CN101582766A - Account password protection system based on position related question challenge and method thereof - Google Patents
Account password protection system based on position related question challenge and method thereof Download PDFInfo
- Publication number
- CN101582766A CN101582766A CNA2009100985962A CN200910098596A CN101582766A CN 101582766 A CN101582766 A CN 101582766A CN A2009100985962 A CNA2009100985962 A CN A2009100985962A CN 200910098596 A CN200910098596 A CN 200910098596A CN 101582766 A CN101582766 A CN 101582766A
- Authority
- CN
- China
- Prior art keywords
- challenge
- user
- module
- password
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000007689 inspection Methods 0.000 claims abstract description 21
- 238000012795 verification Methods 0.000 claims description 30
- 230000002596 correlated effect Effects 0.000 claims description 3
- 238000001514 detection method Methods 0.000 abstract 2
- 238000005516 engineering process Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 208000015181 infectious disease Diseases 0.000 description 1
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention provides an account password protection system based on position related questions challenge and a method thereof, belonging to the technical field of electric identification certification. The system comprises a client end, a challenge machine and a server which are matched and connected with each other, wherein a sub-system module is set in the client end; a user challenge question base and a position detection and question selection module are set in the challenge machine; a token check question inspection module is set in the position detection and question selection module; a question inspection and password check module, a user name base and a user password base are set and coordinated in the server and a token check question inspection module is set in the question inspection and password check module. The method comprises a question setting phase and a question challenge phase. Based on the traditional protection method of user name and user token, a mode for providing challenge problems are added through position relations based on the algorithm of IP position relation, challenge questions are dynamically selected, the problem that a hacker steals user token on the client end is totally resolved, and the hacker is hard to acquire the token.
Description
Technical field
The invention belongs to electronic identity authentication technology field, be specifically related to a kind of account password protection system and method for position-based related question challenge.
Background technology
Continuous development along with information technology, various electronic informations have obtained using widely in people's life, study and work, for example e-mail system, immediate news systems, e-commerce system, network game system, system of the Internet bank or the like.Based on the requirement of safety and privacy, present most of electronic informations all need be carried out authentication at the user.At present, use the most often authentication mode of user name encrypted code.Be set by the user and take care of the encrypted message of oneself, when the visit electronic information, submit to this password to carry out authentication.
Because how the infection without restraint of Malwares such as Trojan for stealing numbers effectively protects the user name and password not stolen, become all Internet users and protect account number and the financial property of association and the urgent problem of virtual assets.Traditional technology based on the killing of client wooden horse can only be at the killing targetedly of known Malware, and effect is extremely limited.Based on the system of dynamic password card, have cost height, physical implementation difficulty, password card and lose, carry problems such as inconvenience.
Summary of the invention
At problems of the prior art; the object of the present invention is to provide a kind of account password protection system and method for position-based related question challenge; add in traditional user name in the guard method of user password; increased by the challenge mode of problem of location association; strengthen the intensity of password protection; even user password, challenge and answer have been stolen, can also prevent steal-number in the same old way.
The account password protection system of described a kind of position-based related question challenge; it is characterized in that comprising the client that cooperatively interacts and connect; challenge machine and server; be equipped with the login subsystem module in the client; be equipped with each user's independent user challenge storehouse in the challenge machine; position probing and problem are selected module; position probing and problem are selected to be equipped with in the module token check problem and are checked module; be equipped with problem inspection and password verification module in the server; user name; the user password storehouse is equipped with the token check problem and checks module in problem inspection and the password verification module.
The account password protection system of described a kind of position-based related question challenge; it is characterized in that described login subsystem module connects respectively is provided with user's challenge storehouse, position probing and problem is selected module, problem inspection and password verification module; problem inspection is connected user name, user password storehouse with password verification module, and the token check problem checks that module and token check problem inspection module are connected setting.
The account password protection system of described a kind of position-based related question challenge is characterized in that described challenge machine is arranged in the server, removes the token check problem simultaneously and checks module, token check problem inspection module.
A kind of account password protection method of position-based related question challenge is characterized in that comprising that problem is provided with stage and question challenge stage, and the method that problem is provided with is as follows:
1) client, server and challenge machine carry out initialization and start;
2) user logins subsystem module, shows login interface, and the user inputs user name and user password, server, challenge machine receive log on command, obtain user name and user password, and the verified users password, if the verification failure then directly finishes to withdraw from, if verification succeeds is then carried out next step;
3) after the user password verification succeeds, the general default problem of retrieval system definition, and send to client, the general default problem of display system on the client, the user selects problem or increases the problem of oneself, and each problem is provided answer, finishes after problem that submission is selected and the answer thereof;
4) finish after all problems of the reception of server and challenge machine and storage user name and this user name and the answer thereof;
The method of question challenge is as follows:
1) client, server and challenge machine carry out initialization and start;
2) user logins subsystem module, shows login interface, and the user inputs user name and user password, and server, challenge machine receive log on command and obtain user name, if failure then directly finishes to withdraw from, then carries out next step if obtain success;
3) according to the IP address of user login, the challenge machine is according to algorithm, challenge of Dynamic Selection, and send to client;
4) challenge of client display system selection, the user provides answer, and submits user name, user password, challenge and answer thereof to server and challenge machine;
5) server and challenge machine receive user name, user password, challenge and answer thereof, and the answer of verification challenge then is if correctly then allow accessing server by customer end, if check errors then finishes to withdraw from.
The account password protection method of described a kind of position-based related question challenge is characterized in that the IP address according to user login described in the question challenge step 3), and challenge machine (1) is according to algorithm, challenge of Dynamic Selection, and algorithm is as follows:
1) if the IP of current connection is related with a problem, directly returns this problem
2) if the IP of current connection is a new IP, judge whether not correlate the problem of IP,, then return this problem if having
3) if the IP of current connection is a new IP, judge the immediate IP correlated problem, it is approaching to calculate IP, if the IP proximity, then returns the problem of adjacent I P association less than appointed threshold; Another solution according to IP selection challenge is based on the IP database and inquires about, and comes related according to different IP ownership.
The present invention adds in the guard method of user password in traditional user name; increased by the challenge mode of problem of location association; algorithm based on the IP location association; the Dynamic Selection challenge solves the problem of hacker at client theft user password fully, allows the hacker be difficult to get access to password; even obtained user password; the information that does not also have challenge makes the user password that gets access to invalid, strengthens the intensity of password protection.
Description of drawings
Fig. 1 is a system configuration schematic diagram of the present invention;
Fig. 2 is the system configuration schematic diagram of another embodiment of the present invention;
Fig. 3 is provided with the flow chart in stage for problem of the present invention;
Fig. 4 asks the flow chart in question challenge stage of the present invention.
Among the figure: 1-challenges machine, 2-user's challenge storehouse, and 3-position probing and problem are selected module, 4,4a-token check problem is checked module, 5-server, 6-user name, user password storehouse, the 7-problem checks and password verification module that 8-logins subsystem module, 9-client.
Embodiment
The present invention is described further below in conjunction with accompanying drawing.
A kind of account password protection system of position-based related question challenge; comprise the client 9 that cooperatively interacts and connect; challenge machine 1 and server 5; be equipped with login subsystem module 8 in the client 9; be equipped with each user's independent user challenge storehouse 2 in the challenge machine 1; position probing and problem are selected module 3; position probing and problem are selected to be equipped with in the module 3 the token check problem and are checked module 4; be equipped with problem inspection and password verification module 7 in the server 5; user name; user password storehouse 6; be equipped with the token check problem in problem inspection and the password verification module 7 and check module, this kind pattern is client-challenge machine-server mode.System also can be arranged on challenge machine 1 in the server 5, makes server 5 possess the function of challenge machine simultaneously, and removes the token check problem and check module 4, token check problem inspection module 4a, and this kind pattern is the client-server pattern.
A kind of account password protection method of position-based related question challenge comprises that problem is provided with stage and question challenge stage.
At first carry out the problem setting, if under the client-server pattern, the user login services device, if under client-challenge machine-server mode, the user logins the challenge machine.The flow process that problem is provided with is as follows:
1) client 9, server 5 and challenge machine 1 carry out initialization and start;
2) user logins subsystem module 8, shows login interface, and the user inputs user name and user password, server 5, challenge machine 1 receive log on command, obtain user name and user password, and the verified users password, if the verification failure then directly finishes to withdraw from, if verification succeeds is then carried out next step;
3) after the user password verification succeeds, the general default problem of retrieval system definition, and send to client 9, the general default problem of display system on the client 9, the user selects problem or increases the problem of oneself, and each problem is provided answer, finishes after problem that submission is selected and the answer thereof;
4) finish after all problems of server 5 and 1 reception of challenge machine and storage user name and this user name and the answer thereof.
The user selects the also general default problem of the predetermined justice of answering server, or self-defining problem is set and provides answer, information is saved in user's challenge storehouse then.Such as:
Ask 1: my native place; Answer 1: Sichuan;
Ask 2: my surname; Answer 2: Lee;
Ask 3: my mother's surname answers 3: the king;
Ask 4: I answer 4:7607 the date of birth;
Carry out question challenge then, if under the client-server pattern, the user login services device, if under client-challenge machine-server mode, the user logins the challenge machine.The flow process of question challenge is as follows:
1) client 9, server 5 and challenge machine 1 carry out initialization and start;
2) user logins subsystem module 8, shows login interface, and the user inputs user name and user password, and server 5, challenge machine 1 receive log on command and obtain user name, if failure then directly finishes to withdraw from, then carries out next step if obtain success;
3) according to the IP address of user login, challenge machine 1 is according to algorithm, challenge of Dynamic Selection, and send to client 9;
4) challenge of client 9 display systems selection, the user provides answer, and submits user name, user password, challenge and answer thereof to server 5 and challenge machine 1;
5) server 5 receives user name, user password, challenge and answer thereof, and the verified users password directly finishes to withdraw from if the password verification is unsuccessful then.If the password verification succeeds, under the client-server pattern in the answer of server verification challenge; Under client-challenge machine-server mode, server sends to the answer of challenge machine verification challenge together with token, if correctly then allow accessing server by customer end, if check errors then finishes to withdraw from.
Server detects the IP address of client, selects challenge according to following algorithm then, relative position and problem:
1) if the IP of current connection is related with a problem, directly returns this problem;
2) if the IP of current connection is a new IP, judge whether not correlate the problem of IP,, then return this problem if having;
3), judge the immediate IP that has correlated problem if the IP of current connection is a new IP.Calculating IP near algorithm is: if the IP proximity, then returns the problem of adjacent I P association less than appointed threshold; Select challenge according to IP, another solution is based on the IP database and inquires about, and comes related according to different IP ownership.
If what the user used is client-challenge machine-server mode, then can produce a token based on time and random number and usefulness encrypted private key simultaneously, prevent client forgery known problem and answer thereof, the inevitable correlation of assurance problem and position.If what the user used is the client-server pattern, then can not produce token.
When user name, user password, challenge and answer verification thereof, if what the user used is the client-server pattern, then directly check problem and answer in customer problem challenge storehouse, if under client-challenge machine-server mode, then together with token, whether challenge and answer send in the challenge machine verification together correct.
The implementation of native system and method anti-theft protection below is described by way of example.
1. the user is in A ground (such as Shanghai), and login has been inputed user name by the system of any pattern of the present invention, and user password is provided answer by system according to regioselective challenge and answer.
Such as: user name: vip2009
User password: mypassword3333$$
Is challenge: what the phonetic of my name?
Answer: goodboy
2. the hacker has intercepted password by any Malwares such as wooden horses on client machine, has perhaps stolen related data by network interception or Network Sniffing.
3. the hacker with the relevant information that gets access to, attempts login system in B ground (such as Beijing).A challenge is selected dynamically by the IP association by system, such as:
Is challenge: whom my favorite scientist?
Answer:? (never stealing the answer of this challenge)
Because the IP of normal users login is different with the IP address of hacker's login, according to IP position range selection algorithm, the challenge that occurs after the hacker logins is different with the problem of intercepting, and never points out this problem, so the hacker has no chance to steal this information.Even therefore the right user name has been arranged, user password, but, cannot obtain the challenge and the answer that occur in Beijing according to the location association rule, so the hacker is difficult in the user in the online of Beijing, also can get access to user password simultaneously.
Thought of the present invention is to add in the guard method of password in traditional user name, has increased by the challenge mode of problem of location association, strengthens the intensity of password protection.The user who needs safety certification selects and setting challenge and answer thereof in the client of system earlier, is saved in server end then.When the user need login, the IP address that server connects according to client, this is the credible internet communication address information that can't forge reliably fully, the position relevant issues selection algorithm of describing according to the present invention, challenge of dynamic selection, allow the user answer, password is according to physical location and the part of dynamic change.As the hacker; by any hacker's means, the first ground in user's login can steal user name and user password; challenge and answer thereof; but the hacker is in any other place, even user name and user password are effective, but system is according to its physical location; selected other challenge dynamically; the hacker just can not provide correct answer, and can't enter system, the more effective safeguard protection effect that reached.
Claims (5)
1. the account password protection system of a position-based related question challenge; it is characterized in that comprising the client (9) that cooperatively interacts and connect; challenge machine (1) and server (5); be equipped with login subsystem module (8) in the client (9); be equipped with each user's independent user challenge storehouse (2) in the challenge machine (1); position probing and problem are selected module (3); position probing and problem are selected to be equipped with in the module (3) the token check problem and are checked module (4); be equipped with problem inspection and password verification module (7) in the server (5); user name; user password storehouse (6) is equipped with the token check problem and checks module (4a) in problem inspection and the password verification module (7).
2. the account password protection system of a kind of position-based related question challenge as claimed in claim 1; it is characterized in that described login subsystem module (8) connects user's challenge storehouse (2), position probing and problem respectively and selects module (3), problem inspection and password verification module (7); problem checks with password verification module (7) and is connected user name, user password storehouse (6) that the token check problem checks that module (4) and token check problem inspection module (4a) are connected.
3. the account password protection system of a kind of position-based related question challenge as claimed in claim 1; it is characterized in that described challenge machine (1) is arranged in the server (5), remove the token check problem simultaneously and check module (4), token check problem inspection module (4a).
4. the account password protection method of a position-based related question challenge is characterized in that comprising that problem is provided with stage and question challenge stage, and the method that problem is provided with is as follows:
1) client (9), server (5) and challenge machine (1) carry out initialization and start;
2) user logins subsystem module (8), show login interface, the user inputs user name and user password, server (5), challenge machine (1) receive log on command, obtain user name and user password, and the verified users password, if the verification failure, then directly finish to withdraw from, if verification succeeds is then carried out next step;
3) after the user password verification succeeds, the general default problem of retrieval system definition, and send to client (9), client (9) goes up the general default problem of display system, the user selects problem or increases the problem of oneself, and each problem provided answer, finish after submitting the problem selected and answer thereof to;
4) finish after all problems of the reception of server (5) and challenge machine (1) and storage user name and this user name and the answer thereof;
The method of question challenge is as follows:
1) client (9), server (5) and challenge machine (1) carry out initialization and start;
2) user logins subsystem module (8), shows login interface, and the user inputs user name and user password, and server (5), challenge machine (1) receive log on command and obtain user name, if failure then directly finishes to withdraw from, then carries out next step if obtain success;
3) according to the IP address of user login, challenge machine (1) is according to algorithm, challenge of Dynamic Selection, and send to client (9);
4) challenge of client (9) display system selection, the user provides answer, and submits user name, user password, challenge and answer thereof to server (5) and challenge machine (1);
5) server (5) and challenge machine (1) receive user name, user password, challenge and answer thereof, and the answer of verification challenge then is if correctly then allow accessing server by customer end, if check errors then finishes to withdraw from.
5. the account password protection method of a kind of position-based related question challenge as claimed in claim 4; it is characterized in that the IP address described in the question challenge step 3) according to user's login; challenge machine (1) is according to algorithm, challenge of Dynamic Selection, and algorithm is as follows:
1) if the IP of current connection is related with a problem, directly returns this problem;
2) if the IP of current connection is a new IP, judge whether not correlate the problem of IP,, then return this problem if having;
3) if the IP of current connection is a new IP, judge the immediate IP correlated problem, it is approaching to calculate IP, if the IP proximity, then returns the problem of adjacent I P association less than appointed threshold; Another solution according to IP selection challenge is based on the IP database and inquires about, and comes related according to different IP ownership.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2009100985962A CN101582766A (en) | 2009-05-18 | 2009-05-18 | Account password protection system based on position related question challenge and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2009100985962A CN101582766A (en) | 2009-05-18 | 2009-05-18 | Account password protection system based on position related question challenge and method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101582766A true CN101582766A (en) | 2009-11-18 |
Family
ID=41364748
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2009100985962A Pending CN101582766A (en) | 2009-05-18 | 2009-05-18 | Account password protection system based on position related question challenge and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101582766A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104516898A (en) * | 2013-09-29 | 2015-04-15 | 国际商业机器公司 | Method and system for offering information by server using CAPTCHA |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020184500A1 (en) * | 2001-05-29 | 2002-12-05 | Michael Maritzen | System and method for secure entry and authentication of consumer-centric information |
| CN1980128A (en) * | 2005-12-01 | 2007-06-13 | 王继华 | Method and system for identifying internet user |
| CN101374047A (en) * | 2007-08-21 | 2009-02-25 | Nhn公司 | User authentication system using IP address and method thereof |
-
2009
- 2009-05-18 CN CNA2009100985962A patent/CN101582766A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020184500A1 (en) * | 2001-05-29 | 2002-12-05 | Michael Maritzen | System and method for secure entry and authentication of consumer-centric information |
| CN1980128A (en) * | 2005-12-01 | 2007-06-13 | 王继华 | Method and system for identifying internet user |
| CN101374047A (en) * | 2007-08-21 | 2009-02-25 | Nhn公司 | User authentication system using IP address and method thereof |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104516898A (en) * | 2013-09-29 | 2015-04-15 | 国际商业机器公司 | Method and system for offering information by server using CAPTCHA |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1829281B1 (en) | Authentication device and/or method | |
| US9736150B2 (en) | Authentication system and method | |
| US20070107050A1 (en) | Simple two-factor authentication | |
| CA2665961C (en) | Method and system for delivering a command to a mobile device | |
| KR101718948B1 (en) | Integrated certification system using one time random number | |
| US20150096004A1 (en) | Method and apparatus for service login based on third party's information | |
| CN105357196A (en) | Network login method and system | |
| US11665156B2 (en) | Method and system for securely authenticating a user by an identity and access service using a pictorial code and a one-time code | |
| JP2008503001A (en) | Network security and fraud detection system and method | |
| CN104348612A (en) | Third-party website login method based on mobile terminal and mobile terminal | |
| WO2005107137A2 (en) | Method and apparatus for authenticating users using two or more factors | |
| CN102164141A (en) | Method for protecting security of account | |
| RU2670031C2 (en) | System and method of identification and / or authentication | |
| WO2009000130A1 (en) | Method and system for realizing network payment | |
| CN103853950A (en) | Authentication method based on mobile terminal and mobile terminal | |
| CN102130893A (en) | Safety protection method and system for network accounts | |
| CN118449719A (en) | Network identity authentication method and system and user agent equipment used by same | |
| CN112995227B (en) | One-stop information service platform based on three-party credit management | |
| CN113055185A (en) | Token-based authentication method and device, storage medium and electronic device | |
| CN105429928A (en) | Data communication method and system, and client and server | |
| CN103428698B (en) | Mobile interchange participant's identity strong authentication method | |
| Van Oorschot et al. | Countering identity theft through digital uniqueness, location cross-checking, and funneling | |
| CN103929310A (en) | Mobile phone client side password unified authentication method and system | |
| CN101582766A (en) | Account password protection system based on position related question challenge and method thereof | |
| KR20140023085A (en) | A method for user authentication, a authentication server and a user authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20091118 |