Method for improving identification authentication security based on password card

An identity authentication and password card technology, applied in the field of information security, can solve problems such as loss of legal users, illegal transactions, troubles, etc., and achieve the effect of increasing the difficulty of cracking and improving security.

Active Publication Date: 2008-11-12

FEITIAN TECHNOLOGIES

0 Cites 9 Cited by

AI-Extracted Technical Summary

Problems solved by technology

[0008] The above-mentioned prior art adopts the same PIN each time for user identity authentication on information security equipment. Although the user can modify the PIN, it usually does not modify the PIN after each identity authentication, so there is a security risk. If If the PIN is intercepted by a hacker, the hacker may use the PIN to steal sensitive information s...

Method used

[0061] The embodiment of the present invention binds the password card and the information security device, and performs identity authentication according to the password in the password card, which improves the security of identity authentication and realizes dynamic authentication. Use different passwords to achieve the effect of one-time pad. Compared with using the same PIN verification e...

Abstract

The invention discloses a method for improving the security of identity authentication based on a password card, belonging to the information security field. The method comprises the following steps: information security equipment receives applications and check codes for binding a first password card sent from users; the consistency of the check code and a built-in check code is compared, and if the two check codes are consistent, the serial number of the password card inputted by the users can be received, which is then stored to finish the binding process with the password card; in the process of identity authentication, the first coordinate value which is randomly chosen in prestored coordinates range is for users, and the password calculated according to the coordinate value, the calculation and the password which is calculated by the serial number are compared with the password inputted by the users according to the coordinate value to finish the identity authentication. The method of the invention improves the security of the identity authentication, realizes the dynamic identification. Compared with the prior art, the method avoids the problems that if the PIN is intercepted by hackers, information inside the equipment can be stolen or illegal transactions can be done, and the like, thus improving the cracking difficulty and enhancing the security.

Application Domain

User identity/authority verification

Technology Topic

PasswordBinding process +4

Image

Examples

Experimental program(2)

Example Embodiment

[0031] Example 1

[0032] see figure 1 , the embodiment of the present invention provides a method for improving identity authentication security based on a password card, the method specifically includes:

[0033] Step 101: The information security device receives the application for binding the first password card and the verification code sent by the user.

[0034] Step 102: The information security device checks whether the received verification code is consistent with the built-in verification code, and if they are consistent, execute step 103; otherwise, the binding of the information security device and the first passcard fails, and ends.

[0035] Step 103: The information security device receives the serial number of the first password card input by the user, saves the serial number, and completes the binding with the first password card.

[0036] Step 104: After receiving the user's identity authentication application, the information security device selects the first coordinate value within the pre-stored coordinate range and provides it to the user, and receives the user input corresponding to the first coordinate value on the first password card. Password UserPIN1.

[0037] There are usually multiple passwords on the password card purchased by the user, such as 30, and the multiple passwords are usually arranged in the form of a matrix, and each password in the matrix has a corresponding coordinate value, such as the password User PIN1 in the third line The fourth column, its corresponding coordinate value is (3, 4).

[0038] There are multiple coordinate values in the pre-stored coordinate range of the information security device. Usually, the coordinate range is the same as the coordinate range of the password matrix on the password card purchased by the user. The information security device can randomly select a coordinate value as the first coordinate value, and provided to the user. For example, if the coordinate range pre-stored by the information security device is 4 rows×5 columns, the information security device may select the coordinate value (4, 2), that is, the fourth row and the second column, as the first coordinate value.

[0039] Step 105: The information security device calculates the stored serial number and the selected first coordinate value by using a password generation algorithm, and generates a password User PIN2.

[0040] Preferably, the above-mentioned password generation algorithm is the HOTP algorithm, and the specific generation method is to splice the coordinate value and the serial number of the password card, and then use the HOTP algorithm to generate the corresponding password. In this step, the first coordinate value is spliced with the saved serial number, and then the password User PIN2 is generated by using the HOTP algorithm.

[0041] Step 106: The information security device checks whether the generated password User PIN2 is consistent with the password User PIN1 input by the user, and if they are consistent, execute step 107; otherwise, execute step 108.

[0042] Step 107: The user identity authentication is successful, the user is allowed to use and operate the information security device, and then ends.

[0043] Step 108: The user identity authentication fails, the user is prohibited from using and operating the information security device, and the process ends.

[0044] Further, after step 107, it may also include:

[0045] The information security device identifies the first coordinate value as unavailable within the prestored coordinate range. If the first coordinate value is set to the specified value or symbol, it indicates that the coordinate value is unavailable.

[0046] The verification code in this embodiment may be a static password or a biometric feature.

[0047] In this embodiment, the process of binding the information security device to the password card can also be completed by the server or the manufacturer. When the user obtains the information security device, he also obtains the password card bound to the information security device.

Example Embodiment

[0048] Example 2

[0049] see figure 2 , the embodiment of the present invention also provides a method for improving identity authentication security based on a password card, which specifically includes:

[0050] Step 201: The information security device receives the invitation and verification code for binding the first password card sent by the user.

[0051] Step 202: The information security device compares whether the verification code is consistent with the built-in verification code, and if they are consistent, execute step 203; otherwise, the binding between the information security device and the first passcard fails, and ends.

[0052] Step 203: The information security device receives the serial number of the first password card input by the user, uses the password generation algorithm to calculate the serial number to generate a password matrix, and saves the password matrix to complete the binding with the first password card.

[0053] Step 204: After receiving the user's identity authentication application, the information security device selects a password User PIN1 from the saved password matrix, and provides the first coordinate value corresponding to the password to the user, and receives the second coordinate value input by the user. A password User PIN2 corresponding to the first coordinate value on the password card. Wherein, the information security device may randomly select a password from the password matrix.

[0054] Step 205: The information security device checks whether the selected password User PIN1 is consistent with the password User PIN2 input by the user, and if they are consistent, perform step 206; otherwise, perform step 207.

[0055] Step 206: the user identity authentication is successful, the user is allowed to use and operate the information security device, and then ends.

[0056] Step 207: The user identity authentication fails, the user is prohibited from using and operating the information security device, and the process ends.

[0057] Further, after step 206, it may also include:

[0058] The information security device marks the password corresponding to the first coordinate value as unavailable in the saved password matrix. If the password corresponding to the first coordinate value is set to a specified value or symbol, the password is marked as unavailable.

[0059] The verification code in this embodiment may be a static password or a biometric feature.

[0060] In this embodiment, the process of binding the information security device to the password card can also be completed by the server or the manufacturer. When the user obtains the information security device, he also obtains the password card bound to the information security device.

[0061] In the embodiment of the present invention, by binding the password card and the information security device, and performing identity authentication according to the password in the password card, the security of identity authentication is improved, dynamic authentication is realized, and a different ID is used for each identity authentication. password to achieve the effect of one-time password. Compared with using the same PIN verification every time in the prior art and needing to go to a special counter for binding or unlocking, it can avoid that if the PIN is intercepted by hackers, sensitive information such as certificates stored in the information security device will be stolen or stolen by hackers. Issues such as illegal transactions increase the difficulty of cracking, improve security, and there is no out-of-sync problem.

PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

Classification and recommendation of technical efficacy words

Increase the difficulty of cracking
improve security

Method for improving identification authentication security based on password card

An identity authentication and password card technology, applied in the field of information security, can solve problems such as loss of legal users, illegal transactions, troubles, etc., and achieve the effect of increasing the difficulty of cracking and improving security.

AI-Extracted Technical Summary

Problems solved by technology

Method used

Abstract

Image

Examples

Example Embodiment

Example Embodiment

PUM

Description & Claims & Application Information

Similar technology patents

Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof

Capacity calling method, capacity calling request device, capacity calling platform and capacity calling system

Method, device and system for sending and receiving scheduling user data information

Hidden frame glass curtain wall structure and method for mounting same

Method and system for preventing mobile terminal from being updated to illegal firmware version

Classification and recommendation of technical efficacy words

Method and device for improving terminalself-flashing safety through ciphertext handshaking

Program protection method and device

Network information transmission method and system therefor

Bluetooth device safe login identity authentication method and device

Log encryption method and device and log decryption method and device

Automatic charging system for electric automobile

Low-temperature charge and heating system and method for power battery for all-electric vehicles

Block chain system, and data storage method and apparatus

Pesticide micro-capsule granules and preparation method thereof

Method for achieving user authentication by utilizing camera