CN113841146A

CN113841146A - Password generation method capable of simultaneously meeting safety and usability

Info

Publication number: CN113841146A
Application number: CN201980094701.7A
Authority: CN
Inventors: 苏云; 希莫
Original assignee: Individual
Current assignee: Individual
Priority date: 2019-04-03
Filing date: 2019-04-03
Publication date: 2021-12-24
Also published as: WO2020095120A1

Abstract

The invention relates to a method for generating a very safe and easy-to-use authentication password. In a password management software developed based on the technical scheme of the invention, intermediate variables called substitution character strings are set, and a string of characters called an apparent password input through a keyboard is converted into a real password output to the outside for identity authentication. Since the apparent password does not participate in the actual authentication, it can be set simply. The substitution character string stored in the software has no practical significance, and only when the authentication password is output, the authentication password is immediately combined according to a preset mixed insertion mode to generate a real password, and then the real password is output to an external password authentication form through one key to execute the actual identity authentication.

Description

Password generation method capable of simultaneously meeting safety and usability

Description

The invention name is as follows: [ password generator satisfying both security and usability ]

[0001] The invention relates to the field of identity authentication of a user name and a password, in particular to a method for generating an authentication password which can meet the requirements of usability and safety at the same time. Background

[0002] The identity authentication mode of the user name and the password is published for half a century till now, and various accounts of the user can be logged in the mode, so that the identity authentication mode is not only an indispensable component of the work of people in the information technology era, but also an important component of the daily life of people.

[0003] The general operation method of the authentication mode is that firstly, an authentication password is required to be generated, a user selects a plurality of single characters from characters such as Arabic numerals, capital and small-case Latin letters, punctuation marks and the like according to a certain habit or password security policy, and the single characters are combined into a character string to serve as the authentication password of the user. Then, the characters are input into a password form needing identity authentication, such as a computer, a mobile phone, various software, an electronic mailbox, a website, a database and the like one by one through a physical or virtual keyboard, or the password is copied and pasted into the password form so as to carry out identity authentication and further contact related protected resources.

[0004] Designing a complex password is the key to the security of the authentication mode, and the so-called password security policy seems to play a crucial role in the process. For more than half a century, people develop many password management methods and strategies which are considered to be high in safety and easy to use, some of the password management methods and strategies are even mandatory, and many large enterprises, various organizations and websites launch own password safety strategies and even develop some hardware products. Due to the cross-industry nature of the authentication mode, almost all industries and the daily life of ordinary people are involved, gradually, people establish some rules and standards, and some basic consensus is achieved. The mainstream view points that the length, the variety of characters contained, the randomness and the uniqueness of the password are key elements of the security password, wherein the length of the password is particularly important. A long string of characters of sufficient length, e.g., more than 10 digits, mixed with numbers, upper and lower case letters, and punctuation marks, and combined out of order, is considered a secure password.

[0005] Some websites provide educational password security check services that determine whether a password is secure by determining the time required to break the password by technical means. For example, the ButterBuys website checks a 12-bit password "abcdefghi jkl" completely composed of lower case letters by using 2019 technology, and the result shows that the password can be cracked only in 100 years. However, the same 12-digit password "ABCDEf-2016 g" with a mixture of digits, punctuation marks and upper and lower case letters shows that it takes 726, 526, 000 years, and more than 7 hundred million years to break the password, which is almost indecipherable! If the sequence of letters, numbers and symbols in the password is disturbed, the randomness of the password is increased, and the difficulty of cracking is further increased. The test results and analysis of the website show that the password with sufficient length and mixed with various characters in disorder is a safe password which is difficult to crack.

[0006] However, the key of the problem is that the greater the number of bits of the password, the more complicated and the more disordered, the more natural password meets the requirement of password security, but the greater the difficulty of memorizing the password by the user, the greater the difficulty of using the password, that is, the very low usability of the very complicated security password. As a user, the user naturally wants to ensure the security of the password while using the password conveniently, but the security and the usability of the password seem to be an opposite relationship for a long time, and the obstacle between the two seems to be difficult to overcome, which is a super problem in the field of password authentication. As a result, the security of the password tends to be compliant with the convenience of use during the actual operation. The user sets a seemingly secure password with the help of the security policy, but the password is copied, posted on a screen or stored in the electronic device in plain code because of being too complicated. The password is safe and dummy, so that the account is exposed to huge risks. More worried about, many users could use the password such as "123456" or "password" to make them, so that such super weak password could be continuously entered into the first and second names of the annual worst password ranking list of the U.S. security software and service provider SplashData website for years, which highlights the frustration and helplessness of most users in the prior art. All things being said, the user is not prohibited from exclamating: the only security is the one you cannot remember!

[0007] As early as 2003, a report was written by the national institute of standards and technology, NIST, special publication 800-63, appendix a, which suggests the setting of security codes: characters, numbers and upper and lower case letters are used, and the password is changed periodically. In 2017, NIST revised the above report, emphasized the importance of the length of the password, recommended that a group of English words be used to form the password instead of single characters, namely "passphrase" instead of "password", no longer recommended that the password be changed regularly, and weakened the role of mixing characters. Since words are easier to remember, longer passwords can be set and used. Given the authority of NIST, the above reports have long been the default cryptographic security policy for government departments, businesses, institutions, and individual users, and are in fact the standard of industry.

[0008] It is known that any security policy is some artificial rule, suggestion or requirement. For example, selecting some vocabulary from dictionary to set password, adopting skill such as replacing "Late" with "L8", selecting irrelevant vocabulary to form "passspase", such as "correct horse battery", or even designing some "vocabulary" only known by oneself. However, such a cryptographic security policy conflicts with the requirement for randomness, and the more artificial factors, the worse the randomness, and the less secure the resulting cipher. Since it is undeniably helpful for users to set a strong password, it may be more helpful for unauthorized users and hackers, since they rely on just such a security policy to break the password and they are better at this end than average users or even industry experts. It is also a point that using the english vocabulary will greatly limit the scope of the user.

[0009] The problems in the prior art are concentrated on the weakness and helplessness of the user side in password management. In the half or more century that the authentication mode of the user name and the password comes out, the technology is rapidly developed, various service providers and hackers advance with the time, the encryption and decryption technologies are continuously improved, and the user side cannot be twisted on the password management due to the fund, the technology and the like.

[0010] To address these problems, many third-party and online password management software have been developed to assist users in generating, storing, remembering, and using complex passwords for authentication. The software plays an important role in helping users to set and store a large number of complex passwords, particularly in memorizing the passwords, and popular management software comprises Dashlane, IPAssword, LastPass and the like. The common characteristic of such software is that the password generated in the software is the password that is actually output and authenticated, and more importantly, confidential information such as the passwords of all accounts is directly encrypted and stored in the password management software, so that the security status is always worried about. Therefore, such software must be provided with a sufficiently secure login password, commonly referred to as the master password, which the user must remember firmly. Thus, the master password becomes the only defense against the security of such software, and once broken, the confidential information stored therein risks being revealed. In view of these shortcomings, some financial institutions and websites are prohibited from using this type of password management software due to account security concerns. Summary of The Invention

[0011] The harsh requirements and the severe current situation on the password security bring huge challenges to the generation, storage, memory and password use, in order to overcome the problems and finally provide a password management method capable of meeting the usability and the security for the user side, the invention provides the following technical scheme: in a password management software developed based on the technical proposal of the invention (hereinafter referred to as the software), when a user arbitrarily selects a single character and inputs the character from a keyboard, the software immediately converts the character into a random character string, which is defined as a substitute character string, and the length or the number of character bits is more than or equal to 1. Now, the software associates a character "n" entered by the user from the keyboard with a character string "& 0m (o". The software recalls from its memory the corresponding character string "& 0m (o" &0 m) when the user again enters the character "n" from the keyboard

[0012]Any one of the characters can be subjected to such random conversion in the present software, for example, the capital letter "K" can be converted into a substitution string "# X9 v", the number "7" can be converted into "c-6 EL", and the symbol can be converted into

To "P9 g," convert the number "0" to "lsG," and so on (FIG. 2). The user now combines the 5 individual characters selected to form a password "nK 7@ 0", defined as the apparent password, with the characters defined as the apparent characters.

[0013] These substitute strings are not the true password for which authentication is ultimately performed, but are merely the product of some intermediate process, which itself has no practical significance, and are separately stored encrypted in the memory of the software. After the character conversion process is completed, the password required for authentication can be generated. Taking the above-mentioned group of converted apparent characters as an example, when the user inputs the 5 apparent characters in turn through the keyboard, that is, inputs the apparent password, the software will immediately call the substitution character strings corresponding to the apparent characters out of the memory in turn, and then combine the substitution character strings in turn according to the special sequence called mixed insertion mode preset by the user to form a longer character string, that is, the true password for implementing authentication. Then, the software is output to a password form for implementing external authentication by using the one-key function of the software, or the software is copied and pasted to the password form. For convenience of description, the apparent password and the real password are defined as a password pair.

[0014] The present invention emphasizes the irreplaceable important role of randomness on password security. The length of the password is certainly a requirement for security, but if a long password lacks randomness, such as "passphrase" or "password" generated based on some password security policy, the important role played by the password length is greatly reduced. After all, the artificial strategy is to eliminate some uncertainty and thus lack randomness, which helps the user and leaves the hacker with a chance. Therefore, a password is unique only by increasing its randomness, increasing its uncertainty, making it erratically searchable and policy-free, and thus cannot be used by hackers. Thus, randomness is a sufficient condition for cryptographic security. Brief description of the drawings

[0015] In order to more clearly and accurately describe the technical solution of the embodiment of the present invention, the drawings needed in the embodiment will be briefly described below. It is clear that the drawings described below are only some embodiments of the application, from which other relevant drawings can be derived by those skilled in the art without inventive effort.

[0016] Fig. 1 is a schematic diagram of a method for converting a single character into a character string according to an embodiment of the present invention.

[0017] FIG. 2 is a schematic diagram of converting a set of apparent characters into a set of substitute character strings according to an embodiment of the present invention.

[0018] Fig. 3 is a flowchart illustrating combining and generating a true password according to a predetermined mixed insertion manner according to an embodiment of the present invention.

[0019] FIG. 4 is a schematic diagram of modifying and outputting a true password according to an embodiment of the present invention. Description of the embodiments

[0020] In order to make the technical solutions and the problems that can be solved by the present invention clearer, the technical solutions of the present invention will be described in detail and completely with reference to the accompanying drawings and embodiments. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments, especially in the full and complete definition of the mixed insertion mode. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, shall fall within the scope of protection of the present invention.

[0021] The embodiment of the invention provides a method for generating an identity authentication password, which is safe and easy to use, so as to solve the contradiction between the password safety and the usability in the prior art. The key of the invention is to introduce an intermediate variable called substitution character string, to divide the password input from the keyboard and the password output from the software for identity authentication into two different concepts, to give different definitions and different generation methods. The purpose of such character substitution is, firstly, to ensure the security and convenience of a password input from a keyboard. Since the actual password for authentication is not entered via the keyboard, this password can be set very individually in a simple manner. Secondly, the security and convenience of the password for identity authentication output from the software are ensured. The real passwords of all accounts are not directly stored in the software, but when the real passwords need to be output for authentication, the stored related substitution character strings are called out from the memory, combined immediately according to a special mixed insertion mode, the real passwords for authentication are generated, and then the real passwords are output to an external password form. Therefore, the invention respectively strengthens the safety and the usability on the two passwords, and solves the problem that the prior art can not realize the usability and the safety of the authentication password all the time and simultaneously meets the requirements. A detailed description of the embodiments will be developed in several steps.

[0022] Fig. 1 is a schematic diagram of a method for converting a single character into a substitute character string according to an embodiment of the present invention.

Inputting a single character in a character form below an apparent password column; after the digit of the substituted character string is selected from a drop-down menu below the character digit column, the substituted character string is generated; clicking the substitute character string under the column of the "substitute character string" can change the character combination in the column. When the characters input by the user from the keyboard are the small-case Latin letters 'n' and the character digit is selected to be '5', the random character string generated by the software conversion is

"& 0m (o". The conversion of such a single character is referred to as a "single character substitution".

[0023]Any common character used by a computer may be subject to such character conversion, for example, converting the capital Latin letter "K" to a substitute string "# X9 v", converting the number "7" to "c-6 EL", and converting the number "7" to "c-6 EL

Conversion to "P9 g," conversion of the number "0" to "lsG," and so on.

[0024] Fig. 2 is a schematic diagram of converting a set of apparent characters into a set of substitute character strings according to an embodiment of the present invention.

Functionally, it is a collection of several individual character conversion functions as shown in FIG. 1. The specific method comprises the following steps:

1) in fig. 2, a number, for example "5", is entered in the "numeric form" on the right side of the "apparent character" column, and 5 single-character substitutions appear below, wherein an apparent character is entered in each "character form". Directly clicking the 'apparent character' column, and changing the 5 characters by one key;

2) in fig. 2, a number, for example, "21", is entered in the "digit list" on the right side of the "character digit" column, and the total number of digits of the characters of 5 substitute character strings is defined, and the number of digits of the substitute character strings is selected in the pull-down menu below the "character digit" column. The 5-digit numerical value can be changed by one key by directly clicking the character digit column;

3) after the number of character digits is determined, 5 substitute character strings are generated immediately. Clicking them respectively can change the character combination, or directly clicking the 'substitute character string' column, and changing their character combination by one key. After the setting is completed, all the replacing character strings are separately encrypted and stored in the software.

[0025] Fig. 3 shows the process of combining and outputting the real passwords in a specific order set by the user: on the basis of fig. 2, a method and an order for combining the respective substitute character strings, that is, a mixed insertion manner, are added. The mixed insertion mode of each substitute character string, for example, "6 wP", etc., can be selected in a drop-down menu under the "mixed insertion mode" column, and the specific meaning of such designation will be explained in detail below. Or directly clicking the mixed insertion mode column to change the mixed insertion mode column by one key.

[0026]After the above setting is completed, the apparent password "nK 7@ 0" is displayed at the lower left of FIG. 3, and when this key is clicked, a 21-digit character string is generated in the password box at the right side "&0m（_O#X9_VC6ELP9 glsG', which is the true password output to the outside for identity authentication. The true password is generated by combining 5 replacing character strings by using the simplest end-to-end mixed insertion mode, wherein the true password comprises 5 Arabic numerals, 6 lower-case letters, 5 upper-case letters and 5 punctuation marks. [0027]It should be noted that the apparent code block and the real code block at the bottom of fig. 3 are additional simulated code blocks for explaining the technical scheme of the present invention, which are not the real functions of the present software, because the real codes of the respective accounts are not stored in the present software.

[0028] In a specific example of the conversion mode in fig. 3, if the number of bits of each substitute character string is set to "1", the software does not need to perform character conversion, and each substitute character string becomes a single character and is equal to the corresponding apparent character, so that the apparent password is identical to the real password.

[0029] At this point, the apparent password and the true password of an account, i.e., the password pair of the account, are set.

Because the apparent password is not the password for actual identity authentication, the method can be set to be simpler and more personalized as long as the user can easily remember and use the apparent password, but the apparent password must be converted into a strong real password, which is just recorded! The real password generated by the software is very complex and is safe enough, but the user does not need to memorize the real password and input the real password manually for identity authentication. It can be seen that the security and ease of use of the password are simultaneously embodied in the one password pair. In addition, the software only stores all the replacing character strings, but does not store the real passwords of any account, so that the security of the account passwords is extremely improved, and the greatest hidden danger of the password management software in the prior art is made up.

[0030] When the password is input into a BetterBuys website for detection, the given conclusion is 'Infinity', meaning 'infinite', which means that the password can not be cracked forever, and the password is unique and meets all requirements of security passwords.

[0031] To further enhance the security of the real password, the user may select a more complicated method for generating the real password, which mainly depends on the selection of the mixed insertion method. The mode of fig. 3 is described as follows: example 1

[0032] When the characters "n" and "K" are respectively input into the character form, the software generates two corresponding replacing character strings "& 0m (o" and "# X9 v". the mixed insertion mode for combining the latter on the former is as follows:

[0033] the first mixed insertion method is to take the character string "# X9 v" as a whole and insert it into the previous character string

The character string "& 0m (o" has 6 insertion points in total, and is sorted from "1" to "6" starting from the left side of the character "&", the insertion points are selected between the position "2" or the character "&" and "0", and the character string of "K" is inserted into it in its entirety in a positive order from the left to the right, resulting in a 9-bit temporary character string "& # X9v0m (o", the mixed insertion mode being denoted as "2 wP", the number "2" representing the position of the insertion point, and the capital letter "P" representing the positive order, and if the same insertion point is inserted in a reverse order from the right to the left, the resulting temporary character string is "& v9X #0m (o", denoted as "2 wR", the capital letter "R" indicates the reverse order, i.e., the character string "# X9 v" is inverted to "v 9X #" and then inserted. It is easy to calculate that the character string of "K" has 12 possible mixed insertion modes, and 12 different temporary character strings with 9 digits can be combined.

[0034] The software provides a plurality of mixed insertion modes for combining the substitute character strings, which are respectively marked by alphabets and numbers, and each mark represents the sequence and the method for mixing and inserting the substitute character strings. In the above-mentioned interpolation manner, the aforementioned designation "6 wP" in fig. 3 means that the character string "# X9 v" is entirely inserted in positive order at the tail end of the previous replacement character string "& 0m (i.e., at the 6 th insertion point), and the 9-bit temporary character string" & # X9v0m is obtained (the interpolation manner of the designation "10 wP" is that the replacement character strings "c to 6 EL" are entirely inserted, the rightmost side of the temporary character string, namely the 10 th insertion point, is inserted in the positive sequence to obtain a 14-bit temporary character string, and so on, the meanings of the marks of '15 wP' and '18 wP' can be known until the final real password is generated, and it is easy to calculate that when the 5 substitution character strings are combined according to the mixed insertion mode, 98 different real passwords can be generated in total, and embodiment 2.

[0035]The second kind of mixed insertion mode is a shuffling method simulating playing card game, and the software is set to mix and insert the K character string into the n character string and to mark the mixed insertion mode with the letter "s". Selecting and replacing character string "&0m (position "3" of oInserting point, inserting character string "# X9 v" in positive order at intervals of "1", and obtaining a 9-digit temporary character string "&0# mX (9ov ", this intermingled insertion is denoted" 3sPGL ", the letter" G "denotes equal spacing, and the" 1 "on the right side thereof is the spacing value if the same insertion point is inserted in reverse order, the resulting temporary string is" v9&X0#m (_O", denoted" 3 sRGB ". The easily lj removes 2 repeated results of the first type of mixed insertion mode, and the character string of "K" has 10 possible mixed insertion results. It is easy to calculate, after the 5 replaced character strings are all mixed and inserted according to the mixed and inserted mode, 90 different real passwords can be generated altogether.

[0036] When different interval values are selected, such as "2", "3" or "4", many kinds of labeled interpolation patterns and more real passwords are generated. If the mixing and inserting mode with unequal intervals is selected, for example, the sequences "1, 3,

5. 7 ", or" 2, 4, 6, 8 ", or a fibonacci number series, or a larger span or even an unordered interval value, will generate more temporary strings as well as a true password. All the mixed insertion modes are set in the software for the user to select. In actual use, a user probably knows the meanings of various marks without memorizing the marks, and the convenience of password setting is fully exerted by using the one-key function of the mixed insertion mode column as far as possible. 0037 the mixed insertion method is important because all the replaced character strings are generated randomly and stored in an encrypted way, and have no practical meaning, but after being stored, the character structures are fixed, namely the sequence among the characters is fixed, which is equivalent to certain regularity. Therefore, in consideration of absolute security, the sequence and structure of the original replaced character string should be disturbed fully and thoroughly when the real password is generated, the requirement for randomness is fully satisfied on the premise of ensuring the password length, a truly secure authentication password is set, and the security concept that the only security is the password independent of the artificial policy is realized.

[0038] After the technical scheme of the invention is adopted, the password is designed by using 'passspase' or 'password', so that the difference is not great. Selecting a few words in the English dictionary (although we do not suggest doing so), no matter whether the user understands them or not, the unique mixed insertion mode of the present invention is used to completely break up their existing sequence and meaning, and the safe password can be generated out-of-order, randomly and without any clues and rules.

Example 3

[0039] Fig. 4 is a schematic diagram of an account modification and true password output. Two parts are separated for detailed description:

1) when a group of asterisks appears in the password box under the column of 'password' in the figure, the password pair of the account is set completely. Clicking the password box pops up a password form, and after the apparent password of the account is input, the password pair setting mode shown in figure 3 is entered, so that the old password pair can be modified.

2) When a real password is output, clicking an arrow icon in the graph pops up a password form, after corresponding apparent password authentication is input, the software immediately combines related substitute character strings to generate the real password, and outputs the real password to an external password form by one key for identity authentication. Or clicking a copy icon in the graph, and after the apparent password authentication of the account is input in the popped password form, copying the generated real password by the software and then pasting the copied real password into an external form for authentication.

[0040] The authentication functions of the three pop-up password forms under the 'password' column in fig. 4 are optional, the user can set the three pop-up password forms as the apparent password of the account, or can directly enter the setting and modifying modes of the password pair by clicking the password box without setting the three pop-up password forms, the real password is output by clicking the arrow icon by one key, and the real password is output by pasting by clicking the copy icon. For users with high requirements on password security, the setting of the three apparent passwords forms a second defense line for own accounts. The setting mode of the password pair can be entered by clicking the password box under the password column, and the apparent password, the substitute character string, the mixed insertion mode and the like of the account are not lost in a list, so that the setting of an authentication password for the modification function is very necessary. Generally, the password does not need to be frequently modified, the function has few opportunities to be used, and it is necessary to set an apparent password to seal account information. The apparent password setting for the other two output keys may vary from person to person. [0041] there are two cases where a password pair needs to be set:

1) and setting a password pair for logging in the software. The apparent password, i.e. the main password, is the only password that the user must remember. The real password is stored in the software, and is the only real password which needs to be stored locally in the invention. It should be emphasized that the main password is not necessarily set to be the same as the three apparent passwords under the column "password" in fig. 4;

2) setting a password pair of an account. The apparent password is responsible for the password authentication function of three functions under the column "password" in fig. 4. The real password in the password pair is generated immediately when output is needed and external authentication is implemented, and the real password is not stored in the software. Industrial applicability

[0042] The software is a tool for realizing the technical scheme of the invention, and the password management software can be developed by referring to the embodiment. After the concept of replacing character strings is introduced, the usability and the safety of the authentication password are simultaneously met, the bottleneck of the prior art is broken through, and the value of the invention in practical application is reflected. Compared with the prior art, the invention has the beneficial effects that:

[0043] the introduction of the concept of replacing character strings enables the password input by a keyboard and the password output by password management software for identity authentication to be changed into two different concepts, and brings a brand-new idea to the field of password setting. In the invention, the corresponding relation between the apparent password and the real password is unique, more importantly, the correct relation can be established for the two passwords only on the terminal of the user who installs the software, and the relation can not be established on any other equipment. The apparent password is a password which is not afraid of being stolen or seen, is not afraid of being sniffed, can be set simply and is convenient to use, and a user can convert a simple and personalized apparent password into an arbitrarily complex real password. What is more valuable in application, when the technical scheme of the present invention is applied to the field of online password management, the beneficial effect is more prominent because the correct association between two passwords can be established only when the online account is registered in the webpage opened on the user's own terminal, and even if the same account is registered through the same webpage on any other terminal, the correct association can never be realized even if the apparent password of the user is cracked, because there is no substitution character string of the intermediate variable. Unless the cracker of the apparent password has the user terminal with the software installed.

[0044] Only one password, i.e. the master password, the user has to remember. Seemingly this would seem the same as the prior art, but in fact there is a substantial difference. The password management software in the prior art depends heavily on the main password, which is the only defense line of account information in the software, and once the information is leaked, the information security of the whole account can be affected. The key difference of the invention is that the software does not directly store confidential information of any account, even in extreme cases, the main password and the terminal of the user are simultaneously revealed to the same malicious user, and a second defense line can protect the security of the account information. This is the advantage and value of the replacement string that does not carry any useful information.

[0045] In the authentication mode of the user name and the password, the weakness and helpless situation of the user side are finally turned back in the invention, and the improvement of the user side in turn benefits the service side, so that the advantage and application value can benefit the invention to a wider range of users.

[0046] The characters to which the present invention relates are mainly ASCI I characters, but are not limited thereto. Characters that can be processed and printed by an operating system in any language can be used in the password setting of the invention, such as UNICODE, even radicals of Chinese, Japanese kana, and the like, thereby further increasing the difficulty of password cracking. List of reference numerals

[0047] 100: principle of conversion of single characters

[0048] 150: principle of conversion of a set of characters

[0049] 152: process for generating real password by combining mixed insertion modes

[0050] 200: setting and modifying of cipher pair and output principle of true cipher

[0051] 120: column of "apparent character

[0052] 122: character form into which apparent characters are entered

[0053] 124: a numeric form defining character substitution terms, or the number of apparent characters, or the number of digits of an apparent password [0054] 140: column of "character digit

[0055] 142: character digit drop-down menu

[0056] 144: digit form for limiting total digits of all substituted character strings in account or digits of real password

[0057] 160: column of' substitution character string

[0058] 162: substitute character string display bar

[0059] 180: column of' mixed insertion mode

[0060] 182: hybrid insertion type labeling

[0061] 202: an account password box enters a password pair setting or modifying mode after being clicked

[0062] 204: and an arrow icon, wherein a real password [0063] 206 is directly output after clicking: copying icon, copying and pasting after clicking to output real password reference file list

Patent document

[0064] Patent document 1, Systems and methods for evaluating a passive policy.

United States Patent： 8769607 (Filed: January 26， 2011 ) ， July 1， 2014. Jerdonet et al.

[0065] Patent document 2, Cloud-based active past manager, United States Patent: 9824208 (Filed: July 6, 2015), November 21, 2017 Cavanagh et al.

[0066] Patent document 3 Systems and methods for providing a viewing a scanned password

manager. United States Patent： 9716706 (Filed: December 29， 2016) . July 25， 2017. Fitzgerald.

[0067] Patent document 4. Method and system for effective password input. Unit States Patent: 10075430 (Filed:) September 2018 Guo non-patent document

[0068] Non-patent document 1: Shay, et al, "Correct house battle stage: expanding the utility of system-assisted passpases,' Symposium On Usable Privacy and Security (SOUPS) 2012, Jul. 11-13, 2012, pp. 1-20.

[0069] Non-patent document 2: Li. Zhiwei, et al, "The Emperor's New paper passed

Manager : Security Analysis of Web-based Password Managers.，’ USENIX Security Symposium. 2014. pp. 465-479.

[0070] Non-patent document 3 Dashlane, a URL, https:// www. Dashlane, com/ñ

[0071] Non-patent document 4 IPAssword, a URL https:// lpassword, com/>

[0072] Non-patent document 5 LastPass, a URL https:// www.lastpass. com/>

[0073] Non-patent document 6 Yubikey, a URL https:// www. yubico. com/> [0074] non-patent document 7 Troy Hunt, "A brief Sony passswered analysis.,' Jun. 6, 2011. A URL https:// www. troyhunt. com/brief-Sony-passswered-analysis/>

[0075] Non-patent document 8 BetterBuy, "Estimating your past learning times, ` a URL ` https:///www

[0076]Non-patent document 9 John Hall, "SplashData, s Top 100 Worst Passwords of2018 _·” Dec. 13, 2018. áURL: https : //www. teamid. com/splashdatas_top-100- worst-passwords-of-2018>

[0077] Non-patent document 10 Grassi, et al, "Digital Identity guidelines, NIST

Special Publication 800-63 _·” Jun. 22， 2017. áURL:

https : //doi. org/10. 6028/NIST. SP. 800-63-3 ñ

[0078] Non-patent document 11 Microsoft "passed Must Meet Complexity

Requirements.” Sep. 8， 2017. áURL: https : //docs. microsoft. com/en- us/windows/ security/ threat-protection/ security-policy-settings/password- must-meet-complexity-requirements>

[0079] Non-patent document 12 Tayler McDowell, "The 10 passed commands," Now.

14， 2016. áURL: http : //blog. nfrontsecurity. com/2016/11/ the-10-password- commandments/>

[0080] Non-patent document 13 Issac, Pandora Security, "10 Command of Passsword Security, ` a URL ` https:// www. pandorabs. net/10-Command-of-passway-Security `

[0081] Non-patent document 14, Dennis 0, Reilly, "Keep your data safe by following the past command," CNET News, Feb 27, 2008. a URL:

https : //www. cnet. com/ news/keep-your-data-saf e-by-fol lowing-the-password- commandments/>

[0082] non-patent document 15 Randall Stross, "A strongpassard isn't the

strongest security.，’ The New York Times, Sep. 4， 2040. áURL:

http : //www. ny times. com/2010/09/05/business/05digi/htmlscp=l&sq=passwprd &^_s t^_cse ñ [0083]Non-patent document 16 Ives B, Walsh K.R. and Schneider H. (2004) "The Domino Effect of Passtrained reuse,’ Communications of the ACM, 47 : 4， 75- 78.

[0084] non-patent document 17 AMP Bank Ltd, Account accesses and operating times and conditions, pp. 16-17. a URL:

https : //www. amp. com. au/personal/banking/ security/bank-terms-and- conditions> |

Claims

claims

[ claim i ] [ a method for generating an authentication password, the method comprising: the user logs in a password management software developed based on the technical scheme of the invention, which is referred to as the software for short; setting the software to convert a single character, defined as an apparent character, into a character string, defined as a substitute character string; a user combines a plurality of apparent characters into a password, the password is defined as the apparent password, and all the apparent characters are converted into a group of the replacing character strings; and the user selects a mixed insertion mode from the software, so that the substituted character string is mixed and inserted into the pre-selected insertion point on the previous substituted character string or the previous temporary character string. Repeating the operation in sequence until the last replacement character string is mixed and inserted to obtain a longer character string which is defined as a real password; by utilizing the one-key function of the software, the substitution character strings are immediately combined to generate a real password, and simultaneously, one key is output or copied and pasted to an external password form to execute the actual identity authentication; the software provides a plurality of mixed insertion modes which are respectively marked by the combination of numbers and letters for the user to select and use; defining the apparent password and the true password as a password pair.

[ claim 2] the password generation method according to claim 1, wherein said software converts one of said apparent characters into said substitution string (100), and the specific operation method of this one-character substitution includes:

1) inputting one of said apparent characters in a character form (122), selecting one of said digit values in a drop down menu (142), said apparent character being converted into said substitute string (162) of a corresponding digit number;

2) clicking the substitute character string (162) to further change the character combination in the substitute character string, wherein the character digit number of the newly generated substitute character string must be equal to the numerical value in the pull-down menu (142).

[ claim 3] the password generation method according to claim 1, wherein one of said apparent passwords is set, said software converts each of said apparent characters thereof into one of said substitute character strings (150), respectively, and further:

1) entering a number in a digital form (124) below which a corresponding number of said one-character substitutions appear, which is also said number of digits of said apparent password;

2) in each character form (122), inputting each apparent character, or clicking an 'apparent character' column (120), and generating or changing all the apparent characters by one key;

3) inputting a number in a digit table (144) to define the total number of digits of all the substitute strings;

4) selecting the number of digits of the substitute character string item by item in each pull-down menu (142), or clicking a 'character digit number' column (140), and generating or changing the number of digits of each substitute character string by one key;

5) clicking on each of the substitute character strings (162) to modify the character combinations therein, or clicking on a "substitute character string" column (160) to modify all the character combinations one by one.

The method of claim 4, wherein said software provides a plurality of said hash patterns, each indicated by a combination of "number + letter" for user selection, each said indication representing a method and sequence of inserting a said substitute string in a hash manner at said insertion point of a previous said substitute string or temporary string.

[ claim 5] the password generation method according to claim 4, wherein said software provides a first type of said hash (182) in which each of said substitute character strings is inserted as a whole into said insertion point in a preceding one of said substitute character string and said temporary character string. The operation is sequentially executed according to the sequence of each substitute character string (162) from top to bottom, and the specific method comprises the following steps:

1) the operation rule of the first item in the label (182) is that one insertion point is set on the first substituted character string (162) under the column of 'substituted character string', the second substituted character string is inserted into the insertion point as a whole in a positive order from left to right or a reverse order from right to left, and a first temporary character string is generated;

2) the operation rule of the second item in the label (182) is that a second insertion point is set on the first temporary character string, and a third replacement character string (162) is integrally inserted into the first temporary character string in a positive sequence or a negative sequence to generate a second temporary character string;

3) and repeating the steps until the last replacing character string is inserted into the previous temporary character string in a positive sequence or a negative sequence, and finishing the setting of the real password.

The method of claim 6, wherein said second type of said shuffle and insert provided by said software is a method of playing card games, wherein each of said substitute character strings is cross-shuffled and inserted into said insertion point in a previous one of said substitute character strings or said temporary character string, in a manner that mimics the shuffling of playing card games. The operations are sequentially executed according to the sequence of each substitute character string (162) from top to bottom, and the specific mixed insertion mode includes, but is not limited to, the following steps:

1) setting the insertion point in the first substitution character string, and inserting the second substitution character string into the first substitution character string in a shuffling mode in a forward sequence or a reverse sequence at equal intervals to generate a first temporary character string;

2) setting a second insertion point in the first temporary character string, and inserting a third replacement character string into the first temporary character string at equal intervals in forward or reverse order in a shuffling manner to generate a third temporary character string;

3) and repeating the steps until the last replacing character string is inserted into the preset insertion point in the previous temporary character string, and finishing the setting of the real password.

[ claim 7] the password generation method according to claim 4, wherein, when the setting of the true password is completed, the combination of each character digit (142), the combination of each substitution string (162), and the combination of each mixed insertion mode (182) are fixed and stored in the software in an encrypted manner.

[ claim 8] the password generation method according to claim 4, characterized in that in the software, the possible mixed insertion modes are classified and marked by the combination of "number + letter", and the classification of the mixed insertion modes includes but is not limited to:

1) the lower case Latin letter 'w' represents that one substitute character string is regarded as a whole and is inserted into the previous substitute character string or the temporary character string;

2) lower case letter "_s"represents that one of the substitute character strings is mixedly inserted into the former one of the substitute character strings or the temporary character string in a shuffled manner;

3) the capital letter "P" represents that the mixed insertion mode is positive from left to right; the capital letter R represents that the mixed insertion mode is in a reverse order from right to left;

4) the capital letter 'G' represents that the mixed insertion mode is at equal intervals, and the numbers listed behind the mixed insertion mode represent interval values; capital letter "N" represents unequally spaced, and the mixed insertion mode is further classified by paralleling the subsequent numbers or number sequences;

5) the designation of each mixed insertion mode can be selected item by item in a corresponding pull-down menu (182), or a 'mixed insertion mode' field (180) can be clicked, and the designation of all the mixed insertion modes can be selected or changed by one key.

[ claim 9] the password production method according to claim 1, wherein there are two methods for generating and outputting the true password at the same time, performing the actual external password authentication (200)_:

1) Clicking an arrow icon (204), popping up a password form, calling out a corresponding group of the substitution character strings (162) from a memory of the software immediately after the apparent password input into the account passes the authentication, combining the substitution character strings according to a preset mixed insertion mode to generate the real password, and directly outputting the real password to the outside to implement the password authentication. The user can choose not to set the apparent password, and the password form will not pop up, but directly output the true password to the external password form for authentication;

2) clicking a copy icon (206), popping up a password form, calling out a corresponding group of the substitution character strings (162) from a memory of the software immediately after the apparent password input into the account passes the authentication, combining the substitution character strings according to a preset mixed insertion mode to generate the real password, and pasting and outputting the real password to the outside to implement the password authentication. The user can choose not to set the apparent password, and the password form will not pop up, but rather paste the real password to the external password form for authentication.

[ claim 10] the password production method according to claim 1, wherein in the software, the specific method for setting and modifying any one of the password pairs is (200):

1) setting the password pair for a newly opened account, clicking a blank password box of the account, entering a setting mode (152) of the password pair, and after the setting of the password pair is finished and quitting, filling the blank password box with a group of asterisks (202);

2) and clicking the password box (202) when the password pair of one account is modified, inputting the apparent password of the account in the popped password form, and entering the setting mode after the apparent password passes the authentication

(152) To perform the necessary modifications;

3) when the main password for logging in the software is set, the setting mode (152) is directly entered, and the main password is required to be memorized by a user. When the main password is modified, the old main password is input into the popped password form, and the setting mode (152) is entered for modification after the authentication is passed.

[ claim 11] the password production method according to claim 1, wherein the memory of the present software stores:

1) storing all of the substitute character strings separately;

2) storing a combination of each character digit (142) for generating the real password (152) and a combination of each preset mixed insertion mode (182);

3) storing the true password corresponding to the master password, which is the true password stored exclusively in the present software. 1