CN101345620A - Internet user account cipher protection method of on-line token - Google Patents
Internet user account cipher protection method of on-line token Download PDFInfo
- Publication number
- CN101345620A CN101345620A CNA2007100758527A CN200710075852A CN101345620A CN 101345620 A CN101345620 A CN 101345620A CN A2007100758527 A CNA2007100758527 A CN A2007100758527A CN 200710075852 A CN200710075852 A CN 200710075852A CN 101345620 A CN101345620 A CN 101345620A
- Authority
- CN
- China
- Prior art keywords
- server
- user
- token
- line token
- line
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
On-line token is a novel method for protecting account password safety of internet user. The user logins in a on-line token server and obtains a new, unique and time-limitable one-time password, which avoids high cost of spread for physical real token (physical device for producing one-time password)and inconvenience for carrying of physical token for user.
Description
Technical field
The present invention relates to the various services that need to input the user account number password in the Internet, can prevent effectively that the user account number password is stolen.
Background technology
Unite release (U.S. Patent number 4885778 in common have RSA information security company (Nasdaq:RSAS) and the DynamiCode company of protection internet user account password at present; 5097505; 5168520; 5657388) two-factor authentication technology physics entity token; this physical entity token can and user's concrete business (as online Private Banking) account number binding, this token just can produce new and disposal password uniqueness in per 60 seconds.The sharpest edges of this method be will need the service terminal of user account number password effectively separate with the terminal that produces unique disposal password, make the assailant can't with both informational linkage together, thereby avoid hacker's attack.The shortcoming that this method exists is, the one, and the cost problem of physical entity token, the 2nd, the user carries and uses inconvenience, and when a user has the different token of a plurality of business-bindings, this user just need carry the physical entity tokens of a plurality of corresponding business.
RSA information security company has also released software token simultaneously, and this software token can be installed in the hand held equipment, removes the inconvenience that the user carries redundant equipment from.Shortcoming is that the user needs standard hotsync process that the application software of this hand held equipment correspondence is installed, seed is recorded in is stored in the hand held equipment, deleted or distort when kind of subrecord, need reinstall this process, only in the equipment that this application software and kind subrecord correctly have been installed, just can use.
Summary of the invention
The objective of the invention is to realize the Internet user account number cipher protection effect identical by on-line token with the physical entity token in order to solve under the prerequisite of not using the physical entity token.
The objective of the invention is to reach as follows:
1, the user registers by the server that login ISP provides; or by phone registration; or register the on-line token number of the account to the business hall; the concrete form of registration can be the form of user name encrypted code, and the user of the need protection that simultaneously this on-line token number of the account and this ISP is provided logins the number of the account (as online Private Banking number of the account) of this user on the account number server and binds.
2; during the account number server (as online Private Banking server) of the need protection that the user provides in login ISP at every turn; the user signs in to the on-line token server that ISP provides by a customer terminal equipment earlier; obtain one new; unique; have certain timeliness disposal password or and password the sound of identical function is arranged; image; video; this disposal password is input in the account number server (as the service of online Private Banking) of the need protection that ISP provides, the mode of input password can be to need the fixed password of account number server user's number of the account of protection to add the compound mode of disposal password or disposal password mode independently.
3, the scheme of the specific implementation of on-line token server is not in claim of the present invention.A kind of feasible program now is provided; when the on-line token server receive be certain user's logging request the time; at first verify by the backstage registration database whether the username and password of this user's input is legal; if it is legal; then with the account number server account (as online Private Banking number of the account) of the need of this user binding protection as crucial index value; make up a data node; this back end comprises the disposal password of the designated length that generates at random; with this disposal password surplus value effective time; this node is inserted in the current crucial index data node listing that is in state of activation, simultaneously disposal password and this disposal password surplus value effective time is sent to the user by WEB (World wide web) or WAP (Wireless Application Protocol) or Email or other interconnected network modes.Server can regularly upgrade disposal password surplus value effective time in all critical data nodes that are in state of activation, when the effective time of a certain back end, surplus value reduced to zero, then with the deletion from the back end tabulation of whole state of activation of this back end.What receive when the on-line token server is when needing account number server (as the online Private Banking server) request of protection; inquire about in the current crucial index data node listing that is in state of activation by the number of the account submitted to; if there is no then return error message, if exist then the disposal password of this number of the account correspondence is returned to the account number server (as online Private Banking server) that needs protection.
4, the legal scheme of account number server (as online Private Banking server) the checking account of the need protection that provides of ISP is not in claim of the present invention.At step 3; need the account number server (as online Private Banking server) of protection can judge at first whether this user account has the on-line token protection; if have then online from network token server is obtained the corresponding disposal password of this number of the account, carry out the user validation checking.
5, as described in the claim 6; the on-line token server that ISP provides can be to separate with the account number server (as online Private Banking server) that needs protection; it also can be the difference in functionality module of same server; be to comprise two kinds of functions, the generation of online online order and the checking of disposal password on the server that provides of ISP.
Advantage of the present invention is:
1, realize that principle is simple, exploitation is convenient.
2, use on-line token, need not the physical entity token, save cost, be beneficial to popularization.
3, when if the on-line token server that ISP provides is WEB (World wide web) server or WAP (Wireless Application Protocol) server, the customer terminal equipment that the user uses only need insert the Internet, the WEB page or WAP (Wireless Application Protocol) page browsing application software is housed just can sign in to the on-line token server and obtain disposal password, third-party application software need not be installed, the seed recorded information need not be installed, the user can login the on-line token server that different ISPs provides simultaneously, obtains disposal password separately.
4, present progressively universal and popularization along with hand held equipment wireless access Internet technology and facility, and ease for use and the practicality that should invent self can be widely used in the protection of the various account number property safeties of Internet user.
Description of drawings
Accompanying drawing is the reciprocal process schematic diagram of client terminal and server end.(1) expression client terminal sends logging request to the on-line token server among the figure; (2) expression on-line token server is to the effective duration that returns client terminal disposal password and this password among the figure; (3) expression client terminal sends logging request to the user login services device of this disposal password protection of need among the figure, and (4) expression needs the user login services device of this disposal password protection to return the login result to client terminal among the figure.
Embodiment
An example, system of online Private Banking.At first the user is when corresponding lobby is handled personal banking, registration on-line token server user account number cipher, and on-line token number of the account and this user's bank card account number is provided with binding.When the user logins the service of online Private Banking on PC, earlier with inserting on-line token WEB (World wide web) server or WAP (Wireless Application Protocol) the server acquisition disposal password that the Internet hand held equipment login bank provides.The user logins in PC on the interface of online Private Banking service, and input account No., input account No. fixed password add the combination of disposal password and finish login authentication.
Claims (6)
1, a kind of on-line token; it is characterized in that the Internet user signs in to the on-line token server that ISP provides by a customer terminal equipment; obtain new, unique, that certain timeliness an is arranged disposal password or and password have sound, image, the video of identical function, user use this disposal password go to login that ISP provides, need the user of this disposal password protection to login the account number server.
2, according to right 1 described on-line token, it is characterized in that the customer terminal equipment that the Internet user uses can be a PC, hand held equipment or other can insert the terminal equipment of the Internet.
3, according to right 1 described on-line token, it is characterized in that on-line token server that ISP provides can be WEB (World wide web) server, WAP (Wireless Application Protocol) server, by independently developed server of ISP or the other forms of Internet Server of finishing said function.
4, according to right 1 described on-line token, the mode that the on-line token server notification user disposal password that provides of ISP is provided can be WEB (World wide web) page mode, WAP (Wireless Application Protocol) page mode, E-mail mode or the other forms of the Internet notification line mode of finishing said function.
5,, it is characterized in that the user checks that the mode of return disposal password can be to browse software, the independently developed client terminal software of ISP or the other forms of client terminal software of finishing said function by WEB (World wide web) page browsing software, WAP (Wireless Application Protocol) page browsing software, Email according to right 1 described on-line token.
6, according to right 1 described on-line token, it can be that what to separate also can be the difference in functionality module of same server that the user who it is characterized in that the protection of this disposal password of on-line token server and need logins the account number server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100758527A CN101345620A (en) | 2007-07-10 | 2007-07-10 | Internet user account cipher protection method of on-line token |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100758527A CN101345620A (en) | 2007-07-10 | 2007-07-10 | Internet user account cipher protection method of on-line token |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101345620A true CN101345620A (en) | 2009-01-14 |
Family
ID=40247517
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007100758527A Pending CN101345620A (en) | 2007-07-10 | 2007-07-10 | Internet user account cipher protection method of on-line token |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101345620A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102307177A (en) * | 2010-09-25 | 2012-01-04 | 广东电子工业研究院有限公司 | One-time password management system and method for windows virtual machine |
| CN102710420A (en) * | 2012-06-04 | 2012-10-03 | 华为终端有限公司 | Method, system and device for setting password |
| CN102957706A (en) * | 2012-11-14 | 2013-03-06 | 苏州薇思雨软件科技有限公司 | Safe anti-cracking method of data server |
| CN103139168A (en) * | 2011-11-30 | 2013-06-05 | 中国移动通信集团公司 | Method of improving success rate of capacity call and open platform |
| CN104036161B (en) * | 2013-03-08 | 2017-10-27 | 爱思打印解决方案有限公司 | Manage the method and image processing system of the User logs in of the application based on cloud |
| CN107820689A (en) * | 2015-06-29 | 2018-03-20 | 安维智有限公司 | Certification key is distributed to application program installation |
| CN108234124A (en) * | 2016-12-15 | 2018-06-29 | 腾讯科技(深圳)有限公司 | Auth method, device and system |
-
2007
- 2007-07-10 CN CNA2007100758527A patent/CN101345620A/en active Pending
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102307177A (en) * | 2010-09-25 | 2012-01-04 | 广东电子工业研究院有限公司 | One-time password management system and method for windows virtual machine |
| CN103139168A (en) * | 2011-11-30 | 2013-06-05 | 中国移动通信集团公司 | Method of improving success rate of capacity call and open platform |
| CN103139168B (en) * | 2011-11-30 | 2016-01-20 | 中国移动通信集团公司 | Raising ability calls method and the open platform of success rate |
| CN102710420A (en) * | 2012-06-04 | 2012-10-03 | 华为终端有限公司 | Method, system and device for setting password |
| CN102710420B (en) * | 2012-06-04 | 2015-12-16 | 华为终端有限公司 | The method of password, system and equipment thereof are set |
| CN102957706A (en) * | 2012-11-14 | 2013-03-06 | 苏州薇思雨软件科技有限公司 | Safe anti-cracking method of data server |
| CN104036161B (en) * | 2013-03-08 | 2017-10-27 | 爱思打印解决方案有限公司 | Manage the method and image processing system of the User logs in of the application based on cloud |
| CN107820689A (en) * | 2015-06-29 | 2018-03-20 | 安维智有限公司 | Certification key is distributed to application program installation |
| CN107820689B (en) * | 2015-06-29 | 2021-10-26 | 安维智有限公司 | System and method for distributing authentication keys to application installations |
| CN108234124A (en) * | 2016-12-15 | 2018-06-29 | 腾讯科技(深圳)有限公司 | Auth method, device and system |
| CN108234124B (en) * | 2016-12-15 | 2020-10-16 | 腾讯科技(深圳)有限公司 | Identity verification method, device and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1110347B1 (en) | Unique digital signature | |
| US8869253B2 (en) | Electronic system for securing electronic services | |
| CN102006299B (en) | Trustworthy internet-oriented entity ID (Identity)-based ID authentication method and system | |
| US7500099B1 (en) | Method for mitigating web-based “one-click” attacks | |
| CN101166091B (en) | A dynamic password authentication method and service end system | |
| US20070006286A1 (en) | System and method for security in global computer transactions that enable reverse-authentication of a server by a client | |
| JP2011502311A (en) | Account transaction management using dynamic account numbers | |
| CN101183932A (en) | Security identification system of wireless application service and login and entry method thereof | |
| WO2011106716A1 (en) | Security device provisioning | |
| JP2003234736A (en) | Public key infrastructure token issuance and binding | |
| CN101345620A (en) | Internet user account cipher protection method of on-line token | |
| CN101414909A (en) | System, method and mobile communication terminal for verifying network application user identification | |
| CN103220344A (en) | Method and system for using microblog authorization | |
| CN101426009A (en) | Identity management platform, service server, uniform login system and method | |
| CN102209046A (en) | Network resource integration system and method | |
| CN102098162A (en) | A security token-based operation and maintenance security management method | |
| CN109067785A (en) | Cluster authentication method, device | |
| CN104125230B (en) | A kind of short message certification service system and authentication method | |
| CN101247216A (en) | Method for logging in web terminal from client terminal in instant communication tool | |
| CN104079413A (en) | Enhancement type one-time dynamic password authentication method and system | |
| CN108200039A (en) | Unaware authentication and authorization system and method based on dynamic creation temporary account password | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN104584479A (en) | Method and system using a Cyber ID to provide secure transactions | |
| TWI357752B (en) | Network user id verification system and method | |
| CN100589382C (en) | Dynamic password authentication system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C57 | Notification of unclear or unknown address | ||
| DD01 | Delivery of document by public notice |
Addressee: Lv Xiue Document name: Notification to Make Rectification |
|
| C06 | Publication | ||
| PB01 | Publication | ||
| C57 | Notification of unclear or unknown address | ||
| DD01 | Delivery of document by public notice |
Addressee: Lv Xiue Document name: Notification of Publication of the Application for Invention |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090114 |