CN1860729A - Mail server login security authentication method and IC card authentication hardware - Google Patents

Abstract

The invention relates to a Mail Server login security authentication method and IC card authentication hardware, it is to utilize an IC card to embed an identity check secret code ICCID and an international check code GLN, and put this IC card into an IC card reading device (Reader), and install on hardware compatible with USB interface of the computer or PS2 slot or having wireless communication, infrared transmission, etc., as the authentication hardware, the user can guarantee the source identifiability of the user and the confidentiality of the Mail data through the control and management comparison of the embedded program of the IC card and the security control mechanism; because the IC card and its IC card Reader are easily matched with the peripheral hardware of general computer, it can make its application more extensive, and can also be used as storage medium, so that it has the security, safety and mobility of data access.

Description

Mail server login security authentication method and IC card authentication hardware Technical field

The present invention relates to a mail server login security authentication method and IC card authentication hardware, especially a high security and high value design using authentication hardware as a mail server login medium. Background technique

In the highly competitive global business environment, e-Mail is an indispensable main tool for information transmission and business contact, accounting for up to about 70% of enterprise network resource usage, and growing rapidly at a rate of 500% every year. According to the estimate of CNET magazine, by the end of 2001, the number of e-mail accounts has broken through the 1 billion mark. If each e-mail box receives 20-30 letters per day on average, there will be tens of billions of e-mails in different types of e-mails every day. It can be seen that e-mail plays an important role in the current Internet.

The traditional mail transfer protocol (SMTP: Simple Mail Transfer Protocol) does not have the function of user identity authentication, so it is quite easy to be abused by malicious people as a transfer point for advertising mail or spam. And the email transmission mechanism without identity authentication function also causes system management or network administrators to deal with difficulties when tracking problem emails.

Therefore, most mail systems refuse to transfer mail (mail relay) for users outside the internal trusted zone, but this restriction also causes inconvenience to legitimate users.

For example, after going on a business trip or returning home from get off work, you cannot continue to use the company's mail server to send letters. Students cannot use the school's mail host to send letters after they leave school for the holidays.

To solve this problem in the past, it was necessary to purchase an expensive commercial mail server, so that the identity authentication was carried out before the user sent the letter. But now using the method of the present invention, with an easy-to-use authentication hardware, through the IC card embedded program and security control mechanism on the authentication hardware, with the CA identity authentication server, there will be ¾: protection and authentication. Achieve the identity authentication function only available in commercial software in the past.

Furthermore, it is generally known that any membership-based function on the network, including logging into the mail server (Mail Server), is to set a set of passwords by oneself or set a set of passwords randomly by the server itself. For users, because the information information is encrypted on the web server side; even if the encryption is implemented, in order to prevent the leakage of communication Internet information, there is research and design of the program and logic of the encryption technology, hoping to be technically compatible with hackers However, in the current situation, complete prevention cannot be achieved, which clearly points out that only password-protected computers are not safe enough.

At present, to log in to the mail server (Mail Server), only the user name and password are directly registered on the webpage. If the two match, the registered user's information can be used legally through the mail server (Mail Server). The action performed can even inquire some relevant confidential information of the user and the correspondence records; It is really impossible to ensure that the password encoding and decoding can not be cracked by hackers. Today's Internet is boundless. In order to facilitate the use and be able to access the Internet anytime, anywhere, users can easily use different computers or other equipment to access the Internet in many places, and it is easy to derive illegal use of passwords and illegal tracking. Users and other issues, such as using the public computer in the library or surfing the Internet in Internet cafes, because there are many users using the same machine, if you accidentally leave their user name and password on the login screen and forget to delete it, It is easy to be misappropriated by the next user or hackers use the backdoor program of some simple operating systems to crack and steal their confidential information, and carry out illegal acts not authorized by the legitimate user, resulting in the loss of the user.

In addition, in terms of the security of passwords used in the current Internet, especially: "Hackers use Dictionary Attack to crack user passwords and fake user identities" is the most common, and most people know that signing by entering the user ID and password Logging into a computer system, or logging into a membership-based website is the easiest, but also the least secure way.

The reasons are as follows:

1. The basis for most people to choose a password is to facilitate memory. Few people will choose a string of passwords that are arranged arbitrarily and mixed with English letters and numbers. The famous cryptographer Daniel

Klein claims that with a general dictionary attack (Dictionary Attack), passwords on 40% of computers can be easily cracked. At present, there are many password cracking software designed by students, system experts and hackers scattered on the Internet, providing tools for internal and external hackers to intrude.

2. Today's information systems are becoming more and more complex, and many heterogeneous systems are connected in series, resulting in When the user logs in to different computer systems, due to the requirements of each operating system, the user must enter the password again. According to expert statistics, only a small number of people can memorize three sets of different passwords with a length of eight strings at the same time. The conclusion is that most people will write down their passwords because of this, and put them in a place that users think is safe and convenient. Obviously, this provides a channel for internal and external hackers to intrude.

3. Even if the user has not violated the above two mistakes, it is obvious that the password exists in the form of plain text before being transmitted from the user end to the server. Hackers can intercept passwords through the Internet or any point on the LAN, and then fake users (Replay) to start illegally intruding into the system. Many people think that renting a dedicated line will prevent them from being hacked. Such a notion is wrong. Even the dedicated line is switched through the public switching system, which is more convenient for hackers to invade the system. Because once the dedicated line is established, the route of data flow will not often change. In this way, hackers can concentrate resources and focus on intercepting data flowing on fixed lines.

Furthermore: "Hackers can also intercept unencrypted data in point-to-point transmission and tamper with it", the communication protocol on the Internet is TCP/IP. Before the two computers can transmit data, they must first complete the three-way handshaking (Three-way Handing Shaking) to establish a connection and start transmitting data. This hidden problem, but gives a good opportunity for hackers to invade.

The reasons are as follows:

1. The transmission of the information of both parties is through the public Internet, and the transmitted information exists in the form of plain text. Any computer connected to the Internet can monitor (Sniffing;) the information on the Internet. In this way, personal privacy, property, and corporate business secrets are completely exposed on the Internet, and there is no privacy or confidentiality at all.

2. Sometimes, in order to fully grasp the connection established above and pretend to be the original user to access resources and services on the remote host, hackers will also fake the identity of the host and send back a large amount of useless data for use. Or, in an attempt to paralyze the computing power of the client computer system (Denial of Service; DoS) _0. In this way, the hacker can not only pretend to be the original user identity, but also access the resources and services on the remote host, and arbitrarily publish, tamper with Or delete the data so that the system administrator on the host side cannot detect it. What's more serious is that hackers delete and modify data in such a way that there is no trace, making it difficult for the original user to clear himself up under the condition that the source of the message (user identity) cannot be confirmed.

Furthermore: If a user uses a public computer to access the Internet in a public place, it is connected to the external network (Internet) through the local area network (LAN) inside the public place. On the local area network (LAN), take Ethernet-based IP networks as an example, All data (packets) flow to all PCs in the LAN in the form of broadcasting. Because each PC has a network card (Network Interface Card), it can filter out packets that are not sent to itself. And the hidden problem among them gives another great opportunity for hackers to intrude (interception of data transmitted on LAN).

The reason for this is as follows.-

1. All packets flow to all PCs in the LAN in the form of broadcasting, and exist in the form of plain text. Therefore, anyone connected to the local area network can play the role of a sniffer (Sniffer), and generously peek at other people's information.

2. What's worse, once someone's password is intercepted, it is very likely that someone will log into the system in an illegal way and do some unauthorized things. For example, signing or signing back official documents, changing accounting books, spreading false information, stealing research and development materials and selling them to competitors, or logging into the user's mailbox, intercepting important emails and tampering with email content, etc.

Based on the above, the current security loopholes in network passwords relatively reflect the importance and substantial progress of the present invention, and it is necessary to improve the deficiencies in the existing mail server login method.

Therefore, in view of this, the inventor of the present invention, after concentrating on research and continuous testing and discussion, finally proposed a kind of authentication hardware that is reasonably designed and effectively improves the above-mentioned deficiencies, and is effectively protected and double-authenticated by the security control mechanism. A mail server login security authentication system and method. Contents of the invention

The purpose of the present invention is to solve the existing mail server (Mail Server) login method, which performs password encoding and decoding on the mail server (Mail Server) alone. It is really impossible to ensure that it will not be cracked by hackers. Only password login protection The lack of computer security.

For this reason, the technical scheme provided by the invention is:

A mail server login security authentication method, wherein: there will be a built-in identity verification dark Put an integrated circuit IC (Integrated Circuit) card with an integrated circuit card identification code ICCID (Integrated Circuit Card Identification) and an international verification code global identification code GLN (Global Number) into an IC card reading device (Reader), and install Generally compatible with computer hardware as authentication hardware, the method includes the following steps:

Step a: The user logs in to the mail server (Mail Server) by using the authentication hardware of an IC card and an IC card reader (Reader), enters the information required by the user, and presses the login button (Login);

Step b: Use the embedded program of the IC card to guide the login process to the CA identity authentication server, and transmit the ICCID password built in the IC card to the identity authentication management agency CA (Certification Authority) identity authentication server, and pass the CA identity authentication server The special program of the server is used to determine whether the IC card of the authentication hardware is legal or not, and if it is correct, it will record the number of logins on the CA identity authentication server database, and generate a certificate of successful authentication of the authentication hardware (Server

Result), and return the random random value (Random) generated during the decoding process to the IC card; Step c: After the above steps are correct, the IC card uses the IC card embedded program to obtain the random random value (Random) for decoding Built-in ICCID password, and generate an IC card authentication certificate

(Client Result), and guide its login process to the mail server (Mail Server), and send the ICCID password, IC card authentication by virtue of (Client Result), and user input information to the mail server (Mail Server) , Let the mail server (Mail Server) determine whether the information entered by the user is correct according to its database, and check the validity period (avail date); Step d: After the above steps are correct, the mail server (Mail Server) will accept of

The ICCID password and IC card authentication (Client Result) are sent to the CA identity authentication server for re-decryption to confirm the correctness of the authentication hardware and user information.

An IC card authentication hardware for mail server login security certification, wherein: the IC card has a built-in identity verification code ICCID and an international verification code GLN, the IC card is inserted into an IC card reading device (Reader), and installed Generally compatible with computer hardware, as authentication hardware; the authentication hardware of the device IC card can be a Universal Serial Bus USB (Universal Serial Bus)

Bus ) interface hardware.

Wherein, the authentication hardware of the IC card of the device can be a universal connection terminal PS2 (Public

Switched 2) The hardware of the slot. The authentication hardware of the device IC card can be a hardware with wireless communication.

The authentication hardware of the device IC card can be an IEEE1394 interface hardware.

The authentication hardware of the device IC card can be an IR (infrared) interface hardware.

The authentication hardware of the device IC card can be a flash memory.

The authentication hardware of the device IC card can be a PCMCIA (Personal Memory Card

International Association, Personal Computer Memory Card International Association) interface device.

The authentication hardware of the device IC card can be a keyboard, or a mouse, or a joystick. The authentication hardware of the device IC card can be a Web Cam (network camera).

The main idea of the present invention comes from the fact that the current network security is full of loopholes, and the protection for users to use their private information safely when surfing the Internet is insufficient. Therefore, it is devoted to research and use an IC card to match an authentication hardware, and it is connected with the CA identity authentication server (security control mechanism) ) in order to achieve the five major information security requirements to be met in order to improve the security transmission of electronic data networks, namely:

(1) Confidentiality of information

To ensure that the data information is not peeped or stolen by a third party, in order to protect the privacy of the data transmission data, it can be done through data encryption.

(2) Data integrity (Integrity)

To ensure that the data transmission information has not been tampered with by deliberate persons, to ensure the correctness of the data transmission content, it can be protected by digital signature or data encryption.

(3) Source identification (Authentication)

Confirm the source of the data transmission message to avoid counterfeiting of the data transmission message, which can be prevented by means of digital signature or data encryption.

Sending and receiving messages prevents users from later denying that data transmission has occurred, which can be achieved through digital signatures and public key infrastructure.

(5) Access Control (Access Control)

According to the identity of the user, control the access to data. In addition, according to the identity of the user, the execution authority of the function of the security control module can be determined.

The IC card used in the present invention is mainly burned in the chip in the form of firmware, and has the advantage of large storage capacity, and it is not easy for ordinary people to make and edit by themselves, and it is not easy to be counterfeited and stolen. Its anti-counterfeiting and The function of preventing being cracked is strong, which can effectively prevent the trouble of being maliciously stolen, and with the mutual encryption and decryption and cross-comparison results of the destination mail server (Mail Server) and the CA identity authentication server, it can be more effective. Users roam freely in a safe network environment, and can appreciate the convenience that technology brings to human beings.

In addition, the certification hardware equipped with an IC card and an IC card reading device (Reader) can be generally compatible with a computer USB interface or PS2 slot, or have wireless communication and infrared transmission hardware. It can be used as a storage medium, for example, on a flash memory, instead of making the data only stored in a fixed hard disk, making it more confidential, safe and mobile for data access, and even more widely used in all Compatible peripheral hardware can be used as a basis for legal use, and its hardware presentation method is similar to the use of general access control keys, and its use mode is more acceptable to ordinary users.

Furthermore, another added value of the authentication hardware with the IC card used in the present invention is as a personal private key, which can also protect the stand-alone system when it is not connected to the mail server (Mail Server). If the user uses a public computer For computers shared by many people, such as office computers or school computer classrooms, the present invention can also be used to set the reading authority of personal files, and the unlocking method can only be successfully unlocked through the present invention, which is convenient and safe Moreover, personal data privacy protection is meticulously achieved, and even the use authority of peripheral hardware can be locked to prohibit people without use authority from using it.

Based on the foregoing, the present invention can ensure the security of the user's authentication on the mail server (Mail Server) and avoid the leakage of the user's private information through the protection actions of the above-mentioned encryption, decryption and encoding, and the CA identity authentication server can be more appropriate Provide a more secure and better protected environment for the mail server (Mail Server).

The certificate management operation of this system is all performed by the user connecting to the mail server (Mail Server) through the browser to perform related operations, and then the authentication program sends each request information to the certificate server system. The user's credential confirmation and related functions can be performed very easily, and the Web Server network server-side authentication program system is easy to install, and the IC card matched with the present invention is easy to match with general computer peripheral hardware, and its application range should be extensive.

Compared with the existing general method of logging into the mail server (Mail Server), the present invention uses an IC card to store the user's private authentication data and an identity verification password ICCID, and the The IC card device is generally compatible with the computer's USB interface or PS2 slot, or hardware with wireless communication, as authentication hardware, and an authentication program is installed on the mail server (Mail Server), and the user uses this authentication hardware to log in to the mail In the case of the server (Mail Server), through several encryption, decryption and encoding protection actions to ensure the security of the user's login authentication on the website, and to avoid the leakage of the user's private information, and can be properly used as a mail server (Mail Server) ) to provide a more secure and high-quality protected network environment. Description of drawings

Fig. 1 is a flowchart of steps of the present invention;

FIG. 2 is a schematic diagram of the available hardware of the IC card device used in the present invention;

FIG. 3 is a schematic diagram of the entity process orientation of the present invention;

FIG. 4 is a diagram of an application example of an IC card matched with the present invention;

FIG. 5 is a diagram of an embodiment of the integrated application of the IC card device matched with the PCMCIA interface device in the present invention;

FIG. 6 is a diagram of an integrated application example of the IC card device in the flash memory of the present invention; FIG. 7 is a schematic diagram of the IC card device in the present invention inserted in the flash memory and inserted into the casing of the computer host.

【Description of figure number】

10. Certified hardware

20. CA identity authentication server

30. IC card

40. Certified hardware

50. Certified hardware

60. CA identity authentication server

70. Mail server specific implementation

It should be clearer after further description of the embodiments of the present invention in conjunction with the drawings below. Figure 1 is a flow chart of the steps of the present invention, which includes four main steps _& , b, c, and d, and another correct login process includes five main processes such as step. 1 to step. 5: Step a: The user logs in the mail server (Mail Server) by means of an IC card and an authentication hardware of an IC card reader (Reader), inputs the information required by the user, and presses the login button (Login);

Step b: Use the embedded program of the IC card to guide the login process to the CA identity authentication server, and pass the ICCID password built into the IC card to the CA identity authentication server (step. 1), and pass the CA identity authentication server special The program to determine whether the IC card on the authentication hardware is legal and the audit authority, if it is correct, it will record the number of logins on the CA identity authentication server database, generate a certificate of successful authentication of the authentication hardware (Server Result), and return the decoding process Generated random random value (Random) to the IC card (step. 2);

Step c: After the above steps are correct, the IC card uses the built-in program of the IC card to use the obtained random value (Random) to decode the built-in ICCID password, and generate an IC card authentication (Client Result) ( step. 3 ) , and guide its login process to the mail server (Mail Server), and send the ICCID password, IC card authentication (Client Result), and user input information to the mail server (Mail Server), so that the mail The server (Mail Server) judges whether the information entered by the user is correct according to its database, and inquires about the availability date;

Step d: After the above steps are correct, the mail server (Mail Server) will send the accepted ICCID password and IC card authentication (Client Result) to the CA identity authentication server for decryption again to confirm the authentication hardware and user information Correctness (step. 4).

The above steps are described in detail as follows:

The first step a refers to: the user uses an IC card with an identity verification password ICCID and an international verification code GLN, inserts the IC card into an IC card reader (Reader), and installs it on a computer that is generally compatible. USB interface or PS2 slot or hardware with wireless communication, infrared transmission, etc., as authentication hardware, and use this authentication hardware to log in to the mail server (Mail Server) login mode, and log in its user name (Usemame) and After the password (Password), press the login button (Login).

Step b refers to: After the user enters his user name (Username) and password (Password), first guide his login process to the CA identity authentication server through the embedded program of the IC card. The server performs encryption and decryption actions, first decrypts the value of the ICCID password through a special process, and compares it with the CA identity authentication database. After the EKI corresponding to the ICCID password and authorized (Validate=Y), first decrypts to obtain the KI. And generate a random random value (Random) and store it in the database of the CA identity authentication server with the result encrypted by K1, the result after the encryption is the success of the authentication hardware authentication (Server Result), and can be used to record the The number of times the user uses the i-certification hardware to log in, confirm the legitimacy of the authentication hardware and whether the password ICCID has the authority to log in to the website, and how much authority is granted. After the hardware authentication is passed, the CA identity authentication server The device will send the generated random value (Random) back to the IC card as KEY, which is used for cross-comparison with the CA identity authentication server after the mail server (Mail Server) passes the second-step authentication process; And if the ICCID password built in the IC card on the authentication hardware is not authorized in the comparison result (Validated and the card is not opened), the system will inform the user that the hardware authentication failed, and lose the qualification for customs clearance and login. This is the first step in the certification process.

Step c means: the first step of the authentication process is successful, the general application website server (AP Server) will first receive the KEY value, ICCID password, and user input from the IC card sent by the CA identity authentication server. Name (Username) and the typed password (Password), and then guide its process to the mail server (Mail Server) to compare the user name (Username) and password (Password) are correct, and check the effective use of the user Whether the period has expired. ,

Step d means: if the comparison in step c is correct, then send the KEY value and ICCID password back to the CA identity authentication server for encryption and decryption, first decrypt the value of the ICCID password through a special process, and use it to compare the CA identity The authentication database corresponds to the ICCID password and the authorized (Validated) EKI, and uses the KEY value to decrypt the EKI value, and compares whether it matches the Server Result. If it matches, the second step of authentication is passed. If the user passes the cross After comparing and confirming that the user is a legitimate user, he can pass through the login portal with legal authority, continue to import the next Web Page and clear the Server Result encrypted and decrypted on the CA identity authentication server, so that the next time the user logs in A new Server Result can be generated and temporarily stored. If the comparison results do not match, the mail server (Mail Server) will be notified that the authentication hardware ICCID password is wrong, the authentication fails, and the qualification for customs clearance and login will be lost. This is the second step of the authentication process.

Please refer to FIG. 2 again, which is a schematic diagram of the available hardware installed in the present invention. The IC card 30 is mainly burned into the chip in the form of firmware, and has the advantage of a large storage capacity, and it is not easy for ordinary people to make and edit by themselves, and is not easy to be counterfeited and stolen. It has strong anti-counterfeiting and anti-cracking functions, and can Effectively prevent the trouble of malicious theft, and cooperate with the mutual encryption and decryption and cross-comparison results of the destination mail server (Mail Server) and CA identity authentication server, it can more effectively allow users to roam in a safe network Environment.

And the certification hardware 40 with the IC card 30 can be generally compatible with a computer USB interface or PS2 slot or hardware with wireless communication, and can also be used as a storage medium, such as being mounted on a flash memory, so that It also has the confidentiality and security of data access, and its future development is very wide.

Fig. 3 is a schematic diagram of the physical process guidance of the present invention, which shows the process guidance of the present invention in actual operation. From user login to official login, a total of 8 routes have been passed. Please refer to the diagram. Route 1 is for users to use Authenticating hardware (device IC card) 50 is installed on the computer that wants to receive mails and logs into the mail server (Mail Server) 70 to log in its user data, and the routing 2 window is the Member Login window, after the user enters the Username and Password , press the login key (Login), touch the route 3, the IC card embedded program will first lead its login process to the CA identity authentication server 60 for encryption and decryption, and the route 3 is the authentication process 1 (Winsock) of the present invention In the authentication process (Winsock), the value of the ICCID password is first decrypted through a special process, and compared with the CA identity authentication database, after the EKI corresponding to the ICCID password and authorized (Validated), the KI is decrypted first, And generate a random random value (Random) and store the result encrypted with KI in the database of the CA identity authentication server. The number of times the user has used this authentication hardware to log in, confirm the legitimacy of the authentication hardware and whether the password ICCID has the authority to log in to the website, and how many people have been granted the authority. After the hardware authentication is completed, then touch the router 4, Send the random random value (Random) generated by the CA identity authentication server back to the IC card. When the IC card receives the random random value (Random), the embedded program of the IC card will first decrypt the built-in ICCID password first. A KI value (the Π value here does not verify whether it is authorized and passed authentication hardware, the audit right and comparison right are in the CA identity authentication server), and then use it with the received random random value (Random) Encrypt to generate an IC card authentication (Client Result), which is used for general application website server (Ap Server) When performing the second step of the authentication process, it is used for cross-comparison with the CA identity authentication server; and if the ICCID password set in the IC card on the authentication hardware is not authorized in the comparison result (Validate 2 N card is not opened), then The system will inform the user that the hardware authentication has failed, and the user will lose the qualification for customs clearance and login.

And if the authentication process of the first step is successful, the routing 5 will be triggered, and the process will be directed to the mail server (Mail Server) 70, and the mail server (Mail Server) 70 will first receive the ICCID password and IC on the IX card. Relying on the card authentication (Client Result), the user name (Username) entered by the user and the password (Password) typed in, at this time the mail server (Mai 1 Server) 70 will first compare the user through its own database Name (Username) and password (Password) are correct, and check whether the valid period of use of the user has expired, if the comparison is correct, then touch the route 6 to carry out the authentication process, and pass the ICCID password and IC card authentication (Client Result) is sent back to the CA identity authentication server for cross-comparison, first decrypt the value of the ICCID password through a special process, and use it to compare the CA identity authentication database, find the corresponding ICCID password and pass the authorization (Validate 2 Y) After verifying the success of the authentication hardware authentication (Server Result), compare whether the authentication hardware authentication success (Server Result) is consistent with the IC card authentication (Client Result), if they match, the second step of authentication is passed, and the routing is triggered 7. If the user is determined to be a legal user by crossing the pair, he can pass the login portal with legal use authority, legally send and receive mail through the mail server (Mail Server) 70 and perform the action of accessing mail data, and the CA The Server Result encrypted and decrypted on the identity authentication server is cleared, this is the last step, route 8; and if the comparison result does not match, the mail server (Mail Server) will be notified 70 The authentication hardware ICCID password is wrong, the authentication will fail, lost Qualifications for customs clearance and login.

Fig. 4 is that the present invention utilizes an IC card with a built-in identity verification password ICCID and an international verification-password GLN, and installs the IC card in a generally compatible computer USB interface or PS2 slot or has wireless communication and infrared transmission On other hardware, as an embodiment diagram of the authentication hardware, it can be clearly seen from the small diagram of Embodiment A in the figure that the IC card of the present invention can also be installed on the keyboard (Ke Board) to perform hardware control The purpose of using the authorization, and the IC card embedded program will display a locked keyboard (Key Board) screen on the computer desktop. When the user uses the same computer, after entering the operating system, the keyboard cannot be touched. Only when the user touches the keyboard (Key Board) to lock the screen, an unlock message will pop up for the user to input to unlock Password, if the user does not have access rights, the computer cannot be used; and the small picture of embodiment B is that the IC card of the present invention is installed on the mouse, and similarly, the mouse hardware can also be used to control the access rights. Furthermore, as in the small picture of embodiment C, the IC card of the present invention is installed on the joystick, and in the small picture of embodiment D, the IC card of the present invention is installed on a Web Cam (network camera), both of which can be used for peripheral hardware control The usage of the authority can fully expand the security protection mechanism to the extreme through the application of the embodiment of the present invention.

As shown in FIG. 5, it is a diagram of an integrated application embodiment of the IC card device matched with the PCMCIA interface device of the present invention. Through this embodiment, the application of the present invention can be more compatible and widely implemented.

As shown in Figure 6, the embodiment diagram of the integrated application of the device on the flash memory of the present invention, the present invention is equipped with an IC card on the flash memory, so that the data can only be stored in a fixed hard disk, making it more efficient. The confidentiality, security and mobility of data access bring more convenient needs and convenience.

Another figure 7 is a schematic diagram of the matching IC card device of the present invention inserted into the shell of the computer mainframe in the flash memory, inserting the authentication hardware matching the USB interface of the present invention into the USB slot of the shell of the computer mainframe, and then the All the previous steps.

In summary, the mail server (Mail Server) login security authentication system and method provided by the present invention can replace the existing mail server (Mail Server) login mode, which utilizes an IC card with a built-in identity check The password ICCID and an international verification password GLN, and the IC card is generally compatible with the computer USB interface or PS2 slot, or hardware with wireless communication and infrared transmission, as authentication hardware, when the user uses this authentication When the hardware performs the login action, it goes through several encryption and decryption processes and a cross-comparison system between the destination and authentication server. Can effectively confirm the legitimacy of the user; Moreover, another added value of the authentication hardware using the IC card used in the present invention is that it is like a personal private key, which has the superior function of high protection and high security. It has the characteristics of wide application and high safety, and it is an unprecedented design. It has indeed met the requirements for the application of invention patents. I urge the authorities to review it carefully and grant the patent to benefit the people and the country. I really appreciate it. convenient.

However, the techniques, diagrams, programs or control methods described above are only one of the preferred embodiments of the present invention; Changes, modifications, or identical productions of partial functions should still fall within the scope covered by the patent right of the present invention; however, the scope of implementation of the present invention cannot be limited accordingly.

Claims (10)

1. Claims

   1st, a kind of mail servo accessing safety authentication method, it is characterised in that：The IC-card for being built-in with the international check code GLN of an identification checkup private mark ICCID and one is inserted in an IC-card reading device, and is installed on and is typically compatible on the hardware of computer as certification hardware, the method includes the steps of：Step a:User logins the information logged in needed for mail server, input user using the certification hardware of the IC-card of device one and an IC-card reading device, and by login button；

   Step b:Its login process is directed at CA authentication servomechanisms using IC-card embedded program, and the ICCID private marks built in IC-card are reached into CA authentication servomechanisms, by the special program of CA authentication servomechanisms come the IC-card for judging certification hardware it is whether legal and examination ＆ verification authority, it is correct then record it in CA authentication servomechanism data bank and login number of times, produce a certification hardware identification successfully to rely on, and return random tongue L numerical value produced in decoding process to ic cards；

   Step c:After abovementioned steps are correct, the random random number value of acquirement is used for decoding built-in ICCID private marks by IC-card using IC-card embedded program, and produce relying on for an IC-card certification, and its login process is directed at mail server, and rely on ICCID private marks, IC-card certification, user's input information reaches mail server in the lump, allows mail server to judge whether the information of user's input is correct according to its data bank, and inquire about useful life；

   Step d:After abovementioned steps are correct, the ICCID private marks and relying on for IC card certifications that mail server ^ is received reach CA authentications servomechanism to decrypt the correctness of confirmation certification hardware and user's information again.

   2nd, the IC-card certification hardware of a kind of mail server sign on, secure authentication, it is characterised in that：The IC-card is built-in with the international check code GLN of an identification checkup private mark ICCID and one, and the IC-card is inserted in an IC-card reading device, and is installed on and is typically compatible on the hardware of computer, as certification hardware；The certification hardware of the device IC-card, can be the hardware of a USB interface.

   3rd, the IC-card certification hardware of mail server sign on, secure authentication as claimed in claim 2, it is characterised in that：The certification hardware of the device IC-card, can be the hardware of a PS2 slots.

   4th, the IC-card certification hardware of mail server sign on, secure authentication as claimed in claim 2, it is characterised in that：The certification hardware of the device IC-card, can be a hardware with wireless telecommunications.

   5th, the IC-card certification hardware of mail server sign on, secure authentication as claimed in claim 2, It is characterized in that：The certification hardware of the device IC-card, can be the hardware of an IEEE1394 interfaces.

   6th, the IC-card certification hardware of mail server sign on, secure authentication as claimed in claim 2, it is characterised in that：The certification hardware of the device IC-card, can be the hardware of an IR infrared ray interfaces.

   7th, the IC-card certification hardware of mail server sign on, secure authentication as claimed in claim 2, it is characterised in that：The certification hardware of the device IC-card, can be a flash memory.

   8th, the IC-card certification hardware of mail server sign on, secure authentication as claimed in claim 2, it is characterised in that：The certification hardware of the device IC-card, can be a PCMCIA interfare devices.

   9th, the IC-card certification hardware of mail server sign on, secure authentication as claimed in claim 2, it is characterised in that：The certification hardware of the device IC-card, can be a keyboard or a slide-mouse or a joystick.

   10th, the IC-card certification hardware of mail server sign on, secure authentication as claimed in claim 2, it is characterised in that：The certification hardware of the device IC-card, can be a Web Cam network cameras.