More and more daily activities are moved onto the network as the fast development of network and e-commerce technologies in recent years. For example, governmental affairs, banking transactions, and shopping can all be carried out online. Inevitably, some personal information or sensitive information, such as business secret, is transmitted through the network, and then is possibly associated with some malicious threats (e.g. viruses, hackers, phishing, and other frauds), which can bring loss or damages to legitimate online users.
The information security device is a small-sized hardware device with a processor and a memory. It communicates with the computer through a data communication interface of the computer. It provides functions of key generation, secure storage of keys, preset encryption algorithms, and anti-attack, etc. The calculation relating to keys is fully carried out within the information security device. The information security device typically communicates with the computer through a USB (Universal Serial Bus) interface for nowadays.
The information security device employs a PIN (Personal Identification Number) or biometrics (e.g. the fingerprint or iris) to authenticate users. Upon authentication, the user enters a PIN or his biometrics through the computer with which the information security device is connected. The information security device then verifies the user input. Only if the user input is correct, the user is allowed to use the information security device.
The operations that can be performed by the information security device mainly include data interacting (encrypting of data to be written to the device, or decrypting of data to be read from the device), authentication information processing, storing/verifying a password, storing/verifying a signature, storing/verifying a certificate, access right management, and presetting code and executing data computation. Presetting code includes presetting a user software fragment, which cannot be read out of the device and performs data computation within the device, and presetting a software protection application interface function, which is an interface-level function between the device and the software developer application.
In the prior art, the information security device can save the username/password entered by the user on a website. It will fill in the username/password automatically the next time the user logs onto that website.
However, the username and password are regular and easy to crack in general because they are specified by the user. A longer username and password is hard to remember for users. In addition, the user may have to attempt many different combinations of username and password to register successfully.