CN102164137A - Strong authentication method based on dynamic mapping password - Google Patents

Strong authentication method based on dynamic mapping password Download PDF

Info

Publication number
CN102164137A
CN102164137A CN2011100957565A CN201110095756A CN102164137A CN 102164137 A CN102164137 A CN 102164137A CN 2011100957565 A CN2011100957565 A CN 2011100957565A CN 201110095756 A CN201110095756 A CN 201110095756A CN 102164137 A CN102164137 A CN 102164137A
Authority
CN
China
Prior art keywords
password
matrix
user
website server
identifying code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011100957565A
Other languages
Chinese (zh)
Inventor
唐文军
许勇
张凌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Count Network Co Ltd Of Park In Guangzhou
South China University of Technology SCUT
Original Assignee
Count Network Co Ltd Of Park In Guangzhou
South China University of Technology SCUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Count Network Co Ltd Of Park In Guangzhou, South China University of Technology SCUT filed Critical Count Network Co Ltd Of Park In Guangzhou
Priority to CN2011100957565A priority Critical patent/CN102164137A/en
Publication of CN102164137A publication Critical patent/CN102164137A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a strong authentication method based on a dynamic mapping password, and the method comprises the following steps: S1) a user sets a user authenticated account password and an authentication code password in a safe state; S2) a website server records the account password and the authentication code password corresponding to a user authenticated account; S3) when the user logs in, the website server provides a dynamic password matrix of authentication code in real time according to the user authenticated account; S4) the user searches for the password matrix according to the authentication code password, acquires a corresponding matrix authentication code and inputs the matrix authentication code for authenticating; and S5) the website server authenticates the login of the user according to the user authenticated account password and the matrix authentication code. The method provided by the invention has the advantages of dynamic, real time, high security, and the like, and is used for preferably realizing authentification by utilizing the network bugging and overdue Cookie.

Description

A kind of strong authentication method based on dynamic mapping password
Technical field
The present invention relates to field of computer information security, particularly a kind of strong authentication method based on dynamic mapping password.
Background technology
Along with the popularization of computer science and information network technique, and the applications of computer network is universal day by day, and people's life more and more depends on computer network.People enjoy that computer network system provides simultaneously easily, also be faced with the risk of various information securities, as account number cipher be stolen, leakage of personal information, website be subjected to malicious attack, the leakage of site information data etc.The cipher authentication system is the basic mode that is used for authenticating user identification on the computer network.Be to ensure the safety of cipher authentication system, prevent that the user from utilizing that robot registers automatically, login automatically, auto-irrigation or obtain account number cipher by the Brute Force mode, the identifying code technology has all been adopted in many websites.That is, the user also needs additionally to import a string identifying code except using account number cipher.The string number or the symbol that will produce at random normally by web station system, generate a width of cloth and add the identifying code picture that disturbs pixel, by the user by naked eyes identification verification code information wherein, and submit to the website to verify in the input list, thisly can enter web station system by the authentication of website or use a certain function after additionally being proved to be successful, thereby strengthen the anti-attack ability of website, prevent that effectively the registered user from constantly landing trial with specific program Brute Force mode.The Web bank of at present a lot of large-scale websites such as industrial and commercial bank, community of Tengxun etc. have all adopted the identifying code technology.
But regrettably the identifying code of a lot of websites realizes that problem is all arranged, and the assailant still can attack web station system.Directly provide with among identifying code webpage and the Cookie such as some website, the assailant can read directly that Cookie cracks or can use expired Cookie method to use a Cookie who had been used and identifying code by force.
Summary of the invention
The objective of the invention is to overcome above-mentioned shortcoming and defect, provide a kind of and have dynamically, in real time, the strong authentication method based on dynamic mapping password of strong safety, be the method that is used for the identifying code of the reinforcement number of the account authentication and website verified.
The objective of the invention is to realize by following technical method:
A kind of strong authentication method based on dynamic mapping password may further comprise the steps:
S1, user are provided with authentification of user account number cipher and identifying code password under safe condition, enter step S2:
S2, Website server are noted account number cipher and identifying code password respective user authentication number of the account, enter step S3;
S3, when the user logins, Website server provides a dynamic password matrix of identifying code in real time according to the authentification of user number of the account, enters step S4;
S4, user search the password matrix according to the identifying code password, obtain corresponding matrix verification sign indicating number, and the input matrix identifying code is verified, enters step S5;
S5, Website server carry out login authentication according to authentification of user account number cipher and matrix verification sign indicating number to the user.
To better implement the present invention, described safe condition is realized by escape way, SSL or other cipher modes are set;
The dynamic password matrix that is generated is realized by adding the identifying code picture that disturbs pixel.
Described identifying code password is made up of letter and symbol, and wherein said letter comprises capitalization English letter and small letter English alphabet;
Described matrix verification sign indicating number is made up of numeral.
When described strong authentication method based on dynamic mapping password matrix was used for the account number cipher authentication simultaneously, the login authentication protection was stronger.
Preferably, Website server provides a dynamic password matrix in real time according to the authentification of user number of the account among the described step S3, wherein the create-rule of password matrix is: the password matrix adopts the display mode of letter, ten numerals of the corresponding 0-9 of symbol, a numeral among the corresponding at random 0-9 of each letter or symbol; The dynamic password matrix will comprise 26 capitalizations and 26 lowercases (totally 52 characters) at least, adds symbol commonly used, and polishing is a multiple character of 10; Website server generates the corresponding digital password matrix of character according to random algorithm, and hypothesis matrix has n character, then average every n/10 the corresponding same numeral of character.
Preferably, described random algorithm is by one or more realizations in linear congruence algorithm, BBS pseudorandom number generator and the ANSI X9.17 pseudorandom number generator.
Preferably, described step S3, when the user logins, Website server provides a dynamic password matrix in real time according to the authentification of user number of the account, specifically may further comprise the steps:
S3.1, when the user logins, the user imports the authentification of user number of the account, and to Website server acquisition request password matrix, enters step S3.2;
S3.2, Website server generate the password matrix at random according to dynamic password matrix create-rule, and newly-generated password matrix is passed to the user;
Preferably, described newly-generated password matrix is passed to the user, be meant that specifically website service passes to the user by the SSL mode with newly-generated password matrix.
Preferably, described step S4, user search the password matrix according to the identifying code password, obtain corresponding matrix verification sign indicating number, and the input matrix identifying code is logined, and specifically is meant:
The user searches the numeral of each character correspondence in the identifying code password according to the identifying code password in the password matrix that Website server provides, obtain a matrix verification sign indicating number of being made up of numeral, and the checking that the input matrix identifying code is logined is strengthened.
Preferably, described step S5, Website server carry out authentication according to authentification of user account number cipher and matrix verification sign indicating number to the user, specifically may further comprise the steps:
The dynamic password matrix that S5.1, Website server are searched user rs authentication sign indicating number password and this time generated according to the authentification of user number of the account enters step S5.2;
S5.2, Website server are searched the numeral of each character correspondence in user's the identifying code password in the password matrix, draw corresponding numeric string, enter step S5.3;
S5.3, Website server compare the matrix verification sign indicating number of numeric string and user's input, if identical then by checking, on the contrary then can not be by checking.By authenticating the user account password after the checking.
Compared with prior art, the present invention has following beneficial effect:
The first, dynamic: the present invention takes to provide password contrast matrix to provide dynamic password to user's mode by server in entry stage, the password matrix is to generate at random by certain principle, the identifying code password of each login is all different, has solved the problem that adopts network interception and use expired Cookie to attack well.
The second, real-time: the user enters entry stage at every turn, server all provides a dynamic password contrast matrix in real time, the user searches the password matrix according to the password of oneself and is verified a yard password, and the password matrix is to provide at random in real time, has improved fail safe greatly.
Three, strong security: dynamic password contrast matrix is generated in user's entry stage in real time by server, server adopts certain random algorithm generator matrix at random according to authentification of user account number cipher and identifying code recorded information, n/10 the corresponding character of each numeral of matrix then, effective like this threat that has prevented that known plain text attack and network abduction from bringing.
Description of drawings
Fig. 1 is the workflow diagram of a kind of strong authentication method based on dynamic mapping password of the present invention;
Fig. 2 is the workflow diagram of a kind of strong authentication method based on dynamic mapping password among the embodiment one.
Embodiment
Below in conjunction with embodiment and accompanying drawing, the present invention is described in further detail, but embodiments of the present invention are not limited thereto.
Embodiment one
As shown in Figure 1 and Figure 2, the present invention is based on the strong authentication method of dynamic mapping password, realize by following steps:
S1, user are provided with authentification of user account number cipher and identifying code password under safe condition;
S2, Website server are noted account number cipher and identifying code password respective user authentication number of the account;
S3, when the user logins, Website server provides a dynamic password matrix of identifying code in real time according to the authentification of user number of the account;
S4, user search the password matrix according to the identifying code password, obtain corresponding matrix verification sign indicating number, and the input matrix identifying code is verified;
S5, Website server carry out login authentication according to authentification of user account number cipher and matrix verification sign indicating number to the user.
Described step S1 safe condition is by being provided with escape way, SSL realization; The identifying code password can be made of (consider safety problem, password length should greater than 6 characters) some symbols of upper and lower case letter and regulation.
Described step S2 identifying code password is made up of letter and symbol, and wherein said letter comprises capitalization English letter and small letter English alphabet; (for example the authentification of user number of the account of user A is UserA, and then server is just preserved authentication password and the identifying code password of user A under the catalogue of UserA).
Described step S4 matrix pin is made up of numeral.
Website server provides a dynamic password matrix in real time according to the authentification of user account number cipher among the described step S3, wherein the create-rule of password matrix is: the password matrix adopts the display mode of letter, ten numerals of the corresponding 0-9 of symbol, a numeral among the corresponding at random 0-9 of each letter or symbol; The dynamic password matrix will comprise 26 capitalizations and 26 lowercases (totally 52 characters) at least, adds symbol commonly used, and polishing is a multiple character of 10; Website server generates the corresponding digital password matrix of character according to random algorithm, and hypothesis matrix has n character, then average every n/10 the corresponding same numeral of character.
Described random algorithm is by one or more realizations in linear congruence algorithm, BBS pseudorandom number generator and the ANSI X9.17 pseudorandom number generator.
Described step S3, when the user logins, Website server provides a dynamic password matrix in real time according to the user account password, specifically may further comprise the steps:
S3.1, when the user logins, the user imports the authentification of user number of the account, and to Website server acquisition request password matrix;
S3.2, Website server generate the password matrix at random according to dynamic password matrix create-rule, and newly-generated password matrix is passed to the user;
Described newly-generated password matrix is passed to the user, be meant that specifically website service passes to the user by the SSL mode with newly-generated password matrix.
Described step S4, user search the password matrix according to the identifying code password, obtain corresponding matrix pin, and the input matrix password is logined, and specifically is meant:
The user searches the numeral of each character correspondence in the identifying code password according to the identifying code password in the password matrix that Website server provides, obtain a matrix verification sign indicating number sign indicating number of being made up of numeral, and input matrix identifying code sign indicating number is logined.
Described step S5, Website server carry out authentication according to authentification of user account number cipher and matrix pin to the user, specifically may further comprise the steps:
The dynamic password matrix that S5.1, Website server are searched user rs authentication sign indicating number password and this time generated according to the authentification of user number of the account;
S5.2, Website server are searched the numeral of each character correspondence in user's the identifying code password in the password matrix, draw corresponding numeric string;
S5.3, Website server compare the matrix verification sign indicating number of numeric string and user's input, if identical then by checking, on the contrary then can not be by checking.By verifying that the back authenticates the user account password.
Above-mentioned password matrix, it is the display mode that adopts letter, ten numerals of the corresponding 0-9 of symbol, a numeral among the corresponding at random 0-9 of each letter or symbol, get 60 characters according to fail safe and ease for use principle herein, wherein comprise 26 capitalizations and 26 lowercases and 8 conventional signs.
The form of dynamic password matrix is as follows, is shown in Table 1:
Figure BDA0000055674700000061
Table 1
The character of password matrix: get 60 characters according to fail safe and ease for use principle, wherein comprise 26 capitalizations and 26 lowercases and 8 conventional signs, the user is provided with the identifying code password and will chooses from these 60 characters, can not choose non-existent character in the password matrix.
The character of password matrix and digital corresponding relation: a numeral among the corresponding at random 0-9 of each character in the password matrix, distribute the corresponding same numeral of average per 6 characters according to random algorithm.
The user inputs the principle of password and identifying code: under the situation of Generally Recognized as safe, the user should avoid twice input password under same environment, in case the person of peeping compares twice input.
The foregoing description is a preferred implementation of the present invention; but embodiments of the present invention are not limited by the examples; other any do not deviate from change, the modification done under spirit of the present invention and the principle, substitutes, combination, simplify; all should be the substitute mode of equivalence, be included within protection scope of the present invention.

Claims (6)

1. the strong authentication method based on dynamic mapping password is characterized in that, may further comprise the steps:
S1, user are provided with authentification of user account number cipher and identifying code password under safe condition;
S2, Website server are noted account number cipher and identifying code password respective user authentication number of the account;
S3, when the user logins, Website server provides a dynamic password matrix of identifying code in real time according to the authentification of user number of the account;
S4, user search the password matrix according to the identifying code password, obtain corresponding matrix verification sign indicating number, and the input matrix identifying code is verified;
S5, Website server carry out login authentication according to authentification of user account number cipher and matrix verification sign indicating number to the user.
Described step S1 safe condition is by being provided with escape way, SSL realization;
Described step S2 identifying code password is made up of letter and symbol, and wherein said letter comprises capitalization English letter and small letter English alphabet;
Described step S4 matrix pin is made up of numeral.
Website server provides a dynamic password matrix in real time according to the authentification of user account number cipher among the described step S3, wherein the create-rule of password matrix is: the password matrix adopts the display mode of letter, corresponding 0~90 numeral of symbol, and each letter or symbol be a numeral among corresponding 0~9 at random; The dynamic password matrix will comprise 26 capitalizations and 26 lowercases at least, adds symbol commonly used, and polishing is a multiple character of 10; Website server generates the corresponding digital password matrix of character according to random algorithm, if matrix has n character, and then average every n/10 the corresponding same numeral of character.
2. according to the described a kind of strong authentication method of claim 1 based on dynamic mapping password, it is characterized in that described random algorithm is by one or more realizations in linear congruence algorithm, BBS pseudorandom number generator and the ANSI X9.17 pseudorandom number generator.
3. according to claim 1 or 2 described a kind of strong authentication methods based on dynamic mapping password, it is characterized in that, described step S3, when the user logins, Website server provides a dynamic password matrix in real time according to the user account password, specifically may further comprise the steps:
S3.1, when the user logins, the user imports the authentification of user number of the account, and to Website server acquisition request password matrix;
S3.2, Website server generate the password matrix at random according to dynamic password matrix create-rule, and newly-generated password matrix is passed to the user;
4. according to the described a kind of strong authentication method of claim 3, it is characterized in that, described newly-generated password matrix is passed to the user, be meant that specifically website service passes to the user by the SSL mode with newly-generated password matrix based on dynamic mapping password.
5. according to the described a kind of strong authentication method based on dynamic mapping password of claim 3, it is characterized in that described step S4, user search the password matrix according to the identifying code password, obtain corresponding matrix pin, the input matrix password is logined, and specifically is meant:
The user searches the numeral of each character correspondence in the identifying code password according to the identifying code password in the password matrix that Website server provides, obtain a matrix verification sign indicating number sign indicating number of being made up of numeral, and input matrix identifying code sign indicating number is logined.
6. according to the described a kind of strong authentication method of claim 3, it is characterized in that described step S5, Website server carry out authentication according to authentification of user account number cipher and matrix pin to the user, specifically may further comprise the steps based on dynamic mapping password:
The dynamic password matrix that S5.1, Website server are searched user rs authentication sign indicating number password and this time generated according to the authentification of user number of the account;
S5.2, Website server are searched the numeral of each character correspondence in user's the identifying code password in the password matrix, draw corresponding numeric string;
S5.3, Website server compare the matrix verification sign indicating number of numeric string and user's input, if identical then by checking, on the contrary then can not be by checking.By verifying that the back authenticates the user account password.
CN2011100957565A 2011-04-15 2011-04-15 Strong authentication method based on dynamic mapping password Pending CN102164137A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011100957565A CN102164137A (en) 2011-04-15 2011-04-15 Strong authentication method based on dynamic mapping password

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011100957565A CN102164137A (en) 2011-04-15 2011-04-15 Strong authentication method based on dynamic mapping password

Publications (1)

Publication Number Publication Date
CN102164137A true CN102164137A (en) 2011-08-24

Family

ID=44465111

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011100957565A Pending CN102164137A (en) 2011-04-15 2011-04-15 Strong authentication method based on dynamic mapping password

Country Status (1)

Country Link
CN (1) CN102164137A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102984260A (en) * 2012-11-29 2013-03-20 胡浩 Internet account number and password information management method and system
CN103825892A (en) * 2014-02-19 2014-05-28 广州市自来水公司 Safe data verification and transmission method and system
CN104660549A (en) * 2013-11-19 2015-05-27 深圳市腾讯计算机系统有限公司 Identity verification method and device
CN107371161A (en) * 2017-08-31 2017-11-21 李同波 A kind of 5G network security certifications cut-in method
CN109214164A (en) * 2018-09-07 2019-01-15 河北地质大学 Computer communication security login method Internet-based and system
CN112685725A (en) * 2020-12-30 2021-04-20 上海掌门科技有限公司 Security verification method and device
CN114120457A (en) * 2021-09-07 2022-03-01 重庆畅停智慧停车服务有限公司 Parking self-service payment method and vehicle query method based on mobile phone terminal

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080244700A1 (en) * 2006-05-24 2008-10-02 Osborn Steven L Methods and systems for graphical image authentication
CN101316166A (en) * 2008-07-07 2008-12-03 张寄望 Dynamic password identity authentication method based on accidental character set

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080244700A1 (en) * 2006-05-24 2008-10-02 Osborn Steven L Methods and systems for graphical image authentication
CN101316166A (en) * 2008-07-07 2008-12-03 张寄望 Dynamic password identity authentication method based on accidental character set

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102984260A (en) * 2012-11-29 2013-03-20 胡浩 Internet account number and password information management method and system
CN104660549A (en) * 2013-11-19 2015-05-27 深圳市腾讯计算机系统有限公司 Identity verification method and device
CN104660549B (en) * 2013-11-19 2017-12-15 深圳市腾讯计算机系统有限公司 Auth method and device
US10305889B2 (en) 2013-11-19 2019-05-28 Tencent Technology (Shenzhen) Company Limited Identity authentication method and device and storage medium
CN103825892A (en) * 2014-02-19 2014-05-28 广州市自来水公司 Safe data verification and transmission method and system
CN107371161A (en) * 2017-08-31 2017-11-21 李同波 A kind of 5G network security certifications cut-in method
CN107371161B (en) * 2017-08-31 2020-03-24 李同波 5G network security authentication access method
CN109214164A (en) * 2018-09-07 2019-01-15 河北地质大学 Computer communication security login method Internet-based and system
CN112685725A (en) * 2020-12-30 2021-04-20 上海掌门科技有限公司 Security verification method and device
CN112685725B (en) * 2020-12-30 2022-12-06 上海掌门科技有限公司 Security verification method and device
CN114120457A (en) * 2021-09-07 2022-03-01 重庆畅停智慧停车服务有限公司 Parking self-service payment method and vehicle query method based on mobile phone terminal
CN114120457B (en) * 2021-09-07 2024-05-14 重庆亿连信息科技有限公司 Parking self-service payment method and vehicle inquiring method based on mobile phone end

Similar Documents

Publication Publication Date Title
CN102164137A (en) Strong authentication method based on dynamic mapping password
US8381272B1 (en) Systems and methods for strengthening web credentials
US8224293B1 (en) Encoded colorgram for mobile device security
CN100588154C (en) Dynamic cipher method and system
CN103236927B (en) A kind of authentication method based on dynamic ID mark and system
Mali et al. Improved pin entry method to prevent shoulder surfing attacks
WO2015062441A1 (en) Cgi web interface multi-session verification code generation and verification method
CN101964792B (en) Multimode mapping based strong authentication method
Nasiri et al. Using Combined One-Time Password for Prevention of Phishing Attacks.
Chithra et al. Pristine PixCaptcha as graphical password for secure eBanking using Gaussian elimination and cleaves algorithm
CN101510875A (en) Identification authentication method based on N-dimension sphere
Aldwairi et al. Multi-factor authentication system
AU2011100338A4 (en) Method and /or device for managing authentication data
Ayodele et al. Anti-phishing prevention measure for email systems
Hamilton et al. A global look at authentication
CN101662459A (en) Authentication method
Blancaflor et al. Social Media Content Compilation of Online Banking Scams in the Philippines: A Literature Review
Rani et al. A Novel Session Password Security Technique using Textual Color and Images
Nielson Authentication Technology
Awasthi Reducing identity theft using one-time passwords and SMS
Gunaseeli et al. Graphical passwords implies on tolerance password, image choice, and puzzle login security
CN108933669B (en) Device of secondary password based on thing allies oneself with is synchronous
Gohel et al. Study of Cyber Security with Advance Concept of Digital Signature.
Majdalawieh et al. Assessing the Attacks Against the Online Authentication Methods Using a Comparison Matrix: A Case of Online Banking
Lin et al. A tabular steganography scheme for graphical password authentication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20110824