CN102884534B

CN102884534B - Password generate and checking method and device

Info

Publication number: CN102884534B
Application number: CN201180023673.3A
Authority: CN
Inventors: D.阿莱赛奥; M.埃卢亚德; Y.梅茨
Original assignee: Thomson Licensing SAS
Current assignee: Thomson Licensing SAS
Priority date: 2010-05-11
Filing date: 2011-05-06
Publication date: 2016-12-14
Anticipated expiration: 2031-05-06

Abstract

During user signs in password-protected entity, verify password by repeatedly receiving (310) code characters；And verify that the character received meets at least one pre defined attribute (α) required for setting admissible password.If not this situation, then this shows suffer heavy attack and can take suitably to take action.Attribute α can depend on user.Present invention also offers a kind of corresponding device (120) and computer program (140).

Description

Password generate and checking method and device

Technical field

The present invention relates generally to computer system, particularly relates to password when logging in such systems Process.

Background technology

This section is intended to introduce the reader the various aspects of the art, they may be described below and/ Or advocate that the various aspects of the invention of right are correlated with.These discuss to be believed to be helpful in provides the back of the body to reader Scape information is so that being more fully understood that various aspects of the invention.It is understood, therefore, that should be from This angle reads these statements, and not treating them as is admission of prior art.

In present computer system, password is ubiquitous, such as, recognize user to be logged in Card.For its generic definition, password by a succession of take from predefined alphabet (alphabet) (such as: 4 numerical value as PIN code) symbol constitute.

In order to create the password of " by force ", usually require that the password of selection meets predefined strategy.This plan Can be slightly such as, password should be at least 8 character length and should include at least one capitalization With at least one spcial character such as &, (illustrate with=.US 2004/250139 and US 2009/158406 Select the solution of such password.

But, even if the system using strong cipher to carry out cryptoguard still may pass through heavy attack (brute Force attack) (make repeated attempts each probable value) or the dictionary attack subset of preferred value (attempt) and quilt Attack.Hereinafter, these attacks will be referred to as " automatically attacking ".Implementing to simplify it, these are attacked Hit the use other layer of lower level and do not use the user interface of Verification System to operate.In these instruments Some even can be obtained by the Internet, such as John the Ripper Advanced Mailbox Password Recovery.

Existing Verification System can not make differentiation automatically attacking between user error.Under default situations, Some Verification System postpones or by limiting unsuccessful trial by inserting between asking at two continuous print Number of times, or implement to minimize the mechanism of automatic risk of attacks by both combinations.Showing at PIN code In example, the number of times of unsuccessful trial is generally fixed for 3 times.

It is understood, therefore, that exist to so that Verification System detection automatically attack so that System according to the appropriate strategy demand to the solution that this kind of attack is made a response.The invention provides This solution.

Summary of the invention

First aspect, the present invention relates to one and verifies defeated during user signs in password-protected entity The method of the password entered.Processor receives at least one character of the password of input；And verify that reception is extremely A few character meets at least one pre defined attribute required for setting admissible password.

In the first preferred embodiment, all characters receiving the password of input and the password inputted are Complete instruction, and processor verifies that complete input password is corresponding with the password protecting entity further. In deforming at one, complete input password includes Part I and Part II, by Part I Carry out processing the Part I after checking process whether to mate with Part II and verify that Part II represents Attribute and with the accordance of this attribute.

In the second preferred embodiments, this attribute depends on user.

In third preferred embodiment, pre-determined number defeated of user property do not observed by processor detecting When entering password or part input password, determine and had tried to carry out heavy attack.Advantageously, really When determining to have had tried to heavy attack, take suitably to take action.This suitable action include following in At least one: give a warning to manager, issue the user with warning, locking system and accepting into one The scheduled time is waited before the login attempt of step.

Second aspect, the present invention relates to one and tests during signing in password-protected entity user The device of card input password.This device includes the interface for receiving code characters；And connect for checking At least one code characters received meets the predefined of at least one requirement for setting admissible password The processor of attribute.

In the first preferred embodiment, it is complete instruction that interface is further used for receiving input password, and And wherein processor is further used for verifying that complete input password is corresponding with the password of protection entity.One In individual deformation, complete input password includes Part I and Part II, and wherein attribute is by Part II Representing, processor is applicable to by Part I processes the Part I after checking process and the Whether two parts mate to verify the accordance with this attribute.

In the second preferred embodiments, this attribute depends on the user of password.

In third preferred embodiment, processor be further used for detect not observe user property pre- When determining input password or the part input password of number of times, determine and had tried to heavy attack.Advantageously, Determine had tried to heavy attack time, take suitably to take action.This suitable action include with At least one in Xia: give a warning to manager, issue the user with warning, locking system and accepting The scheduled time such as before more login attempt.

The third aspect, the present invention relates to the computer program of a kind of instruction storing software program, when When described instruction is performed by processor, during user signs in password-protected entity, receive input At least one character of password；And verify that at least one character of reception meets for setting admissible The pre defined attribute that at least one of password requires.

Accompanying drawing explanation

Below by reference to accompanying drawing, the preferred feature that describes the present invention by means of non-limiting example, Wherein:

Fig. 1 shows the example system that can implement the present invention；

Fig. 2 shows the method producing password according to the preferred embodiment of the invention；

Fig. 3 shows the method verifying password according to the preferred embodiment of the invention.

Detailed description of the invention

Fig. 1 shows the example system that can implement the present invention.This system includes computer installation (" meter Calculation machine ") 110 and certificate server 120, it will be appreciated that, the present invention may be implemented within computer 110, On certificate server 120 or be implemented on both computer 110 and certificate server 120.Computer 110 and certificate server 120 can be the dress that any kind of suitable computer maybe can carry out calculating Put, such as standard personal computer (PC) or work station.In computer 110 and certificate server 120 Each preferably include at least one processor 111 and 121, RAM memory 112 and 122, For the user interface 113 and 123 interacted with user, and by connection 130 and other device The second mutual interface 114,124.Each in computer 110 and certification device 120 is preferably also Including the interface for reading software program from the digital data carrier 140 of storage instruction, described instruction is worked as When being performed by processor, perform any cryptographic methods being described below.Those skilled in the art will Understand, for clearly reason, it is illustrated that device simplify very much, and actual device additionally may Feature including such as permanent storage device etc.

Central scope is to increase attribute α (also referred to as " regular " or " function ") in password set Ω. Complete password space is divided into two different subsets by this:

● in accordance with the valid password subset (i.e. valid password space) of this attribute

Ω_v=ω ∈ Ω | α (ω) }

● do not observe the invalid password subset of this attribute

It is to be appreciated that there is this situation, such as requirement in the system of some prior art Password includes at least 8 characters, wherein comprises a capitalization and in addition to letter or number one Character.It is important, however, that recognize, such requirement be only intended to variation user cipher so that its Less affected by dictionary attack；It never allows to detect attack automatically, and the most can not by proposition Allow character and direct the user to valid password.

It will be understood that subset is advantageously dynamic, such that it is able to change over.This dynamically One illustrative embodiments of property is that password the most most-often used for n kind is put into invalid subset Ω_i。

Although subset is different, but define they rule can in order to easily implement and overlapping, In this situation, a rule should have precedence over Else Rule.Such as, the rule of user's year of birth are prohibitted the use of The most advantageously veto any rule allowing this particular combination in other cases.

When user is by user interface input password, he is limited in valid password space Ω_v.System will Any from invalid password space Ω_iThe request of (being also likely to be the 3rd subset) be considered as attack and can be accordingly Make a response.

The selection of attribute α is at cipher entropy (Ω_vSize) and attack detectability (Ω_iSize) Between balance result.

Therefore, the use of attribute α allows to detect heavy attack.If assailant is systemic All of password value is attempted on ground, then this will necessarily include Ω_iElement.Furthermore it is possible to by by known Or possible dictionary element add Ω to_iIn tackle dictionary attack.

Attribute α can be complicated function.Although it can apply to complete password, but preferably should This is guaranteed to input for each symbol of user interface.In such a case, it is possible to it is defeated in given step The symbol entered depends on the symbol being previously entered.

Preferably, in order to ensure that random cipher conjecture has can not neglecting of the use password from invalid subset Probability slightly, password space is divided into by " mixing well " and has can not ignore big by attribute α Two little parts.

Such as, text password is inputted, attribute α can be capitalization and lower case alternately. In this case, during creating password, any character (upper case or lower case) can be selected for First symbol.Then, if previous is capitalization, then user interface proposes the collection of lowercase character Closing, vice versa.Therefore, attribute α is verified in each step creating password.

Such as, if valid password space Ω_vWith invalid password space Ω_iBetween ratio r the least (r < < 1), then being difficult to provide valid password, system is likely to be easily subject to come from know some rule The attack of hacker.On the other hand, if r > > 1, then almost all of password is all effective, inspection The probability measuring attack is little.Therefore, it appears that ratio r ≈ 1, perhaps 0.5 < r < 2, may be used for experience The good trade-off of rule.

Attribute α is likely to be dependent on multiple element, such as user name.In this case, two users are permissible Different rules is used to build their password.Such as, if the number of characters of user name is odd number (phase Ying Di, even number), then password should only comprise capitalization (correspondingly, small letter) character.Big by mix Write any request with lowercase character composition all will be considered to attack.Another example be requirement user name and The number of characters sum of password is even number (or odd number).

The definition of attribute α can be extremely complex, and many parameters are taken into account by it.But, excessively complicated Attribute be likely to be of its own shortcomings: the password obtained may be difficult to note, valid password set omega_vSize May become to be too small to ensure enough entropys.

The integral level of security of system depends on the confidentiality of attribute α.Know or guess this attribute right and may make Set (the Ω of effective password value must be built_v) and use this set to carry out dictionary attack, and be not detected Out.

Effective subset Ω is reconstructed in order to allow assailant be more difficult to_v, do not logging in the moment on the user interface Actively emphasize to retrain (highlight constrain), and the most only do so when building password.

Additionally, the classical countermeasure used in Verification System (such as, maximum attempts and incorrect Constrained delay between Password Input) still can be applied in combination together with the solution of the present invention.

Illustrative examples

This part illustrates the design of the present invention by the research case of PIN code.This example also highlights biography The popularization of system countermeasure, such as, avoid dictionary attack.

Consideration PIN code: from 0 ..., a string 4 bit digital selected in 9}.

Normally, do not have in the prior art situation of any condition when password generates, password space Ω by All of (decimal scale) number between " 0000 " to " 9999 " represents, Ω={ p₁p₂p₃p₄|p_i∈{0,...,9}}。

Hereinafter, PIN code is represented as p, p=p₁p₂p₃p₄, wherein p_i∈{0,...,9}。

To general scenario:

First step can be to get rid of to use the most frequently or the specific collection (" word of excessively simple combination Allusion quotation "), the same numbers (such as " 7777 ") being such as repeated 4 times or 4 figure places being wherein incremented by sequence Word (such as " 1234 ").Therefore, the system of execution verifies the PIN code of selection at password during generating It not a part for dictionary, and if this situation, confirm that the PIN code selected is effective.Logging in (or other type of certification) period, if input is from invalid subset Ω_iPIN code, then system Send exception and take the countermeasure mapped out.

Symbolization:

Second step can be to integrate function alpha so that password space Ω is divided into effective subset and invalid subset (latter of which will be combined with " dictionary ").Such as, function alpha may represent the strange of each numeral Idol must be relative to previous change.System is alternately through revising its interface and the most only illustrating Significant digits and generation phase force observe this rule.During cipher authentication, systems inspection input PIN α the most toe the mark；If do not complied with, then send exception, and system will be taked to map out Countermeasure.

Symbolization again:

In this example, function alpha " allow some combination forbidden by dictionary condition.

Then, third step be when password generates by interface or simply deny invalid PIN code come Force condition for validity (active condition).During cipher authentication, system advances to step 2 and step Verify two conditions when rapid three, otherwise send exception.

Although can easily verify that the transmutability of effective PIN code is reduced to α from α ", but it is still protected Hold the size that can be used for selecting PIN code.Be also possible to observe is, it is allowed to and the PIN code collection forbidden Close and all there is the size can not ignore and by " mixing well ".Latter property also depends on for attacking The instrument of system, not merely depends on the specific αfunction used.

Alternatively, as already mentioned, it is possible for relying on user name to increase transmutability to function alpha.

In this PIN example, it is desirable to the parity of the first digit of PIN code is different from user name length Parity.Then, login represents the user name that user inputs, and #{login} represents its length；It addition, p₀Represent the parity of #{login}.

This condition is included, symbolization in α:

Fig. 2 shows the method that password generates according to the preferred embodiment of the invention.The method can be by reality Execute on computer 110 or the certificate server 120 mutual with computer 110.

First, system may propose possible character, i.e. meets the character of attribute α, for use as the next one User inputs, step 210.Specifically, for first character, if selecting is freely, then This step can be skipped.It is to be appreciated that attribute α can be met and not with the character of checking input The step refusing to accept this character when meeting substitutes this step.

Then receive character, step 220 from user there, and verify that password is the most complete, step 230. Although this can input with user indicates (such as, if user clicks on icon or presses " Return "), It may also be recessiveness.If password is complete, then the method terminates in step 240；If It not complete, then the method returns step 210.

Fig. 3 shows method of password authentication according to the preferred embodiment of the invention.Advantageously log in user This password authentification is performed to during by entity (account, device, the server etc.) of cryptoguard to be verified Method.As method for generating cipher code, this verification method can be by computer 110 or certificate server 120 Implement.Receive character, step 310, verify whether this character meets attribute α, step 320.If no Meet, then may determine that and attempted to carry out heavy attack, and can take in a step 330 Suitably action.Suitably action can be such as to give a warning to manager and/or user, at input X Locking system after secondary incongruent password, and used delay before accepting to further attempt to.To be managed Solving, may postponing taking suitably to take action until have input whole password, in this case, The method continues to step 340.Suitably action can also be postponed, until having inputted certain The incorrect cipher (not observing the password of attribute α) of number of times；The number of times of incorrect cipher can be by the time Take into account, such as X incorrect cipher in the Y second recently.

In step 340, whether checking password is complete, executive mode and the step 230 of the method for generation Similar.If not complete, then the method character late to be received such as in step 210；So And, if complete, then in the password of step 350 checking input, although not observing attribute α In the case of, this is not likely to be necessary, this is because this password is unlikely to be correct.In other words, Checking input password is corresponding with the password protecting this entity.As already mentioned, can be at this time point And take time earlier suitably to take action.It is also to be noted that meeting attribute α can be delayed to This step (i.e. until step 350 generation step 320 just can occur, or before password authentification, After unsuccessful password authentification).

Alternate embodiment

The mode of a kind of different expression attribute α is to add one at the password end selected by user's entirety Or the more character as " certification filling " selected by server.Preferably, these characters be pseudo-with Machine function uses the secret parameter knot as parameter of the password of user's input, user's login and server side Really.The shortcoming of this solution is the character that user is forced to learn to be added on its password on a small quantity.

The example of latter method is solution based on HMAC (based on hashed message authentication code): At generation phase, user inputs its password, and the HMAC of this password of system-computed also returns by being linked at one The user risen inputs the password of " completely " of the front n position composition of password and HMAC.In authentication phase, User inputs password, and system checks whether it is possible password accordingly, verifies last n position and HMAC Value correspondence.

It is to be appreciated that the present invention can provide a kind of method verifying password, the method:

● heavy attack and dictionary attack can be resisted,

● enable the system to distinguish whether it is under attack,

● it is compatible with existing Verification System based on password,

● expansible (can be used on the long password using big alphabet), and

● wherein attribute α goes for different environment (PIN code, text password, graphical passwords).

Each feature disclosed in the description of this specification, (if being suitable for) claims and drawing can To be provided independently or in any suitable combination.It is described as the spy using hardware to implement Levying and software can also be used to implement, vice versa.The reference number occurred in claim is only made exemplary Purposes, and the most restrictive impact of scope on claim.

Claims

1. the method verifying password during user signs in password-protected entity, described method The following step including in processor (111,112):

At least one character of-reception (310) described password；And

At least one character that-checking (320) is received has different from the parity of user name length Parity value；And

When receiving all characters of described password and described password is complete instruction, carry out subsequently The step that checking (350) complete password is corresponding with the password protecting entity；

Wherein the method farther includes step: detecting that its parity value of pre-determined number is equal to user When the password of the parity of name length or partial password, determine and attempted to carry out heavy attack.

2. the method for claim 1, farther includes step: determine attempted to into During row heavy attack, take suitably to take action.

3. method as claimed in claim 2, wherein suitably action include following at least one: Give a warning to manager, issue the user with warning, locking system and accepting further login attempt The scheduled time such as before.

4. one kind for verify during user signs in password-protected entity password device (110, 120), described device (110,120) including:

-interface (113,114,123,124), for receiving at least one character of input password；And

-processor (111,121), for verifying that at least one code characters of reception has and user name The parity value that the parity of length is different；And

When receiving all characters of described password and described password is complete instruction, verify subsequently (350) described complete password is corresponding with the password of protection entity；

Wherein said processor is further used for detecting that its parity value of pre-determined number is equal to user name When the password of the parity of length or partial password, determine and attempted to carry out heavy attack.

5. device as claimed in claim 4, wherein said processor has attempted to carry out determining During heavy attack, take further suitably to take action.

6. device as claimed in claim 5, wherein suitably action include following at least one: Give a warning to manager, issue the user with warning, locking system and accepting further login attempt The scheduled time such as before.