CN101645123A - Identity certification system and method of hand-held mobile equipment with touch screen - Google Patents
Identity certification system and method of hand-held mobile equipment with touch screen Download PDFInfo
- Publication number
- CN101645123A CN101645123A CN200910023706A CN200910023706A CN101645123A CN 101645123 A CN101645123 A CN 101645123A CN 200910023706 A CN200910023706 A CN 200910023706A CN 200910023706 A CN200910023706 A CN 200910023706A CN 101645123 A CN101645123 A CN 101645123A
- Authority
- CN
- China
- Prior art keywords
- password
- user
- information
- chinese character
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
- Telephone Function (AREA)
Abstract
The invention discloses identity certification system and method of hand-held mobile equipment with a touch screen, which mainly solve the problems of long identity certification time and poor memorability of the prior hand-held mobile equipment with touch screen. The system comprises a user password information library, an information encryption/decryption layer, a user identity verification module, a user password setting module and an alternating layer, wherein the information encryption/decryption layer respectively carries out two-way transmission with the user password information library, the user identity verification module and the user password setting module; the alternating layer respectively carries out two-way transmission with the user password setting module, the user identity verification module and a user. The method comprises the following steps: firstly, judging that the user needs to set a password or verify the identity for logging when the system runs; for the user needing to set the password, inputting the password of Chinese characters by the user and then selecting to log-out the system or return to a logging interface; and for the user needing to verify the identity for logging, loading a verification interface comprising a plurality of Chinese character matrices to verify the password and then selecting to log-out the system or return to the logginginterface. The invention has the advantages of favorable memorability, usability and high safety and can be used for the identity certification of the hand-held mobile equipment with touch screen.
Description
Technical field
The invention belongs to field of information security technology, relate to authentication, specifically replace traditional text password input mode by patterned input mode exactly, being used in enters password on the mobile device of touch-screen carries out authentication, for example have PDA, the mobile phone of touch-screen start, unlock etc.
Background technology
Authentication is whether information safety system determines a user to have authority to land native system and use the process of specific resources, is the important subject of security fields.There is numerous novel identification authentication mode at present, for example utilize biotechnology and smart card techniques to carry out authentication, but what be most widely used remains the text password authentication mode that corresponding text is provided by the user, and in following a period of time, it will be as an important means of authentication.Along with the use of more and more intelligent mobile devices, authentification of user is considered to the means of a very effective protection user sensitive information, because this class mobile device is easy to fall in unwarranted other staff's hand.
The password that traditional text authentication mode requires user's input to be made up of numeral and English character have its intrinsic many defective, and these shortcomings very easily develops into safety problem.When selecting the text password, tend to select short and small simple and text mostly such as the user, as choose the word that exists in name, birthday or the dictionary that comprises own information as password with certain rule.The assailant then utilizes the password regularity of distribution structure password dictionary of being grasped usually, and password is carried out the violence guessing attack.Under this dictionary attack, a part of text password can seem very fragile usually and successfully be cracked.American scholar Klein had once carried out related experiment, it has called 14000 users' Unix system password, then only these passwords are carried out guessing attack, found that, have 25% user password successfully to be cracked approximately with a dictionary of only forming by 3 * 106 words.The Morris worm is used a dictionary of being made up of 432 common word and the online vocabulary of UNIX in 1988, can shockingly crack the user password of some websites about 50%.In order to strengthen the security of text password, the password that the user sets must be enough complicated, and often change; but such password is unfavorable for that the user remembers; practical operation gets up to have quite difficulty, and therefore, traditional text authentication mode usually can make the user be in the dilemma.
Many cognitive sciences and psychologic studies show that, human memory for significant phrase or sentence is better than the memory to nonsensical text.What now employed text password all was made up of numeral and English character on the mobile device, be not suitable for Chinese user and use and remember.Chinese is that Chinese extensively are familiar with and often use, and the most Chinese people grows up in the Chinese environment, is better than understanding and the memory that numeral or English wait the text that other characters form for the understanding of Chinese and memory.Therefore, there is not obstacle in the most Chinese people for the cognition and the memory of Chinese.The password authentication mode of now using on handheld mobile device has: traditional text authentication mode; VisKey PPC; G1 mobile phone A ndroid system debarkation authentication method.
(1) traditional text authentication mode
The password that traditional text authentication mode requires user's input to be made up of numeral and English character.On mobile device, no matter be soft keyboard in keyboard or the touch-screen, button design all smaller and more exquisite, when the user enters password, need go key tap one by one, speed is slow, and is not suitable for the Chinese user memory by the password that numeral and English character are formed.
(2)visKey?PPC
SFR company has issued this and has aimed at the commercial software product of mobile device design, visKey PPC in 2000.At user's registration phase, the user selects at 1 to 9 as the password object on the password picture.VisKey will replace original password mechanism afterwards, when each user's mobile device is opened, will show the password picture, and the user need import the password of oneself and verify.If checking is unsuccessful, then can not enter intelligent mobile device inside.VisKey combines security and ease for use and is applied on the intelligent mobile device, and the user only needs to click several times just can provide bigger password space.For example, under the situation that parameter rationally is set, the password of four points can provide nearly 100,000,000 kinds of possibilities in theory, and the text password needs five characters could form the password space of similar scale.But such password space is not attacked even as big as the off-line that resists a high-speed computer.Therefore, in order to obtain higher security, more point must a selected part as password.But these points do not have clear and definite border, and the user imports and occurs deviation easily, are difficult to accurately input, cause authentication speed to descend.In addition, clicking the password position one by one also is to cause slow-footed another factor of authentication.
(3) G1 mobile phone A ndroid system debarkation authentication method
Consider cellphone subscriber's practicality and interest, Google company is in the G1 mobile phone of releasing in 2008, and its Android system lands employing is authentication method based on nine palace lattice.It lands picture is exactly to be made up of 3 * 39 dot matrixs, and the user is undertaken by setting-out in the above that system lands.The password of user design can be to form a continuous line by some spots, and next time is when unlocking, as long as according to the correct order line that draws.But these 9 identical points also are difficult to distinguish without any meaning, and are unfavorable for the memory of user to password for the user.
In sum, the password system in the existing mobile device or exist not enoughly aspect availability perhaps can bring the user very big memory burden, all can not provide user's good usability and mnemonic on the basis that the very high security of system is provided.
Summary of the invention
The objective of the invention is to overcome the deficiency of above-mentioned prior art, a kind of identity authorization system and method for the handheld mobile device with touch-screen are provided, to improve the Memorability and the availability of Verification System, for portable mobile apparatus provides better more effective debarkation authentication mechanism.
For achieving the above object, the identity authorization system of the handheld mobile device of band touch-screen provided by the invention comprises:
The user password information storehouse is used for user password and other shown Chinese characters of log-in interface of storage encryption and this both positional information;
Information encryption/deciphering layer is used for user password information is carried out encryption and decryption;
SIM is used for the password of system user input is verified, and mutual with Application Program Interface;
The user is provided with password module, is used for user password is provided with and changes;
Interbedded formation is used for that to carry out system authentication mutual with the user;
Described information encryption/deciphering layer is provided with the password module transmitted in both directions with user password information storehouse, SIM and user respectively;
Described interbedded formation is provided with password module, SIM and user's transmitted in both directions with the user respectively.
Described interbedded formation is positioned at system's top layer, and information encryption/deciphering layer is positioned at system bottom, and SIM and user are provided with password module and are positioned at the system middle layer.
For achieving the above object, the handheld mobile device identity identifying method of band touch-screen provided by the invention comprises:
User's log-in password step: the user imports the password of any Chinese character sequence as oneself earlier, produce other Chinese characters at random by system then, and Random assignment password Chinese character and the position of other Chinese characters on display interface, will store in the password information storehouse after this password and the positional information encryption;
Subscriber authentication step: password and positional information in the system decrypts password information storehouse, the interface that loading is made of password Chinese character and other Chinese characters, user's setting-out couples together the password Chinese character by input sequence, if current input Chinese character comprises the password Chinese character in the password information storehouse, then allow the user to use resource, otherwise return the checking interface.
Any Chinese character sequence of described user input only comprises the sequence of simplified Hanzi, does not comprise other characters such as numeral, English character and punctuation mark.
The present invention is owing to use the user password information storehouse, user password that can not only storage encryption, and can store shown other Chinese characters and this both positional information in checking interface, the checking interface that is loaded after the information in the feasible deciphering password information storehouse all is identical each time, the position at user's password Chinese character place is fixed, and the setting-out shape also is roughly the same, can improve user's Memorability; The present invention encrypts the information in the user password information storehouse owing to used information encryption/deciphering layer, even therefore the assailant has obtained the user password information storehouse, also can't obtain user's password, the security that has improved system; The present invention can point out user password information owing to show the password Chinese character and the interface of other Chinese characters formation, has alleviated user's memory burden; The present invention makes the user password is set according to s own situation owing to adopt the user to import the password of any Chinese character sequence as oneself, has improved the Memorability of user to password; The present invention has improved the Memorability of Chinese user to password owing to adopt the Chinese character password to replace traditional text password of being made up of numeral and English character; Since adopt first user's setting-out with the password Chinese character by the mode that input sequence couples together, improved the speed that the user enters password, therefore improved the availability of system.
Description of drawings
Fig. 1 is a system framework synoptic diagram of the present invention;
Fig. 2 is flow for authenticating ID figure of the present invention;
Fig. 3 is the screen display interface exemplary plot of subscriber authentication step of the present invention;
Fig. 4 is the screen display interface user input trajectory exemplary plot of subscriber authentication step of the present invention;
Fig. 5 is 30 participants variation diagrams averaging time of 10 logins respectively.
Embodiment
With reference to Fig. 1, the identity authorization system of the handheld mobile device of band touch-screen of the present invention comprises user password information storehouse 115, interbedded formation 111, the user is provided with password module 112, SIM 113, information encryption/deciphering layer 114, user 102 and Application Program Interface 101.Interbedded formation 111 is positioned at system's top layer, and information encryption/deciphering layer 114 is positioned at system bottom, and SIM 113 and user are provided with password module 112 and are positioned at the middle layer.
Described interbedded formation 111 is used for authenticating alternately with user 102, and user 102 submits password information by interbedded formation 111 to system, and the feedback information of the system of acquisition.Interbedded formation 111 is provided with password module 112, SIM 113 and user's 102 transmitted in both directions with the user respectively.When user 102 will open mobile device or remove the locking of mobile device, interbedded formation 111 can invoke user authentication module 113 require user 102 to authenticate, the system that enters that is proved to be successful, and the interface is verified in returning of authentication failed; When user 102 needs setting or change password information, select to enter the user by interbedded formation 111 password module 112 is set, the password information that is provided with or revises.
Described user password information storehouse 115 is used for user password and other shown Chinese characters of log-in interface behind the storage encryption, the minimum length of this both positional information and each password Chinese character that is linked in sequence.
Described user is provided with password module 112, is used for setting and modification to user password.The user imports the password of any Chinese character sequence as oneself earlier, whether the sequence that user input is judged by system standard, if standard then success is set, system selects other Chinese characters to import Chinese character with the user from character library to form character matrix at random, and gives information encryption/deciphering layers 114 with these information transmission; And show character matrix on screen, wherein the password Chinese character highlights; If import lack of standardizationly, system prompt input is lack of standardization, and the prompting type of error, requires user 102 to re-enter.
Described SIM 113 is used to carry out the checking of user password.SIM 113 recalls information encryption/decryption layer 114 are come the information in the decrypted user password information storehouse 115, load the interface that is made of password Chinese character and other Chinese characters according to the information of being deciphered, as shown in Figure 3.By straight line the interface is divided into 8 * 12 regular rectangular lattice among Fig. 3, each grid is inserted a Chinese character at random.SIM 113 calculates the length of user's input curve, judge whether the length of user's input curve exceeds the certain proportion of minor increment, if do not exceed ratio, then the password of user's 102 inputs and the password information in the user password information storehouse 115 are compared checking, otherwise return the checking interface.If current input Chinese character comprises the password Chinese character in the password information storehouse 115, then allow the user to use resource, otherwise return the checking interface.SIM 113 can also be used for Application Program Interface 101 mutual, and when mutual, the user enters SIM 113 by lock-screen; Enter Application Program Interface 101 by good authentication.
Described information encryption/deciphering layer 114 is used for user password and other shown Chinese characters of log-in interface that encrypt/decrypt is stored, and this both positional information, and this positional information adopts DES symmetry enciphering and deciphering algorithm to carry out encryption and decryption.Information encryption/deciphering layer 114 is provided with password module 112 and SIM 113 transmitted in both directions with user password information storehouse 115, user respectively.When the user was provided with password, password and relevant information thereof were provided with password module 112 from the user and flow to user password information storehouse 115 after information encryption/deciphering layer 114 are encrypted.During subscriber authentication, SIM 113 recalls information encryption/decryption layer 114 are come the information in the decrypted user password information storehouse 115, and password and relevant information thereof flow to SIM 113 from user password information storehouse 115 through information encryption/deciphering layer 114.
With reference to Fig. 2, the handheld mobile device identity identifying method of band touch-screen of the present invention comprises the steps:
A. user's log-in password step:
A1) user imports the password of any Chinese character sequence as oneself;
A2) the Chinese character password of systems inspection user input standard whether, the Chinese character password of this code requirement user input can only comprise Chinese character, can not comprise other characters such as numeral, English character, punctuation mark, be standard if check, then continue next step, otherwise the system prompt input is lack of standardization, and the prompting type of error, requires the user to re-enter;
A3) system selects other Chinese characters except that the password Chinese character at random at random from character library, and Random assignment password Chinese character and the position of other Chinese characters on display interface, computation sequence connects minimum pixel value that password Chinese character curve need the pass through minimum length value as this curve, and this minimum length value is stored in the password information storehouse;
A4) the recalls information encryption/decryption layer is with des encryption algorithm for encryption user password information and matrix information and store user password information storehouse 115 into;
A5) information of recalls information encryption/decryption layer in the DES decipherment algorithm decrypted user password information storehouse, obtain on screen, to show character matrix behind the matrix information, inform the particular location at user password Chinese character place, land rapidly when making things convenient for its memory and checking later on, here the password Chinese character in the matrix is highlighted, for example shown in Figure 4, wherein the password of user's setting is " a computing machine institute ";
A6) user selects to practise proof procedure as required, and proof procedure is then practised in exercise if desired, and the step of exercise checking is identical with following step B, after exercise is finished, finishes that the password process being set, and enters the subscriber authentication step; If do not need exercise, then directly carry out the subscriber authentication step.
B. subscriber authentication step:
B1) information in the system call deciphering recalls information encryption/decryption layer decrypted user password information storehouse, obtain on screen, to load the interface that constitutes by password Chinese character and other Chinese characters behind the matrix information, interface displayed is consistent in this interface and the user's log-in password step, and just the password Chinese character no longer highlights;
B2) user draws a curve password Chinese character is coupled together by input sequence on touch-screen, and the order of connection need be identical with the order of input Chinese character sequence in user's log-in password step.For example shown in Figure 4, password by 1 → 2 → 3 → 4 → 5 be linked in sequence, is formed input Chinese character sequence " computing machine institute ";
B3) user is connected the pixel number that curve passed through of Chinese character as this length of a curve, and the minimum length value of each password Chinese character that is linked in sequence of storing in the extraction user password information storehouse, judge whether the length of user's input curve exceeds the preset proportion of this minimum length value, if do not exceed, change next step; Otherwise authentication failed is changeed step B1;
B4) judge whether current input Chinese character comprises the password Chinese character in the password information storehouse, if then be proved to be successful the screen that unlocks and enter custom system; Otherwise authentication failed is changeed step B1;
During the screen that B5) need unlock again, change step B1, recycle subscriber authentication.
Effect of the present invention can further specify by following experiment:
With C# language said system and method are write, carry out following experiment respectively:
1) usability lab session.In this experiment, 30 Chinese native participants are required to carry out login authentication 10 times, and are write down automatically by instrument the time of each login.Fig. 5 is that 30 participants login respectively and change averaging time of 10 times synoptic diagram.Along with the increase of login times, the participant constantly deepens the familiarity of system and password position as seen from Figure 5, to curve to move towards trend more and more familiar, the time of login is on a declining curve, and is stabilized in more than 2 seconds.Experimental result shows that the login time of native system is short, and availability is good.
2) Memorability experiment.Superincumbent experiment finished after the week, and 30 participants are login system again again.The result shows, only giving under the situation of a chance, and 90% participant can successful login system; Giving under the situation of three chances, 100% participant can successful login system.Through one month, give under the situation of three chances, 100% participant still can successful login system again.Experimental result shows that the Memorability of native system and method is good.
Claims (4)
1. handheld mobile device identity authorization system with touch-screen comprises:
User password information storehouse (115) is used for user password and other shown Chinese characters of log-in interface of storage encryption and this both positional information;
Information encryption/deciphering layer (114) is used for user password information is carried out encryption and decryption;
SIM (113) is used for the password of system user input is verified, and mutual with Application Program Interface (101);
The user is provided with password module (112), is used for user password is provided with and changes;
Interbedded formation (111) is used for that to carry out system authentication mutual with user (102);
Described information encryption/deciphering layer (114) is provided with password module (112) transmitted in both directions with user password information storehouse (115), SIM (113) and user respectively;
Described interbedded formation (111) is provided with password module (112), SIM (113) and user (102) transmitted in both directions with the user respectively.
2. the handheld mobile device identity authorization system of band touch-screen according to claim 1, wherein interbedded formation (111) is positioned at system's top layer, information encryption/deciphering layer (114) is positioned at system bottom, and SIM (113) and user are provided with password module (112) and are positioned at the system middle layer.
3. handheld mobile device identity identifying method with touch-screen comprises step:
User's log-in password step: the user imports the password of any Chinese character sequence as oneself earlier, produce other Chinese characters at random by system then, and Random assignment password Chinese character and the position of other Chinese characters on display interface, will store in the password information storehouse after this password and the positional information encryption;
Subscriber authentication step: password and positional information in the system decrypts password information storehouse, the interface that loading is made of password Chinese character and other Chinese characters, user's setting-out couples together the password Chinese character by input sequence, if current input Chinese character comprises the password Chinese character in the password information storehouse, then allow the user to use resource, otherwise return the checking interface.
4. the handheld mobile device identity identifying method of band touch-screen according to claim 3, any Chinese character sequence of user input wherein only comprises the sequence of simplified Hanzi.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910023706A CN101645123A (en) | 2009-08-26 | 2009-08-26 | Identity certification system and method of hand-held mobile equipment with touch screen |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910023706A CN101645123A (en) | 2009-08-26 | 2009-08-26 | Identity certification system and method of hand-held mobile equipment with touch screen |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101645123A true CN101645123A (en) | 2010-02-10 |
Family
ID=41657006
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200910023706A Pending CN101645123A (en) | 2009-08-26 | 2009-08-26 | Identity certification system and method of hand-held mobile equipment with touch screen |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101645123A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101813992A (en) * | 2010-05-07 | 2010-08-25 | 深圳视融达科技有限公司 | Touch screen and password-inputting method thereof |
CN102096546A (en) * | 2010-12-29 | 2011-06-15 | 华为终端有限公司 | Unlocking method and device of operating system |
CN102663280A (en) * | 2012-01-16 | 2012-09-12 | 汪林川 | Identity authentication apparatus and system |
CN102752751A (en) * | 2012-06-29 | 2012-10-24 | 宇龙计算机通信科技(深圳)有限公司 | Protection method and device for application |
CN104134035A (en) * | 2013-08-06 | 2014-11-05 | 腾讯科技(深圳)有限公司 | Software operation and control method and software operation and control device |
CN103684784B (en) * | 2013-12-06 | 2017-01-25 | 上海众人网络安全技术有限公司 | Two-factor identity authentication method based on Chinese character format information |
-
2009
- 2009-08-26 CN CN200910023706A patent/CN101645123A/en active Pending
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101813992A (en) * | 2010-05-07 | 2010-08-25 | 深圳视融达科技有限公司 | Touch screen and password-inputting method thereof |
CN102096546A (en) * | 2010-12-29 | 2011-06-15 | 华为终端有限公司 | Unlocking method and device of operating system |
CN102663280A (en) * | 2012-01-16 | 2012-09-12 | 汪林川 | Identity authentication apparatus and system |
CN102663280B (en) * | 2012-01-16 | 2014-12-24 | 汪林川 | Identity authentication apparatus and system |
CN102752751A (en) * | 2012-06-29 | 2012-10-24 | 宇龙计算机通信科技(深圳)有限公司 | Protection method and device for application |
CN102752751B (en) * | 2012-06-29 | 2015-08-12 | 宇龙计算机通信科技(深圳)有限公司 | The guard method of application and device |
CN104134035A (en) * | 2013-08-06 | 2014-11-05 | 腾讯科技(深圳)有限公司 | Software operation and control method and software operation and control device |
CN104134035B (en) * | 2013-08-06 | 2016-03-30 | 腾讯科技(深圳)有限公司 | The method of controlling operation thereof of software and device |
CN103684784B (en) * | 2013-12-06 | 2017-01-25 | 上海众人网络安全技术有限公司 | Two-factor identity authentication method based on Chinese character format information |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5764203B2 (en) | Password safe input system using password key movement value and password safe input method | |
US20070174628A1 (en) | User authentication | |
US20140053254A1 (en) | Graphical authentication system and method for anti-shoulder surfing attack | |
CN101499907B (en) | Shoulder surfing preventing identity authentication system and method based on dynamic image password | |
EP2817915B1 (en) | Industrial automation and control device user access | |
Rao et al. | Novel shoulder-surfing resistant authentication schemes using text-graphical passwords | |
KR101201934B1 (en) | Method and apparatus for authenticating password of user device using variable password | |
CN101645123A (en) | Identity certification system and method of hand-held mobile equipment with touch screen | |
US20120005735A1 (en) | System for Three Level Authentication of a User | |
CN103996011A (en) | Method and device for protecting codes to be input safely | |
Khan et al. | G-RAT| a novel graphical randomized authentication technique for consumer smart devices | |
CN103297391A (en) | Graphical dynamic password inputting and verifying method | |
Prabhu et al. | Authentication using session based passwords | |
JP2004213117A (en) | Authentication system | |
CN105447374B (en) | Computer implemented system for generating and giving for change authorization code and method | |
CN108616359A (en) | A kind of OTP authentication method and systems based on Quick Response Code | |
JP2006301684A (en) | Individual identification system | |
JP6387887B2 (en) | Authentication device, authentication program, and authentication system | |
CN103761486A (en) | Electronic file encryption method and device | |
EP2887252B1 (en) | User authentication | |
CN105847232B (en) | The implementation method of random controls identifying code is set in internet web page login system | |
Gokhale et al. | Graphical password authentication techniques: a review | |
Awang et al. | A pattern-based password authentication scheme for minimizing shoulder surfing attack | |
Bajwa et al. | Pass-pic: A mobile user authentication | |
KR101659809B1 (en) | Apparatus for input password for user authentication and method for thereof and system for thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20100210 |