[go: up one dir, main page]

WO2013117019A1 - Method and device for system login based on dynamic password generated autonomously by user - Google Patents

Method and device for system login based on dynamic password generated autonomously by user Download PDF

Info

Publication number
WO2013117019A1
WO2013117019A1 PCT/CN2012/071358 CN2012071358W WO2013117019A1 WO 2013117019 A1 WO2013117019 A1 WO 2013117019A1 CN 2012071358 W CN2012071358 W CN 2012071358W WO 2013117019 A1 WO2013117019 A1 WO 2013117019A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
login
password
rule
controlled
Prior art date
Application number
PCT/CN2012/071358
Other languages
French (fr)
Chinese (zh)
Inventor
宗祥后
金栋
方国平
Original Assignee
Zong Xianghou
Jin Dong
Fang Guoping
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zong Xianghou, Jin Dong, Fang Guoping filed Critical Zong Xianghou
Publication of WO2013117019A1 publication Critical patent/WO2013117019A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals

Definitions

  • BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to all occasions where static, dynamic passwords are used as user logins, payment, electronic locks, and all electronic devices are turned on and the process security is secured. BACKGROUND OF THE INVENTION The use of passwords is ubiquitous in our lives, especially in today's digital age. It is becoming more common today.
  • Static passwords basically use fixed numbers and letter combinations, mainly for user account passwords, query passwords, and so on. There are usually some security risks in using these static passwords.
  • mobile phone number including their own (or family, good friends), fixed phone number, birthday date, and pinyin of the name. , learn well, job number, company or group name, etc. and passwords that are related to themselves and can be guessed as passwords. These are easily tried and exhausted by others through robot programs.
  • the dynamic password is a special algorithm that generates a time-related, unpredictable random number combination every 60 seconds. Each password can only be used once, and 43200 passwords can be generated each day. It uses a dedicated hardware called dynamic tokens with built-in power, a cryptographic chip and a display. The authentication server uses the same algorithm to calculate the current valid password. The user only needs to input the current password displayed on the dynamic token into the client computer to implement identity authentication. Since the password used each time must be generated by a dynamic token, only the legitimate user holds the hardware, so the identity of the user can be considered reliable by password verification. Moreover, the password used by the user is different every time.
  • Dynamic passwords have some disadvantages: First, users need to have dynamic tokens for authentication. Second, dynamic passwords need one. The additional server accepts requests from the authentication server relay; again, the OTP (the secondary password) is expensive in large networks; again, once the dynamic token falls into the hands of others, it will be logged in by the identity of the person. , causing unnecessary losses; Finally, under coercive conditions, these measures are not technically feasible.
  • the prior art login device or method also has drawbacks: For example, in our daily life, mobile phones and computers are our necessary tools, in order to prevent others from using my mobile phone and computer, often You need to enter your password when you turn it on.
  • some important personal information such as the mobile phone's electronic key, is stored in our mobile phone and computer. In this application, we store all the electronic keys around us. If you log in easily, it is equivalent to getting the key to open the door, and its security is affected. Therefore, you need to use a password to log in.
  • some folders in the computer also store more important information, which needs to be protected and can be viewed after correct login. In the case of this, you will need a password and login.
  • the password, payment password, etc. required to be logged in must be safe and reliable, and even the password is randomly changed.
  • the following methods are generally adopted: One is to prevent the Trojan from detecting the user's keyboard, and the soft keyboard is used, and the arrangement of the soft keyboard is always changing; the other is using a digital certificate.
  • the document management system is a software-based technology that manages all product-related information (including electronic documents, digital files, database records, etc.). Its role is to manage the development and utilization of information resources of enterprise products.
  • the identity of the user is identified.
  • identification There are only a few types of identification: username/password, smart card authentication, dynamic token, biometric authentication and USBkey authentication.
  • the username/password is the simplest and most commonly used authentication method. Since the password is static data, it can be easily sneaked into, or intercepted by a Trojan in the computer's memory or a listening device on the network. Therefore, it is a very insecure way of identity authentication.
  • Smart card authentication is a chip with built-in integrated circuit, which stores data related to the user's identity. It is produced by a special manufacturer through special equipment and is non-replicable hardware.
  • Dynamic passwords are a combination of time-related, unpredictable random numbers generated every 60 seconds according to a specialized algorithm. Each password can only be used once.
  • the dynamic password technology adopts a one-time and one-secret method to effectively ensure the security of the user identity.
  • the time or number of times the client and the server are not in good synchronization, the problem that a legitimate user cannot log in may occur.
  • a dynamic token falls into the hands of others or the user is coerced, it will be spoofed by someone else.
  • Biometric authentication refers to the technique of verifying the identity of a user by using each person's unique biometrics, often with fingerprints, iris recognition, and the like. Although this technology is the most reliable method of identity authentication, due to the maturity of the technology, the biometric authentication technology has great limitations. For example, the user's body is affected by injuries, resulting in failure to identify properly; the cost of the certification system is high. It is also impossible to solve the situation in which the user is falsely recognized in the case of being coerced.
  • the USBkey identity authentication method is a convenient and secure identity authentication technology developed in recent years. It adopts a strong two-factor authentication mode combining software and hardware and one time and one secret, and is now widely applied to the document management and control system.
  • the PIN code currently used by the USBkey is still static, and there is also a risk of being sneaked. The defects described above are all present.
  • the object of the present invention is to overcome the deficiencies in the prior art, and to provide a method and apparatus for obtaining autonomous dynamic password in a safe, reliable, simple, and inexpensive manner for effectively protecting a user account.
  • Safety In a modification of the proposed method and apparatus, the user can set at least one login password.
  • at least one alarm (duress) password can be set according to actual needs.
  • an aspect of the present invention is directed to a method for dynamically logging a system based on a user-generated dynamic password, wherein the system stores at least one login rule preset by the user, the login rule including at least one controlled An element and at least one control element controlling the at least one controlled element; the method comprising: generating random information corresponding to the number of controlled elements, providing the random information to a user, and utilizing the stored information based on the random information
  • the login rule generates a login reference password; obtains a dynamic password input by the user; matches the dynamic password and the login reference password, and if the two match, allows login, and if the two do not match, the login is refused.
  • storing the login rules preset by the at least one user includes acquiring the number and location of the controlled elements; acquiring the number and location of the control elements; and combining the controlled elements and the control elements to form a login rule;
  • the login rule is stored.
  • the encryption is performed when the registration rule is stored, and the encryption key is stored by the system or controlled by the user.
  • the encryption key is also acquired to invoke the stored login rule corresponding to the user by using the user identity information and the encryption key.
  • the providing the random information to the user is provided to the user in the form of an image, a sound, or the like.
  • the controlled elements are digitized information of numbers, letters, characters, national characters, musical symbols, chromatograms, chemical element symbols, pictures, etc.; the control elements are permutations and combinations, mathematical operations Symbol, logical operator, shift operator.
  • the acquisition control element and the controlled element are implemented by providing a control element input and/or selection interface and a control element input and/or selection interface.
  • the method further includes storing, by the user, a preset alarm rule, where the alarm rule includes at least one controlled element and at least one control element that controls the at least one controlled element, and provides the random information to the user.
  • an alarm reference password is generated by using the stored alarm rule; the dynamic password and the alarm reference password are matched, and if the two match, the alarm is generated.
  • Another aspect of the present invention is directed to another method for dynamically logging a system based on a user-generated dynamic password, wherein the system stores a plurality of user-set login rules, the login rule including at least one controlled element and the at least An at least one control element controlled by the control element; the method comprising the steps of: generating random information corresponding to the number of controlled elements, providing the random information to the user; acquiring user identity information and a dynamic password input by the user; The acquired user identity information invokes the stored login rule corresponding to the user and generates a reference password based on the random information; and matches the dynamic password and the reference password, if the two match, the login is allowed, if the two do not match Then refuse to log in.
  • storing the login rules preset by each user includes acquiring the quantity and location of the controlled elements; Obtaining the number and location of the control elements; combining the controlled element and the control element to form a login rule; storing the login rule.
  • the encryption is performed when the registration rule is stored, and the encryption key is stored by the system or controlled by the user.
  • the encryption key is also acquired to invoke the stored login rule of the corresponding user by using the user identity information and the encryption key.
  • the providing the random information to the user is to provide the random information to the user's terminal device in the form of an image and or a sound by wire or wirelessly.
  • This aspect of the invention also includes apparatus for the method.
  • a third aspect of the present invention is directed to a method for dynamically logging a system based on a user-generated dynamic password, wherein the system stores a plurality of user-set login rules, the login rule including at least one controlled element and the at least An at least one control element controlled by the control element; the method comprising the steps of: acquiring the identity information of the user; calling the stored login rule corresponding to the user according to the acquired identity information; generating random information corresponding to the number of the controlled element, Providing the random information to the user; simultaneously generating a login reference password based on the login rule of the user and the random information; and matching the dynamic password and the login reference password, if the two match, allowing login, such as If it does not match, the login is refused.
  • storing the login rules preset by each user includes acquiring the number and location of the controlled elements; acquiring the number and location of the control elements; combining the controlled elements and the control elements to form a login rule; and registering the login Rules are stored.
  • the encryption is performed when the registration rule is stored, and the encryption key is stored by the system or controlled by the user.
  • the encryption key is also acquired to invoke the stored login rule of the corresponding user by using the user identity information and the encryption key.
  • the providing the random information to the user is to provide the random information to the user's terminal device in the form of an image and or a sound by wire or wirelessly.
  • a fourth aspect of the present invention is directed to a method for logging in to a system based on a user-generated dynamic password, wherein the system stores at least one login rule preset by a user, the login rule including at least one controlled element and the at least one At least one control element controlled by the control element; the method comprising the steps of: sensing the presence of the user terminal; acquiring the identity information of the user; calling the stored login rule corresponding to the user according to the acquired identity information; generating the number of the controlled element Corresponding random information, the random information is provided to the user terminal by short-range wireless communication; and a login reference password is generated based on the login rule of the user and the random information; receiving a dynamic password sent by the user terminal; and the dynamic The password and the login reference password are matched.
  • storing the login rules preset by each user includes acquiring the number and location of the controlled elements; acquiring the number and location of the control elements; and combining the controlled elements and the control elements to form a login rule; Store.
  • the encryption is performed when the registration rule is stored, and the encryption key is stored by the system or controlled by the user.
  • the encryption key is also acquired to invoke the stored login rule of the corresponding user by using the user identity information and the encryption key.
  • the providing the random information to the user is to provide the random information to the user's terminal device in the form of an image and or a sound by wire or wirelessly.
  • aspects of the present invention further include apparatus corresponding to the methods, the apparatus comprising: a random information generating unit, configured to generate random information corresponding to the number of controlled elements, and a random information transmitting unit, configured to provide the random information a user, a login reference password generating unit, configured to generate a login reference password by using the stored login rule based on the random information; an obtaining unit, configured to acquire at least a dynamic password input by the user; and a matching unit, the dynamic password, and the login The base password is matched. If the two match, the login is allowed. If the two do not match, the login is denied.
  • a rule setting unit is further configured to allow the at least one user to set and store at least the login rule thereof, including a unit for acquiring the number and location of the controlled elements; and acquiring a unit of the number and location of the control elements; The unit that is controlled by the control element and the control element to form a login rule; a unit that stores the login rule.
  • the method further includes an encryption unit that encrypts when the login rule is stored, and the encryption key is protected by the system. Tube, or generated by user control.
  • the obtaining unit acquires the encryption key in addition to acquiring the user identity information, so as to invoke the stored login rule corresponding to the user by using the user identity information and the encryption key.
  • the providing the random information to the user is provided to the user through the image provided to the display device of the device being logged in, or provided to the device being logged in by sound.
  • the controlled elements are numbers, letters, characters, national characters, musical symbols, chromatograms, chemical element symbols, pictures, and the like; the control elements are permutation combinations, mathematical operators, logical operators, shifts Operator.
  • the acquiring unit acquiring the control element and the controlled element is implemented by providing a control element input and/or selection interface and a controlled element input and/or selection interface.
  • the storage unit further stores an alarm rule preset by the at least one user, the alarm rule includes at least one controlled element and at least one control element that controls the at least one controlled element, and further includes an alarm
  • the reference password generating unit is configured to generate an alarm reference password by using the stored alarm rule based on the random information; and an alarm matching unit, matching the dynamic password and the alarm reference password, and if the two match, report the old password.
  • the user-defined conversion rules and/or algorithms may also include or associate some dynamic change information, such as time and date. This will cause the conversion rules and algorithms to change over time.
  • the encrypted user-defined conversion rule, or algorithm, or the rule addition algorithm is encrypted in the step to avoid the definition of the conversion rule, or the algorithm, or the rule addition algorithm is easily steal.
  • the dynamic password generated by using random information by using the methods in the present invention can make up for the drawbacks of the static password. Since the result is obtained by dynamic random information conversion and calculation, the result obtained each time is different. Others cannot get a password by peeping, even if they are intercepted by others during the transmission process, because they have random characteristics, they cannot get the correct password, and it is invalid to be used again. Once the user has set the rules and/or algorithms, they need to remember the conversion rules and algorithms they set, the fixed parameters used, and the location selected.
  • the dynamic password using the method of the present invention has no special dynamic token hardware, no hardware cost, and all operations are performed on the user terminal device and/or the remote server.
  • the only thing the user needs to remember is the algorithms and rules set in advance.
  • the algorithm and rules are completely defined by the user and saved in the mind of the user. They cannot be stolen by others.
  • the method of the present invention makes these people unable to obtain the password of the user, and can effectively protect the security of the user funds.
  • FIG. 1 is a schematic diagram of the present invention.
  • Figure 2a is a logic schematic diagram of a first embodiment of the present invention.
  • 2b is a logic schematic diagram of a scheme for setting a password rule function according to the first embodiment of the present invention.
  • Figure 2c is a logic block diagram of the device corresponding to this embodiment.
  • FIG. 2d is a detailed flowchart of the rule setting process in the embodiment.
  • 2e is a detailed flowchart of the login process in the embodiment.
  • FIG. 2f is a detailed flowchart of the rule modification process in the embodiment.
  • Figure 3a is a logical schematic diagram of a second embodiment of the present invention.
  • FIG. 3b is a logical schematic diagram of a scheme of setting a password rule function according to a second embodiment of the present invention.
  • Figure 3c is a logic block diagram of the device corresponding to this embodiment.
  • FIG. 3d is a detailed flowchart of the rule setting process in the embodiment.
  • FIG. 3e is a detailed flowchart of the login process in the embodiment.
  • FIG. 3f is a detailed flowchart of the rule modification process in the embodiment.
  • Figure 4a is a logic schematic diagram of a third embodiment of the present invention. Program logic diagram of a third embodiment password rules embodiment of the present invention, FIG. 4 b is set by the function.
  • Figure 4c is a logic block diagram of the device corresponding to this embodiment.
  • FIG. 4d is a detailed flowchart of the rule setting process in the embodiment.
  • 4e is a detailed flowchart of the login process in the embodiment.
  • FIG. 5a is a logic schematic diagram of a fourth embodiment of the present invention.
  • FIG. 5b is a logic schematic diagram of a scheme of setting a password rule function according to a fourth embodiment of the present invention.
  • Figure 5c is a logic block diagram of the device corresponding to this embodiment.
  • Figure 6a is a logic schematic diagram of a fifth embodiment of the present invention.
  • Figure 6b is a logical schematic diagram of a scheme for setting a password rule function according to a fifth embodiment of the present invention.
  • Figure 6c is a logic block diagram of the apparatus of the fifth embodiment of the embodiment.
  • various methods for logging in various systems and devices corresponding to the method are provided, and the method and corresponding device thereof can be applied to a user terminal such as a local user terminal that needs to be logged in.
  • a user terminal such as a local user terminal that needs to be logged in.
  • the user may need to log in, for example, his own terminal device, such as a user's mobile phone, a computer, etc., or a public server.
  • the server may be remote or Locally, a login rule is saved in advance.
  • the login rule may be, for example, a conversion rule, or a calculation formula, or a combination of rules and calculation formulas, and the login rule includes at least one such as a numerical value, a letter, a character, a national text, and a current a controlled element such as time; further comprising a control element that controls at least a portion of the at least one controlled element, the control element being an operator such as addition, subtraction, multiplication, division, square, square root, etc., or , or , or other logical operators, or operators such as left shift, right shift a certain number of operations.
  • the definition rule is stored by the logged device, and in an optional embodiment, the login rule is encrypted and saved.
  • the logged-in device may be controlled to generate, for example, a random number of randomly generated information corresponding to the number of the aforementioned controlled elements, such as: numbers, letters, characters; Text (such as Chinese, Japanese, etc.); music; chromatography; chemical elements; For example, it may be a set of random numbers generated by a random number generator.
  • the logged-in device needs to call a previously-converted conversion rule for the user Generating a login reference password for the certain amount of random information; on the user side, according to the random amount of information generated and provided by the user, the user can obtain a password according to the conversion rule memorized in the mind, and through, for example, a terminal device or The input device provided by the terminal connected to the server is input into the registered terminal device or the server, and the registered terminal device or server matches the dynamic password with the reference password after receiving the dynamic password, and if the matching is successful, The user is allowed to log in to the terminal device or the server.
  • the user-defined login rule that needs to be saved is preferably obtained by a rule generation step provided by the method in this embodiment.
  • the user is first provided with a rule input interface, where the rule input interface includes the at least one of the foregoing
  • the input area of the control element is used to acquire the number and position of the controlled elements, and may also include an area of the control element for performing operations such as calculation, logical judgment, shifting, etc. on the at least one controlled element for acquiring the number and position of the control elements.
  • the two are combined to generate a user-defined combination, that is, the login rule; then the user-defined login rule is saved, and the storage rule can be saved. Add or associate the identification ID of the corresponding user; if necessary, encrypt the saved user-defined conversion rule, or calculation formula, or a combination of rules and calculation formulas, and the encryption key is set by the user. Static password control generation. In the example of the foregoing method, if the matching fails, and the user is denied the login, the user may choose to randomly provide a new one. Control element, or allow the user to re-enter the password corresponding to this controlled element within a given time.
  • the step of acquiring the dynamic password may include providing the user with a password input interface, and the password input interface may include displaying an area of the random controlled element for displaying the certain amount of random information for the user, and may further include The input area of the password is used to obtain the dynamic password of the user.
  • the input password can be displayed in plain text or cipher text.
  • an identifier including a user ID such as a user ID, may be provided to collect the user identity or user ID; The purpose of the identity is to subsequently invoke the stored user-defined login rules for the user based on the identity.
  • another user-defined conversion rule, or a calculation formula, or a combination of rules and calculation formulas may be defined and stored for implementing functions other than login.
  • the other user-defined conversion rule, or a calculation formula, or a combination of rules and calculation formulas may correspond to an alarm function, that is, when the dynamic password obtained by the dynamic password acquisition step satisfies the other user-defined conversion.
  • the rule, or the calculation formula, or the combination of the rule and the calculation formula, that is, the alarm rule jumps to an alarm step and sends an alarm signal to the appropriate alarm receiving device. This is especially useful when targeting money access terminals or online banking servers, so that you can silently complete an alarm when you are coerced.
  • the application of the present invention provides a platform for the user to design a password algorithm unique to the user himself within a certain range.
  • a normal login password and an alert (duress) login password can be designed.
  • the user can also set the conversion rules and algorithms for the alarm (duress) login password and save them.
  • the terminal device calculates a reference password according to a conversion rule or algorithm preset by the user, and compares it with the password input by the user, thereby determining whether the user is a normal login or an alarm (coercion) login.
  • login rules may refer to converting random information into numbers, letters or words according to certain rules. For example, Chinese characters are displayed, which can convert Chinese characters into stroke numbers or four-corner numbers; convert a piece of music into a score.
  • Login rules can also refer to converting a set of characters into another set of rules according to agreed rules.
  • the random controlled elements involved in the login rule refer to information that the system can randomly generate, such as: numbers, letters, characters; texts of various countries (such as Chinese, Japanese, etc.); music; chromatography; chemical elements; And other information.
  • the static control elements in the login rule can be, for example, mathematical operators, logical operators, shift operators, and so on.
  • the manner in which the user receives the random information can, for example, visually and audibly receive information such as random images, audio, and the like transmitted from the registered device.
  • the terminal devices in the registered device include, but are not limited to, desktop computers, notebook computers, mobile phones, tablet computers, access control devices, currency access terminals, and the like.
  • the server in the logged-in device may refer to a local or remote online banking login server, an instant messaging login server, a software login server, and the like.
  • the rule setting unit 101 includes providing the user with a display area S211, and distinguishing between the controlled element setting area and the static control element setting on the display area.
  • the unit considers that the login rule is set, and the unit will set the login rule.
  • the storage along with the ID of the user is stored in a storage unit for later calling S214, and the storage may be encrypted. Since the computer is generally a multi-user system, it is necessary to store the login rule in association with the ID of the user.
  • the login device may omit the step of associating with the user ID, directly Login rules are stored.
  • the login device runs to the user login interface, and receives a user-entered identity information, such as an ID, by a user identity obtaining unit 105, and generates, for example, 6 by the controlled element generating unit 103 for the ID.
  • the bit random array is taken as the controlled element S203, and the 6-bit random number is sent and transmitted on the computer display device through the transmitting unit 104.
  • the login device retrieves the previously saved login rule S206 for the user ID from the storage unit 102 through the reference password generation unit 106, and generates a reference password corresponding to the group 6-bit random number according to the acquired rule. .
  • the generated reference password is then sent to the matching unit 107 in a login device for subsequent matching.
  • the user can select a password and re-arrange or calculate the above-mentioned number or letter according to the registration rule stored in the mind, and obtain a password as the acquisition unit 105 of the dynamic password registration device.
  • the corresponding location of the login interface provided.
  • the user only uses the reverse arrangement as the password ggg g, ie 653431.
  • the login device After receiving the dynamic password, the login device sends it to the matching unit 107 to match the reference password S207. If it matches, the matching is considered successful, and the login device is allowed to log in, and the login device stops running.
  • the random information generating unit may be selected to generate a new set of random information, and the user is given the opportunity to input the dynamic password again for the current random information group.
  • the user identity obtaining unit and the user dynamic password acquiring unit may be configured to acquire information at the same time, so that the reference password generating unit may generate a reference password for a certain client.
  • the user identity obtaining unit may acquire the user ID before the user dynamic password acquiring unit and generate the reference password after obtaining the ID, that is, the user dynamic password obtaining unit waits for the user to input its dynamic password. Because the random number or letter generated is changed every time you log in, the password of the composition is always changing.
  • the above rule change is a relatively simple application. If it is 6 random numbers or letters, a 6-bit password is synthesized, and there are 720 variations. If the random number or letter, and the entered password can be peeked or intercepted, the combination can be easily derived. Therefore, the use of this change rule as a password is generally used in the power-on password of a mobile phone, or on a personal computer used at home.
  • Figure 2d shows the flow of the specific setting of the login rule, wherein the rule setting process is generally set by the user to select a password. And trigger.
  • the login method first enters the rule function editor, enters the rule function editor: displays the six-digit random number corresponding to the letter, and edits the rule function.
  • Display verification interface including: display six-digit random number, dynamic password input window, receive user input: dynamic password (DPW), calculate password value DPW' according to newly set rule function, random number, compare DPW and DPW' Consistent, if consistent, encrypt the save rule function. If they are inconsistent, return to the rule function editor: Display the six-digit random number corresponding letter, the edited rule function.
  • Users need to log in to devices such as mobile phones. The login program can be run automatically when the phone is turned on or triggered by the user's selection. After the login process is started, the device calls the random number generator to generate a six-digit random number.
