CN201332401Y - Compulsory two-way dynamic password authentication system and user password generator - Google Patents
Compulsory two-way dynamic password authentication system and user password generator Download PDFInfo
- Publication number
- CN201332401Y CN201332401Y CNU2008201470610U CN200820147061U CN201332401Y CN 201332401 Y CN201332401 Y CN 201332401Y CN U2008201470610 U CNU2008201470610 U CN U2008201470610U CN 200820147061 U CN200820147061 U CN 200820147061U CN 201332401 Y CN201332401 Y CN 201332401Y
- Authority
- CN
- China
- Prior art keywords
- module
- dynamic
- password
- extra
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model discloses a compulsory two-way dynamic password authentication system and a user password generator. The authentication system comprises at least one authentication system server and at least one user password generator; the authentication system server comprises a system interface (21), a dynamic extra code generation module (22), an authentication module (24), a password generation module (23), a system clock (26) and a system database (25); the user password generator comprises a display module (11), an input module (12), a dynamic extra code verification module (13), a dynamic password generation module (17), a password module (14), a clock (15) and an identity cord register (16). The authentication system and the password generator provided by the utility model lead a system to be safer and easier to use, can effectively prevent the dynamic password of a user from being stolen by spy software, such as Phishing and the like, lead a single user password generator to correspond to a plurality of servers for application simply, conveniently and effectively, and avoid the trouble that a user needs to carry a plurality of password generators when the user needs to use a plurality of authentication system servers.
Description
Technical field
The utility model relates to a kind of dynamic cipher authentication system and user password generator, relates in particular to a kind of enforced bidirectional dynamic password Verification System and user password generator.
Background technology
Along with the development of ecommerce, IT application in enterprises, increasing business activity is being undertaken by comprising in the electronic systems such as network, phone, self-aided terminal, and the safety of customer account becomes an important problem.And the identity validation mode that single dependence static password is concluded the business exists serious to be stolen, to guess and safety problem such as crack.E-token, promptly the dynamic password generator can address the above problem preferably, and at aspects such as ecommerce increasing application be arranged.Dynamic password generator, inside solidification have unique user profile, can calculate and produce the password of dynamic change by cryptographic algorithm.This password is delivered to corresponding Verification System discern, check, promptly can identify this password and whether meet the corresponding client identity by corresponding algorithm.Most on the market at present dynamic password generator products adopts time-based dynamic password technology.Because dynamic password changes generation in time, therefore each password that produces is all inequality, and each password that produces also can only be in the regular hour scope effectively, and limit disposable use, so potential safety hazard such as spy upon for password conjecture, password preventive effect preferably arranged.
Generation and authentication password use secret key, algorithm and the parameter of different cryptographic algorithm can produce different passwords now.But there is certain defective in present dynamic password generator product on certification mode.Most scrambler products adopt the unilateral authentication pattern, promptly produce current password by dynamic cipher device according to synchronization mechanism, and the user directly returns server to cipher feedback then.This unidirectional mode lacks the effective distinguishing ability to the service end true or false, is difficult to prevent to forge the phishing attack that service end such as website is stolen user's current password." phishing " attacked the Web website utilize fraudulent Email and forgery and waited and carry out fraud; swindler's believable brands such as well-known bank, online retailer and credit card company that oneself can be disguised oneself as usually; what the lamb tended to think login is formal website; and carry out the login of account password; thereby stolen the financial data of oneself by these websites, as contents such as credit number, account user name, passwords.
Though dynamic password has certain ageing, each password can only use once.The password variation of present dynamic cipher device is generally one minute once, and the term of validity of each password is in a minute rank, and the fishing website that can be pretended snatches password fully, steals user profile with the system of the password login protection that steals then.
Also have a kind of certification mode commonly used, promptly obtain the random challenge sign indicating number, carry out asynchronous generation pin mode and increase checking server from server.This pattern is not carried out the legitimacy verification to extra-code, still has security risk yet.
Dynamic password generator product on the market all exists certain deficiency and defective at aspects such as using design, structural design and shared by multiple systems at present.Such as, when scrambler adopts the random challenge pattern to authenticate, to the structure Design of scrambler own, can require to have that enough buttons are finished simply, input operation easily and fast, require scrambler enough sizes to be arranged holding button, and this point often belong to the small and exquisite attribute of portable secured product requirement outward appearance with scrambler and conflict mutually.Algorithm in the dynamic password generator and parameter, definitely can not be known by other application systems and use based on safety requirements, using in the performance is exactly the certificate server that each application system all will have oneself, and the scrambler parameter in using only allows to be stored securely in the dynamic cipher authentication system of oneself.
Under this application safety requires, if a plurality of application systems that the user uses all require the device that accesses to your password, the user will apply for, have and carry the scrambler of a plurality of correspondences so.If but require the user to carry a plurality of scramblers, and not only carry inconvenience, also may be mistaken the corresponding relation of scrambler and application system, bring inconvenience in the use and confusion.
The utility model content
The technical problems to be solved in the utility model is, design a kind of enforced bidirectional dynamic password Verification System and the user password generator of in this Verification System, using, the utility model spyware such as software that can effectively prevent to go fishing are stolen user's dynamic password, and can allow simple and effective the using at a plurality of servers of single user password generator.
In order to solve the problems of the technologies described above, the utility model designs a kind of Verification System of enforced bidirectional dynamic password, comprising: at least one Verification System server and at least one user password generator;
Described Verification System server comprises: system interface, dynamically extra-code generation module, authentication module, password generation module, be used to described password generation module that the system clock of time data is provided, store the system database of all users' user profile and cryptographic algorithm;
Described password generation module is connected with described system clock is two-way with described dynamic extra-code generation module, authentication module, system database respectively, and described system interface is connected with authentication module is two-way with described dynamic extra-code generation module respectively;
Described user password generator comprises: be used to show output display module, be used to import the input module of data, dynamically extra-code authentication module, dynamic password generation module, crypto module, be used to described crypto module provide time data clock, be used to store the identity code register of particular server identity information and cryptographic algorithm;
Described input module connects dynamic extra-code authentication module and display module respectively; Described crypto module is respectively with described identity code register, clock, dynamically the extra-code authentication module is connected with the dynamic password generation module is two-way; Described display module connects the signal output part of described clock, dynamic extra-code authentication module and dynamic password generation module respectively; The signal output part of described dynamic extra-code authentication module connects the signal input part of described dynamic password generation module.
Adopt technique scheme, any contact do not take place with system interface in the described password generation module of Verification System server, is responsible for producing password, and it then is the function of described authentication module that data are compared.The crypto module of user password generator is responsible for producing password, and the extra-code authentication module is compared to data.
Described dynamic extra-code authentication module is to the input of described input module, verify comparison, if this dynamic extra-code can find corresponding server identity information, the described crypto module of then described dynamic password generation module order calls the data of described identity code register and clock, produce dynamic subscriber's password, and by described display module output.When this dynamic extra-code can not find corresponding server identity information, then described dynamic extra-code authentication module is to described display module output error message.
The Verification System of this enforced bidirectional dynamic password can allow user password generator will confirm the Verification System server by force before using, and has prevented that effectively spyware such as fishing software from stealing dynamic subscriber's password.
As embodiment more specifically of the present utility model, the Verification System of described enforced bidirectional dynamic password comprises two or more Verification System server;
Described identity code register is stored together secret key, algorithm and the parameter of the cryptographic algorithm of the server identity information of the described Verification System server Verification System server corresponding with this server identity information in groups;
Isolated mutually between secret key, algorithm and the parameter of the cryptographic algorithm of different server identity information and the Verification System server corresponding and stored with it;
After confirming the pairing Verification System server of the dynamic extra-code of described server, described crypto module adopts secret key, algorithm and the parameter with the pairing cryptographic algorithm of this Verification System server, produces user's dynamic password in conjunction with described user profile and time data.
