CN102164137A - Strong authentication method based on dynamic mapping password - Google Patents
Strong authentication method based on dynamic mapping password Download PDFInfo
- Publication number
- CN102164137A CN102164137A CN2011100957565A CN201110095756A CN102164137A CN 102164137 A CN102164137 A CN 102164137A CN 2011100957565 A CN2011100957565 A CN 2011100957565A CN 201110095756 A CN201110095756 A CN 201110095756A CN 102164137 A CN102164137 A CN 102164137A
- Authority
- CN
- China
- Prior art keywords
- password
- matrix
- user
- website server
- identifying code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 238000013507 mapping Methods 0.000 title claims abstract description 16
- 239000011159 matrix material Substances 0.000 claims abstract description 108
- 238000012795 verification Methods 0.000 claims abstract description 26
- 230000008676 import Effects 0.000 claims description 4
- 238000005498 polishing Methods 0.000 claims description 3
- 235000014510 cooky Nutrition 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 235000021472 generally recognized as safe Nutrition 0.000 description 1
- 238000003973 irrigation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 208000008918 voyeurism Diseases 0.000 description 1
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
本发明公开了一种基于动态映射口令的强验证方法,包括以下步骤:S1、用户在安全状态下设置用户认证账号密码和验证码口令;S2、网站服务器将账号密码和验证码口令对应用户认证账号记录下来;S3、在用户登录时,网站服务器根据用户认证账号实时给出一个验证码动态的口令矩阵;S4、用户根据验证码口令查找口令矩阵,得到对应的矩阵验证码,输入矩阵验证码进行验证;S5、网站服务器根据用户认证账号密码和矩阵验证码对用户进行登录验证。本发明具有动态、实时、强安全等优点,并很好地解决了采用网络窃听和使用过期Cookie进行验证的问题。
The invention discloses a strong verification method based on dynamic mapping passwords, which includes the following steps: S1, the user sets the user authentication account password and verification code password in a safe state; S2, the website server authenticates the account password and verification code password corresponding to the user The account number is recorded; S3. When the user logs in, the website server provides a dynamic password matrix of the verification code in real time according to the user authentication account; S4. The user searches the password matrix according to the verification code password, obtains the corresponding matrix verification code, and enters the matrix verification code Verifying; S5. The website server performs login verification on the user according to the user authentication account password and the matrix verification code. The invention has the advantages of dynamic, real-time, strong security, etc., and well solves the problems of using network eavesdropping and using expired cookies for verification.
Description
Technical field
The present invention relates to field of computer information security, particularly a kind of strong authentication method based on dynamic mapping password.
Background technology
Along with the popularization of computer science and information network technique, and the applications of computer network is universal day by day, and people's life more and more depends on computer network.People enjoy that computer network system provides simultaneously easily, also be faced with the risk of various information securities, as account number cipher be stolen, leakage of personal information, website be subjected to malicious attack, the leakage of site information data etc.The cipher authentication system is the basic mode that is used for authenticating user identification on the computer network.Be to ensure the safety of cipher authentication system, prevent that the user from utilizing that robot registers automatically, login automatically, auto-irrigation or obtain account number cipher by the Brute Force mode, the identifying code technology has all been adopted in many websites.That is, the user also needs additionally to import a string identifying code except using account number cipher.The string number or the symbol that will produce at random normally by web station system, generate a width of cloth and add the identifying code picture that disturbs pixel, by the user by naked eyes identification verification code information wherein, and submit to the website to verify in the input list, thisly can enter web station system by the authentication of website or use a certain function after additionally being proved to be successful, thereby strengthen the anti-attack ability of website, prevent that effectively the registered user from constantly landing trial with specific program Brute Force mode.The Web bank of at present a lot of large-scale websites such as industrial and commercial bank, community of Tengxun etc. have all adopted the identifying code technology.
But regrettably the identifying code of a lot of websites realizes that problem is all arranged, and the assailant still can attack web station system.Directly provide with among identifying code webpage and the Cookie such as some website, the assailant can read directly that Cookie cracks or can use expired Cookie method to use a Cookie who had been used and identifying code by force.
Summary of the invention
The objective of the invention is to overcome above-mentioned shortcoming and defect, provide a kind of and have dynamically, in real time, the strong authentication method based on dynamic mapping password of strong safety, be the method that is used for the identifying code of the reinforcement number of the account authentication and website verified.
The objective of the invention is to realize by following technical method:
A kind of strong authentication method based on dynamic mapping password may further comprise the steps:
S1, user are provided with authentification of user account number cipher and identifying code password under safe condition, enter step S2:
S2, Website server are noted account number cipher and identifying code password respective user authentication number of the account, enter step S3;
S3, when the user logins, Website server provides a dynamic password matrix of identifying code in real time according to the authentification of user number of the account, enters step S4;
S4, user search the password matrix according to the identifying code password, obtain corresponding matrix verification sign indicating number, and the input matrix identifying code is verified, enters step S5;
S5, Website server carry out login authentication according to authentification of user account number cipher and matrix verification sign indicating number to the user.
To better implement the present invention, described safe condition is realized by escape way, SSL or other cipher modes are set;
The dynamic password matrix that is generated is realized by adding the identifying code picture that disturbs pixel.
Described identifying code password is made up of letter and symbol, and wherein said letter comprises capitalization English letter and small letter English alphabet;
Described matrix verification sign indicating number is made up of numeral.
When described strong authentication method based on dynamic mapping password matrix was used for the account number cipher authentication simultaneously, the login authentication protection was stronger.
Preferably, Website server provides a dynamic password matrix in real time according to the authentification of user number of the account among the described step S3, wherein the create-rule of password matrix is: the password matrix adopts the display mode of letter, ten numerals of the corresponding 0-9 of symbol, a numeral among the corresponding at random 0-9 of each letter or symbol; The dynamic password matrix will comprise 26 capitalizations and 26 lowercases (totally 52 characters) at least, adds symbol commonly used, and polishing is a multiple character of 10; Website server generates the corresponding digital password matrix of character according to random algorithm, and hypothesis matrix has n character, then average every n/10 the corresponding same numeral of character.
Preferably, described random algorithm is by one or more realizations in linear congruence algorithm, BBS pseudorandom number generator and the ANSI X9.17 pseudorandom number generator.
Preferably, described step S3, when the user logins, Website server provides a dynamic password matrix in real time according to the authentification of user number of the account, specifically may further comprise the steps:
S3.1, when the user logins, the user imports the authentification of user number of the account, and to Website server acquisition request password matrix, enters step S3.2;
S3.2, Website server generate the password matrix at random according to dynamic password matrix create-rule, and newly-generated password matrix is passed to the user;
Preferably, described newly-generated password matrix is passed to the user, be meant that specifically website service passes to the user by the SSL mode with newly-generated password matrix.
Preferably, described step S4, user search the password matrix according to the identifying code password, obtain corresponding matrix verification sign indicating number, and the input matrix identifying code is logined, and specifically is meant:
The user searches the numeral of each character correspondence in the identifying code password according to the identifying code password in the password matrix that Website server provides, obtain a matrix verification sign indicating number of being made up of numeral, and the checking that the input matrix identifying code is logined is strengthened.
Preferably, described step S5, Website server carry out authentication according to authentification of user account number cipher and matrix verification sign indicating number to the user, specifically may further comprise the steps:
The dynamic password matrix that S5.1, Website server are searched user rs authentication sign indicating number password and this time generated according to the authentification of user number of the account enters step S5.2;
S5.2, Website server are searched the numeral of each character correspondence in user's the identifying code password in the password matrix, draw corresponding numeric string, enter step S5.3;
S5.3, Website server compare the matrix verification sign indicating number of numeric string and user's input, if identical then by checking, on the contrary then can not be by checking.By authenticating the user account password after the checking.
Compared with prior art, the present invention has following beneficial effect:
The first, dynamic: the present invention takes to provide password contrast matrix to provide dynamic password to user's mode by server in entry stage, the password matrix is to generate at random by certain principle, the identifying code password of each login is all different, has solved the problem that adopts network interception and use expired Cookie to attack well.
The second, real-time: the user enters entry stage at every turn, server all provides a dynamic password contrast matrix in real time, the user searches the password matrix according to the password of oneself and is verified a yard password, and the password matrix is to provide at random in real time, has improved fail safe greatly.
Three, strong security: dynamic password contrast matrix is generated in user's entry stage in real time by server, server adopts certain random algorithm generator matrix at random according to authentification of user account number cipher and identifying code recorded information, n/10 the corresponding character of each numeral of matrix then, effective like this threat that has prevented that known plain text attack and network abduction from bringing.
Description of drawings
Fig. 1 is the workflow diagram of a kind of strong authentication method based on dynamic mapping password of the present invention;
Fig. 2 is the workflow diagram of a kind of strong authentication method based on dynamic mapping password among the embodiment one.
Embodiment
Below in conjunction with embodiment and accompanying drawing, the present invention is described in further detail, but embodiments of the present invention are not limited thereto.
Embodiment one
As shown in Figure 1 and Figure 2, the present invention is based on the strong authentication method of dynamic mapping password, realize by following steps:
S1, user are provided with authentification of user account number cipher and identifying code password under safe condition;
S2, Website server are noted account number cipher and identifying code password respective user authentication number of the account;
S3, when the user logins, Website server provides a dynamic password matrix of identifying code in real time according to the authentification of user number of the account;
S4, user search the password matrix according to the identifying code password, obtain corresponding matrix verification sign indicating number, and the input matrix identifying code is verified;
S5, Website server carry out login authentication according to authentification of user account number cipher and matrix verification sign indicating number to the user.
Described step S1 safe condition is by being provided with escape way, SSL realization; The identifying code password can be made of (consider safety problem, password length should greater than 6 characters) some symbols of upper and lower case letter and regulation.
Described step S2 identifying code password is made up of letter and symbol, and wherein said letter comprises capitalization English letter and small letter English alphabet; (for example the authentification of user number of the account of user A is UserA, and then server is just preserved authentication password and the identifying code password of user A under the catalogue of UserA).
Described step S4 matrix pin is made up of numeral.
Website server provides a dynamic password matrix in real time according to the authentification of user account number cipher among the described step S3, wherein the create-rule of password matrix is: the password matrix adopts the display mode of letter, ten numerals of the corresponding 0-9 of symbol, a numeral among the corresponding at random 0-9 of each letter or symbol; The dynamic password matrix will comprise 26 capitalizations and 26 lowercases (totally 52 characters) at least, adds symbol commonly used, and polishing is a multiple character of 10; Website server generates the corresponding digital password matrix of character according to random algorithm, and hypothesis matrix has n character, then average every n/10 the corresponding same numeral of character.
Described random algorithm is by one or more realizations in linear congruence algorithm, BBS pseudorandom number generator and the ANSI X9.17 pseudorandom number generator.
Described step S3, when the user logins, Website server provides a dynamic password matrix in real time according to the user account password, specifically may further comprise the steps:
S3.1, when the user logins, the user imports the authentification of user number of the account, and to Website server acquisition request password matrix;
S3.2, Website server generate the password matrix at random according to dynamic password matrix create-rule, and newly-generated password matrix is passed to the user;
Described newly-generated password matrix is passed to the user, be meant that specifically website service passes to the user by the SSL mode with newly-generated password matrix.
Described step S4, user search the password matrix according to the identifying code password, obtain corresponding matrix pin, and the input matrix password is logined, and specifically is meant:
The user searches the numeral of each character correspondence in the identifying code password according to the identifying code password in the password matrix that Website server provides, obtain a matrix verification sign indicating number sign indicating number of being made up of numeral, and input matrix identifying code sign indicating number is logined.
Described step S5, Website server carry out authentication according to authentification of user account number cipher and matrix pin to the user, specifically may further comprise the steps:
The dynamic password matrix that S5.1, Website server are searched user rs authentication sign indicating number password and this time generated according to the authentification of user number of the account;
S5.2, Website server are searched the numeral of each character correspondence in user's the identifying code password in the password matrix, draw corresponding numeric string;
S5.3, Website server compare the matrix verification sign indicating number of numeric string and user's input, if identical then by checking, on the contrary then can not be by checking.By verifying that the back authenticates the user account password.
Above-mentioned password matrix, it is the display mode that adopts letter, ten numerals of the corresponding 0-9 of symbol, a numeral among the corresponding at random 0-9 of each letter or symbol, get 60 characters according to fail safe and ease for use principle herein, wherein comprise 26 capitalizations and 26 lowercases and 8 conventional signs.
The form of dynamic password matrix is as follows, is shown in Table 1:
Table 1
The character of password matrix: get 60 characters according to fail safe and ease for use principle, wherein comprise 26 capitalizations and 26 lowercases and 8 conventional signs, the user is provided with the identifying code password and will chooses from these 60 characters, can not choose non-existent character in the password matrix.
The character of password matrix and digital corresponding relation: a numeral among the corresponding at random 0-9 of each character in the password matrix, distribute the corresponding same numeral of average per 6 characters according to random algorithm.
The user inputs the principle of password and identifying code: under the situation of Generally Recognized as safe, the user should avoid twice input password under same environment, in case the person of peeping compares twice input.
The foregoing description is a preferred implementation of the present invention; but embodiments of the present invention are not limited by the examples; other any do not deviate from change, the modification done under spirit of the present invention and the principle, substitutes, combination, simplify; all should be the substitute mode of equivalence, be included within protection scope of the present invention.
Claims (6)
1. the strong authentication method based on dynamic mapping password is characterized in that, may further comprise the steps:
S1, user are provided with authentification of user account number cipher and identifying code password under safe condition;
S2, Website server are noted account number cipher and identifying code password respective user authentication number of the account;
S3, when the user logins, Website server provides a dynamic password matrix of identifying code in real time according to the authentification of user number of the account;
S4, user search the password matrix according to the identifying code password, obtain corresponding matrix verification sign indicating number, and the input matrix identifying code is verified;
S5, Website server carry out login authentication according to authentification of user account number cipher and matrix verification sign indicating number to the user.
Described step S1 safe condition is by being provided with escape way, SSL realization;
Described step S2 identifying code password is made up of letter and symbol, and wherein said letter comprises capitalization English letter and small letter English alphabet;
Described step S4 matrix pin is made up of numeral.
Website server provides a dynamic password matrix in real time according to the authentification of user account number cipher among the described step S3, wherein the create-rule of password matrix is: the password matrix adopts the display mode of letter, corresponding 0~90 numeral of symbol, and each letter or symbol be a numeral among corresponding 0~9 at random; The dynamic password matrix will comprise 26 capitalizations and 26 lowercases at least, adds symbol commonly used, and polishing is a multiple character of 10; Website server generates the corresponding digital password matrix of character according to random algorithm, if matrix has n character, and then average every n/10 the corresponding same numeral of character.
2. according to the described a kind of strong authentication method of claim 1 based on dynamic mapping password, it is characterized in that described random algorithm is by one or more realizations in linear congruence algorithm, BBS pseudorandom number generator and the ANSI X9.17 pseudorandom number generator.
3. according to claim 1 or 2 described a kind of strong authentication methods based on dynamic mapping password, it is characterized in that, described step S3, when the user logins, Website server provides a dynamic password matrix in real time according to the user account password, specifically may further comprise the steps:
S3.1, when the user logins, the user imports the authentification of user number of the account, and to Website server acquisition request password matrix;
S3.2, Website server generate the password matrix at random according to dynamic password matrix create-rule, and newly-generated password matrix is passed to the user;
4. according to the described a kind of strong authentication method of claim 3, it is characterized in that, described newly-generated password matrix is passed to the user, be meant that specifically website service passes to the user by the SSL mode with newly-generated password matrix based on dynamic mapping password.
5. according to the described a kind of strong authentication method based on dynamic mapping password of claim 3, it is characterized in that described step S4, user search the password matrix according to the identifying code password, obtain corresponding matrix pin, the input matrix password is logined, and specifically is meant:
The user searches the numeral of each character correspondence in the identifying code password according to the identifying code password in the password matrix that Website server provides, obtain a matrix verification sign indicating number sign indicating number of being made up of numeral, and input matrix identifying code sign indicating number is logined.
6. according to the described a kind of strong authentication method of claim 3, it is characterized in that described step S5, Website server carry out authentication according to authentification of user account number cipher and matrix pin to the user, specifically may further comprise the steps based on dynamic mapping password:
The dynamic password matrix that S5.1, Website server are searched user rs authentication sign indicating number password and this time generated according to the authentification of user number of the account;
S5.2, Website server are searched the numeral of each character correspondence in user's the identifying code password in the password matrix, draw corresponding numeric string;
S5.3, Website server compare the matrix verification sign indicating number of numeric string and user's input, if identical then by checking, on the contrary then can not be by checking.By verifying that the back authenticates the user account password.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100957565A CN102164137A (en) | 2011-04-15 | 2011-04-15 | Strong authentication method based on dynamic mapping password |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100957565A CN102164137A (en) | 2011-04-15 | 2011-04-15 | Strong authentication method based on dynamic mapping password |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102164137A true CN102164137A (en) | 2011-08-24 |
Family
ID=44465111
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100957565A Pending CN102164137A (en) | 2011-04-15 | 2011-04-15 | Strong authentication method based on dynamic mapping password |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102164137A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102984260A (en) * | 2012-11-29 | 2013-03-20 | 胡浩 | Internet account number and password information management method and system |
| CN103825892A (en) * | 2014-02-19 | 2014-05-28 | 广州市自来水公司 | Safe data verification and transmission method and system |
| CN104660549A (en) * | 2013-11-19 | 2015-05-27 | 深圳市腾讯计算机系统有限公司 | Identity verification method and device |
| CN107371161A (en) * | 2017-08-31 | 2017-11-21 | 李同波 | A kind of 5G network security certifications cut-in method |
| CN109214164A (en) * | 2018-09-07 | 2019-01-15 | 河北地质大学 | Computer communication security login method Internet-based and system |
| CN112685725A (en) * | 2020-12-30 | 2021-04-20 | 上海掌门科技有限公司 | Security verification method and device |
| CN114120457A (en) * | 2021-09-07 | 2022-03-01 | 重庆畅停智慧停车服务有限公司 | Parking self-service payment method and vehicle query method based on mobile phone terminal |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080244700A1 (en) * | 2006-05-24 | 2008-10-02 | Osborn Steven L | Methods and systems for graphical image authentication |
| CN101316166A (en) * | 2008-07-07 | 2008-12-03 | 张寄望 | Dynamic password identity authentication method based on accidental character set |
-
2011
- 2011-04-15 CN CN2011100957565A patent/CN102164137A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080244700A1 (en) * | 2006-05-24 | 2008-10-02 | Osborn Steven L | Methods and systems for graphical image authentication |
| CN101316166A (en) * | 2008-07-07 | 2008-12-03 | 张寄望 | Dynamic password identity authentication method based on accidental character set |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102984260A (en) * | 2012-11-29 | 2013-03-20 | 胡浩 | Internet account number and password information management method and system |
| CN104660549A (en) * | 2013-11-19 | 2015-05-27 | 深圳市腾讯计算机系统有限公司 | Identity verification method and device |
| CN104660549B (en) * | 2013-11-19 | 2017-12-15 | 深圳市腾讯计算机系统有限公司 | Auth method and device |
| US10305889B2 (en) | 2013-11-19 | 2019-05-28 | Tencent Technology (Shenzhen) Company Limited | Identity authentication method and device and storage medium |
| CN103825892A (en) * | 2014-02-19 | 2014-05-28 | 广州市自来水公司 | Safe data verification and transmission method and system |
| CN107371161A (en) * | 2017-08-31 | 2017-11-21 | 李同波 | A kind of 5G network security certifications cut-in method |
| CN107371161B (en) * | 2017-08-31 | 2020-03-24 | 李同波 | 5G network security authentication access method |
| CN109214164A (en) * | 2018-09-07 | 2019-01-15 | 河北地质大学 | Computer communication security login method Internet-based and system |
| CN112685725A (en) * | 2020-12-30 | 2021-04-20 | 上海掌门科技有限公司 | Security verification method and device |
| CN112685725B (en) * | 2020-12-30 | 2022-12-06 | 上海掌门科技有限公司 | Security verification method and device |
| CN114120457A (en) * | 2021-09-07 | 2022-03-01 | 重庆畅停智慧停车服务有限公司 | Parking self-service payment method and vehicle query method based on mobile phone terminal |
| CN114120457B (en) * | 2021-09-07 | 2024-05-14 | 重庆亿连信息科技有限公司 | Parking self-service payment method and vehicle inquiring method based on mobile phone end |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Mali et al. | Improved pin entry method to prevent shoulder surfing attacks | |
| CN102164137A (en) | Strong authentication method based on dynamic mapping password | |
| US8381272B1 (en) | Systems and methods for strengthening web credentials | |
| CN101064602A (en) | Cipher inputting method and system | |
| CN101964792B (en) | Multimode mapping based strong authentication method | |
| WO2015062441A1 (en) | Cgi web interface multi-session verification code generation and verification method | |
| CN101510875B (en) | A Method of Identity Authentication Based on N-Dimensional Sphere | |
| CN1716852B (en) | Formula cipher combined graph prompting interactive dynamic cipher checking mode | |
| Aldwairi et al. | Multi-factor authentication system | |
| Tan et al. | An evaluation study of user authentication in the malaysian fintech industry with uauth security analytics framework | |
| Chithra et al. | Pristine PixCaptcha as graphical password for secure eBanking using Gaussian elimination and cleaves algorithm | |
| CN104009851B (en) | A kind of bank net one-time pad two-way authentication secure log technology | |
| AU2011100338A4 (en) | Method and /or device for managing authentication data | |
| Joshi et al. | Authentication using text and graphical password | |
| Baseer et al. | Multi-Factor Authentication: A User Experience Study | |
| CN105391727A (en) | System login method based on mobile terminal | |
| Balayogi et al. | An approach for mitigating cognitive load in password management by integrating QR codes and steganography | |
| Rani et al. | A Novel Session Password Security Technique using Textual Color and Images | |
| Joshi | Session passwords using grids and colors for web applications and PDA | |
| Qbea’h et al. | Classification of Authentication Approaches to Stop the Next Breaking: Challenges, Benefits, Drawbacks, Awareness, and Recommendations | |
| CN108933669B (en) | Device of secondary password based on thing allies oneself with is synchronous | |
| Gunaseeli et al. | Graphical passwords implies on tolerance password, image choice, and puzzle login security | |
| Gohel et al. | Study of Cyber Security with Advance Concept of Digital Signature. | |
| Balilo Jr et al. | A comparative analysis and review of OTP grid authentication scheme: Development of new scheme | |
| Lin et al. | A tabular steganography scheme for graphical password authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110824 |