CN106778251A - Prevent the password authentication method of Replay Attack - Google Patents

Prevent the password authentication method of Replay Attack Download PDF

Info

Publication number
CN106778251A
CN106778251A CN201510813070.3A CN201510813070A CN106778251A CN 106778251 A CN106778251 A CN 106778251A CN 201510813070 A CN201510813070 A CN 201510813070A CN 106778251 A CN106778251 A CN 106778251A
Authority
CN
China
Prior art keywords
random number
smart card
password
password authentication
replay attack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510813070.3A
Other languages
Chinese (zh)
Inventor
王明晖
闫国玉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN201510813070.3A priority Critical patent/CN106778251A/en
Publication of CN106778251A publication Critical patent/CN106778251A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/0008General problems related to the reading of electronic memory record carriers, independent of its reading method, e.g. power transfer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Abstract

The invention discloses a kind of method of the operating system password authentication for preventing Replay Attack, including:Smart card produces the random number of specified bytes quantity, and random number is transmitted into external equipment;Be encrypted for the password of outside input according to random number by external equipment;After the smart card is received comprising through the information of the password of the random number encryption, it is decrypted, password authentication is carried out to password after decryption, if passed through, allows external equipment to enter row information with the smart card and exchange.The method of the operating system password authentication for preventing Replay Attack of the invention, can effectively prevent attacker from carrying out Replay Attack, improve the data stability of smart card, reduce the risk during user's use.

Description

Prevent the password authentication method of Replay Attack
Technical field
Prevent playback from attacking the present invention relates to intelligent card data security technology area, more particularly to one kind The password authentication method hit.
Background technology
The fast development of electronic technology has promoted the development of smart card, and is operated in the piece of smart card System COS (Chip Operating System) becomes focus of attention naturally, and it is root The characteristics of according to the smart card for being serviced and research and develop.The major function of COS be control smart card with Exterior read-write equipment enters row information exchange, manages the memory of smartcard internal, and in smart card Inside carry out the treatment of various orders.
Exterior read-write equipment enters with smart card to be needed to be differentiated (Verify) before row information is exchanged, Also referred to as password authentication, is checking of the smart card to its holder's legitimacy, non-for reducing The possibility that method is falsely used.Under normal circumstances, user sends 8 by exterior read-write equipment to smart card Position password, smart card to send password differentiate, discriminating pass through after, proceed by information Exchange.If the continuous number of times for differentiating failure has exceeded the number of times of regulation, COS locks intelligence automatically Can block, not allow exterior read-write equipment to carry out differentiating and information exchange again.
This method is fairly simple, it is also possible to which satisfaction is generally used, but the drawbacks of having obvious: Smart card with exterior read-write equipment when being communicated, may person under attack monitoring, such as Fruit attacker has listened to the communication data packet of smart card and external equipment discrimination process, then attack As long as the person of hitting sends the authentication by the packet that listens to by smart card to smart card, This attack pattern is exactly Replay Attack (Replay Attacks).In order to prevent Replay Attack, A kind of more preferable password authentication method for designing must be proposed.
The content of the invention
It is an object of the invention to provide a kind of operating system password authentication for preventing Replay Attack Method, for solving above-mentioned technical problem.
A kind of method of the operating system password authentication for preventing Replay Attack of the present invention includes:Intelligence Card produces the random number of specified bytes quantity, and random number is transmitted into external equipment;External equipment The password of outside input is encrypted according to random number;When the smart card is received comprising through being somebody's turn to do After the information of the password of random number encryption, it is decrypted, password authentication is carried out to password after decryption, If passed through, allow external equipment to enter row information with the smart card and exchange.
The one of the method for the operating system password authentication for preventing Replay Attack of the invention is real Example is applied, wherein, also include:When the smart card is received comprising the password through the random number encryption Information after, be decrypted, the random number that the random number after decryption and smart card are produced is carried out Compare, if identical, by certification.
The one of the method for the operating system password authentication for preventing Replay Attack of the invention is real Example is applied, wherein, also include:The smart card carries out password authentication to password after decryption, if not Pass through, then carry out error count, when the number of times of error count is more than a threshold value, then by card lock It is fixed, forbid the external device access smart card.
The one of the method for the operating system password authentication for preventing Replay Attack of the invention is real Example is applied, wherein, also include:When the smart card is received comprising the password through the random number encryption Information after, the requested random number of external equipment is first determined whether, if it has, then being solved It is close, if it is not, reporting an error.
The method and existing skill of the operating system password authentication for preventing Replay Attack of the invention Art is compared, and can effectively prevent attacker from carrying out Replay Attack, improves the data stabilization of smart card Property, reduce the risk during user's use.
Brief description of the drawings
Fig. 1 is the flow chart of the password authentication method that the present invention prevents Replay Attack;
Fig. 2 is the flow of another embodiment of the password authentication method that the present invention prevents Replay Attack Figure.
Specific embodiment
It is below in conjunction with the accompanying drawings and real to make the purpose of the present invention, content and advantage clearer Example is applied, specific embodiment of the invention is described in further detail.
The present invention is proposed one kind and is then differentiated password encryption again using dynamic random number Method.Using dynamic random number is by password encryption and then carries out being mainly for mirror method for distinguishing again The process of request random number is increased before password authentication.Concrete principle is:
Before discriminating starts, external equipment asks random number firstly the need of to smart card, then utilizes Random number is encrypted as key to the password data of user input, is finally then forwarded to intelligence Card, after data are received, the random number before is solved smart card as data key It is close, password authentication is then carried out again.If both sides use identical random number and AES, As long as so the password of user input correctly just can be by the password authentication of smart card.Now such as Fruit attacker has listened to the packet of discrimination process, just cannot be by intelligence using Replay Attack The password authentication of card, but what the requirement request random number for receiving smart card return was differentiated again Error reporting.
Fig. 1 is the flow chart of the password authentication method that the present invention prevents Replay Attack, such as Fig. 1 institutes Show, the smart card operating system password authentication process bag for preventing Replay Attack that this patent is proposed Include:
S1, smart card operating system are initialized;
S2, external equipment send the order that request differentiates, intelligent clamping to smart card operating system Receive the distinguishing order that external equipment is sent;
After S3, smart card operating system receive the order that request differentiates, determine whether that outside sets Standby requested random number, if it has, performing S4, reports an error if not;
S4, smart card operating system are according to the random number of request, and what external equipment was sent is random The password of number encryption is decrypted;
S5, smart card operating system carry out password authentication to password after decryption, if passed through, Allow external equipment to enter row information and exchange
Fig. 2 is the flow of another embodiment of the password authentication method that the present invention prevents Replay Attack Figure, the present embodiment is further included on the basis of a upper embodiment:
S6, while the number of times of error counter is set to 0, otherwise increase the number of times of error counter;
Whether S7, the number of times of misjudgment counter exceed the number of times of regulation, such as exceed, then will Card is locked, and otherwise forbids external equipment to continue to differentiate.
For another embodiment, wherein before S2, smart card operating system also receives outside and sets The order that preparation is sent, the order request smart card produces the random number of specified bytes quantity, and will Random number returns to external equipment;Meanwhile, random number of the external equipment according to specified bytes quantity The password of outside input is encrypted;External equipment sends request mirror to smart card operating system Comprising the password of the random number encryption produced before use in other order.
To sum up, it is in discriminating that the present invention prevents the key point of the password authentication method of Replay Attack Before increased the request process of random number, external equipment must use the random number pair just asked The password of user input is encrypted, and is all dynamically generated due to the random number of each request, Therefore the authentication data transmitted by external equipment is different from every time, and attacker cannot be by resetting Attack by the password authentication of smart card COS.
Compared with prior art, the password authentication method for preventing Replay Attack proposed by the present invention Discrimination process is more safe and reliable, can effectively prevent attacker from carrying out Replay Attack, improves intelligence The data stability that can block, reduces the risk during user's use.
The above is only the preferred embodiment of the present invention, it is noted that led for this technology For the those of ordinary skill in domain, on the premise of the technology of the present invention principle is not departed from, can be with Some improvement and deformation are made, these are improved and deformation also should be regarded as protection scope of the present invention.

Claims (4)

1. a kind of method of the operating system password authentication for preventing Replay Attack, its feature exists In, including:
Smart card produces the random number of specified bytes quantity, and random number is transmitted into outside sets It is standby;
Be encrypted for the password of outside input according to random number by external equipment;
After the smart card is received comprising through the information of the password of the random number encryption, enter Row decryption, password authentication is carried out to password after decryption, if passed through, allows outside setting Exchanged for row information is entered with the smart card.
2. the operating system password authentication of Replay Attack is prevented as claimed in claim 1 Method, it is characterised in that also include:
After the smart card is received comprising through the information of the password of the random number encryption, enter Row decryption, the random number that the random number after decryption is produced with smart card is compared, such as It is really identical, then by certification.
3. the operating system password authentication of Replay Attack is prevented as claimed in claim 1 Method, it is characterised in that also include:
The smart card carries out password authentication to password after decryption, if do not passed through, carries out Error count, when the number of times of error count is more than a threshold value, then locks card, forbids The external device access smart card.
4. the operating system password authentication of Replay Attack is prevented as claimed in claim 1 Method, it is characterised in that also include:When the smart card is received comprising through the random number After the information of the password of encryption, the requested random number of external equipment is first determined whether, such as Fruit has, then be decrypted, if it is not, reporting an error.
CN201510813070.3A 2015-11-20 2015-11-20 Prevent the password authentication method of Replay Attack Pending CN106778251A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510813070.3A CN106778251A (en) 2015-11-20 2015-11-20 Prevent the password authentication method of Replay Attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510813070.3A CN106778251A (en) 2015-11-20 2015-11-20 Prevent the password authentication method of Replay Attack

Publications (1)

Publication Number Publication Date
CN106778251A true CN106778251A (en) 2017-05-31

Family

ID=58886040

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510813070.3A Pending CN106778251A (en) 2015-11-20 2015-11-20 Prevent the password authentication method of Replay Attack

Country Status (1)

Country Link
CN (1) CN106778251A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108564664A (en) * 2017-12-29 2018-09-21 北京悦畅科技有限公司 Management method, the device and system of parking farm software
CN111428232A (en) * 2020-03-17 2020-07-17 德施曼机电(中国)有限公司 Password processing method and device for encrypted input and intelligent lock
CN114465804A (en) * 2022-02-16 2022-05-10 贵州福润德文化产业发展有限公司 Instruction encryption and decryption method capable of resisting replay attack

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103368735A (en) * 2012-04-06 2013-10-23 中兴通讯股份有限公司 Authentication method, device and system of accessing application into intelligent card
CN103916363A (en) * 2012-12-30 2014-07-09 航天信息股份有限公司 Communication security management method and system for encryption machine
CN104780049A (en) * 2015-04-15 2015-07-15 四川量迅科技有限公司 Method for safely reading and writing data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103368735A (en) * 2012-04-06 2013-10-23 中兴通讯股份有限公司 Authentication method, device and system of accessing application into intelligent card
CN103916363A (en) * 2012-12-30 2014-07-09 航天信息股份有限公司 Communication security management method and system for encryption machine
CN104780049A (en) * 2015-04-15 2015-07-15 四川量迅科技有限公司 Method for safely reading and writing data

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108564664A (en) * 2017-12-29 2018-09-21 北京悦畅科技有限公司 Management method, the device and system of parking farm software
CN111428232A (en) * 2020-03-17 2020-07-17 德施曼机电(中国)有限公司 Password processing method and device for encrypted input and intelligent lock
CN114465804A (en) * 2022-02-16 2022-05-10 贵州福润德文化产业发展有限公司 Instruction encryption and decryption method capable of resisting replay attack
CN114465804B (en) * 2022-02-16 2024-03-26 贵州福润德文化产业发展有限公司 Instruction encryption and decryption method capable of resisting replay attack

Similar Documents

Publication Publication Date Title
US9413535B2 (en) Critical security parameter generation and exchange system and method for smart-card memory modules
CN105827573B (en) System, method and the relevant apparatus of internet of things equipment strong authentication
JP2010250837A5 (en)
CN109272609A (en) A kind of CPU safety door inhibition control method and system
CN106027457B (en) A kind of ID card information transmission method and system
CN107392001B (en) Authorization method, system and card
CN112905965B (en) Financial big data processing system based on block chain
CN104574652B (en) The increase of IC-card blowdown data, the method reduced and IC-card
CN106161442A (en) A kind of system control user login method
EP3428830B1 (en) Id-token with secure microcontroller
CN107196932A (en) Managing and control system in a kind of document sets based on virtualization
CN106778251A (en) Prevent the password authentication method of Replay Attack
CN107295024A (en) It is a kind of to realize the method that web front end is landed safely and accessed
CN106657098A (en) Authentication method, apparatus and system for logging in Linux operating system
CN101494542A (en) Authentication method between multimedia device and smart card
CN107423609B (en) Authorization system, method and card
CN103324971B (en) A kind of smart card system and dynamic key thereof upgrade authentication method
CN110738764A (en) Security control system and method based on intelligent lock
CN110245534A (en) A kind of high security radio-frequency identification method based on two-way authentication, device and system
CN104579673B (en) Interactive authentication method between RFID card and card reader
CN206097120U (en) Sound authentication safety key dish with self -destruction function
KR101635278B1 (en) Multi-factor authentication with dynamic handshake quick-response code
CN107480485A (en) The factory reset system and method for information safety devices
EP3336736B1 (en) Auxiliary id token for multi-factor authentication
CN111292089A (en) PSAM card protection management method and PSAM card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170531

WD01 Invention patent application deemed withdrawn after publication