CN101110667B - User authentication method and user authentication system - Google Patents

Abstract

The invention discloses a user authentication method, which comprises the following steps: after receiving a user identification number input by a user, the authentication system provides an authentication sequence, wherein the authentication factor sequence comprises a password authentication factor and authentication factors except the password authentication factor; the user selects a password authentication factor from the authentication factor sequence; the authentication system compares the password authentication factor selected by the user with the stored password authentication factor corresponding to the user, and the authentication is passed if the comparison result is correct. The invention also correspondingly provides a user authentication system, and through the invention, when the user inputs the password, the combination of the password and the number is randomized, thereby effectively preventing the password from being stolen.

Description

Translated fromChinese

用户认证方法和用户认证系统User authentication method and user authentication system

技术领域technical field

本发明涉及用户认证技术，尤其涉及一种非数据密码认证技术。 The invention relates to user authentication technology, in particular to a non-data password authentication technology. the

背景技术Background technique

用户认证是当今社会必不可少的安全保障方法，对于银行业务和涉及保密业务的顺利开展尤其重要。应用最广泛的是传统数据密码认证，即用户输入个人帐号或用户名和密码，通过帐号或用户名和密码进行比对完成认证。由于数据密码在输入时易被他人窃取或复制，特别是在电话业务中输入密码时易被他人偷看或易于通过窃听拨号声音而窃取密码，在网络业务中输入的数据密码易于被截取，因此安全性不高。 User authentication is an essential security method in today's society, and it is especially important for the smooth development of banking business and confidential business. The most widely used is the traditional data password authentication, that is, the user enters a personal account or user name and password, and completes the authentication by comparing the account or user name and password. Because the data password is easy to be stolen or copied by others when entering it, especially when entering the password in the telephone service, it is easy to be peeped by others or the password is easy to be stolen by eavesdropping on the dialing sound, and the data password entered in the network service is easy to be intercepted, so The security is not high. the

发明内容Contents of the invention

本发明的目的是提供一种用户认证方法和用户认证系统，解决现有技术中认证系统密码易于被复制和窃取的问题。 The purpose of the present invention is to provide a user authentication method and a user authentication system to solve the problem that the authentication system password is easy to be copied and stolen in the prior art. the

为解决上述技术问题，本发明提供一种用户认证方法，包括： In order to solve the above technical problems, the present invention provides a user authentication method, including:

认证系统接收用户输入的用户识别号后，提供一个认证因素序列，所述认证因素序列包含密码认证因素及密码认证因素以外的认证因素； After the authentication system receives the user identification number input by the user, it provides an authentication factor sequence, and the authentication factor sequence includes password authentication factors and authentication factors other than password authentication factors;

用户在所述认证因素序列中选取密码认证因素； The user selects a password authentication factor in the authentication factor sequence;

认证系统将用户选取的密码认证因素与存储的所述用户对应的密码认证因素进行比对，比对结果正确就通过认证；其中，所述认证因素为音频文件或视频文件。 The authentication system compares the password authentication factor selected by the user with the stored password authentication factor corresponding to the user, and if the comparison result is correct, the authentication is passed; wherein, the authentication factor is an audio file or a video file. the

较佳地，对于同一个用户，认证系统提供的所述认证序列内容相同，但认证因素在所述认证序列中的顺序是随机的。 Preferably, for the same user, the content of the authentication sequence provided by the authentication system is the same, but the order of the authentication factors in the authentication sequence is random. the

较佳地，所述密码认证因素有相同的认证因素。 Preferably, said password authentication factors have the same authentication factor. the

较佳地，所述方法之前还包括步骤：用户创建或修改密码时，认证系统提供创建序列，用户从中选择密码认证因素，认证系统存储用户输入的用户资料和所述密码认证因素。 Preferably, the method further includes a step: when the user creates or modifies a password, the authentication system provides a creation sequence from which the user selects a password authentication factor, and the authentication system stores the user information and the password authentication factor input by the user. the

较佳地，在用户创建或修改密码时，认证系统还存储创建序列； Preferably, when a user creates or modifies a password, the authentication system also stores the creation sequence;

所述认证系统接收所述用户输入的用户识别号后，提取用户识别号对应的创建序列随机排列后作为认证序列。 After receiving the user identification number input by the user, the authentication system extracts the creation sequence corresponding to the user identification number and randomly arranges it as the authentication sequence. the

较佳地，所述方法之前还包括步骤：用户创建或修改密码时，用户输入用户识别号、用户信息和作为密码的认证因素，认证系统存储用户输入的用户识别号、用户信息和所述密码认证因素。 Preferably, the method also includes a step before: when the user creates or modifies the password, the user inputs the user identification number, user information and authentication factors as the password, and the authentication system stores the user identification number, user information and the password input by the user authentication factor. the

较佳地，用户创建或修改密码后，认证系统选取密码认证因素以外的认证因素和密码认证因素组成认证序列，存储所述认证序列；或 Preferably, after the user creates or modifies the password, the authentication system selects authentication factors other than password authentication factors and password authentication factors to form an authentication sequence, and stores the authentication sequence; or

在用户第一认证时，认证系统选取密码认证因素以外的认证因素和密码认证因素组成认证序列，存储所述认证序列。 When the user first authenticates, the authentication system selects authentication factors other than password authentication factors and password authentication factors to form an authentication sequence, and stores the authentication sequence. the

本发明还提供一种用户认证系统，包括： The present invention also provides a user authentication system, including:

存储器，用于存储认证因素库和用户资料库，所述认证因素为音频文件或视频文件； Memory, used to store authentication factor library and user database, said authentication factor is audio file or video file;

输入端，用于接收用户输入的用户识别号和选取的密码认证因素并发送； The input terminal is used to receive the user identification number entered by the user and the selected password authentication factor and send it;

选取模块，接收所述用户识别号后，从所述存储器中提取认证序列后发送，所述认证因素序列包含密码认证因素及密码认证因素以外的认证因素； Select the module, after receiving the user identification number, extract the authentication sequence from the memory and send it, the authentication factor sequence includes password authentication factors and authentication factors other than password authentication factors;

输出端，接收所述选取模块发送的认证序列并输出； The output terminal receives and outputs the authentication sequence sent by the selection module;

比对模块，接收输入端发送的用户选取的密码认证因素，与所述用户资料库中所述用户对应的密码认证因素比对，比对结果为符合时，发送认证通过信号。 The comparison module receives the password authentication factor selected by the user sent by the input terminal, compares it with the password authentication factor corresponding to the user in the user database, and sends an authentication pass signal when the comparison result is consistent. the

较佳地，所述认证因素库包括认证因素和认证因素对应的识别号；选取模块在向输出端发送认证序列的同时，还发送所述认证序列中认证因素的识别号； Preferably, the authentication factor library includes authentication factors and identification numbers corresponding to the authentication factors; while the selection module sends the authentication sequence to the output terminal, it also sends the identification number of the authentication factor in the authentication sequence;

所述系统还包括转换模块，所述转换模块接收输入端发送的用户输入的密码认证因素，根据所述选取模块发送的认证因素识别号，将所述用户输入的密码转换为认证因素对应的识别号，当用户创建或修改密码时发送给所述用户资料库进行存储，当对用户进行认证时发送给所述比对模块。 The system also includes a conversion module, the conversion module receives the password authentication factor input by the user sent by the input terminal, and converts the password input by the user into the identification number corresponding to the authentication factor according to the authentication factor identification number sent by the selection module. number, which is sent to the user database for storage when the user creates or modifies a password, and sent to the comparison module when the user is authenticated. the

较佳地，所述转换模块还包括识别号产生单元，所述识别号产生单元在用户创建或修改密码时，接受用户输入的密码认证因素并产生对应的识别号后，发送给存储器的认证因素库进行存储，并将用户输入的密码认证因素存储在用户资料库中。 Preferably, the conversion module further includes an identification number generation unit, the identification number generation unit accepts the password authentication factor input by the user and generates a corresponding identification number when the user creates or modifies the password, and sends it to the authentication factor in the memory store, and store the password authentication factors entered by the user in the user database. the

较佳地，所述用户资料库还存储有用户创建或修改密码时，选取模块选取的创建序列，或用户第一次认证时，选取模块选取的认证序列； Preferably, the user database also stores the creation sequence selected by the selection module when the user creates or modifies the password, or the authentication sequence selected by the selection module when the user authenticates for the first time;

所述选取模块在对用户进行认证时，接收用户输入的用户识别号后，从所述用户资料库中提取对应的认证序列或认证序列，并对认证因素随机排序后发送给输出端。 When the selection module authenticates the user, after receiving the user identification number input by the user, it extracts the corresponding authentication sequence or authentication sequence from the user database, and randomly sorts the authentication factors and sends them to the output terminal. the

较佳地，所述认证因素库按照认证因素的特性划分为至少两个单元； Preferably, the authentication factor library is divided into at least two units according to the characteristics of the authentication factors;

所述选取模块还包括用户特性读取器，在用户创建或修改密码时，根据所述用户输入的用户资料中的用户特性在认证因素库中相应的单元中提取创建序列后发送给所述输出端。 The selection module also includes a user characteristic reader, when the user creates or modifies a password, according to the user characteristic in the user information input by the user, the creation sequence is extracted from the corresponding unit in the authentication factor library and sent to the output end. the

由此可见，本技术方案通过提供一个认证因素库，由用户选取若干个认证因素形成一个集合作为密码，在需要用户认证时，认证系统提供一个包括密码认证因素的认证序列让用户选取，使用户在输入密码时， 密码数字组合随机化，有效防止密码被窃取；本技术方案通过将认证因素库按照认证因素的类型划分为若干个单元，根据用户的特性提供相应的认证因素供用户选择，增强用户对密码的记忆性。 It can be seen that the technical solution provides an authentication factor library, and the user selects several authentication factors to form a set as a password. When user authentication is required, the authentication system provides an authentication sequence including password authentication factors for the user to select, so that the user When entering the password, the combination of password numbers is randomized to effectively prevent the password from being stolen; this technical solution divides the authentication factor library into several units according to the type of authentication factors, and provides corresponding authentication factors for users to choose according to the user's characteristics. User memory for passwords. the

附图说明Description of drawings

图1是本发明用户创建密码的流程图； Fig. 1 is the flow chart of user creation password of the present invention;

图2是本发明用户认证的流程图； Fig. 2 is the flowchart of user authentication of the present invention;

图3是本发明认证系统的结构框图。 Fig. 3 is a structural block diagram of the authentication system of the present invention. the

具体实施方式Detailed ways

本发明的核心是提供一个认证因素库，认证因素库中的认证因素是音频文件和图片、视频等数据媒体文件，由用户选取或产生若干个认证因素形成一个集合作为密码，需要用户认证时本发明的认证系统提供一个认证序列，用户从中选取密码认证因素，密码认证因素选取正确就通过用户认证。 The core of the present invention is to provide an authentication factor library, the authentication factors in the authentication factor library are data media files such as audio files and pictures, videos, selected or generated by the user to form a set of several authentication factors as a password, when user authentication is required The inventive authentication system provides an authentication sequence from which the user selects a password authentication factor, and if the password authentication factor is selected correctly, the user is authenticated. the

认证系统对用户进行认证有一个前提条件：用户创建了相应的密码。如图1所示，基于认证因素库，用户创建密码的步骤如下： There is a prerequisite for the authentication system to authenticate the user: the user has created a corresponding password. As shown in Figure 1, based on the authentication factor library, the steps for a user to create a password are as follows:

步骤11：用户输入用户识别号，所述用户识别号具体是指用户名、用户帐号或用户输入端的识别号，如移动通信设备的物理地址； Step 11: The user inputs the user identification number, which specifically refers to the user name, user account number or identification number of the user input terminal, such as the physical address of the mobile communication device;

步骤12：用户输入用户信息，包括个人特性的输入，如个人爱好，认证系统存储用户识别号及对应的用户信息； Step 12: The user enters user information, including the input of personal characteristics, such as personal hobbies, and the authentication system stores the user identification number and corresponding user information;

步骤13：认证系统提供一个创建序列，该创建序列包含若干个认证因素，为方便用户记忆，认证系统可根据用户的个人特性提供相对应的认证因素； Step 13: The authentication system provides a creation sequence, which contains several authentication factors. For the convenience of user memory, the authentication system can provide corresponding authentication factors according to the user's personal characteristics;

步骤14：用户从创建序列中选择一个或多个认证因素形成一个集合作为密码；为方便描述，作为密码的认证因素称为密码认证因素，密码 认证因素之间的关系可以是有序的也可以是无序的，而且密码集合中可以有相同的密码认证因素，认证系统存储密码认证因素。 Step 14: The user selects one or more authentication factors from the creation sequence to form a set as a password; for the convenience of description, the authentication factors used as passwords are called password authentication factors, and the relationship between password authentication factors can be ordered or is unordered, and there can be the same password authentication factor in the password set, and the authentication system stores the password authentication factor. the

以上只是用户创建密码的一种方式，另一种创建密码的方式为：步骤13为用户向认证系统输入密码认证因素，同时系统从认证因素库选取或自动产生干扰认证因素，认证系统将用户输入的密码认证因素存储在认证因素库，同时把用户输入的密码认证因素和产生的干扰认证因素存储在用户信息里，这种方式可以增强用户对密码的记忆性和密码的安全性。 The above is just one way for the user to create a password. Another way to create a password is: Step 13: the user inputs the password authentication factor to the authentication system, and the system selects or automatically generates interference authentication factors from the authentication factor library, and the authentication system will input the authentication factor to the authentication system. The password authentication factors are stored in the authentication factor library, and the password authentication factors entered by the user and the interference authentication factors are stored in the user information. This method can enhance the user's memory of the password and the security of the password. the

为防止用户遗忘密码，认证系统在用户创建或修改完密码后，可以提供密码输入训练，即让用户反复输入密码增强记忆。 In order to prevent users from forgetting passwords, the authentication system can provide password input training after users create or modify passwords, that is, let users repeatedly input passwords to enhance memory. the

请参见图2，本发明用户认证方法，包括以下步骤： Please refer to Fig. 2, the user authentication method of the present invention comprises the following steps:

步骤21：需要对用户认证时，用户输入用户识别号，认证系统提供一个认证序列，对于同一个用户，认证系统提供的认证序列内容相同，即包含相同的认证因素，同时包含密码认证因素，较佳地实施例为用户创建密码时使用的创建序列随机排序后作为认证序列；还可以为用户第一次认证时，认证系统提供一个包含密码认证因素的认证序列，并进行存储，在以后的用户认证中，随机排序后作为认证序列； Step 21: When the user needs to be authenticated, the user enters the user identification number, and the authentication system provides an authentication sequence. For the same user, the authentication sequence provided by the authentication system has the same content, that is, includes the same authentication factors and password authentication factors. In a preferred embodiment, the creation sequence used when the user creates a password is randomly sorted and then used as the authentication sequence; when the user is authenticated for the first time, the authentication system provides an authentication sequence containing password authentication factors and stores it for future user authentication. In authentication, random sorting is used as the authentication sequence;

步骤22：用户根据自己的记忆从认证序列中选择密码认证因素，完成密码的输入； Step 22: The user selects the password authentication factor from the authentication sequence according to his own memory, and completes the input of the password;

步骤23：认证系统将输入的密码认证因素与存储的密码认证因素进行比对，如正确，执行步骤24，如不正确，执行步骤25； Step 23: The authentication system compares the input password authentication factor with the stored password authentication factor, if correct, go to step 24, if not correct, go to step 25;

步骤24：通过用户认证，处理用户需要的业务； Step 24: Pass user authentication and process the business required by the user;

步骤25：进行后处理，如判断步骤22执行次数是否超过预定阀值，如没有超过，重新执行步骤22，如超过，认证系统报警，终止操作。 Step 25: Perform post-processing, such as judging whether the execution times of step 22 exceed the predetermined threshold, if not, re-execute step 22, if exceeded, the authentication system will alarm and terminate the operation. the

为清楚描述本发明，下面以认证因素是音频文件为例，提供一个认证方法的具体实施例：由于音频文件的特性，该认证方法多用于需要在 电话上进行认证的场合，如电话银行，电话股票交易，具体包括： For clearly describing the present invention, take the authentication factor as an example of an audio file below to provide a specific embodiment of an authentication method: due to the characteristics of the audio file, this authentication method is mostly used in situations where authentication needs to be carried out on the phone, such as telephone banking, telephone Stock trading, specifically including:

用户创建密码或修改密码： User create password or modify password:

用户输入用户识别号和用户信息；认证系统提供一个创建序列，创建序列包含若干个音频文件，音频文件可以为语音文件或音乐文件，共同的特点是易记忆，显著性高容易与其他文件相区别。用户从中选择一个或多个自身易记忆的音频文件形成集合作为密码。为节省存储空间，每个音频文件都有一个对应的识别号，认证系统存储该用户的用户资料和密码对应的识别号，以及所述创建序列对应的识别号。 The user enters the user identification number and user information; the authentication system provides a creation sequence, which contains several audio files. The audio files can be voice files or music files. The common feature is that they are easy to remember, highly distinctive and easy to distinguish from other files. . The user selects one or more audio files that are easy to remember by himself to form a set as a password. In order to save storage space, each audio file has a corresponding identification number, and the authentication system stores the identification number corresponding to the user's user information and password, and the identification number corresponding to the creation sequence. the

需要对用户认证时： When user authentication is required:

步骤301：用户输入用户识别号，认证系统读取存储的用户资料中的创建序列，随机播放创建序列中的各个音频文件作为认证序列，由于在创建密码时系统用创建序列对用户进行了强化训练，这样能防止用户遗忘密码； Step 301: The user enters the user identification number, the authentication system reads the creation sequence in the stored user information, and randomly plays each audio file in the creation sequence as the authentication sequence. Since the system uses the creation sequence to train the user intensively when creating a password , which can prevent users from forgetting their passwords;

步骤302：用户从认证序列中选择音频文件完成输入密码的动作，选择的方式为：听到密码音频文件时按下某一预定键，如“#”键，这样可以防止他人通过偷看用户按键盘的动作而窃取密码；选择的方式也可以为：播放每个音频文件同时播放该音频文件在认证序列中的序号，用户在听完该序列后输入密码音频文件的序号，由于每次输入的序号均不相同，也可以防止他人窃取密码；选择的方式还可以为：用户输入密码音频文件播放的内容； Step 302: The user selects an audio file from the authentication sequence to complete the action of entering the password. The selection method is: when hearing the password audio file, press a predetermined key, such as the "#" key, which can prevent others from peeking at the user's key. The password can be stolen by the action of the keyboard; the mode of selection can also be: play each audio file and play the sequence number of the audio file in the authentication sequence at the same time, and the user inputs the sequence number of the password audio file after listening to the sequence. The serial numbers are all different, which can also prevent others from stealing the password; the selection method can also be: the user enters the content of the password audio file to play;

步骤303：认证系统将用户输入的密码转换为音频文件识别号，同时读取存储器中用户识别号对应的密码音频文件识别号，将两者进行比对，如比对为正确，执行步骤304；如比对为不正确，执行步骤305； Step 303: the authentication system converts the password input by the user into an audio file identification number, reads the password audio file identification number corresponding to the user identification number in the memory at the same time, compares the two, and if the comparison is correct, execute step 304; If the comparison is incorrect, go to step 305;

步骤304：通过用户认证，处理用户需要的业务； Step 304: pass the user authentication, and process the business required by the user;

步骤305：判断该用户的认证次数是否超过预定阀值，如3次，如没有超过，执行步骤302，如已经超过，执行步骤306； Step 305: Determine whether the number of authentication times of the user exceeds the predetermined threshold, such as 3 times, if not, perform step 302, and if it has exceeded, perform step 306;

步骤306：播放警告的音频文件，结束认证流程。 Step 306: Play the warning audio file, and end the authentication process. the

如图3所示，本发明还提供一种认证系统，包括： As shown in Figure 3, the present invention also provides an authentication system, including:

存储器，用于存储认证因素库和用户资料库，认证因素库存储认证因素和认证因素本身的识别号，认证因素为音频文件、图片或视频等数据媒体文件，每个认证因素对应一个唯一的认证因素识别号；用户资料存储用户识别号、用户信息、用户密码，以及用户创建密码时使用的创建序列，其中用户识别号为用户名、用户帐号或用户输入的端识别号等，用户密码是以认证因素识别号的形式存储； The memory is used to store the authentication factor library and the user database. The authentication factor library stores the identification number of the authentication factor and the authentication factor itself. The authentication factor is a data media file such as an audio file, a picture or a video, and each authentication factor corresponds to a unique authentication factor identification number; user data stores user identification number, user information, user password, and the creation sequence used by the user to create a password, where the user identification number is the user name, user account number or terminal identification number entered by the user, etc., and the user password is Store in the form of authentication factor identification number;

输入端，用于提供给用户输入信息，可以为通信设备、电脑或服务器，接收用户输入的用户识别号和选取的密码认证因素并发送； The input terminal is used to provide the user with input information, which can be a communication device, a computer or a server, receiving and sending the user identification number and the selected password authentication factor input by the user;

转换模块，用于接收用户输入的密码认证因素，转换为对应的认证因素识别号后发送，因为数据媒体文件本身信息量大，将认证因素转换为对应的识别号有利于节省存储空间和带宽，同时减少计算量； The conversion module is used to receive the password authentication factor input by the user, convert it into the corresponding authentication factor identification number and send it. Because the data media file itself has a large amount of information, converting the authentication factor into the corresponding identification number is beneficial to save storage space and bandwidth. At the same time reduce the amount of calculation;

比对模块，用于接收转换模块发送的认证因素识别号和用户识别号，读取用户资料库对应用户的密码认证因素识别号，对两者进行比对，如果比对结果为符合，发送认证通过信号； The comparison module is used to receive the authentication factor identification number and the user identification number sent by the conversion module, read the password authentication factor identification number corresponding to the user in the user database, and compare the two. If the comparison result is consistent, send the authentication pass signal;

选取模块，用于接收用户的请求信号，从存储器中选取认证序列进行发送，并在所述用户资料库中对应的用户单元中进行存储，请求信号为用户创建或修改密码的请求信号，以及用户第一次请求认证的信号； The selection module is used to receive the user's request signal, select the authentication sequence from the memory to send, and store it in the corresponding user unit in the user database, the request signal is the request signal for the user to create or modify the password, and the user The signal for the first request for authentication;

输出模块，用于接收选取模块发送的认证序列并播放，当认证因素为音频文件时，输出模块为音频播放器，当认证因素为图片或视频媒体文件时，输出模块为显示器。 The output module is used to receive and play the authentication sequence sent by the selection module. When the authentication factor is an audio file, the output module is an audio player. When the authentication factor is a picture or video media file, the output module is a display. the

其中转换模块接收输入端发送的用户输入的密码认证因素，根据所述选取模块发送的认证因素识别号，将所述用户输入的密码转换为认证因素对应的识别号，当用户创建或修改密码时发送给所述用户资料库进行存储，当对用户进行认证时发送给所述比对模块。 Wherein the conversion module receives the password authentication factor input by the user sent by the input terminal, converts the password input by the user into the identification number corresponding to the authentication factor according to the authentication factor identification number sent by the selection module, when the user creates or modifies the password It is sent to the user database for storage, and sent to the comparison module when the user is authenticated. the

转换模块还包括识别号产生单元，所述识别号产生单元在用户创建或修改密码时，接受用户输入的认证因素并产生对应的识别号后，发送给存储器的认证因素库进行存储，并将用户输入的认证因素作为密码认证因素存储在用户资料库中。 The conversion module also includes an identification number generating unit, which accepts the authentication factor input by the user and generates the corresponding identification number when the user creates or modifies the password, and then sends it to the authentication factor library of the memory for storage, and stores the authentication factor of the user. The entered authentication factors are stored in the user database as password authentication factors. the

为增加密码认证因素的可记忆性，认证因素库按照认证因素的类型划分为若干个单元，分别存储不同类型的认证因素，如当认证因素是音频文件时，认证因素按照音乐的种类，可分为轻音乐、摇滚乐、流行音乐、戏剧、特殊音效等等，那么认证因素库就包括轻音乐单元，摇滚乐单元等，音乐的每个种类下面还可以再细分，相应的每个单元还可以包括子单元。 In order to increase the memorability of password authentication factors, the authentication factor library is divided into several units according to the type of authentication factors, and stores different types of authentication factors respectively. For example, when the authentication factor is an audio file, the authentication factor can be divided into For light music, rock music, pop music, drama, special sound effects, etc., then the authentication factor library includes light music units, rock music units, etc. Each type of music can be further subdivided, and each corresponding unit can also include subunits . the

相应的选取模块还包括用户特性读取器，该用户特性读取器读取用户创建密码时的用户资料中的个人特性，并进行归类发送给用户资料库进行存储，根据归类在认证因素库中相应的单元中选取认证因素。如当认证因素是音频文件，用户在创建密码时选择喜欢摇滚乐，该用户特性读取器读取到用户的特性后，去存储器存储摇滚乐的存储单元选取认证因素序列发送给输出端。 The corresponding selection module also includes a user characteristic reader, which reads the personal characteristics in the user data when the user creates a password, and classifies them and sends them to the user database for storage. Select the authentication factor from the corresponding unit in the library. For example, when the authentication factor is an audio file, the user chooses to like rock music when creating a password. After the user characteristic reader reads the user's characteristics, the storage unit for storing rock music in the memory selects the authentication factor sequence and sends it to the output terminal. the

为进一步说明本发明，下面提供认证因素为图片的认证系统实施例，存储器存储有图片库和用户资料库，图片库包括图片和图片对应的识别号，按照图片的种类图片库包括风景图单元、人物图单元、卡通图单元等。 For further illustrating the present invention, below provide authentication factor is the authentication system embodiment of picture, memory is stored with picture storehouse and user database, picture storehouse comprises picture and the corresponding identification number of picture, according to the kind picture storehouse of picture comprises landscape unit, Figure unit, cartoon unit, etc. the

用户创建密码： User creation password:

用户输入个人爱好或图片类型等个人特性，所述用户特性读取器读取个人特性发送到用户资料库进行存储，选取模块根据用户的特性在图片库中相应的单元里随机选取图片组成创建序列发送给输出端，即显示器，同时将图片识别号发送给转换模块和存储器进行存储；用户通过点击图片或输入图片序号来设置密码，并发送给第一转换单元；第一转换 单元将用户输入的密码转换为对应的图片识别号发送给用户资料库进行存储。 The user inputs personal characteristics such as personal hobbies or picture types, and the user characteristic reader reads the personal characteristics and sends them to the user database for storage, and the selection module randomly selects pictures in corresponding units in the picture library according to the characteristics of the user to form a creation sequence Send to the output terminal, that is, the display, and at the same time send the picture identification number to the conversion module and memory for storage; the user sets a password by clicking on the picture or inputting the picture serial number, and sends it to the first conversion unit; the first conversion unit converts the password input by the user The password is converted into a corresponding picture identification number and sent to the user database for storage. the

需要对用户认证时： When user authentication is required:

用户输入用户识别号，选取模块接收用户识别号，调取用户资料中的创建序列随机组合后发送给显示器，同时将相应的图片识别号发送给第二转换单元，显示器显示该认证序列； The user inputs the user identification number, selects the module to receive the user identification number, retrieves the creation sequence in the user profile and randomly combines it and sends it to the display, and at the same time sends the corresponding picture identification number to the second conversion unit, and the display displays the authentication sequence;

用户点击密码图片或输入密码图片在图片序列中的序号，来完成密码的输入； The user clicks the password picture or enters the serial number of the password picture in the picture sequence to complete the password input;

第二转换单元接收用户输入的密码，根据从选取模块接收的图片识别号，将用户输入的密码转换为对应的图片识别号发送给比对模块，比对模块将选取模块发送的图片识别号和存储器中用户的密码进行比对，如果两者相同，则发送认证通过信号。 The second conversion unit receives the password input by the user, and converts the password input by the user into a corresponding picture identification number according to the picture identification number received from the selection module and sends it to the comparison module, and the comparison module sends the picture identification number and the picture identification number sent by the selection module The user's password in the memory is compared, and if the two are the same, an authentication pass signal is sent. the

显然，本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样，倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内，则本发明也意图包含这些改动和变型在内。 Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalent technologies, the present invention also intends to include these modifications and variations. the

Claims (12)

1. a user authen method is characterized in that, may further comprise the steps:

Verification System provides an authentication factor sequence after receiving the customer identification number of user's input, and said authentication factor sequence comprises the authentication factor beyond cipher authentication factor and the cipher authentication factor;

The user chooses the cipher authentication factor in said authentication factor sequence;

The cipher authentication factor that Verification System is chosen the user cipher authentication factor corresponding with the said user of storage compared, and comparison result is correctly just through authentication; Wherein, said authentication factor is audio file or video file.

2. authentication method as claimed in claim 1 is characterized in that, for same user, the said authentication factor sequence content that Verification System provides is identical, but the order of authentication factor in said authentication factor sequence is at random.

3. authentication method as claimed in claim 2 is characterized in that, said cipher authentication factor has identical authentication factor.

4. authentication method as claimed in claim 1; It is characterized in that; Also comprise step before the said method: when user's establishment or modification password; Verification System provides the establishment sequence, and the user therefrom selects the cipher authentication factor, the subscriber data and the said cipher authentication factor of Verification System storage user input.

5. authentication method as claimed in claim 3 is characterized in that, when the user created or revises password, Verification System is the storage creation sequence also;

After said Verification System receives the customer identification number of said user input, extract after the corresponding establishment sequence random alignment of said customer identification number as the authentication factor sequence.

6. authentication method as claimed in claim 1; It is characterized in that; Also comprise step before the said method: when user's establishment or modification password; The user inputs customer identification number, user profile and as the authentication factor of password, customer identification number, user profile and the said cipher authentication factor of Verification System storage user input.

7. like claim 4 or 6 described authentication methods, it is characterized in that behind user's establishment or the modification password, authentication factor and cipher authentication factor that Verification System is chosen beyond the cipher authentication factor are formed the authentication factor sequence, store said authentication factor sequence; Or

When user's authentication for the first time, authentication factor and cipher authentication factor that Verification System is chosen beyond the cipher authentication factor are formed the authentication factor sequence, store said authentication factor sequence.

8. a customer certification system is characterized in that, comprising:

Memory is used for authentication storage factor storehouse and subscriber data storehouse, and said authentication factor is audio file or video file;

Input is used to receive the customer identification number and the cipher authentication factor of choosing of user's input and send;

Choose module, receive said customer identification number after, send after from said memory, extracting the authentication factor sequence, said authentication factor sequence comprises the authentication factor beyond cipher authentication factor and the cipher authentication factor;

Output receives said authentication factor sequence and the output that module is sent of choosing;

Comparing module receives the cipher authentication factor that user that input sends chooses, the cipher authentication factor comparison corresponding with user described in the said subscriber data storehouse, and comparison result is when meeting, and signal is passed through in the transmission authentication.

9. Verification System as claimed in claim 8 is characterized in that, said authentication factor storehouse comprises authentication factor and the corresponding identifier of authentication factor; Choose module when output sends the authentication factor sequence, also send the identifier of authentication factor sequence in the said authentication factor sequence;

Said system also comprises modular converter; Said modular converter receives the cipher authentication factor of user's input of input transmission; According to the said authentication factor identifier of choosing the module transmission; Convert the password of said user's input into authentication factor corresponding identifier, when the user creates or revises password, send to said subscriber data storehouse and store, when the user is carried out authentication, send to said comparing module.

10. Verification System as claimed in claim 9; It is characterized in that; Said modular converter also comprises the identifier generation unit, when said identifier generation unit is created or revised password the user, after receiving the cipher authentication factor of user's input and producing corresponding identifier; Store in the authentication factor storehouse that sends to memory, and the cipher authentication factor of user's input is stored in the subscriber data storehouse.

11. Verification System as claimed in claim 8 is characterized in that, when said subscriber data storehouse stores also that the user creates or revises password, chooses the establishment sequence that module is chosen, or during user's authentication for the first time, chooses the authentication factor sequence that module is chosen;

The said module of choosing when the user is carried out authentication, receive the customer identification number of user's input after, from said subscriber data storehouse, extract corresponding authentication factor sequence, and authentication factor sent to output after randomly ordered.

12. Verification System as claimed in claim 8 is characterized in that, said authentication factor storehouse is divided at least two unit according to the characteristic of authentication factor;

The said module of choosing also comprises the user personality reader, when the user creates or revises password, in the authentication factor storehouse, extraction establishment sequence after sends to said output in the units corresponding according to the user personality in the subscriber data of said user's input.

Images