Pass through technique scheme, when the user imports the dynamic extra-code of server after user password generator, user password generator can be judged the pairing Verification System server of the dynamic extra-code of this server automatically, single like this user password generator can produce the corresponding dynamic user cipher according to the different Verification System server of being confirmed, supports a plurality of different Verification System servers to realize the unique user cipher code generator.
User password generator the quantity of the corresponding Verification System server of supporting, determined by the memory space of this user password generator.For new Verification System server is supported in convenient expansion, in user password generator, the encrypted isolated storage of server identity information of different Verification System servers.When newly-increased Verification System server, only need be written to data such as the parameter of the server identity information that comprises this Verification System server, secret key, cryptographic algorithm and program in the user password generator and get final product.
Simultaneously, stored user information also all is unique for each Verification System server in the identity code register of user password generator.When authentication dynamic password generator was dismantled, all identity code registers of auto-destruct were provided with etc. with protection key, algorithm, parameter and are not revealed.
Described input module comprises: the numerical key that is used to switch the switch key of input pattern and realization input data shift and is used to switch current input digit.Like this, only, just can realize the input of data by the pattern of two keys.
To the utlity model has autgmentability in order making, to support initiate Verification System server, described user password generator also further comprises: be used for the data-interface of exchanges data, described data-interface is connected with described identity code register.
Simultaneously the utility model also provides a kind of user password generator, comprising: be used to show output display module, be used to import the input module of data, dynamically extra-code authentication module, dynamic password generation module, crypto module, be used to described crypto module provide time data clock, be used to store the identity code register of particular server identity information and cryptographic algorithm;
The dynamic extra-code of server via described input module input, enter described dynamic extra-code authentication module, by the server dynamic extra-code of described dynamic extra-code authentication module in conjunction with described crypto module generation, the identity information of pairing server is asked in back this checking of affirmation of comparing, and the server identity information after confirming is exported to described dynamic password generation module or shown output via described display module; Described dynamic password generation module is used to receive the server identity information of described dynamic extra-code authentication module output, and orders described crypto module to generate dynamic subscriber's password, and this dynamic subscriber's password is shown output via described display module; Described crypto module is a calculation processing unit, is used in conjunction with the cryptographic algorithm information of described identity code register and the temporal information of described clock, generates the dynamic extra-code of server and dynamic subscriber's password.
Compared with prior art, advantage of the present utility model is: the enforced bidirectional dynamic password Verification System, make system's safety and be easy to use more, the spyware such as software that can effectively prevent to go fishing are stolen user's dynamic password, can allow the simple and effective corresponding a plurality of servers of single user password generator use, will carry and select the trouble of a plurality of cipher code generators when avoiding the user will use a plurality of Verification System server.
Description of drawings
Fig. 1 is the Verification System server architecture schematic diagram of the Verification System of the utility model enforced bidirectional dynamic password;
Fig. 2 is the user password generator structural representation of the Verification System of the utility model enforced bidirectional dynamic password;
Fig. 3 is the workflow schematic diagram of the Verification System of the utility model enforced bidirectional dynamic password.
Embodiment
Below in conjunction with accompanying drawing the utility model is described further.
As shown in Figure 1, described Verification System server comprises: system interface 21, dynamically extra-code generation module 22, authentication module 24, password generation module 23, be used to described password generation module 23 that the system database 25 of the system clock 26 of time data, the user profile that stores all users and cryptographic algorithm is provided; Described password generation module 23 respectively with described dynamic extra-code generation module 22, authentication module 24, system database 25 and described 26 two-way connections of system clock, described system interface 21 respectively with described dynamic extra-code generation module 22 and 24 two-way connections of authentication module.Its course of work is summarized as follows:
Dynamic extra-code generation module 22, be used to accept the authentication request of system interface 21 and order password generation module 23 to calculate the Verification System server, and send the dynamic extra-code of this server by system interface 21 for the dynamic extra-code of the server of user password generator.
Dynamic subscriber's password authentification request of authentication module 24 reading system interfaces 21, order password generation module 23 generates dynamic subscriber's password according to the cipher code generator identity information and the cryptographic algorithm of requests verification, with the dynamic subscriber's password that reads in system interface 21, the checking of comparing, and will verify 21 outputs of result retrieval system interface.
Password generation module 23 is a calculation processing unit, can the coupling system clock temporal information and the cryptographic algorithm in the described system database 25 of 26 inputs generate the dynamic extra-code of server and dynamic subscriber's password.
The server identity information that in system database 25, is write down, all users' user profile, and generate pattern parameter and adopt algorithm to carry out computing to produce needed data.
As shown in Figure 2, described user password generator comprises: be used to show output display module 11, be used to import the input module 12 of data, dynamically extra-code authentication module 13, dynamic password generation module 17, crypto module 14, be used to described crypto module 14 provide time data clock 15, be used to store the identity code register 16 of particular server identity information and cryptographic algorithm.Described input module 12 connects dynamic extra-code authentication module 13 and display module 11 respectively; Described crypto module 14 respectively with described identity code register 16, clock 15, dynamically extra-code authentication module 13 and 17 two-way connections of dynamic password generation module; Described display module 11 connects the signal output part of described clock 15, dynamic extra-code authentication module 13 and dynamic password generation module 17 respectively; The signal output part of described dynamic extra-code authentication module 13 connects the signal input part of described dynamic password generation module 17.
Its course of work is as follows: the dynamic extra-code of described server is input to described dynamic extra-code authentication module 13 from described input module 12, described dynamic extra-code authentication module 13 is according to server identity information in the dynamic extra-code of server, order described crypto module 14 to call described clock 15 and the dynamic extra-code of identity code register 16 cryptographic algorithm information generation server, 13 pairs of two extra-codes of described dynamic extra-code authentication module are compared and are come the authentication server identity.
After described dynamic extra-code authentication module 13 is determined server identity, call described crypto module 14 by dynamic password generation module 17 and generate dynamic subscriber's password, and this dynamic subscriber's password is delivered to described display module 11 show output in conjunction with the information of described clock 15 and identity code register 16.
Between the Verification System server and user password generator that mate mutually, can adopt identical cryptographic algorithm to produce the dynamic extra-code of server and dynamic subscriber's password.But, can adopt different algorithm characteristics between each user password generator.
Requirement at the shared unique user cipher code generator of a plurality of Verification System servers, the crypto module 14 that the utility model proposes user password generator can be supported the design of a plurality of Verification System servers simultaneously, when using, need the dynamic extra-code of server of forcible authentication to confirm the Verification System server that will use by input module 12 inputs.
The identity code register 16 of user password generator comprises and is divided into a plurality of separate, registers group that safety is isolated, every group of secret key, algorithm and parameter that all includes with the corresponding cryptographic algorithm of this server identity information.A kind of concrete execution mode is all to comprise two kinds of data in each register: one for server identity information, one be with the corresponding Verification System server of this server identity information in the user profile of this user password generator.The user profile of the identical user password generator in the described different authentication system server can be identical, also can be different.
No matter the Verification System of bidirectional dynamic password comprises still a plurality of Verification System servers, all relate to the safety problem of the enciphered message of user password generator production, distribution, use, also can relate to trust and the licensing issue produced between exploitation producer, the user of each system, the user side.
To the safe isolating problem of the enciphered message in the user password generator, particularly under the use scene of many Verification Systems server, must guarantee can not shared enciphered message completely between the different authentication system server between the user of each system.Therefore, need keep apart enciphered messages different between the different authentication system server, and need be through effective mandate in many ways when enabling.
During the production user password generator, be implanted into cryptographic algorithm information at different Verification System servers in user password generator.During the dispatch user cipher code generator, manufacturer is distributed to the user of Verification System to the peculiar unique cover enciphered message of each Verification System server, and enciphered message that system user obtains only is directed to its Verification System server and user password generator of having.
As shown in Figure 3, the user password generator end produces an authentication request that enters the Verification System server, the Verification System server generates the dynamic extra-code of server according to corresponding cryptographic algorithm then according to the sign of the authentication request judgement user password generator of input.Include the server identity information of described Verification System server in the dynamic extra-code of described server, and certain timeliness is arranged.
The dynamic extra-code front two of server can be set at the code name of different Verification System servers, can identify according to dynamic extra-code and authenticate out different Verification System servers.Import the dynamic extra-code of this server to described user password generator, described user password generator authenticates the dynamic extra-code of this server, reads server identity information and calculates comparison, to confirm the identity of described Verification System server.
When described user password generator has been confirmed described Verification System server, and to generate dynamic subscriber's password with the corresponding cryptographic algorithm of this Verification System server.Include user profile in described dynamic subscriber's password, and certain timeliness is arranged.If described user password generator can't be confirmed the dynamic extra-code of this server, then point out user's corresponding error information.
Input this dynamic subscriber's password to described Verification System server, described Verification System server is handled this dynamic subscriber's password, reads corresponding user profile, and compares.If confirmed the user profile of this dynamic subscriber's password, then carry out identity validation, allow the user to carry out the operation of corresponding authority.If do not confirm the user profile of this dynamic subscriber's password, then point out user's corresponding error information.
Claims (5)
1, a kind of user password generator, carry out the verification authenticating identity with at least one Verification System server, it is characterized in that comprising: be used to show the display module (11) of output, the input module (12) that is used to import data, dynamic extra-code authentication module (13), dynamic password generation module (17), crypto module (14), be used to described crypto module (14) that the clock (15) of time data is provided and be used to store the identity code register (16) of particular server identity information and cryptographic algorithm;
Described input module (12) connects dynamic extra-code authentication module (13) and display module (11) respectively; Described crypto module (14) respectively with described identity code register (16), clock (15), dynamically extra-code authentication module (13) and two-way connection of dynamic password generation module (17); Described display module (11) connects the signal output part of described clock (15), dynamic extra-code authentication module (13) and dynamic password generation module (17) respectively; The signal output part of described dynamic extra-code authentication module (13) connects the signal input part of described dynamic password generation module (17).
2, a kind of Verification System of enforced bidirectional dynamic password comprises: at least one Verification System server and at least one user password generator; It is characterized in that:
Described Verification System server comprises: system interface (21), dynamically extra-code generation module (22), authentication module (24), password generation module (23), be used to described password generation module (23) provide time data system clock (26), store the system database (25) of all users' user profile and cryptographic algorithm;
Described password generation module (23) respectively with described dynamic extra-code generation module (22), authentication module (24), system database (25) and two-way connection of described system clock (26), described system interface (21) respectively with described dynamic extra-code generation module (22) and two-way connection of authentication module (24);
Described user password generator comprises: be used to show output display module (11), be used to import the input module (12) of data, dynamically extra-code authentication module (13), dynamic password generation module (17), crypto module (14), be used to described crypto module (14) provide time data clock (15), be used to store the identity code register (16) of particular server identity information and cryptographic algorithm;
Described input module (12) connects dynamic extra-code authentication module (13) and display module (11) respectively; Described crypto module (14) respectively with described identity code register (16), clock (15), dynamically extra-code authentication module (13) and two-way connection of dynamic password generation module (17); Described display module (11) connects the signal output part of described clock (15), dynamic extra-code authentication module (13) and dynamic password generation module (17) respectively; The signal output part of described dynamic extra-code authentication module (13) connects the signal input part of described dynamic password generation module (17).
3, the Verification System of enforced bidirectional dynamic password according to claim 2 is characterized in that, comprises two or more Verification System server; The signal input part of the system interface of described Verification System server (21) connects user authentication request input and the input of dynamic subscriber's password respectively, and its signal output part connects output of dynamic state server password and authentication result output respectively.
4, according to the Verification System of claim 2 or 3 described enforced bidirectional dynamic passwords, it is characterized in that, described input module (12) comprising: the numerical key that is used to switch the switch key of input pattern and realization input data shift and is used to switch current input digit.
5, the Verification System of enforced bidirectional dynamic password according to claim 2 is characterized in that, described user password generator also further comprises: be used for the data-interface of exchanges data, described data-interface is connected with described identity code register (16).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNU2008201470610U CN201332401Y (en) | 2008-08-27 | 2008-08-27 | Compulsory two-way dynamic password authentication system and user password generator |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNU2008201470610U CN201332401Y (en) | 2008-08-27 | 2008-08-27 | Compulsory two-way dynamic password authentication system and user password generator |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201332401Y true CN201332401Y (en) | 2009-10-21 |
Family
ID=41225787
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNU2008201470610U Expired - Fee Related CN201332401Y (en) | 2008-08-27 | 2008-08-27 | Compulsory two-way dynamic password authentication system and user password generator |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201332401Y (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468607A (en) * | 2014-12-24 | 2015-03-25 | 四川金网通电子科技有限公司 | Multi-server authentication method |
| CN104885403A (en) * | 2012-08-23 | 2015-09-02 | 阿历詹德·V·纳蒂维达 | Method for producing dynamic data structures for authentication and/or password identification |
-
2008
- 2008-08-27 CN CNU2008201470610U patent/CN201332401Y/en not_active Expired - Fee Related
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104885403A (en) * | 2012-08-23 | 2015-09-02 | 阿历詹德·V·纳蒂维达 | Method for producing dynamic data structures for authentication and/or password identification |
| CN104885403B (en) * | 2012-08-23 | 2018-10-16 | 阿历詹德·V·纳蒂维达 | Dynamic data structure is generated for certification and/or the method for cipher |
| CN104468607A (en) * | 2014-12-24 | 2015-03-25 | 四川金网通电子科技有限公司 | Multi-server authentication method |
| CN104468607B (en) * | 2014-12-24 | 2017-09-22 | 四川金网通电子科技有限公司 | multi-server authentication method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101577697B (en) | Authentication method and authentication system for enforced bidirectional dynamic password | |
| EP2999189B1 (en) | Network authentication method for secure electronic transactions | |
| CN101106455B (en) | Identity authentication method and intelligent secret key device | |
| CN101051908B (en) | Dynamic cipher certifying system and method | |
| CN101166085B (en) | Remote unlocking method and system | |
| AU2013311425B2 (en) | Method and system for verifying an access request | |
| CN101651675B (en) | By the method and system that authentication code is verified client | |
| CN102148685B (en) | Method and system for dynamically authenticating password by multi-password seed self-defined by user | |
| CN101291228B (en) | Generating, authenticating method for super code, system and device thereof | |
| KR100548638B1 (en) | Creating and authenticating one time password using smartcard and the smartcard therefor | |
| UA113415C2 (en) | METHOD, SERVER AND PERSONAL AUTHENTICATION SYSTEM | |
| CN104541475A (en) | Abstracted and randomized one-time passwords for transactional authentication | |
| CN101500011A (en) | Method and system for implementing dynamic password security protection | |
| JP7412725B2 (en) | Authentication method and authentication device | |
| CN102694781A (en) | Internet-based system and method for security information interaction | |
| WO2013105877A2 (en) | Electronic signature security algorithms | |
| CN113709115B (en) | Authentication method and device | |
| KR20070084801A (en) | Creating and authenticating one time password using smartcard and the smartcard therefor | |
| CN101789864A (en) | On-line bank background identity identification method, device and system | |
| WO2013125982A1 (en) | Dual factor digital certificate security algorithms | |
| TWI668586B (en) | Data communication method and system, client and server | |
| CN100589382C (en) | System and method of dynamic password identification | |
| CN102111271A (en) | Network security authentication method and device as well as authentication method of hand-held electronic device | |
| CN201717873U (en) | Identity authentication device and system | |
| CN104301288A (en) | Method and system for online identity authentication, online transaction certification, and online certification protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091021 Termination date: 20140827 |
|
| EXPY | Termination of patent right or utility model |