TW201034423A - User authentication technology and system using one-time password composed of a repeatable first password and a non-repeatable password - Google Patents
User authentication technology and system using one-time password composed of a repeatable first password and a non-repeatable password Download PDFInfo
- Publication number
- TW201034423A TW201034423A TW98107668A TW98107668A TW201034423A TW 201034423 A TW201034423 A TW 201034423A TW 98107668 A TW98107668 A TW 98107668A TW 98107668 A TW98107668 A TW 98107668A TW 201034423 A TW201034423 A TW 201034423A
- Authority
- TW
- Taiwan
- Prior art keywords
- computer system
- message
- user
- password
- client device
- Prior art date
Links
- 238000005516 engineering process Methods 0.000 title abstract description 9
- 238000000034 method Methods 0.000 claims abstract description 188
- 238000012795 verification Methods 0.000 claims abstract description 166
- 230000001360 synchronised effect Effects 0.000 claims abstract description 85
- 230000008569 process Effects 0.000 claims abstract description 53
- 230000002085 persistent effect Effects 0.000 claims description 67
- 230000006870 function Effects 0.000 claims description 51
- 230000004044 response Effects 0.000 claims description 47
- 238000012790 confirmation Methods 0.000 claims description 37
- 230000007704 transition Effects 0.000 claims description 9
- 238000012360 testing method Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 5
- 239000000463 material Substances 0.000 claims description 4
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 claims description 2
- 239000010931 gold Substances 0.000 claims description 2
- 229910052737 gold Inorganic materials 0.000 claims description 2
- 238000007747 plating Methods 0.000 claims 1
- 230000014509 gene expression Effects 0.000 description 46
- 230000008859 change Effects 0.000 description 32
- 238000004364 calculation method Methods 0.000 description 17
- 238000004891 communication Methods 0.000 description 14
- 238000013461 design Methods 0.000 description 9
- 230000011218 segmentation Effects 0.000 description 8
- 238000012546 transfer Methods 0.000 description 8
- 230000008901 benefit Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 210000004556 brain Anatomy 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000002688 persistence Effects 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 230000002441 reversible effect Effects 0.000 description 2
- 241000283690 Bos taurus Species 0.000 description 1
- 241000255925 Diptera Species 0.000 description 1
- 208000027418 Wounds and injury Diseases 0.000 description 1
- 206010008129 cerebral palsy Diseases 0.000 description 1
- 230000019771 cognition Effects 0.000 description 1
- 235000021438 curry Nutrition 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 208000014674 injury Diseases 0.000 description 1
- 239000010977 jade Substances 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 239000008267 milk Substances 0.000 description 1
- 210000004080 milk Anatomy 0.000 description 1
- 235000013336 milk Nutrition 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 238000010561 standard procedure Methods 0.000 description 1
- 239000008689 wuhua Substances 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
Description
201034423 六、發明說明: 【發明所屬之技術領域】 本發明所屬的技術領域可歸類於電腦使用者之鑑別方 法、裝置、及系統,特別是與單次通行密碼(one-time password)相關的使用者鑑別(user authentication)技術。 【先前技術】 使用者鑑別(user authentication)是指電腦系統允許或 拒絕使用者登入之過程。目前為一般人所熟悉的是利用通 行密碼(password )的方法,此方法要求使用者在電腦系統 上註冊一個識別名稱(an identifier )及一個相對應的通行 密碼(a corresponding password),之後,當使用者要求登 入時,電腦系統依據使用者輸入的識別名稱及通行密碼是 否與其所註冊者相符來決定允許或拒絕使用者之登入。 在使用者鑑別的技術領域之用語中,「使用者鑑別」在 文獻中也有「使用者認證」的用語。而使用者登入電腦系 統所用的設備或裝置稱為用戶端、使用者端、使用者終端 機、使用者裝置、用戶端裝置、或使用者工作站等等;被 登入的電腦系統常被稱為電腦端、伺服器、伺服器端、伺 服系統、系統工作站、電腦系統、或系統端等等,也簡稱 系統。另外,「使用者識別名稱(user identifier )」亦見採用 「個人識別碼(Personal Identification Number,簡稱 PIN) 」的用語。 在利用通行密碼的使用者鑑別中,系統端不會以未加 密處理的原文形式(plaintext form)來記錄使用者所註冊的 201034423 另記錄的是通行密碼經過特定的運算式之轉 系統時,用值。當使用者想要從用戶端裝置登入電腦 '、、 戶端裝置可以用同樣的運算式轉換使用者 的通行密碼。 、将俠1更用者輸入 被選定作為轉換通行密碼的運算式必須要具備下列三 =性·⑴給定-個輸入值,要計算此運算式之輸出值 /易的’(2)給定一個輸出值’要找到一個輸入值使其 經過此運算式計算後之輸出值等於該給定的輸出值是非 難的及(3)抗碰撞(collision resistance)的特性,© '、〜、義是扣要找到兩個不相同的輸入值來使得此運算式輸 出相同之結果是非常困難的。如此才不會發生兩個不同的 通行密碼轉換為同一數值的情形,而轉換所得的數值也才 不會透露有關猜測通行密碼的線索。目前有許多已公開的 運算式符合這些條件,包括單向雜湊函數(Qneway ^ function)’或稱為「安全雜凑函數(似⑽functi〇n)」 ’簡稱為雜凑函數,如MD5、SHA_256、SHA 384和SHA_ 512等等。雜凑函數的輸出值也稱為雜凑值(。© 上述的利用通行密碼之使用者鑑別已實作於早期的 UNIX系統,但此種系統無法防止「重送攻擊」( attack ),即攻擊者可以錄下用戶端送出的訊息,之後再重 複利用相同的訊息便可登入電腦系統。為了防止這一類的 攻擊’可以採用「挑戰與回應(challenge and response)」 的程序,說明如下。 假設使用者在系統端的持久性記憶媒體上記錄的是一 201034423 個使用者識別名稱以及從他的通行密碼經_201034423 VI. Description of the Invention: [Technical Field] The technical field to which the present invention pertains can be classified into a computer user identification method, apparatus, and system, particularly related to a one-time password. User authentication technology. [Prior Art] User authentication refers to the process by which a computer system allows or denies a user to log in. Currently familiar to the general public is the use of a password method, which requires the user to register an identifier (a identifier) and a corresponding password (a corresponding password) on the computer system, and then, when used When the user requests to log in, the computer system determines whether to allow or deny the user's login according to whether the identification name entered by the user and the password are consistent with the registered person. In the terminology of the technical field of user authentication, "user authentication" also has the term "user authentication" in the literature. The device or device used by the user to log into the computer system is called a user terminal, a user terminal, a user terminal device, a user device, a client device, or a user workstation, etc.; the computer system being logged in is often referred to as a computer. Terminal, server, server, servo system, system workstation, computer system, or system side, etc., also referred to as the system. In addition, the "user identifier" also refers to the term "personal identification number (PIN)". In the user authentication using the passphrase, the system side does not record the user-registered 201034423 in plaintext form without encryption. The other record is that the passphrase is passed through a specific arithmetic transfer system. value. When the user wants to log in to the computer from the client device, the client device can convert the user's password with the same algorithm. The input of the Xia 1 user input is selected as the conversion pass password must have the following three = (1) given - one input value, to calculate the output value of this expression / easy '(2) given An output value 'to find an input value such that the output value calculated by this expression is equal to the given output value is not difficult and (3) collision resistance characteristics, © ', ~, meaning is It is very difficult to find two different input values to make this expression output the same result. This will not happen if two different passcodes are converted to the same value, and the converted value will not reveal clues about guessing the passphrase. There are many published expressions that meet these conditions, including the one-way hash function (Qneway ^ function) or the "safe hash function (like (10) functi〇n)", which is simply referred to as a hash function, such as MD5, SHA_256, SHA 384 and SHA_ 512 and so on. The output value of the hash function is also called the hash value. (© The above-mentioned user authentication using the passphrase has been implemented on the early UNIX system, but such a system cannot prevent the "re-attack" attack. You can record the message sent by the client, and then use the same message to log in to the computer system. To prevent this type of attack, you can use the "challenge and response" procedure as explained below. Recorded on the system-side persistent memory media is a 201034423 user identification name and from his passphrase _
數”後所得到的一個雜凑值。所謂「挑戰與回應= f疋和由系統端利用—個亂數值來產生_則挑戰訊息並要 求用戶端能夠利用此一挑戰訊息及正確通行密碼輸入 生正確的回應訊息,典型的步驟如下:使用者在用户端裝 置輸入他的通行密碼,經過與系統端約定使用的單向雜凑 函數計算得到一個雜凑值’向電腦系統提出一則請求登入 之訊息;電腦系統產生一個隨機亂數(rand〇m咖Μ並 傳遞到用戶端裝置作為-則挑戰訊息;用戶端裝置接收到 此挑戰訊息後,利用計算所得的雜湊值作為_把加密金鑰 將接收到的挑戰訊息加密’加密後的訊息成為一則回應訊 息,並連同-個使用者識別名稱傳回電腦系統;電腦系統 接收到回應訊息後,利用接收的使用者識別名稱為索引, 由持久性記憶媒體上讀出所記錄的一個雜湊值作為一把解 密金鑰,將接收的回應訊息解密;若解密所得的結果和電 腦系統產生的挑戰訊息相符,則允許使用者之登入反之 ’則拒絕使用者之登入。 在此程序中,系統端所記錄的雜湊值,也稱為「驗證 值(verifier 或 verification value)」。 即使結合了「挑戰與回應」的程序,使用者的通行密 碼仍然可能被破解。攻擊者可用來破解通行密碼的方法包 括字典攻擊(dictionary attack)、猜測攻擊(guessing )、利用木馬(Trojan horses)程式來偷聽或側錄的攻擊等 等。因此,在資訊安全的技術領域中已揭露了多種技術來 201034423 克服以上的弱點;主要的技術可以分為三大類:(1)利用 使用者生物特徵之鑑別,(2 )以公開金鑰驗證使用者數位 簽章之鑑別,及(3 )單次通行密碼之鑑別。 所謂「單次通行密碼」,其英文用語為One-Time Password,也有稱為 〇ne_Time Passc〇de 者’簡稱為 OTP ’ 其意義與一般人所認知的通行密碼(Password)有所不同。 一般人所認知的通行密碼通常是使用者自已決定的密碼, 有其使用者認知上的意義,且使用者一般都會使用一段時 間後再予更換,並不限於單次使用。而「單次通行密碼」 主要在強調通行密碼僅限於單次使用之特性。 通行密碼僅限於單次使用的概念首見於1981年Leslie Lamport 發表的 “ Password Authentication with Insecure Communication”論文,其内容中說明,若通行密碼僅限於 單次使用,則必須具備無法推論下一次及之後使用者登入 時所用的通行密碼之特性,並且已使用過的通行密碼在之 後使用者登入時都會被驗證為不正確。 假設X,、X2.....XN代表N個依序使用的單次通行密 碼,Y!、Y2.....ΥΝ代表依序對應單次通行密碼的系統端 驗證值,若j是不等於i的正整數,則Xj與Xi不應該相同 ,且若k是小於i的正整數,則從Xk來推導Xi應該是非常 困難的,而且由Yi來推導Xi也應該是非常困難的。在此, i、j、k都是大於或等於1且小於或等於N的正整數。 若要求使用者將一連串的單次通行密碼依序記住,明 顯有其困難,且電腦系統若必須記錄多個驗證值也不是好 201034423 式LamP〇rt在其論文中提出的方法可讓使用者只須記 隐個通行密碼來計算一系列的單次通行密碼,而電腦系 ^ 須记錄一個系統端驗證值。此一方法的核心在於利 用單向雜湊函數來計算一系列的單次通行密碼及對應的一 =列系統端驗證值,說明如下。(註:Lamp(m的論文用的 疋單向函數,另外要求其函數的輸出值不可以重複;換言 月j文所疋義的單向雜湊函數可以滿足其條件。) 假設F為一單向雜凑函數’並假設pwd是使用者自行 選擇的-個通行密瑪,N是一個正整數,例如n=i_,則 famport所定義的單次通行密碼依序是ρΝ、卜句、pN_ i ••’ F(Pwd)、Pwd,而系統端所對應的驗證值依序 是 FN(Pwd)、FN-1(Pwd)、、F2(pwd)、Fl(pwd)。當使用者 第1人登入時(1==1,或2’.'或N),用戶端裝置接收使用 者N的通行密碼Pwd來計算第i次使用的通行密碼又,即 FNl(Pwd),連同—個使用者識別名稱傳送給電腦系統;電腦 系統則利用所接收的使用者識別名稱為索引,由持久性記 隐媒體上讀出對應的驗證值Yi,此時Yi=FN.i+1(Pwd),而後 電腦系統利用所接㈣單次通行密瑪作為輪人來執行單向 雜湊函數之計算-次,並比對計算所得之結果與讀出之驗 證,是否相等’若相等則允許使用者之登人,並以所接收 的早次通行密碼替換系統端之驗證值,若不相等則拒絕使 用者之登入。A hash value obtained after the number. The so-called "challenge and response = f疋 and the system side use - a random number to generate _" challenge message and require the client to use this challenge message and correct password entry The correct response message, the typical steps are as follows: the user enters his password in the user device, and calculates a hash value by a one-way hash function agreed with the system to send a message requesting login to the computer system. The computer system generates a random random number (rand〇m curry and passes it to the client device as a - challenge message; after receiving the challenge message, the client device uses the calculated hash value as _ to receive the encryption key The challenge message is encrypted. The encrypted message becomes a response message and is sent back to the computer system along with the user identification name. After receiving the response message, the computer system uses the received user identification name as the index, and the persistent memory. The media reads out a recorded hash value as a decryption key, and decrypts the received response message; If the result of the decryption matches the challenge message generated by the computer system, the user is allowed to log in instead the user's login is rejected. In this program, the hash value recorded on the system side is also called the verification value (verifier or Verification value)". Even if the "challenge and response" procedure is combined, the user's password can still be cracked. The methods that attackers can use to crack passwords include dictionary attack, guessing, and exploitation. Trojan horses programs to eavesdrop or side-by-side attacks, etc. Therefore, various techniques have been exposed in the field of information security to overcome the above weaknesses in 201034423; the main technologies can be divided into three categories: (1) Using the identification of the user's biometrics, (2) verifying the identification of the user's digital signature with the public key, and (3) identifying the single passphrase. The so-called "single pass password" is the English term for One-Time. Password, also known as 〇ne_Time Passc〇de 'abbreviated as OTP', its meaning and the password recognized by the average person (Password) is different. The password that the average person knows is usually the password determined by the user. It has the meaning of the user's cognition, and the user usually uses it for a period of time and then replaces it. It is not limited to single use. The “single pass password” is mainly to emphasize that the passcode is limited to single use. The concept of passcode limited to single use is first seen in the “Password Authentication with Insecure Communication” paper published by Leslie Lamport in 1981. Note that if the passcode is limited to single use, you must have the ability to pass the password for the next and subsequent user logins, and the used passphrase will be verified as incorrect after the user logs in. . Suppose X, X2.....XN represents N sequential pass passwords, Y!, Y2.....ΥΝ represents the system-side verification value of the single pass password in sequence, if j is If a positive integer is not equal to i, then Xj and Xi should not be the same, and if k is a positive integer less than i, it should be very difficult to derive Xi from Xk, and it should be very difficult to derive Xi from Yi. Here, i, j, and k are all positive integers greater than or equal to 1 and less than or equal to N. If the user is required to remember a series of single pass passwords in sequence, it is obviously difficult, and if the computer system has to record multiple verification values, it is not good. 201034423 The method proposed by LamP〇rt in its paper can make the user Just remember to pass a password to calculate a series of single pass passwords, and the computer system must record a system-side verification value. The core of this method is to use a one-way hash function to calculate a series of single pass passwords and a corresponding one column system side verification value, as explained below. (Note: Lamp (the paper uses a one-way function, in addition to the output value of its function can not be repeated; in other words, the one-way hash function derogated from the month j text can satisfy its condition.) Suppose F is a one-way The hash function 'and assumes that pwd is the user-selected - a pass gamma, N is a positive integer, such as n = i_, then the single pass password defined by famport is ρΝ, 句句, pN_ i • • 'F(Pwd), Pwd, and the verification values corresponding to the system side are FN(Pwd), FN-1(Pwd), F2(pwd), Fl(pwd). When the user logs in as the first person When (1==1, or 2'.' or N), the client device receives the passphrase Pwd of the user N to calculate the passcode for the i-th use, that is, FN1 (Pwd), together with a user identification. The name is transmitted to the computer system; the computer system uses the received user identification name as an index, and the corresponding verification value Yi is read from the persistent recording medium, at this time Yi=FN.i+1 (Pwd), and then the computer The system uses the connected (four) single pass Mima as the wheel to perform the calculation of the one-way hash function-time, and compares the calculated result with the reading. The verification, are equal 'equal, if the board allow a user person to access and verify the value of the password system side views Alternatively received earlier, if not equal, so that refuse to sign the wearer.
Lamport在其論文中進一步說明其方法具有一個堅固( robust)的特性,詩處理用戶端㈣統料时的狀態。 201034423 假設用戶端傳送給系統端的單次通行密碼為第j次使用之密 碼Xj,而系統端用於驗證的驗證值為第k次的驗證值Yk, 當用戶端與系統端同步時,則j=k,若因通訊失敗或系統端 當機等因素則可能造成用戶端與系統端不同步,此時j妾k ;若 j>k 則 Fj-k+1(Xj)=Yk,若 j<k 則 ,故可以利 用此二等式來檢查出這種不同步的情況。若檢查出這種不 同步的狀況,則可令系統端跳過若干未使用的驗證值或令 用戶端跳過若干未使用的單次通行密碼,以達到同步的狀 況。Lamport further stated in his paper that the method has a robust feature, and the poem handles the state of the user (4). 201034423 Assume that the single pass password transmitted by the client to the system is the password Xj used for the jth, and the verification value used for verification by the system is the kth verification value Yk. When the client synchronizes with the system, then j =k, if the communication fails or the system is down, the user and the system may not be synchronized, at this time j妾k; if j>k then Fj-k+1(Xj)=Yk, if j< k, so you can use this two-element to check for this out-of-synchronization. If this out-of-sync condition is checked, the system can skip the number of unused verification values or cause the client to skip several unused one-pass passwords to achieve synchronization.
Neil M. Haller以Lamport的方法為設計基礎,發展了 一個單次通行密碼的使用者鑑別系統,稱為S/Key。此系統 被實作於UNIX系統環境,且被定義為RFC 1760 (標題為 The S/KEY One-Time Password System)及 RFC 2289 (標題 為A One-Time Password System)之系統規格,也可參閱 Haller 於 1994 年發表的論文 “ The S/KEY One-Time Password System” 。 S/Key進一步擴充了 Lamport的方法,容許使用者自主 性地選擇他的通行密碼來產生不同系列的單次通行密碼, 而每一系列的單次通行密碼分別用於登入一部電腦系統, 說明如下。 假設一位使用者可以使用多部電腦系統,他自主性選 擇的通行密碼以符號Pwd來表示,這是只有他自已知道的 秘密,而每一部他可以使用的電腦系統產生並儲存一個種 子(seed ),則他用於登入此部電腦系統的一系列單次通行 201034423 密碼為 FN-】(C(Pwd,seed))、FN-2(c(pwd,se_.....Based on the Lamport approach, Neil M. Haller developed a single pass password user authentication system called S/Key. This system is implemented in a UNIX system environment and is defined as the system specification for RFC 1760 (titled The S/KEY One-Time Password System) and RFC 2289 (titled A One-Time Password System). See also Haller. The paper "The S/KEY One-Time Password System" published in 1994. S/Key further expands Lamport's approach by allowing users to choose their passphrase autonomously to generate different series of single passphrases, and each pass of a single passphrase is used to log into a computer system, indicating as follows. Suppose a user can use multiple computer systems. His autonomously selected passphrase is represented by the symbol Pwd. This is the secret that only he knows, and each computer system he can use generates and stores a seed ( Seed ), then he used to log in to this computer system a series of single pass 201034423 password is FN-] (C (Pwd, seed)), FN-2 (c (pwd, se_.....
FkdVd,seed))、c(Pwd,seed);在此的f是一個單向雜凑 函數,N是-個適當的正整數,@ c t组合通行密碼與種 子的個函數。S/Key並沒有在用戶端記錄這一系列的單次 通灯密碼’而是當使用者登入時由使用者提供的W來計 算該次登入所須的單次通行密碼,其範例步驟說明如下: 當該使用者登入該部電腦系統時,利用一用戶端裝置傳送 ❿ 錢用者識別名稱給該部電腦系統,並接收該部電腦系統 回傳的N、i及seed,以計算單次通行密碼#卿叫 ㈣)),傳送給該部電腦系統;而該部電腦系統接收到該單 次通行密碼時,以所接收的單次通行密碼作為輸入來執行 单向雜凑函數之計算一次’並比對計算所得之結果與系統 端驗證值Fn-…(c(Pwd,㈣))是否相等若相等則允許使用 者之登入,並以所接收的單次通行密碼替換系統端之驗證 值,也以i+Ι更新系統端記錄的正整數;,若不相等則拒絕 p 使用者之登入。 上述的範例步驟中,seed儲存於電腦系統端在使用 者請求登入時傳送到用戶端,這饱值在不同的電腦系統並 不N須要相同’且沒有必要保持機密,因為單次通行密碼 F〜(C(Pwd,seed))之計算還需要只有該使用者才知道的通 行密碼Pwd; N與i也儲存於系統端為佳,N是—個事先選 擇的正整數,但不同的電腦系統可以有不同的N值,而i 在使用者每次登人之後會被更新,不㈣電腦“在同一 時間可能有不同的i值。當更新後的i值為_時,表示該 201034423 一系列單次通行密碼已經完全使用過,必須有一套程序來 重新開始。此程序在S/Key中已實作為keyinit之指令,此 指令命令電腦系統產生並儲存一個新的種子seed傳送給用 戶端裝置,命令用戶端裝置計算FN(c(Pwd,seed))傳送給系 統端,並命令系統端以所接收到的FN(c(pwd,seed))作為初 始驗證值,及重新設定其所記錄的正整數i為!。keyinit指 令同時有另一功能,就是允許使用者變更通行密碼Pwd。FkdVd, seed)), c(Pwd, seed); where f is a one-way hash function, N is a suitable positive integer, and @c t combines a passphrase with a seed function. S/Key does not record this series of single pass-through passwords on the user side. Instead, the user-provided W is used to calculate the single pass-through password required for the login. The sample steps are as follows: : When the user logs into the computer system, the user device is used to transmit the user identification name to the computer system, and the N, i and seed returned by the computer system are received to calculate a single pass. The password #卿叫(四)))) is transmitted to the computer system of the department; and when the computer system receives the single pass password, the calculation of the one-way hash function is performed once with the received single pass password as input. And comparing the calculated result with the system-side verification value Fn-...(c(Pwd, (4))), if equal, the user is allowed to log in, and the verification value of the system end is replaced by the received one-pass password. The positive integer recorded on the system side is also updated by i+Ι; if not equal, the login of the p user is rejected. In the above example steps, the seed is stored on the computer system and transmitted to the client when the user requests login. This is not the same in different computer systems. It is not necessary to keep the secret because the single pass password F~ (C(Pwd, seed)) The calculation also requires the passphrase Pwd that only the user knows; N and i are also stored on the system side, N is a pre-selected positive integer, but different computer systems can There are different values of N, and i will be updated every time the user logs in. No (4) the computer may have different i values at the same time. When the updated i value is _, it means the 201034423 series The passphrase password has been completely used, and there must be a program to restart. This program has been used as a keyinit command in the S/Key. This command instructs the computer system to generate and store a new seed seed for transmission to the client device. The client device calculates FN(c(Pwd, seed) to transmit to the system, and commands the system to use the received FN(c(pwd, seed) as the initial verification value, and resets the recorded positive integer. i is .keyinit instruction while another function is to allow users to change the access code Pwd.
在Lamport的方法及Haller等人實作的S/Key系統中 ,已有檢驗用戶端與系統端是否同步的機制,用戶端與系 統端同步的意思,就是說,用戶端用到第1〇〇個單次通行 密碼,系統端就用到第100個驗證值來驗證,依此類推。In the method of Lamport and the S/Key system implemented by Haller et al., there is a mechanism for checking whether the client and the system are synchronized, and the meaning of the synchronization between the client and the system, that is, the user uses the first one. A single pass password, the system side uses the 100th verification value to verify, and so on.
Lamport方法中的同步化機制有其複雜性,說明如下。The synchronization mechanism in the Lamport method has its complexity, as explained below.
假設用戶端傳送給系統端的單次通行密碼為第j次使月 之密碼Xj,而系統端用於驗證的驗證值為第k次的驗證仓 Yk ’若因通訊失敗或系統端當機等因素造成用戶端與系勒 端不同步,此時>k,即j可能大於或小於k;此時,必爲 以Xj為輸入來執行單向雜凑函數之連續計算,直到單向斜 湊函數之輸出得到與系統端驗證值相等的結果,若如此貝, β 此不同步的現象為j>k,並依據單向雜凑函數連續 算之人數決疋』與k的差距’以令系統端跳過若干次未 使用的驗證值來達成同步化。也有可能,—直執行單向雜 凑函數之4算Ν·1次仍得不到與%相等的輸出值,此時, 〇 k為輸入來再次執行單向雜湊函數之連續計算,直到 單向雜凑函數之輸出得到與&相等的結果若如此則可確 10 201034423 〜此不同步的現象為j<k,並依據單向雜湊函數連續計算 之人數,決定k與j的差距,以令用戶端跳過若干未使用的 單次通行密碼。 上述的檢驗過程中,系統端可能必須執行單向雜湊函 數之連續計算若干次,連續計算的次數與N有關。明顯地 ,系統端無法確定單向雜湊函數連續計算的次數,而且, 果N值太小,使用者必須經常變更通行密碼pwcj,否則 φ 人通行密碼在較短的時間内即可能被重覆使用而喪失單 人使用之意義,如果N值太大,則檢驗不同步所需之計算 會趨於繁複。因此存在發展新的單次通行密碼之使用者鑑 別技術之需要,以簡化用戶端與系統端不同步之檢驗並使 同步化之過程更有效率。 在單次通行密碼的技術領域中,RSA Security&司的系 統是另一具代表性的系統,其用戶端與系統端同步化的達 成來自於時間的利用。此系統利用用戶端時鐘的時間來產 e ±單次通行密碼’而在系統端,是利用系統端接收到用戶 端傳來的單次通行密碼時之系統端時鐘的時間來產生對應 的驗證值。假設用戶端時鐘與系統端時鐘的時間同步,並 假設傳輸之時間為零,則系統端產生的驗證值會與用戶端 產生的單次通行密碼相同,也就是用戶端與系統端在使用 者鑑別系統的運作過程中同步之意;但是兩個時鐘在運轉 一段時間之後’有可能會發生超前或落後的現象,而且傳 輸的時間雖然極短也不會是零,RSA公司之系統的精神在 於創造一特殊之技巧以允許前述兩個時間在合理的差異範 11 201034423 圍内系統端仍可接受用戶端所產生之單次通行密碼。此— 技巧,說明如下。 此系統設定用戶端每隔一小段時間產生一個新的單次 通行密碼’此時間間隔可假設為1分鐘,而在系統端,則 设定一有效的時間區間,例如超前2分鐘及落後2分鐘, 為合理的時間差異範圍;當系統端接收到用戶端所傳來的 單次通行密碼時,根據系統端時鐘當時的時間及前後各2 分鐘範圍内的時間可以計算出5個驗證值,若此5個驗證 值中有一個與接收到的單次通行密碼相符,則允許使用者❿ 之登入,反之則拒絕使用者之登入。當系統端允許使用者 之登入時,系統端時鐘與用戶端時鐘之時間差異將被記錄 於系統端’料下一次使用者登入時調整系統端時間範圍 之中間值的依據。 RSA公司之0TP系統,在用戶端與系統端同步的技巧 上更進一步考慮到使用者長使時間不曾登入系統的情況, 在此情況系統端允許的時間範圍可以拉長,例如前後各ι〇 为鐘,也就是說系統端提供了 21個驗證值來比對,若21 _ 個驗證值中沒有任何-個與接收到的單次通行密碼相符, 則拒絕使用者之登人’若有—個相符,則要求用戶端再一 次提供單次通行密碼來作第二次的比對,如第二次比對成 功則允許使用者之登入,並調整所記錄的時間差異,反之 則拒絕使用者之登入。 * 在OTP的技術領域中,用戶端與系統端之同步是必要-的。在著名的OTP技術中,如Lamp〇rt的方法及其延伸的 12 201034423 系統,以及RSA公司的系統,都提出了可行的同步化技巧 ;然而,這些技巧實在有其複雜度’故存在發明新的〇τρ 技術之需要。 本發明提出新的OTP技術,其目的在於創造更簡單的 同步化技巧。本發明之基礎源自一特定的使用者鑑別方法 ,該方法揭露於中華民國專利第Π93529號:「藉由連結隨 機產生的鑑別秘密與個人化秘密的使用者鑑別方法及儲存 媒體」。下文將描述此中華民國專利所揭露的方法。 此方法的核心概念在於利用一個強秘密(str〇ng secret )來取代挑戰與回應過程中所使用的通行密碼(passw〇rd) 。一般人所選擇的通行密碼被認為是弱秘密(weak 8沉代〇 ,因為它可能被猜測攻擊或字典攻擊所破解,而位元長度 足夠的亂數就非常困難被猜測了,所以可以視為強秘密。 此方法以一個亂數的雜湊值取代通行密碼的雜湊值作為系 統端所用的驗證值,而在用戶端則由使用者所輸入的通行 B 冑碼和預存的-㈣戶端秘密來計算出該亂數,其使用情 境如同傳統的通行密碼系統;至於使用者登入電腦系統時 ’用戶端與系統端的通訊機制也與挑戰與回應之過程相同 。進一步說明如下。 在初始程序中’使用者利用用戶端農置來產生一個隨 機亂數( rand〇m )作為鐘別秘密(authentication secret),並在電腦系統端的持久性記憶媒體儲存此鑑別秘密 的雜湊值;鐘別秘密及其雜凑值不會被儲存在用戶端,而 疋將鑑別秘密分成兩個部份:「用戶端秘密(user-side secret 13 201034423 )」及使用者自主性選擇的 通行密碼」,其中的「用戶 每」’具中的「用戶端Assume that the single pass password transmitted by the client to the system is the password Xj of the jth month, and the verification value used by the system for verification is the kth verification bin Yk 'If the communication fails or the system is down, etc. The user terminal and the system end are not synchronized. At this time, >k, that is, j may be greater than or less than k; at this time, the continuous calculation of the one-way hash function must be performed with Xj as the input until the one-way oblique function The output is equal to the system-side verification value. If so, the β-synchronization phenomenon is j>k, and the number of consecutive calculations based on the one-way hash function is determined by the difference between the number of k and the k. Skip several unused verification values to achieve synchronization. It is also possible that - the straightforward execution of the one-way hash function of the four calculations - one time still does not get the output value equal to %, in this case, 〇k is the input to perform the continuous calculation of the one-way hash function again, until one-way The output of the hash function is equal to the result of & if so, then 10 201034423 ~ This phenomenon of non-synchronization is j<k, and the number of consecutive calculations based on the one-way hash function determines the difference between k and j. The client skips a number of unused one-pass passwords. During the above verification process, the system side may have to perform a continuous calculation of the one-way hash function several times, and the number of consecutive calculations is related to N. Obviously, the system side cannot determine the number of consecutive calculations of the one-way hash function, and if the value of N is too small, the user must change the password pwcj frequently, otherwise the password of the user may be repeated in a short period of time. The loss of the meaning of single use, if the value of N is too large, the calculations required to test the out of sync will tend to be complicated. Therefore, there is a need to develop a new one-pass password user authentication technique to simplify the verification of the synchronization between the client and the system and to make the synchronization process more efficient. In the technical field of single pass passwords, the RSA Security&S system is another representative system, and the synchronization of the client and system side is derived from the use of time. This system uses the time of the client clock to generate the e ± single pass password', and on the system side, it uses the time of the system side clock when the system receives the single pass password transmitted from the client to generate the corresponding verification value. . Assume that the time between the client clock and the system clock is synchronized, and that the transmission time is zero, the verification value generated by the system will be the same as the one-pass password generated by the user, that is, the user and the system are authenticated by the user. Synchronization in the operation of the system; but after two clocks are running for a period of time, there may be a phenomenon of lead or backwardness, and the transmission time is extremely short and will not be zero. The spirit of RSA's system lies in creating A special technique to allow the aforementioned two times to be within a reasonable difference. The system end of the system still accepts the single pass password generated by the client. This - tips, as explained below. This system sets the client to generate a new one-pass password every short period of time. 'This interval can be assumed to be 1 minute. On the system side, set a valid time interval, such as 2 minutes ahead and 2 minutes behind. For a reasonable time difference range; when the system receives a single passphrase from the client, five verification values can be calculated according to the time of the system clock and the time in the range of 2 minutes before and after. One of the five verification values matches the received one-pass password, allowing the user to log in, otherwise the user is denied login. When the system allows the user to log in, the time difference between the system-side clock and the client-side clock will be recorded on the basis of the system-side adjustment of the median time range of the system-side time range. RSA's 0TP system further considers the user's long-term synchronization time, so that the time allowed by the system can be lengthened. For example, the time range of the system can be extended. Clock, that is to say, the system provides 21 verification values for comparison. If none of the 21 _ verification values match the received one-pass password, the user's login is rejected. If the match is met, the client is required to provide a single pass password for the second comparison. If the second match is successful, the user is allowed to log in and adjust the recorded time difference. Otherwise, the user is rejected. Sign in. * In the technical field of OTP, synchronization between the client and the system is necessary. In the well-known OTP technology, such as the Lamp〇rt method and its extended 12 201034423 system, as well as the RSA system, feasible synchronization techniques have been proposed; however, these techniques have their complexity. The need for 〇τρ technology. The present invention proposes a new OTP technology whose purpose is to create simpler synchronization techniques. The basis of the present invention is derived from a specific user authentication method disclosed in the Republic of China Patent No. Π93529: "User authentication method and storage medium for linking secrets and personalized secrets generated by random machines". The method disclosed in this Republic of China patent will be described below. The core concept of this method is to use a strong secret (str〇ng secret) to replace the passphrase (passw〇rd) used in the challenge and response process. The password chosen by the average person is considered to be a weak secret (weak 8 is because it may be cracked by a guessing attack or a dictionary attack, and a random number with a sufficient bit length is very difficult to be guessed, so it can be considered strong Secret. This method replaces the hash value of the passphrase with the hash value of the random number as the verification value used by the system, and the user terminal calculates the pass B code entered by the user and the pre-stored (4) account secret. The random number is used in the same way as the traditional password system; as for the user's login to the computer system, the communication mechanism between the client and the system is the same as the challenge and response process. Further explanation is as follows. In the initial procedure, the user Use the user-side farm to generate a random number (rand〇m) as the authentication secret, and store the hash value of the secret in the persistent memory of the computer system; the secret and its hash value It will not be stored on the client side, and the authentication secret will be divided into two parts: "User-side secret (user-side secret 13 201034) 423)" and the user-selected passphrase", where the "users" have "users"
雜湊值與電腦系統儲存的雜湊值相同,則允許使用者之登 反之則拒絕使用者之登入 。在此’兩個雜湊值相等之 判斷係利用挑戰與回應之程序來執行。 ^ 前段文字之概念係假設有一部電腦系統’而該部電腦 系統有多位使用者,並假設每一位使用者可以有他的使用 者裝置,也可以有他的通行密碼及他的用戶端秘密;而在 該電腦系統端,除了儲存每一位使用者之鑑別秘密的雜湊 值之外,也對應地儲存了每一位使用者的一個識別名稱, 換言之,系統端的持久性記憶媒體有一個檔案或資料庫儲 存了多個成對的使用者識別名稱及雜凑值。 圖1A及1B是此方法的初始程序及使用者登入電腦系 〇 統之程序的實施例流程圖。初始程序也就是使用者向電腦 系統註冊的程序。 參考圖1A。 在步驟1110中,使用者裝置接收一個使用者識別名稱 1102及一個通行密碼1104; 在步驟1120中,該使用者裝置產生一個隨機亂數作為 鑑別秘密; 14 201034423 在步驟1130中,該使用者裝置計算該鑑別秘密的雜湊 值; 1102在步驟Μ0巾’該使用者裝置將該使用者識別名稱 及计算所得的雜凑值傳送給該部電腦系統; 在步驟1150中,該部電腦系統將接收到的雜湊值與使 識別名稱1102儲存於其可讀取的持久性記憶媒體丨J 〇9 φ 在步驟1160中,該部電腦系統傳送一則確認訊息給該 使用者裝置; 在步驟1170中,該使用者裝置在接收到該部電腦系統 所傳送的確認訊息之後,利用該使用者輸人的通行密碼 1104及步驟1120中所產生的鑑別秘密作為一分割運算式的 兩項輸入來計算一個用戶端秘密,Λ一運算表示為:用戶 端秘密=分割運算式(通行密碼,鑑別秘密); 在步驟1180中,該使用者裝置將計算所得的用戶端秘 〇 密1108儲存於其可讀取的一持久性記憶媒體11〇6中。 註冊程序之步驟1180的持久性記憶媒體可以是使用者 提供的可攜式持久性記憶媒體,例如USB隨身碟,以儲存 他的用戶端秘密。如此,使用者可以攜帶其記憶媒體到另 一台使用者裝置來請求登入該部電腦系統;在此,假設該 台使用者裝置已經安裝執行此一使用者鑑別方法所需的運 算式’或者可以透過Web介面來執行這些運算式。 位使用者利用一台使用者裝置登入一部電腦系統的 程序包括如圖1B所示之步驟,說明如下。 15 201034423 在步驟1205中,該使用者裝置接收一個使用者識別名 稱之輸入1202與一個通行密碼之輸入12〇4 ; 在步驟1210中,該使用者裝置讀取一持久性記憶媒體 1206上的用戶端秘密12〇8 ; 在步驟1215中,該使用者裝置以接收到的通行密碼之 輸入1204及讀取到的用戶端秘密12〇8作為一回復運算式 的兩項輸入來計算出一個數值,此一運算表示為:該數值 —回復運算式(通行密碼之輸入,用戶端秘密); 在步驟1220中,該使用者裝置計算該數值的一個雜湊@ 值; 在步驟1225中,該使用者裝置傳送一則請求登入之訊 息給該部電腦系統; 在步驟1230中,該部電腦系統接收該使用者裝置請求 登入之訊息後,產生一個隨機亂數作為一則挑戰訊息; 在步驟123 5中,該部電腦系統傳送該則挑戰訊息給該 使用者裝置; 在步驟1240中,該使用者裝置接收該部電腦系統傳來 @ 的挑戰訊息後,以步驟1220計算所得的雜凑值作為一把加 密金鑰’對接收到的挑戰訊息進行加密運算,得到一則回 應訊息; 在步驟1245中,該使用者裝置傳送該回應訊息及該使 用者識別名稱之輸入1202給該部電腦系統。 在步驟1250中,該部電腦系統以接收到的使用者識別 名稱1202為索引,從其持久性記憶媒體上讀取對應的系統 16 201034423 端雜湊值; 在步驟測中,該部電腦系統以所讀取的系 值為一把解密金鑰,對接收到的回應訊息進行解密”、 得到一則被還原的挑戰訊息; •、運算The hash value is the same as the hash value stored in the computer system, allowing the user to log in. Otherwise, the user's login is denied. The judgment that the two hash values are equal is performed using the challenge and response procedures. ^ The concept of the previous paragraph assumes that there is a computer system and that there are multiple users in the computer system. It is assumed that each user can have his user device, and he can have his password and his client. Secret; on the computer system side, in addition to storing the hash value of each user's authentication secret, a corresponding identification name of each user is stored correspondingly, in other words, the system-side persistent memory medium has a The file or database stores multiple pairs of user identification names and hash values. 1A and 1B are flow diagrams of an embodiment of an initial procedure of the method and a procedure for a user to log into a computer system. The initial program is also the program that the user registers with the computer system. Refer to Figure 1A. In step 1110, the user device receives a user identification name 1102 and a passphrase 1104; in step 1120, the user device generates a random random number as an authentication secret; 14 201034423 In step 1130, the user device Calculating the hash value of the authentication secret; 1102, in step Μ0, the user device transmits the user identification name and the calculated hash value to the computer system; in step 1150, the computer system receives the The hash value and the identification name 1102 are stored in its readable persistent storage medium 丨J 〇9 φ. In step 1160, the computer system transmits a confirmation message to the user device; in step 1170, the use After receiving the confirmation message transmitted by the computer system, the device calculates the user secret by using the password of the user input password 1104 and the authentication secret generated in step 1120 as two inputs of a split operation type. The first operation is expressed as: user secret = split operation (password password, secret identification); in step 1180, the It is calculated by means of the user terminal 1108 stores a secret cipher square persistent storage medium may be readable 11〇6 thereto. The persistent storage medium of step 1180 of the registration process may be a portable persistent storage medium provided by the user, such as a USB flash drive, to store his client secret. In this way, the user can carry his memory medium to another user device to request to log in to the computer system; here, assume that the user device has installed the arithmetic expression required to perform the user authentication method' or These expressions are executed through the web interface. The procedure for a user to log in to a computer system using a user device includes the steps shown in FIG. 1B, as explained below. 15 201034423 In step 1205, the user device receives a user identification name input 1202 and a passphrase input 12〇4; in step 1210, the user device reads a user on the persistent storage medium 1206. The terminal device 12〇8; in step 1215, the user device calculates a value by using the received passcode input 1204 and the read client secret 12〇8 as two inputs of a reply expression. This operation is expressed as: the value - the reply expression (password input, the client secret); in step 1220, the user device calculates a hash @ value of the value; in step 1225, the user device Sending a message requesting login to the computer system; in step 1230, after receiving the message requested by the user device, the computer system generates a random random number as a challenge message; in step 123 5, the department The computer system transmits the challenge message to the user device; in step 1240, the user device receives the challenge from the computer system. After the message, the hash value calculated in step 1220 is used as an encryption key to encrypt the received challenge message to obtain a response message. In step 1245, the user device transmits the response message and the use message. The input identification name 1202 is given to the computer system of the department. In step 1250, the computer system reads the corresponding user identification name 1202 as an index, and reads the corresponding system 16 201034423 end hash value from the persistent storage medium; in the step measurement, the computer system of the department The value of the read is a decryption key, and the received response message is decrypted, and a restored challenge message is obtained;
在步驟mo巾,該部電腦系統崎_料 訊息與步驟1230中所產生的挑戰訊息是否相符若祧戰 傳送-則允許登人之訊息給該使用者裝置右相符則 送一則拒絕登入之訊息給該使用者裝置; 相符則傳 在步驟mo中,該使用者裝置接收該部電腦系統傳來 的允許或㈣登人找息,若接㈣岐拒絕登人之訊烏 ,可回到步驟1205,重新執行此程序。 登入程序之步驟1215的回復運算式與註冊程序之 1170的分割運算式’兩者必須是相互配合的運算式。所謂 相互配合的意義是指:利用分割運算式,一個鑑別秘密; 以被-個通行密碼與-㈣戶端秘密取代;利用配合的回 復運算式’唯有正確的通行密碼與正相用戶端秘密可以 回復出原鑑別秘密。分割運算式及其配合的回復運算式應 滿足之㈣及其設計以參見巾華㈣專㈣i255⑵號之 文,,其標題為「用於保護數位秘密的方法及其系統」。以 下是分割運算式及相配合之回復運算式的可行設定之一。 分割運算式之公式設定: 用戶端秘密= (hash(通行密碼)+αχ鑑別秘密)m〇d q, 其中,hash是-個單向雜湊函數,q是__個大於鑑別秘 17 201034423 密與通行密碼之所有數值例的整數常數,一個與q互質 的正整數’而參數α與q並不需要保持機密。 相配合的回復運算式之公式設定: 鑑別秘密= (A用戶端秘密+((-(a-ixhash(通行密碼)m〇d q)) m〇d q)) mod q 其中的hash、q與α同分割運算式之定義,a“則是α 在mod q之模運算的乘法反元素。 上文所述的使用者鑑別方法,即以強秘密取代弱秘密❿ 的通行密碼之鑑別方法,其中另包含一套「變更用戶端秘 密與電腦系統端驗證值」的程序。此程序允許使用者在不 改變其通行密碼的情況下更新系統端的雜湊值,也相對應 地更新儲存於可攜式持久性記憶媒體上的用戶端秘密。此 程序包括如圖1C所示之步驟,說明如下。 在程序1305中,一台使用者裝置與一部電腦系統進行 如圖1B所示的登入程序,重新敘述如下:使用者裝置接收 一個使用者識別名稱之輸入13〇2與一個通行密碼之輸入⑬ 1304,而後讀取其持久性記憶媒體13〇6上的用戶端秘密 1308 ’以回復運算式來計算出一個數值接著計算該數值 的雜湊值,再以挑戰與回應之程序由該部電腦系統決定是 否允許登入,該部電腦系統回傳給該使用者裝置一則允許 登入或拒絕登入的訊息; 在步驟1310中,該使用者裝置對接收到的訊息進行判 斷,右接收到的是拒絕登入的訊息,則可重新執行程序 18 201034423 305來再次登入該部電腦系統’若接收到的是允許登入的 訊息’則繼續執行步驟1315 ; 在步驟1315中,該使用者裝置產生一個隨機亂數作為 新的鑑別秘密; 在步驟1320中,該使用者裝置計算所產生之新鑑別秘 密的雜湊值; 在步驟1325中,該使用者裝置以該數值之雜湊值作為In the step mo, the computer system's message is consistent with the challenge message generated in step 1230. If the message is transmitted, the message is allowed to be sent to the user device, and a message to reject the login is sent. The user device; the coincidence is transmitted in step mo, the user device receives the permission transmitted by the computer system or (4) the person looking for a message, and if the message is rejected (4), the process returns to step 1205. Re-execute this procedure. Both the return expression of the step 1215 of the login program and the split expression of the registration program 1170 must be mutually compatible expressions. The meaning of the so-called mutual cooperation means: using the splitting expression, one to identify the secret; to be replaced by a passphrase and - (4) the secret of the account; using the combined reply expression 'only the correct passphrase and the secret of the user side Can reply to the original identification secret. The segmentation expression and its associated reply expression should be satisfied (4) and its design is described in the article "Wuhua (4) special (4) i255 (2), entitled "Method and system for protecting digital secrets". The following is one of the feasible settings for the splitting expression and the matching reply expression. The formula of the split expression is set: client secret = (hash (password) + αχ secret) m〇dq, where hash is a one-way hash function, q is __ is greater than the identification secret 17 201034423 The integer constant of all numerical examples of the password, a positive integer 'with q' and the parameters α and q do not need to be kept secret. The formula of the matching reply expression is: Identification secret = (A client secret + ((-(a-ixhash)) m〇dq)) mod q where hash, q and α are the same The definition of the splitting expression, a "is the multiplicative inverse element of the modulo operation of α in mod q. The user authentication method described above, that is, the method of identifying the passphrase of the weak secret 以 with a strong secret, which additionally includes A set of procedures for "changing client secrets and computer system side verification values". This program allows the user to update the system-side hash value without changing its passphrase, and correspondingly update the client secret stored on the portable persistent media. This procedure includes the steps shown in Figure 1C, as explained below. In the program 1305, a user device and a computer system perform a login procedure as shown in FIG. 1B, which is re-described as follows: the user device receives an input of a user identification name 13〇2 and a password input 13 1304, and then reads the client secret 1308' on the persistent storage medium 13〇6 to calculate a value by replying the expression and then calculating the hash value of the value, and then the program of the challenge and response is determined by the computer system. Whether the login is allowed, the computer system returns a message to the user device that allows login or refuses to log in; in step 1310, the user device judges the received message, and the right receives the message that the login is refused. , the program 18 201034423 305 can be re-executed to log in again to the computer system 'If the message is allowed to log in, then step 1315 is continued; in step 1315, the user device generates a random random number as a new one. Identifying the secret; in step 1320, the user device calculates a hash value of the generated new authentication secret; in step 1325 The user device uses the hash value of the value as
把加费金鑰,對計算所得的新鑑別秘密之雜凑值進行加 雄、運算得到一個新鑑別秘密雜凑值之加密結果; 在步驟1330中,該使用者裝置傳送新鑑別秘密雜湊值 密、。果與該使用者識別名稱之輸入給該部電 統; ' 步驟134G中’該部電腦系統依接收到的使用者識別 稱13〇2為倉引,從其持久性記憶媒體上讀取原記錄的系 統端雜凑值; 在步驟1345中, 值作為一把解密金鑰, 选結果進行解密運算, 別秘密雜湊值; 該部電腦系統以所讀取的系統端雜湊 對接收到的新鑑別秘密雜湊值之加 以還原該使用者裝置所產生的新鑑 在步驟135〇巾,該部電腦系統以所還原的新鑑別秘笔 :、值取代I系統端雜凑值,將所還原的新鑑別秘密㈣ ^錄於其持久性記㈣體,之後傳送—則更新確認訊 給該使用者裝置; 在步驟1360中’該使用者裝置接收該部電腦系統所傳 19 201034423 認訊息後’利用接收到的通行密碼之輸入削 生的新鐘別秘密作為與註冊程序中相同之分割運算 =兩項輸人來計算-個新用戶端秘密,此—運算表示為 •新用戶端秘密=分割運算式(通行密碼,新鐘別秘密). 在步驟U70中,該使用者裝置將計算所得的新用 秘密测齡於其持久性記憶媒^鳩,取代 密 1308 。 口 升叭興§主冊程序之步驟117〇 的分割運算式是相同的運算式。因此,使用者於更新系統 端雜溱值後再次登人該部電腦系統時,以通行密碼及更新 後的用戶端秘密為回復運算式之輸人所得的數值,其雜凑 值會與更新後的系統端雜湊值相等。 前文的使用者鑑別方法除了包括已敘述的三套程序之 外’還包括其他的程序’因為這些程序與本發明沒有直接 的關係,故不予贅述。 用於執行此使用者鑑別方法所包含之程序的用戶端裝 置,其所需要的運算式除了該使用者鑑別方法之專利文件❹ 中的分割運算式及其相配合的回復運算式,另包括隨機亂 數產生器或虛擬隨機亂數產生器及單向雜湊函數。單向雜 凑函數的條件己於前文詳述,目前也有許多符合這些條件 的公開運算式可供選用,例如MD5、SHA-256、SHA-384 和SHA-512等等;而隨機亂數及虛擬隨機亂數之產生也已 有許多的方法,詳細的方法可以參見密碼學的書籍,例如 • Alfred J. Menezes, Paul C. van Oorschort, and Scott. A. 20 201034423Adding a fee to the hash value of the calculated new authentication secret to obtain a new encrypted secret hash value; in step 1330, the user device transmits a new secret secret hash value. ,. If the user and the user's identification name are input to the department; in step 134G, the computer system reads the original record from the persistent memory medium according to the received user identification number 13〇2. The system-side hash value; in step 1345, the value is used as a decryption key, and the result is decrypted, and the secret hash value is not used; the computer system receives the new authentication secret by the system-side hash that is read. The hash value is used to restore the new authentication generated by the user device in step 135. The computer system replaces the I system end hash value with the restored new authentication secret pen: the value, and the restored new authentication secret. (4) ^ recorded in its persistent record (4), then transmitted - then the confirmation message is sent to the user device; in step 1360, 'the user device receives the message transmitted by the computer system 19 201034423' The new clock secret of the password input is the same as the division operation in the registration procedure = two input to calculate - a new client secret, this operation is expressed as • new client secret = segmentation Formula (password, a new clock not secret). In step U70, the user apparatus with the calculated new secret measuring its persistent memory media age ^ dove, substituted densely 1308. The segmentation expression of step 117〇 of the 升 叭 § 主 master book program is the same arithmetic expression. Therefore, when the user re-enters the computer system after updating the system end-spot value, the pass-through password and the updated user-side secret are the values obtained by the input type of the reply expression, and the hash value will be updated after the update. The system side hash values are equal. The foregoing user authentication method includes "other programs" in addition to the three sets of programs already described. Since these programs are not directly related to the present invention, they will not be described again. The client device for executing the program included in the user authentication method requires an arithmetic expression other than the segmentation expression in the patent document of the user authentication method and its matching reply expression, and includes a random A random number generator or a virtual random random number generator and a one-way hash function. The conditions of the one-way hash function have been detailed in the previous section, and there are many public expressions that meet these conditions, such as MD5, SHA-256, SHA-384, and SHA-512, etc.; and random random numbers and virtual There are many methods for generating random numbers. For detailed methods, see the books on cryptography, such as • Alfred J. Menezes, Paul C. van Oorschort, and Scott. A. 20 201034423
