CN101335755B - Method for enhancing security verified by information security device using acoustic information - Google Patents
Method for enhancing security verified by information security device using acoustic information Download PDFInfo
- Publication number
- CN101335755B CN101335755B CN2008101119489A CN200810111948A CN101335755B CN 101335755 B CN101335755 B CN 101335755B CN 2008101119489 A CN2008101119489 A CN 2008101119489A CN 200810111948 A CN200810111948 A CN 200810111948A CN 101335755 B CN101335755 B CN 101335755B
- Authority
- CN
- China
- Prior art keywords
- information
- safety devices
- dynamic password
- information safety
- sound
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 230000002708 enhancing effect Effects 0.000 title 1
- 238000012795 verification Methods 0.000 claims abstract description 10
- 238000012545 processing Methods 0.000 claims description 8
- 238000006243 chemical reaction Methods 0.000 claims description 5
- 230000008859 change Effects 0.000 claims description 4
- 230000008676 import Effects 0.000 claims description 2
- 238000012790 confirmation Methods 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- BQCADISMDOOEFD-UHFFFAOYSA-N Silver Chemical compound [Ag] BQCADISMDOOEFD-UHFFFAOYSA-N 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 229910052709 silver Inorganic materials 0.000 description 1
- 239000004332 silver Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Abstract
The invention discloses a method of using audio information to improving verification safety of information safety equipment. The information safety equipment converts dynamically generated password into audio information data and then transmits to a host computer, the host computer plays the audio information, and then the information safety equipment receives dynamic password input by the users, and verifies the correctness of the dynamic password. The invention does not need to add any input-output device to the information safety equipment, can provide safe business confirmation method for users, and can guarantee the safety of using information safety equipment to execute network business.
Description
Technical field
The present invention relates to information security technology, particularly a kind of method of utilizing acoustic information to improve information safety equipment verification safety.
Background technology
Along with the development of Internet technology, based on network application is more and more universal, for example Web bank, online transaction, virtual private net (VPN) or the like.Owing to relate to sensitive informations such as finance, property and significant data, these are used all needs higher security requirement, the affirmation signature when authentication when particularly logining and transaction.
Because the wide-scale distribution of hacker software such as wooden horse, the mode fail safe that simple account number name adds static password is very low, thereby Hacker Program can be stolen the password of user's input very easily and carries out unlawful activities.Therefore, in the higher application of security requirement, hardware based information safety devices is adopted widely.Information safety devices is a kind of portable hardware device that is independent of computer; Connect through computer data interface (normally USB) and main frame, built-in safe processing chip and nonvolatile storage have the operating system of the security mechanism improved; Can realize safety operation functions such as certificate storage, password authentication, key generation, storage and encryption and decryption; The anti-attack has very high fail safe, therefore is suitable for very much safety operations such as network ID authentication and transaction verification.Common information safety devices comprises Net silver USBKEY and dynamic token etc.
In this type used, user's private key was stored in the information safety devices usually and receives password protection, had only the correct password of input just can use this private key signature afterwards.When user's login or transaction, use private key that log-on message or Transaction Information are signed, signed data sends to server end, operates accordingly after the legitimacy of server authentication signature.Private key in the information safety devices does not allow to read, and the people who therefore only has information safety devices hardware just can sign, even Hacker Program has been stolen user password, also can't obtain user's private key.
Though the use of information safety devices can prevent that authentication signature from externally producing, the user password that the hacker still can steal is operated information safety devices.In order to prevent that Hacker Program from obtaining the right to use of private key, information safety devices generates a dynamic password usually and sends to the user, and this password to be computer program can't steal.At present; Some information safety devices adopt the method that installs hardware module additional to realize above-mentioned purpose; For example install liquid crystal additional and play screen or audio player, information safety devices is play dynamic password or play back, the user read or the uppick dynamic password after input to information safety devices.These class methods increase the hardware cost of information safety devices, and make equipment size excessive, and inconvenience is used and carried.
Summary of the invention
In view of this, the present invention proposes a kind of method of utilizing acoustic information to improve information safety equipment verification safety.
According to an aspect of the present invention, a kind of method of utilizing acoustic information to improve information safety equipment verification safety is provided, it is characterized in that:
(1) information safety devices converts dynamic password into acoustic information;
(2) acoustic information after information safety devices will be changed sends to main frame, by the main frame back sound information;
(3) information safety devices receives the dynamic password of user's input;
(4) correctness of information safety devices checking dynamic password.
