CN101964792A - Multimode mapping based strong authentication method - Google Patents
Multimode mapping based strong authentication method Download PDFInfo
- Publication number
- CN101964792A CN101964792A CN2010102956524A CN201010295652A CN101964792A CN 101964792 A CN101964792 A CN 101964792A CN 2010102956524 A CN2010102956524 A CN 2010102956524A CN 201010295652 A CN201010295652 A CN 201010295652A CN 101964792 A CN101964792 A CN 101964792A
- Authority
- CN
- China
- Prior art keywords
- password
- matrix
- user
- website server
- character
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a multimode mapping based strong authentication method, comprising the following steps of: S1, setting a password command under a safety state by a user; S2, recording the password command corresponding to a user ID (Identity) by a website server; S3, providing a dynamic command matrix according to the user ID in real time by the website server in a logging-in state; S4, searching the command matrix by the user according to the password command to obtain a corresponding matrix password, and inputting the matrix password by the user for logging-in; and S5, carrying out identify verification on the user by the website server according to the user ID and the matrix password. The invention has the advantages of dynamic property, real time, convenience, strong safety, and the like and solves the problem of unavailable identity verification because the password is forgotten in the traditional password system.
Description
Technical field
The present invention relates to field of computer information security, particularly a kind of strong authentication method based on the multimode mapping.
Background technology
Universal day by day along with the popularization of information technology and network application, people's life more and more depends on computer.People enjoy that computer system provides simultaneously easily, also be faced with the risk of various information securities, as leakage of personal information, account number cipher be stolen, user's USB flash disk is lost, the leakage of information of the webserver side of having malice etc.In October, 2009, Windows Live Hotmail and other service providers of Gmail, Yahoo, Microsoft are attacked by phishing, surpass 30,000 username and passwords and are revealed.A few days ago; Search Security website is at 358 information-based directors' investigation; most of people think that single password protection can't guarantee the demand for security of authentication and Access Management Access: 74% interviewee thinks that the password that the user of information system need remember is too many; surpass 56% interviewee and represent their the user's password of resetting that often wants help; 79% interviewee announces that they spend in the Identity Management field with investment, and 64% interviewee has considered to buy cipher token.
Cryptosystem is the universal way of the identification user identity on the present Internet, and cryptosecurity is a key problem of authentication.When carrying out authentication, traditional method requires user directly input user ID and password on webpage usually, user ID and password are to pass to server with form expressly, this method operates simple relatively, but but exist a lot of potential safety hazards: at first, for the ease of memory, user's more options birthday, telephone number etc. are as password, and the hacker can constantly attempt and be easy to breaking a code by the violence program; Secondly, the hacker utilizes means such as mail, fishing website swindle and wooden horse to obtain user's password easily; The 3rd, when the user forgets Password, need to adopt modes such as mail or phone to fetch password, increased insecurity and inconvenience.And along with The rise of electronic commerce, though USB Key authentication mode has improved fail safe widely, it also is accompanied by the cost height, the user need carry and the easy damage of equipment etc. caused the awkward factor of user.
Summary of the invention
The objective of the invention is to overcome above-mentioned shortcoming and defect, a kind of strong authentication method based on the multimode mapping is provided, this method has dynamically, in real time, advantage such as convenient, strong safety, and solved that the conventional cipher system brings can't carry out the problem of authentication because of forgetting Password.
The objective of the invention is to realize by following technical method: a kind of strong authentication method based on the multimode mapping as shown in Figure 1, may further comprise the steps:
S1, user are provided with a password password under safe condition, enter step S2;
S2, Website server are noted password password respective user ID, enter step S3;
S3, when the user logins, Website server provides a dynamic password matrix in real time according to user ID, enters step S4;
S4, user search the password matrix according to the password password, obtain corresponding matrix pin, and the input matrix password is logined, and enters step S5;
S5, Website server carry out authentication according to user ID and matrix pin to the user.
To better implement the present invention, described safe condition is realized by escape way, SSL or other cipher modes are set;
Described password password is made up of letter and symbol, and wherein said letter comprises capitalization English letter and small letter English alphabet;
Described matrix pin is made up of numeral.
Preferably, Website server provides a dynamic password matrix in real time according to user ID among the described step S3, and wherein the create-rule of password matrix is:
(1) the password matrix adopts the display mode of letter, ten numerals of the corresponding 0-9 of symbol, a numeral among the corresponding at random 0-9 of each letter or symbol; The dynamic password matrix will comprise 26 capitalizations and 26 lowercases (totally 52 characters) at least, adds symbol commonly used, and polishing is a multiple character of 10;
(2) Website server is according to user ID record password matrix information, if there is not password matrix record under user's the catalogue, then generate the password matrix of the corresponding numeral of character according to random algorithm, hypothesis matrix has n character, then average every n/10 the corresponding same numeral of character;
(3) if there is user's password matrix record in the Website server, then Website server is searched the record of last password matrix, have n/20 character to randomly draw from the corresponding character of last time record in n/10 the character of each numeral correspondence of this submatrix, n/20 character randomly drawed in addition; When the password matrix of user ID correspondence record surpasses n/10 time, then empty record, adopt regular (2) to generate the dynamic password matrix.
Preferably, described random algorithm is by one or more realizations in linear congruence algorithm, BBS pseudorandom number generator and the ANSIX9.17 pseudorandom number generator.
Preferably, described step S3, when the user logins, Website server provides a dynamic password matrix in real time according to user ID, specifically may further comprise the steps:
S3.1, when the user logins, the user imports user ID, and to Website server acquisition request password matrix, enters step S3.2;
S3.2, Website server receive the request that the user obtains the password matrix, check the password matrix record of this user ID correspondence, if there is not record, then enter step S3.3; If corresponding password matrix record is arranged, then enters step S3.4;
S3.3, Website server generate the password matrix at random according to dynamic password matrix create-rule (2), and newly-generated password matrix is passed to the user;
S3.4, Website server generate the password matrix according to dynamic password matrix rule (3), and newly-generated password matrix is passed to the user.
Preferably, described newly-generated password matrix is passed to the user, be meant that specifically website service passes to the user by the SSL mode with newly-generated password matrix.
Preferably, described step S4, user search the password matrix according to the password password, obtain corresponding matrix pin, and the input matrix password is logined, and specifically is meant:
The user searches the numeral of each character correspondence in the password password according to the password password in the password matrix that Website server provides, obtain a matrix pin of being made up of numeral, and the input matrix password is logined.
Preferably, described step S5, Website server carry out authentication according to user ID and matrix pin to the user, specifically may further comprise the steps:
The dynamic password matrix that S5.1, Website server are searched the user cipher password and this time generated according to user ID enters step S5.2;
S5.2, Website server are searched the numeral of each character correspondence in user's the password password in the password matrix, draw corresponding numeric string, enter step S5.3;
S5.3, Website server compare the matrix pin of numeric string and user's input, if identical then by checking, on the contrary then can not be by checking.
Compared with prior art, the present invention has following beneficial effect:
The first, dynamic: the present invention takes to provide password contrast matrix to provide dynamic password to user's mode by server in entry stage, the password matrix is to generate at random by certain principle, the password of each login is all different, solved well static password easily by wooden horse steal, problem such as network monitoring obtains.
The second, real-time: the user enters entry stage at every turn, server all provides a dynamic password contrast matrix in real time, and the user searches the password matrix according to the password of oneself and obtains password, and the password matrix provides in real time, the user does not know login password before the login, has improved fail safe greatly.
What three, solved that the conventional cipher system brings can't carry out the problem of authentication because of forgetting Password.During login, server can provide dynamic password contrast matrix in real time, and the user only needs to search matrix according to the simple challenge that oneself is provided with can draw login password, and need not to remember complex password, has solved the problem that forgets Password.
Four, safe: dynamic password contrast matrix is generated in user's entry stage in real time by server, and take the mode of server according to user ID record password matrix information, if there is not password matrix record then to adopt certain random algorithm generator matrix at random, if password matrix record last time is arranged, then there is half character from the corresponding character of last time record, to randomly draw in n/10 the character of each numeral correspondence of matrix, half character is randomly drawed in addition, effective like this threat that has prevented that known plain text attack and network monitoring from calculating password.
Five, convenience: the user does not need to remember complex password, does not need to carry hardware device yet, only need remember that the own simple password password of setting just can search dynamic password and contrast matrix and draw login password, and is very convenient.
Description of drawings
Fig. 1 is the workflow diagram of a kind of strong authentication method based on multimode mapping of the present invention;
Fig. 2 is the workflow diagram of a kind of strong authentication method based on multimode mapping among the embodiment one.
Embodiment
Below in conjunction with embodiment and accompanying drawing, the present invention is described in further detail, but embodiments of the present invention are not limited thereto.
Embodiment one
A kind of strong authentication method based on the multimode mapping as shown in Figure 2, may further comprise the steps:
S1, user are provided with a password password under safe condition, safe condition can be by being provided with escape way, SSL or adopting other cipher modes to realize, (consideration safety problem can be made up of some symbols of upper and lower case letter and regulation in the password password, password length should be greater than 6 characters), enter step S2;
S2, Website server enter step S3 according to user ID recording user password password (for example the user ID of user A is UserA, and then server is just preserved the password password of user A under the catalogue of UserA);
S3, user import user ID, and to Website server acquisition request password matrix, enter step S4 when login;
S4, Website server receive the request that the user obtains the password matrix, check the password matrix record of this user ID correspondence, if there is not record, enter step S5; If corresponding password matrix record is arranged, then enters step S6;
S5, server are passed to the user according to the password matrix that random algorithm generates the corresponding numeral of character, the password matrix is got 60 characters, comprising 26 capitalizations and 26 lowercases, and 8 conventional signs, numeral between the corresponding at random 0-9 of each character, the corresponding same numeral of average per 6 characters enters step S7;
The record of S6, the last password matrix of whois lookup, according to last password matrix record, generate this submatrix, there are 3 characters from the corresponding character of last time record, to randomly draw in 6 characters of each numeral correspondence of matrix, other 3 characters are randomly drawed, and enter step S7;
S7, server also are sent to the user to the password matrix according to the password matrix that the user ID record this time generates, and enter step S8;
S8, server are checked the password matrix record number of user ID correspondence, if surpass 6 password matrix records, then empty record, do not surpass 6 records, then enter step S9;
S9, user search the numeral of each character correspondence of password according to the password password in the dynamic password matrix that server provides, obtain the string number password, and the input digit password is logined, and enters step S10;
The dynamic password matrix that S10, server are searched the user cipher password and this time generated according to user ID, draw numeric string according to user cipher password and password matrix correspondence, the numerical ciphers of numeric string and user input is compared, if identical then by checking, on the contrary then can not be by checking.
Among above-mentioned steps S5 and the step S6, described password matrix, it is the display mode that adopts letter, ten numerals of the corresponding 0-9 of symbol, a numeral among the corresponding at random 0-9 of each letter or symbol, get 60 characters according to fail safe and ease for use principle herein, wherein comprise 26 capitalizations and 26 lowercases and 8 conventional signs.
Among the step S6, server generates the password matrix according to the record of last password matrix, because if the identical number of characters that submatrix caught up with in each digital 6 corresponding character is many more at every turn, the easy more threat that is subjected to network monitoring reckoning password, and the each identical character of corresponding 6 characters of each numeral is few more, the easy more known plain text attack that suffers, so taking has 3 characters to randomly draw correspondence, other 3 strategies that character is randomly drawed from the corresponding character of last time record in 6 corresponding characters of each numeral of matrix.
The form of dynamic password contrast matrix in the present embodiment one is shown in Table 1:
● the character of password matrix: get 60 characters according to fail safe and ease for use principle, wherein comprise 26 capitalizations and 26 lowercases and 8 conventional signs, the user is provided with the password password and will chooses from these 60 characters, can not choose non-existent character in the password matrix.
● the character of password matrix and digital corresponding relation: a numeral among the corresponding at random 0-9 of each character in the password matrix, distribute the corresponding same numeral of average per 6 characters according to random algorithm.
The foregoing description is a preferred implementation of the present invention; but embodiments of the present invention are not limited by the examples; other any do not deviate from change, the modification done under spirit of the present invention and the principle, substitutes, combination, simplify; all should be the substitute mode of equivalence, be included within protection scope of the present invention.
Claims (8)
1. the strong authentication method based on the multimode mapping is characterized in that, may further comprise the steps:
S1, user are provided with a password password under safe condition;
S2, Website server are noted password password respective user ID;
S3, when the user logins, Website server provides a dynamic password matrix in real time according to user ID;
S4, user search the password matrix according to the password password, obtain corresponding matrix pin, and the input matrix password is logined;
S5, Website server carry out authentication according to user ID and matrix pin to the user.
2. according to the described a kind of strong authentication method of claim 1, it is characterized in that described step S1 safe condition is by being provided with escape way, SSL realization based on the multimode mapping;
Described step S2 password password is made up of letter and symbol, and wherein said letter comprises capitalization English letter and small letter English alphabet;
Described step S4 matrix pin is made up of numeral.
3. according to the described a kind of strong authentication method based on the multimode mapping of claim 2, it is characterized in that Website server provides a dynamic password matrix in real time according to user ID among the described step S3, wherein the create-rule of password matrix is:
(1) the password matrix adopts the display mode of letter, ten numerals of the corresponding 0-9 of symbol, a numeral among the corresponding at random 0-9 of each letter or symbol; The dynamic password matrix comprises 26 capitalizations and 26 lowercases at least, adds symbol commonly used, and polishing is a multiple character of 10;
(2) Website server is according to user ID record password matrix information, if there is not password matrix record under user's the catalogue, then generate the password matrix of the corresponding numeral of character according to random algorithm, hypothesis matrix has n character, then average every n/10 the corresponding same numeral of character;
(3) if there is user's password matrix record in the Website server, then Website server is searched the record of last password matrix, have n/20 character to randomly draw from the corresponding character of last time record in n/10 the character of each numeral correspondence of this submatrix, n/20 character randomly drawed in addition; When the password matrix of user ID correspondence record surpasses n/10 time, then empty record, adopt regular (2) to generate the dynamic password matrix.
4. according to the described a kind of strong authentication method of claim 3 based on the multimode mapping, it is characterized in that described random algorithm is by one or more realizations in linear congruence algorithm, BBS pseudorandom number generator and the ANSI X9.17 pseudorandom number generator.
5. according to the described a kind of strong authentication method of claim 3, it is characterized in that based on multimode mapping, described step S3, when the user logins, Website server provides a dynamic password matrix in real time according to user ID, specifically may further comprise the steps:
S3.1, when the user logins, the user imports user ID, and to Website server acquisition request password matrix;
S3.2, Website server receive the request that the user obtains the password matrix, check the password matrix record of this user ID correspondence, if there is not record, then enter step S3.3; If corresponding password matrix record is arranged, then enters step S3.4;
S3.3, Website server generate the password matrix at random according to dynamic password matrix create-rule (2), and newly-generated password matrix is passed to the user;
S3.4, Website server generate the password matrix according to dynamic password matrix rule (3), and newly-generated password matrix is passed to the user.
6. according to the described a kind of strong authentication method of claim 5, it is characterized in that, described newly-generated password matrix is passed to the user, be meant that specifically website service passes to the user by the SSL mode with newly-generated password matrix based on multimode mapping.
7. according to the described a kind of strong authentication method based on the multimode mapping of claim 5, it is characterized in that described step S4, user search the password matrix according to the password password, obtain corresponding matrix pin, the input matrix password is logined, and specifically is meant:
The user searches the numeral of each character correspondence in the password password according to the password password in the password matrix that Website server provides, obtain a matrix pin of being made up of numeral, and the input matrix password is logined.
8. according to the described a kind of strong authentication method of claim 7, it is characterized in that described step S5, Website server carry out authentication according to user ID and matrix pin to the user, specifically may further comprise the steps based on the multimode mapping:
The dynamic password matrix that S5.1, Website server are searched the user cipher password and this time generated according to user ID;
S5.2, Website server are searched the numeral of each character correspondence in user's the password password in the password matrix, draw corresponding numeric string;
S5.3, Website server compare the matrix pin of numeric string and user's input, if identical then by checking, on the contrary then can not be by checking.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010295652 CN101964792B (en) | 2010-09-27 | 2010-09-27 | Multimode mapping based strong authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010295652 CN101964792B (en) | 2010-09-27 | 2010-09-27 | Multimode mapping based strong authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101964792A true CN101964792A (en) | 2011-02-02 |
| CN101964792B CN101964792B (en) | 2013-06-12 |
Family
ID=43517525
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010295652 Expired - Fee Related CN101964792B (en) | 2010-09-27 | 2010-09-27 | Multimode mapping based strong authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101964792B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102202067A (en) * | 2011-07-15 | 2011-09-28 | 席勇良 | Dynamic random cipher registration method |
| CN102984260A (en) * | 2012-11-29 | 2013-03-20 | 胡浩 | Internet account number and password information management method and system |
| CN103297391A (en) * | 2012-02-27 | 2013-09-11 | 成都谛听科技有限公司 | Graphical dynamic password inputting and verifying method |
| CN108462571A (en) * | 2017-02-20 | 2018-08-28 | 申彦伦 | A method of generating Crypted password using dynamic digital |
| CN114467283A (en) * | 2021-11-24 | 2022-05-10 | 百果园技术(新加坡)有限公司 | Identity authentication method, device, terminal, storage medium and program product |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080244700A1 (en) * | 2006-05-24 | 2008-10-02 | Osborn Steven L | Methods and systems for graphical image authentication |
| CN101316166A (en) * | 2008-07-07 | 2008-12-03 | 张寄望 | Dynamic password identity authentication method based on accidental character set |
-
2010
- 2010-09-27 CN CN 201010295652 patent/CN101964792B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080244700A1 (en) * | 2006-05-24 | 2008-10-02 | Osborn Steven L | Methods and systems for graphical image authentication |
| CN101316166A (en) * | 2008-07-07 | 2008-12-03 | 张寄望 | Dynamic password identity authentication method based on accidental character set |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102202067A (en) * | 2011-07-15 | 2011-09-28 | 席勇良 | Dynamic random cipher registration method |
| CN102202067B (en) * | 2011-07-15 | 2016-06-08 | 席勇良 | Dynamic random cipher registration method |
| CN103297391A (en) * | 2012-02-27 | 2013-09-11 | 成都谛听科技有限公司 | Graphical dynamic password inputting and verifying method |
| CN102984260A (en) * | 2012-11-29 | 2013-03-20 | 胡浩 | Internet account number and password information management method and system |
| CN108462571A (en) * | 2017-02-20 | 2018-08-28 | 申彦伦 | A method of generating Crypted password using dynamic digital |
| CN108462571B (en) * | 2017-02-20 | 2020-10-02 | 申彦伦 | Method for generating encrypted password by using dynamic number |
| CN114467283A (en) * | 2021-11-24 | 2022-05-10 | 百果园技术(新加坡)有限公司 | Identity authentication method, device, terminal, storage medium and program product |
| WO2023092345A1 (en) * | 2021-11-24 | 2023-06-01 | 百果园技术(新加坡)有限公司 | Identity authentication method and apparatus, and terminal, storage medium and program product |
| CN114467283B (en) * | 2021-11-24 | 2024-02-09 | 百果园技术(新加坡)有限公司 | Identity authentication method, device, terminal, storage medium and program product |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101964792B (en) | 2013-06-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Tian et al. | Needle in a haystack: Tracking down elite phishing domains in the wild | |
| CN103973651B (en) | Setting, querying method and device are identified based on the account password of salt cryptographic libraries is added | |
| US9379896B1 (en) | Compromised password mitigation | |
| US20150143483A1 (en) | Device and Method for Identity Authentication Management | |
| US20090276839A1 (en) | Identity collection, verification and security access control system | |
| CN101964792B (en) | Multimode mapping based strong authentication method | |
| AlFayyadh et al. | Improving usability of password management with standardized password policies | |
| US20110083172A1 (en) | Increase entropy of user-chosen passwords via data management | |
| Li et al. | Email as a master key: Analyzing account recovery in the wild | |
| CN103685149B (en) | The method and apparatus for handling the password of game server | |
| US10754814B1 (en) | Methods and systems for image-based authentication | |
| Jadhao et al. | Survey on authentication password techniques | |
| CN102164137A (en) | Strong authentication method based on dynamic mapping password | |
| CN1992592A (en) | System and method of dynamic password identification | |
| Singhal et al. | Software tokens based two factor authentication scheme | |
| Marky et al. | Assistance in daily password generation tasks | |
| RU2724713C1 (en) | System and method of changing account password in case of threatening unauthorized access to user data | |
| Mirian | Hack for Hire: Investigating the emerging black market of retail email account hacking services | |
| Murugavalli et al. | Enhancing security against hard AI problems in user authentication using CAPTCHA as graphical passwords | |
| US10999322B1 (en) | Anti-phishing system and method using computer vision to match identifiable key information | |
| Mannuela et al. | Level of password vulnerability | |
| AU2011100338A4 (en) | Method and /or device for managing authentication data | |
| Chithra et al. | Pristine PixCaptcha as graphical password for secure eBanking using Gaussian elimination and cleaves algorithm | |
| Joshi et al. | Authentication Using Text and Graphical Password | |
| Imamaliyev et al. | Analysis password-based authentication systems with password policy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130612 Termination date: 20200927 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |