CN102164137A - Strong authentication method based on dynamic mapping password - Google Patents
Strong authentication method based on dynamic mapping password Download PDFInfo
- Publication number
- CN102164137A CN102164137A CN2011100957565A CN201110095756A CN102164137A CN 102164137 A CN102164137 A CN 102164137A CN 2011100957565 A CN2011100957565 A CN 2011100957565A CN 201110095756 A CN201110095756 A CN 201110095756A CN 102164137 A CN102164137 A CN 102164137A
- Authority
- CN
- China
- Prior art keywords
- password
- matrix
- user
- website server
- identifying code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a strong authentication method based on a dynamic mapping password, and the method comprises the following steps: S1) a user sets a user authenticated account password and an authentication code password in a safe state; S2) a website server records the account password and the authentication code password corresponding to a user authenticated account; S3) when the user logs in, the website server provides a dynamic password matrix of authentication code in real time according to the user authenticated account; S4) the user searches for the password matrix according to the authentication code password, acquires a corresponding matrix authentication code and inputs the matrix authentication code for authenticating; and S5) the website server authenticates the login of the user according to the user authenticated account password and the matrix authentication code. The method provided by the invention has the advantages of dynamic, real time, high security, and the like, and is used for preferably realizing authentification by utilizing the network bugging and overdue Cookie.
Description
Technical field
The present invention relates to field of computer information security, particularly a kind of strong authentication method based on dynamic mapping password.
Background technology
Along with the popularization of computer science and information network technique, and the applications of computer network is universal day by day, and people's life more and more depends on computer network.People enjoy that computer network system provides simultaneously easily, also be faced with the risk of various information securities, as account number cipher be stolen, leakage of personal information, website be subjected to malicious attack, the leakage of site information data etc.The cipher authentication system is the basic mode that is used for authenticating user identification on the computer network.Be to ensure the safety of cipher authentication system, prevent that the user from utilizing that robot registers automatically, login automatically, auto-irrigation or obtain account number cipher by the Brute Force mode, the identifying code technology has all been adopted in many websites.That is, the user also needs additionally to import a string identifying code except using account number cipher.The string number or the symbol that will produce at random normally by web station system, generate a width of cloth and add the identifying code picture that disturbs pixel, by the user by naked eyes identification verification code information wherein, and submit to the website to verify in the input list, thisly can enter web station system by the authentication of website or use a certain function after additionally being proved to be successful, thereby strengthen the anti-attack ability of website, prevent that effectively the registered user from constantly landing trial with specific program Brute Force mode.The Web bank of at present a lot of large-scale websites such as industrial and commercial bank, community of Tengxun etc. have all adopted the identifying code technology.
But regrettably the identifying code of a lot of websites realizes that problem is all arranged, and the assailant still can attack web station system.Directly provide with among identifying code webpage and the Cookie such as some website, the assailant can read directly that Cookie cracks or can use expired Cookie method to use a Cookie who had been used and identifying code by force.
Summary of the invention
The objective of the invention is to overcome above-mentioned shortcoming and defect, provide a kind of and have dynamically, in real time, the strong authentication method based on dynamic mapping password of strong safety, be the method that is used for the identifying code of the reinforcement number of the account authentication and website verified.
The objective of the invention is to realize by following technical method:
A kind of strong authentication method based on dynamic mapping password may further comprise the steps:
S1, user are provided with authentification of user account number cipher and identifying code password under safe condition, enter step S2:
S2, Website server are noted account number cipher and identifying code password respective user authentication number of the account, enter step S3;
S3, when the user logins, Website server provides a dynamic password matrix of identifying code in real time according to the authentification of user number of the account, enters step S4;
S4, user search the password matrix according to the identifying code password, obtain corresponding matrix verification sign indicating number, and the input matrix identifying code is verified, enters step S5;
S5, Website server carry out login authentication according to authentification of user account number cipher and matrix verification sign indicating number to the user.
To better implement the present invention, described safe condition is realized by escape way, SSL or other cipher modes are set;
The dynamic password matrix that is generated is realized by adding the identifying code picture that disturbs pixel.
Described identifying code password is made up of letter and symbol, and wherein said letter comprises capitalization English letter and small letter English alphabet;
Described matrix verification sign indicating number is made up of numeral.
When described strong authentication method based on dynamic mapping password matrix was used for the account number cipher authentication simultaneously, the login authentication protection was stronger.