  • the login interface is displayed, including: displaying a six-digit random number, a dynamic password input window; receiving the user input: a dynamic password DPW; finding the stored rule function and Decoding, calculate the dynamic password value DPW' according to the random number; compare DPW and DPW' to see if it is consistent, if it is consistent, allow login. If it is inconsistent, you can choose to judge the accumulated error on the day more than 5 times. If it exceeds 5 times, it will end the day login. Operation, if not more than 5 times, call the random number generator to regenerate the six-digit random number. Optionally, compare DPW and DPW' to see if they are consistent. If they are inconsistent, directly call the random number generator to generate a six-digit random number.
  • Figure 2e shows the above specific login process.
  • the rules that have been set may need to be modified.
  • the specific process of the rule modification may be as shown in Figure 2f: the user selects [Modify Password], invokes the random number generator, generates a six-digit random number, and verifies the original password, including: Displaying six digits Random number, dynamic password input window, receive user input: dynamic password DPW (original), find the stored rule function and decode, calculate the dynamic password value DPW' according to the random number, compare whether DPW and DPW' are consistent, if they are consistent Enter the rule function editor: Display the six-digit random number corresponding to the letter, edit the rule function, if it is inconsistent, judge the cumulative error on the day more than 5 times?
  • the random number generator is called to generate a six-digit random number.
  • Enter the rule function editor Display the six-digit random number corresponding to the letter, edit the rule function.
  • the verification interface is displayed, including: displaying a six-digit random number, a dynamic password input window, and displaying a verification interface, including: displaying a six-digit random number, a password input window, and receiving a user input: a dynamic password NDPW (new),
  • the dynamic password value NDPW' is calculated. Is the comparison between NDPW and NDPW' consistent? If it is consistent, the rule function is saved and encrypted, and then the password is modified.
  • Embodiment 2 Login Device Application of Network Chat Tool
  • a user can set a login rule when the system is first applied. For later use, this can be done by logging in a rule setting unit of the device. 101 is completed; as shown in FIG.
  • the running process of the rule setting unit 101 includes providing a display area for the user on the user's terminal, and distinguishing the controlled element setting area and the static control element setting area S311 on the display area;
  • the unit considers that the login rule is completed, and the unit will set the login rule with the user together with the user.
  • the ID identifier is stored in a storage unit for later calling S302, and the storage may be encrypted. Since the network chat tool is generally a multi-user system, it is necessary to associate the login rule with the ID ID of the user. Each time the user logs in to the network chat tool, as shown in FIG.
  • the login device runs to the user login interface, and receives a user-entered identity information, such as a user ID, by a user identity obtaining unit 105, and for the ID
  • the controlled element generating unit 103 generates, for example, a 6-bit random array as the controlled element S303, and transmits the 6-bit random number to the display device of the user terminal via the network via the transmitting unit 104 on the display device S304: g ⁇ gg @ @ , where, a , b, c, d, e, f represent six different numbers or letters, respectively, for example 134356.
  • the login device retrieves the previously saved login rule S306 for the user ID from the storage unit 102 through the reference password generation unit 106, and generates a reference instruction corresponding to the group 6-bit random number according to the acquired rule. .
  • the generated reference command is then sent to the matching unit 107 in a login device for subsequent matching.
  • the user can select a password or a rearrangement or calculation according to the registration rule memorized in the mind, and obtain a password and provide it as a dynamic password registration device.
  • the corresponding location of the login interface For example, the user only uses the reverse arrangement as the password ggg g, ie 653431.
  • S306 sends it to the matching unit 107 to match the reference password S307. If it matches, it considers that the matching is successful, and allows the login device S316 to stop the operation. If the match is not successful, the random information generating unit may be selected to generate a new set of random information, or the user may be given the opportunity to input the dynamic password again for the current random information group. Because the random number or letter generated is changed every time you log in, the password of the composition is always changing. This enables the above-mentioned login device to avoid the problem that the passwords often encountered by login methods such as static passwords are stolen or sneaked, and also avoid the trouble of carrying devices such as USBKEY.
  • the user identity obtaining unit and the user dynamic password acquiring unit may be configured to acquire information at the same time, so that the reference password generating unit may generate a reference password for a certain client.
  • the user identity obtaining unit may acquire the user ID before the user dynamic password acquiring unit and generate the reference password after obtaining the ID, that is, the user dynamic password obtaining unit waits for the user to input its dynamic password.
  • the login device or the login method in this embodiment can be integrated into the existing network day tool as part of the network chat tool.
  • a, b, c, d, e, f represent six different numbers or letters respectively
  • the user selects the above numbers or letters according to the pre-set arrangement rules, and then performs simple addition and subtraction (for the addition of letters) Subtraction is to move the letter backward/forward, such as h plus 5 is m, h minus 5 is c), and then rearranged as a password input.
  • a password can consist of the following rules: When logging in, randomly display 6 digits or letters: 5 f 4 mu 8. According to the conversion rule, a set of passwords can be obtained: kh 13 2 11 ⁇ (Note: When subtraction is used to generate negative numbers, take the positive part) .
  • Figure 3d shows the setup process: where the user selects [Set Password], enters a new username, and determines if it has the same name?
  • the display verification interface includes: displaying a six-digit random number, a dynamic password input window, receiving a user input: a dynamic password DPW; on the server side, generating a temporary key using a six-digit random number, that is, Dkey, decrypting with Dkey
  • the rule function calculates the password value DPW' according to the newly set rule function and the random number; after that, the server compares whether the DPW and the DPW' are consistent, and if yes, encrypts and saves the rule function, thereby completing the password modification; if not, Then enter the rule function editor: display the six-digit random number corresponding letter, the edited rule function, recall the random number generator, generate a six-digit random number and provide it to the personal terminal and server.
  • the login process is as follows, as shown in Figure 3e: In the personal terminal user, select [Login], issue a login request to the server, and the server calls the random number generator to generate a six-digit random number.
  • the six-digit random number is sent to the personal terminal and displayed by the display interface, displaying the login interface, including: displaying a six-digit random number, a user name, and a dynamic password input window; thereafter, receiving the user input at the user terminal: user name UID, dynamic Password DPW, after the server collects the user name UID and the dynamic password DPW, does it determine whether there is such a user?
  • the login operation is ended after more than 5 times. If there is no more than 5 times, the user is required to log in again; if it is determined that the user is present, the saved user rule function is found and Decrypt, get the rule function, then calculate the user's dynamic password DPW', and then compare DPW and DPW' to see if it is consistent. If it is consistent, it will allow login. If it is inconsistent, it will judge the accumulated error more than 5 times on the day, and judge according to the change. The result ends the login or asks the user to log in again. When the user needs to modify the already set rules, the following modification process is run, as shown in FIG.
  • 3f The user selects [modify password], and after receiving the user's modification request, the server calls the random number generator to generate six digits. The random number is sent to the user terminal, and the stored user rule function is found and decoded, and the dynamic password value is calculated according to the random number.
  • DPW in the user terminal, provides a verification original password interface, including: displaying a six-digit random number, a dynamic password input window, obtaining the user input: dynamic password DPW (original), and then judging whether the comparison DPW and DPW' are consistent? If they are inconsistent, judge the cumulative error on the day more than 5 times? And end the login or recall the random number generator to generate a six-digit random number; if it is consistent, enter the modify rule function interface; enter the rule function editor on the client: display the six-digit random number corresponding letter, edit the rule function area For the user to edit; after that, use the six-digit random number to generate the temporary key Dkey, use the Dkey encryption rule function at the user end, and send it to the server.
  • the temporary key Dkey is also generated by the six-digit random number, and Dkey is used.
  • Decrypting the rule function thereafter, providing a display verification interface on the user terminal, including: displaying a six-digit random number, a dynamic password input window, obtaining a password input by the user, NDPW, sending to the server, and according to the new setting on the server side
  • the rule function, the random number calculate the password value NDPW', and compare whether NDPW and NDPW' are consistent? If it is consistent, save the password and complete the modification. If it is inconsistent, enter the rule function editor: Display the six-digit random number corresponding letter, the edited rule function, and repeat the above process.
  • Embodiment 3 Application of Online Banking, Online Payment, Online Securities
  • a user can set a login when logging in for the first time.
  • the rules are for later use, which can be done by a rule setting unit 101 of the login device;
  • the rule setting unit includes providing a display area for the user on the display device of the user's terminal 20, and distinguishing the controlled element settings on the display area The area and static control element setting area S411; when the user completes the setting of the controlled element and the setting of the static control element S412 by the input or selection, and confirms the confirmation after S413, the unit considers that the registration rule setting is completed, then the unit will
  • the set registration rule is stored together with the ID of the user in a storage unit for later calling S402, and the storage may be encrypted. Since online banking and the like are multi-user systems, it is necessary to store the login rule in association with the ID of the user.
  • An alarm rule can also be set by the same flow and stored in the rule storage unit 102 as well.
  • the password and the rule can be encrypted by the encryption unit and then transmitted through the Internet, and the data transmitted to the server is decrypted by the encryption unit.
  • the user side software setting encryption unit encrypts the rules and passwords
  • the server side software setting decryption unit is used to decrypt the rules, passwords, and the like transmitted through the network.
  • the login device 10 of the online banking server After the user logs in to the online banking, for example, when logging in to the online banking through the web browser, the login device 10 of the online banking server provides an obtaining unit 105 that collects the user identity by providing the user login interface, and receives the identity information S401 input by the user.
  • a user ID such as a user
  • the login device 10 of the online banking server provides an obtaining unit 105 that collects the user identity by providing the user login interface, and receives the identity information S401 input by the user.
  • a user ID such as a user, generates, for example, a 6-bit random array as the controlled element S403 by the controlled element generating unit 103 for the ID, and transmits the 6-bit random number to the display device of the user terminal 20 through the network.
  • the login device generates a login rule and an alarm rule for the user ID identifier saved in advance from the storage unit 102 through the reference password generating unit 106, and generates a corresponding 6-bit random number according to the acquired rule.
  • the generated registration and/or alarm reference command is then transmitted to the matching unit 107 in the registration device for subsequent matching S407.
  • the user observes these random numbers, for example, from the display device of the terminal 4 ⁇ 20 to which the server is connected, that is, According to the registration rule remembered in the mind, after selecting the above numbers or letters to rearrange or calculate, a password is obtained and used as the corresponding position of the login interface provided by the dynamic password registration device.
  • the user only uses the reverse arrangement as the password gg gg, ie 65343 i.
  • the login device After receiving the dynamic password and a static password, the login device sends s 4 (1 ⁇ 2, sends it to the matching unit 107, and matches the login reference password S407. If the matching is successful, the matching is considered successful, and the login device S416 is allowed to stop the login device. If the match is not successful, the match is considered unsuccessful, and then the alarm reference password is matched. If the match is successful, the login and alarm are allowed. If the match is not successful, the random information generating unit may be selected to generate a new set of random information, or given to the user. The opportunity to re-enter the dynamic password for the current random packet.
  • the user identity acquisition unit and the user dynamic password acquisition unit can be configured to obtain information at the same time. , whereby the reference password generating unit can then generate a certain customer
  • the user identity obtaining unit may obtain the user ID before the user dynamic password obtaining unit and generate the reference password after obtaining the ID, that is, the user dynamic password obtaining unit waits for the user to input its dynamic password.
  • a static password input by a user may be accepted at the same time when the dynamic password of the user is acquired, where the static password is associated with the rule of the user when the rule is saved.
  • the stored password is extracted in the storage unit 102 using the static password and the login reference password is calculated. If the static password is inaccurate, the rules saved by the storage unit 102 cannot be correctly decrypted.
  • Implementing secure logins is very simple, because the passwords we enter are randomly changed. Don't worry about Trojans detecting user keyboard input. Even if others get the password that the user entered this time, it won't be used again next time.
  • the user who can get the correct result based on the random number must be the user himself. In this way, it is verified that the user is operating.
  • the user can also set the alarm reference password, when the user When life is in danger, you can enter the alarm password, which can stabilize the coercion, and can send a request signal to the outside in silent and uninterested. For example, when the user logs in to the online bank, the login interface displays the random number: gggg
  • 3 +@ 2 +7 y4 ten 7 shell lj
  • the dynamic password is composed of the above four sets of data, that is, yly2y3y4.
  • the dynamic password obtained is: 304745544168.
  • Dynamic passwords obtained by this kind of operation because the operating equations used by the users are diverse, the variables used in each expression are also variable (a variable, or two, or three, etc.), the expression The coefficients and constants in the variable are also indefinite, and the composition of the dynamic password is also indefinite (can be two formulas, or three formulas, or four formulas, etc.). Therefore, it is difficult to derive the arithmetic rules from known random numbers and generated passwords. Of course, if the user feels that the above-mentioned set operation cannot be memorized, these operations and combination rules can be input into the mobile phone. In actual use, the corresponding value can be manually input according to the displayed random number, and then the corresponding value can be obtained. Dynamic password.
  • the generated dynamic password can be directly transmitted to the computer through wireless.
  • the specific rule setting process as shown in Figure 4d: The user starts the login rule or alarm by selecting [Set Password] The setting of the rule, after which the bank account is sent to the server, and the server verifies whether the account still exists. If the account exists, the user enters the account number, name, ID number, withdrawal password and other information, and invokes a random number generator.
  • the user can log in to the online banking system or online payment system through any user terminal at any time.
  • the login process is as follows, as shown in Figure 4e: After receiving the request that the user needs to log in, the server calls the random number generator to generate a six-digit random number.
  • the displayed login interface includes: display six-digit random number, account number, static password.
  • the dynamic password input window is provided to the user terminal, and obtains the identity information input by the user, the static password, and the dynamic password DPW calculated according to the six-digit random number. After receiving the foregoing information, determining whether the user account is available? If there is no such account, it is judged that the accumulated error is more than 5 times on the day. If it is exceeded, the login process is ended.
  • the saved user rule function is found ( Normal DPW and alarm ADPW) ciphertext, use the six-digit random number to generate the temporary key Dkey, decrypt it with Dkey, get the static password SPW, use the static password SPW to generate the decryption key Skey, and use Skey to decrypt the saved rule function ciphertext.
  • the rule function calculates the normal and alarm reference password values DPW' and ADPW of the user, and compares whether DPW and DPW' are consistent. If they are consistent, the login is allowed. If they are inconsistent, compare whether ADPW and ADPW' are consistent. If they are consistent, they are allowed.
  • the modification process can be used to modify the two.
  • the random number generator is called to generate A six-digit random number, provided in the display modify password interface, the interface can include: display six-digit random number, static password, dynamic password input window; receive user input: static password SPW (original), dynamic password DPW (original), the temporary key Dkey is generated by a six-digit random number, the static password SPW is encrypted by Dkey and the static password SPW is transmitted to the server, and the server uses a six-digit random number to generate the temporary key Dkey, and then decrypts with Dkey.
  • the specific process of selecting the static password and dynamic password rule function is as follows: Modify the static password, enter the new static password NSPW, and repeat the input to determine whether the passwords entered twice are consistent? If it is consistent, use Dkey to encrypt the static password NSPW. If it is inconsistent, re-enter the new static password NSPW and repeat the input. After encrypting the static password NSPW with Dkey, send the ciphertext to the server and enter the modification interface of the dynamic password rule function. .
  • Enter the rule function editor on the client Display the six-digit random number corresponding to the letter, edit the rule function area for the user to edit (here can edit the normal login rule function and the alarm login rule function); thereafter, generate with six random numbers Temporary key Dkey, use Dkey encryption rule function (including normal and alarm) at the user end, and send it to the server side, use Dkey to decrypt the rule function (including normal and alarm) on the server side; thereafter, provide display verification interface in the user terminal.
  • Embodiment 4 Application of Login to Bank ATM and POS Machine
  • FIGS. 5a to 5c in an embodiment for such an application, as shown in FIG. 5a, similar to the previous embodiment, it includes login steps 503, 504. 505, 506, 507, etc., the user generally implements authentication using a tool such as a bank card.
  • the login apparatus and method of the present invention may not necessarily provide an interface for the user to input the user ID, but the user ID acquisition unit 105 directly reads A bank card or the like is used to determine the ID of the user, and subsequent settings such as the provision of the random information and the generation of the reference password, the acquisition of the input dynamic password, and the setting of the password matching unit 107 may be performed by means of a login method such as a web chat tool. Or it can be like the login method for online banking, depending on how the ATM or POS is arranged.
  • the setting of the login rule can be set locally and sent to the server in the background by the ATM machine, as shown in Figure 5b, or Through the network banking and other settings, the server side of the bank only needs to associate or bind the set login rules with tools such as the user's bank card. Similar to the previous embodiment, it includes steps 511, 512, 513, 502, and the like.
  • a logical block diagram of the corresponding device is shown in FIG. 5c, which is similar to the previous embodiment, and includes a server terminal 10, a user terminal 20, and units 101 to 107 at the server end.
  • the login device of the present invention is employed. And the login method can solve the problems existing in the prior art well, and ensure the personal safety and capital security of the user.
  • the dynamic password of the present invention can also be applied to electronic locks and electronic In the key, the original static password is changed to our dynamic password, which also prevents peeks from others.
  • various electronic locks with login or login methods can be designed.
  • the login device and method of the present invention can be directly embedded in an access control device, such as a card reader, and the access device can be The foregoing login rule setting such as web chat and login verification by the user are implemented.
  • an access control device such as a card reader
  • the user can input the corresponding value on the mobile phone according to the random information prompted by the electronic lock (or the electronic lock sends the random number to the mobile phone and displayed on the display of the mobile phone), and then sends the obtained result to the mobile phone.
  • Electronic lock to complete the unlocking action.
  • the alarm reference password can also be set, so that the specific implementation scheme can be used in the coerced state to refer to the implementation process of the online banking, and replace the user computer terminal with a mobile phone.
  • Embodiment 6 Application of File Control
  • the login device and the login method in one embodiment of the present invention may be attached to a digital file in the form of software. In the file control system.
  • the user when a user needs to access a file managed by the file management system, the user needs to first log in to the file management system or log in to a specific folder or file. After the login is successful, the file or folder can be processed, for example. View and other operations.
  • the login device or the login method attached to the file management system needs to have a login rule storage unit for storing the login rules preset by each user of the system in an encrypted or unencrypted form, wherein the login rule includes At least one controlled element and at least one control element controlling the at least one random information; further comprising a random information generating unit, such as a random number generator, for generating random information corresponding to the number of operated elements, and Providing the random information to the user; further comprising: a dynamic password obtaining unit, configured to receive a dynamic password calculated by the user based on the random information by the brain; a reference password generating unit, the user invokes the stored login rule based on the random information A reference password is generated; a comparison unit matches the dynamic password and the reference password, and if the two match, the login is allowed, and if the two do not match, the login is denied.
  • a login rule storage unit for storing the login rules preset by each user of the system in an encrypted or unencrypted form, wherein the login rule includes
  • the login step includes 603, 604, 605, 606, 607, etc.; similar to the foregoing embodiment, the basic steps of the rule setting are as shown in FIG. 6b, including steps 611, 612. , 613, 602, etc.
  • a logical block diagram of the corresponding device is shown in FIG.
  • 5c which is similar to the previous embodiment, and includes a system terminal 10, a user terminal 20, and units 101 to 107 at the server end.
  • Specific examples of rules that can be set The following describes some specific implementations of the present invention, which can be applied to application fields with different security levels, but in actual user settings, it is not limited to the following solutions, and is not limited to the following defined arrays.
  • the number, length of the array, and length of the password can be defined by the user according to the actual situation. For convenience of explanation, the following examples are based on 6-digit random numbers and letters.
  • Option 1 pure arrangement rules
  • the random controlled element is a set of six-bit encoding gg ⁇ , where the encoding can be a number, or a letter, or a character
  • the static operating element is the second, fourth, and sixth digits with one or three , five-digit content interchangeable transposition operator
  • the saved user preset login rule is According to the login rule defined above, when the user logs in, the random controlled element generating unit in the terminal generates a set of six-digit random codes in the random controlled element step, for example, 1, 2, 3, 4, 5, and 6
  • the reference password generating step preferably receives the aforementioned password input
  • the matching step then compares the password A entered by the user with the reference password A' obtained by the reference password calculation step. If they are equal, that is, the match is considered to be the user's own input, allowing the user to log in, and allowing subsequent operations; In case of error, the login and subsequent operations are rejected.
  • the specific application of the foregoing six-digit random code may also be, for example, when the terminal device, for example, the mobile phone is powered on, randomly displays "GUMW PA" on the screen. According to the above-mentioned rules, the correct password is "UGWMAP", that is, The system can only allow users to log in after the user has correctly entered the aforementioned password.
  • the advantage is that the rules are simple and convenient to remember, and can be used in some cases where the input is relatively private, such as the power-on password for the mobile phone and the password for logging in the electronic key. Wait.
  • the disadvantage is that the rules are simple and it is easy to introduce its rules. For example, if the entire input process is sneaked, the rules can be derived by comparing several groups, tens of sets of random codes and dynamic passwords.
  • Scheme 3 (calculation formula plus complement, rearrange): In scheme 2, it is possible to obtain a single digit, or two digits. In order to strengthen its strength and avoid being derived from others, you can pass certain The rules, for the calculation of single digits, make up its 100,000, tens, thousands, hundred and ten digits, thus ensuring that its six-digit password has a value.
  • the above four schemes are all set up under the premise of a set of random information.
  • the security of the security zone has been greatly improved compared with the existing schemes, such as the password for the mobile phone, computer Power-on password, electronic key application Login, QQ login, MSN login, etc.
  • random codes can be appropriately added ( The number of groups, and the number of bits of the dynamic password, increase the difficulty of the cracker and improve its security performance.
  • Scheme 5 multiple sets of random codes
  • the following is an example of four sets of 4-bit random codes.
  • the actual application can be adjusted according to the specific situation. It is not limited to 4 groups of 4 bits, and the password is not Limited to 4 bits, it can be designed to any number of bits. Definition: Assume that the generated random numbers (or letters) are 4 groups, each group consisting of 4 digits (or letters), and the array is as follows:
  • the password consists of 4 digits (or letters);
  • the password is generated by rearranging the combination.
  • the four sets of random numbers and passwords are not limited to numbers, but also letters and characters. However, since this method is relatively simple, if it can be peeked by others, the rules can be derived by obtaining a certain number of random codes (numbers) and corresponding passwords. Use rearrangement combination, and add (or subtract) a set of 4-digit seeds reserved in advance according to the corresponding bits. When setting the password calculation mode, you can set a new 4-digit seed number:
  • Alarm Stress
  • the calculation formula of the login can also be set by the above method.
  • Random information can be designed in Chinese kanji form, with the stroke of the Chinese character or the four-corner number as the password.
  • the random information displays "Human-machine synchronization dynamic password".
  • the conversion rule agreed by the user in advance is to select the strokes of the 2nd, 4th, 6th, and 8th characters as the password input, and the password is "6785"; of course, it can also be adopted.
  • the four-corner number of the text is used as the password.
  • Random information can be designed as music, with the notation as a password. For example, when the computer is turned on, a piece of music is randomly played, and the user uses the notation of the first few notes of the piece of music as the input of the password. It is also possible to perform a simple calculation on the converted notation and input the obtained result as a password.
  • Scheme 7 Conversion of Chemical Elements
  • Random information can be designed as a chemical element with its atomic number as a serial port.
  • the computer when the computer is turned on, it displays several chemical elements, such as "Aluminum, Iron, Carbon, and Copper", which can be converted into a set of data "1326629", which is entered as a password. It is also possible to perform a simple operation on the converted atomic number and input the result as a password. Since an important part of the invention lies in the agreed registration rules, their storage and confidentiality are equally important. The saving of the login rule may be specifically set according to the application field of the present invention.
  • the login rule may be saved in the local area of the mobile phone; if the invention is used to log in to the computer, Login rules are saved on the computer that needs to be logged in; for those applications that want to log in to the server, such as instant messenger, email, access control, currency access device (ATM), etc., the login rules are best saved in On the corresponding server.
  • the registration rule can be saved in two ways: "plain text" and "encryption".
  • the encryption key can be generated by a hash function without saving, so as to avoid being cracked by others. .
  • the user-set login rules do not need to be set up very complicated, and some convenient memory conversions such as selection, rearrangement, shifting, and simple operations are selected. In some particularly important situations, it is necessary to set the calculations very complicated and not to be cracked by others, but these operations cannot be remembered by the human brain. In this case, the user can save the equations in another intelligence.
  • Terminal such as a smartphone, On a handheld computer, etc., or on a personal computer, when a password input is required, a corresponding variable can be input on another smart phone, or a personal computer, to calculate the value of the password.
  • the input of the password can be input by manual input or by wireless (infrared, WiFi, Bluetooth, etc.).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

Disclosed are a method and device for system login based on a dynamic password generated autonomously by a user, which is based on at least one preset login rule defined autonomously by a user and dynamically generates a login password by providing random information to verify the dynamic password of the user. The present invention solves the problem of the password being unreliable caused by the fact that a random dynamic password always needs to be provided by a technician rather than a user himself/herself in the prior art, such as a so-called verification code and so on.

Description

基于用户自主产生的动态口令对系统登录的方法和装置 技术领域 本发明涉及所有采用静态、 动态口令作为用户登录、 支付、 电子锁的场合, 以及所有电 子设备的开启并保障其过程安全的场合。 背景技术 口令的使用, 在我们生活中无处不在, 特别是进入数字化时代的今天, 则变得更为普遍, 我们每天都需要重复地进行着这些操作, 比如我们需要输入口令才能打开手机、 需要输入口 令才能登录到电脑、 需要输入口令才能登录到公司的网络、 需要输入口令才能登录到 MSN 或 QQ或飞信或旺旺聊天等、 需要输入口令才能收发邮件、 需要输入口令才能登录游戏网站 玩游戏、 需要输入口令才能进入办公室、 需要输入口令才能上网、 网上支付、 刷卡购物, 在 ATM机上也必需输入口令才能登录到用户的帐户进行操作。口令对于我们每个人来说实在是 太重要了, 它可以保护我们的隐私, 可以保护我们的重要资料 (如用于加密的密钥、 帐户信 息等) 不被他人所窃取, 可以保护我们的人身财产的人身安全。 现在大多数的场合下都是采用静态口令的方式, 静态口令基本上采用固定的数字、 字母 组合, 主要是用于用户的帐户口令、 查询口令等。 采用这些静态口令在使用过程中通常存在 着以下一些安全隐患: 其一, 为了方便记忆, 很多用户采用了包括自己 (或者家人、 好朋友) 的手机号码、 固 定电话号码、 生日日期、 姓名的拼音、 学好、 工号、 公司或团体名称等等和自己有关并能猜 测到的字符作为口令, 这些就为他人通过机器人程序不断尝试、 穷举, 很容易被破译; 其二, 很多人喜欢把一个口令使用在多种应用系统上, 甚至是所有的系统都是采用同一 个口令。 如果被他人截取并破获后, 他可能会用这个口令来尝试登录你的其它系统, 这样导 致的问题就是当你某个应用的口令被破解之后, 其它应用也就跟着沦陷了。 其三, 他人常常利用窥视、 诱骗等手段获得用户的口令。 其四, 内部工作人员在特定情况下也可能通过合法授权取得用户的口令而非法使用; 由于静态口令在某一特定的时间段内没有变化且可以反复多次使用, 如果不慎被泄露, 就可能被他人所用, 安全性较低。 故, 静态口令根本上不能确定用户的身份, 其结果是, 在 特定的情况下, 个人可以轻松地伪造一个假身份或者盗用一个已有使用者的身份, 给企业和 个人造成巨大的经济和声誉损失。 在我们的现实生活中, 当你去 ATM机上取钱、 或者在 POS机上刷卡消费时, 往往会有 一个习惯性的动作, 用手将键盘遮挡, 然后再输入密码, 目的就是为了防止他人在边上偷窥。 一旦被他人获取了密码后, 则会造成财产的损失。 此外, 对于那些在网上购物的人来说, 最 担心的是碰到了钓鱼网站 (仿冒真的银行网上银行界面) , 诱使用户输入帐号和密码, 从而 使他人不当获取了你的帐号和密码。 为了解决静态口令的弊端, 现在也有采用动态口令的技术。 动态口令是根据专门的算法 每隔 60秒生成一个与时间相关的、 不可预测的随机数字组合, 每个口令只能使用一次, 每天 可以产生 43200个密码。 它采用一种名为动态令牌的专用硬件, 内置电源、 密码生成芯片和 显示屏。 认证服务器采用相同的算法计算当前的有效密码。 用户使用时只需要将动态令牌上 显示的当前密码输入客户端电脑, 即可实现身份认证。 由于每次使用的密码必须由动态令牌 来产生, 只有合法用户才持有该硬件, 所以只要通过密码验证就可以认为该用户的身份是可 靠的。 而且用户每次使用的密码都不相同, 即使黑客截获了一次密码, 也无法利用这个密码 来仿冒合法用户的身份。 但是, 当前这项技术并没有在大面积的密码系统中使用动态口令也是有原因的, 主要是 这种动态口令也有一些缺点: 首先, 用户需要拥有动态令牌进行认证; 其次, 动态口令需要一台额外的服务器接受来 自认证服务器中继的请求; 再次, 在大型网络中 OTP (—次性口令) 价格不菲; 再次, 动态 令牌一旦落入他人手中, 则会被人冒用身份进行登录, 造成不必要的损失; 最后, 在胁迫状 态下, 这些措施均无技可施。 在一些特定的应用中, 现有技术中的登录装置或方法也存在缺陷: 例如, 在我们日常生活中, 手机和电脑是我们必备的工具, 为了不让别人使用我的手机 和电脑, 往往需要在开机的时候输入口令; 另外, 我们的手机和电脑中还保存了一些私人的 重要资料, 如手机电子钥匙, 在这个应用程序中, 我们将身边所有的电子钥匙都存放在里面, 如果轻易登录进去, 等于拿到了开门的钥匙, 其安全性就受到了影响, 故, 需要用口令才能 登录进去。 此外, 电脑中的某些文件夹也存放了比较重要的资料, 需要用加以保护, 在正确 的登录后才能查看。 诸如此类的情况, 就需要用到口令以及登录。 例如, 对于网上银行、 网上支付等牵涉到用户资金安全的应用, 则要求登录的口令、 支 付口令等必需是安全、 可靠的, 甚至口令是随机变化的。 目前, 为了保护用户的帐户, 一般采取下列几种方法: 一种是为了防止木马程序检测用 户键盘, 则采用了软键盘的形式, 且软键盘的排列一直在变化; 另一种采用数字证书的方式 来识别用户, 根据存放地的不同, 分为固定数字证书和移动数字证书; 第三种采用动态令牌 的方式, 除了静态口令之外, 再增加一个随机数; 最后一种为采用发送验证码到手机的方式, 需同时输入静态口令和接收到的验证码; 上述这些方法, 比起单纯使用静态口令要安全得多, 能解决一些问题。 但是, 在被胁迫状态下, 或者动态令牌、 数字证书、 手机被他人窃取时, 这些方法就显得十分苍白, 很容易被人攻破, 直接影响到使用人的资金和人身安全。 在银行安全方面, 现在银行的 ATM、 POS机都是采用 6位静态口令, 采用这种口令是非 常不安全的, 很容易被别人偷窥到、 或检测到。 同时, 在被胁迫状态下, 也无法报警。 此外, 在一些大型的企业、 公司、 机关, 每天都会产生大量的产品设计文档、 重要文件 等, 具有重要的价值。 随着业界竞争的加剧, 这些重要数据、 文件被泄密的风险越来越大, 必须采用相应的安全保密技术手段, 结合企业保密管理制度, 对企业数字知识产权实现有效 的保护。 文件管控系统是以软件为基础, 是一门管理所有与产品相关信息 (包括电子文档、 数字化文件、 数据库记录等) 的技术, 其作用是管理开发和利用企业产品的信息资源。 作为文件管控系统中重要的一环就是使用者身份的识别, 目前采用的身份识别无非有这 样几种: 用户名 /口令、 智能卡认证、 动态令牌、 生物特征认证和 USBkey认证。 用户名 /口令, 是最简单也是最常用的身份认证方法, 由于密码是静态的数据, 很容易被 偷窥到、 或被计算机内存中的木马程序或网络中的监听设备截获。 因此是一种极不安全的身 份认证方式。 智能卡认证是一种内置集成电路的芯片, 存有与用户身份相关的数据, 有专门的厂商通 过专门的设备生产, 是不可复制的硬件。 但是由于每次从智能卡中读取的数据是静态的, 通 过内存扫描或网络监听等技术还是很容易截取到用户的身份验证信息, 还是存在安全隐患。 动态口令是根据专门的算法每隔 60秒生成一个与时间相关的、 不可预测的随机数字组 合, 每个口令只能使用一次。 动态口令技术采用一次一密的方法, 有效保证了用户身份的安 全。 但是如果客户端与服务器的时间或次数不能保持良好的同步, 就可能发生合法用户无法 登录的问题。 此外, 一旦动态令牌落入他人之手或者使用人被胁迫, 就会被他人仿冒登录。 生物特征认证是指采用每个人独一无二的生物特征来验证用户身份的技术, 常有的是指 纹、 虹膜识别等。 该技术虽然是最可靠的身份认证方式, 但由于受到该技术成熟度的影响, 采用生物特征的认证技术具有较大的局限性。 比如用户身体受到伤病影响, 导致无法正常识 别; 认证系统成本较高等。 同样也无法解决使用人在被胁迫的情况下被伪认的情况。 BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to all occasions where static, dynamic passwords are used as user logins, payment, electronic locks, and all electronic devices are turned on and the process security is secured. BACKGROUND OF THE INVENTION The use of passwords is ubiquitous in our lives, especially in today's digital age. It is becoming more common today. We need to perform these operations repeatedly every day, for example, we need to enter a password to open the phone, Enter the password to log in to the computer, need to enter the password to log in to the company's network, need to enter a password to log in to MSN or QQ or Fetion or Want Want chat, etc., need to enter a password to send and receive mail, need to enter a password to log in to the game website to play games, You need to enter a password to enter the office, you need to enter a password to access the Internet, pay online, and swipe your card. You must also enter a password on the ATM to log in to the user's account. Passwords are really important to each of us. It protects our privacy and protects our important information (such as keys for encryption, account information, etc.) from being stolen by others, protecting our people. The personal safety of the property. Most of the time, static passwords are used. Static passwords basically use fixed numbers and letter combinations, mainly for user account passwords, query passwords, and so on. There are usually some security risks in using these static passwords. First, for the convenience of memory, many users use the mobile phone number including their own (or family, good friends), fixed phone number, birthday date, and pinyin of the name. , learn well, job number, company or group name, etc. and passwords that are related to themselves and can be guessed as passwords. These are easily tried and exhausted by others through robot programs. Second, many people like to put one Passwords are used on a variety of applications, and even all systems use the same password. If it is intercepted and cracked by others, he may use this password to try to log in to other systems. The problem is that when your application's password is cracked, other applications will fall. Third, others often use peeks, deceptions, etc. to obtain the user's password. Fourth, internal staff may also illegally use the legal authorization to obtain the user's password in certain circumstances; Since the static password does not change during a certain period of time and can be used repeatedly, if it is accidentally leaked, it may be used by others, and the security is low. Therefore, a static password cannot fundamentally determine the identity of a user. As a result, in a specific situation, an individual can easily forge a fake identity or steal the identity of an existing user, thereby creating a huge economy and reputation for enterprises and individuals. loss. In our real life, when you go to an ATM machine to withdraw money, or when you spend money on a POS machine, there is often a habitual action, blocking the keyboard by hand, and then entering the password, in order to prevent others from being on the sidelines. Peep on. Once the password is obtained by others, it will result in the loss of property. In addition, for those who shop online, the most worrying thing is that they encounter a phishing website (counterfeit bank online banking interface), enticing users to enter an account number and password, so that others improperly obtained your account number and password. In order to solve the drawbacks of static passwords, there are now technologies that use dynamic passwords. The dynamic password is a special algorithm that generates a time-related, unpredictable random number combination every 60 seconds. Each password can only be used once, and 43200 passwords can be generated each day. It uses a dedicated hardware called dynamic tokens with built-in power, a cryptographic chip and a display. The authentication server uses the same algorithm to calculate the current valid password. The user only needs to input the current password displayed on the dynamic token into the client computer to implement identity authentication. Since the password used each time must be generated by a dynamic token, only the legitimate user holds the hardware, so the identity of the user can be considered reliable by password verification. Moreover, the password used by the user is different every time. Even if the hacker intercepts the password once, the password cannot be used to fake the identity of the legitimate user. However, the current technology does not use dynamic passwords in large-area cryptosystems. There are also some reasons for this. Dynamic passwords have some disadvantages: First, users need to have dynamic tokens for authentication. Second, dynamic passwords need one. The additional server accepts requests from the authentication server relay; again, the OTP (the secondary password) is expensive in large networks; again, once the dynamic token falls into the hands of others, it will be logged in by the identity of the person. , causing unnecessary losses; Finally, under coercive conditions, these measures are not technically feasible. In some specific applications, the prior art login device or method also has drawbacks: For example, in our daily life, mobile phones and computers are our necessary tools, in order to prevent others from using my mobile phone and computer, often You need to enter your password when you turn it on. In addition, some important personal information, such as the mobile phone's electronic key, is stored in our mobile phone and computer. In this application, we store all the electronic keys around us. If you log in easily, it is equivalent to getting the key to open the door, and its security is affected. Therefore, you need to use a password to log in. In addition, some folders in the computer also store more important information, which needs to be protected and can be viewed after correct login. In the case of this, you will need a password and login. For example, for online banking, online payment and other applications involving user funds security, the password, payment password, etc. required to be logged in must be safe and reliable, and even the password is randomly changed. At present, in order to protect the user's account, the following methods are generally adopted: One is to prevent the Trojan from detecting the user's keyboard, and the soft keyboard is used, and the arrangement of the soft keyboard is always changing; the other is using a digital certificate. Ways to identify users, according to the place of storage, are divided into fixed digital certificates and mobile digital certificates; the third method of using dynamic tokens, in addition to static passwords, add a random number; the last one is to use transmission verification The way to code the phone, you need to enter the static password and the received verification code at the same time; these methods are much safer than simply using static passwords, which can solve some problems. However, in the state of being coerced, or when dynamic tokens, digital certificates, and mobile phones are stolen by others, these methods are very pale and easily attacked, directly affecting the user's funds and personal safety. In terms of bank security, ATMs and POS machines of banks now use 6-bit static passwords. It is very insecure to use such passwords, and it is easy to be sneaked or detected by others. At the same time, under the state of being coerced, it is impossible to report an alarm. In addition, in some large enterprises, companies, and institutions, a large number of product design documents, important documents, etc. are generated every day, which is of great value. With the intensification of competition in the industry, the risk of these important data and documents being compromised is increasing. It is necessary to adopt appropriate security and confidential technology to combine the enterprise confidentiality management system to effectively protect enterprise digital intellectual property. The document management system is a software-based technology that manages all product-related information (including electronic documents, digital files, database records, etc.). Its role is to manage the development and utilization of information resources of enterprise products. As an important part of the file management system, the identity of the user is identified. Currently, there are only a few types of identification: username/password, smart card authentication, dynamic token, biometric authentication and USBkey authentication. The username/password is the simplest and most commonly used authentication method. Since the password is static data, it can be easily sneaked into, or intercepted by a Trojan in the computer's memory or a listening device on the network. Therefore, it is a very insecure way of identity authentication. Smart card authentication is a chip with built-in integrated circuit, which stores data related to the user's identity. It is produced by a special manufacturer through special equipment and is non-replicable hardware. But since the data read from the smart card is static every time, Techniques such as memory scanning or network monitoring are still very easy to intercept the user's authentication information, or there are security risks. Dynamic passwords are a combination of time-related, unpredictable random numbers generated every 60 seconds according to a specialized algorithm. Each password can only be used once. The dynamic password technology adopts a one-time and one-secret method to effectively ensure the security of the user identity. However, if the time or number of times the client and the server are not in good synchronization, the problem that a legitimate user cannot log in may occur. In addition, once a dynamic token falls into the hands of others or the user is coerced, it will be spoofed by someone else. Biometric authentication refers to the technique of verifying the identity of a user by using each person's unique biometrics, often with fingerprints, iris recognition, and the like. Although this technology is the most reliable method of identity authentication, due to the maturity of the technology, the biometric authentication technology has great limitations. For example, the user's body is affected by injuries, resulting in failure to identify properly; the cost of the certification system is high. It is also impossible to solve the situation in which the user is falsely recognized in the case of being coerced.
USBkey身份认证方式是近几年发展起来的一种方便、安全的身份认证技术,它采用软硬 件相结合、 一次一密的强双因子认证模式, 现在被广泛的应用到文档管控系统中。 但是, 目 前在使用的 USBkey采用的 PIN码还是静态的, 同样存在着被偷窥的风险, 以上所例举的缺 陷均一一存在。 The USBkey identity authentication method is a convenient and secure identity authentication technology developed in recent years. It adopts a strong two-factor authentication mode combining software and hardware and one time and one secret, and is now widely applied to the document management and control system. However, the PIN code currently used by the USBkey is still static, and there is also a risk of being sneaked. The defects described above are all present.
发明内容 本发明的目的在于克服现有技术中的不足之处, 提供一种安全可靠、 简单易行、 价廉的 方法获得自主的动态口令的方法和装置, 用以有效地保护使用人帐户的安全。 在提出的方法 和装置的改进方案中, 用户可以设置至少一个登录口令, 除了可以设置至少一个正常的登录 口令外, 还可以根据实际需求来设置至少一个报警 (胁迫) 口令。 为实现上述目的, 本发明的一个方面指向了一种基于用户自主产生的动态口令对系统登 录的方法, 其中该系统至少存储有至少一个用户预先设置的登录规则, 该登录规则包括至少 一个被控制元素以及对该至少一个被控制元素进行控制的至少一个控制元素; 其包括以下步 骤: 生成与该被控制元素数量对应的随机信息, 将该随机信息提供给用户, 同时基于该随机 信息利用存储的登录规则生成一登录基准口令; 获取用户输入的动态口令; 对该动态口令以 及该登录基准口令进行匹配, 如两者匹配, 则允许登录, 如两者不匹配则拒绝登录。 优选的是, 其中, 对至少一个用户预先设置的登录规则进行存储包括获取被控制元素的 数量和位置; 获取控制元素的数量和位置; 将该被控制元素和控制元素进行合并形成登录规 则; 以及对该登录规则进行存储。 优选的是, 在对该登录规则进行存储时进行加密, 加密密钥由系统保管、 或由用户控制 产生。 优选的是, 除了获取用户身份信息, 还获取该加密密钥以便利用该用户身份信息以及加 密密钥调用存储的对应该用户的登录规则。 优选的是, 所述将随机信息提供给用户是通过图像、 声音等形式提供给用户。 优选的是, 所述被控制元素是数字、 字母、 字符、 各国的文字、 音乐符号、 色谱、 化学 元素符号、 图片等一切可利用的被数字化的信息; 所述控制元素是排列组合、 数学运算符、 逻辑运算符、 移位操作符。 优选的是, 所述获取控制元素和被控制元素是通过提供控制元素输入及或选择界面以及 被控制元素输入及或选择界面实现的。 进一步的是, 还包括对各用户预先设置的报警规则进行存储, 该报警规则包括至少一个 被控制元素以及对该至少一个被控制元素进行控制的至少一个控制元素, 将该随机信息提供 给用户, 同时基于该随机信息利用存储的报警规则生成一报警基准口令; 对该动态口令以及 该报警基准口令进行匹配, 如两者匹配, 则报警。 本发明的另一方面指向另一种基于用户自主产生的动态口令对系统登录的方法, 其中该 系统存储有多个用户预先设置的登录规则, 该登录规则包括至少一个被控制元素以及对该至 少一个被控制元素进行控制的至少一个控制元素; 其包括以下步骤: 生成与该被控制元素数 量对应的随机信息, 将该随机信息提供给用户; 获取用户身份信息以及用户输入的动态口令; 利用该获取的用户身份信息调用存储的对应该用户的登录规则并基于该随机信息生成一基准 口令; 以及对该动态口令以及该基准口令进行匹配, 如两者匹配, 则允许登录, 如两者不匹 配则拒绝登录。 优选的是, 对各用户预先设置的登录规则进行存储包括获取被控制元素的数量和位置; 获取控制元素的数量和位置; 将该被控制元素和控制元素进行合并形成登录规则; 对该登 录规则进行存储。 优选的是, 在对该登录规则进行存储时进行加密, 加密密钥由系统保管、 或由用户控制 产生。 优选的是, 除了获取用户身份信息, 还获取该加密密钥以便利用该用户身份信息以及加 密密钥调用存储的对应用户的登录规则。 优选的是, 所述将该随机信息提供给用户是通过有线、 无线方式将随机信息以图像及或 声音的形式提供至用户的终端设备上。 本发明的此方面还包括针对该方法的装置。 本发明的第三个方面指向一种基于用户自主产生的动态口令对系统登录的方法, 其中该 系统存储有多个用户预先设置的登录规则, 该登录规则包括至少一个被控制元素以及对该至 少一个被控制元素进行控制的至少一个控制元素; 其包括以下步骤: 获取用户的身份信息; 根据获取的身份信息调用存储的对应该用户的登录规则; 生成与该被控制元素数量对应的随 机信息, 将该随机信息提供给用户; 同时基于该用户的登录规则以及该随机信息生成一登录 基准口令; 以及对该动态口令以及该登录基准口令进行匹配, 如两者匹配, 则允许登录, 如 两者不匹配则拒绝登录。 优选的是, 对各用户预先设置的登录规则进行存储包括获取被控制元素的数量和位置; 获取控制元素的数量和位置; 将该被控制元素和控制元素进行合并形成登录规则; 以及对该 登录规则进行存储。 优选的是, 在对该登录规则进行存储时进行加密, 加密密钥由系统保管、 或由用户控制 产生。 优选的是, 除了获取用户身份信息, 还获取该加密密钥以便利用该用户身份信息以及加 密密钥调用存储的对应用户的登录规则。 优选的是, 所述将该随机信息提供给用户是通过有线、 无线方式将随机信息以图像及或 声音的形式提供至用户的终端设备上。 本发明的第四方面指向一种基于用户自主产生的动态口令对系统登录的方法, 其中该系 统存储有至少一个用户预先设置的登录规则, 该登录规则包括至少一个被控制元素以及对该 至少一个被控制元素进行控制的至少一个控制元素; 其包括以下步骤: 感知用户终端的存在; 获取用户的身份信息; 根据获取的身份信息调用存储的对应该用户的登录规则; 生成与该被 控制元素数量对应的随机信息, 将该随机信息通过近距离无线通信方式提供给用户终端; 同 时基于该用户的登录规则以及该随机信息生成一登录基准口令; 接收用户终端发出的一动态 口令; 以及对该动态口令以及该登录基准口令进行匹配, 如两者匹配, 则允许登录, 如两者 不匹配则拒绝登录。 优选的是, 对各用户预先设置的登录规则进行存储包括获取被控制元素的数量和位置; 获取控制元素的数量和位置; 将该被控制元素和控制元素进行合并形成登录规则; 对该登 录规则进行存储。 优选的是, 在对该登录规则进行存储时进行加密, 加密密钥由系统保管、 或由用户控制 产生。 优选的是, 除了获取用户身份信息, 还获取该加密密钥以便利用该用户身份信息以及加 密密钥调用存储的对应用户的登录规则。 优选的是, 所述将该随机信息提供给用户是通过有线、 无线方式将随机信息以图像及或 声音的形式提供至用户的终端设备上。 本发明的各方面还包括对应所述各方法的装置, 该装置包括: 随机信息生成单元, 用于 生成与该被控制元素数量对应的随机信息, 随机信息传送单元, 用于将该随机信息提供给用 户, 登录基准口令生成单元, 用于基于该随机信息利用存储的登录规则生成一登录基准口令; 获取单元, 至少用于获取用户输入的动态口令; 以及匹配单元, 对该动态口令以及该登录基 准口令进行匹配, 如两者匹配, 则允许登录, 如两者不匹配则拒绝登录。 进一步的, 还包括一规则设置单元用于允许该至少一个用户至少对其登录规则进行设置 并存储, 其包括获取被控制元素的数量和位置的单元; 获取控制元素的数量和位置的单元; 将该被控制元素和控制元素进行合并形成登录规则的单元; 对该登录规则进行存储的单元。 进一步的, 还包括在对该登录规则进行存储时进行加密的加密单元, 加密密钥由系统保 管、 或由用户控制产生。 其中, 该获取单元除了获取用户身份信息, 还获取该加密密钥以便利用该用户身份信息 以及加密密钥调用存储的对应该用户的登录规则。 其中, 所述将随机信息提供给用户是通过图像提供给被登录装置的显示设备、 或通过声 音提供给被登录装置的扩音设备, 从而提供给用户。 其中, 所述被控制元素是数字、 字母、 字符、 各国的文字、 音乐符号、 色谱、 化学元素 符号、 图片等等信息; 所述控制元素是排列组合、 数学运算符、 逻辑运算符、 移位操作符。 其中, 所述获取单元获取控制元素和被控制元素是通过提供控制元素输入及或选择界面 以及被控制元素输入及或选择界面实现的。 进一步的是, 该存储单元还对该至少一个用户预先设置的报警规则进行存储, 该报警规 则包括至少一个被控制元素以及对该至少一个被控制元素进行控制的至少一个控制元素, 还 包括一报警基准口令生成单元, 用于基于该随机信息利用存储的报警规则生成一报警基准口 令; 以及一报警匹配单元, 对该动态口令以及该报警基准口令进行匹配, 如两者匹配, 则报 舊。 在优选的实施例中, 前述用户定义的转换规则及 /或算法中, 也可以包括或关联一些动态 的变化信息, 如时间及或日期等信息。 这样就会使得转换规则和算法会随着时间的变化而变 化。 前述加密步骤, 在该步骤中采用加密算法对记录后的用户定义的转换规则、 或算法、 或者 是规则加算法进行加密, 以避免该定义的转换规则、 或算法、 或者是规则加算法被轻易窃取。 采用本发明中的各方法的采用随机信息产生的的动态口令, 可以弥补静态口令的弊端, 由于是根据动态的随机信息转换、 计算而得到的结果, 因而每次得到的结果是不一样的, 别 人无法通过窥视来得到口令, 即使在传输过程中被他人所截取, 因为其随机特性, 所以也无 法得到正确的口令, 再次被使用是无效的。 用户对规则及 /或算法一旦设置完成后, 需要记住自己所设置的转换规则和算法、 所用的 固定参数和选取的位置。 以后在应用过程中也可以随时进行修改设置。 相比较现在的动态令牌而言, 采用本发明中的方法的动态口令, 没有专门的动态令牌这 一硬件, 无硬件成本, 所有运算都是在用户终端设备及 /或远程服务器上完成, 也不存在动态 令牌被盗和冒用的问题。 用户唯一需要记忆的是事先设置的算法及规则, 而这个算法及规则 完全是由用户自己定义、 并保存在用户头脑中, 是无法被他人所盗取的。 对于目前一些假冒银行网站用来套取用户银行帐号和密码的行为, 采用本发明的方法, 则使得这些人无从得手, 永远也无法得到用户的密码, 可以切实有效的保护用户资金的安全。 附图说明 图 1 为本发明的原理图。 图 2a 为本发明的第一种实施例的逻辑原理图。 图 2b为本发明的第一种实施例的口令规则函数设置的方案的逻辑原理图。 图 2c 为该实施例对应的装置的逻辑框图。 图 2d为本实施例中规则设置流程详细流程图。 图 2e为本实施例中登录流程详细流程图。 图 2f为本实施例中规则修改流程详细流程图。 图 3a 为本发明的第二种实施例的逻辑原理图。 图 3b 为本发明的第二种实施例的口令规则函数设置的方案的逻辑原理图。 图 3c 为该实施例对应的装置的逻辑框图。 图 3d为本实施例中规则设置流程详细流程图。 图 3e为本实施例中登录流程详细流程图。 图 3f为本实施例中规则修改流程详细流程图。 图 4a 为本发明的第三种实施例的逻辑原理图。 图 4b 为本发明的第三种实施例的口令规则函数设置的方案的逻辑原理图。 图 4c 为该实施例对应的装置的逻辑框图。 图 4d为本实施例中规则设置流程详细流程图。 图 4e为本实施例中登录流程详细流程图。 图 4fl、 4f2 为本实施例中规则修改流程详细流程图。 图 5a 为本发明的第四种实施例的逻辑原理图。 图 5b 为本发明的第四种实施例的口令规则函数设置的方案的逻辑原理图。 图 5c 为该实施例对应的装置的逻辑框图。 图 6a 为本发明的第五种实施例的逻辑原理图。 图 6b 为本发明的第五种实施例的口令规则函数设置的方案的逻辑原理图。 图 6c 为该实施例对五的装置的逻辑框图。 SUMMARY OF THE INVENTION The object of the present invention is to overcome the deficiencies in the prior art, and to provide a method and apparatus for obtaining autonomous dynamic password in a safe, reliable, simple, and inexpensive manner for effectively protecting a user account. Safety. In a modification of the proposed method and apparatus, the user can set at least one login password. In addition to setting at least one normal login password, at least one alarm (duress) password can be set according to actual needs. To achieve the above object, an aspect of the present invention is directed to a method for dynamically logging a system based on a user-generated dynamic password, wherein the system stores at least one login rule preset by the user, the login rule including at least one controlled An element and at least one control element controlling the at least one controlled element; the method comprising: generating random information corresponding to the number of controlled elements, providing the random information to a user, and utilizing the stored information based on the random information The login rule generates a login reference password; obtains a dynamic password input by the user; matches the dynamic password and the login reference password, and if the two match, allows login, and if the two do not match, the login is refused. Preferably, storing the login rules preset by the at least one user includes acquiring the number and location of the controlled elements; acquiring the number and location of the control elements; and combining the controlled elements and the control elements to form a login rule; The login rule is stored. Preferably, the encryption is performed when the registration rule is stored, and the encryption key is stored by the system or controlled by the user. Preferably, in addition to acquiring the user identity information, the encryption key is also acquired to invoke the stored login rule corresponding to the user by using the user identity information and the encryption key. Preferably, the providing the random information to the user is provided to the user in the form of an image, a sound, or the like. Preferably, the controlled elements are digitized information of numbers, letters, characters, national characters, musical symbols, chromatograms, chemical element symbols, pictures, etc.; the control elements are permutations and combinations, mathematical operations Symbol, logical operator, shift operator. Preferably, the acquisition control element and the controlled element are implemented by providing a control element input and/or selection interface and a control element input and/or selection interface. Further, the method further includes storing, by the user, a preset alarm rule, where the alarm rule includes at least one controlled element and at least one control element that controls the at least one controlled element, and provides the random information to the user. At the same time, based on the random information, an alarm reference password is generated by using the stored alarm rule; the dynamic password and the alarm reference password are matched, and if the two match, the alarm is generated. Another aspect of the present invention is directed to another method for dynamically logging a system based on a user-generated dynamic password, wherein the system stores a plurality of user-set login rules, the login rule including at least one controlled element and the at least An at least one control element controlled by the control element; the method comprising the steps of: generating random information corresponding to the number of controlled elements, providing the random information to the user; acquiring user identity information and a dynamic password input by the user; The acquired user identity information invokes the stored login rule corresponding to the user and generates a reference password based on the random information; and matches the dynamic password and the reference password, if the two match, the login is allowed, if the two do not match Then refuse to log in. Preferably, storing the login rules preset by each user includes acquiring the quantity and location of the controlled elements; Obtaining the number and location of the control elements; combining the controlled element and the control element to form a login rule; storing the login rule. Preferably, the encryption is performed when the registration rule is stored, and the encryption key is stored by the system or controlled by the user. Preferably, in addition to acquiring the user identity information, the encryption key is also acquired to invoke the stored login rule of the corresponding user by using the user identity information and the encryption key. Preferably, the providing the random information to the user is to provide the random information to the user's terminal device in the form of an image and or a sound by wire or wirelessly. This aspect of the invention also includes apparatus for the method. A third aspect of the present invention is directed to a method for dynamically logging a system based on a user-generated dynamic password, wherein the system stores a plurality of user-set login rules, the login rule including at least one controlled element and the at least An at least one control element controlled by the control element; the method comprising the steps of: acquiring the identity information of the user; calling the stored login rule corresponding to the user according to the acquired identity information; generating random information corresponding to the number of the controlled element, Providing the random information to the user; simultaneously generating a login reference password based on the login rule of the user and the random information; and matching the dynamic password and the login reference password, if the two match, allowing login, such as If it does not match, the login is refused. Preferably, storing the login rules preset by each user includes acquiring the number and location of the controlled elements; acquiring the number and location of the control elements; combining the controlled elements and the control elements to form a login rule; and registering the login Rules are stored. Preferably, the encryption is performed when the registration rule is stored, and the encryption key is stored by the system or controlled by the user. Preferably, in addition to acquiring the user identity information, the encryption key is also acquired to invoke the stored login rule of the corresponding user by using the user identity information and the encryption key. Preferably, the providing the random information to the user is to provide the random information to the user's terminal device in the form of an image and or a sound by wire or wirelessly. A fourth aspect of the present invention is directed to a method for logging in to a system based on a user-generated dynamic password, wherein the system stores at least one login rule preset by a user, the login rule including at least one controlled element and the at least one At least one control element controlled by the control element; the method comprising the steps of: sensing the presence of the user terminal; acquiring the identity information of the user; calling the stored login rule corresponding to the user according to the acquired identity information; generating the number of the controlled element Corresponding random information, the random information is provided to the user terminal by short-range wireless communication; and a login reference password is generated based on the login rule of the user and the random information; receiving a dynamic password sent by the user terminal; and the dynamic The password and the login reference password are matched. If the two match, the login is allowed. If the two do not match, the login is refused. Preferably, storing the login rules preset by each user includes acquiring the number and location of the controlled elements; acquiring the number and location of the control elements; and combining the controlled elements and the control elements to form a login rule; Store. Preferably, the encryption is performed when the registration rule is stored, and the encryption key is stored by the system or controlled by the user. Preferably, in addition to acquiring the user identity information, the encryption key is also acquired to invoke the stored login rule of the corresponding user by using the user identity information and the encryption key. Preferably, the providing the random information to the user is to provide the random information to the user's terminal device in the form of an image and or a sound by wire or wirelessly. Aspects of the present invention further include apparatus corresponding to the methods, the apparatus comprising: a random information generating unit, configured to generate random information corresponding to the number of controlled elements, and a random information transmitting unit, configured to provide the random information a user, a login reference password generating unit, configured to generate a login reference password by using the stored login rule based on the random information; an obtaining unit, configured to acquire at least a dynamic password input by the user; and a matching unit, the dynamic password, and the login The base password is matched. If the two match, the login is allowed. If the two do not match, the login is denied. Further, a rule setting unit is further configured to allow the at least one user to set and store at least the login rule thereof, including a unit for acquiring the number and location of the controlled elements; and acquiring a unit of the number and location of the control elements; The unit that is controlled by the control element and the control element to form a login rule; a unit that stores the login rule. Further, the method further includes an encryption unit that encrypts when the login rule is stored, and the encryption key is protected by the system. Tube, or generated by user control. The obtaining unit acquires the encryption key in addition to acquiring the user identity information, so as to invoke the stored login rule corresponding to the user by using the user identity information and the encryption key. The providing the random information to the user is provided to the user through the image provided to the display device of the device being logged in, or provided to the device being logged in by sound. Wherein, the controlled elements are numbers, letters, characters, national characters, musical symbols, chromatograms, chemical element symbols, pictures, and the like; the control elements are permutation combinations, mathematical operators, logical operators, shifts Operator. The acquiring unit acquiring the control element and the controlled element is implemented by providing a control element input and/or selection interface and a controlled element input and/or selection interface. Further, the storage unit further stores an alarm rule preset by the at least one user, the alarm rule includes at least one controlled element and at least one control element that controls the at least one controlled element, and further includes an alarm The reference password generating unit is configured to generate an alarm reference password by using the stored alarm rule based on the random information; and an alarm matching unit, matching the dynamic password and the alarm reference password, and if the two match, report the old password. In a preferred embodiment, the user-defined conversion rules and/or algorithms may also include or associate some dynamic change information, such as time and date. This will cause the conversion rules and algorithms to change over time. In the foregoing encryption step, the encrypted user-defined conversion rule, or algorithm, or the rule addition algorithm is encrypted in the step to avoid the definition of the conversion rule, or the algorithm, or the rule addition algorithm is easily steal. The dynamic password generated by using random information by using the methods in the present invention can make up for the drawbacks of the static password. Since the result is obtained by dynamic random information conversion and calculation, the result obtained each time is different. Others cannot get a password by peeping, even if they are intercepted by others during the transmission process, because they have random characteristics, they cannot get the correct password, and it is invalid to be used again. Once the user has set the rules and/or algorithms, they need to remember the conversion rules and algorithms they set, the fixed parameters used, and the location selected. The settings can be modified at any time during the application process. Compared with the current dynamic token, the dynamic password using the method of the present invention has no special dynamic token hardware, no hardware cost, and all operations are performed on the user terminal device and/or the remote server. There are also no problems with the theft and fraudulent use of dynamic tokens. The only thing the user needs to remember is the algorithms and rules set in advance. The algorithm and rules are completely defined by the user and saved in the mind of the user. They cannot be stolen by others. For the behavior of some fake banking websites used to take the user's bank account number and password, the method of the present invention makes these people unable to obtain the password of the user, and can effectively protect the security of the user funds. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic diagram of the present invention. Figure 2a is a logic schematic diagram of a first embodiment of the present invention. 2b is a logic schematic diagram of a scheme for setting a password rule function according to the first embodiment of the present invention. Figure 2c is a logic block diagram of the device corresponding to this embodiment. FIG. 2d is a detailed flowchart of the rule setting process in the embodiment. 2e is a detailed flowchart of the login process in the embodiment. FIG. 2f is a detailed flowchart of the rule modification process in the embodiment. Figure 3a is a logical schematic diagram of a second embodiment of the present invention. FIG. 3b is a logical schematic diagram of a scheme of setting a password rule function according to a second embodiment of the present invention. Figure 3c is a logic block diagram of the device corresponding to this embodiment. FIG. 3d is a detailed flowchart of the rule setting process in the embodiment. FIG. 3e is a detailed flowchart of the login process in the embodiment. FIG. 3f is a detailed flowchart of the rule modification process in the embodiment. Figure 4a is a logic schematic diagram of a third embodiment of the present invention. Program logic diagram of a third embodiment password rules embodiment of the present invention, FIG. 4 b is set by the function. Figure 4c is a logic block diagram of the device corresponding to this embodiment. FIG. 4d is a detailed flowchart of the rule setting process in the embodiment. 4e is a detailed flowchart of the login process in the embodiment. 4fl, 4f2 are detailed flowcharts of the rule modification process in the embodiment. Figure 5a is a logic schematic diagram of a fourth embodiment of the present invention. FIG. 5b is a logic schematic diagram of a scheme of setting a password rule function according to a fourth embodiment of the present invention. Figure 5c is a logic block diagram of the device corresponding to this embodiment. Figure 6a is a logic schematic diagram of a fifth embodiment of the present invention. Figure 6b is a logical schematic diagram of a scheme for setting a password rule function according to a fifth embodiment of the present invention. Figure 6c is a logic block diagram of the apparatus of the fifth embodiment of the embodiment.
具体实施方式 下面将结合附图对本发明的各种具体实施方式进行说明, 应当理解的是, 下面的描述仅 意在解释而并非意在限制本发明的可能的应用范围, 因此, 任何实施方案以及应用都不能理 解为对本发明的保护范围的限制。 在本发明的可选的实施例中, 提供了多种对各种系统的进行登录的方法以及与该方法对 应的装置, 该方法以及其对应的装置可以应用于用户需要登录的诸如本地用户终端, 例如手 机, 便携电脑, 以及网络服务器, 网络聊天工具等系统中。 在常用的设置中, 首先, 通过该登录方法, 用户在需要登录的系统中, 例如是自己的终 端设备, 如用户的手机、 电脑等, 也可以公共的服务器, 服务器可以是远程的也可以是本地 的, 事先保存一个登录规则, 该登录规则例如可以是转换规则、 或者是计算公式, 或者是规 则及计算公式的组合, 该登录规则至少包括至少一个诸如数值、 字母、 字符、 各国文字、 当 前时间等被控制元素; 还包括对该至少一个被控制元素的至少部分进行控制的控制元素, 该 控制元素可以是诸如加、 减、 乘、 除、 平方、 开方等运算符、 也可以是与、 或、 等逻辑运算 符、 或者是左移、 右移某个位数操作的等操作符。 当登录规则定义完成后, 该定义规则由被 登录装置存储, 在可选的实施例中, 该登录规则被加密保存。 当用户需要对系统进行登录时,可控制被登录装置产生与前述被控制元素数量相对应的, 例如数量相同的随机产生的信息, 这些随机产生的信息例如可以是: 数字、 字母、 字符; 各 国的文字 (如中文、 日文等); 音乐; 色谱; 化学元素; 图片等等信息。 例如可以是一随机数 发生器产生的一组随机数。 并且通过诸如被登录装置的本地显示设备及或服务器连接的终端 的屏幕显示及或扩音设备等以图像、 声音等方式提供给用户; 该被登录装置需要调用事先保 存的针对该用户的转换规则、 为该一定数量的随机信息产生一登录基准口令; 在用户方面, 根据该随机产生并提供的一定数量的信息, 用户可根据头脑中记忆的转换规则, 得到一口令, 并通过诸如终端设备或与服务器连接的终端提供的输入设备输入该被登录的终端设备或服务 器内, 该被登录的终端设备或服务器在接收到该动态口令后对该动态口令与该基准口令进行 匹配, 如匹配成功, 则允许用户登录该终端设备或服务器, 如匹配不成功, 则拒绝用户的登 录。 前述需要保存的用户定义的登录规则优选是通过本实施例中的方法提供的一规则产生步 骤得到的, 在该步骤中, 首先为用户提供一规则输入界面, 该规则输入界面包括前述至少一 个被控制元素的输入区域用于获取被控制元素的数量和位置, 还可以包括对该至少一个被控 制元素进行计算、逻辑判断、移位等操作的控制元素的区域用于获取控制元素的数量和位置; 用户对被控制元素的输入区域及或控制元素输入区域填写完毕后, 将两者进行合并即生成用 户定义的组合, 即该登录规则; 随即对该用户定义的登录规则进行保存, 保存时可添加或关 联对应该用户的身份识别标识; 如有必要, 可对该保存的用户定义的转换规则、 或者是计算 公式, 或者是规则及计算公式的组合进行加密保存, 加密密钥由用户设置的静态口令控制生 成。 在前述方法的示例中, 如匹配失败, 而导致拒绝用户登录后, 可以选择随机提供新的被 控制元素, 或再允许用户在给定时间内重新输入本次被控制元素对应的口令。 在优选的实施例中, 动态口令的获取步骤可以包括为用户提供一口令输入界面, 该口令 输入界面可以包括显示随机被控制元素的区域用于为用户显示该一定数量的随机信息, 还可 以包括口令的输入区域用于获取用户的动态口令, 输入的口令的显示可以采用明文也可以采 用密文。 在一些应用中, 例如对公用而非私用设备或服务器的登录过程中, 还可以提供包括 用户身份标识的, 例如用户 ID的, 输入区域以对用户身份或称用户 ID进行采集; 采集用户 的身份标识的目的是可随后根据该标识调用存储的针对该用户的用户定义的登录规则。 在优选的是实施例中, 还可以定义并存储另一种用户定义的转换规则、或者是计算公式, 或者是规则及计算公式的组合, 用于实现除登录以外的其他功能,。例如, 该另一种用户定义 的转换规则、 或者是计算公式, 或者是规则及计算公式的组合可以对应报警功能, 即当动态 口令的获得步骤获得的动态口令满足该另一种用户定义的转换规则、 或者是计算公式, 或者 是规则及计算公式的组合时, 即报警规则时, 则跳转至一报警步骤, 并向适当的报警接收装 置发送告警信号。 这在针对货币存取终端或网银服务器时尤其有用, 即可在被胁迫时悄无声 息的完成报警。 本发明申请提供了一个平台, 由用户在一定范围内自行设计得到唯有用户自己知晓的口 令算法。 根据本发明的具体应用场合, 可以设计正常登录口令和报警 (胁迫) 登录口令。 用户在 初始设置的时候, 除了可以设置正常的登录口令转换规则及算法, 也可以同时设置报警 (胁 迫) 登录口令的转换规则及算法, 并保存。 当用户输入动态口令时, 终端设备会根据用户预 先设置的转换规则、 或者算法计算出一基准口令, 并与用户输入的口令进行比对, 从而判断 用户是正常登录、 还是报警 (胁迫) 登录。 但应注意的是, 用户在设置正常登录口令规则和 函数与报警 (胁迫) 登录口令规则和函数时应避免两者产生相同的值 在本发明申请中: 用户定义的转换规则、 或者是计算公式, 或者是规则及计算公式的组合, 简称登录规则, 可以指将随机信息按一定的规则转换成数字、 字母或文字等。 例如, 显示的是中文文字, 可 以将中文文字转换成笔画数、 或四角号码; 将一段音乐转换成乐谱等。 登录规则还可以指的是将一组字符按约定的规则转换成另一组规则。 例如, 将一组字母 加 5转换成另一组字母, 如 a转换成 f, b转换成 g, y转换成 d等等; 或者将一组字符按约 定重新排列, 如 abed转换成 bade等等。 据此, 登录规则中涉及的随机被控制元素指系统可随机产生的信息, 例如可以是: 数字、 字母、 字符; 各国的文字 (如中文、 日文等); 音乐; 色谱; 化学元素; 图片等等信息。 而登录规则中的静态控制元素, 例如可以是, 数学运算符、 逻辑运算符、 移位操作符等。 用户的对随机信息的接收方式例如可以通过视觉、 听觉接收来自被登录装置传出的随机 图像、 音频等信息。 被登录装置中的终端设备包括但不限于台式电脑、 笔记本电脑、 手机、 平板电脑、 门禁 设备、 货币存取终端等。 被登录装置中的服务器可以指本地或远程网银登录服务器、 即时通信登录服务器、 软件 登录服务器等。 手机的开机登录、 电脑的开机登录等应用 以电脑开机为例: 参照图 2a至 2c在依照本发明的一种实施例的方法中, 用户可以在首次登录时设置一种 登录规则以便日后使用, 这可通过登录装置的一规则设置单元 101完成; 如图 2b所示, 该规 则设置单元 101包括为用户提供一显示区域 S211 , 并在该显示区上区分被控制元素设置区域 和静态控制元素设置区域; 当接收到用户通过输入或选择等方式完成对被控制元素的设置以 及静态控制元素的设置 S212并确认后 S213, 则该单元认为登录规则设置完成, 则该单元会 将设置完成的登录规则连同用户的 ID标识在一存储单元中进行存储供日后调用 S214, 存储 可采用加密的方式。 由于电脑一般为多用户系统, 因此需要将登录规则与用户的 ID标识关联 存储,在针对诸如手机等单用户终端系统的实施例中的登录装置可以省略该与用户 ID进行关 联的步骤, 直接对登录规则进行存储。 此后的每次用户开机时,登录装置会运行到用户登录界面,通过一用户身份获取单元 105 接收用户输入的身份信息, 例如一 ID, 并针对该 ID由被控制元素生成单元 103生成例如 6 位随机数组作为被控制元素 S203, 并将该 6位随机数通过发送单元 104发送显示在电脑显示 设备上 S204: g § g § @ @ , 其中, a、 b、 c、 d、 e、 f分别代表六个不同的数字或字 母, 例如可以是 134356。 同时, 登录装置通过其中的基准口令生成单元 106从存储单元 102 中调取事先保存的针对该用户 ID标识的登录规则 S206,并按照该获取的规则生成对应该组 6 位随机数的一基准口令。 该生成的基准口令继而被发送至一登录装置中的匹配单元 107进行 后续的匹配。 另一方面, 用户从电脑显示设备观察到这些随机数后, 即可根据头脑中记忆的登录规则, 选取上述数字或字母重新排列或计算后,得到一口令并作为动态口令登录装置的采集单元 105 提供的登录界面的相应位置。 如, 用户仅仅采用逆向排列的方式作为口令 ggg g, 即 653431。 登录装置接收到该动态口令后 S205, 将其发送至匹配单元 107, 与基准口令进行匹 配 S207, 如符合则认为匹配成功, 并允许登录装置, 登录装置停止运行。 如不匹配则认为匹 配不成功, 则可选择由随机信息生成单元生成一组新的随机信息, 给予用户针对当前的随机 信息组再次输入动态口令的机会。 本实施例中, 可设置为用户身份获取单元与用户动态口令获取单元同时获取信息, 从而 基准口令生成单元可以继而生成针对某客户的基准口令。 或者, 可设置为用户身份获取单元 可在用户动态口令获取单元之前获取用户 ID并在获得该 ID后, 即用户动态口令获取单元等 待用户输入其动态口令的过程中生成基准口令。 因为每次登录时, 产生的随机数或字母都是在变化的, 故组成的口令也是一直在变化的。 这使得上述登录装置能够避免静态密码等登录手段常会碰到的密码遭到窃取, 或被偷窥等问 题, 也同时避免了携带 USBKEY等设备的麻烦。 采用上述规则变化属于比较简单的应用, 如果是 6个随机数或字母, 组合成 6位的口令, 其变化有 720种。 如果随机数或字母, 以及输入的口令都能被窥视、 或截取到, 则可以很方 便的推导出其组合规律。 所以, 采用这种变化规则作为口令, 一般用在手机的开机口令, 或 者用于在家庭使用的个人电脑上。 为了避免入侵者的恶意攻击、 不断试口令, 可以采用连续输入一定次数的错误口令即关 闭当天的登录, 或者需要等待数小时方可登录。 图 2d示出了登录规则的具体设置的流程, 其中, 规则设置流程一般由用户选择口令设置 而触发。 登录方法首先进入规则函数编辑器, 进入规则函数编辑器: 显示六位随机数对应字 母、 编辑规则函数。 显示验证界面, 含: 显示六位随机数、 动态口令输入窗口, 接收用户输 入的:动态口令(DPW),根据新设置的规则函数、随机数,计算出口令值 DPW', 比较 DPW 和 DPW'是否一致, 如一致, 则加密保存规则函数。 如不一致, 则返回进入规则函数编辑器: 显示六位随机数对应字母、 已编辑的规则函数。 用户需要对手机等设备进行登录, 登录程序可在手机开机时自动运行或者由用户的选择 触发。 登录进程启动后, 装置调用随机数发生器, 产生六位随机数; 显示登录界面, 含: 显 示六位随机数、 动态口令输入窗口; 接收用户输入的: 动态口令 DPW; 找到存放的规则函数 并解码, 根据随机数计算出动态口令值 DPW' ; 比较 DPW和 DPW'是否一致, 如一致则允 许登录, 如不一致, 则可选择判断当天累计错误超过 5次, 如超过 5次, 则结束当天登录操 作, 如未超过 5次, 则调用随机数发生器, 重新产生六位随机数。 可选的是, 比较 DPW和 DPW'是否一致, 如不一致, 则直接重新调用随机数发生器, 产生六位随机数图 2e示出了以 上具体的登录流程。 已经设置好的规则可能需要修改,规则修改具体流程可以为,如图 2f所示:用户选择【修 改口令】, 调用随机数发生器, 产生六位随机数, 验证原口令, 含: 显示六位随机数、 动态口 令输入窗口, 接收用户输入: 动态口令 DPW (原先的), 找到存放的规则函数并解码, 根据 随机数计算出动态口令值 DPW', 比较 DPW和 DPW'是否一致, 如一致则进入规则函数编 辑器: 显示六位随机数对应字母、 编辑规则函数, 如不一致则判断当天累计错误超过 5次? 并根据判断结果确定无法修改密码, 并退出登录, 或者调用随机数发生器, 产生六位随机数。 进入规则函数编辑器: 显示六位随机数对应字母、 编辑规则函数。 完成后, 显示验证界面, 含: 显示六位随机数、 动态口令输入窗口, 显示验证界面, 含: 显示六个个位随机数、 口令 输入窗口, 接收用户输入: 动态口令 NDPW (新的), 根据新设置的规则函数、 随机数, 计 算出动态口令值 NDPW', 比较 NDPW和 NDPW'是否一致? 如一致则加密保存规则函数, 随后完成口令的修改, 如不一致, 则查看新的规则函数, 可修改, 并确认, 确认后, 重新显 示验证界面, 含: 显示六位随机数、 动态口令输入窗口。 实施例 2, 网络聊天工具的登录装置应用 参照图 3a至 3c, 在依照本发明的另一种实施例的方法中, 与前一实施例类似, 用户可 以在首次应用系统时设置一种登录规则以便日后使用, 这可通过登录装置的一规则设置单元 101完成; 如图 3b所示, 该规则设置单元 101的运行流程包括为用户在用户的终端上提供一 显示区域, 并在该显示区域上区分被控制元素设置区域和静态控制元素设置区域 S311 ; 当采 集到用户通过输入或选择等方式完成对被控制元素的设置以及静态控制元素的设置 S312并 确认后 S313, 则该单元认为登录规则设置完成, 则该单元会将设置完成的登录规则连同用户 的 ID标识在一存储单元中进行存储供日后调用 S302, 存储可采用加密的方式。 由于网络聊 天工具一般为多用户系统, 因此需要将登录规则与用户的 ID标识关联存储。 此后的每次用户登录网络聊天工具时, 如图 3a所示, 登录装置会运行到用户登录界面, 通过一用户身份获取单元 105接收用户输入的身份信息, 例如一用户 ID, 并针对该 ID由被 控制元素生成单元 103生成例如 6位随机数组作为被控制元素 S303, 并将该 6位随机数通过 发送单元 104经由网络传输到用户终端的显示设备上 S304: g § g g @ @ , 其中, a、 b、 c、 d、 e、 f分别代表六个不同的数字或字母, 例如可以是 134356。 同时, 登录装置通过 其中的基准口令生成单元 106从存储单元 102中调取事先保存的针对该用户 ID标识的登录规 则 S306, 并按照该获取的规则生成对应该组 6位随机数的一基准指令。 该生成的基准指令继 而被发送至一登录装置中的匹配单元 107进行后续的匹配。 另一方面, 用户从其终端 20的显示设备观察到这些随机数后, 即可根据头脑中记忆的登 录规则, 选取上述数字或字母重新排列或计算后, 得到一口令并作为动态口令登录装置提供 的登录界面的相应位置。例如,用户仅仅采用逆向排列的方式作为口令 ggg g,即 653431。 登录装置的采集单元 105获取到该动态口令后 S306, 将其发送至匹配单元 107, 与基准口令 进行匹配 S307, 如符合则认为匹配成功, 并允许登录装置 S316, 登录装置停止运行。 如不匹 配则认为匹配不成功, 则可选择由随机信息生成单元生成一组新的随机信息, 或给予用户针 对当前的随机信息组再次输入动态口令的机会。 因为每次登录时, 产生的随机数或字母都是在变化的, 故组成的口令也是一直在变化的。 这使得上述登录装置能够避免静态密码等登录手段常会碰到的密码遭到窃取, 或被偷窥等问 题, 也同时避免了携带 USBKEY等设备的麻烦。 本实施例中, 可设置为用户身份获取单元与用户动态口令获取单元同时获取信息, 从而 基准口令生成单元可以继而生成针对某客户的基准口令。 或者, 可设置为用户身份获取单元 可在用户动态口令获取单元之前获取用户 ID并在获得该 ID后, 即用户动态口令获取单元等 待用户输入其动态口令的过程中生成基准口令。 本实施例中的登录装置或登录方法, 可以作为网络聊天工具的一部分集成在现有的网络 天工具中。 对于一般的网络聊天工具, 其特点在于必需通过网络与外接进行连接, 故很容易受到木 马程序的攻击, 黑客可以监控到用户输入的口令, 从而盗取用户的登录口令。 所以, 对于这 类口令, 运用的转换变化需要相对复杂一些, 除了重新排列位置之外, 还需要增加一些简单 的加减运算。 具体使用如下: 当用户准备进入聊天软件时, 在登录界面中, 首先显示的是 6个随机数或字母: § g The detailed description of the various embodiments of the present invention is intended to be in the The application is not to be construed as limiting the scope of the invention. In an optional embodiment of the present invention, various methods for logging in various systems and devices corresponding to the method are provided, and the method and corresponding device thereof can be applied to a user terminal such as a local user terminal that needs to be logged in. Such as mobile phones, laptops, and web servers, web chat tools and other systems. In the commonly used settings, first, through the login method, the user may need to log in, for example, his own terminal device, such as a user's mobile phone, a computer, etc., or a public server. The server may be remote or Locally, a login rule is saved in advance. The login rule may be, for example, a conversion rule, or a calculation formula, or a combination of rules and calculation formulas, and the login rule includes at least one such as a numerical value, a letter, a character, a national text, and a current a controlled element such as time; further comprising a control element that controls at least a portion of the at least one controlled element, the control element being an operator such as addition, subtraction, multiplication, division, square, square root, etc., or , or , or other logical operators, or operators such as left shift, right shift a certain number of operations. When the login rule definition is completed, the definition rule is stored by the logged device, and in an optional embodiment, the login rule is encrypted and saved. When the user needs to log in to the system, the logged-in device may be controlled to generate, for example, a random number of randomly generated information corresponding to the number of the aforementioned controlled elements, such as: numbers, letters, characters; Text (such as Chinese, Japanese, etc.); music; chromatography; chemical elements; For example, it may be a set of random numbers generated by a random number generator. And providing the user with an image, a sound, or the like through a screen display such as a local display device of the logged-in device and a terminal connected to the server, or a sound amplifying device, etc.; the logged-in device needs to call a previously-converted conversion rule for the user Generating a login reference password for the certain amount of random information; on the user side, according to the random amount of information generated and provided by the user, the user can obtain a password according to the conversion rule memorized in the mind, and through, for example, a terminal device or The input device provided by the terminal connected to the server is input into the registered terminal device or the server, and the registered terminal device or server matches the dynamic password with the reference password after receiving the dynamic password, and if the matching is successful, The user is allowed to log in to the terminal device or the server. If the matching is unsuccessful, the user's login is denied. The user-defined login rule that needs to be saved is preferably obtained by a rule generation step provided by the method in this embodiment. In this step, the user is first provided with a rule input interface, where the rule input interface includes the at least one of the foregoing The input area of the control element is used to acquire the number and position of the controlled elements, and may also include an area of the control element for performing operations such as calculation, logical judgment, shifting, etc. on the at least one controlled element for acquiring the number and position of the control elements. After the user fills in the input area of the controlled element and or the control element input area, the two are combined to generate a user-defined combination, that is, the login rule; then the user-defined login rule is saved, and the storage rule can be saved. Add or associate the identification ID of the corresponding user; if necessary, encrypt the saved user-defined conversion rule, or calculation formula, or a combination of rules and calculation formulas, and the encryption key is set by the user. Static password control generation. In the example of the foregoing method, if the matching fails, and the user is denied the login, the user may choose to randomly provide a new one. Control element, or allow the user to re-enter the password corresponding to this controlled element within a given time. In a preferred embodiment, the step of acquiring the dynamic password may include providing the user with a password input interface, and the password input interface may include displaying an area of the random controlled element for displaying the certain amount of random information for the user, and may further include The input area of the password is used to obtain the dynamic password of the user. The input password can be displayed in plain text or cipher text. In some applications, for example, during the login process of a public rather than a private device or a server, an identifier including a user ID, such as a user ID, may be provided to collect the user identity or user ID; The purpose of the identity is to subsequently invoke the stored user-defined login rules for the user based on the identity. In a preferred embodiment, another user-defined conversion rule, or a calculation formula, or a combination of rules and calculation formulas may be defined and stored for implementing functions other than login. For example, the other user-defined conversion rule, or a calculation formula, or a combination of rules and calculation formulas may correspond to an alarm function, that is, when the dynamic password obtained by the dynamic password acquisition step satisfies the other user-defined conversion. The rule, or the calculation formula, or the combination of the rule and the calculation formula, that is, the alarm rule, jumps to an alarm step and sends an alarm signal to the appropriate alarm receiving device. This is especially useful when targeting money access terminals or online banking servers, so that you can silently complete an alarm when you are coerced. The application of the present invention provides a platform for the user to design a password algorithm unique to the user himself within a certain range. In accordance with a particular application of the invention, a normal login password and an alert (duress) login password can be designed. In the initial setting, in addition to the normal login password conversion rules and algorithms, the user can also set the conversion rules and algorithms for the alarm (duress) login password and save them. When the user inputs a dynamic password, the terminal device calculates a reference password according to a conversion rule or algorithm preset by the user, and compares it with the password input by the user, thereby determining whether the user is a normal login or an alarm (coercion) login. However, it should be noted that the user should avoid generating the same value when setting the normal login password rules and functions and alarm (duress) login password rules and functions. In the present application: user-defined conversion rules, or calculation formulas , or a combination of rules and calculation formulas, referred to as login rules, may refer to converting random information into numbers, letters or words according to certain rules. For example, Chinese characters are displayed, which can convert Chinese characters into stroke numbers or four-corner numbers; convert a piece of music into a score. Login rules can also refer to converting a set of characters into another set of rules according to agreed rules. For example, convert a set of letters plus 5 into another set of letters, such as a converted to f, b converted to g, y converted to d, etc.; or a set of characters rearranged by convention, such as abed converted to bade, etc. . Accordingly, the random controlled elements involved in the login rule refer to information that the system can randomly generate, such as: numbers, letters, characters; texts of various countries (such as Chinese, Japanese, etc.); music; chromatography; chemical elements; And other information. The static control elements in the login rule can be, for example, mathematical operators, logical operators, shift operators, and so on. The manner in which the user receives the random information can, for example, visually and audibly receive information such as random images, audio, and the like transmitted from the registered device. The terminal devices in the registered device include, but are not limited to, desktop computers, notebook computers, mobile phones, tablet computers, access control devices, currency access terminals, and the like. The server in the logged-in device may refer to a local or remote online banking login server, an instant messaging login server, a software login server, and the like. The application of booting the mobile phone, booting the computer, etc., taking the computer as an example: Referring to Figures 2a to 2c, in a method according to an embodiment of the present invention, the user can set a login rule for later use when logging in for the first time. This can be done by a rule setting unit 101 of the login device; as shown in FIG. 2b, the rule setting unit 101 includes providing the user with a display area S211, and distinguishing between the controlled element setting area and the static control element setting on the display area. When the user completes the setting of the controlled element and the setting of the static control element S212 and confirms S213 by inputting or selecting, the unit considers that the login rule is set, and the unit will set the login rule. The storage along with the ID of the user is stored in a storage unit for later calling S214, and the storage may be encrypted. Since the computer is generally a multi-user system, it is necessary to store the login rule in association with the ID of the user. In the embodiment for a single-user terminal system such as a mobile phone, the login device may omit the step of associating with the user ID, directly Login rules are stored. Each time the user turns on, the login device runs to the user login interface, and receives a user-entered identity information, such as an ID, by a user identity obtaining unit 105, and generates, for example, 6 by the controlled element generating unit 103 for the ID. The bit random array is taken as the controlled element S203, and the 6-bit random number is sent and transmitted on the computer display device through the transmitting unit 104. S204: g § g § @ @ , where a, b, c, d, e, f respectively Represents six different numbers or letters, for example 134356. At the same time, the login device retrieves the previously saved login rule S206 for the user ID from the storage unit 102 through the reference password generation unit 106, and generates a reference password corresponding to the group 6-bit random number according to the acquired rule. . The generated reference password is then sent to the matching unit 107 in a login device for subsequent matching. On the other hand, after the user observes the random number from the computer display device, the user can select a password and re-arrange or calculate the above-mentioned number or letter according to the registration rule stored in the mind, and obtain a password as the acquisition unit 105 of the dynamic password registration device. The corresponding location of the login interface provided. For example, the user only uses the reverse arrangement as the password ggg g, ie 653431. After receiving the dynamic password, the login device sends it to the matching unit 107 to match the reference password S207. If it matches, the matching is considered successful, and the login device is allowed to log in, and the login device stops running. If the match is not successful, the random information generating unit may be selected to generate a new set of random information, and the user is given the opportunity to input the dynamic password again for the current random information group. In this embodiment, the user identity obtaining unit and the user dynamic password acquiring unit may be configured to acquire information at the same time, so that the reference password generating unit may generate a reference password for a certain client. Alternatively, it may be set that the user identity obtaining unit may acquire the user ID before the user dynamic password acquiring unit and generate the reference password after obtaining the ID, that is, the user dynamic password obtaining unit waits for the user to input its dynamic password. Because the random number or letter generated is changed every time you log in, the password of the composition is always changing. This enables the above-mentioned login device to avoid the problem that the passwords often encountered by login methods such as static passwords are stolen or sneaked, and also avoid the trouble of carrying devices such as USBKEY. The above rule change is a relatively simple application. If it is 6 random numbers or letters, a 6-bit password is synthesized, and there are 720 variations. If the random number or letter, and the entered password can be peeked or intercepted, the combination can be easily derived. Therefore, the use of this change rule as a password is generally used in the power-on password of a mobile phone, or on a personal computer used at home. In order to avoid malicious attacks by intruders and to constantly try passwords, you can use the wrong password input for a certain number of times to close the login of the day, or wait a few hours to log in. Figure 2d shows the flow of the specific setting of the login rule, wherein the rule setting process is generally set by the user to select a password. And trigger. The login method first enters the rule function editor, enters the rule function editor: displays the six-digit random number corresponding to the letter, and edits the rule function. Display verification interface, including: display six-digit random number, dynamic password input window, receive user input: dynamic password (DPW), calculate password value DPW' according to newly set rule function, random number, compare DPW and DPW' Consistent, if consistent, encrypt the save rule function. If they are inconsistent, return to the rule function editor: Display the six-digit random number corresponding letter, the edited rule function. Users need to log in to devices such as mobile phones. The login program can be run automatically when the phone is turned on or triggered by the user's selection. After the login process is started, the device calls the random number generator to generate a six-digit random number. The login interface is displayed, including: displaying a six-digit random number, a dynamic password input window; receiving the user input: a dynamic password DPW; finding the stored rule function and Decoding, calculate the dynamic password value DPW' according to the random number; compare DPW and DPW' to see if it is consistent, if it is consistent, allow login. If it is inconsistent, you can choose to judge the accumulated error on the day more than 5 times. If it exceeds 5 times, it will end the day login. Operation, if not more than 5 times, call the random number generator to regenerate the six-digit random number. Optionally, compare DPW and DPW' to see if they are consistent. If they are inconsistent, directly call the random number generator to generate a six-digit random number. Figure 2e shows the above specific login process. The rules that have been set may need to be modified. The specific process of the rule modification may be as shown in Figure 2f: the user selects [Modify Password], invokes the random number generator, generates a six-digit random number, and verifies the original password, including: Displaying six digits Random number, dynamic password input window, receive user input: dynamic password DPW (original), find the stored rule function and decode, calculate the dynamic password value DPW' according to the random number, compare whether DPW and DPW' are consistent, if they are consistent Enter the rule function editor: Display the six-digit random number corresponding to the letter, edit the rule function, if it is inconsistent, judge the cumulative error on the day more than 5 times? According to the judgment result, it is determined that the password cannot be modified, and the login is quit, or the random number generator is called to generate a six-digit random number. Enter the rule function editor: Display the six-digit random number corresponding to the letter, edit the rule function. After completion, the verification interface is displayed, including: displaying a six-digit random number, a dynamic password input window, and displaying a verification interface, including: displaying a six-digit random number, a password input window, and receiving a user input: a dynamic password NDPW (new), According to the newly set rule function and random number, the dynamic password value NDPW' is calculated. Is the comparison between NDPW and NDPW' consistent? If it is consistent, the rule function is saved and encrypted, and then the password is modified. If it is inconsistent, the new rule function can be viewed, and can be modified, and confirmed. After confirmation, the verification interface is redisplayed, including: display six-digit random number, dynamic password input window . Embodiment 2: Login Device Application of Network Chat Tool Referring to Figures 3a to 3c, in a method according to another embodiment of the present invention, similar to the previous embodiment, a user can set a login rule when the system is first applied. For later use, this can be done by logging in a rule setting unit of the device. 101 is completed; as shown in FIG. 3b, the running process of the rule setting unit 101 includes providing a display area for the user on the user's terminal, and distinguishing the controlled element setting area and the static control element setting area S311 on the display area; When the user collects the setting of the controlled element and the setting of the static control element S312 and confirms the post S313 by inputting or selecting, the unit considers that the login rule is completed, and the unit will set the login rule with the user together with the user. The ID identifier is stored in a storage unit for later calling S302, and the storage may be encrypted. Since the network chat tool is generally a multi-user system, it is necessary to associate the login rule with the ID ID of the user. Each time the user logs in to the network chat tool, as shown in FIG. 3a, the login device runs to the user login interface, and receives a user-entered identity information, such as a user ID, by a user identity obtaining unit 105, and for the ID The controlled element generating unit 103 generates, for example, a 6-bit random array as the controlled element S303, and transmits the 6-bit random number to the display device of the user terminal via the network via the transmitting unit 104 on the display device S304: g § gg @ @ , where, a , b, c, d, e, f represent six different numbers or letters, respectively, for example 134356. At the same time, the login device retrieves the previously saved login rule S306 for the user ID from the storage unit 102 through the reference password generation unit 106, and generates a reference instruction corresponding to the group 6-bit random number according to the acquired rule. . The generated reference command is then sent to the matching unit 107 in a login device for subsequent matching. On the other hand, after the user observes the random number from the display device of the terminal 20, the user can select a password or a rearrangement or calculation according to the registration rule memorized in the mind, and obtain a password and provide it as a dynamic password registration device. The corresponding location of the login interface. For example, the user only uses the reverse arrangement as the password ggg g, ie 653431. After the acquisition unit 105 of the registration device acquires the dynamic password, S306 sends it to the matching unit 107 to match the reference password S307. If it matches, it considers that the matching is successful, and allows the login device S316 to stop the operation. If the match is not successful, the random information generating unit may be selected to generate a new set of random information, or the user may be given the opportunity to input the dynamic password again for the current random information group. Because the random number or letter generated is changed every time you log in, the password of the composition is always changing. This enables the above-mentioned login device to avoid the problem that the passwords often encountered by login methods such as static passwords are stolen or sneaked, and also avoid the trouble of carrying devices such as USBKEY. In this embodiment, the user identity obtaining unit and the user dynamic password acquiring unit may be configured to acquire information at the same time, so that the reference password generating unit may generate a reference password for a certain client. Alternatively, it may be set that the user identity obtaining unit may acquire the user ID before the user dynamic password acquiring unit and generate the reference password after obtaining the ID, that is, the user dynamic password obtaining unit waits for the user to input its dynamic password. The login device or the login method in this embodiment can be integrated into the existing network day tool as part of the network chat tool. For the general network chat tool, it is characterized by the necessity to connect with the external connection through the network, so it is vulnerable to attack by the Trojan horse program, and the hacker can monitor the password input by the user, thereby stealing the user's login password. Therefore, for such passwords, the conversion changes used need to be relatively complicated. In addition to rearranging the positions, some simple addition and subtraction operations need to be added. The specific use is as follows: When the user is ready to enter the chat software, in the login interface, the first six random numbers or letters are displayed: § g
(注: a、 b、 c、 d、 e、 f分别代表六个不同的数字或字母) 用户根据预先设置好的排列规则, 选取上述数字或字母, 先进行简单的加减(对于字母 的加减即是往后 /往前移动字母, 如 h加 5即是 m, h减 5即是 c), 然后再重新排列, 作为口 令输入。 举个简单的例子, 口令可以由下述规则来组成:
Figure imgf000019_0001
在登录时, 随机显示 6位数字或字母: 5 f 4 m u 8, 根据转换规则, 可以得到一组口 令为: k h 13 2 11 η (注: 当用减法产生负数时, 取其正数部分)。 对于采用这种方式进行转换产生的口令, 是很难找出其变化规则的, 他人无法通过收集 数据来推导口令组成的规则。 利用这种方式, 还可以应用于类似于网络游戏、 网上购物、 旅游商务网、 电子邮件、 公 司范围内的局域网等登录装置中。 图 3d给出了设置流程: 其中, 用户选择【设置口令】, 输入新用户名, 判断是否有同名? 如是, 则提示重新输入, 如否则提供六位随机数对应字母、 编辑规则; 则个人终端进入规则 函数编辑器: 显示六位随机数对应字母、 编辑规则函数; 规则函数编辑完成后: 服务器端, 调用随机数发生器, 产生六位随机数, 并发送到个人终端, 个人终端用接收到的六位随机数 产生临时密钥 Dkey, 用 Dkey加密规则函数, 并发送给服务器终端。 在个人终端, 显示验证 界面, 含: 显示六位随机数、 动态口令输入窗口, 接收用户输入的: 动态口令 DPW; 在服务 器端, 用六位随机数产生临时密钥, 即 Dkey, 用 Dkey解密规则函数, 根据新设置的规则函 数、 随机数, 计算出口令值 DPW' ; 此后, 由服务器端比较 DPW和 DPW'是否一致, 如一致 则加密保存规则函数, 进而完成密码的修改; 如不一致, 则进入规则函数编辑器: 显示六位 随机数对应字母、 已编辑的规则函数, 重新调用随机数发生器, 产生六位随机数并提供给个 人终端和服务器。 规则设置好后, 当需要登录服务器时, 登录流程如下, 如图 3e所示: 在个人终端用户选 择【登录】, 发出登录请求至服务器, 服务器调用随机数发生器, 产生六位随机数, 产生的六 位随机数被发送至个人终端由显示界面显示, 显示登录界面, 含: 显示六位随机数、 用户名、 动态口令输入窗口; 此后, 在用户终端接收用户输入的: 用户名 UID、 动态口令 DPW, 服务 器采集到用户名 UID、 动态口令 DPW后, 判断是否有该用户? 如没有, 则判断当天累计错 误是否超过 5次, 并在超过 5此后结束登录操作, 如没有超过 5次, 则要求用户重新登录; 如果判断有该用户, 则找出保存的该用户规则函数并解密, 得到规则函数, 随后计算出用户 的动态口令 DPW', 再比较 DPW和 DPW'是否一致, 如一致, 则允许登录, 如不一致, 则判 断当天累计错误超过 5次, 并根据改进一步的判断结果结束登录或要求用户重新登录。 当用户需要对已经设置好的规则进行修改时, 则运行以下修改流程, 如图 3f所示: 用户 选择【修改口令】, 服务器接收到用户的修改请求后, 调用随机数发生器, 产生六位随机数发 送给用户终端, 同时找到存放的该用户规则函数并解码, 根据随机数计算出动态口令值 (Note: a, b, c, d, e, f represent six different numbers or letters respectively) The user selects the above numbers or letters according to the pre-set arrangement rules, and then performs simple addition and subtraction (for the addition of letters) Subtraction is to move the letter backward/forward, such as h plus 5 is m, h minus 5 is c), and then rearranged as a password input. As a simple example, a password can consist of the following rules:
Figure imgf000019_0001
When logging in, randomly display 6 digits or letters: 5 f 4 mu 8. According to the conversion rule, a set of passwords can be obtained: kh 13 2 11 η (Note: When subtraction is used to generate negative numbers, take the positive part) . For passwords generated by conversion in this way, it is difficult to find out the rules of change. Others cannot collect data to derive the rules of password composition. In this way, it can also be applied to login devices such as online games, online shopping, travel business networks, emails, company-wide local area networks, and the like. Figure 3d shows the setup process: where the user selects [Set Password], enters a new username, and determines if it has the same name? If yes, prompt to re-enter, if otherwise provide six-digit random number corresponding to the letter, edit the rules; then the personal terminal enters the rule Function editor: Display the six-digit random number corresponding to the letter, edit the rule function; After the rule function is edited: The server side, call the random number generator, generate a six-digit random number, and send it to the personal terminal, and the personal terminal receives the six The bit random number generates a temporary key Dkey, which is encrypted by Dkey and sent to the server terminal. In the personal terminal, the display verification interface includes: displaying a six-digit random number, a dynamic password input window, receiving a user input: a dynamic password DPW; on the server side, generating a temporary key using a six-digit random number, that is, Dkey, decrypting with Dkey The rule function calculates the password value DPW' according to the newly set rule function and the random number; after that, the server compares whether the DPW and the DPW' are consistent, and if yes, encrypts and saves the rule function, thereby completing the password modification; if not, Then enter the rule function editor: display the six-digit random number corresponding letter, the edited rule function, recall the random number generator, generate a six-digit random number and provide it to the personal terminal and server. After the rules are set, when you need to log in to the server, the login process is as follows, as shown in Figure 3e: In the personal terminal user, select [Login], issue a login request to the server, and the server calls the random number generator to generate a six-digit random number. The six-digit random number is sent to the personal terminal and displayed by the display interface, displaying the login interface, including: displaying a six-digit random number, a user name, and a dynamic password input window; thereafter, receiving the user input at the user terminal: user name UID, dynamic Password DPW, after the server collects the user name UID and the dynamic password DPW, does it determine whether there is such a user? If not, it is judged whether the accumulated error on the day exceeds 5 times, and the login operation is ended after more than 5 times. If there is no more than 5 times, the user is required to log in again; if it is determined that the user is present, the saved user rule function is found and Decrypt, get the rule function, then calculate the user's dynamic password DPW', and then compare DPW and DPW' to see if it is consistent. If it is consistent, it will allow login. If it is inconsistent, it will judge the accumulated error more than 5 times on the day, and judge according to the change. The result ends the login or asks the user to log in again. When the user needs to modify the already set rules, the following modification process is run, as shown in FIG. 3f: The user selects [modify password], and after receiving the user's modification request, the server calls the random number generator to generate six digits. The random number is sent to the user terminal, and the stored user rule function is found and decoded, and the dynamic password value is calculated according to the random number.