Vanstone, Handbook of Applied Cryptography, CRC Press, 1997,與 John E. Hershey, Cryptography Demystified, McGraw-Hill,2003.說明如下。 一個真正的亂數產生器需要有一個本身具有隨機性的 來源,有數個利用若干硬體特性的方法可供選擇,例如: W. Holman, J. Connelly, and A. Dowlatabadi, t4An Integrated Analog/Digital Random Noise Source,,JIEEE Transactions on Circuits and Systems-I: Fundamental Theory and Applications vol. 44, no. 6, pp. 521-528, June 1997. 軟體的亂數產生器也是常見的。設計一個亂數產生器 的軟體可以使用到包括系統時脈(system clock)、敲擊鍵盤 與滑鼠移動間的時間差(elapsed time between keystrokes and mouse movements)、作業系統的系統負載與網路統計資料的 數值(operating system values such as system load and network statistics)等系統程序。一個好的軟體亂數產生器應 多多利用各種具有隨機性的來源,對每一個來源進行抽樣 ,然後將抽樣結果所得的資料序列,利用一個複雜的混合 函數予以結合;在此,可使用的混合函數,可以是碰撞阻 抗雜湊函數如MD5與SHA-256等。 在許多實際的應用中,虛擬隨機位元產生器 (pseudorandom bit generator)通常用來替代真正的隨機位元 產生器(true random generator),利用虛擬隨機位元產生器產 生的虛擬隨機亂數來取代隨機亂數。虛擬隨機位元產生器 是一個輸出非隨機性的(deterministic)演算法,此演算法透 21 201034423 過給定一個真正的隨機位元串列(truly random binary sequence)為輸入,我們假設輸入的位元串列之長度為m, 並假設輸出一個n»m長度的隨機位元串列(n»m指是的η 遠大於m),而此演算法的輸入稱之為種子(seed)。ANSI X9.17與FIPS 186是兩個產生虛擬隨機位元與亂數的標準 方法,還有其他的方法是使用倍數同餘虛擬亂數產生器 (multiplicative congruence pseudorandom number generator) o 【發明内容】 本發明描述了創新的單次通行密碼之使用者鑑別方法 。在其方法中,使用者端所用到的每一個單次通行密碼都 是由亂數產生器(random number generator)或虛擬亂數產 生器(pseudorandom number generator)所產生的一個亂數 (random number ),而電腦系統端所用到的對應於每一個單 次通行密碼之驗證值則是它的一個雜凑值(hash value)。 早次通行密碼的雜凑值是利用一單向雜凑函數(oneway hash function) 進行單次通行密碼 之轉換 所得的輸出。 根據單向雜湊函數之特性,從其輸出值來反推輸入值是非 常困難的;故’從電腦系統端的驗證值來推導單次通行密 碼是非常困難的。這是單次通行密碼使用者鑑別方法的基 本要求之一。 利用亂數產生器或虛擬亂數產生器所產生的亂數作為 單次通行密碼’其好處是位元長度足夠的亂數可以作為一 個強秘密(strong secret),非常困難被猜測,另一個好處是 22 201034423 。假設Pl、P2、…代表一系列依序使 Vi、V2、···代表一系列依序對應單次 亂數的數目沒有限制 用的單次通行密碼, 通行密碼的電腦系統端驗證值,則每—個&都是一個亂數 而每個V,都是其對應的Pi經過一個單向雜凑函數計算 所得的-個雜湊值;且若j是不等於k的正整數則Pj與Vanstone, Handbook of Applied Cryptography, CRC Press, 1997, and John E. Hershey, Cryptography Demystified, McGraw-Hill, 2003. are described below. A true random number generator needs to have a source of its own randomness. There are several ways to use several hardware features, such as: W. Holman, J. Connelly, and A. Dowlatabadi, t4An Integrated Analog/Digital Random Noise Source,, J IEEE Transactions on Circuits and Systems-I: Fundamental Theory and Applications vol. 44, no. 6, pp. 521-528, June 1997. Software random number generators are also common. Software for designing a random number generator can be used to include system clock, elapsed time between keystrokes and mouse movements, system load and network statistics of the operating system. System programs such as operating system values such as system load and network statistics. A good software random number generator should use a variety of random sources to sample each source, and then combine the data sequences obtained by the sampling results using a complex mixing function; here, the available mixture Functions, which can be collision impedance hash functions such as MD5 and SHA-256. In many practical applications, a pseudorandom bit generator is usually used to replace a true random generator, replacing it with a virtual random number generated by a virtual random bit generator. Random random numbers. The virtual random bit generator is an output non-random deterministic algorithm. This algorithm passes 21 201034423 to give a true random binary sequence as input. We assume the input bit. The length of the metastring is m, and it is assumed that a random bit sequence of n»m length is output (n»m means that η is much larger than m), and the input of this algorithm is called seed. ANSI X9.17 and FIPS 186 are two standard methods for generating virtual random bits and random numbers. Other methods are to use a multiplicative congruence pseudorandom number generator (invention). The invention describes an innovative user authentication method for single pass passwords. In the method, each single pass password used by the user end is a random number generated by a random number generator or a pseudorandom number generator. The verification value corresponding to each single pass password used by the computer system is its hash value. The hash value of the early pass password is the output of a one-pass password conversion using a one-way hash function. According to the characteristics of the one-way hash function, it is very difficult to reverse the input value from its output value; therefore, it is very difficult to derive a single pass password from the verification value of the computer system side. This is one of the basic requirements for a single pass password user authentication method. Using the random number generated by the random number generator or the virtual random number generator as a single pass password' has the advantage that the random number of the bit length is sufficient as a strong secret, which is very difficult to be guessed, another benefit It is 22 201034423. Suppose that Pl, P2, ... represent a series of sequentially making Vi, V2, ... represent a series of single pass passwords that are sequentially restricted to the number of single random numbers, and the computer system side verification value of the pass password is Each of the & is a random number and each V is a hash value calculated by its corresponding Pi through a one-way hash function; and if j is a positive integer not equal to k then Pj and
Pk會不相同’而從Pj來推導Pk或由Pk來推導都是非常 困難的依據_性,由使用過的單次通行密碼要推導Pk will be different, and deriving Pk from Pj or deriving from Pk is a very difficult basis. _ Sex is derived from the used single pass password.
未使用過的單次通行密碼是非㈣難的,這也是單次通行 密碼的基本要求之一。 本發明的方法並非產生一系列的單次通行密碼(即一 系列的亂數)預先存於持久性記憶媒體中,而是在每次登 入的過程t利用-套「同步推移程序」來產生τ—次登入 時所用到的亂數(也就是下一個單次通行密碼)及電腦系 統端所對應的驗證值。 本發明的方法也不是將下一次登入所用到的亂數存於 持久性記憶媒體中,此亂數被-個第—通行密碼及一個第 二通《碼所取代。在此的第__通行密碼是使用者自主性 決定的-個通行密瑪,可以由使用者自行記憶,而第二通 行密碼被儲存於持久性記憶媒體中^下一次登入時,此亂 數由-個回復計算公式來計算回來的,此回復計算公式有 兩項輸入,即前述的第一通行密碼與第二通行密碼。 —以一個第一通行密碼及一個第二通行密碼來回復計算 —個強秘密作為鑑別秘密的技巧已揭露於中華民國專利第 1293529號,並說明於本文件的μ技術4發㈣所稱的 23 201034423 「第一通行密碼」即是前揭專利所稱的「使用者通行密碼 第一通行密碼」則是前揭專利所稱的「用戶端秘密」。 在執行同步推移程序之後,使用者端會有一個新的單 通行密碼,但疋此新的單次通行密碼不會被儲存於持久 性記憶媒體’被儲存於持久性記憶媒體的是—個新的第二 通行密瑪’而在電腦系統端會有—個新的驗證值被儲存於 持久性記憶媒體中;換言之,完整的執行了同步推移程序Unused single pass passwords are not (four) difficult, which is one of the basic requirements for a single pass password. The method of the present invention does not generate a series of single pass passwords (i.e., a series of random numbers) pre-stored in the persistent memory medium, but uses a set of "synchronous shift programs" to generate τ in each login process. - The number of random numbers used in the login (that is, the next single pass password) and the verification value corresponding to the computer system. The method of the present invention does not store the random number used in the next login in the persistent memory medium. This random number is replaced by a first pass password and a second pass code. The __ passphrase here is determined by the user's autonomy - a pass-through mic, which can be memorized by the user, and the second passphrase is stored in the persistent memory medium. ^When the next login, the random number Calculated by a reply calculation formula, the reply calculation formula has two inputs, namely the aforementioned first pass password and the second pass password. - Replying to a calculation with a first passphrase and a second passphrase - a strong secret as a secret identification technique has been disclosed in the Republic of China Patent No. 1293529, and is described in the μ technology of this document (4). 201034423 The "first pass password" is the "first pass password for user passcode" as mentioned in the previous patent. It is the "user secret" mentioned in the previous patent. After performing the synchronous shift procedure, the user will have a new one-pass password, but this new one-pass password will not be stored in the persistent memory media' is stored in the persistent memory media is a new The second pass Mimma will be stored on the computer system - a new verification value is stored in the persistent memory medium; in other words, the full implementation of the synchronous shift program
之後’使用者端的第二通行密碼與電腦系統端的驗證值都 會被更換為新的值。 使用者端的第-通行密碼可以是使用者自主性決定合 ’也可以重複地被用於連續多次的登人,如果自持久性畜 憶媒體讀取第二通行密碼是自動化的,不需要使用者㈣ 入1根據本發明實施的使用者鑑別系統,對使用者而^ ,彷彿是傳統的通行密碼系統。 :發明也包含一套程序,讓使用者可以變更其… 決定的第一通行密碼。After that, the second password of the user terminal and the verification value of the computer system will be replaced with new values. The first pass password of the user end may be determined by the user's autonomy. It may also be used repeatedly for multiple consecutive logins. If the second pass password is automatically read from the persistent recall media, it is not required to be used. (4) Into the user authentication system implemented according to the present invention, as if it is a conventional password system. The invention also contains a set of programs that allow the user to change the first pass password of the ... decision.
,設第-通行密碼㈣不變,則第二通行㈣可以 為早次通行密碼㈣代值;在此假設之下,同步推移 變更使用者端第二通行密碼與電腦系統端的 丨5J步推移程序為本發明的重要部 n ^ ^ 本發明包含兩種 ° 移程序:第一種及第二種同步推移程#货 牛:必〜+ 伸秒程序。第一種同 ,移程序之設計並未考慮電腦系統及 可飴由邮 L ^ ^ 】尸碼裝置之操作 ,也未考慮兩者之通訊可能中斷的狀況;若此程 24 201034423 序未被完整的執行而造成使用者端與電腦系統端的不同步 ’則使用者必須重新執行初始程序來達成電腦系統端與使 用者端的同步化。第二種同步推移程序之設計,已考慮電 腦系統及用戶端裝置之操作及兩者之通訊可能會中斷的狀 況’若因中斷而造成使用者端與電腦系統端不同步,則使 用者下次登入時會執行增加的「備用同步化程序」;若此備 用同步化程序被完整的執行,則使用者端與電腦系統端不 ❹ 同步的狀況會被修正為同步;若此備用同步化程序未被完 整的執行,則等同於使用者端此次登入失敗,再次登入時 ’此備用同步化程序仍會被執行。 根據本發明的使用者鑑別方法,使用者登入電腦系統 的過程中包含一套同步推移程序。今假設所包含的同步推 移程序為第冑同步推移程序,則使用者登入電腦系統的 過程,可依以下步驟執行之:一位使用者自一台用戶端裝 置傳送-則請求登入的訊息到一部電腦系统;該用戶端裝 ❹ i利用該使用者提供的—個第—通行密碼以及讀取自一 持久性記憶媒體的-個第二通行密碼來回復計算出一個翠 -人通订㈣作為當次登人的單次通行密碼;該部電腦系統 自β持久性記憶媒體讀取—個驗證值來蚊該單次通行密 碼疋否正確,若該單次通行密碼為正確,則執行一套同步 推移程序,接著傳送一則允許登入之訊息給該用戶端襄置 ;若該單錢行密碼為*正確,㈣部電腦“傳送 拒絕登入之訊息給該用戶端裝置。 以上步驟中的同步推移程序,是第一種同步推移程序 25 201034423 其力月b基本上疋取得_個新的亂數並更新電腦系統端的 驗證值及使用者端的第二通行密碼;此更新的工作可以採 用兩種可能的順序其中的任一種,而亂數的產生可以在電 腦系統端也可以在使用者端執行之。在此假設在該同步 推移程序中’作為下—個單次通行密碼的亂數是在使用者 端的裝置上產生的’並假設更新電腦系統端的驗證值在先 ’而更新使用者端的第二通行密碼在後。具體而言,該同 步推移程序可依以下步驟執行之:該部電腦系統傳送-則 執行同步推移之訊息給該用戶端裝置;該用戶端裝置接收Θ J該則同步推移之訊息後,產生一個亂數作為下一個單次 通行密碼’並计算該亂數的一個雜湊值;該用戶端裝置利 用當次的單次通行密碼之雜凑值為一把加密金鑰將計算所 和·的亂數之雜湊值予以加密,接著將加密的結果傳送給該 邛電腦系統;該部電腦系統以所儲存的驗證值為一把解密 金鑰將接收的加密結果予以解密,還原該亂數的雜湊值, 再以還原所得的雜湊值更換該驗證值;該部電腦系統傳送 另一則執行同步推移之訊息給該用戶端裝置;該用戶端裝@ 置接收到此另則執行同步推移之訊息後,以該亂數計算出 一個新的第二通行密碼;該用戶端裝置以該新的第二通行 雄、碼更換用於計算此次登入所用之單次通行密碼的第二通 行密碼’接著傳送一則確認訊息給該部電腦系統;該部電 腦系統接收到該用戶端裝置所傳送的確認訊息,此時,同 步推移程序已完整執行。 以上步驟可能因電腦系統及用戶端裝置之操作中斷而 26 201034423If the first pass password (4) is unchanged, the second pass (4) may be the early pass password (4) substitute value; under this assumption, the second pass password of the user terminal and the computer system end of the computer are used to synchronize the shift. It is an important part of the invention n ^ ^ The invention comprises two shifting procedures: the first and the second synchronous shifting process #牛牛: must ~ + the second program. The first type of the same program does not take into account the operation of the computer system and the operation of the corpse device, nor does it consider the possibility that the communication between the two may be interrupted; if the process of this process 24 201034423 is not complete The execution causes the user to be out of sync with the computer system. Then the user must re-execute the initial program to achieve synchronization between the computer system and the user. The design of the second synchronous shifting program has considered the operation of the computer system and the user equipment and the communication of the two may be interrupted. If the user terminal and the computer system are not synchronized due to the interruption, the user next time The additional "alternate synchronization program" will be executed when logging in; if the standby synchronization program is completely executed, the status of the user and the computer system will be corrected to be synchronized; if the standby synchronization program is not If it is executed completely, it is equivalent to the user's login failure. When logging in again, this backup synchronization program will still be executed. According to the user authentication method of the present invention, the user enters the computer system and includes a set of synchronous shifting procedures. Now that the synchronization shift program included is the third synchronization shift program, the user can log in to the computer system by following the steps below: one user transmits from a client device - then requests the login message to a Computer system; the user terminal uses the first pass password provided by the user and a second pass password read from a persistent memory medium to reply to calculate a green-person subscription (four) as The single pass password for the second time; the computer system reads from the β persistent memory media - the verification value of the mosquito pass is correct. If the single pass password is correct, then a set is executed. Synchronously shifting the program, and then transmitting a message allowing the login to the user; if the single money password is *correct, the (four) computer "transmits the message of rejecting the login to the client device. The synchronization shift procedure in the above steps , is the first type of synchronous shift program 25 201034423 Its power month b basically gets _ a new random number and updates the verification value of the computer system side and the second pass of the user side Code; the work of this update can take any of two possible sequences, and the generation of random numbers can be performed on the computer system side or on the user side. It is assumed in the synchronous shift program as 'down' The random number of the single pass password is generated on the device of the user side and assumes that the verification value of the computer system is updated first and the second pass password of the user end is updated. Specifically, the synchronization shift program can be According to the following steps: the computer system transmits - the synchronous transfer message is sent to the user device; the user device receives the message that the synchronization is changed, and generates a random number as the next single pass password. 'and calculate a hash value of the random number; the client device encrypts the hash value of the random number calculated by using the hash value of the current single pass password as an encryption key, and then encrypts The result is transmitted to the computer system; the computer system decrypts the received encryption result with a stored verification value as a decryption key, and restores the result. The hash value of the number is replaced by the hash value obtained by the restoration; the computer system transmits another message for performing the synchronization transition to the client device; the user device receives the message and receives the synchronization. After the message, a new second passphrase is calculated by the random number; the client device replaces the second passphrase used to calculate the single passphrase used for the login with the new second passcode. Then send a confirmation message to the computer system of the department; the computer system receives the confirmation message transmitted by the client device, and the synchronization shift program has been completely executed. The above steps may be interrupted due to the operation of the computer system and the user device. And 26 201034423
沒有被完整的執行,也有可能因電腦系統及用戶端裝置之 通訊中斷而沒有被完整的執行。若這些步驟未被完整的執 行而造成使用者端與電腦系統端的不同步,則使用者必須 重新執行初始程序來重新產生—個初始的單次通行密碼, 據此重新設定電腦系統端的驗證值及使用者端的第二通行 密碼,令使用者端與電腦系統端重新初始而同步化。在此 ,重新初始化的單次通行密碼是—個新㈣數,與原初始 的亂數(即原初始的單次通行密碼)㈣機率極小,可以 被當作不可能;此一特性源自亂數產生器之設計。 根據包含第-種同步推移程序之使用者鑑别方法實施 的系統,比先前技術的單次通行密碼系統更為簡化因為 電腦系統端所用到的驗證值只有一個,不再需要有多個驗 證值來修正麵者端與f腦纟㈣可料时的狀況。 下文說明包含第二種同步推移程序為步驟之 者鑑別方法。 用 一種同步推移 統端的驗證值 第一種同步推 一個單次通行 並假設更新電 第二通行密碼 第二種同步推移程序之功能基本上與第 程序相同:取得一個新的亂數並更新電腦系 及使用相的第三通行密碼。與上文描述的 移程序之實施例相同,在此同樣假設作為τ 密碼的亂數是在使用者端的裝置上產生的, 腦系統端的驗證值在先,而更新使用者端的 在後。 在第二種同步推移程序中,我們考慮了同步推移程序 之執仃有可能被中斷而不完整執行的狀況,說明如下。 27 201034423 统更是同步推移程序執行中斷係在電腦系 的驗證值及使用者端的Γ 電腦系統端 情形等於使用者登入時碼都沒有被更換;這種 造成登入失敗,也=到電腦當機或通訊中斷的影響而 邊夫赫Μ 錢說’使用者端當次的單次通行密碼 還未被使用,下一次登入時仍可使用。 另一種狀況是同步推移程序執行中斷發生在電 2換了驗證值之後,如此,則電腦系統端的驗證值已經 二ΠΓ無法確認使用者端的第二通行密碼是否隨 發生這種狀況又可分為兩種可能,第-種可能是 =:的第二通行密碼已經隨之更換,第二種可能是使 用者端的第二通行密H有隨之更換。 报2果使用者端的第二通行密碼已經隨之更換,這種情 都已6-:::者端的第二通行密瑪與電腦系統端的驗證值 =經被更換為新的值’電腦系統端與使用者端已經是同 步的。 ❹ 系统端與#用!端的第—通打密碼沒有隨之更換,則電腦 系統^與使用者端不同步;下-次使用者登入時,使用者 ==第二通行密竭所計算的單次通行密碼無法被 統錯誤地拒絕登入。為正確,造成使用者被電腦系 本發明包含了一個特殊的技巧來克服上述因第二種 :拓推移程序沒有被完整執行而導致電腦系統有可能錯誤 地拒絕使用者登入的情形。其作法是:電腦系統追溯出該 28 201034423 1 吏用者前―次登人時確實發生了同步推移程序之執行被中 "的狀況’且保留前一次使用的驗證值。為了追溯出前一 m時確實發生了中斷’用了_個「確認同步化的標記」 ’而為了保留前一次你用沾%# 吏用的驗也值,在電腦系統端的持久 媒雜上另外儲存了 _個「備用驗證值」,而原所稱的 驗證值另稱為「本次驗證值」。 包含第二種同步推移程序為其t的-個步驟之後,使 ^登入電的過程’可依以下步驟執行之:一位使 用者利用一台用戶端歩:罟德 電腦系統,·該用戶端裝置叶算:請求登入之訊息到一部 _統決定該次通行密碼, 正確;若該單次通行密 =確’則執行-㈣步推移程序,接著該部電腦系統 ==登入之訊息給該用戶端裝置,·若該單次通行 ::為不正確,則該部電腦系統傳送一則拒絕登入之訊息 給該用戶端裝置。 正祐勺/驟中’該部電腦系統決定該單次通行密碼是否 用戶下步驟:該部電腦系統傳送一則挑戰訊息到該 〜,該用戶端裝置利用一單向雜凑函數計算該單 ^通料碼的雜湊值;該用戶端裝置接收到該則挑戰訊息 則雜溱值為一把加密金鑰將該則挑戰訊息加密為- π電腦=接接著將該則回應訊息傳回該部電腦系統;該 ::系統接收到回應訊息後,自一持久性記憶媒體讀取 個本二人驗證值為-把解密金鑰將該則回應訊息予以解密 ;若解密後之訊息與原挑戰訊息相符,則該部電腦系統決 29 201034423 定該單次通行密碼是正確的;若 息不相符,則自一持久性記传嬋體::之訊息與原挑戰訊 標記,若《記^記讀取—個確認同步化之 該單次通行密碼是不正確:已電腦系統決定 ,則該部電㈣統執行4「備用;錄是未確認 自==備關步化料包括以下步驟:該部電腦系統 錄將^ ㈣讀取—個㈣驗證值料另—解密金 ❿ ==應訊息重新解密;若重新解密後之訊息與原挑 戰訊,“目符,則該部電腦系統決定該單次通行密竭是正確 =牛接著以該剌驗證值更新該本切證值,再將該確認 同步化之標記變更為已確認;若线㈣後之訊息與原挑 仍*相符’則該部電腦系統決定該單次通行密褐是 回到使用者登入電腦系統之過程,在決定該單次通行 密碼為正確後,第二種同步推移程序接著執行其步驟包 括:該部電腦系統傳送-則執行同步推移之訊息給該用戶 端裝置;該用戶端裝置產纟一個乳數並計算它的—個雜凑❿ 值,該用戶端裝置利用該單次通行密碼的雜凑值為—把加 密金鑰將該亂數的雜湊值予以加密,接著將加密所得的結 果傳送給該部電腦系統;該部電腦系統將該確認同步化: 標記變更為未確認;該部電腦系統以該本次驗證值為—把 解密金鑰將接收的加密結果予以解密,還原該亂數的雜凑 值,再以該本次驗證值更換該備用驗證值,接著以還原所 得的該亂數之雜湊值更換該本次驗證值;該部電腦系統傳 30 201034423 送另一則執行同步推移之訊息給該用戶端裝置;該用戶端 裝置接收到此另則執行同步推移之訊息後,以該亂數計算 出個新的第二通行密碼;該用戶端裝置以該新的第二通 =密碼更換用於計算該單次.通行密碼的第二通行密碼,接 者傳送—則確認訊息給該部電腦系統;該部電n統接收 J"亥則確_。孔息後,將該確認同步化之標記變更為已確認 〇It has not been fully executed, and may not be completely executed due to communication interruption of the computer system and the client device. If these steps are not completely executed and the user side is not synchronized with the computer system side, the user must re-execute the initial program to regenerate an initial single pass password, thereby resetting the verification value of the computer system side and The second pass password of the user end re-initializes the synchronization between the user end and the computer system end. Here, the re-initialized single pass password is a new (four) number, and the original initial random number (ie, the original initial one-pass password) (4) has a very low probability and can be regarded as impossible; this feature is caused by chaos The design of the number generator. The system implemented according to the user authentication method including the first-type synchronous shift program is more simplified than the prior art single pass password system because the computer system uses only one verification value, and no need to have multiple verification values. To correct the situation when the face and the f cerebral palsy (4) are available. The method of identifying the second synchronization shift procedure as a step is described below. Using a verification value of the synchronous transfer system, the first type of synchronization pushes a single pass and assumes that the second pass password is updated. The function of the second synchronous shift program is basically the same as the first program: obtaining a new random number and updating the computer system. And use the third pass password of the phase. As with the embodiment of the shifting procedure described above, it is also assumed here that the random number as the τ cipher is generated on the device of the user side, the verification value of the brain system side is prior, and the user side of the user terminal is updated later. In the second synchronous shift procedure, we consider the situation in which the execution of the synchronous shift program may be interrupted and not completely executed, as explained below. 27 201034423 The system is the synchronization check program execution interrupt system in the computer system verification value and the user side 电脑 the computer system side situation is equal to the user login time code has not been replaced; this caused the login failure, also = to the computer crash or The impact of the communication interruption and the husband and wife of the money said that the user's current single pass password has not been used, and can still be used the next time you log in. Another situation is that the synchronous shift program execution interrupt occurs after the power 2 has changed the verification value. In this case, the verification value of the computer system side has been determined. It cannot be confirmed whether the second pass password of the user end can be divided into two according to the occurrence of the situation. It is possible that the second pass password of the first type may be =: has been replaced, and the second possibility is that the second pass H of the user end is replaced. Report 2 The user's second passphrase has been replaced, this situation has been 6-::: the second pass of the client and the computer system side verification value = replaced by the new value 'computer system side It is already synchronized with the user side.第 The system-side and #-use-side passwords are not replaced, the computer system ^ is not synchronized with the user; when the next-time user logs in, the user == the second pass is calculated. The secondary password cannot be incorrectly denied login. To be correct, the user is being computerized. The present invention incorporates a special technique to overcome the above-mentioned second situation: the extension of the program is not fully implemented, and the computer system may erroneously reject the user's login. The method is: the computer system traces the 28 201034423 1 When the user first-times the second person, the execution of the synchronous shift program is actually executed and the previous verification value is retained. In order to trace the previous m, the interruption did occur. 'Used a 'confirmed synchronization mark'. In order to retain the value of the previous test you used with the %#, it was additionally stored on the persistent memory of the computer system. _ "alternate verification value", and the original verification value is also called "this verification value". After the second synchronization shifting program is a step of t, the process of making the login power can be performed according to the following steps: one user uses a user terminal: a computer system, the client device Ye count: requesting the login message to a _ system to determine the pass password, correct; if the single pass password = indeed 'execute - (four) step shift program, then the computer system == login message to the user End device, if the single pass:: is incorrect, the computer system transmits a message rejecting the login to the client device. The computer system determines whether the single pass password is the user's next step: the computer system transmits a challenge message to the ~, the client device uses a one-way hash function to calculate the single pass The hash value of the code; the client device receives the challenge message, and the hash value is an encryption key to encrypt the challenge message to - π computer = then send the response message back to the computer system; The system: after receiving the response message, the system reads the verification value of the two persons from a persistent memory medium - decrypts the response message by the decryption key; if the decrypted message matches the original challenge message, The computer system of the department decided that the single pass password is correct; if the information does not match, then the message from the persistent record: the message and the original challenge message, if the record is read Confirm that the single pass password of the synchronization is incorrect: if the computer system determines, then the department (4) executes 4 "alternate; the record is unconfirmed from == backup step material includes the following steps: the computer system will record ^ (4) Read - (4) Verification value is expected to be another - decryption gold ❿ == message should be re-decrypted; if the message is re-decrypted and the original challenge message, "the computer system determines that the single-pass exhaustion is correct = cattle then The verification value is updated to the value of the certificate, and the confirmation synchronization flag is changed to confirmed; if the message after the line (4) is still consistent with the original selection, then the computer system determines that the single pass is brown. Returning to the process of logging in to the computer system by the user, after determining that the single pass password is correct, the second synchronous shifting program then performing the steps including: transmitting the computer system - then performing a synchronous shift message to the user device The client device generates a milk number and calculates its hash value, and the client device uses the hash value of the single pass password to encrypt the hash value of the random number. And then transmitting the result of the encryption to the computer system; the computer system synchronizes the confirmation: the flag is changed to unconfirmed; the computer system uses the current verification value - the decryption key is connected The encryption result is decrypted, the hash value of the random number is restored, and the standby verification value is replaced by the current verification value, and then the current verification value is replaced by the hash value of the random number obtained by the restoration; the computer system of the department Passing 30 201034423 to send another message to the client device; after receiving the message of the synchronization change, the client device calculates a new second password by using the random number; the client The device replaces the second passphrase for calculating the single pass password with the new second pass=password, and then transmits the confirmation message to the computer system; the department receives the J" _. After the hole is filled, the mark that confirms the synchronization is changed to confirmed 〇
根據包含第二種同步推移程序之使用者鑑別方法實施 系、先_然其步驟比包含第一種同步推移程序之使用者 3方法實施H統複雜—些,但仍比先前技術的單次通 行後碼系統來传簡A,因為電腦系統端只用到兩個驗證值 來修正使用者端與電腦系統端可能㈣步的狀況。 所描述的技巧或其延伸的方法,可以利用電腦軟體 的才"發展成為指令集’並儲存於機器可讀之儲存媒體的 物件中’或儲存於連結於一個或多個處理器之機器可讀的 記憶裝置中,以用於執行使用者之鑑別。 本發明另包含了用於使用者鑑別 四此 ,_ 丨〜叩^班乃1j的—老P電腦,該 部電腦包讀存媒體及_於該媒體的指令集,該指令集 7此。P電腦進行以下步驟:接收__台用戶端裝置傳來的二 則請求登人之訊息;傳送-則挑戰訊息到該用戶端裝置; 接收該用戶端裝置傳來的-則賴訊息;湘-個本次驗 =值來與該則回應訊息進行運算,以產生—個結果, ·比對 t一結果與該則挑戰訊息是否相符;若相符則執行-套同 步推移程序,之後,傳送1允許登人之訊息給該用戶端 31 201034423 裝置,右不相符則取得—個確認同步化之標記;若該標記 的-己錄為已確遂,則傳送一則拒絕登入之訊息給該用戶端 裝置;若該標記的記錄為未確認’則執行一套備用同步化 程序之後冑送—則允許或拒絕登入之訊息給該用户 裝置。 本發明也包含了一種物件(anarticle),此物件包含儲存 媒體,儲存可執行的一系列指令集,該指令集令一台用戶 1裝置執行以下步驟.傳送—則請求登人之訊息給—部電 腦系統;接收由該部電腦系統傳來的-則挑戰訊息;接收 :個第-通行密碼輸人;自—持久性記憶媒體讀取一個第 二通行密碼;以該第_捅私金 ^ 通仃岔碼輸入、該讀取的第二通行 =碼與接收的挑戰訊息來產生—則回應訊息;傳送該則回 .訊息給該部電腦系統;接收該部電腦系統傳來的一則拒 =入之訊息,或者接收該部電腦系統傳來的—則執行同 卞 訊息;若接收到該則執行同步推移之訊息,則與 p電腦系統進行一套同步推移程序;在執行該套同步推 f程序之後,接㈣部電腦系統傳來的—則允許登入 恩。 ::發明所實作的單次性通行密碼系統 分具體的,說明如下。 疋丁 第―、使所用的每一個單次通行密碼都是一個亂數 密^是位元長度足夠的亂數可以作為一個強秘 有限希Γ被猜測;另—個好處是亂數的數目沒 且,由使用過的單次通行密碼來推導未 32 201034423 第二 第三 第四 ❹ 第五、 使用過的單次通行密碼是非常困難的。 ,腦系統端的驗證值是單次通行密碼的雜湊值,它 =利用-早向雜凑函數進行單次通行密碼之轉換所 得的輸出I據單向雜凑函數之特性,從其輸出值 來反推輸入值是非常困難的;故從電腦系統端的 驗證值來推導單次通行密碼是非常困難的。 、根據本發明實施的使用者鐘別系統,若包含第一種 同步推移程序則電腦系統端所用到的驗證值只有一 個’若包含第二種同步推移程序則電腦系統端所用 到的驗證值只有兩個,電腦純料再需要有多個 驗證值來修正使用者端與電腦系統端可能不同步的 狀況;與先前技術的單次通行密碼系統相比較,使 用者端與電腦系統端不同步之檢驗及其同步化之過 程更具效率。 、使用者端的第-通行密碼τ以是使用者自主性決定 的,也可以重複地被用於連續多次的登入如果自 持久性記憶媒體讀取第二通行密碼是自動化的,不 需要使用者的介入,則根據本發明實施的使用者鑑 別系統,對使用者而言,彷彿是傳統的通行密碼系 統。 使用者每次成功登入電腦系統時,單次通行密碼會 被更換為新的值,而電腦系統端的驗證值與使用者 端的第一通行密碼也隨之更換,·因此,攻擊者竊取 所得的驗證值與第二通行密碼將隨著使用者再次登 33 201034423 入電腦系統而失去意義。 第六、電腦系統允許使用者登入之決定的關鍵在於使 必須提供—個正確的第-通行密碼與-個正確的第 二通行密碼’以產生正確的單次通行密碼,僅揭露 第二通行密碼或者第—通行密碼的情形下,由—半 的秘密難以猜測出正確的單次通行密碼。 下文藉由具體實施例配合所附的圖式詳加說明本發明 之細節及其變化,更容易令人瞭解本發明之㈣技術内 容、特點及所達成之功效。 【實施方式】 本文件的先前技術說明中已摘述了中華民國第1293529 號專利之技術内容,本發明與該專利有密切關係。該專利 所揭露的使用者鑑別方法,係以亂數取代傳統的通行密碼 但創造一個情境令使用者彷彿仍在使用傳統的通行密碼系 統。其方法是以一個亂數的雜湊值作為電腦系統端所用的 驗證值,而在使用者端則由使用者所輸入的通行密碼和自 動讀取自持久性記憶媒體的用戶端秘密來回復出該亂數並❹ 計算它的一個雜湊值;電腦系統接到使用者請求登入之訊 息時’利用挑戰與回應的機制來決定使用者端計算所得之 亂數的雜湊值與電腦系統端的驗證值是否相符,若相符則 允許登入,若不相符則拒絕登入。 該專利也揭露了一套「變更用戶端秘密與電腦系統端 驗證值」的程序,如圖1C。此程序是依使用者的需要由使 用者啟動其執行,並非使用者登入電腦系統之過程的一部 34 201034423 份’換言之’使用者可以使用相同的一個通行密碼及相同 的一個用戶端秘密來連續地登入一部電腦系統,也可以在 適當的時候,於登入一部電腦系統之後,執行此程序來變 更用户端秘密及電腦系統端的驗證值。 在本文件中,前揭專利所稱的「用戶端秘密」被改稱 為第一通行密碼」,而「使用者的通行密碼」則被改稱為 「第一通行密碼。According to the user authentication method including the second synchronous shifting program, the first step is more complicated than the user 3 method including the first synchronous shifting program, but still a single pass than the prior art. The post-code system is used to transmit the A, because the computer system only uses two verification values to correct the possible (four) steps of the user and the computer system. The described techniques or methods of extension thereof may be exploited by a computer software to be developed into an instruction set and stored in an object of a machine readable storage medium or stored in a machine coupled to one or more processors. Read in the memory device for performing authentication by the user. The invention further comprises an old P computer for the user to identify the _ 丨 叩 班 ^ 班 1 1j, the computer package read media and the instruction set of the media, the instruction set 7 . The P computer performs the following steps: receiving two messages from the __ client device to request the person to join; transmitting - then challenging the message to the client device; receiving the message from the client device; The current test value is used to calculate the response message to generate a result, and the comparison t-result is consistent with the challenge message; if the match is performed, the set-synchronization process is performed, and then the transfer 1 is allowed. The message of the person is sent to the client 31 201034423 device, if the right does not match, a mark for confirming the synchronization is obtained; if the flag of the tag is recorded as confirmed, a message for rejecting the login is transmitted to the client device; If the record of the tag is unconfirmed, then a set of alternate synchronization procedures is executed and then the message is sent or denied to the user device. The invention also includes an anarticle comprising a storage medium storing an executable set of instructions for causing a user 1 device to perform the following steps: transmitting - requesting a message to the person a computer system; receiving a challenge message from the computer system of the department; receiving: a first-password password input; a self-sustaining memory medium reading a second passphrase; The weight input, the read second pass=code and the received challenge message are generated—the response message is sent; the message is sent back to the computer system; and the received computer system receives a rejection=input The message, or receiving the message from the computer system, executes the same message; if it receives the message, the synchronization process is performed with the p computer system; the synchronization program is executed. After that, it was sent to the computer system of (4) - allowing login. :: The single pass password system implemented by the invention is described in detail below. Kenting's first, every single pass password used is a random number. ^The number of bits with sufficient length can be guessed as a strong secret. The other advantage is that the number of random numbers is not Moreover, it is very difficult to derive a single pass password that has not been used by the used single pass password. The verification value of the brain system end is the hash value of the single pass password, which is the characteristic of the output I according to the one-way hash function obtained by converting the single pass password with the early hash function, and the output value is reversed. Pushing the input value is very difficult; it is very difficult to derive a single pass password from the verification value on the computer system side. According to the user's clock system implemented in accordance with the present invention, if the first type of synchronous shifting program is included, the verification value used by the computer system side has only one 'if the second synchronous shifting program is included, the verification value used by the computer system side is only Two, the computer pure material needs to have multiple verification values to correct the situation that the user end and the computer system side may be out of sync; compared with the prior art single pass password system, the user end is not synchronized with the computer system end. The process of testing and synchronizing is more efficient. The first pass password τ of the user end is determined by the user's autonomy, and can also be used repeatedly for multiple consecutive logins. If the second pass password is automatically read from the persistent storage medium, the user is not required. The intervention, the user authentication system implemented in accordance with the present invention, appears to the user to be a conventional pass-through cryptosystem. Each time the user successfully logs into the computer system, the single pass password will be replaced with the new value, and the verification value of the computer system and the first pass password of the user will be replaced. Therefore, the attacker steals the obtained verification. The value and the second passphrase will lose meaning as the user re-enters the 33 201034423 into the computer system. Sixth, the key to the decision of the computer system to allow the user to log in is to have to provide a correct first pass password and a correct second pass password to generate the correct one pass password and only disclose the second pass password. Or in the case of the first pass password, it is difficult to guess the correct single pass password by the secret of half. The details and variations of the present invention are described in detail below with reference to the accompanying drawings, and the <RTIgt; </ RTI> <RTIgt; [Embodiment] The technical content of the Patent No. 1293529 of the Republic of China has been described in the prior art specification of this document, and the present invention is closely related to the patent. The user authentication method disclosed in the patent replaces the traditional password with a random number but creates a situation in which the user seems to be still using the traditional password system. The method is that the hash value of a random number is used as the verification value used by the computer system end, and at the user end, the password entered by the user and the user secret automatically read from the persistent memory medium are returned. Random number and ❹ calculate a hash value of it; when the computer system receives the message from the user requesting login, 'use the challenge and response mechanism to determine whether the hash value of the random number calculated by the user end matches the verification value of the computer system side. If it matches, login is allowed. If it does not match, login is refused. The patent also exposes a set of procedures for "changing client secrets and computer system side verification values", as shown in Figure 1C. This program is activated by the user according to the user's needs. It is not a part of the process of the user logging into the computer system. 201034423 'In other words' users can use the same one password and the same client secret to continue Log in to a computer system, or you can change the client secret and the verification value of the computer system after logging in to a computer system at the appropriate time. In this document, the "user-side secret" referred to in the previous patent is renamed as the first passphrase, and the "user's passphrase" is renamed as the "first passphrase."
本發明揭露了創新的單次通行密碼系統,其核心概念 之一是延續前述專利利用一個亂數作為鑑別秘密的作法, 但將該亂數僅限於單次使用;為此,必須有一套程序來一 致性地變更作為㈣秘密的亂數、由此亂數產生的電腦系 統端驗證值、及由此亂數產生的第二通㈣碼。此程序被 稱為「同步推移程序」。 同步推移程序」係由前述專利之「變更用戶端秘密 與電腦系統端驗證值程序」轉化而來。這個轉化並非顯而 易見的’因為先前技術的單次通行密碼系統所用到的同步 化技術,在觀念與技巧上,與本發明的同步推移程序之間 並不明顯存在互相推論的邏輯關係;而且本發明進_ =兩種不同的同步推移程序:第—種及第二種同步推移程 端裝步!移程序之設計並未考慮電腦系統及用戶 狀況;若此程::中:,也未考慮兩者之通訊可能中斷的 . 被完整的執行而造成使用者端與電腦系 統端的不同步,則使用者必須重新執行初始程序。 系 35 201034423 第二種同步推移程序之設計,已考慮電腦系統及用戶 端裝置之操作及兩者之通訊可能會中斷的狀況若因中斷 而&成使用者端與電腦系統端不同步,則使用者下次登入 時會執行増加的「備用同步化程序」;若此備賴步化程序 被完整的執行,則使用者端與電腦系統端不同步的狀況會 被修正為同步;若此備用同步化程序未被完整的執行,則 等同於使用者端此次登入失敗,再次登入時,此備用同步 化程序仍會被執行。 根據本發明的方法,電腦系統必須完整執行同步推移❿ 程序’以確認使用者端與電腦系統端一致性地變更了作為 鑑別秘密的亂數、由此亂數產生的電腦系統端驗證值、及 由此亂數產生的第二通行密碼,之後,才允許使用者之登 入。回顧前述專利之「變更用戶端秘密與電腦系統端驗證 值程序」’其執行是電腦系統允許使用者之登入之後,由使 用者選擇啟動該程序之執行。換言之,該專利的登入程序 並不包含變更用戶端秘密與電腦系統端驗證值的程序其 與本發明之登入過程包含同步推移程序,在觀念與技巧上© 並不相同。 下文以兩個實施例來說明本發明的單次通行密碼使用 者鑑別方法,並配合圖2到圖15來說明這兩個實施例。當 本文件的說明文字與圖形使用到相同的編號時,其編號皆 對應於相同的或類似的元件或程序。 第一實施例中包含一套「初始程序」、—套「登入與同 步推移程序」、以及一套「變更第一通行密碼程序」;其辛 36 201034423 的「登入與同步推移程序 序」。 包Ί 套「第一種同步推移程 第-實施例假設有—部多位使用者的電腦系統。初始 的目的疋利用—台用戶端裝置來產生一個亂數作為一 2始的單次通行密峰,並在該電腦系統的持久性記憶媒 體中儲存此初料單切㈣狀—個料值作為-個初The invention discloses an innovative single pass password system, one of its core concepts is to continue the use of a random number as a secret secret in the aforementioned patent, but the chaos is limited to a single use; for this, there must be a set of procedures. Consistently change the random number as (4) secret, the computer system side verification value generated by the random number, and the second pass (four) code generated by the random number. This program is called "synchronous shift program". The "synchronous shift program" is converted from the "change client secret and computer system side verification value program" of the aforementioned patent. This conversion is not obvious. 'Because of the synchronization technology used in the prior art single pass cryptosystem, there is no obvious logical relationship between the concept and the skill and the synchronous shift program of the present invention; and the present invention Into _ = two different synchronous shifting programs: the first type and the second type of synchronous shifting step loading! The design of the shifting program does not consider the computer system and the user's condition; if the process:: medium:, neither considers two The communication may be interrupted. If the user is completely out of sync with the computer system, the user must re-execute the initial program. Department 35 201034423 The design of the second synchronous shifting program has considered that the operation of the computer system and the user terminal device and the communication between the two may be interrupted, and if the user end is not synchronized with the computer system end, then The next time the user logs in, the "alternate synchronization program" will be executed. If the backup procedure is completely executed, the situation that the user side is not synchronized with the computer system will be corrected to be synchronized; If the synchronization program is not completely executed, it is equivalent to the user's login failure. This login synchronization program will still be executed when logging in again. According to the method of the present invention, the computer system must completely execute the synchronous transfer program to confirm that the user side and the computer system end change the random number as the authentication secret, the computer system side verification value generated by the random number, and The second passphrase generated by this random number is then allowed to be logged in by the user. Recalling the "Change Client Secret and Computer System Verification Value Program" of the aforementioned patents, the execution is performed by the user after the computer system allows the user to log in. In other words, the patented login program does not include a program for changing the client secret and the computer system side verification value. The login process of the present invention includes a synchronization shift program, which is not the same in concept and skill. The single pass password user authentication method of the present invention will be described below with two embodiments, and the two embodiments will be described with reference to Figs. 2 to 15 . When the explanatory text of this document uses the same number as the graphic, its number corresponds to the same or similar component or program. The first embodiment includes a set of "initial procedures", a set of "login and sync change procedures", and a set of "change first pass password procedures"; and "Xi 36 201034423" "Login and sync shift procedure". Package "The first type of synchronization process - the embodiment assumes that there are multiple users of the computer system. The initial purpose is to use a client device to generate a random number as a single pass. Peak, and stored in the computer system's persistent memory media, this initial material cut (four) shape - a value as a - initial
始驗證值’也神—個❹者朗名稱作為取得該初始驗 證值之索引;而在佬用去 、 者^,§亥初始的單次通行密碼被分 成兩個部份.-個「第一通行密碼」及一個初始的「第二 通仃费碼」’其中的「第—通行密碼」是使用者自主性地選 擇並自行記憶的,而該初始的「第二通行密碼」則是以該 第一通行密碼與該初始的單切行密碼算式的 兩項輸人所㈣-個輸出’並儲存於使用者端可讀取的一 個持久性記憶媒體。 上述的初始程序實質上與前述專利之初始程序(見圖 1A)相同。今配合本文件所使㈣語詞,將圖^的初始程 序修改如圖2,並說明其步驟如下。 在步驟2110中,-台用戶端裝置接收一個使用者識別 名稱2102及一個第一通行密碼21 〇4。 在步驟2120中,該用戶端裝置產生一個亂數作為一個 初始的單次通行密碼。 在步驟2130中,該用戶端裝置利用一單向雜湊函數來 计算該初始的單次通行密碼的一個雜湊值。 在步驟2140中,該用戶端裝置將該使用者識別名稱 37 201034423 2102及計算所得的雜湊值傳送給一部電腦系統。 在步驟2150中,該部電腦系統在其可讀取的持久性記 憶媒體2002上記錄接收到的雜湊值與使用者識別名稱21〇2 刀別作為電腦系統端的一個初始驗證值2〇〇4及用於索引 該初始驗證值20〇4的一個使用者識別名稱2〇〇6。 在步驟2160中,該部電腦系統傳送一則確認訊息給該 用戶端裝置。 在步驟2170中’該用戶端裝置在接收到該部電腦系統 所傳送的確m之後,利用該第—通行密碼⑸及所產@ 生之初始的單次通行密碼作為一分割運算式的兩項輸入來 计算個初始的第二通行密碼2108。此分割運算式表示為 •初始的第二通行密碼21〇8=分割運算式(第一通行密碼 2104,初始的單次通行密碼)。 _在步驟2180 該用戶端裝置將計算所得之初始的第 -通仃世碼2108儲存於其可讀取的一持久性記憶媒體21〇6 中。The initial verification value 'also God's name is the index of the initial verification value; and the single pass password that was used in the first place is divided into two parts. The "password" and an initial "second pass code" are the user's autonomous choice and self-memory, and the initial "second pass password" is The first passphrase and the two input (four)-outputs of the initial single-cut password formula are stored in a persistent storage medium readable by the user. The initial procedure described above is essentially the same as the initial procedure of the aforementioned patent (see Figure 1A). In conjunction with the words in (4) of this document, the initial procedure of Figure 2 is modified as shown in Figure 2, and the steps are as follows. In step 2110, the client device receives a user identification name 2102 and a first passphrase 21 〇4. In step 2120, the client device generates a random number as an initial one-pass password. In step 2130, the client device utilizes a one-way hash function to calculate a hash value for the initial one-pass password. In step 2140, the client device transmits the user identification name 37 201034423 2102 and the calculated hash value to a computer system. In step 2150, the computer system records the received hash value and the user identification name 21〇2 on the readable persistent medium 2002 as an initial verification value of the computer system 2〇〇4 and A user identification name 2〇〇6 for indexing the initial verification value 20〇4. In step 2160, the computer system transmits a confirmation message to the client device. In step 2170, the client device uses the first passphrase (5) and the initial one-pass password generated by the client computer system as the two inputs of the splitting expression after receiving the correct m transmitted by the computer system. To calculate an initial second passphrase 2108. This divisional expression is expressed as: • The initial second passphrase 21〇8 = the split expression (first passcode 2104, initial single passphrase). In step 2180, the client device stores the calculated initial first-pass code 2108 in a readable storage medium 21〇6.
與一部電腦系統進行了第一實施例的初始程序之後, 使用者可以提供其第_通行密碼21()4與第二通行密碼麗 給一台用戶端裝置,向該部電腦系統提出登人之請求,進 行第實施例的「登入與同步推移程序」。 參閱圖3 ’匕表達了第-實施例之「登入與同步推移程 序」中所須執行的五項工作,包括工作一 31〇〇、工作二 3200工作二33〇〇、工作四3仙〇及工作五μ⑽ 在工作一 31〇〇中,一台用戶端裝置準備使用者鑑別所 38 201034423 需的資訊,包括-個使用者識別名稱及 及它的一個雜湊值,接著傳送個單二人通行密瑪 電腦系統。 、用、登入之訊息給一部 請=工作二Γ〇巾,該部電腦系統接收到該用戶端裝置 ”戶產生一個亂數作為-則挑戰訊息送往 置:二 戰與回應程序來測試該用戶端裝 ❹ 的單次通行密瑪;若該用戶端裝置使用 =切㈣碼之雜湊值與該電腦系_㈣證值相等, 則決疋該單㈣行密碼為正確, 密碼為不正確。 収次通行 密瑪工作二3細之後所得的結果是決定該單次通行 =為正確,則執行工作三3300,以執行第一種同步推移 2來取得-個新的亂數數作為下—個單次通行密碼,並 根據此-亂數將電腦系統端的驗證值及使用者端的第二 t密碼更換成新的值。之後,於卫作四3_中該部電腦 系統允許該使用者之登入’而該用戶端裝置接收到該部電 腦系統傳送的一則允許登入之訊息。 若執行工作二3200之後所得的結果是決定該單次通行 密碼為不正確,則執行工作五3500,該部電腦系統拒絕該 使用者之登入’而該用戶端裝置接收到該部電腦系統傳送 的一則拒絕登入之訊息。 、 接著配合圖4到圖7來分別說明上述的五項工作。 參閲圖4,它是工作一 3100的詳細流程。工作_ 31〇〇 之目的是「為使用者準備鑑別所需之資訊」,其執行的步驟 39 201034423 如下 在步驟4100中,一台用戶端農置接收到-個使用者識 別名稱之輸人4_及-個第—通行密瑪之輸人 在步驟4200中,該用戶端裝置自一持久性記憶媒體 4000讀取一個第二通行密碼4〇6〇。 在步驟4300中,該用戶端裝置利用接收的第一通行密 瑪之輪入4_及讀取的第二通行密碼侧作為一回復運 算式的兩項輸入,回復計算出_個數值,此回復運算式表 示為:被回復的數值=回復運算式(第一通行密碼,第二通行@ 密碼4060)。 在步驟4400中,利用前述的「初始程序」之步驟213〇 中使用的單向雜湊函數,該用戶端裝置計算所回復之數值 的一個雜湊值。 在步驟4500中,該用戶端裝置向一部電腦系統發出— 則凊求登入之訊息,接著執行工作二32〇〇。 接下來請參閱圖5,它是工作二32〇〇的詳細流程。工 作二3200之目的是「決定單次通行密碼是否正確」,其執@ 行的步驟如下。 在步驟5100卡’該部電腦系統接收該用戶端裝置於工 作—31〇〇中所傳送的請求登入之訊息。 在步驟5200中’該部電腦系統產生一個亂數作為一則 挑戰訊息。 在步驟5300中,該用戶端裝置接收該部電腦系統傳來 的挑戰訊息,並接收工作一 3100中的使用者識別名稱之輸 40 201034423 入4020及所回復之數值的雜湊值。 在步驟5400中’該用戶端裝置以工作一 31 〇〇中回復 之數值的雜湊值作為一把加密金鑰將接收的挑戰訊息加密 ’加密後的訊息成為一則回應訊息,連同接收自工作一 3100的5亥使用者識別名稱之輸入4〇2〇傳送給該部電腦系統After performing the initial procedure of the first embodiment with a computer system, the user can provide his first password 21 () 4 and the second password to a client device, and submit the user to the computer system. In response to the request, the "login and sync shift program" of the first embodiment is performed. Refer to Figure 3, which describes the five tasks that must be performed in the "Login and Synchronization Process" of the First Embodiment, including work 31, work 2, 3,200, work, 33, work, 4, and 3 cents. Work 5μ(10) In the work one 31〇〇, a client device prepares the information needed by the user to identify the location of the 2010 201023, including a user identification name and a hash value thereof, and then transmits a single two person pass secret Ma computer system. , use, login message to a work = work two wipes, the computer system receives the user device "the user generates a random number - then the challenge message sent to: the World War II and response program to test the user If the client device uses the hash value of the =cut (four) code and the computer system _ (four) certificate value is equal, then the single (four) line password is correct and the password is incorrect. The result of the second pass Mimma work 2 is to determine that the single pass = is correct, then the work 3 3300 is executed, to perform the first type of synchronous shift 2 to obtain - a new random number as the next - single According to this - random number, the verification value of the computer system side and the second t password of the user end are replaced with new values. After that, the computer system of the department allows the user to log in. The client device receives a message for allowing the login to be transmitted by the computer system. If the result obtained after the work 2200 is determined to be that the single pass password is incorrect, then the work 5 5500 is performed, and the computer system rejects The The user's login' and the client device receives a message for denying login sent by the computer system. Then, the above five tasks are respectively explained in conjunction with FIG. 4 to FIG. 7. Referring to FIG. 4, it is a work one. The detailed process of the 3100. The purpose of the work _ 31 is to "prepare the information needed for the user to identify", and the step 39 of the execution is as follows: In step 4100, a user terminal receives a user identification. In the step 4200, the client device reads a second passcode 4〇6〇 from a persistent storage medium 4000. In step 4300, the client device uses the received first pass MM wheel 4_ and the read second pass password side as two inputs of a reply operation type, and replies to calculate _ values, the reply The expression is expressed as: the value to be replied = the reply expression (first pass password, second pass @ cipher 4060). In step 4400, the client device calculates a hash value of the recovered value using the one-way hash function used in step 213 of the "Initial Program" described above. In step 4500, the client device sends a message to a computer system - then requests a login message, and then performs a work 32. Next, please refer to Figure 5, which is the detailed flow of work 2:32. The purpose of Work 2200 is to "determine whether the single pass password is correct". The steps for executing the @ line are as follows. In step 5100, the computer system receives the request to log in message transmitted by the client device in operation 31. In step 5200, the computer system generates a random number as a challenge message. In step 5300, the client device receives the challenge message from the computer system and receives the hash value of the value of the user ID in the work 3100. In step 5400, the client device encrypts the received challenge message by using a hash value of the value replied in the work 31 as an encryption key, and the encrypted message becomes a response message, together with receiving from work 3100. The input of the 5 Hai user identification name is transmitted to the computer system of the department.
在步驟5500中’該部電腦系統接收該則回應訊息及該 使用者識別名稱4020。 在步驟5600中,該部電腦系統以接收到的使用者識別 名稱4020為索引,從其可讀取的—持久性記憶媒體上讀取 一個驗證值。 在步驟5700巾,該部電腦系統以讀取到的驗證值作為 把解搶金鑰,對接收到的回應訊息進行解密運算,得到 一則被還原的挑戰訊息。 在步驟_中,該部電腦系統比對該則被還原的挑戰 訊息與原挑戰訊息是否相符,若相符則執行步驟觸以決 定該用戶端裝置所料單切行密碼為正確,之後執行工 作三3_ ;若不相符則執行步驟以決定該用戶端裝置 所用的單次通行密碼為不正確,之後執行工作五3·。 接卜來請參閱 X 邗一〜υυ叼砰紳流程。工 作二3300就是第一種同步推銘 Β 移程序,是本發明的重要部份 ’其功能是取得一個亂數作為 触m L L ^ 邗為下一個早次通行密碼,並據 此將電腦系統端的驗證值及使用 ^, 便用者知的第二通行密碼更換 成新的值;此更新的工作可接 、 J以採用兩種可能的順序其中的 41 201034423 任種,而亂數的產生可以在電腦系統端也可以在使用者 端執行之。圖6A中係假設作為下—個單次通行密碼的就數 是在使用者端的裝置上產生的,並假設更新電腦系統端的 驗證值在先,而更新使用者端的第二通行密碼在後,其執 行的步驟如下。 在步驟6100中,該部電腦系統傳送一則同步推移的訊 息給該用戶端裝置。 在步驟6200中,該用戶端裝置接收該部電腦系統傳來 的該則同步推移的訊息,並接收工作一 31〇〇中的第一通行@ 密碼之輸入及工作一 3100中被回復之數值的雜湊值。 在步驟6300中,該用戶端裝置產生一個亂數並計算它 的一個雜湊值。 在步驟6400中,該用戶端裝置利用接收自工作一 31〇() 之被回復之數值的雜湊值為一把加密金鑰將所產生之亂數 的雜凑值予以加密,接著將加密所得的結果傳送給該部電 腦系統。 在步驟6500中’該部電腦系統接收該加密結果,並接 〇 收工作二3200中所讀取的驗證值。 在步驟6600中,該部電腦系統以接收自工作二32〇〇 的驗證值為一把解密金鑰將接收的加密結果予以解密,還 原該用戶端裝置所產生亂數之雜湊值。 在步驟6700中,該部電腦系統以還原所得的該亂數之 雜凑值更換該驗證值。 在步驟6800中’該部電腦系統傳送另一則同步推移的 42 201034423 訊息給該用戶端裝置。 在步驟6900中,該用戶端裝置在接收到該另則同步推 移的訊息之後,利用前述的「初始程序」之步驟217〇中所 使用的分割運算式,以步驟6300中產生的亂數及接收自工 作一 3100的第一通行密碼之輸入4〇4〇來計算出一個新的 第二通行密碼。 在步驟6920中,該用戶端裝置以該新的第二通行密碼 更換原來的第二通行密碼4060。 在步驟6940中,該用戶端裝置傳送一則確認訊息給該 部電腦系統。 在步驟6960中,該部電腦系統接收該用戶端裝置傳來 的該則確認訊息,接著執行工作四3400。 上述的第一種同步推移程序之實施方式係假設作為下 一個單次通行密碼的亂數是在使用者端的裝置上產生的, 並假設更新電腦系統端的驗證值在先,而更新使用者端的 第二通行密碼在後。在此以圖6Β說明另一種實施方式,此 另一方式係假設由電腦系統端產生作為下一個單次通行密 碼之亂數’並假設更新使用者端的第二通行密碼在先,而 更新電腦系統端的驗證值在後,其執行的步驟如下。 在步驟6050中’該部電腦系統接收工作二3200中所 讀取的驗證值。 在步驟6150中’該部電腦系統產生另一個亂數。 在步驟6250中’該部電腦系統以接收自工作二32〇〇 的驗證值為一把加密金鑰將所產生的另一亂數予以加密, 43 201034423 接著將加密所得的結果傳送給該用戶端裝置。 在步驟6350中’該用戶端裝置接收該部電腦系統傳來 的加密、.’。果,並接收工作_ 31⑻中的第一通行密碼之輸入 及工作一 3100中被回復之數值的雜凑值。 在步驟6450中,該用戶端裝置利用接收自工作一 31〇〇 的該被回復之數值的雜湊值為一把解密金鑰,將接收到的 加达結果予以解密,還原出該部電腦系統於步驟6150所產 生的另一亂數。In step 5500, the computer system receives the response message and the user identification name 4020. In step 5600, the computer system reads a verification value from its readable-persistent memory medium, indexed by the received user identification name 4020. In step 5700, the computer system uses the read verification value as a decryption key to decrypt the received response message to obtain a restored challenge message. In step _, the computer system compares the challenge message that is restored to the original challenge message, and if it matches, the step is executed to determine that the client device has the correct single-cut password, and then performs the work three. 3_; If it does not match, the steps are executed to determine that the single pass password used by the client device is incorrect, and then the work is performed. Please refer to the X 邗 υυ叼砰绅 υυ叼砰绅 process. Work 2 3300 is the first type of synchronous push-and-shift program, which is an important part of the invention. Its function is to obtain a random number as the touch LL ^ 邗 as the next early pass password, and then verify the computer system side accordingly. Value and use ^, the user knows the second pass password to be replaced with a new value; this update work can be connected, J to adopt two possible orders of which 41 201034423 any kind, and the random number can be generated in the computer The system side can also be executed on the user side. In FIG. 6A, it is assumed that the number of the next-pass password is generated on the user-side device, and it is assumed that the verification value of the computer system is updated first, and the second password of the user terminal is updated. The steps to be performed are as follows. In step 6100, the computer system transmits a synchronously shifted message to the client device. In step 6200, the client device receives the synchronous change message sent by the computer system, and receives the input of the first pass@password in the work 31 and the value returned in the work-3100. Hash value. In step 6300, the client device generates a random number and calculates a hash value of it. In step 6400, the client device encrypts the hash value of the generated random number by using a hash value of the value recovered from the work of 31〇(), and then encrypts the hashed value. The results are transmitted to the computer system of the department. In step 6500, the computer system receives the encrypted result and receives the verification value read in the work 2200. In step 6600, the computer system decrypts the received encryption result by a decryption key received from the verification value of the work 32, and restores the hash value of the random number generated by the client device. In step 6700, the computer system replaces the verification value with the hash value of the random number obtained by the restoration. In step 6800, the computer system transmits another synchronously transmitted 42 201034423 message to the client device. In step 6900, after receiving the message of the other synchronization transition, the client device uses the segmentation operation formula used in step 217 of the "initial program" to generate the random number and reception generated in step 6300. A new second passphrase is calculated from the input of the first pass password of Work 3100. In step 6920, the client device replaces the original second passcode 4060 with the new second passphrase. In step 6940, the client device transmits a confirmation message to the computer system. In step 6960, the computer system receives the confirmation message from the client device, and then performs work 4400. The implementation manner of the first synchronous shifting program described above assumes that the random number as the next single pass password is generated on the device of the user side, and it is assumed that the verification value of the computer system is updated first, and the user's first is updated. The second pass password is after. Here, another embodiment will be described with reference to FIG. 6 , which assumes that the computer system side generates the random number as the next single pass password 'and assumes that the second pass password of the user terminal is updated first, and the computer system is updated. After the verification value of the terminal is followed, the steps performed are as follows. In step 6050, the computer system receives the verification value read in the work 2200. In step 6150, the computer system generates another random number. In step 6250, the computer system encrypts another random number generated by receiving the verification value of the work 32 〇〇, and then transmits the encrypted result to the client. Device. In step 6350, the client device receives the encryption, .’ from the computer system. And, receive the input of the first passphrase in job _ 31 (8) and the hash value of the value recovered in work 3100. In step 6450, the client device uses the hash value of the recovered value received from the work 31〇〇 to decrypt the received result, and restores the computer system to the computer system. Another random number generated by step 6150.
在步驟6550中,該用戶端裝置利用還原出的亂數與接Q 收自工作一 3100的第一通行密碼之輸入來計算出一個新的 第-通行密碼。 在步驟6650中,該用戶端裝置以該新的第二通行密碼 更換原來的第二通行密碼。 在步驟6750中,該用戶端裝置傳送一則確認訊息給該 部電腦系統。 在步驟6850中,該部電腦系統接收該用戶端裝置傳送 的確認訊息之後,計算步驟615〇中所產生之另一亂數的一 © 個雜湊值。 在步驟6950中,該部電腦系統以所計算的雜湊值更換 原來的驗證值’接著執行工作四34〇〇。 接下來請參閱圖7A,它是工作四3400的詳細流程。工 作四3400之目的是決定允許使用者之登入,其執行的步驟 如下。 在步驟7100中,該部電腦系統作出允許登入的決定, 44 201034423 傳送一則允許登入之訊息給該用戶端裝置。 在步驟7200中,該用戶端裝置接收該部電腦系統傳送 的該則允許登入之訊息。 接下來請參閱圖7B,它是工作五3500的詳細流程,其 目的是決定拒絕使用者之登入。工作五35〇〇是在工作二 3200作出該用戶端裝置所使用的單次通行密碼為不正確的 決定之後執行,其執行的步驟如下。 φ 在步驟7600中,該部電腦系統作出拒絕登入的決定, 傳送一則拒絕登入之訊息給該用戶端裝置。 在步驟7700中,該用戶端裝置接收該部電腦系統傳送 的該則拒絕登入之訊息。 以上所描述的「登入與同步推移程序」包含了本發明 的第一種同步推移程序❶若該同步推移程序被完整的執行 ,則使用者端的第二通行密碼必定隨著電腦系統端的驗證 值之更換而更換,使用者端與電腦系統端一定是同步的; φ 若該同步推移程序沒有被完整的執行而造成使用者端的第 二通行密碼沒有隨著電腦系統端的驗證值之更換而更換的 狀況,則使用者端與電腦系統端是不同步的,下—次使用 者登入時,使用者端利用原來的第二通行密碼所計算的單 次通行密碼無法被電腦系統端已更換的驗證值決定為正確 ,造成使用者被電腦系統錯誤地拒絕登入的現象。 對於電腦系統錯誤地拒絕使用者之登入的狀況,多數 的鑑別系統之處理方法是重新執行初始程序。上述的第一 實施例中,若第一種同步推移程序沒有被完整的執行而造 45 201034423 成使用者端與電腦系 π 1以置别·轨仃琢頁她 例的初始程序。重新執行初始程序可以產生一個新的亂數 作為一個重新初始的單次通行密碼,據此,在電腦系統端 ,其持久性記憶媒體儲存該重新初始之單次通行密碼的一 個雜凑值作為重新初始的-個驗證值,在使用者端,則利 用該重新初始的單次通行密碼來計算_個重新初始的第二 通行密碼,而後存入使用者端可讀取的持久性記憶媒體; 如此,使用者端與電腦系統端可以重新達到同步的狀態。 ❹ 在b重新初始化的單次通行密碼是一個新的亂數,與原 初始的亂數(即原初始的單次通行密碼)相同機率極^ 可以被當作不可能;此—特性源自亂數產生器之設計。 在本發明的方法中,因為第一通行㈣是使用者自主 性選擇的,故重新執行初始程序時,使用者仍然可以重複 使用原本的第一通行密碼。 .接下來說明第-實施例之「變更第一通行密碼程序」。 ❿ Λ f圖A匕疋—位使用者自一台用戶端裝置登入一 部電腦系統之後,在呤田ή α # 且八 Α 在5亥用戶端裝置進行第-通行密碼之變 更的過程,其執行的步驟如下。 %之變 程序8100是箭令In step 6550, the client device calculates a new first pass password using the restored random number and the input of the first passcode received from Work-3100. In step 6650, the client device replaces the original second passphrase with the new second passphrase. In step 6750, the client device transmits a confirmation message to the computer system. In step 6850, after receiving the confirmation message transmitted by the client device, the computer system calculates a hash value of another random number generated in step 615. In step 6950, the computer system replaces the original verification value with the calculated hash value' and then performs the work 34. Next, please refer to FIG. 7A, which is a detailed process of working four 3400. The purpose of Working 4400 is to determine the user's login, and the steps to perform are as follows. In step 7100, the computer system makes a decision to allow login, 44 201034423 transmits a message allowing login to the client device. In step 7200, the client device receives the message allowing the login to be transmitted by the computer system. Next, please refer to FIG. 7B, which is a detailed process of the work 5 3500, the purpose of which is to decide to refuse the user's login. The work 5 〇〇 is performed after the work 2 3200 makes the single pass password used by the client device to be an incorrect decision, and the steps performed are as follows. φ In step 7600, the computer system makes a decision to refuse to log in, and transmits a message rejecting the login to the client device. In step 7700, the client device receives the message of the refusal to log in transmitted by the computer system. The "login and sync shift program" described above includes the first sync shift program of the present invention. If the sync shift program is completely executed, the second pass password of the user terminal must be verified with the verification value of the computer system side. Replace and replace, the user end and the computer system end must be synchronized; φ If the synchronous shift program is not fully executed, the second pass password of the user end is not replaced with the replacement of the verification value of the computer system side. The user end is not synchronized with the computer system end. When the next-time user logs in, the single pass password calculated by the user end using the original second pass password cannot be determined by the verification value of the computer system end replacement. To be correct, the user is mistakenly refused to log in by the computer system. For the case where the computer system incorrectly rejects the user's login status, most authentication systems are handled by re-executing the initial procedure. In the first embodiment described above, if the first type of synchronous shifting program is not completely executed, the initial program of the user and the computer system π 1 is used to set the screen. Re-execution of the initial program can generate a new random number as a re-initial single pass password, whereby on the computer system side, its persistent memory stores a hash value of the re-initial single pass password as a re The initial verification value is used by the user to calculate a re-initial second password using the re-initial one-pass password, and then deposit the persistent memory that can be read by the user; The user end and the computer system side can be re-synchronized.单 The single pass password re-initialized in b is a new random number, which is the same as the original initial random number (that is, the original initial one-pass password). This can be regarded as impossible; The design of the number generator. In the method of the present invention, since the first pass (four) is selected by the user autonomously, the user can still reuse the original first passphrase when the initial procedure is re-executed. Next, the "change of the first pass password program" of the first embodiment will be described. ❿ Λ f Figure A匕疋—The process of changing the first-password of the user at the 5 hai client device after logging in to a computer system from a client device The steps to be performed are as follows. % change program 8100 is an arrow
文所描述的「登入與同步推移程序。 在程序8100中,哕田桎序J 輸入嶋與-個第、*端裝置接收一個使用者識別名稱之 ^ 第通行密碼之輸入8040,並自—接々ω 圮憶媒體8000 _讅& 目持久性 腦系統提出登人^ 第二通行密碼咖,以向該部電 步推移程序」的步驟並執行前文所描述之「登入與同 46 201034423 在步驟83GG巾,根據執行程序81⑼所得之訊息,若 得到一則拒絕登入之訊息,則該用戶端裝置要求該使用者 重新進行轉議,若❹卜敎許登人之訊息,則該用 戶端裝置執行步驟8400。 在步驟8400中,該用戶端裝置自程序8100中接收作 為下一個單次通行密碼的一個亂數。 在步驟8500中,該用戶端裝置接收一個輸入作為新的 ^ 第一通行密碼8050。 在步驟8600中,利用則述的「初始程序」之步驟217〇 I所使用的分割運算式,該用戶端裝置以該新的第一通行 。碼8050及接故自程序8議的下一個單次通行密碼作為 兩項輸入來計算一個新的第二通行密碼8_。此分割運算 式表不為.新的第二通行密碼=分割運算式(新的第一通行 密碼8050,下一個單次通行密碼)。 在步驟8700中,該用戶端裝置將計算所得之新的第二 〇 通仃密碼8080儲存到該持久性記憶媒鱧8000。 X上的變更第一通行密碼程序」之實施係先執行「 登入與同步推移程序」,而後保持電腦系統端已更換之驗證 不變但已更換之第二通行密瑪則隨著第一通行密碼之 更換而再次更換。 保持電腦系統端之驗證值不變但更換使用者端的第一 通行密碼與第二通行密碼的技巧也是前述專利(令華民國 專利第1293529號)的技術内容之一。該專利進一步在使用 者端的持久性記憶媒體上儲存作為鑑別秘密之亂數的二次 47 201034423 雜凑值’以在使用者端自行驗證利用使用者提供的通行密 瑪及用戶端秘密所回復之亂數的二次雜湊值與被儲存的二 次雜湊值是否相符’若相符則繼續變更通行密碼的過程, 若不相符,則使用者必須重新提供通行密碼與用戶端秘密 ,重新進行變更通行密碼的過程。在使用者端驗證所回復 之亂數,這樣的好處是使用者端不必與電腦系統連線就可 以變更其通行密碼。根據上述在使用者端驗證所回復之亂 數的技巧’在本發明的方法中,若使用者端的持久性記憶 媒體中存有單次通行密碼的二次雜凑值,則用戶端裝置可❿ 以利用該被儲存的二次雜湊值來驗證所回復的單次通行密 碼是否正確,並在確認所回復之單次通行密碼為正確之後 ,進行第一通行密碼之變更;換言之,「變更第一通行密碼 程序」之實施也可以在不必與電腦系統端連線的情況下, 單獨於使用者端執行之。 若要在使用者端的持久性記憶媒體中隨時保持储存單 次通行密碼的二次雜凑值,則在「初始程序」中必須有一 個方法能產生初始的單次通行密碼之二次雜湊值,而在「❹ 登入與同步推移程序」中必須有一個方法能令此二次雜湊 值隨著單次通行密碼之更換而更換,說明如下。 今假設「初始程序」在步驟2170之後增加一個步驟 2Π5 (圖未示),以計算原步驟212〇中所產生之亂數(初 始的單次通行密碼)的一個二次雜凑值,而後存入使用者 端可讀取的—持久性記憶媒體;另也假設「登入與同步推 移程序」在步驟6900之後增加一個步驟6910 (圖未示), 48 201034423 以計算原步驟6400中所產生之亂數(下一個單次通行密碼 )的一個一次雜凑值’而後以該下一個單次通行密碼的二 次雜湊值更換原來的單次通行密碼之二次雜湊值。如此, 則使用者端的持久性記憶媒體可以隨時保持存有單次通行 密碼之二次雜湊值。 接著說明在沒有與電腦系統端連線的狀況下,於使用 者端執行「變更第一通行密碼程序」的實施方式,包含如 ❾ 圖8B所示之步驟,說明如下。 在步驟8150中,一台用戶端裝置接收到一個使用者識 別名稱之輸入8025及一個第一通行密碼之輸入8〇45。 在步驟8250中,該用戶端裝置自一持久性記憶媒體 8005讀取一個第二通行密碼8065及一個二次雜凑值8〇85 〇 在步驟8350中,利用前述的「登入與同步推移程序」 之步驟4300中所使用的回復運算式,該用戶端裝置利用接 〇 收的第—通行密碼之輸入8045及讀取的第二通行密碼8065 作為該回復運算式的兩項輸入,回復計算出—個數值,此 回復運算式表示為:被回復的數值=回復運算式(第一通行密 碼’第二通行密碼8065)。 在步驟8450中,利用「初始程序」之步驟213〇中使 用的單向雜湊函數,該用戶端裝置計算所回復之數值的一 個二次雜凑值。 在步驟8550中,該用戶端裝置比對回復之數值的二次 雜凑值與讀取的二次雜湊值8〇85是否相符,若相符則執二 49 201034423 步驟_,若不相符則回到步驟815〇,以重新執行此程序 〇 在步驟8650中’該用戶端裝置接收一個輸入作為新的 第一通行密碼8055。 在步驟8750中,利用前述的「初始程序」之步驟21 中所使用的分割運算式’該用戶端裝置以接收的新第一通 行密碼8055及所回復之數值作為兩項輸入來計算一個新的 f二通行密碼8075。此分割運算式表示為:新的第二通行 密碼=分割運算式(新的第一通行密碼8〇55,回復之數值)。^ 在步驟8850中,該用戶端裝置以計算所得之新的第二 通行密碼8075取代持久性記憶媒體8005中原來的第二通 行密碼8065。 對於熟悉此技術領域的人來說,做出不背離本發明之 設計範圍或精神的各項修改或變化是可能的。回顧前文對 圖6Α所示之第一種同步推移程序的實施方式之步驟的說明 ,步驟6900之目的是計算一個新的第二通行密碼,其中用 到了下一個單次通行密碼及第一通行密碼作為分割運算式❹ 的兩項輸入;在此,若步驟69〇〇所進行之計算改以一個新 的第一通行密碼來與下一個單次通行密碼作為兩項輸入, 以計算出一個新的第二通行密碼,則下—次登入時必須 使用該新的第一通行密碼及該新的第二通行密碼才能回復 出正確的單次通行密碼;也就是說’使用者的第—通行密 碼已經被變更。 根據上段所述之概念,前文之「登入與同步推移程序 50 201034423 」的工作三3300只需稍加變化,便可在登入與同步推移程 序中同時變更使用者的第-通行密碼。在此以圖6A所示的 步驟加以變化為例’於登人與同步推移程序中同時變更第 一通行密碼的過程包含如圖8C所示之步驟,說明如下。 在步驟8170中,該部電腦系統接收工作二32〇〇中所 讀取的驗證值。 在步驟8270中,該部電腦系統傳送一則同步推移的訊 息給該用戶端裝置。 在步驟8370中,該用戶端裝置接收該部電腦系統傳來 的該則同步推移的訊息,並接收工作一 31〇〇中該被回復之 數值的雜湊值。 在步驟8470中,該用戶端裝置產生一個亂數並計算它 的一個雜湊值。 在步驟8570中,該用戶端裝置利用接收自工作一 31〇〇 中被回復之數值的雜凑值為一把加密金鑰將所產生之I數 的雜凑值予以加密,接著將加密所得的結果傳送給該部電 腦系統。 在步驟8670中,該部電腦系統接收該加密結果,並以 接收自工作二3200的驗證值為一把解密金鑰將接收的加密 結果予以解密,還原該用戶端裝置所產生之亂數的雜凑值 〇 在步驟8770中,該部電腦系統以還原所得的該亂數的 雜湊值更換該驗證值。 在步驟8870中’該部電腦系統傳送另一則同步推移的 51 201034423 訊息給該用戶端裝置β 在步驟8890中,該用戶端裳置在接收到該另則同步推 移的訊息之後,接收一個輸入作為新的第一通行密碼議 〇 在步驟_中’利用第一實施例的「初始程序」之步 驟217G中所使㈣分割運算式,該用戶端裝置以步驟6400 中產生的亂數及所接收之新的第—通行密碼咖來計算出 一個新的第二通行密碼。 在步鄉8920中’該用戶端裝置以計算出之該新的第二@ 通行密碼更換原來的第二通行密碼 4060 ° 在步驟8940中,該用戶端裝置傳送一則確認訊息給該 部電腦系統。 在步驟8960中’該部電腦系統接收該用戶端裳置傳來 的該則確認訊息’接著執行工作四3_以允許使用者之登 入0 執行了上述步驟後’使用者端的第二通行密碼與電腦 系統端的驗證都被更換成新的值,而使用者的第一通行密© 碼也已變更,同時完成「登入與同步推移程序」及「變更 第一通行密碼程序」。 以上所描述的第一實施例,其中的「第一種同步推移 程序」之設計並未考慮電腦系統及用戶端裝置的操作及兩 者之通訊可能中斷的狀況;若此程序未被完整的執行而造 成使用者端與電腦系統端的不同步,則使用者必須重新執 行初始程序來達成電腦系統端與使用者端的同步化。 52 201034423 接著說明第二實施例。第二實施例與第一實施例相同 ’也包含一套「初始程序」、-套「登入與同步推移程序」 、以及-套「變更第—通行密碼程序」;其中的「登入與同 步推移程序」包含一套「第二種同步推移程序」及一套「 借用同步化程序」。「第二種同步推移程序」之設計已考慮 電腦系統及用戶端裝置之操作及兩者之通訊可能會中斷的 狀況,若因中斷而造成使用者端與電腦系統端不同步,則 使用者下次登入時會執行增加的「備用同步化程序J;若此 ° 制同步化程序被完整的執行,則使用者端與電腦系統端 不同步的狀況會被修正為同步;若此備用同步化程序未被 完整的執行,則等同於使用者端此次登入失敗,再次登入 時’此備用同步化程序仍會被執行。 第二實施例同樣假設有一部多位使用者的電腦系統。 其中的初始程序之目的是利用一台用戶端裝置來產生一個 亂數作為一個初始的單次通行密碼,並在該電腦系統的持 久性纪憶媒體中儲存此初始的單次通行密碼之一個雜凑值 © 作為一個初始的本次驗證值,也儲存一個使用者識別名稱 作為取得該初始的本次驗證值之索引,同時,將一個「備 用驗證值」初始化為任意值,也將一個「確認同步化之標 記」的記錄初始化為「已確認」;而在使用者端,該初始的 單次通行密碼被分成兩個部份:一個「第一通行密喝」及 一個初始的「第二通行密碼」,其中的「第一通行密碼」是 使用者自主性地選擇並自行記憶的,而該初始的「第二通 行密碼」則是以該第一通行密碼與該初始的單次通行密碼 53 201034423 為一分割運算式的兩項輸入所得的一個輪出,並儲存於使 用者端可讀取的一個持久性記憶媒體。 上段所述的初始程序包含如圖9所示之步驟,說明如 下。 在步驟9110中’一台用戶端裝置接收一個使用者識別 名稱9102及一個第一通行密碼91〇4。 在步驟9120中’該用戶端裝置產生—個亂數作為一個 初始的單次通行密碼。 ▲在步驟9130中,該用戶端裝置利用一單向雜湊函數來Θ 計算該初始的單次通行密碼的一個雜湊值。 在步驟9140中,該用戶端裝置將該使用者識別名稱 9102及計算所得的雜凑值傳送給一部電腦系統。 在步驟9150中’該部電腦系統在其可讀取的持久性記 憶媒趙9’上記錄接收到的雜湊值與使用者識別名稱觀 ,分別作為電腦系統端的一個初始的本次驗證值9〇〇3及用 於索引該初始的本次驗證值9〇〇3的一個使用者識別名稱 9005 。 ❹ 在步驟9155中,該部電腦系統以一個「任意值」將一 個「備用驗證值9007」初始化,也將一個「確認同步化之 標記9009」初始化為「已確認」,而後將該「備用驗證值 9〇〇7」及該「確認同步化之標記9〇〇9」儲存於其可讀取的 持久性記憶媒體9001。 在步驟9160中,該部電腦系統傳送一則確認訊息給該 用戶端裝置。 54 201034423 所驟/17G中’該用戶端裝置在接收到該部電蹈系統 、,確認訊息之後,利㈣第—通行密碼91G4及所產 始的單次通行密瑪作為—分割運算式的兩項輸入來 。 ⑼始的第二通行密碼簡。此分割運算式表示為 91二°的第二通行密碼91G8=分割運算式(第—通行密碼 9104,初始的單次通行密碼)。 在步驟9180中’該用户端裝置將計算所得之初始的第 =通行密碼觸儲存於其可讀取的-持久性記憶媒體9106 與—部電腦系統進行了第二實施例的初始程序之後, =2以提供其第—通行密碼與第二通行密碼給一台用 戶端裝置,向該部電腦系統提出登 施例的「登入與同步推移程序」。 打第-實 參:圖1〇Α’它表達了第二實施例之「登入與同步推移 程序」令所須執行的五項卫作,包括卫作六刪0、工作七 10200、工作八 300、工作九购〇及工作十10500,說 明如下。 作/、101GG之目的是「為使用者準備鑑別所需之資 訊」,其所執行的内容與第—實施例的工作一 η 在工作六1〇1〇〇中,_ 的資訊,Μ4 — 置準備使用者鐘別所需 β 一個使用者識別名稱及-個單次通行密碼及 它的-個雜凑值’接著傳送一則請求登入之訊息給: 腦系統。 。丨電 工作七1G2GG之目的是「決定單次通行密碼是否正择」 55 201034423 。在工作+ 1G200中,該部電腦系統接 請求登入之訊息後,產生一個亂數作為—則置 =用戶端裝置’以執行挑戰與回應程序 ^㈣主 行密瑪的雜凑值與本次驗證值 一:=::::rrr 確;衫_-得 「… 」的記錄進行檢查,且若記錄為 已埃遇」則決定該單次通行密 ’-、The "login and sync shift program" described in the text. In the program 8100, the input and the first and the * terminal devices receive a user identification name of the first pass password input 8040, and 々 ω 圮 媒体 media 8000 _ 讅 & 目 持久 脑 脑 ^ ^ ^ ^ ^ ^ ^ 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 第二 8000 The 83GG towel, according to the message obtained by executing the program 81(9), if a message refusing to log in is obtained, the client device requests the user to re-transfer the message, and if the message is posted, the client device performs step 8400. In step 8400, the client device receives a random number as the next one-pass password from the program 8100. In step 8500, the client device receives an input as a new first pass password 8050. In 8600, the user terminal device uses the new first pass using the split arithmetic formula used in step 217 of the "initial program" described above. The code 8050 and the next single pass password from the program 8 are used as two inputs to calculate a new second passcode 8_. This splitting operation table is not a new second passphrase = splitting expression (new first passcode 8050, next single passphrase). In step 8700, the client device stores the calculated new second passcode 8080 to the persistent storage medium 8000. The implementation of the change of the first pass password procedure on X is performed by first performing the "Login and Synchronous Transfer Procedure", and then the second pass password that has been replaced by the computer system has been replaced but replaced with the first pass password. Replace it and replace it again. The technique of keeping the verification value of the computer system unchanged but replacing the first passphrase and the second passphrase of the user terminal is also one of the technical contents of the aforementioned patent (Republic of China Patent No. 1293529). The patent further stores the second 47 201034423 hash value of the random number as the secret of the secret on the user's persistent memory medium to be verified by the user end by using the user-provided pass and the user secret. Whether the second hash value of the random number matches the stored secondary hash value. If it matches, the process of changing the password is continued. If it does not match, the user must re-provide the password and the secret of the client, and re-change the password. the process of. The advantage of verifying the number of replies at the user end is that the user can change his password without having to connect to the computer system. According to the above-mentioned technique for verifying the random number of the reply at the user end, in the method of the present invention, if the secondary hash value of the single pass password exists in the persistent memory medium of the user end, the user terminal device can Using the stored secondary hash value to verify whether the single pass password replied is correct, and after confirming that the single pass password replied is correct, the first pass password is changed; in other words, "change first The implementation of the passcode program can also be performed on the user side without having to connect to the computer system. To maintain the secondary hash value of a single passphrase at any time on the client's persistent media, there must be a method in the "initial program" to generate the secondary hash value of the initial single passphrase. There must be a method in the "❹ Login and Synchronization Process" to replace this secondary hash value with the replacement of a single passphrase, as explained below. It is assumed that the "initial program" adds a step 2Π5 (not shown) after step 2170 to calculate a second hash value of the random number (initial single pass password) generated in the original step 212, and then saves Entering the user-readable - persistent memory medium; also assuming that the "login and sync shift program" adds a step 6910 (not shown) after step 6900, 48 201034423 to calculate the chaos generated in the original step 6400 A one-time hash value of the number (next single pass password) and then replace the second hash value of the original one-pass password with the second hash value of the next one-pass password. In this way, the persistent memory of the user terminal can maintain the secondary hash value of the single pass password at any time. Next, an embodiment in which the "change first pass password program" is executed on the user side without being connected to the computer system side will be described, including the steps shown in Fig. 8B, which are explained below. In step 8150, a client device receives an input 8025 for the user identification name and an input 8〇45 for the first pass password. In step 8250, the client device reads a second passcode 8065 and a second hash value 8〇85 from a persistent storage medium 8005. In step 8350, the aforementioned "login and sync shift procedure" is utilized. In the reply operation formula used in step 4300, the client device uses the received first pass password input 8045 and the read second pass password 8065 as two inputs of the reply expression, and the response is calculated as - The value of this reply expression is expressed as: the value to be replied = the reply expression (first pass password 'second pass password 8065). In step 8450, the client device calculates a secondary hash value of the recovered value using the one-way hash function used in step 213 of the "Initial Program". In step 8550, the user equipment compares the secondary hash value of the value of the reply with the read secondary hash value 8〇85, and if it matches, the second step 49 201034423 step _, if not, then returns Step 815 〇 to re-execute the program. In step 8650, the client device receives an input as a new first passphrase 8055. In step 8750, the user segment device uses the segmentation formula used in step 21 of the "initial program" described above to calculate a new one by using the received new first passcode 8055 and the value returned as two inputs. f two pass password 8075. This split expression is expressed as: new second passcode = split expression (new first passcode 8〇55, value of reply). ^ In step 8850, the client device replaces the original second passcode 8065 in the persistent storage medium 8005 with the calculated new second passcode 8075. It will be possible for those skilled in the art to make various modifications or variations that do not depart from the scope or spirit of the invention. Recalling the foregoing description of the steps of the implementation of the first type of synchronous shifting procedure shown in FIG. 6A, the purpose of step 6900 is to calculate a new second passphrase in which the next single passphrase and the first passphrase are used. As two inputs of the splitting expression ;; here, if the calculation performed in step 69〇〇 is changed to a new first passphrase and the next single passphrase as two inputs, a new one is calculated. For the second passphrase, the new first passphrase and the new second passphrase must be used to reply to the correct one-pass password; that is, the user's first passphrase has been Was changed. According to the concept described in the previous paragraph, the work 3300 of the above-mentioned "Login and Synchronization Process 50 201034423" can be changed at the same time, and the user's first pass password can be changed simultaneously in the login and synchronization process. Here, the procedure shown in Fig. 6A is changed as an example. The process of simultaneously changing the first passphrase in the boarding and synchronization shifting program includes the steps shown in Fig. 8C, which are explained below. In step 8170, the computer system receives the verification value read in operation 32. In step 8270, the computer system transmits a synchronously shifted message to the client device. In step 8370, the client device receives the synchronous change message from the computer system and receives the hash value of the value that was recovered in the work. In step 8470, the client device generates a random number and calculates a hash value of it. In step 8570, the client device encrypts the hash value of the generated I number using a hash value received from the value of the reply in the work 31, and then encrypts the encrypted value. The results are transmitted to the computer system of the department. In step 8670, the computer system receives the encryption result, and decrypts the received encryption result by using a verification value received from the working 2200, to restore the random number generated by the user device. In step 8770, the computer system replaces the verification value with the hash value of the random number obtained by the restoration. In step 8870, the computer system transmits another 51 201034423 message of the synchronous transition to the client device β. In step 8890, the client device receives an input after receiving the message of the other synchronization transition. The new first pass password is discussed in step _ in the step 217G of the "initial program" of the first embodiment, and the user equipment uses the random number generated in step 6400 and received. The new first pass password is used to calculate a new second passcode. In step 8920, the client device replaces the original second passcode 4060 with the new second passcode calculated. In step 8940, the client device transmits a confirmation message to the computer system. In step 8960, 'the computer system receives the confirmation message sent by the client's skirt' and then performs the work 4__ to allow the user's login 0 to perform the above steps, and the second password of the user terminal is The verification on the computer system side is replaced with a new value, and the user's first access secret code has also been changed, and the "login and sync change program" and "change first pass password program" are completed at the same time. In the first embodiment described above, the design of the "first type of synchronous shifting program" does not consider the operation of the computer system and the user equipment, and the communication may be interrupted; if the program is not completely executed If the user terminal is not synchronized with the computer system, the user must re-execute the initial program to achieve synchronization between the computer system and the user. 52 201034423 Next, a second embodiment will be described. The second embodiment is the same as the first embodiment'. It also includes a set of "initial procedures", a set of "login and sync change procedures", and a set of "change first pass password procedures"; "login and sync pass procedures" "Includes a set of "second synchronization shift program" and a set of "borrowing synchronization program". The design of the "second synchronous shifting program" has considered the operation of the computer system and the user equipment and the communication between the two may be interrupted. If the user terminal is not synchronized with the computer system due to the interruption, the user The secondary "synchronization program J will be executed when logging in; if the synchronization program is completely executed, the status of the user and the computer system will be corrected to be synchronized; if this synchronization synchronization program If it is not completely executed, it is equivalent to the user's login failure. When this login again, the backup synchronization program will still be executed. The second embodiment also assumes that there is a multi-user computer system. The purpose of the program is to use a client device to generate a random number as an initial one-pass password and store a hash value of this initial one-pass password in the persistent memory of the computer system © As an initial verification value, a user identification name is also stored as an index for obtaining the initial verification value, and at the same time, one will be The "Alternate Verification Value" is initialized to an arbitrary value, and a record of "Confirm Synchronization Flag" is also initialized to "confirmed"; on the user side, the initial single pass password is divided into two parts: one "First Pass" and an initial "Second Passcode", in which the "First Passcode" is automatically selected by the user and remembered by himself, and the initial "Second Passcode" is The first pass password and the initial one-pass password 53 201034423 are one round of two inputs of a split expression, and are stored in a persistent storage medium readable by the user end. The initial procedure described in the previous paragraph contains the steps shown in Figure 9, as explained below. In step 9110, a client device receives a user identification name 9102 and a first passphrase 91〇4. In step 9120, the client device generates a random number as an initial one-pass password. ▲ In step 9130, the client device uses a one-way hash function to calculate a hash value for the initial one-pass password. In step 9140, the client device transmits the user identification name 9102 and the calculated hash value to a computer system. In step 9150, the computer system records the received hash value and the user identification name on the readable persistent memory medium 9', respectively, as an initial verification value of the computer system side. 〇3 and a user identification name 9005 for indexing the initial verification value of 9〇〇3. ❹ In step 9155, the computer system initializes a “standby verification value 9007” with an “arbitrary value”, and also initializes a “confirmation synchronization mark 9009” to “confirmed”, and then the “alternate verification” The value 9〇〇7” and the “confirmation synchronization flag 9〇〇9” are stored in the readable persistent storage medium 9001. In step 9160, the computer system transmits a confirmation message to the client device. 54 201034423 In step /17G, 'the user equipment receives the electric circuit system, confirms the message, and then the (4) first pass code 91G4 and the single pass MM that is produced as the split-calculation Enter the item. (9) The second pass password is simple. This divisional expression is expressed as a second pass code of 91 deg. 91G8 = split arithmetic expression (first pass password 9104, initial single pass password). In step 9180, after the client device stores the calculated initial passcode password in its readable-persistent memory medium 9106 and the computer system, the initial procedure of the second embodiment is performed, 2 to provide its first passphrase and the second passphrase to a client device, and to present the "login and sync move program" of the application to the computer system. Play the first-real parameter: Figure 1〇Α' It expresses the five guards that must be executed in the "Login and Synchronous Change Procedure" order of the second embodiment, including the work of the six deletions, the work seven 10200, the work eight 300 The work is nine purchases and the work is 10,500, as explained below. The purpose of the /, 101GG is to "prepare the information needed for the user to identify", the content of the implementation is the same as the work of the first embodiment, in the work of 〇1〇1〇〇, _ information, Μ4 Prepare the user to remember the desired user name and a single passphrase and its hash value. Then send a message requesting login to: Brain System. . The purpose of working on the 7G2GG is to "determine whether a single pass password is being chosen" 55 201034423 . In the work + 1G200, after the computer system receives the request to log in, it generates a random number as - then set = client device to perform the challenge and response procedure ^ (4) the hash value of the main line and the current verification Value one: =::::rrr Yes; shirt _- get "..." record to check, and if recorded as already met" then decide the single pass secret '-,
:未確認」,則執行-套「備用同步化程序來::::: 次通行密碼是否正確。 干: Not confirmed, then execute - Set "Alternate synchronization program to::::: Is the pass password correct?
_若執行工作七10200之後所得的結果是決定該單次通 行密瑪為正確,則執行工作八i咖即本發明的第二種同 步推移程序,以取得—個新的亂數作為下—個單次通行密 馬且根據此亂數來將電腦系統端的本次驗證值及使用者 端的第二通行密碼更換成新的值,並利用工作+1〇2〇〇中 的「確認同步化之標記」來記錄電腦系統是否收到使用者 端已經更換第二通行密碼的確認訊息;之後,執行工作九 10400,該部電腦系統允許該使用者之登入,而該用戶端裝 置接收到該部電腦系統傳送的一則允許登入之訊息。 在工作八10300的執行過程中,若電腦系統及用戶端 裝置之操作或兩者之通訊發生中斷,因而造成電腦系統沒 有收到使用者端已經更換第二通行密碼的確認訊息,則「 確認同步化之標記」的記錄會是「未確認」;而若工作八 10300被完整的執行,則「確認同步化之標記」的記錄會是 「已確認」。 56 201034423 若執行工作七10200之後所得的結果是決定該單次通 行密碼為不正確,則執行工作十10500,該部電腦系統拒絕 該使用者之登入,而該用戶端裝置接收到該部電腦系統傳 送的一則拒絕登入之訊息。_If the result obtained after the execution of work 7 10200 is to determine that the single pass is the correct, then the second synchronous shift program of the present invention is executed to obtain a new random number as the next one. According to the random number, the current verification value of the computer system end and the second pass password of the user end are replaced with new values, and the "synchronization mark" in the work +1〇2〇〇 is used. To record whether the computer system has received the confirmation message that the user has replaced the second passphrase; afterwards, perform the work 9400, the computer system allows the user to log in, and the client device receives the computer system A message that is allowed to log in. During the execution of the work 8 10300, if the operation of the computer system and the user device or the communication between the two is interrupted, causing the computer system not to receive the confirmation message that the user has replaced the second passphrase, then "confirm the synchronization." The record of "Marking Mark" will be "Unconfirmed"; if Work 810300 is fully executed, the record of "Confirm Synchronization Mark" will be "confirmed". 56 201034423 If the result obtained after the execution of work 7 10200 is to determine that the single pass password is incorrect, then the work 10 10500 is executed, the computer system rejects the login of the user, and the client device receives the computer system. A message sent to reject the login.
回顧工作七10200的内容,其設計已考慮了電腦系統 及用戶h裝置之操作及兩者之通訊可能會中斷的狀況;若 使用者前一次登入時因這樣的狀況而造成使用者端與電腦 系統端不同步,則工作七10200中的「備用同步化程序」 會被執行。在此以圖進—步表達工作七!咖的内容 ,其中包含五項子工作,分別是工作七_(1)1〇21〇、工作七_ (2)10220、工作七_(3)1〇23〇、玉作七_(4)1〇24〇及工作七_ (5)1〇25〇;其中的工作七·(3)1〇23〇至,!工作七⑷1〇24〇就是 「備用同步化程序」。此五項子工作分別說明如下。 工作七-(1)1〇2Η)是決定單次通行密碼之雜湊值與本次 驗證值是否相符的程序。在此工作t,該部電腦系統接收 到該用戶端裝置請求登入之訊息後,產生一則挑戰訊息送 在該用戶端裝置,利用挑戰與回應程序來驗證該用戶端裝 置所使用的單次通行密碼之凑值與本次驗證值是否相符。 若執行卫作七·⑴刪0之後得到的結以該單次通行 密碼之雜凑值與本次驗證值相符,則執行工作七_(2)丨〇22〇 ’該部電腦系統決定該用戶端裝置所使用的單次通行密碼 為正確,完成工作七刪〇之執行,再繼 二 10300。 # 八 若執行工作七·⑴1G21()之後得到的結果是該單次通行 57 201034423 密碼之雜凑值與本次驗證值不相符,則該部電腦系統根捸 對,於該使用者的-個「確認同步化之標記」的内容來列 斷疋否執行備用同步化程序」。該備用同步化程序的内容 包含了工作七-(3)ι〇23〇與卫作七_(4)1〇24〇。 若「確認同步化之標記」的内容為「已破認」,則「備 用同步化程序」不必被執行’而是執行工作七(5)搬%, 該部電腦系統決定該用戶端裝置所使用的單次通行密碼為 不正確’完成工作七10200之執行,再繼續執行工作十 10500 〇 ^ © 若「確認同步化之標記」的内容為「未確認」,則「備 用同步化程序」會被執行。備用同步化程序中的工作七· (★3)10230是決定單次通行密瑪之雜湊值與備用驗證值是否相 符的程序。在此工作中,該部電腦系統以一個備用驗證值 對所接收的回應訊息重新驗證,以決定該用戶端裝置所使 用之單次通行密碼的雜湊值與該備用驗證值是否相符。 右執行工作七_(3)10230之後得到的結果是該單次通行 密碼之雜湊值與該備用驗證值不相符,則中止「備用同步⑬ 化,序」之執行’並執行工作七·(5)1〇25〇,該部電腦系統 決疋該用戶端裝置所使用的單次通行密碼為不正確完成 工作七10200之執行,再繼續執行工作十1〇5〇〇。 若執行工作七·(3)10230之後得到的結果是該單次通行 密碼之雜湊值與該備用驗證值相符,則執行工作七_ (4) 10240,其内容是該部電腦系統以該備用驗證值更換該本 次驗證值,以將電腦系統端與使用者端修正為同步;之後 58 201034423 ,執行工作七-(2)10220,該部電腦系統決定該用戶端裴置 所使用的單次通行密碼為正確,完成工作七1〇2〇〇之執行 ,再繼續執行工作八10300。 接著配合圖11到圖14來說明上述的工作六1〇1〇〇至工 作十10500等五項工作的内容。 參閱圖U,它是工作六10100的詳細流程,它是為使 用者準備鑑別所需之資訊的程序,其執行的步驟與第一實 ❹ 施例中的工作一 3100所執行的步驟(見圖4)相同。今配 合第二實施例所使用的語詞,將圖4的内容修改如圖^, 並說明其步驟如下。 在步驟111GG中一台用戶端裝置接收到—個使用者識 別名稱之輸入11020及一個第一通行密碼之輸入11〇4〇。 在步驟11200中’該用戶端裝置自一持久性記憶媒體 11000讀取一個第二通行密碼11〇6〇。 在步驟113GG中,該用戶端裝置利賴收的第—通行密 Φ 碼之輸入U040及讀取的第二通行密碼11060作為一回復運 算式的兩項輸入,喊計算出一個數值,此回復運算式表 示為:被回復的數值=回復運算式(第一通行密碼,第二通行 密碼 11060)。 在步驟11400巾’利用第二實施例的「初始程序」之步 驟9130巾使用的單向雜湊函數,該用戶端裝置計算所回復 之數值的一個雜湊值。 在步驟11500中,該用戶端裝置向一部電腦系統發出一 貝J β求登入之讯息,接著執行工作七1 〇2〇〇。 59 201034423 接下來請參閱圖12,它是工作七1〇2〇〇的詳細流程。 工作七10200之目的是「決定單次通行密碼是否正確」,其 執行的步驟如下。 在步驟12000中,該部電腦系統接收該用戶端裝置於 工作六10100十所傳送的該則請求登入之訊息。 在步驟12050中,該部電腦系統產生一個亂數作為一 則挑戰訊息,傳送給該用戶端裝置。 在步驟12100中,該用戶端裝置接收該部電腦系統傳 來的挑戰訊息,並接收工作六1〇1〇〇中的使用者識別名稱❿ 之輸入11020及所回復之數值的雜湊值。 在步驟12150中,該用戶端裝置以工作六1〇1〇()中回 復之數值的雜湊值作為一把加密金鑰將接收的挑戰訊息加 雄加费後的讯息成為一則回應訊息,連同接收自工作六 101〇〇的該使用者識別名稱之輸入11〇2〇傳送給該部電腦系 統。 ’、Recalling the contents of Work 7:10200, the design has taken into account the operation of the computer system and the user's h device and the communication of the two may be interrupted; if the user logs in the previous time, the user and the computer system are caused by such a situation. If the terminals are not synchronized, the "alternate synchronization program" in the work 710200 will be executed. Here's a step-by-step way to express work seven! The content of the coffee, which includes five sub-workes, namely work _(1)1〇21〇, work seven_(2)10220, work seven_(3)1〇23〇, jade work seven_(4) 1〇24〇 and work7_(5)1〇25〇; work 7·(3)1〇23〇, work 7(4)1〇24〇 is the “alternate synchronization program”. The five sub-workes are described below. The work seven-(1)1〇2Η) is a procedure for determining whether the hash value of the single pass password matches the current verification value. In this work, after receiving the message requesting the login by the client device, the computer system generates a challenge message to be sent to the client device, and uses the challenge and response program to verify the single pass password used by the client device. Whether the value of the match is consistent with this verification value. If the result obtained after the execution of the Guardian VII (1) is 0, the hash value of the single pass password matches the current verification value, then the work is performed _(2) 丨〇 22 〇 'The computer system determines the user The single pass password used by the end device is correct, and the execution of the work is completed, and then the second is 10,300. #八若进行工作七·(1)1G21() The result obtained is that the single pass 57 201034423 password hash value does not match the verification value, then the computer system is correct, in the user's "Check the synchronization mark" to break the execution of the alternate synchronization program." The content of the alternate synchronization program contains work seven-(3) ι〇23〇 and 卫作七_(4)1〇24〇. If the content of the "Confirmation Synchronization Flag" is "Discrete", the "Alternate Synchronization Program" does not have to be executed. Instead, the work is performed seven (5). The computer system determines the use of the client device. The single pass password is incorrect 'Complete work 7 10200 execution, and then continue to work 10 10500 〇 ^ © If the content of the "Confirm synchronization mark" is "Unconfirmed", the "Alternate Synchronization Program" will be executed. . The work in the alternate synchronization program VII (★3) 10230 is a program that determines whether the hash value of the single pass MM is consistent with the alternate verification value. In this work, the computer system re-verifies the received response message with a backup verification value to determine whether the hash value of the single pass password used by the client device matches the standby verification value. The result of the right execution work _(3) 10230 is that the hash value of the single pass password does not match the standby verification value, then the execution of "alternate synchronization 13th, sequence" is aborted and the work is performed. ) 1〇25〇, the computer system of the Ministry decided that the single pass password used by the client device is not correct to complete the work of the seven 10200, and then continue to perform the work of 10 〇 5 〇〇. If the result obtained after the execution of the work (7) 10230 is that the hash value of the single pass password matches the standby verification value, then the work VII (4) 10240 is performed, and the content is the computer system with the standby verification. The value is replaced by the verification value to correct the computer system end and the user end to be synchronized; after 58 201034423, the work is performed seven-(2) 10220, and the computer system determines the single pass used by the user terminal. The password is correct, and the execution of the work is completed 7:2, and then the work is completed at 8300. Next, the contents of the above five tasks, from work 6-1 to work 1010, will be described with reference to Figs. 11 to 14 . Referring to Figure U, it is a detailed flow of Work 6100, which is a program for the user to prepare the information needed for authentication, the steps performed by it and the steps performed by Work 3100 in the first embodiment (see figure 4) Same. With the words used in the second embodiment, the contents of Fig. 4 are modified as shown in Fig. 2, and the steps are as follows. In step 111GG, a client device receives an input 1120 for the user identification name and an input for the first pass password 11〇4〇. In step 11200, the client device reads a second passcode 11〇6〇 from a persistent storage medium 11000. In step 113GG, the user terminal device receives the first pass password Φ code input U040 and the read second pass password 11060 as two inputs of a reply operation formula, and calls a value to calculate a return operation. The expression is expressed as: the value to be replied = the reply expression (first pass password, second pass password 11060). At step 11400, the client device calculates a hash value of the replied value using the one-way hash function used in step 9130 of the "Initial Procedure" of the second embodiment. In step 11500, the client device sends a message to the computer system to log in, and then performs the work of 7.1. 59 201034423 Next, please refer to Figure 12, which is the detailed process of working seven 1〇2〇〇. The purpose of the work 7 10200 is to "determine whether the single pass password is correct". The steps are as follows. In step 12000, the computer system receives the requesting login message transmitted by the client device at work 6100100. In step 12050, the computer system generates a random number as a challenge message for transmission to the client device. In step 12100, the client device receives the challenge message from the computer system and receives the input 11020 of the user identification name 工作 in the work 6-1 and the hash value of the replied value. In step 12150, the client device uses the hash value of the value replied in the work hexagram (1) as an encryption key to update the received challenge message into a response message, together with receiving. The input of the user identification name from work 6101 is transmitted to the computer system. ’,
在步驟12200中,該部電腦系統接收該則回應訊息及 該使用者識別名稱11020。 D 在步驟12250中,該部電腦系統以接收到的使用者識 別名稱11G2G為索引,從其可讀取的__持久性記憶媒體上讀 取一個「本次驗證值」。 在步驟12300中,該部電腦系統以讀取到的本次驗證 值作為一把解密金鑰,對接收到的回應訊息進行解密運算 ’得到一則被還原的挑戰訊息。 在步驟12350中,該部電腦系統比對該則被還原的挑 60 201034423 .純额紋㈣符,若不㈣難行㈣12_ 次相付則執行㈣m5G,決定利戶端裝置所使用之單 ㈣碼為正確,完成卫作七1G2(K)之執行,之後執行 工作八10300。 :㈣12400中,該部電腦系統以接收到的使用者識 -個 G為索引,從其可讀取的—持久性記憶媒體讀取 —個「確認同步化之標記」。 在步冑1245G中’ ^該「確認同步化之標記」的記錄 ^未確認」’則該部電腦系統執行步驟125〇〇;若該「域 〜二步化之標„己」的記錄為「已確認」,則該部電腦系統執 仃’驟12700,決定則戶端裝置所使用之單次通行密碼為 不正確’完成工作丨10200之執行,之後執行工作十刪〇 〇 在步驟12500令,該部電腦系統以接收到的使用者識 稱11020為索引,從其可讀取的—持久性記憶媒體讀取 Q —個「備用驗證值」。 在步驟12550中’該部電腦系統以讀取到的備用驗證 值作為另一把解密金鑰,對接收到的回應訊息重新進行解 密運算,得到另一則被還原的挑戰訊息。 在步驟12600中,該部電腦系統比對該另則被還原的 挑戰訊息與原挑戰訊息是否相符,若相符則執行步驟1265〇 :若不相符則執行步驟127〇(),決定該用戶端裝置所使用之 單-欠通行密碼為不正確,完成工作七1〇2〇〇之執行,之後 執行工作十10500。 61 201034423 在步驟12650中,該部電腦系統以該備用驗證值更換 該本次驗證值。 在步驟12680中,該部電腦系統將該確認同步化之標 記的内容變更為已確認。 在步驟12750中,該部電腦系統決定該用戶端裝置所 使用之單次通行密碼為正確,完成工作七1〇2〇〇之執行, 之後執行工作八10300。 接下來請參閱@ 13,它是工作1G3QQ的詳細流程。In step 12200, the computer system receives the response message and the user identification name 11020. D In step 12250, the computer system reads a user identification name 11G2G as an index, and reads a "this verification value" from the __ persistent storage medium that can be read. In step 12300, the computer system reads the received verification value as a decryption key, and decrypts the received response message to obtain a restored challenge message. In step 12350, the computer system of the department is compared with the one that is restored 60 201034423. The pure balance pattern (four) symbol, if not (four) difficult (four) 12_ times payment is executed (four) m5G, the single (four) code used by the user equipment is determined to be Correct, complete the implementation of the Guardian Seven 1G2 (K), and then perform the work of 10,300. : (4) In the 12400, the computer system of the department reads the user-received user-g, and reads from the readable-persistent memory medium, a "mark of confirmation synchronization". In step 1245G, '^ the record of "confirm synchronization mark" is not confirmed", then the computer system executes step 125; if the record of "domain to two-step mark" is "already" Confirmation, the computer system is executed at step 12700, and it is determined that the single pass password used by the client device is incorrect 'Complete work 丨 10200 is executed, and then the work is deleted. Step 12500, The computer system reads the received user identification 11020 as an index and reads Q "alternate verification value" from its readable-persistent memory medium. In step 12550, the computer system uses the read backup verification value as another decryption key, and performs a decryption operation on the received response message to obtain another restored challenge message. In step 12600, the computer system matches the challenge message that is otherwise restored with the original challenge message. If yes, step 1265 is performed: if not, step 127() is performed to determine the client device. The single-underpass password used is incorrect, and the execution of the work is completed at 7:2, and then the work is performed at 10,500. 61 201034423 In step 12650, the computer system replaces the current verification value with the standby verification value. In step 12680, the computer system of the department changes the content of the flag for confirming the synchronization to the confirmed. In step 12750, the computer system determines that the single pass password used by the client device is correct, completes the execution of the work 7.1, and then executes the work 1010300. Next, please refer to @13, which is the detailed process of working 1G3QQ.
工作八10300就是第二種同步推移程序,是本發明的重要 部份,其功能是取得一個亂數作為下一個單次通行密碼, 並據此將電腦系統端的本次驗證值及使用者端的第二通行 密碼更換成新的值,並利用工作七1〇2〇〇中的「確認同步 化之標記」來記錄電腦系統是否收到使用者端已經更換第 二通行密碼的確龍息;此更新的卫作可以採料種可能 的順序其中的任-種,而亂數的產生可以在電腦系统端也 =在使转端執行之。圖13中係假設作為下—個單次通 行密碼的亂數是在使用者端的裝置上產生的,並假設更新 電腦系統端的本次驗證值在先,而更新使 二 行密碼在後,其執行的步驟如下。 的第一通 在步驟13100中,該部電腦系統傳送一則同步推移的 訊息給該用戶端裝置。 步驟13200中,該用戶端裝置接收該部電腦系統傳 來的該則同步推移的訊息,並接收工作六i㈣〇中被回復 之數值的雜湊值及第一通行密碼之輸入u〇4〇。 62 201034423 在步驟13300中,該用戶端裝置產生一個亂數並計算 它的一個雜凑值。 在步驟13400中,該用戶端裝置利用接收自工作六 10100中被回復之數值的雜難為—把加密金賴所屋生之 亂數的雜凑值予以加密,接著將加密所得的結果傳送給該 部電腦系統。 在步驟13500中,該部電腦系統接收該加密結果並 接收工作1G2GG巾讀取的本次驗證值、確認同步化之標 記、及備用驗證值。 在步驟13600中,該部電腦系統將該確認同步化之標 記變更為「未確認」。 在步驟13700中’該部電腦系統接收自工作七1〇2〇〇 的本次驗證值為一把解密金鑰將接收的加密結果予以解密 ’還原該亂數的雜湊值。 在步驟13800中,該部電腦系統以該本次驗證值更換 該備用驗證值。 在步驟13900中,該部電腦系統以還原所得的該亂數 的雜湊值更換該驗證值。 在步驟13910中,該部電腦系統傳送另一則同步推移 的訊息給該用戶端裝置。 在步驟13930中,該用戶端裝置在接收到該另則同步 推移的訊息之後,利用前述之第二實施例的「初始程序」 之步驟9170中所使用的分割運算式,以步驟133〇〇中產生 的亂數及接收自工作六10100的第一通行密碼之輸入11〇4() 63 201034423 來計算出一個新的 第二通行密碼。 在步驟13950中,該用戶端裝置以該新的第二通行密 碼更換原來的第二通行密碼11〇6〇。 在步驟13 970中,δ亥用戶端裝置傳送一則確認訊息給 該部電腦系統。 在步驟13990中,該部電腦系統接收該用戶端裝置傳 來的該則確認訊息,並將該確認同步化之標記變更為「已 確認」’接著執行工作九1 〇4〇〇。 接下來請參閱圖14Α,它是工作九1G4GG的詳細流程。 工作九UMOO之目的是決定允許使用者之登入其執行的 步驟如下。 在步驟㈣〇中,該部電腦系統作出允許登入的決定 ’傳送一則允許登入之訊息給該用戶端裝置。 在步驟14200令,該用戶端裝置接收該部電腦系統傳 送的該則允許登入之訊息。 接下來請參閱圖14B’它是工作十刪〇的詳細流程, 其目的是決定拒絕制者之登人。工作十ig是在 =1〇細作出該用戶端裝置所使用的單次通行密碼為不正 確的決定之後執行,其執行的步驟如下。 在步驟14_中,該部電腦系統作出拒絕登入的決定 ,傳送一則拒絕登入之訊息給該用戶端裝置。 在步驟14700中,續爾 逆心目β用戶端裴置接收該部電腦系統傳 送的該則拒絕登入之訊息。 吁 二 以上的「登入與同步推移程序」包含了本發明的第 64 201034423 種同步推移程序。若該同步推移程序被完整的執行,則使 用者端的第二通行密碼必定隨著電腦系統端的本次驗證值 之更換而更換,使用者端與電腦系統端一定是同步的,而 確認同步化之標記的内容會是「已確認」;若該同步推移程 序沒有被完整的執行而造成使用者端的第二通行密碼沒有 隨著電腦系統端的本次驗證值之更換而更換的狀況,則使 用者鈿與電腦系統端是不同步的,而確認同步化之標記的Work 8 10300 is the second synchronous shift program, which is an important part of the present invention. Its function is to obtain a random number as the next single pass password, and accordingly the current verification value of the computer system side and the user side Change the password of the two passwords to a new value, and use the "Confirmation Synchronization Flag" in the work 7.1 to record whether the computer system has received the second password of the user has been replaced; this update The Guardian can pick any of the possible sequences, and the generation of random numbers can be performed on the computer system side as well as on the transfer end. In Figure 13, it is assumed that the random number as the next-pass password is generated on the user-side device, and it is assumed that the current verification value of the computer system is updated first, and the update causes the two-line password to be followed by the execution. The steps are as follows. The first pass in step 13100, the computer system transmits a synchronously shifted message to the client device. In step 13200, the client device receives the synchronous change message sent by the computer system, and receives the hash value of the value recovered in the work (i) and the input password of the first pass password. 62 201034423 In step 13300, the client device generates a random number and calculates a hash value thereof. In step 13400, the client device encrypts the hash value of the random number generated by the encryption key by using the miscellaneous value received from the value recovered in the work 6100, and then transmits the encrypted result to the Computer system. In step 13500, the computer system receives the encryption result and receives the current verification value, the verification synchronization flag, and the backup verification value read by the working 1G2GG towel. In step 13600, the computer system of the department changes the flag for confirming the synchronization to "unconfirmed". In step 13700, the computer system receives the verification value of the work 7.1, and the decryption key decrypts the received encryption result to restore the hash value of the random number. In step 13800, the computer system replaces the backup verification value with the current verification value. In step 13900, the computer system replaces the verification value with the hash value of the random number obtained by the restoration. In step 13910, the computer system transmits another synchronously shifted message to the client device. In step 13930, after receiving the message of the other synchronization transition, the client device uses the segmentation operation formula used in step 9170 of the "initial program" of the second embodiment described above, in step 133. The generated random number and the input of the first passphrase received from the work 610100 are 11〇4() 63 201034423 to calculate a new second passphrase. In step 13950, the client device replaces the original second passcode 11〇6〇 with the new second passcode. In step 13 970, the delta client device transmits a confirmation message to the computer system. In step 13990, the computer system receives the confirmation message from the client device, and changes the confirmation synchronization flag to "confirmed" and then performs the work 9:1. Next, please refer to Figure 14Α, which is the detailed process of working 9G4GG. The purpose of the work nine UMOO is to determine the steps to allow the user to log in to perform the following. In step (4), the computer system makes a decision to allow login to send a message allowing access to the client device. In step 14200, the client device receives the message allowing the login to be transmitted by the computer system. Next, please refer to FIG. 14B', which is a detailed process of deleting the work, and its purpose is to determine the rejection of the system. The work ten ig is executed after the =1 fine decision to make the single pass password used by the client device is an incorrect decision, and the steps of the execution are as follows. In step 14_, the computer system makes a decision to reject the login and transmits a message rejecting the login to the client device. In step 14700, the reverse user terminal receives the message of the denial of login transmitted by the computer system. The "Login and Synchronization Process" of the second or more includes the 64th 201034423 synchronization shift program of the present invention. If the synchronization change program is completely executed, the second password of the user terminal must be replaced with the replacement of the verification value of the computer system end, and the user end and the computer system end must be synchronized, and the synchronization is confirmed. The content of the tag will be "confirmed"; if the synchronization pass program is not fully executed and the second passphrase of the user terminal is not replaced with the replacement of the verification value of the computer system, the user钿Is not synchronized with the computer system side, and confirms the synchronization mark
内容會是「未確認」,故’ τ—次使用者登人時會執行增加 的備用同步化程序」,若此備用同步化程序被完整的執行 ,則使用者端與電腦系統端不同步的狀況會被修正為同步 :若此備用同步化程序未被完整的執行,則等同於使用者 端此次登人失敗,再次登人時,此備用同步化程序仍會被 執行。 接下來說明第二實施例之「變更第—通行密碼程序」。 參考圖,它是-位使用者自一台用戶端裝置登入一 部電腦⑽之後,在則戶端裝置進行第—通行密碼之變 更的過程,其執行的步驟如下。 程序Η200是上文所描述之第二實施例的「登入與同 步推移程序」。在此料巾,㈣戶《置接收-個使用者 識別名稱之輸人15_與-個第―通行密碼之輸人15_, 並自-持久性記憶㈣15_巾讀取—個第二通行 15嶋’以向該部電腦系統㈣登人之請求,純行第二實 施例的「登入與同步推移程序」的步驟。 貝 在步驟15300中,枏插批—& > 根據執订程序!5200所得之訊息, 65 201034423 若得到一則拒絕登入之訊息, ^ J該用戶鳊裝置要求該使用 者董新進行程序15200,若得到_ m m 則允許登入之訊息,則該 用戶端裝置執行步驟15400。 在步驟15400中,該用戶端裝 躅裝置自程序15200中接收 作為下一個單次通行密碼的—個亂數。 在步驟15500中,該用戶端奘 认油 端裝置接收一個輸入作為新 的弟一通行密碼15050。 在步驟15600中,利用梦_ * 第—實施例的「初始程序」之 步驟9170中所使用的分割運篡 建异式,該用戶端裝置以該新的 第I通行密碼15050及接收自程序的下-個單次通 Z碼作為兩項輸人來計算-個新的第二通行密碼15_。 此为割運算式表示為··新的 _ π弟—通仃密碼=分割運算式(新 的第一通行密碼15請,下-個單次通行密碼)。 一、在步驟15700中,該用戶端裝置將計算所得之新的第 -通仃㈣15_儲相該持久性記憶媒體】测。 以上的「變更第一通行密碼程序」之實施係先執行第 一實施例的「登入與同步施 ^推移程序」’而後保持電腦系統端 已更換之本次驗證值與備用驗證值不變,但已更換之第二 通行密碼則隨著第-通行密碼之更換而再次更換。 以上所提到的技巧斑古 议)興方法’可利用電腦軟體的指令實 作。這樣的軟體指令可U ^ ^』以健存於機器可讀之儲存媒體的物 件中’或儲存於連結於—他| +7 、 個或多個處理器之機器可讀的記 憶裝置中。在操作上,沪人 知7由一個或多個處理器執行,使 得特定的機器可以執扞太ιηη 订本發明所提出的功能與操作。更具 66 201034423 體的例子是將上述所提的電腦系統端之運作功能以軟體的 方式實作於一部電腦;而使用者端操作方法也可利用軟體 的方式實作於使用者端電腦或數位裝置,而使用者端的電 腦或數位裝置可以視為相對於伺服器系統的用戶端裝置。 對於熟悉此技術領域的人來說,做出不背離本發明之 設計範圍或精神的各項修改或變化是可能的。例如本發明 之實施例中,用於儲存第二通行密碼的持久性記憶媒體有 〇 乡樣性的選擇’可以是使用者提供的可攜式持久性記憶媒 體例如USB隨身碟、記憶卡、個人化的手持裝置如手機 或PDA等,也可以是網路硬碟,或者是以儲存第二通行密 碼為服務的網站主機所提供之持久性記憶媒體,又如第一 種及第二種同步推移程序令更新的電腦系統端驗證值及使 用者端第二通行密碼可以採用兩種可能的順序其中的任一 而作為下一個單次通行密碼的亂數之產生可以在電腦 系統端也可以在使用者端執行之,再如作為下一個單次通 G 仃费碼的亂數之產生過程可能被整合到使用者端計算回應 訊息時一同執行;這類的修改或變化將視為本發明的一部 伤’只要其修改或變化等同於本發明中之說明。 【圖式簡單說明】 圖1A是中華民國專利第1293529號方法之「初始程序 」的一個實施例流程圖; 圖1B是令華民國專利第1293529號方法之「使用者登 入電腦系統程序」的-個實施例流程圖; 圖1C是中華民國專利第1293529號方法之「變更用戶 67 201034423 個實施例流程圖; 初始程序」的一個實 端秘密與電腦系統端驗證值程序」的一 圖2是本發明的第一實施例之「 施例流程圖; 是本發明的第一實施例之 围 登入與同 步推移程片 」中所須執行之五項工作的一個示意圖; 圖4是本發明的第一實施例之「登入與同步推 」中所執行之工作-的-個實施例流程圖,纟目的曰「 使用者準備鑑別所需之資訊」; 疋4The content will be "unconfirmed", so 'τ - the user will perform an additional backup synchronization program when the user logs in." If the standby synchronization program is completely executed, the user and the computer system are not synchronized. Will be corrected to sync: If this alternate synchronization program is not fully executed, it is equivalent to the user's failure to log in this time. When you log in again, this alternate synchronization program will still be executed. Next, the "change-pass password program" of the second embodiment will be described. Referring to the figure, it is a process in which a user enters a computer (10) from a client device and then performs a change of the first pass password at the client device, and the steps are as follows. The program 200 is the "login and sync shift program" of the second embodiment described above. In this towel, (4) households "received - a user identification name of the input 15_ and - the first pass password of the input 15_, and self-persistent memory (four) 15_ towel read - a second pass 15嶋' The steps of the "Login and Synchronous Transfer Procedure" of the second embodiment are carried out at the request of the computer system (4). In step 15300, the batch is inserted - &> according to the binding program! Message from 5200, 65 201034423 If a message is rejected, ^ J The user device requests the user Dong Xin to proceed to the program 15200. If _ m m is allowed to log in, the client device performs step 15400. In step 15400, the client device receives a random number from the program 15200 as the next one-pass password. In step 15500, the client authentication device receives an input as a new brother-password 15050. In step 15600, the segmentation method used in step 9170 of the "initial program" of the first embodiment is utilized, and the client device receives the new first passcode 15050 and receives the program. The next-one-pass Z code is calculated as two losers - a new second passcode 15_. This is the cut expression expressed as ······························=================================================== 1. In step 15700, the client device calculates the calculated new first-fourth (four) 15_ storage phase of the persistent memory medium. The above implementation of the "Change First Passphrase Program" is performed by first executing the "Login and Synchronization Shift Procedure" of the first embodiment and then maintaining the current verification value and the standby verification value of the computer system that have been replaced, but The replaced second passcode is replaced again with the replacement of the passphrase password. The technique mentioned above can be implemented using the instructions of the computer software. Such software instructions may be U^^" stored in an object of a machine readable storage medium' or stored in a machine readable memory device coupled to the <RTIgt; </ RTI> <RTIgt; In operation, the Shanghai native 7 is executed by one or more processors, so that a particular machine can perform the functions and operations proposed by the present invention. An example of the 66 201034423 is to implement the above-mentioned computer system operation function as a software in a computer; and the user-side operation method can also be implemented on the user-side computer by using software. A digital device, while a computer or digital device at the user end can be considered a client device relative to the server system. It will be possible for those skilled in the art to make various modifications or variations that do not depart from the scope or spirit of the invention. For example, in the embodiment of the present invention, the persistent memory medium for storing the second passphrase has a choice of 'home-like' portable portable memory media such as a USB flash drive, a memory card, and an individual. The handheld device, such as a mobile phone or PDA, can also be a network hard disk, or a persistent memory medium provided by a website host that stores a second password, and the first and second types of synchronization The program causes the updated computer system side verification value and the user side second pass password to be in either of two possible sequences, and the random number of the next single pass password can be generated on the computer system side or in use. The execution of the random number, as the random number generation process of the next single pass code may be integrated into the user side to calculate the response message; such modification or change will be regarded as one of the present invention. A partial injury 'is stipulated in the present invention as long as it is modified or changed. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1A is a flow chart of an embodiment of the "initial procedure" of the method of the Republic of China Patent No. 1293529; FIG. 1B is a "user login system system program" of the method of the Republic of China Patent No. 1293529 - Figure 1C is a flow chart of the method of "changing the user 67 201034423 embodiment of the flow chart; a real-end secret of the initial program" and a computer system-side verification value program" of the method of the Republic of China Patent No. 1293529. FIG. 4 is a first schematic diagram of the five operations to be performed in the enclosing process and the synchronous shifting film of the first embodiment of the present invention; FIG. 4 is the first embodiment of the present invention. A flowchart of an embodiment of the work performed in "Login and Synchronous Push" of the embodiment, for the purpose of "the user prepares to identify the required information"; 疋 4
圖5是本發明的第一實施例之「登入與同步推移程/ 」中所執行之工作二的一個實施例流程圖其目的B「 定單次通行密碼是否正確」; 疋h 圖6A是本發明的第一實施例之「登入與同步推移程 」中所執行之工作三的一個實施例流程目,即本發明之「 第一種同步推移程序」的實施方式之一; 圖6B是本發明的第一實施例之「登入與同步推移程 」中所執行之工作三的另—實施例流程圖,即本發 「Figure 5 is a flow chart showing an embodiment of the second operation performed in "Login and Synchronization Process" in the first embodiment of the present invention, and its purpose B is "whether the order pass password is correct"; 疋h Figure 6A is the present invention One embodiment of the third operation performed in the "login and synchronization process" of the first embodiment, that is, one of the embodiments of the "first synchronization shift program" of the present invention; FIG. 6B is the embodiment of the present invention. Another embodiment of the work performed in the "Login and Synchronization Process" of the first embodiment is the flow chart of the present embodiment.
第一種同步推移程序」之另一實施方式; 圖7A是本發明的第一實施例之「登入與同步推移程序 」中所執行之工作四的實施例流程圖,其 J疋 決定分 許使用者之登入」; 疋 圖7B是本發明的第一實施例之r登入與同步推移程序 」中所執行之工作五的實施例流程圖,其目 絕使用者之登入」; 圖8A是本發明的第一實施例之「變更第—通行密碼裎 68 201034423 序」的—個實施例流程圖; 圖8B是本發明的第__實施例之「變更第—通行密竭程 序」的另一個實施例流程圖; 圖8C是本發明的第一實施例之「變更第一通行密碼程 序」的又一個實施例流程圖; 圖9是本發明的第二實施例之「初始程序」的— 施例流程圖; 只 圖10A是本發明的第二實施例之「登入與同步推移程 序J中所須執行之五項工作的一個示意圖; 圖10B是本發明的第二實施例之「登入與同步推移程 序」中的工作七所包含之五項子工作的一個示意圖; 圖11是本發明的第二實施例之r登入與同步推移程序 」中所執行之工作六的一個實施例流程圖,其目的是「 使用者準備鐘別所需之資訊」; 圖12是本發明的第二實施例之「登入與同步推移程序 」中所執行之工作七的一個實施例流程圖,其目的是「決 定單次通行密碼是否正確」; 、 圖13是本發明的第二實施例之「登入與同步推移程序 」中所執行之工作八的一個實施例流程圖,即本發明之厂 第二種同步推移程序」的實施方式之一; 圖14A是本發明的第二實施例之「登入與同步推移程 序」中所執行之工作九的實施例流程圖,其目的是「允; 使用者之登入」; 許 圖是本發明的第二實施例之「登入與同步推移程 69 201034423 序」中所執行之工作十的實施例流程圖,其目的是「決定 拒絕使用者之登入」;及 圖15是本發明的第二實施例之「變更第一通行密碼程 序」的一個實施例流程圖。Another embodiment of the first type of synchronous shifting program; FIG. 7A is a flow chart showing an embodiment of the fourth operation performed in the "login and synchronization shifting program" of the first embodiment of the present invention, which determines the use of the system. FIG. 7B is a flowchart of an embodiment of the fifth operation performed in the r login and synchronization shifting program of the first embodiment of the present invention, which is intended to be a user's login"; FIG. 8A is the present invention. A flowchart of an embodiment of the "change of the first pass code 裎68 201034423" in the first embodiment; FIG. 8B is another embodiment of the "change-pass-exhaustion procedure" of the __ embodiment of the present invention FIG. 8C is a flow chart showing still another embodiment of the "changing the first pass password program" of the first embodiment of the present invention; FIG. 9 is a view of the "initial program" of the second embodiment of the present invention. FIG. 10A is a schematic diagram of five operations to be performed in the login and synchronization shift program J of the second embodiment of the present invention; FIG. 10B is a "login and synchronization shift" of the second embodiment of the present invention. In the program A schematic diagram of five sub-workes included in the work seven; FIG. 11 is a flow chart of an embodiment of the work performed in the r login and synchronization shift program of the second embodiment of the present invention, the purpose of which is "user FIG. 12 is a flow chart showing an embodiment of the work performed in the "login and sync shift program" of the second embodiment of the present invention, the purpose of which is to "determine whether a single pass password is 13 is a flowchart of an embodiment of the work 8 performed in the "login and synchronization shift program" of the second embodiment of the present invention, that is, the second synchronization shift program of the factory of the present invention" FIG. 14A is a flow chart showing an embodiment of the work performed in the "login and sync shift program" of the second embodiment of the present invention, the purpose of which is "allow; user login"; A flowchart of an embodiment of the work performed in "Login and Synchronization Process 69 201034423" in the second embodiment, the purpose of which is "Deciding to deny the user's login"; and Figure 15 is The second embodiment of the invention, the "first change of password procedure" one flowchart embodiment.
70 201034423 【主要元件符號說明】 1102使用者識名稱 1104通行密碼 1106使用者端的持久性 記憶媒體 1108用戶端秘密 1109電腦系統端的持久 性記憶媒體 ❿ 1110〜1180步驟 1202使用者識別名稱之 輸入 1204通行密碼之輸入 1206使用者端的持久性 記憶媒體 1208用戶端秘密 1205〜1280步驟 ® 1302使用者識別名稱之 輸入 1305程序,—台使用者 裝置與一部電腦系 統所進行的登入程 序 1306使用者端的持久性 記憶媒體 1308用戶端秘密 1309新用戶端秘密 1310〜1370步驟 2002電腦系統端的持久 性記憶媒體 2004初始驗證值 2006使用者識別名稱 2102使用者識別名稱 2104第一通行密碼 2106使用者端的持久性 記憶媒體 2108初始的第二通行密 碼 2110〜2180步驟 3100第一實施例的工作 3200第一實施例的工作 3300第一實施例的工作 3400第一實施例的工作 四 3500第一實施例的工作 71 201034423 五 4000使用者端的持久性 記憶媒體 4020使用者識別名稱之 輸入 4040第一通行密碼之輸 入 4060第二通行密碼 4100〜4500步驟 6050〜6960步驟 7100〜7200步驟 7600〜7700步驟 8000使用者端的持久性 記憶媒體 8005使用者端的持久性 記憶媒體 8020使用者識別名稱之 輸入 8025使用者識別名稱之 輸入 8040第一通行密碼之輸 入 8045第一通行密碼之輸 入 8050新的第一通行密碼 8055新的第一通行密碼 8060第二通行密碼 8065第二通行密碼 8070新的第一通行密碼 8075新的第二通行密碼 8080新的第二通行密碼 8085二次雜湊值 8100程序,第一實施例 Θ 中的「登入與同步 推移程序」 8150〜8960步驟 9001電腦系統端的持久 性記憶媒體 9003初始的本次驗證值 9005使用者識別名稱 9007初始的備用驗證值 ® 9009確認同步化之標記 9102使用者識別名稱 9104第一通行密碼 9106使用者端的持久性 記憶媒體 9108初始的第二通行密 碼 72 201034423 9110〜9180步輝 10100第二實施例的工 作六 10 2 0 0第一·實施例的工 作七 10210工作七_(1) 10220工作七-(2) 10230工作七-(3) 10240工作七-(4) 10250工作七-(5) 10 3 0 0第二實施例的工 作八 10400第一實施例的工 作九 10500第二實施例的工 作十 11000使用者端的持久 性記憶媒體 11020使用者識別名稱 之輸入 11040第一通行密碼之 輸入 11060第二通行密碼 11100〜11500 步驟 12000〜12750 步驟 13100-13990 步驟 14100〜14200 步驟 14600-14700 步驟 15000使用者端的持久 性記憶媒體 15020使用者識別名稱 之輸入 15040第一通行密竭之 輸入 15050新的第一通行密 碼 15060第二通行密瑪 15080新的第二通彳f $ 碼 15200程序 15300〜15700 步輝 7370 201034423 [Description of main component symbols] 1102 User identification name 1104 Passphrase 1106 User-side persistent memory media 1108 Client secret 1109 Computer system-side persistent memory media ❿ 1110~1180 Step 1202 User identification name input 1204 pass Password input 1206 Client's persistent memory 1208 User secret 1205~1280 Steps ® 1302 User identification name input 1305 program, the user device and a computer system login program 1306 user terminal persistence Sex Memory Media 1308 Client Secret 1309 New Client Secret 1310~1370 Step 2002 Persistent Memory Media 2004 Computer System Initial Authentication Value 2006 User Identification Name 2102 User Identification Name 2104 First Pass Password 2106 User End Persistence Memory Media 2108 initial second passcode 2110~2180 Step 3100 Work of the first embodiment 3200 Work of the first embodiment 3300 Work of the first embodiment 3400 Work of the first embodiment 3500 Work of the first embodiment 71 201034423 Five 4000 user-side Long memory media 4020 user identification name input 4040 first pass password input 4060 second pass password 4100~4500 step 6050~6960 step 7100~7200 step 7600~7700 step 8000 user end persistent memory medium 8005 user End of the persistent memory media 8020 user identification name input 8025 user identification name input 8040 first pass password input 8045 first pass password input 8050 new first pass password 8055 new first pass password 8060 second Passcode 8065 second passcode 8070 new first passcode 8075 new second passcode 8080 new second passcode 8085 secondary hash value 8100 program, "Login and sync shift procedure" in the first embodiment 8150~8960 Step 9001 Computer System Side Persistence Memory Media 9003 Initial This Verification Value 9005 User Identification Name 9007 Initial Backup Verification Value ® 9009 Confirm Synchronization Flag 9102 User Identification Name 9104 First Pass Password 9106 User End persistent memory medium 9108 initial second passphrase 72 201 034423 9110~9180 step hui 10100 work of the second embodiment six 10 2 0 0 first embodiment work seven 10210 work seven _ (1) 10220 work seven - (2) 10230 work seven - (3) 10240 work seven - (4) 10250 work seven - (5) 10 3 0 0 work of the second embodiment eight 10400 work of the first embodiment nine 10500 work of the second embodiment ten 11000 user-side persistent memory media 11020 user identification Name input 11040 First pass password input 11060 Second pass password 11100~11500 Step 12000~12750 Step 13100-13990 Step 14100~14200 Step 14600-14700 Step 15000 User-side persistent memory 15020 User identification name input 15040 first pass exhausted input 15050 new first pass password 15060 second pass Mimar 15080 new second pass 彳 f $ code 15200 program 15300~15700 step hui 73
Claims (1)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW98107668A TW201034423A (en) | 2009-03-10 | 2009-03-10 | User authentication technology and system using one-time password composed of a repeatable first password and a non-repeatable password |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW98107668A TW201034423A (en) | 2009-03-10 | 2009-03-10 | User authentication technology and system using one-time password composed of a repeatable first password and a non-repeatable password |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201034423A true TW201034423A (en) | 2010-09-16 |
| TWI374653B TWI374653B (en) | 2012-10-11 |
Family
ID=44855495
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW98107668A TW201034423A (en) | 2009-03-10 | 2009-03-10 | User authentication technology and system using one-time password composed of a repeatable first password and a non-repeatable password |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TW201034423A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9081635B2 (en) | 2012-09-19 | 2015-07-14 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Provision to an application of a random number not generated by an operating system |
| TWI675579B (en) * | 2017-09-30 | 2019-10-21 | 優仕達資訊股份有限公司 | Network authentication system and method |
-
2009
- 2009-03-10 TW TW98107668A patent/TW201034423A/en not_active IP Right Cessation
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9081635B2 (en) | 2012-09-19 | 2015-07-14 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Provision to an application of a random number not generated by an operating system |
| TWI601063B (en) * | 2012-09-19 | 2017-10-01 | 聯想企業解決方案(新加坡)有限公司 | Computer system and data processing method using random number generator |
| TWI675579B (en) * | 2017-09-30 | 2019-10-21 | 優仕達資訊股份有限公司 | Network authentication system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| TWI374653B (en) | 2012-10-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI293529B (en) | User authentication by linking randomly-generated authentication secret with personalized secret and medium | |
| CN112154626B (en) | Computer-implemented systems and methods for performing atomic swaps using blockchain | |
| CN108235805B (en) | Account unification method, device and storage medium | |
| Park et al. | A dynamic privacy-preserving key management protocol for V2G in social internet of things | |
| US8627424B1 (en) | Device bound OTP generation | |
| He et al. | A social-network-based cryptocurrency wallet-management scheme | |
| CN107359998B (en) | Establishment and operation method of a portable intelligent password management system | |
| Wazid et al. | Provably secure biometric‐based user authentication and key agreement scheme in cloud computing | |
| CN115885498A (en) | threshold signature | |
| Xie et al. | Cryptanalysis and security enhancement of a robust two‐factor authentication and key agreement protocol | |
| CN102013980A (en) | Random encryption method for decrypting by adopting exhaustion method | |
| JP2000222360A (en) | Authentication method, authentication system and authentication processing program recording medium | |
| TW201004270A (en) | Network helper for authentication between a token and verifiers | |
| CN109347632B (en) | Block chain ID generation and use method, device, electronic equipment and storage medium | |
| CN110752919A (en) | Two-party authentication and session key exchange method based on BST-PUF | |
| CN110557367B (en) | Secret key updating method and system for quantum computing secure communication resistance based on certificate cryptography | |
| Odelu et al. | A secure and efficient ECC‐based user anonymity preserving single sign‐on scheme for distributed computer networks | |
| CN109257381A (en) | A kind of key management method, system and electronic equipment | |
| CN115885497A (en) | digital signature | |
| CN115473703A (en) | Authentication identity-based ciphertext equivalence testing method, device, system and medium | |
| Shirvanian et al. | 2D-2FA: A new dimension in two-factor authentication | |
| US20070255951A1 (en) | Token Based Multi-protocol Authentication System and Methods | |
| JP2023538447A (en) | bio rock seed | |
| Rahmani et al. | AMAPG: Advanced mobile authentication protocol for GLOMONET | |
| JP2006185184A (en) | Authority management system, authentication server, authority management method, and authority management program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4A | Annulment or lapse of patent due to non-payment of fees |