Preferably, Website server provides a dynamic password matrix in real time according to the authentification of user number of the account among the described step S3, wherein the create-rule of password matrix is: the password matrix adopts the display mode of letter, ten numerals of the corresponding 0-9 of symbol, a numeral among the corresponding at random 0-9 of each letter or symbol; The dynamic password matrix will comprise 26 capitalizations and 26 lowercases (totally 52 characters) at least, adds symbol commonly used, and polishing is a multiple character of 10; Website server generates the corresponding digital password matrix of character according to random algorithm, and hypothesis matrix has n character, then average every n/10 the corresponding same numeral of character.
Preferably, described random algorithm is by one or more realizations in linear congruence algorithm, BBS pseudorandom number generator and the ANSI X9.17 pseudorandom number generator.
Preferably, described step S3, when the user logins, Website server provides a dynamic password matrix in real time according to the authentification of user number of the account, specifically may further comprise the steps:
S3.1, when the user logins, the user imports the authentification of user number of the account, and to Website server acquisition request password matrix, enters step S3.2;
S3.2, Website server generate the password matrix at random according to dynamic password matrix create-rule, and newly-generated password matrix is passed to the user;
Preferably, described newly-generated password matrix is passed to the user, be meant that specifically website service passes to the user by the SSL mode with newly-generated password matrix.
Preferably, described step S4, user search the password matrix according to the identifying code password, obtain corresponding matrix verification sign indicating number, and the input matrix identifying code is logined, and specifically is meant:
The user searches the numeral of each character correspondence in the identifying code password according to the identifying code password in the password matrix that Website server provides, obtain a matrix verification sign indicating number of being made up of numeral, and the checking that the input matrix identifying code is logined is strengthened.
Preferably, described step S5, Website server carry out authentication according to authentification of user account number cipher and matrix verification sign indicating number to the user, specifically may further comprise the steps:
The dynamic password matrix that S5.1, Website server are searched user rs authentication sign indicating number password and this time generated according to the authentification of user number of the account enters step S5.2;
S5.2, Website server are searched the numeral of each character correspondence in user's the identifying code password in the password matrix, draw corresponding numeric string, enter step S5.3;
S5.3, Website server compare the matrix verification sign indicating number of numeric string and user's input, if identical then by checking, on the contrary then can not be by checking.By authenticating the user account password after the checking.
Compared with prior art, the present invention has following beneficial effect:
The first, dynamic: the present invention takes to provide password contrast matrix to provide dynamic password to user's mode by server in entry stage, the password matrix is to generate at random by certain principle, the identifying code password of each login is all different, has solved the problem that adopts network interception and use expired Cookie to attack well.
The second, real-time: the user enters entry stage at every turn, server all provides a dynamic password contrast matrix in real time, the user searches the password matrix according to the password of oneself and is verified a yard password, and the password matrix is to provide at random in real time, has improved fail safe greatly.
Three, strong security: dynamic password contrast matrix is generated in user's entry stage in real time by server, server adopts certain random algorithm generator matrix at random according to authentification of user account number cipher and identifying code recorded information, n/10 the corresponding character of each numeral of matrix then, effective like this threat that has prevented that known plain text attack and network abduction from bringing.
Description of drawings
Fig. 1 is the workflow diagram of a kind of strong authentication method based on dynamic mapping password of the present invention;
Fig. 2 is the workflow diagram of a kind of strong authentication method based on dynamic mapping password among the embodiment one.
Embodiment
Below in conjunction with embodiment and accompanying drawing, the present invention is described in further detail, but embodiments of the present invention are not limited thereto.
Embodiment one
As shown in Figure 1 and Figure 2, the present invention is based on the strong authentication method of dynamic mapping password, realize by following steps:
S1, user are provided with authentification of user account number cipher and identifying code password under safe condition;
S2, Website server are noted account number cipher and identifying code password respective user authentication number of the account;
S3, when the user logins, Website server provides a dynamic password matrix of identifying code in real time according to the authentification of user number of the account;
S4, user search the password matrix according to the identifying code password, obtain corresponding matrix verification sign indicating number, and the input matrix identifying code is verified;
S5, Website server carry out login authentication according to authentification of user account number cipher and matrix verification sign indicating number to the user.
Described step S1 safe condition is by being provided with escape way, SSL realization; The identifying code password can be made of (consider safety problem, password length should greater than 6 characters) some symbols of upper and lower case letter and regulation.
