技术领域technical field
本发明涉及移动通信技术,具体地涉及一种用于移动设备的密码安全系统以及用于移动设备的密码安全输入方法。The invention relates to mobile communication technology, in particular to a password security system for mobile equipment and a password security input method for mobile equipment.
背景技术Background technique
随着智能移动设备逐渐成为个人生活小助理,越来越多的个人信息存储在智能移动设备中,这些信息包含有个人密切相关的隐私信息,如个人照片、社交账户、游戏账户等信息,如何对这些个人隐私信息进行安全保护是用户对智能手机的一大安全需求。As smart mobile devices gradually become personal life assistants, more and more personal information is stored in smart mobile devices, which contain closely related private information, such as personal photos, social accounts, game accounts, etc. How to Security protection of these personal privacy information is a major security requirement of users for smart phones.
现有的常用技术手段使用的是密码的方式,即让用户设置一个密码,当用户要保护个人信息时,则要求用户输入密码之后,智能移动设备判断密码是否正确,若正确,则对个人信息进行加密;之后,若用户需要查看个人信息时,同样输入密码,系统判断密码正确后,对个人信息进行解密以供用户查看。The existing common technical means use the password method, that is, let the user set a password. When the user wants to protect personal information, the user is required to enter the password, and the smart mobile device judges whether the password is correct. If it is correct, the personal information is After that, if the user needs to view personal information, he also enters the password. After the system judges that the password is correct, the personal information is decrypted for the user to view.
然而,这种方式也会存在以下两个问题:However, this approach also has the following two problems:
(1)为了保证安全性,当前密码使用的是字符形式且需要一定的复杂组合,这给密码增强安全度,降低被破解风险的同时,也带来一个现实的问题,即密码若有一段时间不用,用户将容易忘记,从而造成个人信息无法解密,为用户带来不便。(1) In order to ensure security, the current password is in the form of characters and requires a certain complex combination, which enhances the security of the password and reduces the risk of being cracked, but also brings a real problem, that is, if the password is stored for a period of time No, users will easily forget, which will cause personal information to be decrypted and cause inconvenience to users.
(2)密码以本地存储方式存在智能手机上,而由于智能手机在安全性方面的欠缺,无法防御恶意程序窃取,就算主密钥以密文形式进行存储,则对主密钥进行加密的密钥也是存在智能手机上,也无法从根本上防御密码被破解的风险。同时,由于用户每次查看个人隐私信息时,都需要输入密码,这也大大增加了被恶意程序以中间人攻击方式窃取密码的风险。(2) The password is stored locally on the smart phone, and due to the lack of security of the smart phone, it cannot prevent malicious programs from stealing. Even if the master key is stored in ciphertext, the encrypted master key The key also exists on the smartphone, and it cannot fundamentally prevent the risk of the password being cracked. At the same time, since users need to enter a password every time they view personal privacy information, this also greatly increases the risk of passwords being stolen by malicious programs through man-in-the-middle attacks.
发明内容Contents of the invention
鉴于上述问题,本发明旨在提供一种能够解决密码使用过程中记忆困难和容易被窃取的问题并且实现密码的安全输入的用于移动设备的密码安全系统以及用于移动设备的密码安全输入方法。In view of the above problems, the present invention aims to provide a password security system for mobile devices and a password security input method for mobile devices that can solve the problems of difficulty in remembering and easy to be stolen during the use of passwords and realize secure input of passwords .
本发明的用于移动设备的密码安全系统,其特征在于,具备:The cryptographic security system for mobile devices of the present invention is characterized in that it has:
安全设备,在密码生成阶段用于获取密码并根据该密码生成密码密文后传输给下述的第一移动设备,在密码验证阶段用于验证从下述的第一移动设备发送来的密码密文;The security device is used to obtain a password in the password generation phase and generate a password cipher text according to the password and transmit it to the first mobile device described below, and is used to verify the password cipher text sent from the first mobile device described below in the password verification phase. arts;
第一移动设备,在密码生成阶段用于从所述安全设备接收生成的密码密文并且传输到下述的第二移动设备,在密码验证阶段用于从下述的第二移动设备读取密码密文并发送到所述安全设备;The first mobile device is used in the password generation phase to receive the generated password ciphertext from the security device and transmit it to the second mobile device described below, and in the password verification phase to read the password from the second mobile device described below ciphertext and send to said security device;
第二移动设备,在密码生成阶段用于存储从所述第一移动设备接收到的密码密文,在密码验证阶段用于向所述第一移动设备提供存储的密码密文。The second mobile device is configured to store the password ciphertext received from the first mobile device during the password generation phase, and to provide the stored password ciphertext to the first mobile device during the password verification phase.
优选地,所述安全设备作为所述第一移动设备的一部分而构成。Preferably, said security device is formed as part of said first mobile device.
优选地,所述安全设备为云设备或者安全单元。Preferably, the security device is a cloud device or a security unit.
优选地,所述第一移动设备为智能手机或平板电脑,所述第二移动设备为穿戴设备。Preferably, the first mobile device is a smart phone or a tablet computer, and the second mobile device is a wearable device.
本发明的用于移动设备的密码安全系统,其特征在于,具备:The cryptographic security system for mobile devices of the present invention is characterized in that it has:
安全设备,在密码生成阶段用于获取密码并且根据该密码生成密码密文后传输给下述第二移动设备,在密码验证阶段用于验证从下述的第一移动设备发送来的密码密文;The security device is used to obtain a password in the password generation phase and generate a password ciphertext according to the password and transmit it to the second mobile device described below, and is used in the password verification phase to verify the password ciphertext sent from the first mobile device described below ;
第一移动设备,在密码验证阶段用于从下述的第二移动设备读取密码密文并发送到所述安全设备;The first mobile device is used in the password verification stage to read the password ciphertext from the second mobile device described below and send it to the security device;
第二移动设备,在密码生成阶段用于存储从所述安全设备接收到的密码密文,在密码验证阶段用于向所述第一移动设备提供存储的密码密文。The second mobile device is configured to store the password ciphertext received from the security device during the password generation phase, and to provide the stored password ciphertext to the first mobile device during the password verification phase.
优选地,所述安全设备作为所述第一移动设备中的一部分而构成。Advantageously, said security device is formed as part of said first mobile device.
优选地,所述安全设备具备:Preferably, the security device has:
交互界面模块,用于获取用户输入的原始密码;The interactive interface module is used to obtain the original password input by the user;
可信存储模块,用于存储所述原始密码;a trusted storage module, configured to store the original password;
加解密模块,在密码生成阶段用于根据原始密码生成密码密文,在密码验证阶段用于对从下述密码数据生成模块提取的密码密文进行解密并进行验证;The encryption and decryption module is used to generate ciphertext according to the original password in the password generation phase, and is used to decrypt and verify the ciphertext extracted from the following password data generation module in the password verification phase;
密码数据生成模块,在密码生成阶段用于根据所述密码密文生成密码数据,在密码验证阶段用于从来自下述第二移动设备的密码数据中提取密码密文;The password data generation module is used to generate password data according to the password ciphertext in the password generation phase, and is used to extract the password ciphertext from the password data from the second mobile device described below in the password verification phase;
第一信息接收模块,用于在所述安全设备和所述第一移动设备之间以及/或者所述安全设备和所述第二移动设备之间进行数据交互,A first information receiving module, configured to perform data interaction between the security device and the first mobile device and/or between the security device and the second mobile device,
所述第二移动设备具备:The second mobile device has:
存储模块,在密码生成阶段用于存储从安全模块发送来的所述密码数据;a storage module, used to store the password data sent from the security module during the password generation phase;
密码数据展示模块,在密码验证阶段用于展示由所述存储模块存储的所述密码数据,a password data display module, used to display the password data stored by the storage module during the password verification phase,
所述第一移动设备具备:The first mobile device has:
密码数据读取模块,用于读取所述密码数据展示模块所展示的密码数据;a password data reading module, configured to read the password data displayed by the password data display module;
第二信息接收模块,用于在所述第一移动设备和所述安全设备之间以及/或者所述第一移动设备和所述第二移动设备之间进行数据交互。The second information receiving module is configured to perform data exchange between the first mobile device and the security device and/or between the first mobile device and the second mobile device.
优选地,所述密码数据生成模块是二维码生成模块,Preferably, the password data generation module is a two-dimensional code generation module,
所述二维码生成模块在密码生成阶段用于根据所述密码密文生成二维码,在密码验证阶段用于从来自第二移动设备的密码数据中提取二维码,The two-dimensional code generation module is used to generate a two-dimensional code according to the password ciphertext in the password generation phase, and is used to extract the two-dimensional code from the password data from the second mobile device in the password verification phase,
所述密码数据展示模块是二维码展示模块,The password data display module is a two-dimensional code display module,
所述二维码展示模块在密码验证阶段用于展示作为由所述存储模块存储的密码数据的二维码,The two-dimensional code display module is used to display the two-dimensional code as the password data stored by the storage module in the password verification stage,
所述密码数据读取模块是摄像头,所述摄像头用于读取所述二维码展示模块展示的二维码。The password data reading module is a camera, and the camera is used to read the two-dimensional code displayed by the two-dimensional code display module.
优选地,所述密码数据生成模块是条形码生成模块,所述条形码生成模块在密码生成阶段用于根据所述密码密文生成条形码,在密码验证阶段用于从来自第二移动设备的密码数据中提取条形码,Preferably, the password data generation module is a barcode generation module, and the barcode generation module is used to generate a barcode according to the password ciphertext in the password generation phase, and is used to generate a barcode from the password data from the second mobile device in the password verification phase. extract the barcode,
所述密码数据展示模块是条形码展示模块,The password data display module is a barcode display module,
所述条形码展示模块在密码验证阶段用于展示作为由所述存储模块存储的密码数据的条形码,The barcode display module is used to display the barcode as the password data stored by the storage module during the password verification stage,
所述密码数据读取模块是摄像头,所述摄像头用于读取所述条形码展示模块展示的条形码。The password data reading module is a camera, and the camera is used to read the barcode displayed by the barcode display module.
优选地,所述第一移动设备为智能手机或平板电脑,所述第二移动设备是可穿戴设备,所述安全设备作为所述智能手机的一部分而设置在所述智能手机的TEEI中。Preferably, the first mobile device is a smart phone or a tablet computer, the second mobile device is a wearable device, and the security device is set in the TEEI of the smart phone as a part of the smart phone.
优选地,所述安全设备与所述第二移动设备之间的数据传送通过非接通信实现。Preferably, the data transmission between the security device and the second mobile device is realized through contactless communication.
本发明的用于移动设备的密码安全输入方法,该方法利用安全设备、第一移动设备以及第二移动设备实现,其特征在于,包括下述步骤:The password security input method for mobile equipment of the present invention, this method utilizes security equipment, first mobile equipment and second mobile equipment to realize, it is characterized in that, comprises the following steps:
密码生成步骤,安全设备获取密码并且将该密码加密生成密码密文后通过第一移动设备传输到第二移动设备或者直接传送到第二移动设备;In the password generation step, the security device obtains the password and encrypts the password to generate a password ciphertext, and then transmits it to the second mobile device through the first mobile device or directly to the second mobile device;
密码存储步骤,第二移动设备存储所述密码密文;In a password storage step, the second mobile device stores the password ciphertext;
密码输入步骤,用户在需要输入密码时,第二移动设备向第一移动设备展示密码密文,由第一移动设备获取密码密文并发送到安全设备;Password input step, when the user needs to input the password, the second mobile device displays the password ciphertext to the first mobile device, and the first mobile device obtains the password ciphertext and sends it to the security device;
密码验证步骤,安全设备将从第一移动设备发送来的密码密文解密并验证解密后的密码。In the password verification step, the security device decrypts the password ciphertext sent from the first mobile device and verifies the decrypted password.
优选地,所述安全设备与所述第二移动设备之间的数据传送通过非接通信实现。Preferably, the data transmission between the security device and the second mobile device is realized through contactless communication.
优选地,所述密码密文采用二维码或者条形码。Preferably, the password ciphertext adopts a two-dimensional code or a barcode.
本发明的用于移动设备的密码安全系统包括,其特征在于,包括:后台系统、第一移动设备、以及第二移动设备,The password security system for mobile devices of the present invention includes, and is characterized in that it includes: a background system, a first mobile device, and a second mobile device,
其中,后台系统具备:Among them, the background system has:
第一计数器,用于产生计数值并且对计数值比对次数进行计数;The first counter is used to generate a count value and count the number of comparisons of the count value;
公私钥生成单元,用于生成公钥和私钥;A public-private key generation unit is used to generate a public key and a private key;
加解密模块,在密码生成阶段,用于获取用户密码,并且将用户密码、上述第一计数器产生的计数值以及上述公私钥生成单元生成的公钥一起加密后生成密码密文发送到第一移动设备,在密码验证阶段,用于从第一移动设备发送来的下述第二密码密文中解析出计数值并且将该解析出的计数值与所述第一计数器存储的计数值进行比对,仅在计数值比对通过的情况下才对第二密码密文进行密码验证;The encryption and decryption module, in the password generation phase, is used to obtain the user password, and encrypt the user password, the count value generated by the above-mentioned first counter, and the public key generated by the above-mentioned public-private key generation unit together to generate a password ciphertext and send it to the first mobile The device, in the password verification phase, is configured to parse the count value from the following second password ciphertext sent by the first mobile device and compare the parsed count value with the count value stored in the first counter, Only when the count value comparison is passed, the password verification is performed on the second password ciphertext;
第一网络安全通道,用于在后台系统和第一移动设备之间进行数据传输,a first network security channel for data transmission between the background system and the first mobile device,
第一移动设备具备:The first mobile device has:
第二计数器,存储来自后台系统的计数值;The second counter stores the count value from the background system;
密码处理单元,在密码生成阶段,接收从所述后台系统传输来的第一密码密文并且将第一密码密文和公钥传输给第二移动设备,在密码验证阶段,将所述第二计数器所存储的计数值发送给第二移动设备并且接收从所述第二移动设备返回的下述的第二密码密文,将所述第二密码密文发送到后台系统;The password processing unit receives the first password ciphertext transmitted from the background system and transmits the first password ciphertext and the public key to the second mobile device during the password generation phase, and transmits the second password ciphertext and the public key to the second mobile device during the password verification phase. The count value stored by the counter is sent to the second mobile device and receives the following second password ciphertext returned from the second mobile device, and sends the second password ciphertext to the background system;
第二网络安全通道,用于在后台系统和第一移动设备之间进行数据传输;The second network security channel is used for data transmission between the background system and the first mobile device;
所述第二移动设备具备:The second mobile device has:
存储模块,在密码生成阶段用于存储从第一移动设备发送来的密码密文和公钥;以及A storage module, used for storing the password ciphertext and public key sent from the first mobile device during the password generation phase; and
加解密模块,在密码验证阶段将从所述第一移动设备发送来的计数值与所述存储模块已经存储的密码密文公钥一起生成第二密码密文。The encryption and decryption module generates a second password ciphertext together with the count value sent from the first mobile device and the password ciphertext public key stored in the storage module during the password verification phase.
优选地,所述第一移动设备为智能手机或者平板电脑,所述第二移动设备是可穿戴设备。Preferably, the first mobile device is a smart phone or a tablet computer, and the second mobile device is a wearable device.
优选地,所述第一移动设备和所述第二移动设备之间通过非接方式进行通讯。Preferably, the communication between the first mobile device and the second mobile device is performed in a non-contact manner.
综上所述,本发明的用于移动设备的密码安全系统以及用于移动设备的密码安全输入方法,通过来利用另一个移动设备例如穿戴设备来代替人脑对密码进行存储,不用记忆密码,由此可以设置非常复杂的密码组合,提高了密码被破解的难度,大大提升了用户的体验。而且,在密码的传输中都是采用密码密文形式,能够有效地防止不被恶意窃取,能够提高密码使用的安全性。In summary, the password security system for mobile devices and the password security input method for mobile devices of the present invention use another mobile device such as a wearable device to replace the human brain to store passwords, without memorizing passwords. In this way, a very complex password combination can be set, which increases the difficulty of password cracking and greatly improves the user experience. Moreover, the transmission of the password is in the form of password ciphertext, which can effectively prevent malicious theft and improve the security of password use.
附图说明Description of drawings
图1是表示本发明的用于移动设备的密码安全系统的框架图。FIG. 1 is a block diagram showing a cryptographic security system for mobile devices of the present invention.
图2是表示本发明的密码安全输入方法的具体步骤的流程图。Fig. 2 is a flow chart showing the specific steps of the password security input method of the present invention.
图3是本发明第一实施方式的用于移动设备的密码安全系统的构造图。FIG. 3 is a configuration diagram of a cryptographic security system for mobile devices according to the first embodiment of the present invention.
图4是本发明第二实施方式的用于移动设备的密码安全系统的构造图。FIG. 4 is a configuration diagram of a cryptographic security system for mobile devices according to a second embodiment of the present invention.
图5是本发明第二实施方式的用于移动设备的密码安全系统的构造图。FIG. 5 is a configuration diagram of a cryptographic security system for mobile devices according to a second embodiment of the present invention.
具体实施方式detailed description
下面介绍的是本发明的多个实施例中的一些,旨在提供对本发明的基本了解。并不旨在确认本发明的关键或决定性的要素或限定所要保护的范围。Introduced below are some of the various embodiments of the invention, intended to provide a basic understanding of the invention. It is not intended to identify key or critical elements of the invention or to delineate the scope of protection.
随着新技术的发展,各种移动设备不断涌现,用户随身携带多个移动设备已经成为可能,例如同时携带智能手机和各种可穿戴设备等。本发明就是利用用户随身携带多个移动设备的优势,提供一种能够可靠、便利地输入用户密码的密码安全系统以及密码安全输入方法。With the development of new technologies, various mobile devices continue to emerge, and it has become possible for users to carry multiple mobile devices with them, such as smart phones and various wearable devices at the same time. The present invention utilizes the advantage that users carry a plurality of mobile devices to provide a password security system and a password security input method capable of reliably and conveniently inputting user passwords.
下面对于本发明的用于移动设备的密码安全系统进行说明。The password security system for mobile equipment of the present invention will be described below.
图1是表示本发明的用于移动设备的密码安全系统的框架图。FIG. 1 is a block diagram showing a cryptographic security system for mobile devices of the present invention.
如图1所示,本发明的用于移动设备的密码安全系统具备:安全设备100、第一移动设备200、第二移动设备300。As shown in FIG. 1 , the password security system for mobile devices of the present invention includes: a security device 100 , a first mobile device 200 , and a second mobile device 300 .
安全设备100在密码生成阶段用于对用户设定的密码加密生成密码密文并且将生成的密码密文传输给第一移动设备200在密码验证阶段用于验证将从下述的第一移动设备发送来的密码解密后进行验证。The security device 100 is used in the password generation phase to encrypt the password set by the user to generate a password ciphertext and transmit the generated password ciphertext to the first mobile device 200. In the password verification phase, it is used to verify that the following first mobile device The sent password is decrypted and verified.
第一移动设备200在密码生成阶段用于从所述安全设备100接收生成的密码密文并且传输到第二移动设备300,在密码验证阶段用于从第二移动设备300读取密码密文并发送到安全设备100。The first mobile device 200 is used to receive the generated password ciphertext from the security device 100 and transmit it to the second mobile device 300 in the password generation phase, and is used to read the password ciphertext from the second mobile device 300 in the password verification phase and sent to the security device 100.
第二移动设备300在密码生成阶段用于存储从第一移动设备200接收到的密码密文,在密码验证阶段用于向第一移动设备100提供存储的密码密文。The second mobile device 300 is used to store the password ciphertext received from the first mobile device 200 in the password generation phase, and is used to provide the stored password ciphertext to the first mobile device 100 in the password verification phase.
其中,安全设备100获取第一移动设备200使用时需要输入的密码(一般可以由用户进行输入),根据该密码生成加密的密文,通过通信通道传递第一移动设备200,第一移动设备200再通过通信通道传递给第二移动设备300,由第二移动设备300对密码密文进行存储。这样,在第一移动设备100上需要使用密码时,由第一移动设备200展示存储的从第二移动设备300读入密码后,发送到安全设备100,安全设备100对读入的密码进行验证,根据验证结果通知第一移动设备200密码验证是否通过。在本发明中,用第二移动设备300代替了人脑来记忆第一移动设备200的密码,利用移动设备相比人脑所具备的强大的计算能力和通讯接口能力,由此能够提升密码输入方式的安全形和便捷性。Among them, the security device 100 obtains the password (generally input by the user) that needs to be input when the first mobile device 200 is used, generates encrypted ciphertext according to the password, and transmits the first mobile device 200 through the communication channel, and the first mobile device 200 It is then transmitted to the second mobile device 300 through the communication channel, and the second mobile device 300 stores the password ciphertext. In this way, when a password needs to be used on the first mobile device 100, the first mobile device 200 displays and stores the password read from the second mobile device 300, and then sends it to the security device 100, and the security device 100 verifies the read password , notifying the first mobile device 200 whether the password verification passes according to the verification result. In the present invention, the second mobile device 300 is used instead of the human brain to memorize the password of the first mobile device 200, and the powerful computing power and communication interface capability of the mobile device compared with the human brain can be used to improve password input. The safety and convenience of the method.
在本发明中,安全设备100可以是作为一个单独的设备独立存在,例如,安全设备100是云设备或者一个安全单元。当然,安全设备100也可以是属于第一移动设备200的一部分而存在。In the present invention, the security device 100 may exist independently as a separate device, for example, the security device 100 is a cloud device or a security unit. Certainly, the security device 100 may also exist as a part of the first mobile device 200 .
这里,例如作为一个优选方式,第一移动设备100可以是智能手机、平板电脑,安全设备100可以是设置在该智能手机、平板电脑中的一部分单元,只要是能够完成密码生成和验证功能即可,另一方面,第二移动设备300可以是一种穿戴设备。Here, for example, as a preferred mode, the first mobile device 100 can be a smart phone or a tablet computer, and the security device 100 can be a part of the smart phone or a tablet computer, as long as it can complete the functions of password generation and verification. , on the other hand, the second mobile device 300 may be a wearable device.
接着,对于利用本发明的用于移动设备的密码安全系统实现的密码安全输入方法进行说明。图2是表示本发明的密码安全输入方法的流程图。Next, the password security input method implemented by the password security system for mobile equipment of the present invention will be described. Fig. 2 is a flow chart showing the secure password input method of the present invention.
如图2所示,本发明的密码安全输入方法包括下述步骤:As shown in Figure 2, password security input method of the present invention comprises the following steps:
密码生成步骤S100:利用安全设备100获取密码并且将该密码加密生成密码密文后通过第一移动设备200传输到第二移动设备300或者直接传送到第二移动设备300;Password generation step S100: use the security device 100 to obtain a password and encrypt the password to generate a password ciphertext, and then transmit it to the second mobile device 300 through the first mobile device 200 or directly to the second mobile device 300;
密码存储步骤S200:第二移动设备300存储所述密码密文;Password storage step S200: the second mobile device 300 stores the password ciphertext;
密码输入步骤S300:用户在需要输入密码时,第二移动设备300向第一移动设备200展示密码密文,由第一移动设备200获取密码密文并发送到安全设备100;Password input step S300: when the user needs to input a password, the second mobile device 300 presents the password ciphertext to the first mobile device 200, and the first mobile device 200 obtains the password ciphertext and sends it to the security device 100;
密码验证步骤S400:安全设备100将从第一移动设备200发送来的密码密文解密并验证解密后的密码。Password verification step S400: the security device 100 decrypts the password ciphertext sent from the first mobile device 200 and verifies the decrypted password.
第一实施方式first embodiment
接着,对于本发明第一实施方式的用于移动设备的密码安全系统进行说明。Next, the password security system for mobile devices according to the first embodiment of the present invention will be described.
图3是本发明第一实施方式的用于移动设备的密码安全系统的构造图。FIG. 3 is a configuration diagram of a cryptographic security system for mobile devices according to the first embodiment of the present invention.
如图3所示,本发明第一实施方式的用于移动设备的密码安全系统包括智能手机400和可穿戴设备500。其中,智能手机400中包括TEEI区(TrustedExecutiveEnvironmentIntegration,可信执行环境)410和安卓区420。在第一实施方式中,TEEI区410相当于上述的安全设备、安卓区420相当于上述的第一移动设备、可穿戴设备500相当于上述的第二移动设备。As shown in FIG. 3 , the password security system for mobile devices according to the first embodiment of the present invention includes a smart phone 400 and a wearable device 500 . Wherein, the smart phone 400 includes a TEEI area (TrustedExecutiveEnvironmentIntegration, trusted execution environment) 410 and an Android area 420 . In the first embodiment, the TEEI area 410 is equivalent to the aforementioned security device, the Android area 420 is equivalent to the aforementioned first mobile device, and the wearable device 500 is equivalent to the aforementioned second mobile device.
在当前的技术中,TEEI(TrustedExecutionEnvironmentIntegration,可信执行环境)是为了解决当前移动智能终端存在的安全风险而提出的技术,TEEI构造了一个与移动智能终端操作系统(例如Android、iOS、WindowsPhone)隔离的安全运行环境。TEEI可以是位于移动智能终端主处理器中的安全区域,能够保证在可信的环境中进行敏感数据的存储、处理和保护。TEEI为授权的安全软件(可信软件)提供了安全的执行环境,通过执行保护、保密、完整和数据访问权限实现了端到端的安全。In the current technology, TEEI (Trusted ExecutionEnvironmentIntegration, Trusted Execution Environment) is a technology proposed to solve the security risks of current mobile smart terminals. TEEI constructs a mobile smart terminal operating system (such as Android, iOS, Windows Phone) to isolate safe operating environment. TEEI can be a secure area located in the main processor of the mobile smart terminal, which can ensure the storage, processing and protection of sensitive data in a trusted environment. TEEI provides a secure execution environment for authorized security software (trusted software), achieving end-to-end security through execution protection, confidentiality, integrity, and data access rights.
TEEI区410具备:TEEI Area 410 has:
可信交互界面模块411,用于获取用户输入的原始密码;Trusted interactive interface module 411, used to obtain the original password input by the user;
可信存储模块412,用于存储所述原始密码;A trusted storage module 412, configured to store the original password;
加解密模块413,在密码生成阶段用于根据原始密码生成密码密文,在密码验证阶段用于对从二维码生成模块414提取的密码密文进行解密并进行验证;The encryption and decryption module 413 is used to generate a password ciphertext according to the original password in the password generation stage, and is used to decrypt and verify the password ciphertext extracted from the two-dimensional code generation module 414 in the password verification stage;
二维码生成模块414,在密码生成阶段用于根据所述密码密文生成二维码,在密码验证阶段用于从来自可穿戴设备500中提取密码密文;The two-dimensional code generation module 414 is used to generate a two-dimensional code according to the password ciphertext in the password generation phase, and is used to extract the password ciphertext from the wearable device 500 in the password verification phase;
第一信息接收模块415,用于在TEEI区410和安卓区420之间以及/或者所述TEEI区410和可穿戴设备500之间进行数据交互。The first information receiving module 415 is configured to perform data interaction between the TEEI area 410 and the Android area 420 and/or between the TEEI area 410 and the wearable device 500 .
安卓区420具备:Android area 420 has:
摄像头421,用于读取所述二维码展示模块512所展示的密码密文;The camera 421 is used to read the password ciphertext displayed by the two-dimensional code display module 512;
第二信息接收模块422,用于在安卓区420和TEEI区410之间以及/或者可穿戴设备500进行数据交互。The second information receiving module 422 is configured to perform data interaction between the Android area 420 and the TEEI area 410 and/or the wearable device 500 .
所述可穿戴设备500具备:The wearable device 500 has:
存储模块511,在密码生成阶段用于存储从TEEI区410发送来的密码密文;The storage module 511 is used to store the password ciphertext sent from the TEEI area 410 during the password generation phase;
二维码展示模块512,在密码验证阶段用于展示由存储模块511存储的密码密文。The two-dimensional code display module 512 is used to display the password ciphertext stored by the storage module 511 during the password verification phase.
其中,TEEI区410和可穿戴设备500之间的数据传送通过非接通信实现,例如NFC或者蓝牙。Wherein, the data transmission between the TEEI area 410 and the wearable device 500 is realized through contactless communication, such as NFC or Bluetooth.
在第一实施方式中,以智能手机中的TEEI区410作为支撑密码处理的安全平台,可保证密码生成过程的安全性,由可穿戴设备500存储密码,避免用户记忆密码的问题。In the first embodiment, the TEEI area 410 in the smart phone is used as a security platform supporting password processing, which can ensure the security of the password generation process, and the wearable device 500 stores the password to avoid the problem of the user memorizing the password.
接着,对于利用该第一实施方式的用于移动设备的密码安全系统实现的密码的安全输入方法的流程进行具体说明。Next, the flow of the secure password input method implemented by the password security system for mobile devices of the first embodiment will be described in detail.
该具体的流程可以简单分为密码生成过程(相当于上述的密码生成步骤S100和密码存储步骤S200)和使用过程(相当于上述的密码输入步骤S300和密码验证步骤S400):The specific process can be simply divided into a password generation process (equivalent to the above-mentioned password generation step S100 and password storage step S200) and a use process (equivalent to the above-mentioned password input step S300 and password verification step S400):
密码的生成过程为:The password generation process is:
(1)用户设置密码时,通过TEEI区410提供的可信交互界面模块411获取用户输入的密码,传给加解密模块413;(1) When the user sets a password, the trusted interactive interface module 411 provided by the TEEI area 410 obtains the password input by the user and transmits it to the encryption and decryption module 413;
(2)加解密模块413使用可信存储模块412存储密码,并使用密钥采用常用的加密方法如3DES、AES等对密码进行加密,生成密码密文,传给二维码模块414;(2) The encryption and decryption module 413 uses the trusted storage module 412 to store the password, and uses a key to encrypt the password using commonly used encryption methods such as 3DES, AES, etc., to generate a password ciphertext, and pass it to the two-dimensional code module 414;
(3)二维码模块414基于该密文生成一个二维码,生成后以提示音等方式提示用户,用户通过可穿戴设备500靠近手机,使密码密文即二维码通过NFC传送到可穿戴设备500的存储模块511进行存储。(3) The two-dimensional code module 414 generates a two-dimensional code based on the ciphertext, and prompts the user with a prompt sound after the generation, and the user approaches the mobile phone through the wearable device 500, so that the password ciphertext, that is, the two-dimensional code, is transmitted to the wearable device through NFC. The storage module 511 of the wearable device 500 performs storage.
由上述过程可见,密码从输入到加密口令密文的生成都是处于TEEI的保护下,传输过程中也是密文形式,并不会被恶意程序获取,同时由于以可信存储的方式进行存储,避免了密码被恶意程序进行本地获取并破解的风险。It can be seen from the above process that the password from input to the generation of encrypted password ciphertext is under the protection of TEEI, and the transmission process is also in ciphertext form, which will not be obtained by malicious programs. This avoids the risk of passwords being obtained and cracked locally by malicious programs.
密码使用过程:Password usage process:
(1)当用户要对智能手机上的某部分个人信息,如目录、文件等信息进行加密保护时,加密应用以打开摄像头的方式提示用户输入密码;(1) When the user wants to encrypt and protect some personal information on the smartphone, such as directories, files and other information, the encryption application prompts the user to enter the password by turning on the camera;
(2)用户通过操作可穿戴设备500显示加密码密文二维码,用户摄像头421读入后,由摄像头421把数据传往二维码模块414,二维码模块414进行解析提取密码密文后传送给加解密模块413进行解密及验证,验证通过则通知系统对用户个人信息进行加密。(2) The user operates the wearable device 500 to display the encrypted ciphertext QR code, and after the user's camera 421 reads it, the camera 421 transmits the data to the QR code module 414, and the QR code module 414 analyzes and extracts the password ciphertext Then send it to the encryption and decryption module 413 for decryption and verification. If the verification is passed, the system will be notified to encrypt the user's personal information.
这样,当用户要查看加密的个人信息时,用户打开摄像头421读入可穿戴设备500上的二维码并以上述过程一样提取出密码并验证,由加解密模块413通知系统对个人信息进行解密以供用户查看。在这一过程中,由于是否需要通知系统进行个人信息加解密都是有TEEI下的加解密模块413发出,因而大大降低了个人信息被恶意程序非法加密及解密的风险。In this way, when the user wants to view the encrypted personal information, the user turns on the camera 421 to read the QR code on the wearable device 500 and extracts and verifies the password in the same way as the above process, and the encryption and decryption module 413 notifies the system to decrypt the personal information for users to view. In this process, the encryption and decryption module 413 under the TEEI will issue whether to notify the system to encrypt and decrypt personal information, thus greatly reducing the risk of personal information being illegally encrypted and decrypted by malicious programs.
而且,从体验上来说,相比现有的方式,本发明的密码安全输入方式从原有的密码手动输入变成摄像头拍摄即可,操作简单且易用,密码只在设置时输入一次即可,用户也不用记忆该密码,可设置非常复杂的密码组合,提高被破解难度,也大大提升了用户体验。Moreover, in terms of experience, compared with the existing methods, the password security input method of the present invention can be changed from the original password manual input to camera shooting, and the operation is simple and easy to use, and the password can only be input once during setting. , the user does not need to memorize the password, and can set a very complex password combination, which increases the difficulty of being cracked and greatly improves the user experience.
第二实施方式second embodiment
图4是本发明第二实施方式的用于移动设备的密码安全系统的构造图。FIG. 4 is a configuration diagram of a cryptographic security system for mobile devices according to a second embodiment of the present invention.
如图4所示,本发明第二实施方式的用于移动设备的密码安全系统包括智能手机600和可穿戴设备700。其中,智能手机600中包括TEEI区(TrustedExecutiveEnvironmentIntegration,可信执行环境)610和安卓区620。在第一实施方式中,TEEI区610相当于上述的安全设备、安卓区620相当于上述的第一移动设备、可穿戴设备700相当于上述的第二移动设备。As shown in FIG. 4 , the password security system for mobile devices according to the second embodiment of the present invention includes a smart phone 600 and a wearable device 700 . Wherein, the smart phone 600 includes a TEEI area (TrustedExecutiveEnvironmentIntegration, trusted execution environment) 610 and an Android area 620 . In the first embodiment, the TEEI area 610 is equivalent to the aforementioned security device, the Android area 620 is equivalent to the aforementioned first mobile device, and the wearable device 700 is equivalent to the aforementioned second mobile device.
TEEI区610具备:TEEI area 610 has:
可信交互界面模块611,用于获取用户输入的原始密码;Trusted interactive interface module 611, used to obtain the original password input by the user;
可信存储模块612,用于存储所述原始密码;A trusted storage module 612, configured to store the original password;
加解密模块613,在密码生成阶段用于根据原始密码生成密码密文,在密码验证阶段用于对从条形码生成模块414提取的密码密文进行解密并进行验证;The encryption and decryption module 613 is used to generate a password ciphertext according to the original password in the password generation stage, and is used to decrypt and verify the password ciphertext extracted from the barcode generation module 414 in the password verification stage;
条形码生成模块614,在密码生成阶段用于根据所述密码密文生成条形码,在密码验证阶段用于从来自可穿戴设备700中提取密码密文;The barcode generation module 614 is used to generate a barcode according to the password ciphertext in the password generation phase, and is used to extract the password ciphertext from the wearable device 700 in the password verification phase;
第一信息接收模块615,用于在TEEI区610和安卓区620之间以及/或者所述TEEI区610和可穿戴设备700之间进行数据交互。The first information receiving module 615 is configured to perform data interaction between the TEEI area 610 and the Android area 620 and/or between the TEEI area 610 and the wearable device 700 .
安卓区620具备:Android area 620 has:
摄像头621,用于读取所述条形码展示模块712所展示的密码密文;The camera 621 is used to read the password ciphertext displayed by the barcode display module 712;
第二信息接收模块622,用于在安卓区620和TEEI区610之间以及/或者可穿戴设备700进行数据交互。The second information receiving module 622 is configured to perform data interaction between the Android area 620 and the TEEI area 610 and/or the wearable device 700 .
所述可穿戴设备700具备:The wearable device 700 has:
存储模块711,在密码生成阶段用于存储从TEEI区610发送来的密码密文;The storage module 711 is used to store the password ciphertext sent from the TEEI area 610 during the password generation phase;
条形码展示模块712,在密码验证阶段用于展示由存储模块711存储的密码密文。The barcode display module 712 is used to display the password ciphertext stored by the storage module 711 during the password verification phase.
其中,TEEI区610和可穿戴设备700之间的数据传送通过非接通信实现,例如NFC或者蓝牙。Wherein, the data transmission between the TEEI area 610 and the wearable device 700 is realized through contactless communication, such as NFC or Bluetooth.
在第二实施方式中,以智能手机中的TEEI区610作为支撑密码处理的安全平台,可保证密码生成过程的安全性,由可穿戴设备700存储密码,能够避免用户记忆密码的问题。In the second embodiment, the TEEI area 610 in the smart phone is used as a security platform supporting password processing, which can ensure the security of the password generation process, and the password is stored by the wearable device 700, which can avoid the problem of the user memorizing the password.
该第二实施方式的密码生成过程和使用过程与上述第一实施方式的密码生成过程和使用过程是相同的。The password generation process and use process of the second embodiment are the same as the password generation process and use process of the above-mentioned first embodiment.
另外,在第一实施方式中采用了二维码,在第二实施方式中采用了条形码,这里二维码或者条形码只是一种密码密文的展现形式,只要安全设备与第一移动设备之间能约定这个展现形式即可,所以,从这个点上来说,只要是能有代表文字、数字等信息的展现方法都可以,就是直接展现密码密文数字也是可以的。In addition, a two-dimensional code is used in the first embodiment, and a barcode is used in the second embodiment. Here, the two-dimensional code or the barcode is only a display form of a password ciphertext, as long as there is a connection between the security device and the first mobile device. It is enough to agree on this display form. Therefore, from this point of view, as long as there is a display method that can represent text, numbers and other information, it is also possible to directly display the password ciphertext numbers.
第三实施方式third embodiment
由上述第一具体实施方式和第二具体实施方式可知,在本发明中对密码的保护措施改进主要是通过一个额外的移动智能设备来代替人脑进行密码输入的,使密码摆脱了由于人脑与智能设备之间计算能力不匹配所带来的输入样式过于单一、固定的问题。It can be seen from the above-mentioned first and second specific embodiments that the improvement of password protection measures in the present invention is mainly through an additional mobile smart device instead of the human brain for password input, so that the password is freed from the human brain. The input style is too single and fixed due to the mismatch of computing power with smart devices.
在此基础上,发明人进一步发现如果对加密口令进行动态变化,使每次可穿戴设备生成的加密密文都是一次动态生成,可更好地排除被复制的风险。On this basis, the inventor further found that if the encrypted password is dynamically changed, the encrypted ciphertext generated by the wearable device is dynamically generated each time, which can better eliminate the risk of being copied.
基于这个变换机制,在本发明的第三实施方式中就是把这样的方案运用在现有的无卡支付的用户登录保护上,能够解决现有无卡支付在用户身份登录时登录密码容易被窃取的问题,提高登录过程安全性的同时,提升用户体验。Based on this transformation mechanism, in the third embodiment of the present invention, such a solution is applied to the existing card-free payment user login protection, which can solve the problem that the existing card-free payment is easy to be stolen when the login password is logged in as a user. problems, improve the security of the login process and improve the user experience.
图5是本发明第三实施方式的用于移动设备的密码安全系统的构造图。FIG. 5 is a configuration diagram of a cryptographic security system for mobile devices according to a third embodiment of the present invention.
如图5所示,本发明第三实施方式的用于移动设备的密码安全系统包括:后台系统800、智能手机900、可穿戴设备920。As shown in FIG. 5 , the password security system for mobile devices according to the third embodiment of the present invention includes: a background system 800 , a smart phone 900 , and a wearable device 920 .
其中,后台系统800具备:Among them, the background system 800 has:
第一计数器811,产生计数值并且对计数值比对计数值的次数进行计数;The first counter 811 generates a count value and counts the number of times the count value is compared to the count value;
公私钥生成单元812,用于生成公钥和私钥;A public-private key generating unit 812, configured to generate a public key and a private key;
加解密模块813,在密码生成阶段用于获取用户密码,并且将用户密码、上述计数器产生的计数值以及上述公私钥生成单元生成的公钥一起加密后生成密码密文发送到智能手机900的密码处理单元912,在密码验证阶段用于从智能手机900的发送来的下述第二密码密文中解析出计数值并且将该解析出的计数值与第一计数器811存储的计数值进行比对,仅在计数值比对通过的情况下才对第二密码密文进行密码验证;The encryption and decryption module 813 is used to obtain the user password during the password generation phase, and encrypts the user password, the count value generated by the above-mentioned counter, and the public key generated by the above-mentioned public-private key generation unit together to generate a password for sending the ciphertext to the smart phone 900 The processing unit 912 is configured to analyze the counter value from the following second password ciphertext sent by the smart phone 900 during the password verification stage and compare the analyzed counter value with the counter value stored in the first counter 811, Only when the count value comparison is passed, the password verification is performed on the second password ciphertext;
第一网络安全通道814,用于在后台系统800和智能手机900之间进行数据传输。The first network security channel 814 is used for data transmission between the background system 800 and the smart phone 900 .
智能手机900具备:Smartphone 900 has:
第二计数器911,存储来自所述后台系统800的计数值;The second counter 911 stores the count value from the background system 800;
密码处理单元912,在密码生成阶段接收从所述后台系统800的加解密模块传输来的第一密码密文并且将第一密码密文和公钥传输给可穿戴设备900,在密码验证阶段,将第二计数器911所存储的计数值发送给可穿戴设备900并且接收从所述可穿戴设备920返回的下述的第二密码密文,将所述第二密码密文(也可以包含用户名一起)发送到后台系统800;The password processing unit 912 receives the first password ciphertext transmitted from the encryption and decryption module of the background system 800 in the password generation phase and transmits the first password ciphertext and public key to the wearable device 900, and in the password verification phase, Send the count value stored by the second counter 911 to the wearable device 900 and receive the following second password ciphertext returned from the wearable device 920, the second password ciphertext (may also include the username together) to the background system 800;
第二网络安全通道913,用于在后台系统800和智能手机900之间进行数据传输(实际上第二网络安全通道913和第一网络安全通道814是一条双向的安全传输通道);The second network security channel 913 is used for data transmission between the background system 800 and the smart phone 900 (actually the second network security channel 913 and the first network security channel 814 are a two-way secure transmission channel);
所述可穿戴设备920具备:The wearable device 920 has:
存储模块921,在密码生成阶段用于存储从智能手机900发送来的密码密文和公钥;以及The storage module 921 is used to store the password ciphertext and public key sent from the smart phone 900 during the password generation phase; and
加解密模块922,在密码验证阶段将从所述智能手机900的密码处理单元912发送来的计数值与所述存储模块921已经存储的密码密文公钥一起生成第二密码密文。The encryption and decryption module 922 generates a second ciphertext together with the count value sent from the cipher processing unit 912 of the smart phone 900 and the ciphertext public key stored in the storage module 921 during the password verification phase.
利用该第三实施方式的用于移动设备的密码安全系统实现的安全密码输入方法也与上述实施方式类似,也存在两个过程:密码设置过程和用户登录过程。The secure password input method implemented by the password security system for mobile devices in the third embodiment is also similar to the above embodiment, and there are also two processes: password setting process and user login process.
密码设置流程为:The password setting process is as follows:
(1)当用户使用智能手机900进行注册时,在网站上输入用户名和登录密码后,密码由后台系统800的加解密模块813基于密钥生成第一密码密文,并由后台系统800的第一计数器811随机生成一个计数值,把该计数值、公钥与第一密码密文合成一个数据经过第一网络安全通道814、第二网络安全通道913传送到智能手机900的密码处理单元912;(1) When the user registers with the smart phone 900, after entering the user name and login password on the website, the encryption and decryption module 813 of the background system 800 generates the first password ciphertext based on the key, and the second password of the background system 800 A counter 811 randomly generates a count value, and synthesizes the count value, the public key and the first encrypted ciphertext into one data and transmits it to the cryptographic processing unit 912 of the smart phone 900 through the first network security channel 814 and the second network security channel 913;
(2)密码处理单元912收到数据后,将计数值存储在第二计数器911中,再通过提示音等方式提示用户将可穿戴设备920靠近智能手机900,把从上述后台系统800收到的公钥与第一密码密文经由NFC等非接方式传送给可穿戴设备900的存储模块921加以存储。(2) After receiving the data, the cryptographic processing unit 912 stores the count value in the second counter 911, and then reminds the user to bring the wearable device 920 close to the smart phone 900 through a prompt tone or other means, and transfers the data received from the background system 800 The public key and the first password ciphertext are transmitted to the storage module 921 of the wearable device 900 via non-contact means such as NFC for storage.
用户登录过程流程为:The user login process flow is:
(1)当用户在智能手机900上进行登录要输入密码时,通过提示音等方式提示用户将可穿戴设备920靠近智能手机900,密码处理单元912将第二计数器911的计数值通过NFC等非接方式发送给可穿戴设备900的加密解密模块912;(1) When the user logs in on the smart phone 900 and needs to enter a password, the user is prompted to bring the wearable device 920 close to the smart phone 900 through a prompt sound or other means, and the password processing unit 912 passes the count value of the second counter 911 through NFC or other non-contact information. sent to the encryption and decryption module 912 of the wearable device 900 in a connected manner;
(2)可穿戴设备900的加解密模块912基于之前保存的公钥和收到的计数值,生成一个新的密码密文,即第二密码密文,接着,通过NFC等非接方式传送会给智能手机900的密码处理单元912,此时密码处理单元912使得第二计数器911的计数值加1,并以提示音等方式提示密码输入完成;(2) The encryption and decryption module 912 of the wearable device 900 generates a new ciphertext based on the previously saved public key and the received count value, that is, the second ciphertext, and then transmits the ciphertext through non-contact methods such as NFC. To the password processing unit 912 of the smart phone 900, at this time the password processing unit 912 increases the count value of the second counter 911 by 1, and prompts that the password input is completed by means of a prompt tone or the like;
(3)登录应用通过密码处理单元913获得第二密码密文,并与用户名一起通过第二网络安全通道913和第一网络安全通道814、传输给后台系统800;(3) The login application obtains the second password ciphertext through the password processing unit 913, and transmits it together with the user name to the background system 800 through the second network security channel 913 and the first network security channel 814;
(4)后台系统800使用公私钥生成单元812的私钥解析第二密码密文,并将提取出的计数值与后台系统800的第一计数器的计数值进行比对,不管是否比对成功,后台计数器都加1。比对通过后,在对提取出的第二密码密文进行解密以验证密码,密码验证通过,用户身份登录过程完成。(4) The background system 800 uses the private key of the public-private key generation unit 812 to analyze the second encrypted ciphertext, and compares the extracted count value with the count value of the first counter of the background system 800, no matter whether the comparison is successful or not, The background counters are incremented by 1. After the comparison is passed, the extracted second password ciphertext is decrypted to verify the password, the password verification is passed, and the user identity login process is completed.
在这一过程中,用户只需将可穿戴设备920靠近智能手机900,即可完成登录,简单易用。在安全性上,由于可穿戴设备920每次生成的密码密文都是动态生成的,一次有效,无法被复制使用。此外,可穿戴设备920丢失后,由于存储的是密码密文,窃取者也无法获取到实际的密码,同时,窃取者自己的手机也由于缺乏计数值,无法与可穿戴设备920配合后通过后台系统900的身份验证;同理,若用户智能手机900设备丢失,由于缺失可穿戴设备900上的密码密文,也无法完成使后台完成用户的身份验证。此外,加上网络传输过程中都是密文形式,窃取者也无法通过网络监听、破解等方式获取密码,这些方式都大大提升了用户密码的安全性,提高了对用户身份登录的安全保护。当然,由于丢失了设备之后,还想继续用,用户可以其他安全机制与后台交互同步计数器或者重新生成一个密码密文,在此不做详述。During this process, the user only needs to bring the wearable device 920 close to the smart phone 900 to complete the login, which is simple and easy to use. In terms of security, since the password ciphertext generated by the wearable device 920 is dynamically generated each time, it is valid once and cannot be copied and used. In addition, after the wearable device 920 is lost, the thief cannot obtain the actual password because the password is stored in ciphertext. At the same time, the thief's own mobile phone cannot cooperate with the wearable device 920 to pass through the background due to the lack of counter value. Identity verification of the system 900; similarly, if the user's smart phone 900 device is lost, due to the lack of password ciphertext on the wearable device 900, the background cannot complete the user's identity verification. In addition, the network transmission process is in ciphertext form, and the thief cannot obtain the password through network monitoring, cracking, etc. These methods have greatly improved the security of user passwords and improved the security protection of user identity login. Of course, since the user wants to continue using the device after losing it, the user can use other security mechanisms to interact with the background to synchronize the counter or regenerate a password ciphertext, which will not be described in detail here.
综上所述,本发明的用于移动设备的密码安全系统以及用于移动设备的密码安全输入方法,通过来利用另一个移动设备例如穿戴设备来代替人脑对密码进行存储,不用记忆密码,由此可以设置非常复杂的密码组合,提高了密码被破解的难度,大大提升了用户的体验。而且,在密码的传输中都是采用密码密文形式,能够有效地防止不被恶意窃取,能够提高密码使用的安全性。In summary, the password security system for mobile devices and the password security input method for mobile devices of the present invention use another mobile device such as a wearable device to replace the human brain to store passwords, without memorizing passwords. In this way, a very complex password combination can be set, which increases the difficulty of password cracking and greatly improves the user experience. Moreover, the transmission of the password is in the form of password ciphertext, which can effectively prevent malicious theft and improve the security of password use.
上例子主要说明了本发明的用于移动设备的密码安全系统以及用于移动设备的密码安全输入方法。尽管只对其中一些本发明的具体实施方式进行了描述,但是本领域普通技术人员应当了解,本发明可以在不偏离其主旨与范围内以许多其他的形式实施。因此,所展示的例子与实施方式被视为示意性的而非限制性的,在不脱离如所附各权利要求所定义的本发明精神及范围的情况下,本发明可能涵盖各种的修改与替换。The above example mainly illustrates the password security system for mobile equipment and the password security input method for mobile equipment of the present invention. Although only some specific embodiments of the present invention have been described, those skilled in the art should understand that the present invention can be implemented in many other forms without departing from the spirit and scope thereof. The examples and embodiments shown are therefore to be regarded as illustrative and not restrictive, and the invention may cover various modifications without departing from the spirit and scope of the invention as defined in the appended claims with replace.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510616410.3ACN105592056A (en) | 2015-09-24 | 2015-09-24 | Password safety system for mobile device and password safety input method thereof |
| PCT/CN2016/098824WO2017050152A1 (en) | 2015-09-24 | 2016-09-13 | Password security system adopted by mobile apparatus and secure password entering method thereof |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510616410.3ACN105592056A (en) | 2015-09-24 | 2015-09-24 | Password safety system for mobile device and password safety input method thereof |
| Publication Number | Publication Date |
|---|---|
| CN105592056Atrue CN105592056A (en) | 2016-05-18 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510616410.3APendingCN105592056A (en) | 2015-09-24 | 2015-09-24 | Password safety system for mobile device and password safety input method thereof |
| Country | Link |
|---|---|
| CN (1) | CN105592056A (en) |
| WO (1) | WO2017050152A1 (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106066965A (en)* | 2016-05-30 | 2016-11-02 | 宇龙计算机通信科技(深圳)有限公司 | Encryption method, encryption device and terminal |
| WO2017050152A1 (en)* | 2015-09-24 | 2017-03-30 | 中国银联股份有限公司 | Password security system adopted by mobile apparatus and secure password entering method thereof |
| CN108062467A (en)* | 2017-12-16 | 2018-05-22 | 深圳市飞马国际供应链股份有限公司 | Quick verification method, equipment and system based on bluetooth |
| CN111159696A (en)* | 2019-12-31 | 2020-05-15 | 中国银行股份有限公司 | Password storage and checking method, system and password management system |
| CN113792276A (en)* | 2021-11-11 | 2021-12-14 | 麒麟软件有限公司 | Operating system user identity authentication method and system based on dual-architecture |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102054146A (en)* | 2009-11-06 | 2011-05-11 | 深圳市研祥通讯终端技术有限公司 | Power on password protection method and device |
| CN103049686A (en)* | 2011-10-11 | 2013-04-17 | 镇江精英软件科技有限公司 | Method for verifying information of database and user through universal serial bus (Usb) key |
| CN104092550A (en)* | 2014-07-23 | 2014-10-08 | 三星电子(中国)研发中心 | Password protection method, system and device |
| CN104484596A (en)* | 2015-01-07 | 2015-04-01 | 宇龙计算机通信科技(深圳)有限公司 | Method and terminal for creating password in multi-operation system |
| CN104834863A (en)* | 2015-03-31 | 2015-08-12 | 努比亚技术有限公司 | Wi-Fi password storage method and apparatus |
| CN104883686A (en)* | 2015-05-28 | 2015-09-02 | 中国工商银行股份有限公司 | Mobile terminal safety certificate method, device, system and wearable equipment |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101997678A (en)* | 2010-11-18 | 2011-03-30 | 东莞宇龙通信科技有限公司 | A method and terminal for obtaining a password |
| CN103237305B (en)* | 2013-03-27 | 2016-06-08 | 公安部第三研究所 | Password protection method for smart card on facing moving terminal |
| CN204046622U (en)* | 2014-06-09 | 2014-12-24 | 北京石盾科技有限公司 | A kind of cipher key storage device |
| CN105592056A (en)* | 2015-09-24 | 2016-05-18 | 中国银联股份有限公司 | Password safety system for mobile device and password safety input method thereof |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102054146A (en)* | 2009-11-06 | 2011-05-11 | 深圳市研祥通讯终端技术有限公司 | Power on password protection method and device |
| CN103049686A (en)* | 2011-10-11 | 2013-04-17 | 镇江精英软件科技有限公司 | Method for verifying information of database and user through universal serial bus (Usb) key |
| CN104092550A (en)* | 2014-07-23 | 2014-10-08 | 三星电子(中国)研发中心 | Password protection method, system and device |
| CN104484596A (en)* | 2015-01-07 | 2015-04-01 | 宇龙计算机通信科技(深圳)有限公司 | Method and terminal for creating password in multi-operation system |
| CN104834863A (en)* | 2015-03-31 | 2015-08-12 | 努比亚技术有限公司 | Wi-Fi password storage method and apparatus |
| CN104883686A (en)* | 2015-05-28 | 2015-09-02 | 中国工商银行股份有限公司 | Mobile terminal safety certificate method, device, system and wearable equipment |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017050152A1 (en)* | 2015-09-24 | 2017-03-30 | 中国银联股份有限公司 | Password security system adopted by mobile apparatus and secure password entering method thereof |
| CN106066965A (en)* | 2016-05-30 | 2016-11-02 | 宇龙计算机通信科技(深圳)有限公司 | Encryption method, encryption device and terminal |
| CN106066965B (en)* | 2016-05-30 | 2020-03-17 | 宇龙计算机通信科技(深圳)有限公司 | Encryption method, encryption device and encryption system |
| CN108062467A (en)* | 2017-12-16 | 2018-05-22 | 深圳市飞马国际供应链股份有限公司 | Quick verification method, equipment and system based on bluetooth |
| CN111159696A (en)* | 2019-12-31 | 2020-05-15 | 中国银行股份有限公司 | Password storage and checking method, system and password management system |
| CN113792276A (en)* | 2021-11-11 | 2021-12-14 | 麒麟软件有限公司 | Operating system user identity authentication method and system based on dual-architecture |
| Publication number | Publication date |
|---|---|
| WO2017050152A1 (en) | 2017-03-30 |
| Publication | Publication Date | Title |
|---|---|---|
| US9800562B2 (en) | Credential recovery | |
| CN112425114B (en) | Password manager protected by public key-private key pair | |
| US8930700B2 (en) | Remote device secure data file storage system and method | |
| CN102223364B (en) | Method and system for accessing e-book data | |
| CN107358441B (en) | Payment verification method, system, mobile device and security authentication device | |
| JP6399382B2 (en) | Authentication system | |
| US20180082050A1 (en) | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device | |
| CN106878245B (en) | Graphic code information providing and obtaining method, device and terminal | |
| KR101800737B1 (en) | Control method of smart device for self-identification, recording medium for performing the method | |
| US20170063827A1 (en) | Data obfuscation method and service using unique seeds | |
| CN108763917B (en) | Data encryption and decryption method and device | |
| US20150356311A1 (en) | Mobile data vault | |
| KR20170043520A (en) | System and method for implementing a one-time-password using asymmetric cryptography | |
| CN101483654A (en) | Method and system for implementing authentication and data safe transmission | |
| CN105227537A (en) | Method for authenticating user identity, terminal and service end | |
| CN101262349A (en) | Method and device for identity authentication based on short message | |
| US9313185B1 (en) | Systems and methods for authenticating devices | |
| KR101792220B1 (en) | Method, mobile terminal, device and program for providing user authentication service of combining biometric authentication | |
| CN105592056A (en) | Password safety system for mobile device and password safety input method thereof | |
| CN107770126A (en) | Personal identification method, system and dynamic token, mobile terminal, gateway device | |
| KR20170124953A (en) | Method and system for automating user authentication with decrypting encrypted OTP using fingerprint in mobile phone | |
| GB2522445A (en) | Secure mobile wireless communications platform | |
| JP2017530636A (en) | Authentication stick | |
| NO340355B1 (en) | 2-factor authentication for network connected storage device | |
| JP5675979B2 (en) | Simplified method for personalizing smart cards and related devices |
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination |