1. Field of Invention
The present invention relates to transmission of data information in computers, and in particularly, to a computer and a method for sending security information for authentication.
2. Description of Prior Art
There are more and more business activities occurring on network with the rapid development of Internet applications, such as online-bank, security transactions, instant message tools in user computers (for example, MSN, OICQ, etc.), online games, emails and applications of clients logging on LAN servers. The information security requirements used in these activities are increasing. There are some ways in conventional network activities by which a LAN server can be logged on:
A first way is a static password, in which private security information such as username and password is input by users through a keyboard at a client. The username and password input by users are authenticated at a network server, so as to be determined whether transactions can be made or not. The disadvantage of this way is that the username and password are prone to being guessed by others, or they can be intercepted by Trojans implanted in users' clients with keyboard hook or filtering driving techniques.
A second way is a conventional dynamic password, in which a password is generated according to a certain encryption algorithm. This password varies ceaselessly and non-repeatedly as a function of a varying parameter (for example, time or an event). In particular, this type of password includes: a dynamic papery password card, an electrical dynamic password card, and a phone's short message password. The disadvantage of this way is that the password is prone to being attacked by an intermediator, and is only authenticated in one direction, that is, clients are authenticated by servers.
A third way is a combination of a password and a certificate, in which public keys and Certificate Authority (CA) authentication are employed between clients and network servers. The certificate of a user is generally saved on a harddisk of a local computer, and the certificate (as well as private key) generally uses password protection. The passwords for logging on and private keys protected passwords as well as certificates may be intercepted by Trojans implanted in user clients.
There are many cases in which users' money is stolen during a process of online-bank or security transactions conducted in accordance with above ways.
A fourth way is a USB KEY and a mobile certificate, in which the certificate of a user is placed into a protection of the USB KEY hardware. This way is relatively safe. However, multiple USB KEYs will be used during processes of a plurality of online-bank applications or security transactions conducted by the user, which is inconvenient and costly.
A fifth way is Trust Platform Module (TPM). TPM is a type of security chip, which is capable of using resources of a computer platform and running independent of operating system. Programs embodied in the chip also ensure the security of TPM chip itself. The most important advantage of TPM chip is that data and keys can be stored and encrypted by hardware algorithms. As to TPM itself, however, it must operate together with software so as to work well, which results in a high cost. A plurality of online-bank applications may be implemented safely by using TPM, but the data protection of TPM is still by means of a static password and the approach is also similar to that of USB KEY.