Described step S2 identifying code password is made up of letter and symbol, and wherein said letter comprises capitalization English letter and small letter English alphabet; (for example the authentification of user number of the account of user A is UserA, and then server is just preserved authentication password and the identifying code password of user A under the catalogue of UserA).
Described step S4 matrix pin is made up of numeral.
Website server provides a dynamic password matrix in real time according to the authentification of user account number cipher among the described step S3, wherein the create-rule of password matrix is: the password matrix adopts the display mode of letter, ten numerals of the corresponding 0-9 of symbol, a numeral among the corresponding at random 0-9 of each letter or symbol; The dynamic password matrix will comprise 26 capitalizations and 26 lowercases (totally 52 characters) at least, adds symbol commonly used, and polishing is a multiple character of 10; Website server generates the corresponding digital password matrix of character according to random algorithm, and hypothesis matrix has n character, then average every n/10 the corresponding same numeral of character.
Described random algorithm is by one or more realizations in linear congruence algorithm, BBS pseudorandom number generator and the ANSI X9.17 pseudorandom number generator.
Described step S3, when the user logins, Website server provides a dynamic password matrix in real time according to the user account password, specifically may further comprise the steps:
S3.1, when the user logins, the user imports the authentification of user number of the account, and to Website server acquisition request password matrix;
S3.2, Website server generate the password matrix at random according to dynamic password matrix create-rule, and newly-generated password matrix is passed to the user;
Described newly-generated password matrix is passed to the user, be meant that specifically website service passes to the user by the SSL mode with newly-generated password matrix.
Described step S4, user search the password matrix according to the identifying code password, obtain corresponding matrix pin, and the input matrix password is logined, and specifically is meant:
The user searches the numeral of each character correspondence in the identifying code password according to the identifying code password in the password matrix that Website server provides, obtain a matrix verification sign indicating number sign indicating number of being made up of numeral, and input matrix identifying code sign indicating number is logined.
Described step S5, Website server carry out authentication according to authentification of user account number cipher and matrix pin to the user, specifically may further comprise the steps:
The dynamic password matrix that S5.1, Website server are searched user rs authentication sign indicating number password and this time generated according to the authentification of user number of the account;
S5.2, Website server are searched the numeral of each character correspondence in user's the identifying code password in the password matrix, draw corresponding numeric string;
S5.3, Website server compare the matrix verification sign indicating number of numeric string and user's input, if identical then by checking, on the contrary then can not be by checking.By verifying that the back authenticates the user account password.
Above-mentioned password matrix, it is the display mode that adopts letter, ten numerals of the corresponding 0-9 of symbol, a numeral among the corresponding at random 0-9 of each letter or symbol, get 60 characters according to fail safe and ease for use principle herein, wherein comprise 26 capitalizations and 26 lowercases and 8 conventional signs.
The form of dynamic password matrix is as follows, is shown in Table 1:
Table 1
The character of password matrix: get 60 characters according to fail safe and ease for use principle, wherein comprise 26 capitalizations and 26 lowercases and 8 conventional signs, the user is provided with the identifying code password and will chooses from these 60 characters, can not choose non-existent character in the password matrix.
The character of password matrix and digital corresponding relation: a numeral among the corresponding at random 0-9 of each character in the password matrix, distribute the corresponding same numeral of average per 6 characters according to random algorithm.
The user inputs the principle of password and identifying code: under the situation of Generally Recognized as safe, the user should avoid twice input password under same environment, in case the person of peeping compares twice input.
The foregoing description is a preferred implementation of the present invention; but embodiments of the present invention are not limited by the examples; other any do not deviate from change, the modification done under spirit of the present invention and the principle, substitutes, combination, simplify; all should be the substitute mode of equivalence, be included within protection scope of the present invention.
Claims (6)
1. the strong authentication method based on dynamic mapping password is characterized in that, may further comprise the steps:
S1, user are provided with authentification of user account number cipher and identifying code password under safe condition;
S2, Website server are noted account number cipher and identifying code password respective user authentication number of the account;
S3, when the user logins, Website server provides a dynamic password matrix of identifying code in real time according to the authentification of user number of the account;
S4, user search the password matrix according to the identifying code password, obtain corresponding matrix verification sign indicating number, and the input matrix identifying code is verified;
S5, Website server carry out login authentication according to authentification of user account number cipher and matrix verification sign indicating number to the user.
Described step S1 safe condition is by being provided with escape way, SSL realization;
Described step S2 identifying code password is made up of letter and symbol, and wherein said letter comprises capitalization English letter and small letter English alphabet;
Described step S4 matrix pin is made up of numeral.
Website server provides a dynamic password matrix in real time according to the authentification of user account number cipher among the described step S3, wherein the create-rule of password matrix is: the password matrix adopts the display mode of letter, corresponding 0~90 numeral of symbol, and each letter or symbol be a numeral among corresponding 0~9 at random; The dynamic password matrix will comprise 26 capitalizations and 26 lowercases at least, adds symbol commonly used, and polishing is a multiple character of 10; Website server generates the corresponding digital password matrix of character according to random algorithm, if matrix has n character, and then average every n/10 the corresponding same numeral of character.
2. according to the described a kind of strong authentication method of claim 1 based on dynamic mapping password, it is characterized in that described random algorithm is by one or more realizations in linear congruence algorithm, BBS pseudorandom number generator and the ANSI X9.17 pseudorandom number generator.
3. according to claim 1 or 2 described a kind of strong authentication methods based on dynamic mapping password, it is characterized in that, described step S3, when the user logins, Website server provides a dynamic password matrix in real time according to the user account password, specifically may further comprise the steps:
S3.1, when the user logins, the user imports the authentification of user number of the account, and to Website server acquisition request password matrix;
S3.2, Website server generate the password matrix at random according to dynamic password matrix create-rule, and newly-generated password matrix is passed to the user;
4. according to the described a kind of strong authentication method of claim 3, it is characterized in that, described newly-generated password matrix is passed to the user, be meant that specifically website service passes to the user by the SSL mode with newly-generated password matrix based on dynamic mapping password.
5. according to the described a kind of strong authentication method based on dynamic mapping password of claim 3, it is characterized in that described step S4, user search the password matrix according to the identifying code password, obtain corresponding matrix pin, the input matrix password is logined, and specifically is meant:
The user searches the numeral of each character correspondence in the identifying code password according to the identifying code password in the password matrix that Website server provides, obtain a matrix verification sign indicating number sign indicating number of being made up of numeral, and input matrix identifying code sign indicating number is logined.
6. according to the described a kind of strong authentication method of claim 3, it is characterized in that described step S5, Website server carry out authentication according to authentification of user account number cipher and matrix pin to the user, specifically may further comprise the steps based on dynamic mapping password:
The dynamic password matrix that S5.1, Website server are searched user rs authentication sign indicating number password and this time generated according to the authentification of user number of the account;
S5.2, Website server are searched the numeral of each character correspondence in user's the identifying code password in the password matrix, draw corresponding numeric string;
S5.3, Website server compare the matrix verification sign indicating number of numeric string and user's input, if identical then by checking, on the contrary then can not be by checking.By verifying that the back authenticates the user account password.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100957565A CN102164137A (en) | 2011-04-15 | 2011-04-15 | Strong authentication method based on dynamic mapping password |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100957565A CN102164137A (en) | 2011-04-15 | 2011-04-15 | Strong authentication method based on dynamic mapping password |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102164137A true CN102164137A (en) | 2011-08-24 |
Family
ID=44465111
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100957565A Pending CN102164137A (en) | 2011-04-15 | 2011-04-15 | Strong authentication method based on dynamic mapping password |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102164137A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102984260A (en) * | 2012-11-29 | 2013-03-20 | 胡浩 | Internet account number and password information management method and system |
| CN103825892A (en) * | 2014-02-19 | 2014-05-28 | 广州市自来水公司 | Safe data verification and transmission method and system |
| CN104660549A (en) * | 2013-11-19 | 2015-05-27 | 深圳市腾讯计算机系统有限公司 | Identity verification method and device |
| CN107371161A (en) * | 2017-08-31 | 2017-11-21 | 李同波 | A kind of 5G network security certifications cut-in method |
| CN109214164A (en) * | 2018-09-07 | 2019-01-15 | 河北地质大学 | Computer communication security login method Internet-based and system |
| CN112685725A (en) * | 2020-12-30 | 2021-04-20 | 上海掌门科技有限公司 | Security verification method and device |
| CN114120457A (en) * | 2021-09-07 | 2022-03-01 | 重庆畅停智慧停车服务有限公司 | Parking self-service payment method and vehicle query method based on mobile phone terminal |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080244700A1 (en) * | 2006-05-24 | 2008-10-02 | Osborn Steven L | Methods and systems for graphical image authentication |
| CN101316166A (en) * | 2008-07-07 | 2008-12-03 | 张寄望 | Dynamic password identity authentication method based on accidental character set |
-
2011
- 2011-04-15 CN CN2011100957565A patent/CN102164137A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080244700A1 (en) * | 2006-05-24 | 2008-10-02 | Osborn Steven L | Methods and systems for graphical image authentication |
| CN101316166A (en) * | 2008-07-07 | 2008-12-03 | 张寄望 | Dynamic password identity authentication method based on accidental character set |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102984260A (en) * | 2012-11-29 | 2013-03-20 | 胡浩 | Internet account number and password information management method and system |
| CN104660549A (en) * | 2013-11-19 | 2015-05-27 | 深圳市腾讯计算机系统有限公司 | Identity verification method and device |
| CN104660549B (en) * | 2013-11-19 | 2017-12-15 | 深圳市腾讯计算机系统有限公司 | Auth method and device |
| US10305889B2 (en) | 2013-11-19 | 2019-05-28 | Tencent Technology (Shenzhen) Company Limited | Identity authentication method and device and storage medium |
| CN103825892A (en) * | 2014-02-19 | 2014-05-28 | 广州市自来水公司 | Safe data verification and transmission method and system |
| CN107371161A (en) * | 2017-08-31 | 2017-11-21 | 李同波 | A kind of 5G network security certifications cut-in method |
| CN107371161B (en) * | 2017-08-31 | 2020-03-24 | 李同波 | 5G network security authentication access method |
| CN109214164A (en) * | 2018-09-07 | 2019-01-15 | 河北地质大学 | Computer communication security login method Internet-based and system |
| CN112685725A (en) * | 2020-12-30 | 2021-04-20 | 上海掌门科技有限公司 | Security verification method and device |
| CN112685725B (en) * | 2020-12-30 | 2022-12-06 | 上海掌门科技有限公司 | Security verification method and device |
| CN114120457A (en) * | 2021-09-07 | 2022-03-01 | 重庆畅停智慧停车服务有限公司 | Parking self-service payment method and vehicle query method based on mobile phone terminal |
| CN114120457B (en) * | 2021-09-07 | 2024-05-14 | 重庆亿连信息科技有限公司 | Parking self-service payment method and vehicle inquiring method based on mobile phone end |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102164137A (en) | Strong authentication method based on dynamic mapping password | |
| US8381272B1 (en) | Systems and methods for strengthening web credentials | |
| US8224293B1 (en) | Encoded colorgram for mobile device security | |
| CN100588154C (en) | Dynamic cipher method and system | |
| CN103236927B (en) | A kind of authentication method based on dynamic ID mark and system | |
| Mali et al. | Improved pin entry method to prevent shoulder surfing attacks | |
| WO2015062441A1 (en) | Cgi web interface multi-session verification code generation and verification method | |
| CN101964792B (en) | Multimode mapping based strong authentication method | |
| Nasiri et al. | Using Combined One-Time Password for Prevention of Phishing Attacks. | |
| Chithra et al. | Pristine PixCaptcha as graphical password for secure eBanking using Gaussian elimination and cleaves algorithm | |
| CN101510875A (en) | Identification authentication method based on N-dimension sphere | |
| Aldwairi et al. | Multi-factor authentication system | |
| AU2011100338A4 (en) | Method and /or device for managing authentication data | |
| Ayodele et al. | Anti-phishing prevention measure for email systems | |
| Hamilton et al. | A global look at authentication | |
| CN101662459A (en) | Authentication method | |
| Blancaflor et al. | Social Media Content Compilation of Online Banking Scams in the Philippines: A Literature Review | |
| Rani et al. | A Novel Session Password Security Technique using Textual Color and Images | |
| Nielson | Authentication Technology | |
| Awasthi | Reducing identity theft using one-time passwords and SMS | |
| Gunaseeli et al. | Graphical passwords implies on tolerance password, image choice, and puzzle login security | |
| CN108933669B (en) | Device of secondary password based on thing allies oneself with is synchronous | |
| Gohel et al. | Study of Cyber Security with Advance Concept of Digital Signature. | |
| Majdalawieh et al. | Assessing the Attacks Against the Online Authentication Methods Using a Comparison Matrix: A Case of Online Banking | |
| Lin et al. | A tabular steganography scheme for graphical password authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110824 |