DPW , 在用户终端, 提供验证原口令界面, 含: 显示六位随机数、 动态口令输入窗口, 获取 用户输入的: 动态口令 DPW (原先的), 随后判断比较 DPW和 DPW'是否一致? ,如不一致, 则判断当天累计错误超过 5次? , 并结束登录或重新调用随机数发生器, 产生六位随机数; 如一致, 则进入修改规则函数界面; 在客户端进入规则函数编辑器: 显示该六位随机数对应 字母、 编辑规则函数区域供用户进行编辑; 此后, 用六位随机数产生临时密钥 Dkey, 在用户 端用 Dkey加密规则函数, 并发送到服务器端, 在服务器端同样用六位随机数产生临时密钥 Dkey, 并用 Dkey解密规则函数; 此后, 在用户终端提供显示验证界面, 含: 显示六位随机 数、动态口令输入窗口获取用户输入的口令 NDPW发送给服务器, 并在服务器端根据新设置 的规则函数、 随机数, 计算出口令值 NDPW', 并比较 NDPW和 NDPW'是否一致? 如一致则 加密保存口令, 并完成修改, 如不一致, 则进入规则函数编辑器: 显示六位随机数对应字母、 已编辑的规则函数, 重复上述过程。 实施例 3, 网上银行、 网上支付、 网上证券的应用 参照图 4a至 4c, 在依照本发明的另一种实施例的方法中, 与前述实施例类似, 用户可 以在首次登录时设置一种登录规则以便日后使用, 这可通过登录装置的一规则设置 101单元 完成; 该规则设置单元包括为用户在用户的终端 20的显示设备上提供一显示区域, 并在该显 示区域上区分被控制元素设置区域和静态控制元素设置区域 S411 ; 当用户通过输入或选择等 方式完成对被控制元素的设置以及静态控制元素的设置 S412并验证确认后 S413, 则该单元 认为登录规则设置完成,则该单元会将设置完成的登录规则连同用户的 ID标识在一存储单元 中进行存储供日后调用 S402, 存储可采用加密的方式。 由于网上银行等为多用户系统, 因此 需要将登录规则与用户的 ID标识关联存储。还可通过同样的流程设置一报警规则并同样存储 于规则存储单元 102。 在此种实施例中, 由于各口令、 规则等都需要通过网络传输, 因此, 最好对口令和规则 可通过加密单元加密后再通过互联网传输, 传输到服务器端的数据再通过加密单元解密后使 用, 例如, 在用户侧软件设置加密单元对规则、 口令进行加密, 而在服务器侧软件设置解密 单元用于对通过网络传输来的规则、 口令等进行解密。 此后的每次用户登录网上银行时, 例如通过网络浏览器登录网上银行时, 网上银行服务 器端的登录装置 10提供一通过提供用户登录界面采集用户身份标识的获取单元 105接收用户 输入的身份信息 S401 ,例如一用户 ID,如用户存在,则针对该 ID由被控制元素生成单元 103 生成例如 6位随机数组作为被控制元素 S403,并将该 6位随机数通过网络传输到用户终端 20 的显示设备上 S404: g § g § @ @ , 其中, a、 b、 c、 d、 e、 f分别代表六个不同的数 字或字母, 例如可以是 134356。 同时, 登录装置通过其中的基准口令生成单元 106从存储单 元 102中调取事先保存的针对该用户 ID标识的登录规则及或报警规则,并按照该获取的规则 生成对应该组 6位随机数的一登录基准指令及或一报警基准口令 S406。该生成的登录及或报 警基准指令继而被发送至登录装置中的匹配单元 107进行后续的匹配 S407。 另一方面, 用户例如从其与服务器连接的终端 4©20的显示设备观察到这些随机数后, 即 可根据头脑中记忆的登录规则, 选取上述数字或字母重新排列或计算后, 得到一口令并作为 动态口令登录装置提供的登录界面的相应位置。 如, 用户仅仅采用逆向排列的方式作为口令 gg g g, 即 65343i。 登录装置接收到该动态口令及一静态口令后 s4(½, 将其发送至匹配 单元 107, 与登录基准口令进行匹配 S407, 如符合则认为匹配成功, 并允许登录装置 S416, 登录装置停止运行。 如不匹配则认为匹配不成功, 继而与报警基准口令进行匹配, 如匹配成 功则允许登录并报警, 如不成功, 则可选择由随机信息生成单元生成一组新的随机信息, 或 给予用户针对当前的随机信息组再次输入动态口令的机会。 因为每次登录时, 产生的随机数或字母都是在变化的, 故组成的口令也是一直在变化的。 这使得上述登录装置能够避免静态密码等登录手段常会碰到的密码遭到窃取, 或被偷窥等问 题, 也同时避免了携带 USBKEY等设备的麻烦。 本实施例中, 可设置为用户身份获取单元与用户动态口令获取单元同时获取信息, 从而 基准口令生成单元可以继而生成针对某客户的基准口令。 或者, 可设置为用户身份获取单元 可在用户动态口令获取单元之前获取用户 ID并在获得该 ID后, 即用户动态口令获取单元等 待用户输入其动态口令的过程中生成基准口令。 在针对本实施例的可选的实施方式中, 可在获取用户的动态口令时, 同时接受一用户输 入的静态口令, 其中, 该静态口令是在保存规则时与该用户的规则关联的。 获得该静态口令 后, 使用该静态口令在存储单元 102提取存储的规则并计算登录基准口令, 如该静态口令不 准确, 则无法正确解密存储单元 102所保存的规则。 利用本发明的方法或装置, 实现安全的登录就变得非常简单, 因为我们输入的口令本身 就是随机变化的, 不用担心木马程序检测用户键盘输入, 即使他人得到了用户这次输入的口 令也无妨, 下次是无法再次使用的。 由于转换规则、 或运算方式是记忆在用户头脑中的, 故, 能够根据随机数得出正确结果的一定是用户本人。这样, 也就验证了是用户本人在进行操作。 同时, 用户还可以设置报警基准口令, 当使用人的生命受到危险时, 则可以输入报警口令, 即可以稳住胁迫者, 又可以在无声无息中向外部发出求援信号。 例如, 用户在登录网上银行时, 登录界面显示随机数: g g g g DPW, in the user terminal, provides a verification original password interface, including: displaying a six-digit random number, a dynamic password input window, obtaining the user input: dynamic password DPW (original), and then judging whether the comparison DPW and DPW' are consistent? If they are inconsistent, judge the cumulative error on the day more than 5 times? And end the login or recall the random number generator to generate a six-digit random number; if it is consistent, enter the modify rule function interface; enter the rule function editor on the client: display the six-digit random number corresponding letter, edit the rule function area For the user to edit; after that, use the six-digit random number to generate the temporary key Dkey, use the Dkey encryption rule function at the user end, and send it to the server. On the server side, the temporary key Dkey is also generated by the six-digit random number, and Dkey is used. Decrypting the rule function; thereafter, providing a display verification interface on the user terminal, including: displaying a six-digit random number, a dynamic password input window, obtaining a password input by the user, NDPW, sending to the server, and according to the new setting on the server side The rule function, the random number, calculate the password value NDPW', and compare whether NDPW and NDPW' are consistent? If it is consistent, save the password and complete the modification. If it is inconsistent, enter the rule function editor: Display the six-digit random number corresponding letter, the edited rule function, and repeat the above process. Embodiment 3, Application of Online Banking, Online Payment, Online Securities Referring to Figures 4a to 4c, in a method according to another embodiment of the present invention, similar to the foregoing embodiment, a user can set a login when logging in for the first time. The rules are for later use, which can be done by a rule setting unit 101 of the login device; the rule setting unit includes providing a display area for the user on the display device of the user's terminal 20, and distinguishing the controlled element settings on the display area The area and static control element setting area S411; when the user completes the setting of the controlled element and the setting of the static control element S412 by the input or selection, and confirms the confirmation after S413, the unit considers that the registration rule setting is completed, then the unit will The set registration rule is stored together with the ID of the user in a storage unit for later calling S402, and the storage may be encrypted. Since online banking and the like are multi-user systems, it is necessary to store the login rule in association with the ID of the user. An alarm rule can also be set by the same flow and stored in the rule storage unit 102 as well. In such an embodiment, since each password, rule, and the like needs to be transmitted through the network, it is preferable that the password and the rule can be encrypted by the encryption unit and then transmitted through the Internet, and the data transmitted to the server is decrypted by the encryption unit. For example, the user side software setting encryption unit encrypts the rules and passwords, and the server side software setting decryption unit is used to decrypt the rules, passwords, and the like transmitted through the network. After the user logs in to the online banking, for example, when logging in to the online banking through the web browser, the login device 10 of the online banking server provides an obtaining unit 105 that collects the user identity by providing the user login interface, and receives the identity information S401 input by the user. For example, a user ID, such as a user, generates, for example, a 6-bit random array as the controlled element S403 by the controlled element generating unit 103 for the ID, and transmits the 6-bit random number to the display device of the user terminal 20 through the network. S404: g § g § @ @ , where a, b, c, d, e, f represent six different numbers or letters, respectively, for example 134356. At the same time, the login device generates a login rule and an alarm rule for the user ID identifier saved in advance from the storage unit 102 through the reference password generating unit 106, and generates a corresponding 6-bit random number according to the acquired rule. A login reference command and or an alarm reference password S406. The generated registration and/or alarm reference command is then transmitted to the matching unit 107 in the registration device for subsequent matching S407. On the other hand, the user observes these random numbers, for example, from the display device of the terminal 4©20 to which the server is connected, that is, According to the registration rule remembered in the mind, after selecting the above numbers or letters to rearrange or calculate, a password is obtained and used as the corresponding position of the login interface provided by the dynamic password registration device. For example, the user only uses the reverse arrangement as the password gg gg, ie 65343 i. After receiving the dynamic password and a static password, the login device sends s 4 (1⁄2, sends it to the matching unit 107, and matches the login reference password S407. If the matching is successful, the matching is considered successful, and the login device S416 is allowed to stop the login device. If the match is not successful, the match is considered unsuccessful, and then the alarm reference password is matched. If the match is successful, the login and alarm are allowed. If the match is not successful, the random information generating unit may be selected to generate a new set of random information, or given to the user. The opportunity to re-enter the dynamic password for the current random packet. Because the random number or letter generated is changed every time you log in, the composed password is always changing. This allows the above login device to avoid static password. The passwords that are often encountered by the login means are stolen or sneaked, and the problem of carrying the device such as USBKEY is also avoided. In this embodiment, the user identity acquisition unit and the user dynamic password acquisition unit can be configured to obtain information at the same time. , whereby the reference password generating unit can then generate a certain customer Alternatively, the user identity obtaining unit may obtain the user ID before the user dynamic password obtaining unit and generate the reference password after obtaining the ID, that is, the user dynamic password obtaining unit waits for the user to input its dynamic password. In an optional implementation manner of this embodiment, a static password input by a user may be accepted at the same time when the dynamic password of the user is acquired, where the static password is associated with the rule of the user when the rule is saved. After the static password, the stored password is extracted in the storage unit 102 using the static password and the login reference password is calculated. If the static password is inaccurate, the rules saved by the storage unit 102 cannot be correctly decrypted. Using the method or apparatus of the present invention, Implementing secure logins is very simple, because the passwords we enter are randomly changed. Don't worry about Trojans detecting user keyboard input. Even if others get the password that the user entered this time, it won't be used again next time. Because the conversion rules, or the way of operation is Recalling in the mind of the user, therefore, the user who can get the correct result based on the random number must be the user himself. In this way, it is verified that the user is operating. At the same time, the user can also set the alarm reference password, when the user When life is in danger, you can enter the alarm password, which can stabilize the coercion, and can send a request signal to the outside in silent and uninterested. For example, when the user logs in to the online bank, the login interface displays the random number: gggg
(注: a、 b、 c、 d、 e、 f分别代表六个不同的数字) 用户在设置时, 设置的动态口令由下面的几组方程组成: yl =@3+@2+7 y2=@3+@2+7 y3=|3+@2+7 y4= 十 7 贝 lj, 动态口令由上述四组数据组合而成, 即 yly2y3y4 比如, 产生的随机数为: 6 9 3 8 5 6, 贝 IJ yl = 63十 92十 7 = 216十 81十 7 = 304 yl = 93十 32十 7 = 729十 9十 7 = 745 yl = 83十 52十 7 = 512十 25十 7 = 544 yl = 53 + 62 + 7 = 125 + 36 + 7 = 168 因此, 得到的动态口令为: 304745544168。 采用这种运算方式得到的动态口令, 由于用户所采用的运算方程式是多样的, 每个运算 式采用的变量也是不定的(可以用一个变量、 或二个、 或三个等等), 运算式中的系数和常量 也是不定的,动态口令的组成也是不定的(可以是两个算式、或三个算式、或四个算式等等)。 故, 很难通过已知的随机数及生成的口令来推导运算规则。 当然, 用户如果觉得上述设定的运算无法记忆, 则可以将这些运算和组合规则输入到手 机中去, 在实际使用中, 只需根据显示的随机数手工输入相应的值, 便可以得出相应的动态 口令。 如果, 将手机和电脑之间建立起无线通讯 (如红外、 WiFi、 蓝牙等), 则可以将生成的 动态口令直接通过无线的方式传给电脑。 具体的规则设置流程, 如图 4d所示: 用户通过选择【设置口令】开始对登录规则或报警 规则的设置, 此后向服务器发送银行帐号, 由服务器验证该帐号还是否存在, 如存在该账号, 则获取用户输入的帐号、 姓名、 证件号、 取款密码等信息, 并调用一随机数发生器, 产生六 位随机数, 用该六位随机数产生临时密钥 Dkey, 用 Dkey加密用户身份信息后传送回服务器 端, 在服务器端继而用 Dkey解密用户身份信息, 再与银行系统已存资料库核对用户信息是 否一致? 如不一致则重新获取用户身份信息并加密传送; 如一致, 则提供用户静态口令设置 界面, 获取设置静态口令, 例如要求用户输入: 新的静态口 SPW、 重复输入静态口令 SPW, 此后的流程与普通服务器设置流程一致, 仅增加设置登录规则时可一并设置报警规则说明。 登录规则设置完成后, 用户即可在任意时间通过任意用户终端对网银系统或网上支付系 统进行登录。 登录流程如下, 如图 4e所示: 服务器接收到用户需要登录的请求后, 调用随机 数发生器, 产生六位随机数, 通过显示的登录界面, 含: 显示六位随机数、 帐号、 静态口令、 动态口令输入窗口提供给用户终端, 获取用户输入的身份信息, 静态口令以及根据六位随机 数计算的动态口令 DPW, 接收到前述信息后, 判断是否有该用户帐号? 如没有该账号, 则判 断当天累计错误超过 5次, 如果超过则结束登录流程, 如未超过则显示用户帐号、 口令错误, 重新输入; 如有该账号, 则找出保存的该用户规则函数 (正常 DPW和报警 ADPW) 密文, 用六位随机数产生临时密钥 Dkey, 用 Dkey解密, 得到静态口令 SPW, 用静态口令 SPW产 生解密密钥 Skey, 用 Skey解密保存的规则函数密文, 得到规则函数, 计算出用户的正常和 报警基准口令值 DPW'、 ADPW , 再比较 DPW和 DPW'是否一致, 如一致, 则允许登录, 如 不一致, 则比较 ADPW和 ADPW'是否一致, 如一致则允许登录, 但发出报警信号, 如不一 致, 则判断当天累计错误超过 5次, 并根据判断结果结束当天登录操作或显示用户帐号、 口 令错误, 重新输入。 登录规则及或报警规则设置完成后, 可通过修改流程对两者进行修改, 具体流程如下, 如图 4fl、 4f2所示: 检测到用户对口令进行修改的请求后, 调用随机数发生器, 产生六个个 位随机数, 提供在显示修改口令界面, 该界面可含: 显示六个个位随机数、 静态口令、 动态 口令输入窗口; 接收用户输入的: 静态口令 SPW (原先的)、 动态口令 DPW (原先的), 用 六位随机数产生临时密钥 Dkey, 用 Dkey加密静态口令 SPW并将静态口令 SPW传送至服务 器, 服务器端用六位随机数产生临时密钥 Dkey, 再用 Dkey解密, 得到静态口令 SPW, 此后 用静态口令 SPW产生解密密钥 Skey, 用 Skey解密保存的规则函数密文, 得到规则函数, 计 算出用户的正常和报警基准口令值 DPW'、 ADPW , 比较 DPW和 DPW'是否一致, 如一致 则选择修改静态口令、 动态口令规则函数; 如不一致, 则比较 DPW和 ADPW'是否一致, 如 一致则选择修改静态口令、 动态口令规则函数, 同时报警; 如不一致, 则判断当天累计错误 超过 5次? 如未超过则调用随机数发生器, 重新产生六个个位随机数, 如超过则终止流程。 选择修改静态口令、 动态口令规则函数的具体流程如下: 修改静态口令, 输入新的静态 口令 NSPW、 并重复输入, 判断两次输入的口令是否一致? 如一致则用 Dkey加密静态口令 NSPW, 如不一致, 则重新输入新的静态口令 NSPW、 并重复输入; 用 Dkey加密静态口令 NSPW后, 发送密文至服务器端, 并进入动态口令规则函数的修改界面。 在服务器端用 Dkey 解密,得到静态口令 NSPW,再用静态口令 NSPW产生新的加密密钥 NSkey,令 Skey=NSkey, Skey用于加密规则函数 (含正常和报警)。 在客户端进入规则函数编辑器: 显示该六位随机 数对应字母、 编辑规则函数区域供用户进行编辑 (在此可以编辑正常登录规则函数和报警登 录规则函数); 此后, 用六位随机数产生临时密钥 Dkey, 在用户端用 Dkey加密规则函数(含 正常和报警), 并发送到服务器端, 在服务器端用 Dkey解密规则函数 (含正常和报警); 此 后, 在用户终端提供显示验证界面, 含: 显示六位随机数、 正常登录口令和报警登录口令输 入窗口获取用户输入的正常登录口令 NDPW和报警登录口令 NADPW, 并发送给服务器, 在 服务器端根据新设置的规则函数 (含正常和报警)、随机数,计算出口令值 NDPW'和 NADPW' , 并比较 NDPW和 NDPW'、NADPW和 NADPW'是否一致? 如一致则用 Skey加密保存口令(含 正常和报警), 并完成口令修改; 如不一致, 则进入规则函数编辑器: 显示六位随机数对应字 母、 已编辑的规则函数 (含正常和报警), 重复上述过程。 (Note: a, b, c, d, e, f represent six different numbers respectively) When the user sets, the dynamic password set is composed of the following groups of equations: yl =@ 3 +@ 2 +7 y2=@ 3 +@ 2 +7 y3=| 3 +@ 2 +7 y4= ten 7 shell lj The dynamic password is composed of the above four sets of data, that is, yly2y3y4. For example, the generated random number is: 6 9 3 8 5 6, Bay IJ yl = 6 3 10 9 2 10 7 = 216 10 81 10 7 = 304 yl = 9 3 10 3 2 10 7 = 729 10 9 7 7 = 745 yl = 8 3 10 5 2 10 7 = 512 10 25 10 7 = 544 yl = 5 3 + 6 2 + 7 = 125 + 36 + 7 = 168 The dynamic password obtained is: 304745544168. Dynamic passwords obtained by this kind of operation, because the operating equations used by the users are diverse, the variables used in each expression are also variable (a variable, or two, or three, etc.), the expression The coefficients and constants in the variable are also indefinite, and the composition of the dynamic password is also indefinite (can be two formulas, or three formulas, or four formulas, etc.). Therefore, it is difficult to derive the arithmetic rules from known random numbers and generated passwords. Of course, if the user feels that the above-mentioned set operation cannot be memorized, these operations and combination rules can be input into the mobile phone. In actual use, the corresponding value can be manually input according to the displayed random number, and then the corresponding value can be obtained. Dynamic password. If wireless communication (such as infrared, WiFi, Bluetooth, etc.) is established between the mobile phone and the computer, the generated dynamic password can be directly transmitted to the computer through wireless. The specific rule setting process, as shown in Figure 4d: The user starts the login rule or alarm by selecting [Set Password] The setting of the rule, after which the bank account is sent to the server, and the server verifies whether the account still exists. If the account exists, the user enters the account number, name, ID number, withdrawal password and other information, and invokes a random number generator. Generate a six-digit random number, use the six-digit random number to generate the temporary key Dkey, encrypt the user identity information with Dkey and send it back to the server, and then use Dkey to decrypt the user identity information on the server side, and then check with the bank system existing database. Is the user information consistent? If they are inconsistent, re-acquire the user identity information and encrypt the transmission; if they are consistent, provide the user static password setting interface, and obtain the static password. For example, the user is required to input: new static port SPW, repeated input static password SPW, and the following process and common The server setting process is the same. You can set the alarm rule description together only when adding the login rule. After the login rule is set, the user can log in to the online banking system or online payment system through any user terminal at any time. The login process is as follows, as shown in Figure 4e: After receiving the request that the user needs to log in, the server calls the random number generator to generate a six-digit random number. The displayed login interface includes: display six-digit random number, account number, static password. The dynamic password input window is provided to the user terminal, and obtains the identity information input by the user, the static password, and the dynamic password DPW calculated according to the six-digit random number. After receiving the foregoing information, determining whether the user account is available? If there is no such account, it is judged that the accumulated error is more than 5 times on the day. If it is exceeded, the login process is ended. If it is not exceeded, the user account and password are displayed incorrectly and re-entered; if there is the account, the saved user rule function is found ( Normal DPW and alarm ADPW) ciphertext, use the six-digit random number to generate the temporary key Dkey, decrypt it with Dkey, get the static password SPW, use the static password SPW to generate the decryption key Skey, and use Skey to decrypt the saved rule function ciphertext. The rule function calculates the normal and alarm reference password values DPW' and ADPW of the user, and compares whether DPW and DPW' are consistent. If they are consistent, the login is allowed. If they are inconsistent, compare whether ADPW and ADPW' are consistent. If they are consistent, they are allowed. If you log in, but send out an alarm signal, if it is inconsistent, judge the accumulated error more than 5 times on the day, and end the login operation or display the user account and password error according to the judgment result, and re-enter. After the login rule and or the alarm rule are set, the modification process can be used to modify the two. The specific process is as follows, as shown in Figure 4fl and 4f2: After detecting the user's request to modify the password, the random number generator is called to generate A six-digit random number, provided in the display modify password interface, the interface can include: display six-digit random number, static password, dynamic password input window; receive user input: static password SPW (original), dynamic password DPW (original), the temporary key Dkey is generated by a six-digit random number, the static password SPW is encrypted by Dkey and the static password SPW is transmitted to the server, and the server uses a six-digit random number to generate the temporary key Dkey, and then decrypts with Dkey. Obtain the static password SPW, then use the static password SPW to generate the decryption key Skey, decrypt the saved regular function ciphertext with Skey, get the rule function, calculate the user's normal and alarm reference password values DPW', ADPW, compare DPW and DPW' Whether it is consistent, if it is consistent, choose to modify the static password, dynamic password rule function; if it is inconsistent, compare DPW and ADPW 'Is it consistent, such as If it is consistent, choose to modify the static password and dynamic password rule function, and alarm at the same time; if it is inconsistent, judge the cumulative error on the day more than 5 times? If not exceeded, the random number generator is called to regenerate the six-digit random number. If it is exceeded, the process is terminated. The specific process of selecting the static password and dynamic password rule function is as follows: Modify the static password, enter the new static password NSPW, and repeat the input to determine whether the passwords entered twice are consistent? If it is consistent, use Dkey to encrypt the static password NSPW. If it is inconsistent, re-enter the new static password NSPW and repeat the input. After encrypting the static password NSPW with Dkey, send the ciphertext to the server and enter the modification interface of the dynamic password rule function. . Decrypt with Dkey on the server side, get the static password NSPW, and then use the static password NSPW to generate a new encryption key NSkey, so that Skey=NSkey, Skey is used for the encryption rule function (including normal and alarm). Enter the rule function editor on the client: Display the six-digit random number corresponding to the letter, edit the rule function area for the user to edit (here can edit the normal login rule function and the alarm login rule function); thereafter, generate with six random numbers Temporary key Dkey, use Dkey encryption rule function (including normal and alarm) at the user end, and send it to the server side, use Dkey to decrypt the rule function (including normal and alarm) on the server side; thereafter, provide display verification interface in the user terminal. , including: display six-digit random number, normal login password and alarm login password input window to obtain the normal login password NDPW and alarm login password NADW input by the user, and send it to the server, according to the newly set rule function (including normal and Alarm), random number, calculate the password values NDPW' and NADW', and compare NDPW and NDPW', NADW and NADPW'? If it is consistent, use Skey to encrypt and save the password (including normal and alarm), and complete the password modification; if it is inconsistent, enter the rule function editor: display the six-digit random number corresponding letter, the edited rule function (including normal and alarm), Repeat the above process.
实施例 4, 对银行 ATM、 POS机的登录的应用 参照图 5a至 5c, 在针对此种应用的实施例中, 如图 5a所示, 与前一实施例类似, 其包 括登录步骤 503、 504、 505、 506、 507等, 用户一般使用诸如银行卡等工具实现身份验证, 因此, 本发明的登录装置和方法可不必提供用户输入用户 ID的界面, 而由用户 ID获取单元 105直接通过读取银行卡等工具来确定用户的 ID, 而后续的诸如随即信息的提供以及基准口 令的生成、 输入动态口令的获取, 以及口令匹配等单元 107的设置则可以如针对网络聊天工 具等登录的方式, 或者可以如针对网络银行的登录方式, 这取决于 ATM或 POS机的布置方 式。 登录规则的设置则可如图 5b所示, 通过在 ATM机本地设置并传送给后台的服务器, 或 者通过网络银行等设置, 银行的服务器端只要将设置好的登录规则与用户的银行卡等工具关 联或绑定后存储即可。 与前述实施例类似, 其包括步骤 511、 512、 513、 502等。 对应的装置的逻辑原理框图如图 5c所示, 其与前一实施例类似, 包括服务器端 10, 用 户终端 20, 以及位于服务器端的各单元 101至 107 在这一领域, 采用本发明的登录装置和登录方法, 则可以很好地解决现有技术中存在的 问题, 保证使用人的人身安全和资金安全。 对于一般的使用者(指资金量比较小), 可以采用 相对比较简单的运算方式组合, 这样便于记忆, 又不容易被他人所破解。 如果是资金量特别 巨大, 需要比较复杂的运算公式组合, 人脑无法记住这些复杂的公式, 则可以采用前面所讲 的办法, 将所有的公式及其组合输入到手机中去, 由手机来完成复杂的运算和组合, 生成最 终的动态口令。 实施例 5, 电子锁、 电子钥匙的应用 (含家用电子锁、 门禁、 汽车锁等) 参照图 6a至 6c, 在进一步的实施例中, 本发明的动态口令, 同样可以运用到电子锁和电 子钥匙中, 将原来采用的静态口令改为我们的动态口令, 同样可以防止被他人的偷窥。 根据电子门锁的使用场合和安全等级的不同, 可以设计出各种具有登录装置或登录方法 的电子锁。 例如, 对于安全等级较低的场合, 如, 商务大楼里的一般公司、 小区的门禁等等, 则可以直接在门禁设备, 例如读卡器上嵌入本发明的登录装置和方法, 门禁设备即可实现前 述如网络聊天那样的登录规则设置以及用户进门的登录验证。 而对于安全级别较高的场所, 如银行、 监狱、 国家行政机关等的锁具, 则可以将电子钥 匙做在手机上, 即将原先设置的运算公式和组合输入到手机中去, 当需要开门时, 使用人可 以根据电子锁上提示的随机信息(或者电子锁将随机数发到手机上,显示在手机的显示屏上), 按约定在手机上输入相应的值, 然后将所得到的结果发送给电子锁, 以完成开锁的动作。 同 时, 也可以设置报警基准口令, 以便于在被胁迫的状态下使用具体的实施方案可以参考网上 银行的实施流程, 用手机取代用户电脑终端。 实施例 6, 文件管控的应用 本发明的一种实施例中的登录装置和登录方法可以以软件的形式附加于保存有数字文件 的文件管控系统中。 这样, 当有用户需要对文件管控系统所管理的文件进行访问时, 需要首 先完成用户对该文件管控系统的登录或者对具体文件夹、 文件的登录, 登录成功后方可对文 件或文件夹进行诸如查看等操作。 这样, 附加于该文件管控系统的登录装置或登录方法就需要具有一登录规则存储单元, 用于以加密或不加密的形式对系统的各用户预先设置的登录规则进行存储, 其中该登录规则 包括至少一个被控制元素以及对该至少一个随机信息进行控制的至少一个控制元素; 还包括 一随机信息产生单元, 例如一随机数发生器, 用于产生与该被操作元素数量对应的随机信息, 并将该随机信息提供给用户; 还包括一动态口令获取单元, 用于接收用户通过大脑基于该随 机信息计算得出的一动态口令; 一基准口令生成单元, 用户基于该随机信息调用存储的登录 规则生成一基准口令; 一对比单元, 对该动态口令以及该基准口令进行匹配, 如两者匹配, 则允许登录, 如两者不匹配则拒绝登录。 拒绝登录后, 可选择等待另一针对当前随机信息的新的动态口令, 并将该新的动态口令 与基准口令进行比较, 以判断是否允许登录; 或者, 也可生成并提供新的随机信息, 并对应 生成新的基准口令, 以及通过动态口令获取单元等待用户的新的动态口令。 与前一实施例类似, 如图 6a所示, 其登录步骤包括 603、 604、 605、 606、 607等; 与前 述实施例类似, 其规则设置基本步骤如图 6b所示, 包括步骤 611、 612、 613、 602等。 对应 的装置的逻辑原理框图如图 5c所示, 其与前一实施例类似, 包括系统端 10, 用户终端 20, 以及位于服务器端的各单元 101至 107。 可以设置的规则具体举例: 以下介绍一些本发明具体实施的方案, 可以用于安全等级不同的应用领域, 但在实际用 户设定时, 并不仅限于下列这些方案, 也不仅限于下列所定义的数组个数、 数组长度和口令 的长度, 可以根据实际情况而由用户自己定义。 为了方便说明问题, 以下举例均以 6位随机数、 字母为例。 对于手机等终端的登录应用: 方案一 (纯排列规则) 定义:假设针对的随机被控制元素为一组六位编码 gg§,这里的编码可以是数字、 或字母、 或字符; 而静态操作元素为将第二、 四、 六位的内容与一、 三、 五位的内容互换的 换位操作符; 则保存的用户预先设置的登录规则为
Figure imgf000028_0001
根据前面定义的登录规则, 在用户登录时, 终端中的随机被控制元素产生单元会在随机 被控制元素步骤会产生一组六位随机码, 例如是 1、 2、 3、 4、 5和 6, 并显示在终端的屏幕 上, 用户根据显示的该组随机码, 根据头脑中记忆的登录规则得到结果 A= 214365, 并将结 果作为口令输入; 基准口令产生步骤最好在接到前述口令输入后调用保存的针对该用户的登 录规则, 并按照保存的登录规则得到基准口令 A' =214365。 此后匹配步骤再将将用户输入的 口令 A与基准口令计算步骤获得的基准口令 A'进行比对, 如果相等, 即匹配, 则认为是用户 本人输入, 允许用户登录, 并允许后续的操作; 如果错误, 则拒绝登录以及后续的操作。 前述六位随机码的具体的应用还可以为例如, 在终端设备, 例如手机开机时, 随机的在 屏幕上显示 " G U M W PA", 按照上述设置的规则, 则正确的口令为 " U G W M A P", 即只 有在用户正确的输入了前述口令后, 系统才能允许用户登录。 采用这种简单的重新排列及部分替换的方式, 其优点在于规则的简单、 方便记忆, 在一 些输入场合比较私密的情况下可以使用, 比如用于手机的开机口令、 用于登录电子钥匙的口 令等。 其缺点在于规则简单, 容易推出其规则, 如整个输入过程被人偷窥的话, 通过几组、 数十组随机码和动态口令的比对, 即可以推导出它的规则。 方案二 (纯计算公式): 定义:假设产生的随机被控制元素为一组六位 g g g §,静态操作元素为相乘、 平方以及相加。 则登录规则为 y=5 X c2+9 在登录时, 终端后台会先产生该一组六位随机数&、 b、 c、 d、 e和 f, 例如, 在手机开机 时, 在屏幕上会显示 " 7 9 5 3 8 2", 然后基准口令生成步骤按保存的运算式计算得到 y'=5 X c 2+9=134, 并将 134作为基准口令; 用户根据该显示的一组随机数, 按照头脑中记忆的运算式 计算结果 y=5 X c 2+9=134, 并将 134作为口令输入; 此后匹配步骤再将用户输入的口令 y与 基准口令 y'进行比对, 如果相等, 则认为是用户本人输入, 允许后续的操作; 如果错误, 则 拒绝后续的操作。 方案三 (计算公式加补位、 再排列): 在方案二中, 有可能得到的计算结果为个位数、 或两位数, 为了加强其强度, 避免被别 人推导出计算公式, 可以通过一定的规则, 对于计算结果为个位数的, 补足其十万位、 万位、 千位、 百位和十位数, 从而保证其六位口令均有数值。 对于结果为两位数、 三位数、 四位数、 五位数, 都可以采用同样的方式来补足。 例如, 按照方案三, 我们可以定如下的规则, 十万位采用第一位数字的平方后取其个位 数, 万位采用第二位数字的平方后取其个位数, 千位采用第三位数字的平方后取其个位数, 以此类推。 以方案二的例子, 随机数 "7 9 5 3 8 2", 根据现在的补位规则, 正确的口令为 "915134"。 如果随机数为 "4 7 0 6 9 1 ", 则正确的口令为 "690619"。 方案四 (口令为任意位数) 上述方案中, 我们设定的口令位数是固定的, 如 4位、 6位或 8位等, 为了增加他人的 破译难度, 可以将口令设置为任意长度, 而且是不定的。 口令的组成可以是几个算法结果的 组合。 定义: 假设产生的随机数为 1组 g @ @ g g固, 口令为: y=yiy2 y3 y4 其中: yi=a2+3 y2=c2+5 y3=d2+7 y4=f2+9 例如, 在登录时, 终端后台会先产生 1组随机数 9、 6、 2、 5、 3、 8, 终端用户按照事先 设置的算法算出: yi=84、 y2=9、 y3=32、 y4=73, 则口令组合为: 8493273。 上述四种方案, 都是在一组随机信息的前提下做的设置, 在大部分的应用领域, 其安区 性已经比现有的方案有大幅度的提高, 如用于手机开机口令、 电脑开机口令、 电子钥匙应用 登录、 QQ登录、 MSN登录等等。 在某些要求安全级别较高的领域, 比如网上银行、 网上交 易、 政府机关和部队的文件管控等方面, 则需要进一步提高其安全性能, 在使用本发明时, 则可以适当的增加随机码 (数) 的组数, 及增加动态口令的位数, 从而增加破译者的难度, 提高其安全性能。 方案五 (多组随机码) 下面以 4组 4位随机码为例, 仅仅作为说明的例子, 在实际应用上可以根据具体的情况 而做调整, 并不局限于 4组 4位, 口令也不局限于 4位, 可以设计成任意位数。 定义: 假设产生的随机数 (或字母) 为 4组, 每组有 4位数字 (或字母) 组成, 数组如 下: Embodiment 4, Application of Login to Bank ATM and POS Machine Referring to FIGS. 5a to 5c, in an embodiment for such an application, as shown in FIG. 5a, similar to the previous embodiment, it includes login steps 503, 504. 505, 506, 507, etc., the user generally implements authentication using a tool such as a bank card. Therefore, the login apparatus and method of the present invention may not necessarily provide an interface for the user to input the user ID, but the user ID acquisition unit 105 directly reads A bank card or the like is used to determine the ID of the user, and subsequent settings such as the provision of the random information and the generation of the reference password, the acquisition of the input dynamic password, and the setting of the password matching unit 107 may be performed by means of a login method such as a web chat tool. Or it can be like the login method for online banking, depending on how the ATM or POS is arranged. The setting of the login rule can be set locally and sent to the server in the background by the ATM machine, as shown in Figure 5b, or Through the network banking and other settings, the server side of the bank only needs to associate or bind the set login rules with tools such as the user's bank card. Similar to the previous embodiment, it includes steps 511, 512, 513, 502, and the like. A logical block diagram of the corresponding device is shown in FIG. 5c, which is similar to the previous embodiment, and includes a server terminal 10, a user terminal 20, and units 101 to 107 at the server end. In this field, the login device of the present invention is employed. And the login method can solve the problems existing in the prior art well, and ensure the personal safety and capital security of the user. For the average user (meaning that the amount of funds is relatively small), it can be combined with relatively simple calculation methods, which is easy to remember and not easily cracked by others. If the amount of money is extremely large, and a complex combination of calculation formulas is needed, and the human brain cannot remember these complicated formulas, you can use the method described above to input all the formulas and their combinations into the mobile phone. Completing complex operations and combinations to generate the final dynamic password. Embodiment 5, Electronic lock, electronic key application (including home electronic lock, access control, car lock, etc.) Referring to Figures 6a to 6c, in a further embodiment, the dynamic password of the present invention can also be applied to electronic locks and electronic In the key, the original static password is changed to our dynamic password, which also prevents peeks from others. Depending on the use of the electronic door lock and the level of security, various electronic locks with login or login methods can be designed. For example, for a situation with a lower security level, such as a general company in a business building, a door access to a community, etc., the login device and method of the present invention can be directly embedded in an access control device, such as a card reader, and the access device can be The foregoing login rule setting such as web chat and login verification by the user are implemented. For places with higher security levels, such as locks for banks, prisons, and state administrative agencies, you can use the electronic key on the mobile phone, and input the original calculation formulas and combinations into the mobile phone. When you need to open the door, The user can input the corresponding value on the mobile phone according to the random information prompted by the electronic lock (or the electronic lock sends the random number to the mobile phone and displayed on the display of the mobile phone), and then sends the obtained result to the mobile phone. Electronic lock to complete the unlocking action. At the same time, the alarm reference password can also be set, so that the specific implementation scheme can be used in the coerced state to refer to the implementation process of the online banking, and replace the user computer terminal with a mobile phone. Embodiment 6 Application of File Control The login device and the login method in one embodiment of the present invention may be attached to a digital file in the form of software. In the file control system. In this way, when a user needs to access a file managed by the file management system, the user needs to first log in to the file management system or log in to a specific folder or file. After the login is successful, the file or folder can be processed, for example. View and other operations. In this way, the login device or the login method attached to the file management system needs to have a login rule storage unit for storing the login rules preset by each user of the system in an encrypted or unencrypted form, wherein the login rule includes At least one controlled element and at least one control element controlling the at least one random information; further comprising a random information generating unit, such as a random number generator, for generating random information corresponding to the number of operated elements, and Providing the random information to the user; further comprising: a dynamic password obtaining unit, configured to receive a dynamic password calculated by the user based on the random information by the brain; a reference password generating unit, the user invokes the stored login rule based on the random information A reference password is generated; a comparison unit matches the dynamic password and the reference password, and if the two match, the login is allowed, and if the two do not match, the login is denied. After refusing to log in, you can choose to wait for another new dynamic password for the current random information, and compare the new dynamic password with the reference password to determine whether to allow login; or, you can generate and provide new random information. And correspondingly generate a new reference password, and wait for the user's new dynamic password through the dynamic password acquisition unit. Similar to the previous embodiment, as shown in FIG. 6a, the login step includes 603, 604, 605, 606, 607, etc.; similar to the foregoing embodiment, the basic steps of the rule setting are as shown in FIG. 6b, including steps 611, 612. , 613, 602, etc. A logical block diagram of the corresponding device is shown in FIG. 5c, which is similar to the previous embodiment, and includes a system terminal 10, a user terminal 20, and units 101 to 107 at the server end. Specific examples of rules that can be set: The following describes some specific implementations of the present invention, which can be applied to application fields with different security levels, but in actual user settings, it is not limited to the following solutions, and is not limited to the following defined arrays. The number, length of the array, and length of the password can be defined by the user according to the actual situation. For convenience of explanation, the following examples are based on 6-digit random numbers and letters. For the login application of mobile phones and other terminals: Option 1 (pure arrangement rules) Definition: Assume that the random controlled element is a set of six-bit encoding gg§, where the encoding can be a number, or a letter, or a character; and the static operating element is the second, fourth, and sixth digits with one or three , five-digit content interchangeable transposition operator; the saved user preset login rule is
Figure imgf000028_0001
According to the login rule defined above, when the user logs in, the random controlled element generating unit in the terminal generates a set of six-digit random codes in the random controlled element step, for example, 1, 2, 3, 4, 5, and 6 And displayed on the screen of the terminal, the user obtains the result A=214365 according to the stored registration rule in the mind according to the displayed random code, and inputs the result as a password; the reference password generating step preferably receives the aforementioned password input The saved login rule for the user is then called, and the base password A' = 214365 is obtained according to the saved login rule. The matching step then compares the password A entered by the user with the reference password A' obtained by the reference password calculation step. If they are equal, that is, the match is considered to be the user's own input, allowing the user to log in, and allowing subsequent operations; In case of error, the login and subsequent operations are rejected. The specific application of the foregoing six-digit random code may also be, for example, when the terminal device, for example, the mobile phone is powered on, randomly displays "GUMW PA" on the screen. According to the above-mentioned rules, the correct password is "UGWMAP", that is, The system can only allow users to log in after the user has correctly entered the aforementioned password. With this simple rearrangement and partial replacement, the advantage is that the rules are simple and convenient to remember, and can be used in some cases where the input is relatively private, such as the power-on password for the mobile phone and the password for logging in the electronic key. Wait. The disadvantage is that the rules are simple and it is easy to introduce its rules. For example, if the entire input process is sneaked, the rules can be derived by comparing several groups, tens of sets of random codes and dynamic passwords. Option 2 (pure calculation formula): Definition: Assume that the generated random controlled elements are a set of six-bit ggg §, and the static operation elements are multiplied, squared, and added. The login rule is y=5 X c 2 +9. When logging in, the terminal background will first generate the set of six-digit random numbers &, b, c, d, e and f, for example, when the phone is turned on, on the screen. "7 9 5 3 8 2" will be displayed, then the reference password generation step will be calculated according to the saved expression y'=5 X c 2 +9=134, and 134 will be used as the reference password; the user will randomly select a set according to the display. Count, calculate the result y=5 X c 2 +9=134 according to the expression stored in the mind, and input 134 as the password; then the matching step compares the password y input by the user with the reference password y', if equal , it is considered to be the user's own input, allowing subsequent operations; if it is wrong, the subsequent operations are rejected. Scheme 3 (calculation formula plus complement, rearrange): In scheme 2, it is possible to obtain a single digit, or two digits. In order to strengthen its strength and avoid being derived from others, you can pass certain The rules, for the calculation of single digits, make up its 100,000, tens, thousands, hundred and ten digits, thus ensuring that its six-digit password has a value. For the result of two digits, three digits, four digits, five digits, you can use the same method to make up. For example, according to Option 3, we can set the following rules. 100,000 people use the square of the first digit and take its single digit. The 10,000 digits use the square of the second digit and take its single digit. The thousand digits adopt the first digit. The square of the three digits is taken as its single digit, and so on. In the example of scenario two, the random number is "7 9 5 3 8 2". According to the current padding rule, the correct password is "915134". If the random number is "4 7 0 6 9 1", the correct password is "690619". Scheme 4 (password is any number of digits) In the above scheme, the number of passwords we set is fixed, such as 4 digits, 6 digits or 8 digits. In order to increase the difficulty of other people's deciphering, the password can be set to any length. And it is uncertain. The composition of the password can be a combination of several algorithmic results. Definition: Suppose the generated random number is 1 group g @ @ gg solid, the password is: y=yiy 2 y 3 y 4 where: yi =a 2 +3 y 2 =c 2 +5 y 3 =d 2 +7 y 4 =f 2 +9 For example, when logging in, the terminal background will first generate a set of random numbers 9, 6, 2, 5, 3, 8. The terminal user calculates according to the algorithm set in advance: yi =84, y 2 =9 , y 3 =32, y 4 =73, then the password combination is: 8493273. The above four schemes are all set up under the premise of a set of random information. In most of the application fields, the security of the security zone has been greatly improved compared with the existing schemes, such as the password for the mobile phone, computer Power-on password, electronic key application Login, QQ login, MSN login, etc. In some areas requiring high security levels, such as online banking, online transactions, document management of government agencies and troops, etc., it is necessary to further improve their security performance. When using the present invention, random codes can be appropriately added ( The number of groups, and the number of bits of the dynamic password, increase the difficulty of the cracker and improve its security performance. Scheme 5 (multiple sets of random codes) The following is an example of four sets of 4-bit random codes. As an example, the actual application can be adjusted according to the specific situation. It is not limited to 4 groups of 4 bits, and the password is not Limited to 4 bits, it can be designed to any number of bits. Definition: Assume that the generated random numbers (or letters) are 4 groups, each group consisting of 4 digits (or letters), and the array is as follows:
HHBH 0HBH ΞΒ 口令由 4位数字 (或字母) 组成; 采用重新排列组合方式 HHBH 0HBH ΞΒ The password consists of 4 digits (or letters);
4位口令的产生 (由用户自己定义, 以下仅为举例说明): Generation of 4-digit password (defined by the user, the following is only an example):
H B B B 注:采用重新排列组合的方式产生口令,则 4组随机数和口令并不局限于数字, 也可 以是字母和字符。 但是, 由于这种方式还是比较简单, 如果能够被别人偷窥到, 通过 得到一定数量的随机码 (数)及相应的口令, 能够推导出其规则。 采用重新排列组合方式, 并且按相应位加 (或减) 一组事先预留的 4位数种子 用户在设置口令计算方式时, 可以再设定一组 4位的种子数: H B B B Note: The password is generated by rearranging the combination. The four sets of random numbers and passwords are not limited to numbers, but also letters and characters. However, since this method is relatively simple, if it can be peeked by others, the rules can be derived by obtaining a certain number of random codes (numbers) and corresponding passwords. Use rearrangement combination, and add (or subtract) a set of 4-digit seeds reserved in advance according to the corresponding bits. When setting the password calculation mode, you can set a new 4-digit seed number:
4位口令的产生 (由用户自己定义, 以下仅为举例说明): 当两数相加大于 10时, 取其个位数; 当两数相减小于 0时, 取其正数。 例 1, 在电脑开机的时候, 屏幕上会显示 4组随机数 "8362 " "2396 " "3058 " "8924", 用户在设置时预设了 1组种子数 " 1234", 则按照上述规则, 正确的口令为 "9588"。 例 2, 在电脑开机的时候,屏幕上会显示 4组随机字母 "0fjt""rUpC""PTjk""dRJZ", 用户在设置时预设了 1组种子数 " 1234", 则按照上述规则, 正确的口令为 "pWmD'O 注: 这个方案比起方案 1来说, 其安全性要高些, 除了简单的重新排列外增加了计算 的功能, 破解的难度要高些, 但由于是采用简单的对应位加减, 当入侵者得到一定数 量的随机数和口令值后, 也可以推导出它的规则。 其它各种任意定义的计算公式 The generation of a 4-digit password (defined by the user, the following is only an example): When the two numbers are added greater than 10, the single digit is taken; when the two phases are reduced to 0, the positive number is taken. Example 1, when the computer is turned on, the screen displays 4 sets of random numbers "8362", "2396", "3058" and "8924". When the user presets a set of seeds "1234", the above rules are followed. The correct password is "9588". Example 2: When the computer is turned on, four random letters " 0 fjt""rUpC""PTjk""dRJZ" are displayed on the screen. When the user presets a group of seeds "1234", the above rules are followed. The correct password is "pWmD'O Note: This scheme is more secure than the scheme 1. In addition to the simple rearrangement, the calculation function is added, and the cracking is more difficult, but it is adopted. Simple corresponding bit addition and subtraction, when the intruder gets a certain number of random numbers and password values, it can also derive its rules. Other various arbitrary definition calculation formulas
4位口令的产生 (由用户自己定义, 以下仅为举例说明): y= (0 + H) x(0+0) 可以将 y值作为口令输入, 前面不足部分可以空着; 或者通过下列方式补足: 当 y<10, 千、 百、 十位添加 0 0 当 10<=y<100, 千、 百位添加 00 当 100<=y<1000, 千位添加 当 y>=1000, 直接作为口令输入 上述所有组合方式, 均可以根据用户的设定而自由组合, 从而得出千变万化的结果。 报警 (胁迫) 登录的计算公式也可以通过上述的方法来设置, 为避免两个规则函数产生 相同值, 其计算公式可以与正常登录计算公式一样, 仅仅再加上、 或减去一个常数。 方案五 (文字转换方式) 随机信息可以设计成中文汉字形式, 将汉字的笔画、 或者四角号码作为口令。 例如, 随 机信息显示 "人机同步动态口令", 用户事先约定的转换规则是选用第 2、 4、 6、 8个文字的 笔画作为口令输入, 则此口令为 "6785"; 当然, 也可以采用文字的四角号码作为口令。 为了增加破译的难度, 可以将转换的数字再进行简单的运算, 将得到的结果作为口令输 入。 方案六 (音乐转换) 随机信息可以设计成音乐, 将简谱作为口令。 例如, 电脑开机时随机播放一段音乐, 用 户将这段音乐的前几个音符的简谱作为口令的输入。也可以将转换的简谱再进行简单的运算, 将得到的结果作为口令输入。 方案七 (化学元素的转换) 随机信息可以设计成化学元素, 将其原子序数作为一串口令。 例如, 电脑开机时显示几 个化学元素, 如显示 "铝铁碳铜", 则可以将它们转换成一组数据 " 1326629", 把它作为口令 输入。 也可以将转换的原子序数再进行简单的运算, 将得到的结果作为口令输入。 由于本发明的重要部分在于约定的登录规则, 因而, 它们的存放、 保密工作同样重要。 登录规则的保存, 可以根据本发明的应用领域来具体设定, 如果是用于手机以保护手机内的 资料, 则将登录规则保存在手机本地内即可; 如果用本发明来登录电脑, 则登录规则保存在 需要登录的电脑内即可; 对于那些要登录到服务器上的应用领域, 如即时聊天工具、 电子邮 箱、 门禁、 货币存取设备 (ATM) 等等, 则登录规则最好保存在相应的服务器上。 按照现有 的技术, 登录规则的保存大致可以采用 "明文"、 "加密"两种方式, 如采用加密方式, 加密 的密钥可以通过散列函数来产生, 无需保存, 可以避免被他人所破获。 至于用户一方的人脑的记忆, 对于一般应用领域里, 用户设置的登录规则不需要设置得 十分复杂, 选择一些方便记忆的转换, 如选择、 重新排列、 移位和简单的运算。 在一些特别 重要的场合下, 必需将运算设置得十分复杂, 不让他人破解, 但是这些运算是无法通过人脑 来记忆的, 在这种场合下, 用户可以将运算方程式保存在另外一台智能终端 (如智能手机、 掌上电脑等)、 或个人电脑上, 当需要用到口令输入时, 可以在另外一台智能手机、 或个人电 脑上输入相应的变量, 由它来计算出口令的值。 口令的输入, 可以通过手工输入的方式输入, 也可以通过无线的方式 (红外、 WiFi、 蓝牙等) 传输。 以上具体介绍的是本发明的可行的实施方案, 可以用于安全等级不同的应用领域, 但在 实际用户设定时, 并不仅限于下列这些方案, 也不仅限于下列所定义的数组个数和口令的长 度, 可以根据实际情况而由用户自己定义。 4-bit password generation (defined by the user, the following is only an example): y= (0 + H) x(0+0) The y value can be entered as a password, and the insufficient part can be left blank; or by the following Complement: When y<10, thousands, hundred, ten digits add 0 0 when 10<=y<100, thousands, hundreds add 00 when 100<=y<1000, thousands add when y>=1000, directly as password Entering all of the above combinations can be freely combined according to the user's settings, resulting in ever-changing results. Alarm (stress) The calculation formula of the login can also be set by the above method. To avoid the two rule functions generating the same value, the calculation formula can be the same as the normal login calculation formula, and only one constant is added or subtracted. Scheme 5 (Text Conversion Method) Random information can be designed in Chinese kanji form, with the stroke of the Chinese character or the four-corner number as the password. For example, the random information displays "Human-machine synchronization dynamic password". The conversion rule agreed by the user in advance is to select the strokes of the 2nd, 4th, 6th, and 8th characters as the password input, and the password is "6785"; of course, it can also be adopted. The four-corner number of the text is used as the password. In order to increase the difficulty of deciphering, the converted number can be simply calculated, and the obtained result is input as a password. Option 6 (Music Conversion) Random information can be designed as music, with the notation as a password. For example, when the computer is turned on, a piece of music is randomly played, and the user uses the notation of the first few notes of the piece of music as the input of the password. It is also possible to perform a simple calculation on the converted notation and input the obtained result as a password. Scheme 7 (Conversion of Chemical Elements) Random information can be designed as a chemical element with its atomic number as a serial port. For example, when the computer is turned on, it displays several chemical elements, such as "Aluminum, Iron, Carbon, and Copper", which can be converted into a set of data "1326629", which is entered as a password. It is also possible to perform a simple operation on the converted atomic number and input the result as a password. Since an important part of the invention lies in the agreed registration rules, their storage and confidentiality are equally important. The saving of the login rule may be specifically set according to the application field of the present invention. If it is used for protecting the data in the mobile phone, the login rule may be saved in the local area of the mobile phone; if the invention is used to log in to the computer, Login rules are saved on the computer that needs to be logged in; for those applications that want to log in to the server, such as instant messenger, email, access control, currency access device (ATM), etc., the login rules are best saved in On the corresponding server. According to the existing technology, the registration rule can be saved in two ways: "plain text" and "encryption". For example, the encryption key can be generated by a hash function without saving, so as to avoid being cracked by others. . As for the memory of the human brain on the user side, for general application fields, the user-set login rules do not need to be set up very complicated, and some convenient memory conversions such as selection, rearrangement, shifting, and simple operations are selected. In some particularly important situations, it is necessary to set the calculations very complicated and not to be cracked by others, but these operations cannot be remembered by the human brain. In this case, the user can save the equations in another intelligence. Terminal (such as a smartphone, On a handheld computer, etc., or on a personal computer, when a password input is required, a corresponding variable can be input on another smart phone, or a personal computer, to calculate the value of the password. The input of the password can be input by manual input or by wireless (infrared, WiFi, Bluetooth, etc.). The above is specifically described as a possible implementation of the present invention, which can be applied to application fields with different security levels, but in actual user setting, it is not limited to the following solutions, and is not limited to the number of arrays and passwords defined below. The length can be defined by the user according to the actual situation.

Claims

权利要求书 Claim
1、基于用户自主产生的动态口令对系统登录的方法, 其中该系统至少存储有至少一个用户预 先设置的登录规则, 该登录规则包括至少一个被控制元素以及对该至少一个被控制元素进行 控制的至少一个控制元素;  A method for logging in to a system based on a user-generated dynamic password, wherein the system stores at least one login rule preset by a user, the login rule including at least one controlled element and controlling the at least one controlled element. At least one control element;
其包括以下步骤:  It includes the following steps:
生成与该被控制元素数量对应的随机信息,  Generating random information corresponding to the number of controlled elements,
将该随机信息提供给用户, 同时基于该随机信息利用存储的登录规则生成一登录基准口 令;  Providing the random information to the user, and generating a login reference password by using the stored login rule based on the random information;
获取用户输入的动态口令;  Get the dynamic password entered by the user;
对该动态口令以及该登录基准口令进行匹配, 如两者匹配, 则允许登录, 如两者不匹配 则拒绝登录。  The dynamic password and the login reference password are matched. If the two match, the login is allowed. If the two do not match, the login is denied.
2、根据权利要求 1所述的登录方法, 其中, 对至少一个用户预先设置的登录规则进行存储包 括 The login method according to claim 1, wherein storing the login rule set in advance by at least one user includes
获取被控制元素的数量和位置;  Get the number and location of the controlled elements;
获取控制元素的数量和位置;  Get the number and location of control elements;
将该被控制元素和控制元素进行合并形成登录规则;  Combining the controlled element and the control element to form a login rule;
对该登录规则进行存储。  The login rule is stored.
3、 根据权利要求 2所述的登录方法, 其中, 在对该登录规则进行存储时进行加密, 加密密钥 由系统保管、 或由用户控制产生。 The login method according to claim 2, wherein the encryption is performed when the registration rule is stored, and the encryption key is stored by the system or controlled by the user.
4、 根据权利要求 3所述的登录方法, 其中, 除了获取用户身份信息, 还获取该加密密钥以便 利用该用户身份信息以及加密密钥调用存储的对应该用户的登录规则。 4. The login method according to claim 3, wherein, in addition to acquiring the user identity information, the encryption key is further acquired to invoke the stored login rule corresponding to the user by using the user identity information and the encryption key.
5、 根据权利要求 1所述的登录方法, 其中, 所述将随机信息提供给用户是通过图像、 声音等 形式提供给用户。 The login method according to claim 1, wherein the providing the random information to the user is provided to the user in the form of an image, a sound, or the like.
6、 根据权利要求 1所述的登录方法, 其中, 所述被控制元素是数字、 字母、 字符、 各国的文 字、 音乐符号、 色谱、 化学元素符号、 图片等等信息; 所述控制元素是排列组合、 数学 运算符、 逻辑运算符、 移位操作符。 6. The login method according to claim 1, wherein the controlled elements are numbers, letters, characters, national characters, musical symbols, chromatograms, chemical element symbols, pictures, and the like; the control elements are arranged Combinations, mathematical operators, logical operators, shift operators.
'、根据权利要求 1所述的登录方法, 其中, 所述获取控制元素和被控制元素是通过提供控制 元素输入及或选择界面以及被控制元素输入及或选择界面实现的。 8、根据权利要求 1所述的登录方法, 其中, 还包括对各用户预先设置的至少一个报警规则进 行存储, 该报警规则包括至少一个被控制元素以及对该至少一个被控制元素进行控制的至少 一个控制元素, 将该随机信息提供给用户, 同时基于该随机信息利用存储的报警规则生成一 报警基准口令; 对该动态口令以及该报警基准口令进行匹配, 如两者匹配, 则报警。 The login method according to claim 1, wherein the acquisition control element and the controlled element are implemented by providing a control element input and/or selection interface and a control element input and/or selection interface. 8. The login method according to claim 1, further comprising storing at least one alarm rule preset by each user, the alarm rule including at least one controlled element and at least controlling the at least one controlled element A control element provides the random information to the user, and generates an alarm reference password based on the random information using the stored alarm rule; and matches the dynamic password and the alarm reference password, and if the two match, an alarm is generated.
9、基于用户自主产生的动态口令对系统登录的方法, 其中该系统存储有多个用户预先设置的 登录规则, 该登录规则包括至少一个被控制元素以及对该至少一个被控制元素进行控制的至 少一个控制元素; 9. A method for logging in to a system based on a user-generated dynamic password, wherein the system stores a plurality of user-set login rules, the login rule including at least one controlled element and at least one of the controlled elements a control element;
其包括以下步骤:  It includes the following steps:
生成与该被控制元素数量对应的随机信息,  Generating random information corresponding to the number of controlled elements,
将该随机信息提供给用户;  Providing the random information to the user;
获取用户身份信息以及用户输入的动态口令;  Obtain user identity information and a dynamic password entered by the user;
利用该获取的用户身份信息调用存储的对应该用户的登录规则并基于该随机信息生成一 基准口令;  Using the obtained user identity information, calling the stored login rule corresponding to the user and generating a reference password based on the random information;
对该动态口令以及该基准口令进行匹配, 如两者匹配, 则允许登录, 如两者不匹配则拒 绝登录。 根据权利要求 9所述的登录方法, 其中, 对各用户预先设置的登录规则进行存储包括 获取被控制元素的数量和位置;  The dynamic password and the reference password are matched. If the two match, the login is allowed. If the two do not match, the login is refused. The login method according to claim 9, wherein storing the login rules set in advance by each user comprises acquiring the number and location of the controlled elements;
获取控制元素的数量和位置;  Get the number and location of control elements;
将该被控制元素和控制元素进行合并形成登录规则;  Combining the controlled element and the control element to form a login rule;
对该登录规则进行存储。  The login rule is stored.
11、 根据权利要求 10所述的登录方法, 其中, 在对该登录规则进行存储时进行加密, 加密密 钥由系统保管、 或由用户控制产生。 The login method according to claim 10, wherein the encryption is performed when the registration rule is stored, and the encryption key is stored by the system or controlled by the user.
12、 根据权利要求 11所述的登录方法, 其中, 除了获取用户身份信息, 还获取该加密密钥以 便利用该用户身份信息以及加密密钥调用存储的对应用户的登录规则。 The login method according to claim 11, wherein, in addition to acquiring user identity information, the encryption key is further acquired to facilitate calling the stored login rule of the corresponding user with the user identity information and the encryption key.
13、 根据权利要求 9所述的登录方法, 其中, 所述将该随机信息提供给用户是通过有线、 无 线方式将随机信息以图像及或声音的形式提供至用户的终端设备上。 The login method according to claim 9, wherein the providing the random information to the user is to provide the random information to the user's terminal device in the form of an image and or a sound through a wired or wireless manner.
14、 基于用户自主产生的动态口令对系统登录的方法, 其中该系统存储有多个用户预先设置 的登录规则, 该登录规则包括至少一个被控制元素以及对该至少一个被控制元素进行控制的 至少一个控制元素; 14. A method for logging in to a system based on a user-generated dynamic password, wherein the system stores a plurality of users preset a login rule, the login rule including at least one controlled element and at least one control element controlling the at least one controlled element;
其包括以下步骤:  It includes the following steps:
生成与该被控制元素数量对应的随机信息,  Generating random information corresponding to the number of controlled elements,
将该随机信息提供给用户;  Providing the random information to the user;
获取用户身份信息以及用户输入的动态口令;  Obtain user identity information and a dynamic password entered by the user;
利用该获取的用户身份信息调用存储的对应该用户的登录规则并基于该随机信息生成一 基准口令;  Using the obtained user identity information, calling the stored login rule corresponding to the user and generating a reference password based on the random information;
对该动态口令以及该基准口令进行匹配, 如两者匹配, 则允许登录, 如两者不匹配则拒 绝登录。  The dynamic password and the reference password are matched. If the two match, the login is allowed. If the two do not match, the login is refused.
15、 基于用户自主产生的动态口令对系统登录的方法, 其中该系统存储有多个用户预先设置 的登录规则, 该登录规则包括至少一个被控制元素以及对该至少一个被控制元素进行控制的 至少一个控制元素; 15. A method for logging in to a system based on a user-generated dynamic password, wherein the system stores a plurality of preset login rules for the user, the login rule including at least one controlled element and at least the at least one controlled element. a control element;
其包括以下步骤:  It includes the following steps:
获取用户的身份信息;  Obtain the identity information of the user;
根据获取的身份信息调用存储的对应该用户的登录规则;  Recalling the stored login rule corresponding to the user according to the acquired identity information;
生成与该被控制元素数量对应的随机信息,  Generating random information corresponding to the number of controlled elements,
将该随机信息提供给用户; 同时基于该用户的登录规则以及该随机信息生成一登录基准 口令;  Providing the random information to the user; and generating a login reference password based on the login rule of the user and the random information;
对该动态口令以及该登录基准口令进行匹配, 如两者匹配, 则允许登录, 如两者不匹配 则拒绝登录。  The dynamic password and the login reference password are matched. If the two match, the login is allowed. If the two do not match, the login is denied.
16、 基于用户自主产生的动态口令对系统登录的方法, 其中该系统存储有至少一个用户预先 设置的登录规则, 该登录规则包括至少一个被控制元素以及对该至少一个被控制元素进行控 制的至少一个控制元素; 16. The method for logging in to a system based on a user-generated dynamic password, wherein the system stores at least one login rule preset by a user, the login rule including at least one controlled element and at least the at least one controlled element being controlled a control element;
其包括以下步骤:  It includes the following steps:
感知用户终端的存在;  Perceive the existence of the user terminal;
获取用户的身份信息;  Obtain the identity information of the user;
根据获取的身份信息调用存储的对应该用户的登录规则;  Recalling the stored login rule corresponding to the user according to the acquired identity information;
生成与该被控制元素数量对应的随机信息,  Generating random information corresponding to the number of controlled elements,
将该随机信息通过近距离无线通信方式提供给用户终端; 同时基于该用户的登录规则以 及该随机信息生成一登录基准口令;  And providing the random information to the user terminal by means of short-range wireless communication; and generating a login reference password based on the login rule of the user and the random information;
接收用户终端发出的一动态口令; 对该动态口令以及该登录基准口令进行匹配, 如两者匹配, 则允许登录, 如两者不匹配 则拒绝登录。 Receiving a dynamic password sent by the user terminal; The dynamic password and the login reference password are matched. If the two match, the login is allowed. If the two do not match, the login is refused.
17、 基于用户自主产生的口令对系统进行登录的装置, 其中该系统至少包括存储有至少一个 用户预先设置的登录规则的存储单元, 该登录规则包括至少一个被控制元素以及对该至少一 个被控制元素进行控制的至少一个控制元素; 17. The apparatus for logging in to a system based on a user-generated password, wherein the system includes at least a storage unit storing at least one login rule preset by a user, the login rule including at least one controlled element and the at least one controlled At least one control element that the element controls;
该装置包括:  The device includes:
随机信息生成单元, 用于生成与该被控制元素数量对应的随机信息,  a random information generating unit, configured to generate random information corresponding to the number of controlled elements,
随机信息传送单元, 用于将该随机信息提供给用户,  a random information transmission unit, configured to provide the random information to the user,
登录基准口令生成单元,用于基于该随机信息利用存储的登录规则生成一登录基准口令; 获取单元, 至少用于获取用户输入的动态口令;  a login reference password generating unit, configured to generate a login reference password by using the stored login rule based on the random information; and an obtaining unit, configured to acquire at least a dynamic password input by the user;
匹配单元, 对该动态口令以及该登录基准口令进行匹配, 如两者匹配, 则允许登录, 如 两者不匹配则拒绝登录。  The matching unit matches the dynamic password and the login reference password. If the two match, the login is allowed, and if the two do not match, the login is refused.
18、根据权利要求 17所述的装置, 其中, 该存储单元还对该至少一个用户预先设置的至少一 个报警规则进行存储, 该报警规则包括至少一个被控制元素以及对该至少一个被控制元 素进行控制的至少一个控制元素, 还包括一报警基准口令生成单元, 用于基于该随机信 息利用存储的报警规则生成一报警基准口令; 以及一报警匹配单元, 对该动态口令以及 该报警基准口令进行匹配, 如两者匹配, 则报警。 18. The apparatus according to claim 17, wherein the storage unit further stores at least one alarm rule preset by the at least one user, the alarm rule including at least one controlled element and the at least one controlled element And controlling at least one control element, further comprising an alarm reference password generating unit, configured to generate an alarm reference password by using the stored alarm rule based on the random information; and an alarm matching unit, matching the dynamic password and the alarm reference password If the two match, the alarm will be given.
PCT/CN2012/071358 2012-02-10 2012-02-20 Method and device for system login based on dynamic password generated autonomously by user WO2013117019A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210030671.3 2012-02-10
CN201210030671.3A CN102638447B (en) 2012-02-10 2012-02-10 Method and device for system login based on autonomously generated password of user

Publications (1)

Publication Number Publication Date
WO2013117019A1 true WO2013117019A1 (en) 2013-08-15

Family

ID=46622692

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/071358 WO2013117019A1 (en) 2012-02-10 2012-02-20 Method and device for system login based on dynamic password generated autonomously by user

Country Status (2)

Country Link
CN (1) CN102638447B (en)
WO (1) WO2013117019A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11244041B2 (en) 2020-03-05 2022-02-08 International Business Machines Corporation Dynamic password generation using morphological groups
US12210607B2 (en) * 2020-05-11 2025-01-28 Chunlin YE Security verification system featuring user autonomy

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102957688B (en) * 2012-08-16 2016-05-04 中国商用飞机有限责任公司 password input and verification method and device
CN103297228A (en) * 2013-05-15 2013-09-11 江苏奇异点网络有限公司 Network connecting encryption method of mobile terminal
CN103684761B (en) * 2013-12-25 2017-02-01 广西宝恒电子科技有限公司 Coding and decoding method
DE102014002207A1 (en) * 2014-02-20 2015-08-20 Friedrich Kisters Method and device for identifying or authenticating a person and / or an object by dynamic acoustic security information
CN103957106B (en) * 2014-03-14 2017-05-31 韩素平 Self-defined two-way dynamic security Verification System
CN104104514A (en) * 2014-07-25 2014-10-15 小米科技有限责任公司 Method and device for identifying by using verification code
CN104158807B (en) * 2014-08-14 2017-07-28 福州环亚众志计算机有限公司 A kind of safe cloud computing method and system based on PaaS
CN104158665A (en) * 2014-08-25 2014-11-19 小米科技有限责任公司 Method and device of verification
CN105656844A (en) * 2014-11-12 2016-06-08 江苏威盾网络科技有限公司 Method for preventing network hacker from stealing password
CN104410494A (en) * 2014-11-15 2015-03-11 韩素平 A customizing pre-generating multi-password authentication system
CN105718766A (en) * 2014-12-01 2016-06-29 富泰华工业(深圳)有限公司 Electronic device and screen unlocking method thereof
US10313881B2 (en) * 2015-09-21 2019-06-04 Lawrence Liu System and method of authentication by leveraging mobile devices for expediting user login and registration processes online
DE102015116627A1 (en) * 2015-09-30 2017-03-30 Friedrich Kisters Method and device for authenticating an object or a person via a modularly constructed security element
CN105631675B (en) * 2015-11-30 2019-06-11 东莞酷派软件技术有限公司 Information acquisition method, device and terminal
CN106204394B (en) * 2016-07-13 2020-10-20 合肥指南针电子科技有限责任公司 Intelligent service terminal of service hall
CN106303022B (en) * 2016-08-12 2019-04-12 广西大学 A kind of electronics key transmitting password by voice-grade channel
CN108664798B (en) 2017-03-31 2021-06-29 北京京东尚科信息技术有限公司 Information encryption method and device
CN106936590A (en) * 2017-04-26 2017-07-07 郭至涵 User validation verification method and device
CN107426163A (en) * 2017-05-10 2017-12-01 深圳天珑无线科技有限公司 A kind of method and device of encryption
CN107808082B (en) * 2017-10-13 2021-08-24 平安科技(深圳)有限公司 Electronic device, data access verification method, and computer-readable storage medium
CN108777672A (en) * 2018-01-18 2018-11-09 上海求敏信息科技有限公司 A kind of authentication method and system of multiple authentication
CN110120929B (en) * 2018-02-06 2022-01-25 阿里巴巴集团控股有限公司 Electronic equipment, unlocking method, service server, platform server and client
CN111881426B (en) * 2020-06-17 2023-09-01 福建图宇燎原信息技术有限公司 A city management method, system and storage medium integrating geospatial and IoT technologies
CN113792276A (en) * 2021-11-11 2021-12-14 麒麟软件有限公司 Operating system user identity authentication method and system based on dual-architecture
CN113901440B (en) * 2021-12-09 2022-04-08 北京网界科技有限公司 User login system and method, and user login setting system and method
CN114697020A (en) * 2022-03-17 2022-07-01 浙江中广电器集团股份有限公司 A kind of encryption control method of electronic equipment
CN114866253B (en) * 2022-04-27 2024-05-28 北京计算机技术及应用研究所 Reliable cloud host login system and cloud host login method implemented by same
CN115242450B (en) * 2022-06-23 2024-05-10 北卡科技有限公司 Password data input method, device and storage medium
TW202427247A (en) * 2022-12-20 2024-07-01 飛捷科技股份有限公司 Password generation and verification method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1414731A (en) * 2002-04-11 2003-04-30 深圳汇丰信息技术开发有限公司 Dynamic word command identification method and its system
CN101674284A (en) * 2008-09-08 2010-03-17 联想(北京)有限公司 Authentication method and system, user side server and authentication server

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101667917B (en) * 2009-09-28 2011-09-21 张师祝 Dynamic password input rule

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1414731A (en) * 2002-04-11 2003-04-30 深圳汇丰信息技术开发有限公司 Dynamic word command identification method and its system
CN101674284A (en) * 2008-09-08 2010-03-17 联想(北京)有限公司 Authentication method and system, user side server and authentication server

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11244041B2 (en) 2020-03-05 2022-02-08 International Business Machines Corporation Dynamic password generation using morphological groups
US12210607B2 (en) * 2020-05-11 2025-01-28 Chunlin YE Security verification system featuring user autonomy

Also Published As

Publication number Publication date
CN102638447B (en) 2014-08-06
CN102638447A (en) 2012-08-15

Similar Documents

Publication Publication Date Title
WO2013117019A1 (en) Method and device for system login based on dynamic password generated autonomously by user
EP3824592B1 (en) Public-private key pair protected password manager
US9338163B2 (en) Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method
EP2166697B1 (en) Method and system for authenticating a user by means of a mobile device
KR101381789B1 (en) Method for web service user authentication
US20090013402A1 (en) Method and system for providing a secure login solution using one-time passwords
CN103905188B (en) Utilize the method and intelligent cipher key equipment of intelligent cipher key equipment generation dynamic password
EP2936369A1 (en) Verification of password using a keyboard with a secure password entry mode
CN101272237A (en) A method and system for automatically generating and filling login information
CN104270338A (en) Method and system for electronic identity registration and authentication login
CN105187382B (en) Prevent from hitting the multiple-factor identity identifying method of storehouse attack
WO2013043534A1 (en) Mobile computing device authentication using scannable images
EP2150915B1 (en) Secure login protocol
JP2012530996A (en) Authentication method and system
CN101262349A (en) Method and device for identity authentication based on short message
CN103929306A (en) Intelligent secret key device and information management method of intelligent secret key device
CN106059764B (en) Password and Fingerprint Three-Party Authentication Method Based on Termination Key Derivation Function
CN115396139B (en) Password theft prevention authentication and encryption system and method
CA2611549C (en) Method and system for providing a secure login solution using one-time passwords
CN108280330A (en) Data output method and system
Reddy et al. A comparative analysis of various multifactor authentication mechanisms
Pulko et al. USER AUTHENTICATION IN INFORMATION SYSTEMS
Molla Mobile User Authentication System (MUAS) for E-commerce Applications
Almazaydeh et al. Efficient Implementation of oPass User Authentication Protocol
Geng et al. Improved Digital Password Authentication Method for Android System

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12868080

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC DATED 02.12.14

122 Ep: pct application non-entry in european phase

Ref document number: 12868080

Country of ref document: EP

Kind code of ref document: A1