According to an aspect of the present invention, its characteristic is that also in step (1), the acoustic information form can be any common computer audio format, also can be self-defining audio format.
According to an aspect of the present invention, its characteristic also is, in step (1), increases the difficulty of Computer Automatic Recognition when information safety devices converts dynamic password to acoustic information.
According to an aspect of the present invention, its characteristic also is, increases the difficulty of Computer Automatic Recognition through the method for speed change, frequency conversion, adding interference and noise.
According to an aspect of the present invention, its characteristic also is, adopts specific continuous background sound to improve the antifalsification of sound.
According to an aspect of the present invention, its characteristic is that also acoustic information can be encrypted by information safety devices before sending main frame to.
According to an aspect of the present invention, its characteristic is that also information safety devices can generate check information for sound.
According to an aspect of the present invention, its characteristic is that also check information is the check information of digital signature or alternate manner.
According to an aspect of the present invention, its characteristic is that also in step (4), information safety devices possesses the prompting element.
According to an aspect of the present invention, its characteristic is that also said prompting element is a light-emitting diode.
According to an aspect of the present invention, its characteristic also is, when the acoustic information that sends dynamic password to main frame when information safety devices is waited for the password input, light or the light-emitting diode that glimmers with the prompting user.
According to an aspect of the present invention, its characteristic also is, if light-emitting diode is lighted or do not play the acoustic information of dynamic password when glimmering, then ends current operation.
According to an aspect of the present invention, its characteristic also is, if acoustic information is difficult to identification, then sends the retry request.
Description of drawings
A kind of method flow diagram that utilizes acoustic information to improve information safety equipment verification safety that Fig. 1 proposes for the present invention.
Fig. 2 is for converting dynamic password in the embodiment of the invention schematic flow sheet of acoustic information.
Fig. 3 utilizes acoustic information to carry out the schematic flow sheet of the generation and the verification of dynamic password for information safety devices in the embodiment of the invention.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, below with reference to the accompanying drawing embodiment that develops simultaneously, to further explain of the present invention.
Information safety devices converts dynamic password into the acoustic information data and sends to main frame, the main frame back sound information, and information safety devices receives the dynamic password of user's input, the correctness of checking dynamic password.
The concrete steps of transaction verification of the present invention are following:
In the step 101, the voice data form can be any common computer audio format, also can be self-defining form.When information safety devices converts dynamic password to the acoustic information data, can pass through the difficulty that methods such as speed change, frequency conversion, adding interference and noise increase Computer Automatic Recognition, can adopt specific continuous background sound to improve the antifalsification of sound.The acoustic information data can be encrypted by information safety devices before sending main frame to, so that sound can only and be play by program deciphering specific in the main frame.Information safety devices can generate the check information of digital signature or alternate manner for sound, so that playout software can be verified the authenticity of sound.
Computer Automatic Recognition acoustic information technology is still immature at present, is difficult to from data, differentiate and extract quickly and accurately dynamic password.Therefore Hacker Program can't obtain dynamic password, thus the affirmation operation that has guaranteed transaction only possibly undertaken by the user, can not be accomplished automatically by Hacker Program.
The present invention need not can safe transaction confirmation method be provided for the user for information safety devices installs any input-output equipment additional, has guaranteed to use information safety devices to carry out the fail safe of network trading.
In order to make that acoustic information is difficult to discerned automatically by computer program, information safety devices need be handled the acoustic information of output in the present embodiment, increases the difficulty of identification.Store following audio database in the nonvolatile storage in the information safety devices: numeral 0~9 and alphabetical A~Z be totally 36 character voice, some groups of background sounds, some groups of interference sound.Information safety devices has following Audio Processing algorithm: splicing, stack, speed change, frequency conversion, reduction sample rate, adding noise.The flow process that dynamic password converts acoustic information to is following:
In the processing procedure of step 202 pair character sound, can choose in step 221~225 one or multinomial, can adopt and make up order arbitrarily and handle.
Owing to carried out above-mentioned processing, acoustic information identification difficulty is excessive sometimes, causes the user also to be difficult to identification, so the information safety devices in the present embodiment also provides retray function, and promptly the user can require to regenerate dynamic password and discern authentication.
In order to prevent that Hacker Program is to the intercepting and capturing of acoustic information with distort; Information safety devices sends to main frame after acoustic information is encrypted in the present embodiment; Have only through specific sound playing program or control and could decipher and play sound, so Hacker Program can't directly obtain acoustic information from the communication data of information safety devices and main frame.
