CN101964792B - Multimode mapping based strong authentication method - Google Patents
Multimode mapping based strong authentication method Download PDFInfo
- Publication number
- CN101964792B CN101964792B CN 201010295652 CN201010295652A CN101964792B CN 101964792 B CN101964792 B CN 101964792B CN 201010295652 CN201010295652 CN 201010295652 CN 201010295652 A CN201010295652 A CN 201010295652A CN 101964792 B CN101964792 B CN 101964792B
- Authority
- CN
- China
- Prior art keywords
- password
- matrix
- user
- website server
- character
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a multimode mapping based strong authentication method, comprising the following steps of: S1, setting a password command under a safety state by a user; S2, recording the password command corresponding to a user ID (Identity) by a website server; S3, providing a dynamic command matrix according to the user ID in real time by the website server in a logging-in state; S4, searching the command matrix by the user according to the password command to obtain a corresponding matrix password, and inputting the matrix password by the user for logging-in; and S5, carrying out identify verification on the user by the website server according to the user ID and the matrix password. The invention has the advantages of dynamic property, real time, convenience, strong safety, and the like and solves the problem of unavailable identity verification because the password is forgotten in the traditional password system.
Description
Technical field
The present invention relates to field of computer information security, particularly a kind of strong authentication method based on the multimode mapping.
Background technology
Day by day universal along with the popularization of information technology and network application, people's life more and more depends on computer.People enjoy that computer system provides simultaneously easily, also be faced with the risk of various information securities, as leakage of personal information, account number cipher be stolen, user's USB flash disk is lost, the webserver side of having leakage of information maliciously etc.In October, 2009, Windows Live Hotmail and other service providers of Gmail, Yahoo, Microsoft suffer phishing attacks, surpass 30,000 username and passwords and are revealed.A few days ago; Search Security website is for 358 information-based directors' investigation; most people thinks that single password protection can't guarantee the demand for security of authentication and Access Management Access: 74% interviewee thinks that the password that the user of information system need to remember is too many; surpass 56% interviewee and represent their the user's password of resetting that often wants help; 79% interviewee announces that they spend in the Identity Management field with investment, and 64% interviewee has considered to buy cipher token.
Cryptosystem is the universal way of the identification user identity on present Internet, and cryptosecurity is a key problem of authentication.When carrying out authentication, traditional method requires user directly input user ID and password on webpage usually, user ID and password are to pass to server with form expressly, this method operates relatively simple, but but exist a lot of potential safety hazards: at first, for the ease of memory, user's more options birthday, telephone number etc. are as password, and the hacker can constantly attempt and be easy to breaking a code by the violence program; Secondly, the hacker easily utilizes the means such as mail, fishing website swindle and wooden horse to obtain user's password; The 3rd, when the user forgets Password, need to adopt the mode retrieving passwords such as mail or phone, increased insecurity and inconvenience.And along with the rise of ecommerce, although USB Key authentication mode has improved fail safe widely, it also is accompanied by, and cost is high, the user need carry and equipment such as easily damages at the awkward factor of user that causes.
Summary of the invention
The object of the invention is to overcome above-mentioned shortcoming and defect, a kind of strong authentication method based on the multimode mapping is provided, the method has dynamically, in real time, the advantage such as convenient, strong safety, and solved that the conventional cipher system brings can't carry out the problem of authentication because forgetting Password.
The objective of the invention is to realize by following technical method: a kind of strong authentication method based on the multimode mapping as shown in Figure 1, comprises the following steps:
S1, user arrange a password password under safe condition, enter step S2;
S2, Website server are recorded password password respective user ID, enter step S3;
S3, when the user logins, Website server provides a dynamic password matrix in real time according to user ID, enters step S4;
S4, user search the password matrix according to the password password, obtain corresponding matrix pin, and the input matrix password is logined, and enters step S5;
S5, Website server carry out authentication according to user ID and matrix pin to the user.
To better implement the present invention, described safe condition is realized by escape way, SSL or other cipher modes are set;
Described password password is comprised of letter and symbol, and wherein said letter comprises capitalization English letter and small letter English alphabet;
Described matrix pin is comprised of numeral.
Preferably, in described step S3, Website server provides a dynamic password matrix in real time according to user ID, and wherein the create-rule of password matrix is:
(1) the password matrix adopts the display mode of letter, ten numerals of the corresponding 0-9 of symbol, a numeral among the random corresponding 0-9 of each letter or symbol; The dynamic password matrix will comprise 26 capitalizations and 26 lowercases (totally 52 characters) at least, adds symbol commonly used, and polishing is doubly several characters of 10;
(2) Website server records the password matrix information according to user ID, if there is no password matrix record under user's catalogue, generate the password matrix of the corresponding numeral of character according to random algorithm, hypothesis matrix has n character, the corresponding same numeral of average every n/10 character;
(3) if there is user's password matrix record in Website server, Website server is searched the record of last password matrix, have n/20 character to randomly draw from the corresponding character of last time record in n/10 character of each numeral correspondence of this submatrix, n/20 character randomly drawed in addition; The password matrix record corresponding when user ID surpasses n/10 time, empties record, adopts rule (2) to generate the dynamic password matrix.
Preferably, described random algorithm is by one or more realizations in linear congruence algorithm, BBS pseudorandom number generator and ANSIX9.17 pseudorandom number generator.
Preferably, described step S3, when the user logins, Website server provides a dynamic password matrix in real time according to user ID, specifically comprises the following steps:
S3.1, when the user logins, the user inputs user ID, and to Website server acquisition request password matrix, enters step S3.2;
S3.2, Website server receive the request that the user obtains the password matrix, check the password matrix record that this user ID is corresponding, if there is no record, enter step S3.3; If corresponding password matrix record is arranged, enters step S3.4;
S3.3, Website server generate the password matrix at random according to dynamic password matrix create-rule (2), and newly-generated password matrix is passed to the user;
S3.4, Website server generate the password matrix according to dynamic password matrix rule (3), and newly-generated password matrix are passed to the user.
Preferably, described newly-generated password matrix is passed to the user, refer to that specifically website service passes to the user by the SSL mode with newly-generated password matrix.
Preferably, described step S4, user search the password matrix according to the password password, obtain corresponding matrix pin, and the input matrix password is logined, and specifically refers to:
The user is according to the password password, search the password password in the password matrix that Website server provides in numeral corresponding to each character, obtain a matrix pin that is formed by numeral, the input matrix password is logined.
Preferably, described step S5, Website server carry out authentication according to user ID and matrix pin to the user, specifically comprise the following steps:
The dynamic password matrix that S5.1, Website server are searched the user cipher password and this time generated according to user ID enters step S5.2;
S5.2, Website server are searched numeral corresponding to each character in user's password password in the password matrix, draw corresponding numeric string, enter step S5.3;
S5.3, Website server are compared the matrix pin of numeric string and user's input, if the same by checking, on the contrary can not be by checking.
Compared with prior art, the present invention has following beneficial effect:
The first, dynamic: the present invention takes to provide password contrast matrix to provide dynamic password to user's mode by server in entry stage, the password matrix is to generate by certain principle is random, the password of each login is all different, solved well static password easily by wooden horse steal, the problem such as network monitoring obtains.
The second, real-time: the user enters entry stage at every turn, server all provides a dynamic password contrast matrix in real time, and the user searches the password matrix according to the password of oneself and obtains password, and the password matrix provides in real time, before login, the user does not know login password, has greatly improved fail safe.
What three, solved that the conventional cipher system brings can't carry out the problem of authentication because forgetting Password.During login, server can provide dynamic password contrast matrix in real time, and the user only needs to search matrix according to the simple challenge that oneself arranges can draw login password, and need not to remember to have solved the problem that forgets Password by complicated password.
Four, safe: dynamic password contrast matrix is generated in user's entry stage in real time by server, and take server to record the mode of password matrix information according to user ID, if do not have password matrix record to adopt the random generator matrix of certain random algorithm, if password matrix record last time is arranged, there is half character to randomly draw from the corresponding character of last time record in n/10 character of each numeral correspondence of matrix, half character is randomly drawed in addition, effective like this threat that has prevented that known plain text attack and network monitoring from calculating password.
Five, convenience: the user does not need to remember complicated password, does not need to carry hardware device yet, only need to remember that the own simple password password of setting just can search dynamic password and contrast matrix and draw login password, and is very convenient.
Description of drawings
Fig. 1 is the workflow diagram of a kind of strong authentication method based on multimode mapping of the present invention;
Fig. 2 is the workflow diagram of a kind of strong authentication method based on multimode mapping in embodiment one.
Embodiment
Below in conjunction with embodiment and accompanying drawing, the present invention is described in further detail, but embodiments of the present invention are not limited to this.
Embodiment one
A kind of strong authentication method based on the multimode mapping as shown in Figure 2, comprises the following steps:
S1, user arrange a password password under safe condition, safe condition can be by arranging escape way, SSL or adopting other cipher modes to realize, the password password can be comprised of some symbols of upper and lower case letter and regulation (considers safety problem, password length should be greater than 6 characters), enter step S2;
S2, Website server enter step S3 according to user ID recording user password password (for example the user ID of user A is UserA, and server is just preserved the password password of user A under the catalogue of UserA);
S3, user input user ID, and to Website server acquisition request password matrix, enter step S4 when login;
S4, Website server receive the request that the user obtains the password matrix, check the password matrix record that this user ID is corresponding, if there is no record, enter step S5; If corresponding password matrix record is arranged, enters step S6;
S5, server are passed to the user according to the password matrix that random algorithm generates the corresponding numeral of character, the password matrix is got 60 characters, comprising 26 capitalizations and 26 lowercases, and 8 conventional signs, numeral between the random corresponding 0-9 of each character, the corresponding same numeral of average every 6 characters enters step S7;
The record of S6, the last password matrix of whois lookup, according to last password matrix record, generate this submatrix, there are 3 characters to randomly draw from the corresponding character of last time record in 6 characters of each numeral correspondence of matrix, other 3 characters are randomly drawed, and enter step S7;
S7, server also are sent to the user to the password matrix according to the password matrix that the user ID record this time generates, and enter step S8;
S8, server check that password matrix corresponding to user ID records number, if surpass 6 password matrix records, empty record, do not surpass 6 records, enter step S9;
S9, user search the numeral corresponding to each character of password according to the password password in the dynamic password matrix that server provides, obtain the string number password, and the input numerical ciphers is logined, and enters step S10;
The dynamic password matrix that S10, server are searched the user cipher password and this time generated according to user ID, draw numeric string according to user cipher password and password matrix correspondence, the numerical ciphers of numeric string and user's input is compared, if the same by checking, on the contrary can not be by checking.
In above-mentioned steps S5 and step S6, described password matrix, it is the display mode that adopts letter, ten numerals of the corresponding 0-9 of symbol, a numeral among the random corresponding 0-9 of each letter or symbol, get 60 characters according to fail safe and ease for use principle herein, wherein comprise 26 capitalizations and 26 lowercases and 8 conventional signs.
In step S6, server generates the password matrix according to the record of last password matrix, because if the identical number of characters that submatrix caught up with in each digital 6 corresponding character is more at every turn, more easily be subject to network monitoring and calculate the threat of password, and the each identical character of 6 characters corresponding to each numeral is fewer, more easily suffer known plain text attack, so it is next corresponding to take have 3 characters to randomly draw from the corresponding character of last time record in 6 characters corresponding to each numeral of matrix, other 3 strategies that character is randomly drawed.
The form of dynamic password contrast matrix in the present embodiment one is shown in Table 1:
● the character of password matrix: get 60 characters according to fail safe and ease for use principle, wherein comprise 26 capitalizations and 26 lowercases and 8 conventional signs, the user arranges the password password and will choose from these 60 characters, can not choose non-existent character in the password matrix.
● the corresponding relation of the character of password matrix and numeral: a numeral among the random corresponding 0-9 of each character in the password matrix, distribute the same numeral of average every 6 characters correspondence according to random algorithm.
Above-described embodiment is the better execution mode of the present invention; but embodiments of the present invention are not limited by the examples; other any do not deviate from change, the modification done under Spirit Essence of the present invention and principle, substitutes, combination, simplify; all should be the substitute mode of equivalence, within being included in protection scope of the present invention.
Claims (6)
1. the strong authentication method based on the multimode mapping, is characterized in that, comprises the following steps:
S1, user arrange a password password under safe condition;
S2, Website server are recorded password password respective user ID;
S3, when the user logins, Website server provides a dynamic password matrix in real time according to user ID;
S4, user search the password matrix according to the password password, obtain corresponding matrix pin, and the input matrix password is logined;
S5, Website server carry out authentication according to user ID and matrix pin to the user;
Described step S1 safe condition is by arranging escape way, SSL realization;
Described step S2 password password is comprised of letter and symbol, and wherein said letter comprises capitalization English letter and small letter English alphabet;
Described step S4 matrix pin is comprised of numeral;
In described step S3, Website server provides a dynamic password matrix in real time according to user ID, and wherein the create-rule of password matrix is:
(1) the password matrix adopts the display mode of letter, ten numerals of the corresponding 0-9 of symbol, a numeral among the random corresponding 0-9 of each letter or symbol; The dynamic password matrix comprises 26 capitalizations and 26 lowercases at least, adds symbol commonly used, and polishing is doubly several characters of 10;
(2) Website server records the password matrix information according to user ID, if there is no password matrix record under user's catalogue, generate the password matrix of the corresponding numeral of character according to random algorithm, hypothesis matrix has n character, the corresponding same numeral of average every n/10 character;
(3) if there is user's password matrix record in Website server, Website server is searched the record of last password matrix, have n/20 character to randomly draw from the corresponding character of last time record in n/10 character of each numeral correspondence of this submatrix, n/20 character randomly drawed in addition; The password matrix record corresponding when user ID surpasses n/10 time, empties record, adopts rule (2) to generate the dynamic password matrix.
2. a kind of strong authentication method based on multimode mapping according to claim 1, it is characterized in that, described random algorithm is by one or more realizations in linear congruence algorithm, BBS pseudorandom number generator and ANSI X9.17 pseudorandom number generator.
3. a kind of strong authentication method based on multimode mapping according to claim 1, is characterized in that, described step S3, when the user logins, and Website server provides a dynamic password matrix in real time according to user ID, specifically comprises the following steps:
S3.1, when the user logins, the user inputs user ID, and to Website server acquisition request password matrix;
S3.2, Website server receive the request that the user obtains the password matrix, check the password matrix record that this user ID is corresponding, if there is no record, enter step S3.3; If corresponding password matrix record is arranged, enters step S3.4;
S3.3, Website server generate the password matrix at random according to dynamic password matrix create-rule (2), and newly-generated password matrix is passed to the user;
S3.4, Website server generate the password matrix according to dynamic password matrix rule (3), and newly-generated password matrix are passed to the user.
4. a kind of strong authentication method based on multimode mapping according to claim 3, is characterized in that, described newly-generated password matrix passed to the user, refers to that specifically website service passes to the user by the SSL mode with newly-generated password matrix.
5. a kind of strong authentication method based on multimode mapping according to claim 3, is characterized in that, described step S4, user search the password matrix according to the password password, obtain corresponding matrix pin, and the input matrix password is logined, and specifically refers to:
The user is according to the password password, search the password password in the password matrix that Website server provides in numeral corresponding to each character, obtain a matrix pin that is formed by numeral, the input matrix password is logined.
6. a kind of strong authentication method based on multimode mapping according to claim 5, is characterized in that, described step S5, Website server carry out authentication according to user ID and matrix pin to the user, specifically comprise the following steps:
The dynamic password matrix that S5.1, Website server are searched the user cipher password and this time generated according to user ID;
S5.2, Website server are searched numeral corresponding to each character in user's password password in the password matrix, draw corresponding numeric string;
S5.3, Website server are compared the matrix pin of numeric string and user's input, if the same by checking, on the contrary can not be by checking.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010295652 CN101964792B (en) | 2010-09-27 | 2010-09-27 | Multimode mapping based strong authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010295652 CN101964792B (en) | 2010-09-27 | 2010-09-27 | Multimode mapping based strong authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101964792A CN101964792A (en) | 2011-02-02 |
| CN101964792B true CN101964792B (en) | 2013-06-12 |
Family
ID=43517525
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010295652 Expired - Fee Related CN101964792B (en) | 2010-09-27 | 2010-09-27 | Multimode mapping based strong authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101964792B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102202067B (en) * | 2011-07-15 | 2016-06-08 | 席勇良 | Dynamic random cipher registration method |
| CN103297391A (en) * | 2012-02-27 | 2013-09-11 | 成都谛听科技有限公司 | Graphical dynamic password inputting and verifying method |
| CN102984260A (en) * | 2012-11-29 | 2013-03-20 | 胡浩 | Internet account number and password information management method and system |
| CN108462571B (en) * | 2017-02-20 | 2020-10-02 | 申彦伦 | Method for generating encrypted password by using dynamic number |
| CN114467283B (en) * | 2021-11-24 | 2024-02-09 | 百果园技术(新加坡)有限公司 | Identity authentication method, device, terminal, storage medium and program product |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101316166A (en) * | 2008-07-07 | 2008-12-03 | 张寄望 | Dynamic password identity authentication method based on accidental character set |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8117458B2 (en) * | 2006-05-24 | 2012-02-14 | Vidoop Llc | Methods and systems for graphical image authentication |
-
2010
- 2010-09-27 CN CN 201010295652 patent/CN101964792B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101316166A (en) * | 2008-07-07 | 2008-12-03 | 张寄望 | Dynamic password identity authentication method based on accidental character set |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101964792A (en) | 2011-02-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Tian et al. | Needle in a haystack: Tracking down elite phishing domains in the wild | |
| US9379896B1 (en) | Compromised password mitigation | |
| ES2741513T3 (en) | Software based multi-channel polymorphic data obfuscation | |
| Zhang-Kennedy et al. | Revisiting password rules: facilitating human management of passwords | |
| US20150143483A1 (en) | Device and Method for Identity Authentication Management | |
| Chanda | Password security: an analysis of password strengths and vulnerabilities | |
| US20080168546A1 (en) | Randomized images collection method enabling a user means for entering data from an insecure client-computing device to a server-computing device | |
| CN101964792B (en) | Multimode mapping based strong authentication method | |
| AlFayyadh et al. | Improving usability of password management with standardized password policies | |
| CN101064602A (en) | Cipher inputting method and system | |
| Li et al. | Email as a master key: Analyzing account recovery in the wild | |
| CN103685149B (en) | The method and apparatus for handling the password of game server | |
| US20110083172A1 (en) | Increase entropy of user-chosen passwords via data management | |
| Jadhao et al. | Survey on authentication password techniques | |
| Pagar et al. | Strengthening password security through honeyword and Honeyencryption technique | |
| CN102164137A (en) | Strong authentication method based on dynamic mapping password | |
| RU2724713C1 (en) | System and method of changing account password in case of threatening unauthorized access to user data | |
| Mirian | Hack for Hire: Investigating the emerging black market of retail email account hacking services | |
| Murugavalli et al. | Enhancing security against hard AI problems in user authentication using CAPTCHA as graphical passwords | |
| Mannuela et al. | Level of password vulnerability | |
| Bindu | Secure usable authentication using strong pass text passwords | |
| Joshi et al. | Authentication Using Text and Graphical Password | |
| AU2011100338A4 (en) | Method and /or device for managing authentication data | |
| Chithra et al. | Pristine PixCaptcha as graphical password for secure eBanking using Gaussian elimination and cleaves algorithm | |
| Imamaliyev et al. | Analysis password-based authentication systems with password policy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130612 Termination date: 20200927 |