+

CN103297240B - Towards secure password input system and the implementation method of intelligent terminal - Google Patents

Towards secure password input system and the implementation method of intelligent terminal Download PDF

Info

Publication number
CN103297240B
CN103297240B CN201310187110.9A CN201310187110A CN103297240B CN 103297240 B CN103297240 B CN 103297240B CN 201310187110 A CN201310187110 A CN 201310187110A CN 103297240 B CN103297240 B CN 103297240B
Authority
CN
China
Prior art keywords
password
intelligent terminal
information
external
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201310187110.9A
Other languages
Chinese (zh)
Other versions
CN103297240A (en
Inventor
赵华伟
徐如志
聂培尧
李延改
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qilu University of Technology
Original Assignee
Qilu University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qilu University of Technology filed Critical Qilu University of Technology
Priority to CN201310187110.9A priority Critical patent/CN103297240B/en
Publication of CN103297240A publication Critical patent/CN103297240A/en
Application granted granted Critical
Publication of CN103297240B publication Critical patent/CN103297240B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • User Interface Of Digital Computer (AREA)
  • Telephonic Communication Services (AREA)

Abstract

本发明的面向智能终端的安全口令输入系统,包括智能终端、外置口令输入器和远程服务器,外置口令输入器用于图形信息和有向线段信息的显示和加密。实现方法包括a).外置口令输入器的连接;b).图形参数设置;c).有向线段选取;d).口令配置信息加密;e).口令配置信息的发送;f).获取口令配置信息;g).随机产生规则图形;h).信息加密;i).信息发送;j).信息解密;j).远程服务器判断。本发明的系统和方法,通过图形和有向线段的结合来设置口令,使得每次产生的口令均不相同;即使智能终端上安装了键盘记录器,也无法探测用户的真实口令。本发明在移动应用领域,特别是电子商务和电子政务领域将有着广阔的应用空间。

The intelligent terminal-oriented security password input system of the present invention includes an intelligent terminal, an external password input device and a remote server, and the external password input device is used for displaying and encrypting graphic information and directed line segment information. The implementation method includes a). Connection of an external password input device; b). Graphic parameter setting; c). Selection of directed line segments; d). Encryption of password configuration information; e). Sending of password configuration information; f). Password configuration information; g). Randomly generate rule graphics; h). Information encryption; i). Information transmission; j). Information decryption; j). Remote server judgment. The system and method of the present invention set the password through the combination of graphics and directed line segments, so that the passwords generated each time are different; even if a keylogger is installed on the intelligent terminal, the real password of the user cannot be detected. The present invention will have broad application space in the field of mobile applications, especially in the fields of electronic commerce and electronic government affairs.

Description

面向智能终端的安全口令输入系统及实现方法Smart terminal-oriented security password input system and implementation method

技术领域 technical field

本发明涉及一种面向智能终端的安全口令输入系统及实现方法,更具体地说,尤其涉及一种输入的口令具有高强度且对手不易窃取的面向智能终端的安全口令输入系统及实现方法。 The present invention relates to an intelligent terminal-oriented security password input system and its implementation method, more specifically, to an intelligent terminal-oriented security password input system and implementation method in which the input password has high strength and is difficult for opponents to steal.

背景技术 Background technique

随着如智能手机、IPAD、平板电脑以及其它具备上网功能的智能移动终端设备的普及,利用这类设备实现随时随地的电子商务交易和电子政务系统登录已成为信息社会的一种潮流和大势所趋。但是由于用户往往在个人智能终端上安装了大量的应用软件,而这些应用软件的安全性无法保证,有些恶意的应用软件会截获用户的按键信息,从而捕获用户的交易密码或口令,这必然会对用户的电子商务交易和电子政务办公带来巨大的安全风险。为了解决这种安全问题,目前常用的方法是设计一种通过音频接口与智能终端通信的外置设备,该设备带有键盘,可供用户输入口令。但是,这种方法在可操作性和安全性上均存在问题。 With the popularization of smartphones, IPADs, tablet computers and other intelligent mobile terminal devices with Internet access functions, it has become a trend and general trend of the information society to use such devices to realize e-commerce transactions and e-government system login anytime and anywhere. However, because users often install a large number of application software on personal smart terminals, and the security of these application software cannot be guaranteed, some malicious application software will intercept the user's keystroke information, thereby capturing the user's transaction password or password. It brings huge security risks to users' e-commerce transactions and e-government affairs. In order to solve this security problem, a common method at present is to design an external device that communicates with the smart terminal through an audio interface, and the device has a keyboard for users to input passwords. However, this method has problems in operability and safety.

可操作性问题有两个方面:(1)键盘设计较大时不便于用户随身携带;(2)键盘设计较小时不便于用户输入口令,易于造成口令输入错误。 The operability problem has two aspects: (1) It is not convenient for the user to carry it when the keyboard design is large; (2) It is not convenient for the user to input the password when the keyboard design is small, and it is easy to cause password input errors.

安全性问题在于:为了用户的操作方便和便于记忆,该外置设备仅提供数字键盘,让用户设置6-8位数字的口令。这种口令的强度较低,很容易被敌手猜测到,或者在输入口令时被敌手观察到。而由于用户为了记忆方便,往往采用一种口令用于多种应用,因此这又会造成用户其它应用的安全性问题。 The security problem is: for the convenience of the user's operation and memory, the external device only provides a numeric keypad to allow the user to set a password of 6-8 digits. The strength of this password is low, and it is easy to be guessed by the adversary, or observed by the adversary when entering the password. And because the user often uses one password for multiple applications for the convenience of memory, this will cause security problems for other applications of the user.

发明内容 Contents of the invention

本发明为了克服上述技术问题的缺点,提供了一种输入的口令具有高强度且对手不易窃取的面向智能终端的安全口令输入系统及实现方法。 In order to overcome the disadvantages of the above-mentioned technical problems, the present invention provides an intelligent terminal-oriented security password input system and its implementation method, in which the input password has high strength and is difficult for opponents to steal.

本发明的面向智能终端的安全口令输入系统,包括智能终端、外置口令输入器和远程服务器,其特别之处在于:所述外置口令输入器与智能终端以有线或无线的形式进行通信,外置口令输入器用于图形信息和有向线段信息的显示和加密,智能终端用于将用户输入的信息通过3G或GPRS网络发送至远程服务器,远程服务器用于识别用户输入口令的正确性并提供相关服务。 The smart terminal-oriented security password input system of the present invention includes a smart terminal, an external password input device and a remote server, and its special feature is that: the external password input device communicates with the smart terminal in a wired or wireless form, The external password input device is used for displaying and encrypting graphic information and directed line segment information. The intelligent terminal is used to send the information entered by the user to the remote server through the 3G or GPRS network. The remote server is used to identify the correctness of the password entered by the user and provide Related Services.

外置口令输入器用于图形和有向线段信息的显示,而不设置键盘,这样就有效地缩小了外置口令输入器的体积,便于携带和使用。智能终端上装载有相应的应用程序,并可将相关信息发送至远程服务器。远程服务器可判断用户输入口令的正确性,根据判断结果提供相关服务。 The external password input device is used for displaying graphics and directed line segment information without a keyboard, which effectively reduces the size of the external password input device and is easy to carry and use. The corresponding application program is loaded on the intelligent terminal, and relevant information can be sent to the remote server. The remote server can judge the correctness of the password input by the user, and provide related services according to the judgment result.

本发明的面向智能终端的安全口令输入系统,在外置口令输入器与智能终端采用有线通信的情况下,外置口令输入器通过通信线与智能终端的音频或USB接口相连接。所述智能终端为智能手机、IPAD或平板电脑。 In the intelligent terminal-oriented security password input system of the present invention, when the external password input device and the intelligent terminal adopt wired communication, the external password input device is connected to the audio or USB interface of the intelligent terminal through the communication line. The intelligent terminal is a smart phone, an IPAD or a tablet computer.

本发明的面向智能终端的安全口令输入系统的实现方法,其特别之处在于,包括口令配置步骤和用户登录使用步骤,远程服务器与外置口令输入器共享一个预置密钥; The implementation method of the intelligent terminal-oriented security password input system of the present invention is special in that it includes a password configuration step and a user login and use step, and the remote server and the external password input device share a preset key;

所述口令配置包括以下步骤: Described password configuration comprises the following steps:

a).外置口令输入器的连接,首先实现外置口令输入器与智能终端的通信连接,并在智能终端上运行外置口令输入器的应用程序;b).图形参数设置,用户通过智能终端选取图形类型、图形大小以及口令字符集的范围;口令字符集的范围为图形中各元素的取值形式,其可为数字,数字和小写字母的组合,或者数字、小写字母和大写字母的组合;c).有向线段选取,根据用户设定的图形参数,在外置口令输入器上显示基于已选取图形的若干条有向线段,用户通过智能终端选取其中一条或者若干条有向线段作为口令符号输入次序,并将该有向线段记下;d).口令配置信息加密,外置口令输入器通过预置密钥对图形类型、图形大小以及口令字符集的范围和选取的有向线段信息进行加密,形成加密后的口令配置信息;e).口令配置信息的发送,智能终端通过3G或GPRS网络将加密后的口令配置信息发送至远程服务器;f).获取口令配置信息,远程服务器通过预置密钥对加密后的口令配置信息进行解密,以获取用户的图形类型、图形大小以及口令字符集的范围和选取的有向线段信息; a). The connection of the external password input device first realizes the communication connection between the external password input device and the intelligent terminal, and runs the application program of the external password input device on the intelligent terminal; b). The terminal selects the graphic type, graphic size and the range of the password character set; the range of the password character set is the value form of each element in the graphic, which can be a combination of numbers, numbers and lowercase letters, or a combination of numbers, lowercase letters and uppercase letters Combination; c). Directed line segment selection. According to the graphic parameters set by the user, several directed line segments based on the selected graphics are displayed on the external password input device. The user selects one or several directed line segments through the smart terminal as Password symbol input sequence, and write down this directed line segment; d). Password configuration information is encrypted, and the external password input device is used to preset the key to the graphic type, graphic size, and the scope of the password character set and the selected directed line segment The information is encrypted to form the encrypted password configuration information; e). Sending the password configuration information, the intelligent terminal sends the encrypted password configuration information to the remote server through the 3G or GPRS network; f). Obtaining the password configuration information, the remote server Decrypt the encrypted password configuration information through the preset key to obtain the user's graphic type, graphic size, range of password character set and selected directed line segment information;

所述用户登录使用包括以下步骤: The user login includes the following steps:

g).随机产生图形,将外置口令输入器与智能终端相连,利用智能终端激活外置口令输入器,由外置口令输入器根据用户设定的图形类型、图形大小以及口令字符集的范围随机产生一个图形;用户根据记下的有向线段从图形上读出口令,并从智能终端上进行输入;h).信息加密,外置口令输入器通过预置密钥对步骤g)中产生的图形信息进行加密,并将加密后的图形信息发送至智能终端;i).信息发送,智能终端对用户输入的口令进行编码后,连同加密后的图形信息一起发送至远程服务器;j).信息解密,远程服务器利用预置密钥对接收到的信息进行解密,还原出图形信息;k).远程服务器判断,远程服务器根据用户选取的有向线段信息,从还原出的图形信息中解析出正确口令,并判断解析出的口令与用户输入的口令是否一致,如果一致,则给用户提供电子商务交易或电子政务的服务;如果不一致,则不允许进入电子商务交易或电子政务的服务。 g). Randomly generate graphics, connect the external password input device to the smart terminal, use the smart terminal to activate the external password input device, and use the external password input device according to the graphic type, graphic size and password character set range set by the user Randomly generate a graph; the user reads the password from the graph according to the directed line segment written down, and enters it from the smart terminal; h). Information is encrypted, and the external password input device generates in step g) through the preset key pair Encrypt the graphics information, and send the encrypted graphics information to the smart terminal; i). For information transmission, the smart terminal encodes the password entered by the user, and sends it to the remote server together with the encrypted graphics information; j). Information decryption, the remote server uses the preset key to decrypt the received information, and restores the graphic information; k). The remote server judges, and the remote server parses the restored graphic information according to the directed line segment information selected by the user. Correct password, and judge whether the parsed password is consistent with the password entered by the user. If they are consistent, provide users with e-commerce transactions or e-government services; if they are inconsistent, do not allow access to e-commerce transactions or e-government services.

本发明的面向智能终端的安全口令输入系统的实现方法,所述图形类型为方阵图形、矩阵图形、五角星形、六边形、七边形或者两种或者以上上述图形的嵌套;图形大小由外置口令输入器屏幕尺寸而定,方阵图形的大小可在3*3~10*10之间进行选取。 The implementation method of the smart terminal-oriented security password input system of the present invention, the graphic type is a square matrix graphic, a matrix graphic, a pentagram, a hexagon, a heptagon, or a nesting of two or more of the above-mentioned graphics; The size is determined by the screen size of the external password input device, and the size of the square matrix graphics can be selected from 3*3 to 10*10.

本发明的有益效果是:本发明的面向智能终端的安全口令输入系统及实现方法,通过将外置口令输入器设置为只进行图形和有向线段信息显示的设备,而不设置输入键盘,有效地缩小了外置口令输入设备的体积,方便了携带和使用。通过将随机产生的图形和有向线段结合来设置口令,使得每次产生的口令均不相同;只要用户预先设置了图形类型,并记住了有向线段,则可以配置出不同强度的密码,即使智能终端上安装了键盘记录器,也无法探测用户的真实口令,可用于不同安全级别的移动应用。 The beneficial effects of the present invention are: the intelligent terminal-oriented security password input system and implementation method of the present invention, by setting the external password input device as a device that only displays graphics and directed line segment information, without setting an input keyboard, effective The size of the external password input device is greatly reduced, which is convenient for carrying and using. Passwords are set by combining randomly generated graphics and directed lines, so that the passwords generated each time are different; as long as the user sets the graphics type in advance and remembers the directed lines, passwords with different strengths can be configured. Even if a keylogger is installed on the smart terminal, it cannot detect the user's real password, which can be used in mobile applications with different security levels.

同时利用现有的智能终端通信通道完成认证,在不安全的智能终端上实现了高安全的口令输入与验证。随着移动应用的普及以及移动应用面临的安全威胁越来越大,可以预见,本发明在移动应用领域,特别是电子商务和电子政务领域将有着广阔的应用空间。 At the same time, the existing smart terminal communication channel is used to complete the authentication, and the highly secure password input and verification is realized on the unsafe smart terminal. With the popularity of mobile applications and the increasing security threats faced by mobile applications, it can be predicted that the present invention will have a broad application space in the field of mobile applications, especially in the fields of e-commerce and e-government affairs.

本专利技术的优点,主要体现在以下方面: The advantages of this patented technology are mainly reflected in the following aspects:

(1)带有液晶的外置口令输入器无需设计键盘,有效减小了设备的体积; (1) The external password input device with LCD does not need to design a keyboard, which effectively reduces the size of the device;

(2)可根据需求配置出任意强度的口令,并且极便于用户记忆; (2) Passwords of any strength can be configured according to requirements, and are very easy for users to remember;

(3)口令空间大,确保了敌手难以实施穷举猜测攻击; (3) The password space is large, which ensures that it is difficult for the adversary to implement exhaustive guessing attacks;

(4)外置口令输入器提供的口令是动态变化的,敌手即使通过终端上的监控软件拿到本次的登录口令,对于下次登录也是无效的; (4) The password provided by the external password input device changes dynamically. Even if the adversary obtains the current login password through the monitoring software on the terminal, it will be invalid for the next login;

(5)外置口令输入器含有密码芯片,可以将必要的口令信息通过终端的3G或者GPRS信道传输到远程的服务器,能够方便地实现用户登录信息的保密传输; (5) The external password input device contains a password chip, which can transmit the necessary password information to a remote server through the 3G or GPRS channel of the terminal, and can conveniently realize the confidential transmission of user login information;

(6)智能终端无需对用户输入的口令加密,能够节约智能终端的能量; (6) The smart terminal does not need to encrypt the password entered by the user, which can save the energy of the smart terminal;

(7)用户在智能终端上输入口令,符合用户的操作习惯。 (7) The user enters the password on the smart terminal, which conforms to the user's operating habits.

附图说明 Description of drawings

图1为本发明的面向智能终端的安全口令输入系统的原理图; Fig. 1 is the schematic diagram of the security password input system facing intelligent terminal of the present invention;

图2为5*5方阵图形的示意图; Fig. 2 is the schematic diagram of 5*5 square matrix figure;

图3为基于5*5方阵图形所产生的有向线段示意图; Fig. 3 is a schematic diagram of directed line segments generated based on 5*5 square matrix graphics;

图4为一个随机的5*5方阵图形的示意图; Fig. 4 is a schematic diagram of a random 5*5 square matrix figure;

图5为一个随机的6*6方阵图形的示意图; Fig. 5 is a schematic diagram of a random 6*6 square matrix;

图6、图7为一些简单的随机图形。 Figure 6 and Figure 7 are some simple random graphics.

图中:1智能终端,2外置口令输入器,3远程服务器,4通信线。 In the figure: 1 intelligent terminal, 2 external password input device, 3 remote server, 4 communication line.

具体实施方式 detailed description

下面结合附图与实施例对本发明作进一步说明。 The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

如图1所示,给出了发明的面向智能终端的安全口令输入系统的原理图,其包括智能终端1(如智能手机、IPAD、平板电脑以及其它具备上网功能的智能移动终端设备)、外置口令输入器2、远程服务器3和通信线4,外置口令输入器2与智能终端1以有线或无线的形式相通讯。在外置口令输入器2与智能终端1采用有线通信的情况下,其可通过通信线4与智能终端2的音频或USB接口相连接。智能终端1通过3G或GPRS网络与远程服务器3进行通信。智能终端1还用于运行外置口令输入器2的应用程序,以便对外置口令输入器2进行控制和管理。 As shown in Figure 1, the schematic diagram of the invented secure password input system for intelligent terminals is given, which includes intelligent terminals 1 (such as smart phones, IPADs, tablet computers and other intelligent mobile terminal devices with Internet access functions), external A password input device 2, a remote server 3 and a communication line 4 are installed, and the external password input device 2 communicates with the intelligent terminal 1 in a wired or wireless manner. In the case that the external password input device 2 and the smart terminal 1 adopt wired communication, it can be connected with the audio or USB interface of the smart terminal 2 through the communication line 4 . Smart terminal 1 communicates with remote server 3 through 3G or GPRS network. The smart terminal 1 is also used to run the application program of the external password input device 2 so as to control and manage the external password input device 2 .

外置口令输入器2上只需设置显示屏,无需设置按键,口令的键入和有向线段的选取通过智能终端1来实现即可。这样就有效减小了外置口令输入器2的体积。外置口令输入器2可产生随机规则图形,并设置有加密芯片,以便对图形和有向线段信息进行加密。外置口令输入器1和远程服务器3共享一个预置密钥,以便实现相关口令信息的加解密。 The external password input device 2 only needs to be provided with a display screen, and no buttons are required, and the input of the password and the selection of the directed line segment can be realized through the intelligent terminal 1 . This effectively reduces the volume of the external password input device 2 . The external password input device 2 can generate random regular graphics, and is provided with an encryption chip to encrypt graphics and directed line information. The external password input device 1 and the remote server 3 share a preset key so as to realize encryption and decryption of related password information.

在使用的过程中,用户进行图形大小和口令字符集的范围的设定,根据设定的图形选择出有向线段;并将图形大小、口令字符集的范围和选取的有向线段信息加密后发送至远程服务器。在用户再次登录使用时,远程服务器根据智能终端发送的图形信息和用户键入的口令,即可判断用户的合法性。 In the process of use, the user sets the size of the graphic and the range of the password character set, and selects the directed line segment according to the set graphic; and encrypts the information of the graphic size, the range of the password character set and the selected directed line segment sent to the remote server. When the user logs in again, the remote server can judge the legitimacy of the user according to the graphic information sent by the smart terminal and the password entered by the user.

本发明的面向智能终端的安全口令输入系统的实现方法,包括口令配置步骤和用户登录使用步骤,远程服务器3与外置口令输入器2共享一个预置密钥; The implementation method of the intelligent terminal-oriented security password input system of the present invention includes a password configuration step and a user login and use step, and the remote server 3 shares a preset key with the external password input device 2;

口令配置包括以下步骤: Password configuration includes the following steps:

a).外置口令输入器的连接,首先实现外置口令输入器2与智能终端1的通信连接,并在智能终端1上运行外置口令输入器2的应用程序; a). The connection of the external password input device first realizes the communication connection between the external password input device 2 and the intelligent terminal 1, and runs the application program of the external password input device 2 on the intelligent terminal 1;

b).图形参数设置,用户通过智能终端选取图形类型、图形大小以及口令字符集的范围;口令字符集的范围为图形中各元素的取值形式,其可为数字,数字和小写字母的组合,或者数字、小写字母和大写字母的组合; b). Graphic parameter setting, the user selects the graphic type, graphic size and the range of the password character set through the smart terminal; the range of the password character set is the value form of each element in the graphic, which can be a combination of numbers, numbers and lowercase letters , or a combination of numbers, lowercase letters, and uppercase letters;

图形类型为方阵图形、矩阵图形、五角星形、六边形、七边形或者两种或者以上上述图形的嵌套;图形大小由外置口令输入器屏幕尺寸而定,方阵图形的大小可在3*3~10*10之间进行选取。 The graphics type is square matrix graphics, matrix graphics, pentagrams, hexagons, heptagons or the nesting of two or more of the above graphics; the size of the graphics is determined by the screen size of the external password input device, and the size of the square matrix graphics It can be selected between 3*3~10*10.

根据不同级别的安全需求,可以选择不同的方阵图形;安全性较高的应用可以选择5*5以上的矩阵图形,并要求口令字符集的范围包括大小写英文字母、数字和特殊字符。比如,用户在注册时,可以指定一个5*5的方阵,如图2所示。口令预置阶段,矩阵图形中的元素可以都以图中的字母“A”来表示,因为此时只关注图形的大小;在用户登录使用时,图2中的字符“A”应根据选取的口令字符集来替换。 According to different levels of security requirements, different square matrix graphics can be selected; for applications with higher security, matrix graphics above 5*5 can be selected, and the password character set is required to include uppercase and lowercase English letters, numbers and special characters. For example, when the user registers, he can specify a 5*5 square matrix, as shown in Figure 2. In the password preset stage, the elements in the matrix graphics can be represented by the letter "A" in the figure, because only the size of the graphics is concerned at this time; when the user logs in, the character "A" in Figure 2 should be based on the selected Password character set to replace.

c).有向线段选取,根据用户设定的图形参数,在外置口令输入器上显示基于已选取图形的若干条有向线段,用户通过智能终端选取其中一条或若干条有向线段作为口令符号输入次序,并将该有向线段记下; c). Selection of directed line segments. According to the graphic parameters set by the user, several directed line segments based on the selected graphics are displayed on the external password input device. The user selects one or several directed line segments as password symbols through the smart terminal Enter the order and write down the directed line segment;

如图3所示,给出了基于5*5方阵图形所产生的有向线段示意图,具有相同标示的线段为一条有向线段,具有诸多形式,该图中只给出了4条; As shown in Figure 3, a schematic diagram of a directed line segment generated based on a 5*5 square matrix graphic is given. The line segment with the same label is a directed line segment with many forms, and only 4 are shown in this figure;

d).口令配置信息加密,外置口令输入器通过预置密钥对图形类型、图形大小以及口令字符集的范围和选取的有向线段信息进行加密,形成加密后的口令配置信息; d). The password configuration information is encrypted, and the external password input device encrypts the graphic type, graphic size, the range of the password character set and the selected directed line segment information through a preset key to form encrypted password configuration information;

e).口令配置信息的发送,智能终端1通过3G或GPRS网络将加密后的口令配置信息发送至远程服务器3; e). Sending the password configuration information, the intelligent terminal 1 sends the encrypted password configuration information to the remote server 3 through the 3G or GPRS network;

f).获取口令配置信息,远程服务器3通过预置密钥对加密后的口令配置信息进行解密,以获取用户的图形类型、图形大小以及口令字符集的范围和选取的有向线段信息; f). To obtain password configuration information, the remote server 3 decrypts the encrypted password configuration information through a preset key, so as to obtain the user's graphic type, graphic size, and the scope of the password character set and the selected directed line segment information;

用户登录使用包括以下步骤: User login includes the following steps:

g).随机产生图形,将外置口令输入器与智能终端相连,利用智能终端激活外置口令输入器,由外置口令输入器根据用户设定的图形类型、图形大小以及口令字符集的范围随机产生一个图形;用户根据记下的有向线段从图形上读出口令,并从智能终端上进行输入; g). Randomly generate graphics, connect the external password input device to the smart terminal, use the smart terminal to activate the external password input device, and use the external password input device according to the graphic type, graphic size and password character set range set by the user Randomly generate a graph; the user reads the password from the graph according to the directed line segment written down, and inputs it from the smart terminal;

如图4所示,如果用户在有向线段选取步骤c)中选取的是步骤1,即以左上角第一个元素开始、右下角末尾元素结束的“L”形,则在该步骤中用户应键入的口令是“b0ca38e?S”; As shown in Figure 4, if the user selects step 1 in step c) of selecting a directed line segment, that is, an "L" shape that starts with the first element in the upper left corner and ends with the last element in the lower right corner, then in this step the user The password that should be typed is "b0ca38e?S";

当然,用户在注册时还可仅指定图形的类型和有向线段,而不指定图形的大小。比如用户注册时,指定的图形是方阵,且有向线段为一种L型线段,且L型的竖画从方阵的第二列开始,横画为方阵的倒数第二行。那么当外置口令输入器给出一个如图4所示的图形时,口令应为:“hPgT2qU”。而当用户再次输入口令时,外置口令输入器给出的图形如图5所示时,那么,用户需输入的口令是“1gzMA?c-”。 Of course, when registering, the user can only specify the type of the graph and the directed line segment, without specifying the size of the graph. For example, when the user registers, the specified figure is a square matrix, and the directed line segment is an L-shaped line segment, and the L-shaped vertical drawing starts from the second column of the square matrix, and the horizontal drawing is the penultimate row of the square matrix. Then when the external password input device gives a graph as shown in Figure 4, the password should be: "hPgT2qU". And when the user inputs the password again, the external password input device gives the graphic shown in Figure 5, then the password that the user needs to input is "1gzMA?c-".

h).信息加密,外置口令输入器通过预置密钥对步骤g)中产生的图形信息进行加密,并将加密后的图形信息发送至智能终端; h). Information encryption, the external password input device encrypts the graphic information generated in step g) through a preset key, and sends the encrypted graphic information to the smart terminal;

i).信息发送,智能终端对用户输入的口令进行编码后,连同加密后的图形信息一起发送至远程服务器; i).Information transmission, after the intelligent terminal encodes the password entered by the user, it sends it to the remote server together with the encrypted graphic information;

j).信息解密,远程服务器利用预置密钥对接收到的加密信息进行解密,还原出图形信息; j). Information decryption, the remote server uses the preset key to decrypt the received encrypted information, and restores the graphic information;

k).远程服务器判断,远程服务器根据用户选取的有向线段信息,从还原出的图形信息中解析出正确口令,并判断解析出的口令与用户输入的口令是否一致,如果一致,则给用户提供电子商务交易或电子政务的服务;如果不一致,则不允许进入电子商务交易或电子政务的服务。 k). Judging by the remote server, the remote server parses the correct password from the restored graphic information according to the directed line segment information selected by the user, and judges whether the parsed password is consistent with the password entered by the user. Provide e-commerce transactions or e-government services; if inconsistent, do not allow access to e-commerce transactions or e-government services.

而对于安全级别较低的应用,还可以采用较为简单的图形和有向线段,如图6以及图7中的图a和图b所示。 For applications with a lower security level, relatively simple graphics and directed line segments can also be used, as shown in Figure 6 and Figure a and Figure 7 in Figure 7 .

敌手即使能够通过键盘记录软件获取用户的口令,但是由于每次外置口令输入器提供给用户的图形中口令字符的排列均是随机变化的,因此,敌手无法猜测出下一次的口令。另外,由于该令输入系统提供的口令空间非常大,也可有效抵御敌手的穷举猜测攻击。比如,对于一个5*5的方阵图形,根据小写字母和数字排列顺序的不同,有3625种变化,因此,敌手难以猜测这么大的口令空间,而当口令字符扩展至大小写字符和数字,或者图形扩大到6*6的方阵时,则口令空间会进一步加大。 Even if the adversary can obtain the user's password through the keylogging software, the adversary cannot guess the next password because the arrangement of the password characters in the graphics provided to the user by the external password input device is randomly changed each time. In addition, since the password input system provides a very large password space, it can also effectively resist the exhaustive guessing attack of the adversary. For example, for a 5*5 square matrix graphic, there are 36 to 25 variations according to the order of lowercase letters and numbers. Therefore, it is difficult for the adversary to guess such a large password space. , or when the graph expands to a 6*6 square matrix, the password space will further increase.

Claims (2)

1. the implementation method towards the secure password input system of intelligent terminal, secure password input system towards intelligent terminal comprises intelligent terminal (1), external password loader (2) and remote server (3), described external password loader communicates with wired or wireless form with intelligent terminal, external password loader is used for display and the encryption of graphical information and directed line segment information, the information that intelligent terminal is used for user inputs is sent to remote server by 3G or GPRS network, remote server is for identifying that user inputs the correctness of password and provides related service, it is characterized in that, the implementation method towards the secure password input system of intelligent terminal comprises password configuration step and user logs in use step, and a preset key shared by remote server and external password loader,
Described password configuration comprises the following steps:
A). the connection of external password loader, first realizes the communication connection of external password loader (2) and intelligent terminal (1), and on intelligent terminal, runs the application program of external password loader;
B). graphic parameter is arranged, and user chooses the scope of graph style, feature size and password character set by intelligent terminal; The scope of password character set is the value form of each element in figure, and it can be numeral, the combination of numeral and lowercase, or numeral, lowercase and uppercase combination;
C). directed line segment is chosen, according to the graphic parameter of user's setting, external password loader shows some the directed line segments based on choosing figure, user chooses wherein one or some directed line segments by intelligent terminal and, as password symbol input order, and to be write down by this directed line segment;
D). password configuration information is encrypted, and external password loader is encrypted the scope of graph style, feature size and password character set and the directed line segment information chosen by preset key, forms the password configuration information after encryption;
E). the transmission of password configuration information, the password configuration information after encryption is sent to remote server (3) by 3G or GPRS network by intelligent terminal;
F). obtain password configuration information, remote server is decrypted the password configuration information after encryption by preset key, with the scope obtaining the graph style of user, feature size and password character set and the directed line segment information chosen;
Described user logs in use and comprises the following steps:
G). produce figure at random, external password loader is connected with intelligent terminal, utilize intelligent terminal to activate external password loader, the scope of the graph style set according to user by external password loader, feature size and password character set produces a figure at random; User reads password according to the directed line segment write down from figure, and inputs from intelligent terminal;
H). information encryption, external password loader by preset key to step g) in produce graphical information be encrypted, and by encryption after graphical information be sent to intelligent terminal;
I). information sends, and after intelligent terminal is encoded to the password that user inputs, is sent to remote server together with the graphical information after encryption;
J). decrypts information, remote server utilizes preset key to be decrypted the enciphered message received, and restores graphical information;
K). remote server judges, the directed line segment information that remote server is chosen according to user, correct password is parsed from the graphical information restored, and judge that whether the password parsed is consistent with the password that user inputs, if consistent, then provide the service of e-commerce transaction or E-Government to user; If inconsistent, then do not allow the service entering e-commerce transaction or E-Government.
2. the implementation method of the secure password input system towards intelligent terminal according to claim 1, is characterized in that: described graph style be square formation figure, Matrix Pattern, pentalpha, hexagon, heptagon or two kinds or above above-mentioned figure nested; Feature size is determined by external password loader screen size, and the large I of square formation figure is chosen between 3*3 ~ 10*10.
CN201310187110.9A 2013-05-20 2013-05-20 Towards secure password input system and the implementation method of intelligent terminal Expired - Fee Related CN103297240B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310187110.9A CN103297240B (en) 2013-05-20 2013-05-20 Towards secure password input system and the implementation method of intelligent terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310187110.9A CN103297240B (en) 2013-05-20 2013-05-20 Towards secure password input system and the implementation method of intelligent terminal

Publications (2)

Publication Number Publication Date
CN103297240A CN103297240A (en) 2013-09-11
CN103297240B true CN103297240B (en) 2016-02-17

Family

ID=49097597

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310187110.9A Expired - Fee Related CN103297240B (en) 2013-05-20 2013-05-20 Towards secure password input system and the implementation method of intelligent terminal

Country Status (1)

Country Link
CN (1) CN103297240B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104954126B (en) * 2014-03-26 2020-01-10 腾讯科技(深圳)有限公司 Sensitive operation verification method, device and system
CN105763320B (en) * 2016-03-14 2018-11-20 浪潮金融信息技术有限公司 A method of key encryption is carried out using multidimensional technology
CN107330310A (en) * 2017-06-23 2017-11-07 北京小鸟看看科技有限公司 Wear method, client terminal device, equipment and the system of display device login

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101504744A (en) * 2008-05-29 2009-08-12 徐立斌 Portable shopping system
DE102008061233A1 (en) * 2008-12-09 2010-06-10 Borchert, Bernd, Dr. Method for tapping and phishing secure transfer of password and/or personal identification number from clients to server for on-line bank account, involves reconstructing row of images inputted by clients by server
EP2441209A4 (en) * 2010-07-01 2012-05-09 Tata Consultancy Services Ltd System for two way authentication
CN102611551A (en) * 2011-01-20 2012-07-25 深圳市文鼎创数据科技有限公司 Physical authentication method, physical authentication device, and dynamic password token

Also Published As

Publication number Publication date
CN103297240A (en) 2013-09-11

Similar Documents

Publication Publication Date Title
CN108769027B (en) Secure communication method, device, mobile terminal and storage medium
JP5777804B2 (en) Web-based security authentication system and method
KR101878149B1 (en) Device, system, and method of secure entry and handling of passwords
KR101381789B1 (en) Method for web service user authentication
Nyang et al. Keylogging-resistant visual authentication protocols
JP6713548B2 (en) One-time dynamic position authentication method and system, and one-time dynamic password change method
CN107273736B (en) Password input method, device, computer equipment and storage medium
CN102419805B (en) Terminal equipment and method for encrypting user information
CN106209886B (en) Web interface data encryption is endorsed method, apparatus and server
US20160127134A1 (en) User authentication system and method
CN103905188B (en) Utilize the method and intelligent cipher key equipment of intelligent cipher key equipment generation dynamic password
CN106255976A (en) Confidential data management method and device and safety certifying method and system
KR102055625B1 (en) Authentication server device, program, and authentication method
EP3213185A1 (en) Computer security system and method to protect against keystroke logging
WO2020086846A1 (en) Network and device security system, method, and apparatus
WO2015026435A1 (en) Secure access of mobile devices using passwords
CN103297240B (en) Towards secure password input system and the implementation method of intelligent terminal
KR101042227B1 (en) How to prevent keystroke hacking using the virtual keyboard
CN104021322A (en) Electronic signature method, electronic signature equipment and electronic signature client
CN103294943B (en) Ciphering signature handwriting device and method
KR101152610B1 (en) The Method of Virtual Keyboard
CN113193956B (en) Account information processing method and device
KR101648779B1 (en) Method for secure text input in information terminal
CN110765447B (en) Password enhancement method and bracelet
KR101170822B1 (en) Confirmation method using variable secret puzzle

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: QILU UNIVERSITY OF TECHNOLOGY

Free format text: FORMER OWNER: SHANDONG UNIVERSITY OF FINANCE AND ECONOMICS

Effective date: 20150403

COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 250014 JINAN, SHANDONG PROVINCE TO: 250300 JINAN, SHANDONG PROVINCE

TA01 Transfer of patent application right

Effective date of registration: 20150403

Address after: 250300 Science Park, West New Town University, Ji'nan, Shandong

Applicant after: Qilu University of Technology

Address before: 250014 Shandong University of Finance and economics, No. 7366, Second Ring Road, Ji'nan, Lixia District, Shandong, Ji'nan

Applicant before: Shandong University of Finance and Economics

C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160217

Termination date: 20170520

CF01 Termination of patent right due to non-payment of annual fee
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载