Senior Hacker Program also maybe be through stealing decruption key; Or directly from the internal memory of playing program or control or in the voice playing card memory, read voice data; Carry out Computer Automatic Recognition, or voice data is sent to the hacker through network carry out manual identification and return recognition result.Because the above-mentioned behavior of Hacker Program all need be handled by the intercepting voice data before specific sound playing program or control play sound; More consuming time; Therefore the information safety devices in the present embodiment also is equipped with LED (light-emitting diode); When information safety devices when main frame sends the dynamic password acoustic information and waits for the password input, light or the LED that glimmers, with the prompting user.If the user finds that LED lights or when glimmering specific playing program or control do not play dynamic password sound, explaining has Hacker Program probably in activity, answers abort transactoin.
Referring to Fig. 3, to utilize acoustic information to carry out the generation and the checking process of dynamic password following for information safety devices in the present embodiment:
If step 307 is being the retry request then turning back to step 301 of user input;
Step 308, if user input be password with the dynamic password that in step 301, generates relatively, if identical then verify successfully to allow to conclude the business carry out, otherwise return error message.
Claims (8)
1. method of utilizing acoustic information to improve information safety equipment verification safety is characterized in that:
(1) said information safety devices generates dynamic password at random,
(2) said information safety devices uses inner audio database and Audio Processing algorithm to convert dynamic password to acoustic information, and data are encrypted;
(3) acoustic information after said information safety devices will be changed sends to said main frame, lights or the light-emitting diode that glimmers;
(4) sound playing program in the said main frame or control data decryption and play dynamic password;
(5) User Recognition goes out said dynamic password, imports said information safety devices, if sound is difficult to identification, then sends the retry request;
(6) said information safety devices receives user's input, closes light-emitting diode;
(7) if being the retry request then turning back to step (1) of user input;
(8) if user input be password with the said dynamic password that in step (1), generates relatively, as if identical then the checking successfully, otherwise return error message.
2. method according to claim 1 is characterized in that, in step (1), the acoustic information form is any common computer audio format, or self-defining audio format.
3. method according to claim 1 is characterized in that, in step (1), increases the difficulty of Computer Automatic Recognition when information safety devices converts dynamic password to acoustic information.
4. method according to claim 3 is characterized in that, increases the difficulty of Computer Automatic Recognition through the method for speed change, frequency conversion, adding interference and noise.
5. method according to claim 1 is characterized in that, adopts specific continuous background sound to improve the antifalsification of sound.
6. method according to claim 1 is characterized in that, information safety devices is that sound generates check information.
7. method according to claim 6 is characterized in that, check information is the check information of digital signature or alternate manner.
8. method according to claim 1 is characterized in that, if light-emitting diode is lighted or do not play the acoustic information of dynamic password when glimmering, then ends current operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101119489A CN101335755B (en) | 2008-05-19 | 2008-05-19 | Method for enhancing security verified by information security device using acoustic information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101119489A CN101335755B (en) | 2008-05-19 | 2008-05-19 | Method for enhancing security verified by information security device using acoustic information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101335755A CN101335755A (en) | 2008-12-31 |
| CN101335755B true CN101335755B (en) | 2012-07-04 |
Family
ID=40198062
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101119489A Expired - Fee Related CN101335755B (en) | 2008-05-19 | 2008-05-19 | Method for enhancing security verified by information security device using acoustic information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101335755B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102008046339A1 (en) | 2008-09-09 | 2010-03-11 | Giesecke & Devrient Gmbh | Release of transaction data |
| CN102360544A (en) * | 2011-06-17 | 2012-02-22 | 上海先先信息科技有限公司 | Method for performing voiceprint verification of Chinese through single arithmetic |
| CN102710420B (en) * | 2012-06-04 | 2015-12-16 | 华为终端有限公司 | The method of password, system and equipment thereof are set |
| CN102752117B (en) * | 2012-07-24 | 2016-04-06 | 天地融科技股份有限公司 | Dynamic password generating device, method and there is the transaction system of this device |
| CN104639504B (en) * | 2013-11-12 | 2018-09-21 | 华为技术有限公司 | Network cooperating defence method, device and system |
| CN104717641B (en) * | 2013-12-13 | 2019-01-08 | 中国移动通信集团公司 | A kind of digital signature generation method and SIM card based on SIM card |
| CN105024816A (en) * | 2014-04-25 | 2015-11-04 | 腾讯科技(深圳)有限公司 | Information verification method based on audio frequency and device |
| CN104680376B (en) * | 2015-03-13 | 2017-11-07 | 中国工商银行股份有限公司 | A kind of Transaction Information verification method and device |
| CN105577366B (en) * | 2015-12-18 | 2019-03-01 | 南京巨鲨显示科技有限公司 | Sound wave based on embedded device generates and recognition methods |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1998058322A2 (en) * | 1997-06-19 | 1998-12-23 | Marchant Brian E | Security apparatus for data transmission with dynamic random encryption |
| EP1043860A2 (en) * | 1999-04-07 | 2000-10-11 | Sony Corporation | Security units, memory units, data processing units and data encryption methods |
| CN1610294A (en) * | 2003-10-24 | 2005-04-27 | 阿鲁策株式会社 | Vocal print authentication system and vocal print authentication program |
| CN1708152A (en) * | 2004-06-07 | 2005-12-14 | 上海中策工贸有限公司 | Mobile telephone cipher system |
-
2008
- 2008-05-19 CN CN2008101119489A patent/CN101335755B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1998058322A2 (en) * | 1997-06-19 | 1998-12-23 | Marchant Brian E | Security apparatus for data transmission with dynamic random encryption |
| EP1043860A2 (en) * | 1999-04-07 | 2000-10-11 | Sony Corporation | Security units, memory units, data processing units and data encryption methods |
| CN1610294A (en) * | 2003-10-24 | 2005-04-27 | 阿鲁策株式会社 | Vocal print authentication system and vocal print authentication program |
| CN1708152A (en) * | 2004-06-07 | 2005-12-14 | 上海中策工贸有限公司 | Mobile telephone cipher system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101335755A (en) | 2008-12-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101335755B (en) | Method for enhancing security verified by information security device using acoustic information | |
| CN101291226B (en) | Method for enhancing security verified by information security device using image information | |
| CA2523972C (en) | User authentication by combining speaker verification and reverse turing test | |
| CN101106455B (en) | Identity authentication method and intelligent secret key device | |
| CN204965434U (en) | A strong authentication token for generating safe value of developments | |
| US10360555B2 (en) | Near field authentication through communication of enclosed content sound waves | |
| CN104104672B (en) | The method that dynamic authorization code is established in identity-based certification | |
| US20200169552A1 (en) | Using an audio interface device to authenticate another device | |
| US20070113294A1 (en) | Password Presentation for Multimedia Devices | |
| US11057372B1 (en) | System and method for authenticating a user to provide a web service | |
| US20080120507A1 (en) | Methods and systems for authentication of a user | |
| US9756028B2 (en) | Methods, systems and computer program products for secure access to information | |
| TR201810238T4 (en) | The appropriate authentication method and apparatus for the user using a mobile authentication application. | |
| JP2020038659A (en) | Electronic ticket admission verification anti-counterfeiting system and method thereof | |
| US8312288B2 (en) | Secure PIN character retrieval and setting using PIN offset masking | |
| KR101741917B1 (en) | Apparatus and method for authenticating using speech recognition | |
| US20190213306A1 (en) | System and method for identity authentication | |
| US20220337426A1 (en) | Digital key device and method for activating digital key service | |
| KR102347733B1 (en) | Id issue/authentication system that do not need to manage personal information and secure transaction authentication method thereof | |
| CN115514493A (en) | Autonomous identity authentication method and system based on third-party platform and trusted hardware | |
| Guangming et al. | A New Dynamic Authentication Captcha Based on Negotiation Between Host and Mobile Terminal for Electronic Commerce | |
| KR20040019810A (en) | Authentication system and method using note sign and smart card and record medium recorded method thereof capable of being read by computer or electronic device | |
| AU2012238235A1 (en) | Interactive Voice Response System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING SHENSI SHUDUN SCIENCE + TECHNOLOGY CO., LT Free format text: FORMER OWNER: BEIJING SENSELOCK SOFTWARE TECHNOLOGY CO., LTD. Effective date: 20150120 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100086 HAIDIAN, BEIJING TO: 100872 HAIDIAN, BEIJING |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20150120 Address after: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Patentee after: BEIJING SHENSI SHUDUN TECHNOLOGY Co.,Ltd. Address before: 100086 Beijing City, Haidian District Zhongguancun South Street No. 6 Zhucheng building block B room 1201 Patentee before: Beijing Senselock Software Technology Co.,Ltd. |
|
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: 100193 Beijing, Haidian District, East West Road, No. 10, East Hospital, building No. 5, floor 5, layer 510 Patentee after: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. Address before: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Patentee before: BEIJING SHENSI SHUDUN TECHNOLOGY Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120704 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |