CN1226688C - Automatic random disposable code rasing network business safety vertification method - Google Patents
Automatic random disposable code rasing network business safety vertification method Download PDFInfo
- Publication number
- CN1226688C CN1226688C CN 02132554 CN02132554A CN1226688C CN 1226688 C CN1226688 C CN 1226688C CN 02132554 CN02132554 CN 02132554 CN 02132554 A CN02132554 A CN 02132554A CN 1226688 C CN1226688 C CN 1226688C
- Authority
- CN
- China
- Prior art keywords
- safety device
- user
- code
- password
- user side
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to an enciphering technique for a computer network, particularly to an authentication method for enhancing the network transaction safety by using an automatic random one-off cipher. An authentication system of the automatic random one-off cipher is added on the basis of the original ID cipher login authentication to reinforce the safety protection of network commercial transactions; the purpose of enciphering and the decoding prevention of network commercial transactions are realized through a cipher safety device inserted in the USB interface of a computer of a user end, a driver corresponding to the cipher safety device, an authentication program module of a server end, an Applet program module downloaded to the user end and an application program of the user end. The cipher of the authentication system of the present invention has no relation with the original ID logon cipher, and the cipher is changed when the authentication system is accessed each time; the authentication system has the characteristic that illegal persons can be still prevented from logining in the system even though the ID logon cipher is leaked. Because nearly all personal computers have USB interfaces, the enciphering technique for a computer network has wide application field and use value.
Description
Technical field the present invention relates to a kind of encryption technology in the enterprising affair transaction of doing business of computer network.Especially a kind of authentication method that improves safety of network trade by the automatic random disposable password.
Background technology makes the safety of electrical business that is applied in fields such as finance seem even more important along with the development and the progress that are the e-commerce technology of media with internet (Internet).Present diverse network encryption measures such as the technological means such as SSL, PKI, double density sign indicating number or many passwords that adopt, in use the user need keep password firmly in mind; People are provided with some numerals with association, letter usually for ease of remembering, thereby its password is more easily guessed by other people and translated.The security of existing network trading is reduced greatly, influence further the popularizing and using of electronic commerce network technology in each application.
Summary of the invention the purpose of this invention is to provide a kind of existing USB interface of subscriber computer of utilizing, and the automatic random disposable password of issuing automatically and preserving improves the authentication method of safety of network trade.
For achieving the above object, the present invention adopts following technical scheme: the realization of this method by the server-side certificate device, download to the code safety device correspondence of user side Java Applet program, be plugged on the code safety device on the user end computer USB interface, the driver of this code safety device correspondence and the encrypting and decrypting device in the user side memory device and finish; After the user logined successfully with user name ID-password, the system that utilizes this method to develop automatically performed following authenticating step:
The user ID that server end requires according to the common ID-password login mode of user sends the Java Applet program of the intrinsic manufacturing ID of permanent USB, user ID, purposes ID and the code safety device correspondence logined in advance at server end of correspondence to user side; Wherein permanent intrinsic manufacturing ID has uniqueness and is used for distinguishing and the login user identity, and user ID is general personal code work, and purposes ID is used to distinguish the online transaction of different purposes.
Be sent to the Java Applet program of code safety device correspondence of user side and the encrypting and decrypting device in the user side memory device and communicate, obtain the original code in the code safety device that is plugged on the subscriber computer USB interface by driver;
The Java Applet program that downloads to the code safety device correspondence of user side sends to this original code the authenticate device of server end;
Above-mentioned authenticate device authenticates the original code that obtains, if the password legal, that distribution is new; Otherwise, the failure of notice user side certification work;
Authenticate device sends to new password the Java Applet program of the code safety device correspondence of user side; The Java Applet program of the code safety device correspondence of user side and the encrypting and decrypting device in the user side memory device communicate, and the new password of above-mentioned distribution is stored in the code safety device that is plugged on the subscriber computer USB interface;
The Java Applet program announcement server end authenticate device of the code safety device correspondence of user side: the new password preservation that is plugged in the code safety device on the subscriber computer USB interface finishes;
The Java Applet program of server-side certificate device notice user side code safety device correspondence; Receive above information;
The Java Applet program of user side code safety device correspondence and the encrypting and decrypting device in the user side memory device communicate, and finish the replacing of new password in the encryption apparatus that is plugged on the subscriber computer USB interface;
The Java Applet program announcement server end authenticate device of the code safety device correspondence of user side: the new password change that is plugged in the code safety device on the subscriber computer USB interface is finished;
The new password of authenticate device record of server end;
Carry out concrete online transaction activity;
Wherein, the described code safety device that is plugged on the user end computer USB interface comprises USB driving arrangement, 8-32M storer and microprocessor hardware such as (MCU).
Adopting technique scheme, is exactly after common ID password login authentication, has increased the Verification System of this cover automatic random disposable password again.This Verification System adopts 128-1024 or longer password, and randomly changing all takes place each password and this password is kept in the code safety device that movably is plugged on the subscriber computer USB interface.The user in use needs to remove to use this code safety device as the key, just can enter the user on the network and conclude the business.Without it, can't enter the user on the network at all.Therefore, even common login password is stolen, this cover automated validation system of the present invention can prevent that still illegal person from entering system.The distribution of all passwords of the present invention, preservation and communication are all carried out automatically.Be the present invention after common ID password login authentication, added that again one deck is difficult to the cipher authentication system that cracks more.
As a further improvement on the present invention, described server-side certificate device is made of the general application program that embeds in the server end Web system.
The described Java Applet program that downloads to the code safety device correspondence of user side is the Applet program of being write as with the JAVA language that is embedded in the HTML.
The described driver that is plugged on the code safety device correspondence on the user end computer USB interface is write the program of moving in the operating systems such as being suitable for Windows2000, WindowsXP, WindowsME, Linux simultaneously for using C language and assembly language.
Encrypting and decrypting device in the described memory device is made of the system program that is kept in the user end computer.
Further improve as of the present invention, the described code safety device that is plugged on the user end computer USB interface also comprises the driving arrangement of a display and this display.
Authentication method of the present invention is compared with the safety prevention measure of existing network trade transaction has following advantage: after carrying out common ID password login authentication mode, the Verification System that has increased the automatic random disposable password again is to strengthen the security protection of network trade transaction; Because of the behind of Verification System of the present invention in common password login authentication, the password of its password and common ID password login authentication does not have any relation and visits its password at every turn and all changing, and can worry even the password of common ID password login authentication mode is revealed yet; Because nearly all subscriber computer all has USB interface, therefore has application fields; For example online share certificate transaction, Web bank, online auction, web-based teaching, shopping online comprise various online commercial activities such as utilizing credit card or other Payment Methods clearing; Introducing the present invention utilizes the technology of computer serial bus access that the computer system of user side is had no effect, and is less to the network trade transaction systematic influence of server end; Not only server end authenticates user side, conversely, user side is obtained the permanent intrinsic manufacturing ID of the code safety device that is plugged on the USB interface by the encrypting and decrypting device in the memory device, user ID, the corresponding data that purposes ID and server send compares, server end is authenticated, so have reliable security performance; The code safety device volume that is plugged on the USB interface is less, is easy to carry.
Description of drawings Fig. 1 improves the authentication method technical scheme structural representation of safety of network trade for automatic random disposable password of the present invention.
Be plugged on the electrical block diagram of the code safety device on the subscriber computer USB interface in the authentication method of Fig. 2 for automatic random disposable password raising safety of network trade of the present invention.
Fig. 3 is the outline program process flow diagram of the encrypting and decrypting device in the user side memory device of the present invention.
Fig. 4 is the outline program process flow diagram of server-side certificate device of the present invention.
Fig. 5 is the outline program process flow diagram of the Java Applet program of user side code safety device correspondence among the present invention.
Embodiment as shown in Figure 1, comprise: the webserver, subscriber computer, by server-side certificate device 4, download to user side code safety device correspondence Java Applet program 5, be plugged on the code safety device 1 on the user end computer USB interface, the driver 2 of this code safety device correspondence and the encrypting and decrypting device in the user side memory device and finish; The ID password login authentication mode that user advanced person works normal before each transaction is promptly imported username and password; After above-mentioned common authentication is passed through, to increase following authenticating step automatically: the user ID that server end requires according to user name ID-password login mode sends the Java Applet program of the intrinsic manufacturing ID of permanent USB, user ID, purposes ID and the code safety device correspondence logined in advance this user of server end of correspondence to user side; Wherein permanent intrinsic manufacturing ID has uniqueness and is used for distinguishing and the login user identity, and user ID is general personal code work, and purposes ID is used to distinguish the online transaction of different purposes.
The Java Applet program 5 that is sent to the code safety device correspondence of user side communicates with encrypting and decrypting device 3 in the user side memory device, and the original code of obtaining in the code safety device 1 that is plugged on the USB interface by driver 2 is the random disposable password of last transaction;
The Java Applet program 5 that downloads to the code safety device correspondence of user side sends to this original code the authenticate device 4 of server end;
4 pairs of original codes that obtain of this authenticate device authenticate, if the password legal, that distribution is new; As not, then notify the failure of user side certification work;
Authenticate device 4 sends to new password the Java Applet program 5 of the code safety device correspondence of user side; The Java Applet program 5 of the code safety device correspondence of user side communicates with encrypting and decrypting device 3 in the user side memory device, and the new password of above-mentioned distribution is stored in the code safety device 1 that is plugged on the subscriber computer USB interface;
The authenticate device 4 of the Java Applet program 5 announcement server ends of the code safety device correspondence of user side: the new password preservation that is plugged in the code safety device 1 on the subscriber computer USB interface finishes;
After the Java Applet program 5 of the code safety device correspondence of the authenticate device 4 notice user sides of server end is received above information, the Java Applet program 5 of the code safety device correspondence of user side communicates with encrypting and decrypting device 3 in the user side memory device, finishes more changing jobs of new password in the code safety device 1 that is plugged on the subscriber computer USB interface;
The authenticate device 4 of the Java Applet program 5 announcement server ends of the code safety device correspondence of user side: the new password change that is plugged in the code safety device 1 on the subscriber computer USB interface is finished;
The new password of authenticate device 4 records of server end;
Carry out concrete online transaction activity;
Wherein, the described code safety device 1 that is plugged on the subscriber computer USB interface comprises USB driving arrangement, 8-32M storer and microprocessor (MCU) and small-sized liquid crystal display LCD, the liquid crystal display driving arrangement hardware such as (as shown in Figure 2) that links to each other with liquid crystal display.The code safety device 1 that is plugged on the subscriber computer USB interface is a kind of computer peripheral based on computer universal serial bus interface (USB interface).Be mainly used in and preserve the random disposable password and communicate with subscriber computer.This equipment has a permanent intrinsic manufacturing ID, has uniqueness to be used for differentiation and login user identity.
The length of the disposal password in the storer is 128-1024 or longer.User ID is used to distinguish different purposes, makes an equipment be used for a plurality of purposes.For example user ID 1 is used for the online transaction account of certain securities broker company; User ID 2 is used for the online account of certain bank; User ID 3 is used for certain web-based teaching account, and user ID 4 is used for (the showing as table 1) such as encryptions of certain software.Each bar record in the storer has current and last two passwords, the processing when being mainly used in communication and system's generation obstacle.
| Purposes 1ID | User ID 1 | Purposes 1 disposal password (last time) | Purposes 1 disposal password (current) | Purposes 1 is recorded and narrated abbreviation |
| Purposes 2ID | User ID 2 | Purposes 2 disposal passwords (last time) | Purposes 2 disposal passwords (current) | Purposes 2 is recorded and narrated abbreviation |
| | | | | |
| Purposes nID | User ID n | Purposes n disposal password (last time) | Purposes n disposal password (current) | Purposes n records and narrates abbreviation |
Table 1 storage mode and content
The driver that is plugged on the code safety device correspondence on the user end computer USB interface is for using C language and assembly language written program, so that the softward interview of computing machine is plugged on the code safety device on the USB interface.The effect of this driver is the requirement according to the encrypting and decrypting device in the client memory device, and the code safety device that is plugged on the computing machine USB interface is carried out read-write operation.
Show that as Fig. 3 the encrypting and decrypting device in the client memory device is made of a kind of system level program in the user end computer, works, and stops when system closing when system start-up.Under Windows operating system, it is a server program, and under UNIX or linux system, it is an invoked program in system start-up Shell.Its effect is that the Java Applet program corresponding with code safety device in the webpage communicates, and visit is plugged on the driver of code safety device correspondence on the USB interface to realize that this code safety device is carried out read-write operation as requested.Thereby make the JavaApplet program of code safety device correspondence in the webpage carry out read-write operation to this code safety device indirectly, to reach the purpose that obtains and preserve the random disposable password.
Show that as Fig. 4 the authenticate device of server end is made of the intrasystem general application program of the Web that is embedded in server end; Its effect is to communicate to receive the password and the necessary communication information from user side with user side; The calling party log form is to authenticate the random disposable password; For the new random disposable password of legal users distribution; After obtaining being plugged on the USB interface new password in the code safety device and upgrading successful information, upgrade the corresponding password in user's log form.
Show that as Fig. 5 the Java Applet program that downloads to the code safety device correspondence of user side is the Applet program with JAVA language compilation one-tenth that is embedded in the HTML.This Applet program is the JAVA program in the executable HTML of being embedded on browser.Encrypting and decrypting device in the Java Applet program of the code safety device correspondence of user side and server-side certificate device, the user side memory device communicates, and takes on communication agent effect between the two.Because the Java Applet program of code safety device correspondence of the present invention will communicate with the encrypting and decrypting device in the client memory device, so need to use the security and encryption technology of JAVA.
The described program of driver that is plugged on code safety device 1 correspondence on the user end computer USB interface for using C language and assembly language to write and be suitable in Windows2000, WindowsXP, WindowsME, (SuSE) Linux OS, moving.
Encrypting and decrypting device 3 in the described memory device is made of the system program that is kept in the user end computer.
In actual use code safety device is inserted the USB interface of subscriber computer, operating system detects a new external hardware USB device, and operating system is searched the driver that has been mounted; If do not find the encrypting and decrypting device in will prompting user installation driver and user side memory device, the encrypting and decrypting device in install driver and the user side memory device and with its startup; Utilize corresponding service (as online share certificate transaction), pull up the code safety device on the USB interface, utilize and finish.The Web system importing certificate device of server end; The webpage relevant with authentication embeds the corresponding Java Applet program of code safety device; Set up user's log form, distribute and the initialization user ID; Initialization is also issued user's USB code safety device.
The present invention compares with the safety prevention measure of existing network trade transaction and has following advantage: in the behind of common ID password login authentication mode, the Verification System that has increased the automatic random disposable password is again strengthened the security protection of network trade transaction; The user still uses common ID pin mode login, can not increase trouble to the user of foregrounding.Because of Verification System of the present invention is in common ID login authentication behind, the authentication password that the password of its password and common ID password login authentication mode does not have any relation and each visit is all changing, and also needn't worry even the password of common ID password login authentication mode is revealed.The code safety device that is plugged on the USB interface is portable equipment and common door key sizableness, so easy to carry; Because of nearly all computing machine all has USB interface, so have application fields; Introducing the present invention simultaneously has no effect to the computer system of user side; Influence to the network trade transaction system of server end is also very little.Authentication method of the present invention not only server end authenticates client, conversely, user side also can be obtained the permanent intrinsic manufacturing ID of the code safety device that is plugged on the USB interface by system application, user ID, the corresponding data that purposes ID and server send compares, and server end is authenticated; So have reliable security performance.
Claims (6)
1, a kind of automatic random disposable password improves the authentication method of safety of network trade, it is characterized in that: the realization of this method by server-side certificate device (4), download to the code safety device correspondence of user side JavaApplet program (5), be plugged on the code safety device (1) on the user end computer USB interface, the driver (2) of this code safety device correspondence and the encrypting and decrypting device (3) in the user side memory device and finish; After the user logined successfully with user name ID-password, the system that utilizes this method to develop automatically performed following authenticating step:
The user ID that server end requires according to user name ID-password login mode sends the Java Applet program of the intrinsic manufacturing ID of permanent USB, user name ID, purposes ID and the code safety device correspondence logined in advance at server end of correspondence to user side;
The encrypting and decrypting device (3) that is sent in Java Applet program (5) and the user side memory device of code safety device correspondence of user side communicates, and obtains the original code in the code safety device (1) that is plugged on the USB interface by driver (2);
The Java Applet program (5) that downloads to the code safety device correspondence of user side sends to this original code the authenticate device (4) of server end;
Above-mentioned authenticate device (4) authenticates the original code that obtains, if the password legal, that distribution is new; Otherwise, the failure of notice user side certification work;
Authenticate device (4) sends to new password the Java Applet program (5) of the code safety device correspondence of user side; Encrypting and decrypting device (3) in the Java Applet program (5) of the code safety device correspondence of user side and the user side memory device communicates, and the new password of above-mentioned distribution is stored in the code safety device (1) that is plugged on the subscriber computer USB interface;
The authenticate device (4) of Java Applet program (5) the announcement server end of the code safety device correspondence of user side: the new password preservation that is plugged in the code safety device (1) on the subscriber computer USB interface finishes;
The Java Applet program (5) of the code safety device correspondence of the authenticate device of server end (4) notice user side is received above information;
The authenticate device (4) of Java Applet program (5) the announcement server end of the code safety device correspondence of user side, the new password change that is plugged in the code safety device (1) on the subscriber computer USB interface is finished;
The password that the authenticate device of server end (4) record is new;
Carry out concrete online transaction activity;
Wherein, the described code safety device (1) that is plugged on the subscriber computer USB interface comprises USB driving arrangement, 8-32M storer and microprocessor hardware.
2, automatic random disposable password according to claim 1 improves the authentication method of safety of network trade, it is characterized in that: described server-side certificate device (4) is made of the application program that embeds in the server end Web system.
3, automatic random disposable password according to claim 1 improves the authentication method of safety of network trade, it is characterized in that: the Java Applet program (5) of the described code safety device correspondence that downloads to user side is for being embedded in the Applet program of being write as with the JAVA language in the HTML.
4, automatic random disposable password according to claim 1 improves the authentication method of safety of network trade, it is characterized in that: the described corresponding program of driver for using C language and assembly language to write and be suitable for moving in Windows2000, WindowsXP, WindowsME, (SuSE) Linux OS of code safety device (1) that is plugged on the user end computer USB interface.
5, automatic random disposable password according to claim 1 improves the authentication method of safety of network trade, and it is characterized in that: the encrypting and decrypting device (3) in the described memory device is made of the system program that is kept in the user end computer.
6, automatic random disposable password according to claim 1 improves the authentication method of safety of network trade, and it is characterized in that: the described code safety device (1) that is plugged on the user end computer USB interface also comprises the driving arrangement of a display and this display.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02132554 CN1226688C (en) | 2002-07-04 | 2002-07-04 | Automatic random disposable code rasing network business safety vertification method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02132554 CN1226688C (en) | 2002-07-04 | 2002-07-04 | Automatic random disposable code rasing network business safety vertification method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1466061A CN1466061A (en) | 2004-01-07 |
| CN1226688C true CN1226688C (en) | 2005-11-09 |
Family
ID=34145217
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 02132554 Expired - Fee Related CN1226688C (en) | 2002-07-04 | 2002-07-04 | Automatic random disposable code rasing network business safety vertification method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1226688C (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007523431A (en) * | 2004-02-23 | 2007-08-16 | ベリサイン・インコーポレイテッド | Token authentication system and method |
| KR20050119408A (en) * | 2004-06-16 | 2005-12-21 | 엘지전자 주식회사 | Method for processing an security of the uploading/downloading data of the mobile communication terminal |
| US7555784B2 (en) * | 2005-03-04 | 2009-06-30 | Microsoft Corporation | Method and system for safely disclosing identity over the internet |
| CN100464336C (en) * | 2005-06-14 | 2009-02-25 | 华为技术有限公司 | Method for controlling system account right |
| EP1920380B1 (en) * | 2005-07-08 | 2011-02-16 | Sandisk Corporation | Mass storage device with automated credentials loading |
| TWI356611B (en) * | 2006-07-06 | 2012-01-11 | O2Micro Int Ltd | Secured method and apparatus thereof for accessin |
| DE102008029636A1 (en) * | 2008-06-23 | 2009-12-24 | Giesecke & Devrient Gmbh | Enable a service on an electronic device |
| CN101478397B (en) * | 2008-12-24 | 2012-01-18 | 北京握奇数据***有限公司 | Method and system for authentication of public telephone card and public telephone machine |
| CN104636920A (en) * | 2015-02-06 | 2015-05-20 | 西安酷派软件科技有限公司 | Data interaction method, equipment and system |
| CN106685938B (en) * | 2016-12-16 | 2019-07-05 | 杭州迪普科技股份有限公司 | A kind of method and apparatus generating protection configuration for login page |
-
2002
- 2002-07-04 CN CN 02132554 patent/CN1226688C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1466061A (en) | 2004-01-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8661520B2 (en) | Systems and methods for identification and authentication of a user | |
| US7548890B2 (en) | Systems and methods for identification and authentication of a user | |
| US7527192B1 (en) | Network based method of providing access to information | |
| US20010045451A1 (en) | Method and system for token-based authentication | |
| US8640203B2 (en) | Methods and systems for the authentication of a user | |
| US7752445B2 (en) | System and method for authentication of a hardware token | |
| EP2095221A2 (en) | Systems and methods for identification and authentication of a user | |
| US9847874B2 (en) | Intermediary organization account asset protection via an encoded physical mechanism | |
| CN1972189A (en) | Biometrics authentication system | |
| CN1703002A (en) | Portable one-time dynamic password generator and security authentication system using the same | |
| US20090220075A1 (en) | Multifactor authentication system and methodology | |
| CN1226688C (en) | Automatic random disposable code rasing network business safety vertification method | |
| US20010034721A1 (en) | System and method for providing services to a remote user through a network | |
| US20010048359A1 (en) | Restriction method for utilization of computer file with use of biometrical information, method of logging in computer system and recording medium | |
| CN1956375A (en) | Dynamic password identity authentication method and system based on network | |
| CN107332668A (en) | A kind of method and apparatus for handling encrypted message | |
| CN2865145Y (en) | Portable disposable dynamic code generator and safety identification system using this | |
| EP1542135B1 (en) | A method which is able to centralize the administration of the user registered information across networks | |
| US20180167202A1 (en) | Account asset protection via an encoded physical mechanism | |
| CN2798192Y (en) | Trade system on network with USB encrypting device | |
| CN116383799A (en) | Business processing method and device based on applet and electronic equipment | |
| EP2051469A1 (en) | Delegation of authentication | |
| EP3379856A1 (en) | Method of user authentication into third-party applications, using a mobile device | |
| TWM618726U (en) | System for verifying identity on different devices based on certificates and verification data | |
| CN112100653B (en) | Front-end sensitive information processing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |