Summary of the invention
The present invention provides a kind of generation of password and Verification Systems, including password to generate subsystem and cipher authentication subsystemSystem, password generate subsystem include Password Input unit, cryptographic initialization unit, cryptographic calculations unit, password output unit andPassword storage unit.
Password Input unit be used to receive the codeword information of external equipment transmission, and at the beginning of codeword information is transferred to passwordBeginningization unit and password storage unit;Cryptographic initialization unit be used to generate random code as needed, or will receiveThe codeword information of external equipment input is converted to the character string of predetermined format, and random code or character string are transferred to password meterCalculate unit;Cryptographic calculations unit be used to carry out the conversion of random code and character string according to scheduled rule, and public by calculatingAbove-mentioned scaling results are carried out operation or combination by formula, the dynamic password after being calculated, finally by comprehensive passwordArrangement obtains final dynamic authentication password.
Specifically, cryptographic calculations unit carries out the conversion of random code and character string according to scheduled rule, specifically include: willEach in random code and character string after cryptographic initialization cell translation is converted to decimal number first, in accordance with rule, withThe decimal number is scaled defined content afterwards, respective content combines to form transition character string.
Specifically, cryptographic calculations unit carries out the conversion of random code and character string according to scheduled rule, specifically further include:Transition character string split according to certain rule and forms substring one and substring two, then by the sub- word after fractionationSymbol string one and substring two are weighted read group total using formula and obtain dynamic password, later intercept above-mentioned password certainDigit or retain alphabet, formed dynamic authentication password.
In addition, cipher authentication subsystem includes password acceptance unit, cipher decoding unit and cipher authentication unit.
Specifically, cipher decoding unit be used to be converted according to above-mentioned character string, mode is obtained from dynamic authentication password setsStandby mark, the user password inputted and random code, and corresponding preset user password is found according to device identification, meanwhile, fromPassword generation unit obtains corresponding random code.
The present invention also provides a kind of generation of password and authentication method, this method specifically:
Step 1: receive external equipment transmission codeword information, and by codeword information be transferred to cryptographic initialization unit andPassword storage unit;
Step 2: generating random code as needed, or the codeword information that the external equipment received inputs is converted toThe character string of predetermined format;
Step 3: carrying out the conversion of random code and character string according to scheduled rule, and changed by calculation formula by above-mentionedIt calculates result and carries out operation or combination, the dynamic password after being calculated finally obtains most by the arrangement to comprehensive passwordWhole dynamic authentication password.
Wherein, after step 3, further includes:
Step 4: by obtained dynamic authentication password and corresponding interception digit identification transmission to cipher authentication subsystemOr other external equipments;
Step 5: receiving password generates the dynamic authentication password that subsystem is sent;
Step 6: the user of device identification, input is obtained from dynamic authentication password according to above-mentioned character string conversion modePassword and random code, and corresponding preset user password is found according to device identification, meanwhile, obtain corresponding random code;
Step 7: by the user password of the input obtained from dynamic authentication password and the progress of preset user passwordThe random code matched, while will acquire is matched with corresponding random code.
Specifically, carrying out the conversion of random code and character string according to scheduled rule, specifically include: by random code and processEach in character string after cryptographic initialization cell translation is converted to decimal number first, in accordance with rule, then by the decimal systemNumber is scaled defined content, and respective content combines to form transition character string.
Specifically, carrying out the conversion of random code and character string according to scheduled rule, specifically further include: by transition character stringSplit according to certain rule and form substring one and substring two, then by the substring one and sub- word after fractionationSymbol string two is weighted read group total using formula and obtains dynamic password, and above-mentioned password is intercepted to certain digit or guarantor laterAlphabet is stayed, dynamic authentication password is formed.
Specifically, combined original character string format is random code+user password+date+device identification.
The beneficial method for having the technical effect that the generation dynamic password proposed in the present invention of the present invention uses a variety of usersThe mode of password is set, but also dynamic password is various informative, is more efficiently protected for various important informations.SeparatelyOutside, it being calculated in dynamic password forming process using dynamic password create-rule, parameters are interrelated, it combines closely, so thatThe safety of dynamic password itself greatly improves, while but also having more high safety guarantee in data communication process.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, completeSite preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based onEmbodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every otherEmbodiment shall fall within the protection scope of the present invention.
The present invention provides a kind of password and generates and Verification System, including password generates subsystem and cipher authentication subsystem.Wherein, as shown in Figure 1, password generate subsystem include Password Input unit, it is cryptographic initialization unit, cryptographic calculations unit, closeCode output unit and password storage unit.
Password Input unit be used to receive the codeword information of external equipment transmission, and at the beginning of codeword information is transferred to passwordBeginningization unit and password storage unit.The codeword information include user input password, external equipment identification code and figure,The auxiliary informations such as time, color.
Cryptographic initialization unit be used to generate random code, or the code that the external equipment received is inputted as neededWord information is converted to the character string of predetermined format, and random code or character string are transferred to cryptographic calculations unit.
The character string of above-mentioned predetermined format is broadly divided into digit strings, alphabetic character string or mixed characters string.
Random code is directly generated according to above-mentioned predetermined format, without conversion;If external equipment input is also onlyIt only include the codeword information of number or letter, without conversion;But if being the letter of the formats such as color, figure, date-timeBreath, then need to carry out corresponding conversion.
Specifically: the format " yyyymmdd " of only umerical date is converted to for date-time format;It is rgb format for color format conversion, and the color of each point is arranged according to the sequence of R, G, B, such as (100,53,68) 1005368 are just denoted as;For graphical format, either preset gesture line either face figure etc. is all desirableIt presets and stores, and each figure corresponds to a mark, above-mentioned mark is subjected to unified representation, such asFig1, fig2 ... figN, N are natural number, are equivalent to the word that each figure is collectively expressed as to letter and number combination in this waySymbol string.
Cryptographic calculations unit be used to carry out the conversion of random code and character string according to scheduled rule, and public by calculatingAbove-mentioned scaling results are carried out operation or combination by formula, the dynamic password after being calculated, finally by comprehensive passwordArrangement obtains final dynamic authentication password, and above-mentioned dynamic authentication password is transferred to password output unit and password storage listMember.
Cryptographic calculations unit carries out the conversion of random code and character string according to scheduled rule, specifically:
(1) each in random code and character string after cryptographic initialization cell translation is converted first, in accordance with ruleFor decimal number, the decimal number is then scaled defined content, respective content combines to form transition character string, the contentIt can be binary system, octal system, hexadecimal or other characters.Above-mentioned transition character string successively includes random code, Yong HumiCode, the correspondence character string on date and device identification.
Such as: transformation rule are as follows: digital 0-9 corresponds to decimal number 0-9;
Lowercase a-z corresponds to decimal number 10-35;
Capitalization A-Z corresponds to decimal number 36-51.
If random code is 1F2g3b, corresponding decimal number is 1 41 2 16 3 11;
If the codeword information of external equipment input is user password+date+device identification form, initial by passwordCharacter string after changing cell translation is ABC 180510ab28, and corresponding decimal number is 36 37 38 18 0510 1011 2 8。
Character string after combination is 1F2g3b ABC 180510ab28;
Being converted to decimal number is 1 41 2 16 3 11 36 37 38 180510 10 11 28;
Being scaled octadic transition character string is 1 51 2 20 3 13 44 45 46 1 10 0510 12 13210。
(2) transition character string split according to certain rule and form substring one and substring two, then willSubstring one and substring two after fractionation are weighted read group total using formula and obtain dynamic password, later will be above-mentionedPassword intercepts certain digit or retains alphabet, forms dynamic authentication password.If retaining alphabet, by oneComplete dynamic authentication password, that is, dynamic password;If the certain digit of interception, formed a dynamic authentication password withAnd a remaining digit password and corresponding interception digit mark, the mark are used to refer to dynamic authentication password from interceptionWhich digit of preceding dynamic password.
Specific fractionation mode can be takes former positions or several latter in order, is also possible to be torn open according to certain requirementPoint, that is to say, that substring one and substring two can be the fixed character string information only extracted, and such as user password is setStandby mark etc., or what is only extracted are not fixed character string information, such as random code, date.
Specific formula are as follows:
Dynamic password=a* extracts character string
B* residue character string
Here since last position, successively forward, each corresponds to weighting, if the zero padding that digit is inadequate.
It is illustrated for extracting and being not fixed character string information below:
For octadic transition character string " 1 51 2 20 3 13 44 45 46 1 10 0 51 0 above-mentioned12 13 2 10 ", it is not fixed character string for random code and date, specially " 1 51 2 20 3 13 " and " 1 10 0510".Extraction character string after extraction is " 1 51 2 20 3 13 1 10 0510 ", and remaining character string is " 44 45 4612 13 2 10".A is set as 2, b and is set as 1.When calculating, remaining character string position is less, before be " 00000 after zero padding44 45 46 12 13 2 10”。
Utilize above-mentioned formula: each bit digital is corresponding to be calculated
Dynamic password=2* (1 51 2 20 3 13 1 10 0 51 0)
1*(0 0000 4445461213 2 10)
Dynamic password is (2 102 4 40 6 26 2 20 0 10 2 0)
(0 0000 44 45 46 12 13 2 10) retain alphabet and form dynamic authentication password, moved with above-mentionedState password is identical.
The dynamic authentication password and corresponding interception digit that password output unit be used to obtain identify (if there is)It is transferred to cipher authentication subsystem or other external equipments.
Password storage unit be used to store dynamic authentication password and corresponding codeword information.
In addition, as shown in Fig. 2, cipher authentication subsystem includes password acceptance unit, cipher decoding unit and cipher authenticationUnit.
Password acceptance unit be used to receive password and generate the dynamic authentication password that subsystem is sent, and be sent to password solutionAnalyse unit.
Cipher decoding unit be used for according to above-mentioned character string convert mode obtained from dynamic authentication password device identification,The user password and random code of input, and corresponding preset user password is found according to device identification, meanwhile, it is generated from passwordUnit obtains corresponding random code.Then, cipher decoding unit is by the user password of the input obtained from dynamic authentication passwordCipher authentication unit is sent to random code and preset user password and corresponding random code.From dynamic authentication passwordBefore obtaining device identification, the user password of input and random code, whether cipher decoding unit judges receive interception digit markKnow, thinks that dynamic authentication password is complete dynamic authentication password, i.e. dynamic password if being not received by, and carry out subsequent solutionAnalysis processing;If receiving the mark, according to the complete dynamic authentication password of identification information synthesis, i.e. dynamic password, then intoThe subsequent dissection process of row.
The user password for the input that cipher authentication unit be used to obtain from dynamic authentication password and preset userPassword is matched, while the random code obtained from dynamic authentication password is corresponding random with from password generation unit acquisitionCode is matched.If above-mentioned two matching is all successful, that is, in all identical situation of user password and random code, transmission is recognizedDemonstrate,prove success message.If above-mentioned two be matched with unsuccessful, that is, user password or the different situation of random codeUnder, it sends and authenticates unsuccessful message.
Cipher decoding unit according to above-mentioned character string convert mode is obtained from dynamic authentication password device identification, inputUser password and random code, specially (by taking the dynamic authentication password that above-mentioned password generation unit generates as an example):
(1) judge whether to receive the corresponding interception digit mark of dynamic authentication password, if so, then according to identification informationThe formula for synthesizing dynamic password, and being used using cryptographic calculations unit is calculated reduction and obtains substring one and substring two,The fractionation rules integration substring one and substring two used followed by cryptographic calculations unit forms transition character string.
Such as:
The dynamic authentication password received is (2 102 4 40 6 26 2 20 0 10 2 0)
(0 0000 44 45 46 12 13 2 10) judge above-mentioned dynamic due to being not received by interception digit markState authentication password is complete, i.e. dynamic password.
Using parameter a=2, b=1 and
Formula: dynamic password=a* extracts character string
B* residue character string
It calculates and extracts character string and remaining character string, be to be not fixed character string information, i.e. random code due to extracting character stringAnd date, remaining character string are fixed character string information, i.e. user password and device identification.
Extract character string=1 51 2 20 3 13 1 10 0510;
Remaining character string=44 45 46 12 13 2 10;
It combines above-mentioned character string and is obtained and cross character string " 1 51 2 20 3 13 44 45 46 1 10 051 01213 2 10”。
(2) the character string transformation rule used according to cryptographic calculations unit by transition character string be reduced to ten's digit andThe original character string of monogram.The original character string format is random code+user password+date+device identification.It then can be withRandom code and user password are extracted according to above-mentioned format from above-mentioned original character string.
For above-mentioned transition character string, being reduced to character to decimal string is " 1 41 2 16 3 11 36 37 38 18 05 1 0 10 11 2 8".Due to for each, original is to be only possible to be 0-9 if number, if it is 10 or withOn number, all letter obtained according to above-mentioned transformation rule, therefore number and monogram original character string be " 1F2g3bABC 180510ab28”。
Since combined original character string format is random code+user password+date+device identification, extract randomCode 1F2g3b, user password ABC.
The present invention also provides a kind of generation of password and authentication methods, as shown in figure 3, method particularly includes:
Step 1: receive external equipment transmission codeword information, and by codeword information be transferred to cryptographic initialization unit andPassword storage unit.The codeword information includes the identification code and figure, time, color of the password of user's input, external equipmentEtc. auxiliary informations.
Step 2: generating random code as needed, or the codeword information that the external equipment received inputs is converted toThe character string of predetermined format, and random code or character string are transferred to cryptographic calculations unit.
The character string of above-mentioned predetermined format is broadly divided into digit strings, alphabetic character string or mixed characters string.
Random code is directly generated according to above-mentioned predetermined format, without conversion;If external equipment input is also onlyIt only include the codeword information of number or letter, without conversion;But if being the letter of the formats such as color, figure, date-timeBreath, then need to carry out corresponding conversion.
Specifically: the format " yyyymmdd " of only umerical date is converted to for date-time format;It is rgb format for color format conversion, and the color of each point is arranged according to the sequence of R, G, B, such as (100,53,68) 1005368 are just denoted as;For graphical format, either preset gesture line either face figure etc. is all desirableIt presets and stores, and each figure corresponds to a mark, above-mentioned mark is subjected to unified representation, such asFig1, fig2 ... figN, N are natural number, are equivalent to the word that each figure is collectively expressed as to letter and number combination in this waySymbol string.
Step 3: carrying out the conversion of random code and character string according to scheduled rule, and changed by calculation formula by above-mentionedIt calculates result and carries out operation or combination, the dynamic password after being calculated finally obtains most by the arrangement to comprehensive passwordWhole dynamic authentication password.
The conversion of random code and character string is carried out according to scheduled rule, specifically:
(1) each in random code and character string after cryptographic initialization cell translation is converted first, in accordance with ruleFor decimal number, the decimal number is then scaled defined content, respective content combines to form transition character string, the contentIt can be binary system, octal system, hexadecimal or other characters.Above-mentioned transition character string successively includes random code, Yong HumiCode, the correspondence character string on date and device identification.
Such as: transformation rule are as follows: digital 0-9 corresponds to decimal number 0-9;
Lowercase a-z corresponds to decimal number 10-35;
Capitalization A-Z corresponds to decimal number 36-51.
If random code is 1F2g3b, corresponding decimal number is 1 41 2 16 3 11;
If the codeword information of external equipment input is user password+date+device identification form, initial by passwordCharacter string after changing cell translation is ABC 180510ab28, and corresponding decimal number is 36 37 38 18 0510 1011 2 8。
Character string after combination is 1F2g3b ABC 180510ab28;
Being converted to decimal number is 1 41 2 16 3 11 36 37 38 180510 10 11 28;
Being scaled octadic transition character string is 1 51 2 20 3 13 44 45 46 1 10 0510 12 13210。
(2) transition character string split according to certain rule and form substring one and substring two, then willSubstring one and substring two after fractionation are weighted read group total using formula and obtain dynamic password, later will be above-mentionedPassword intercepts certain digit or retains alphabet, forms dynamic authentication password.If retaining alphabet, by oneComplete dynamic authentication password, that is, dynamic password;If the certain digit of interception, formed a dynamic authentication password withAnd a remaining digit password and corresponding interception digit mark, the mark are used to refer to dynamic authentication password from interceptionWhich digit of preceding dynamic password.
Specific fractionation mode can be takes former positions or several latter in order, is also possible to be torn open according to certain requirementPoint, that is to say, that substring one and substring two can be the fixed character string information only extracted, and such as user password is setStandby mark etc., or what is only extracted are not fixed character string information, such as random code, date.
Specific formula are as follows:
Dynamic password=a* extracts character string
B* residue character string
Here since last position, successively forward, each corresponds to weighting, if the zero padding that digit is inadequate.
It is illustrated for extracting and being not fixed character string information below:
For octadic transition character string " 1 51 2 20 3 13 44 45 46 1 10 0 51 0 above-mentioned12 13 2 10 ", it is not fixed character string for random code and date, specially " 1 51 2 20 3 13 " and " 1 10 0510".Extraction character string after extraction is " 1 51 2 20 3 13 1 10 0510 ", and remaining character string is " 44 45 4612 13 2 10".A is set as 2, b and is set as 1.When calculating, remaining character string position is less, before be " 00000 after zero padding44 45 46 12 13 2 10”。
Utilize above-mentioned formula: each bit digital is corresponding to be calculated
Dynamic password=2* (1 51 2 20 3 13 1 10 051 0)
1*(0 0 0 0 0 44 45 46 12 13 2 10)
Dynamic password is (2 102 4 40 6 26 2 20 0 10 2 0)
(0 0000 44 45 46 12 13 2 10) 5-10 of the every a line of dynamic password since the left side are interceptedNumber formed dynamic authentication password, specially (6 26 2 20 0 10)
(0 44 45 46 12 13) then remaining digit password is (2 102 4 40 2 0)
(0 0002 10) interception digit is identified as " L1-2R5-10 "
Step 4: obtained dynamic authentication password and corresponding interception digit mark (if there is) to be transferred to password and recognizeDemonstrate,prove subsystem or other external equipments.
Step 5: receiving password generates the dynamic authentication password that subsystem is sent, and it is sent to cipher decoding unit.
Step 6: the user of device identification, input is obtained from dynamic authentication password according to above-mentioned character string conversion modePassword and random code, and corresponding preset user password is found according to device identification, meanwhile, obtain corresponding random code.WithAfterwards, by the user password of the input obtained from dynamic authentication password and random code and preset user password and it is corresponding withMachine code is sent to cipher authentication unit.
Before the user password and random code for obtaining device identification, input, judge whether to receive interception digit mark,Think that dynamic authentication password is complete dynamic authentication password, i.e. dynamic password if being not received by, and carries out subsequent parsingProcessing;If receiving the mark, complete dynamic authentication password, i.e. dynamic password are synthesized according to identification information, then carry outSubsequent dissection process.
Step 7: by the user password of the input obtained from dynamic authentication password and the progress of preset user passwordThe random code matched, while will acquire is matched with corresponding random code.If above-mentioned two matching is all successful, that is, userUnder password and all identical situation of random code, certification success message is sent.As soon as if it is above-mentioned two be matched with it is unsuccessful,It is to send in user password or the different situation of random code and authenticate unsuccessful message.
According to above-mentioned character string convert mode obtained from dynamic authentication password device identification, input user password and withMachine code, specially (by taking the dynamic authentication password of above-mentioned generation as an example):
(1) judge whether to receive the corresponding interception digit mark of dynamic authentication password, if so, then according to identification informationThe formula for synthesizing dynamic password, and being used using above-mentioned calculating is calculated reduction and obtains substring one and substring two, thenTransition character string is formed using the above-mentioned fractionation rules integration substring one used and substring two.
Such as:
The dynamic authentication password received is (6 26 2 20 0 10)
(0 44 45 46 12 13) remaining digit password is (2 102 4 40 2 0)
(0 0002 10) are identified as " L1-2R5-10 " due to receiving interception digit, then press dynamic authentication passwordIt is inserted into remaining digit password according to mark rule, that is, after being inserted into every a line the 4th, before the 11st, is formed original dynamicState password.
Specifically: (2 102 4 40 6 26 2 20 0 10 2 0)
(0 0000 44 45 46 12 13 2 10) utilize parameter a=2, b=1 and
Formula: dynamic password=a* extracts character string
B* residue character string
It calculates and extracts character string and remaining character string, be to be not fixed character string information, i.e. random code due to extracting character stringAnd date, remaining character string are fixed character string information, i.e. user password and device identification.
Extract character string=1 51 2 20 3 13 1 10 0510;
Remaining character string=44 45 46 12 13 2 10;
It combines above-mentioned character string and is obtained and cross character string " 1 51 2 20 3 13 44 45 46 1 10 051 01213 2 10”。
(2) transition character string is reduced to by ten's digit and monogram according to the above-mentioned character string transformation rule usedOriginal character string.The original character string format is random code+user password+date+device identification.It then can be from above-mentioned originalRandom code and user password are extracted according to above-mentioned format in beginning character string.
For above-mentioned transition character string, being reduced to character to decimal string is " 1 41 2 16 3 11 36 37 38 18 05 1 0 10 11 2 8".Due to for each, original is to be only possible to be 0-9 if number, if it is 10 or withOn number, all letter obtained according to above-mentioned transformation rule, therefore number and monogram original character string be " 1F2g3bABC 180510ab28”。
Since combined original character string format is random code+user password+date+device identification, extract randomCode 1F2g3b, user password ABC.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, anyThose skilled in the art is in technical scope disclosed by the invention, and any changes or substitutions that can be easily thought of, all answersIt is included within the scope of the present invention.Therefore, protection scope of the present invention should be with the scope of protection of the claimsIt is quasi-.