662A (en) * | 2013-11-15 | 2015-05-20 | 华为技术有限公司 | Data processing method and terminal device |
| CN104636662B (en) * | 2013-11-15 | 2018-07-03 | 华为技术有限公司 | A kind of data processing method and terminal device |
| CN104657687A (en) * | 2013-11-21 | 2015-05-27 | 深圳富泰宏精密工业有限公司 | System and method for memorizing and quickly inputting password |
| CN104091119A (en) * | 2014-06-03 | 2014-10-08 | 深圳天珑无线科技有限公司 | Mobile terminal as well as protection method and protection system of data in mobile terminal |
| CN104092550B (en) * | 2014-07-23 | 2017-10-17 | 三星电子(中国)研发中心 | Cipher code protection method, system and device |
| CN104092550A (en) * | 2014-07-23 | 2014-10-08 | 三星电子(中国)研发中心 | Password protection method, system and device |
| CN105656878A (en) * | 2015-11-27 | 2016-06-08 | 努比亚技术有限公司 | Verification method and device based on mobile terminal |
| CN105721144A (en) * | 2016-02-02 | 2016-06-29 | 广东欧珀移动通信有限公司 | Password storage method of wireless network access point and terminal |
| CN105897903A (en) * | 2016-05-09 | 2016-08-24 | 深圳市永兴元科技有限公司 | Web page login method and device |
| CN107066876A (en) * | 2017-01-18 | 2017-08-18 | 捷开通讯(深圳)有限公司 | The Password Management device and management method of a kind of automatic setting password |
| CN108540431A (en) * | 2017-03-03 | 2018-09-14 | 阿里巴巴集团控股有限公司 | The recognition methods of account type, device and system |
| CN109033874A (en) * | 2018-07-19 | 2018-12-18 | 数海信息技术有限公司 | A kind of polygonal color login method and system of several Android programs of Hisense's breath based on SQlite database |
| CN109033874B (en) * | 2018-07-19 | 2021-12-10 | 数海信息技术有限公司 | Multi-role login method and system for Android program of digital sea information based on SQlite database |
| CN113987392A (en) * | 2021-09-29 | 2022-01-28 | 深圳融安网络科技有限公司 | Webpage page control method and device and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101216867A (en) | A logging-on process cipher protection method by means of background synchronization | |
| US9832225B2 (en) | Identity theft countermeasures | |
| US8549594B2 (en) | Method of identity authentication and fraudulent phone call verification that utilizes an identification code of a communication device and a dynamic password | |
| US7971246B1 (en) | Identity theft countermeasures | |
| US20100257354A1 (en) | Software based multi-channel polymorphic data obfuscation | |
| US20070074273A1 (en) | Method and device for increasing security during data transfer | |
| WO2012021722A1 (en) | Disposable browser for commercial banking | |
| CN101340281A (en) | Method and system for safe login input on network | |
| WO2008146292A2 (en) | System and method for security of sensitive information through a network connection | |
| Yoo et al. | Case study of the vulnerability of OTP implemented in internet banking systems of South Korea | |
| CN102195940A (en) | Virtual-machine-technology-based data security input and submission method and system | |
| US20160142398A1 (en) | Method of network identity authentication by using an identification code of a communication device and a network operating password | |
| US20050238174A1 (en) | Method and system for secure communications over a public network | |
| Singh et al. | Detection and prevention of phishing attack using dynamic watermarking | |
| Kumar et al. | Detection of phishing attack using visual cryptography in ad hoc network | |
| Afaq et al. | A critical analysis of cyber threats and their global impact | |
| Toapanta et al. | Analysis of security mechanisms to mitigate hacker attacks to improve e-commerce management in Ecuador | |
| Bidgoli | Integrating Real Life Cases Into A Security System: Seven Checklists For Managers. | |
| CN102027728A (en) | Method and system for defeating the man in the middle computer hacking technique | |
| WO2012155818A1 (en) | Method and device for protecting user information based on credible resource | |
| Abdulla et al. | Consumer use of E-banking in Iraq: Security breaches and offered solution | |
| TWI609287B (en) | Using communication device identification code and network operation password as methods for network authentication | |
| Chen et al. | Analysis of internet black market in new types of cyber-related crime–taking personal information transaction as an example | |
| Odokuma et al. | Internet Threats and Mitigation Methods in Electronic Businesses Post Covid-19 | |
| Disha et al. | Phishing & Anti-Phishing: A Review |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20080709 |