CN105141428A - System and method for authentication and identification based on fuzzy fault and one-time password - Google Patents
System and method for authentication and identification based on fuzzy fault and one-time password Download PDFInfo
- Publication number
- CN105141428A CN105141428A CN201510510601.1A CN201510510601A CN105141428A CN 105141428 A CN105141428 A CN 105141428A CN 201510510601 A CN201510510601 A CN 201510510601A CN 105141428 A CN105141428 A CN 105141428A
- Authority
- CN
- China
- Prior art keywords
- time password
- user
- sequence
- authentication
- server end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a system and a method for authentication and identification based on a fuzzy fault and a one-time password. The method comprises the following steps that firstly, a one-time password sequence is generated through distributing an independent seed for each user, the generated one-time password sequence is input into a fuzzy fault algorithm to carry out fragmentation processing, and a server and a user respectively store fragmented fragment sequences; and during authentication, the server returns the fragments and recovers at the user, after recovery is successful, the user holds a combined one-time password token to visit the server, the server verifies validity of the one-time password, if the one-time password is valid, the server allows the one-time password to visit and update a next criterion, and after authentication is successful, the one-time password automatically becomes invalid. The system and the method for authentication and identification based on the fuzzy fault and the one-time password, which are provided by the invention, have the advantages of simple identification process, high safety performance and low cost.
Description
Technical field
The present invention relates to information security field, particularly a kind of certification recognition system based on fuzzy vault and one-time password and method.
Background technology
Information is as a kind of resource, and its generality, sharing, appreciation, handlability and multi-purpose, make it have the meaning of particular importance for the mankind.The essence of information security is exactly want the information resources in protection information system or information network from various types of threat, interference and destruction, i.e. the fail safe of guarantee information.Along with the development of Internet technology, the Internet brings easily simultaneously to the life of people, and the network security situation faced is also more and more severeer, and the phenomenons such as user's bank account is stolen, fund is stolen, user identity is falsely used are of common occurrence.Identity identifying technology is the important channel ensured information security.
Identity identifying technology is the effective workaround produced confirming the process of operator's identity.How to ensure that the operator carrying out operating with digital identity is exactly this digital identity lawful owner, that is ensure that the physical identity of operator is corresponding with digital identity, identity identifying technology is exactly to address this problem, as the first critical point of protection assets, authentication has very important effect.Current identity identifying technology is mainly divided into static password and dynamic password two kinds, and static password security performance is low, unreliable; Also there is larger potential safety hazard in dynamic password, dynamic password also also exists to use and carries inconvenient and that cost is high problem simultaneously.
In order to strengthen safeguard protection, a kind ofly add that the identity identifying method of state recognition information constantly occurs based on static password or dynamic password, such as publication number is that the patent documentation of CN104811443A proposes and a kind ofly obtains the identity identifying method that movement state information adds log-on message, and publication number is that the patent documentation of CN104734852A proposes a kind of identity identifying method adopting camera head to determine user's facial information; The problem that these identity identifying methods all also exist identifying complexity above, environmental factor is disturbed greatly and cost is high.
Summary of the invention
For above problem, patent object of the present invention is to devise a kind of certification recognition system based on fuzzy vault and one-time password and method, and identifying is simple, and security performance is high, and cost is low.The present invention is achieved by the following technical solutions:
Based on a certification recognition methods for fuzzy vault and one-time password, comprise the steps:
Server end generates user-specific seed according to user profile;
Carry out N Hash functional operation to described user-specific seed, symbiosis becomes N number of one-time password sequence H{1} ~ H{n};
According to dimmed national treasury algorithm, fragmentation process is carried out to N-1 one-time password sequence H{1} ~ H{n-1} before generation, obtain N-1 fragmentation information M{1} ~ M{n-1}, each fragmentation information M{1} ~ M{n-1} sent to respectively server end and user side and store;
User sends authentication request to server end, server end sends N-1 fragmentation information M{1} ~ M{n-1} storing to user side, N-1 the fragmentation information that user side stores in conjunction with user side, synthesizes complete disposable access password by fuzzy vault algorithm;
Server end carries out a Hash functional operation after obtaining described disposable access password, obtains disposable access sequence H*{n};
It is right to be carried out by N number of one-time password sequence H{n} that disposable access sequence H*{n} and server end store, if to success, and authentication success.
Further, the method for the invention comprises further:
After authentication success, server end receives new user profile by from user side, and generates new one-time password sequence and fragmentation information, the one-time password sequence before automatically deleting and fragmentation information.
The present invention also provides a kind of certification recognition system based on fuzzy vault and one-time password, comprising:
Acquisition module, for obtaining user profile and generating user-specific seed according to described user profile;
Processing module, generates one-time password sequence for carrying out Hash functional operation to described user-specific seed, and carries out fragmentation process according to dimmed national treasury algorithm to generation one-time password sequence, obtains fragmentation information;
Authentication module, for described fragmentation information is synthesized complete disposable access password by fuzzy vault algorithm, and obtains disposable access sequence by Hash functional operation;
Determination module, for be undertaken described disposable access sequence and described one-time password sequence to and determine whether authentication success.
Further, system of the present invention also comprises sending module, for described fragmentation information is sent to user side.
Further, system of the present invention also comprises removing module, for the one-time password sequence before automatically deleting after the authentication has been successful and fragmentation information.
Certification recognition system based on fuzzy vault and one-time password provided by the invention and method compared with prior art have the following advantages:
(1) the exclusive seed generated according to user characteristics ensures the uniqueness of each user.
(2) irreversibility of the disposable sequence generated, obtains a key and against going out sequence above, cannot ensure the fail safe of password.
(3) being combined with fuzzy vault algorithm by one-time password of novelty, by an irreversible password fragmentation, separately stores, obtains wherein a slice fragment and cannot restore password, fail safe is improved greatly.
(4) calculation requirement of fuzzy vault is placed on user side, calculating pressure has been transferred to mobile terminal, thus alleviated the calculating pressure of server end, while improving corresponding efficiency, do not lose fail safe again.
(5) one-time password use once namely delete, cannot use last time password by next time certification, ensure fail safe.
(6) comprehensive use fuzzy vault and one-time password algorithm, solve the difficult problem of the easy robber that traditional one-time password sequence instinct stores.
Accompanying drawing explanation
Referring to accompanying drawing, embodiments of the present invention is further illustrated, wherein:
Fig. 1 is the initialization flowchart of a kind of certification recognition methods based on fuzzy vault and one-time password of the present invention;
Fig. 2 is the identifying procedure figure of a kind of certification recognition methods based on fuzzy vault and one-time password of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in further detail.
The present invention proposes a kind of certification recognition methods based on fuzzy vault and one-time password, tool not relates to fuzzy vault algorithmic technique and one-time password authentication technology.
Fuzzy vault algorithm a kind ofly protects the maintaining secrecy of secret information, true and complete special password algorithm: form set A by the element in complete or collected works U; user with this set by secret s " lock " in one " national treasury "; if and only if, and user exists " " time is shown and set A set B closely, could successfully open " national treasury of unblanking " obtains secret s.The advantage that algorithm is given prominence to is that set A and set B need not be completely equal, only needs closely to unlock national treasury to a certain extent and obtains secret s.
One-time password authentication technology also claims dynamic-password technique, refers to that the password for authenticated user legal identity is disposable, and namely each password just uses once, and each certification all uses different passwords.Here password is not user password, but calculates the authenticate password of gained by user password and other uncertain factors.One-time password authentication technology eliminates most of safety defect of static password authentication technology, is highly resistant to major security threat and attack that static password authentication technology faces, for system provides more safe and reliable authenticating user identification guarantee.
A kind of certification recognition methods based on fuzzy vault and one-time password provided by the invention comprises initialization step and authenticating step, refer to the initialization flowchart that Fig. 1 is a kind of certification recognition methods based on fuzzy vault and one-time password of the present invention, Fig. 2 is the identifying procedure figure of a kind of certification recognition methods based on fuzzy vault and one-time password of the present invention.Specific as follows:
Initialization step:
(1) server end generates user-specific seed according to user profile;
(2) generate one-time password sequence according to the irreversibility of Hash function, carry out N Hash functional operation to described user-specific seed, symbiosis becomes N number of one-time password sequence H{1} ~ H{n};
(3) according to dimmed national treasury algorithm, fragmentation is carried out to the one-time password sequence generated, fragmentation process is carried out to N-1 one-time password sequence H{1} ~ H{n-1} before generation, obtain N-1 fragmentation information M{1} ~ M{n-1}, each fragment is turned to two parts, portion is stored in server end this locality, and one sends to user side to store.
After initialization step completes, that server end stores is front N-1 one-time password fragmentation information M{1} ~ M{n-1} and the N time complete one-time password H{n}, and other parts all delete.And that user side storage is front N-1 one-time password fragmentation information M{1} ~ M{n-1}.
Authenticating step:
(1) user sends authentication request to server end, server end sends N-1 fragmentation information M{1} ~ M{n-1} storing to user side, N-1 the fragmentation information that user side stores in conjunction with user side, synthesizes complete disposable access password by fuzzy vault algorithm and occurs to server end;
(2) server end carries out a Hash functional operation after obtaining described disposable access password, obtains disposable access sequence H*{n};
(3) N number of one-time password sequence H{n} that disposable access sequence H*{n} and server end store is carried out right, if to success, authentication success.
After authentication success, server end is using identifying as new certification of receiving from user, and replace original, then server end and user side upgrade the one-time password chip sequence of oneself respectively, and the fragment last just now used is deleted.
Correspondingly, the embodiment of the present invention also proposes a kind of certification recognition system based on fuzzy vault and one-time password, and its concrete structure composition comprises:
Acquisition module, for obtaining user profile and generating user-specific seed according to described user profile;
Processing module, generates one-time password sequence for carrying out Hash functional operation to described user-specific seed, and carries out fragmentation process according to dimmed national treasury algorithm to generation one-time password sequence, obtains fragmentation information;
Authentication module, for described fragmentation information is synthesized complete disposable access password by fuzzy vault algorithm, and obtains disposable access sequence by Hash functional operation;
Determination module, for be undertaken described disposable access sequence and described one-time password sequence to and determine whether authentication success;
Sending module, for sending to user side by described fragmentation information;
Removing module, for the one-time password sequence before automatically deleting after the authentication has been successful and fragmentation information.
The calculation requirement of fuzzy vault has been placed on user side by technical solution of the present invention, calculating pressure is transferred to mobile terminal, thus alleviate the calculating pressure of server end, fail safe is not lost again while improving corresponding efficiency, scheme is applicable to as gate control system, and security Verification System etc. need the terminal of light quick service.
The above the specific embodiment of the present invention, does not form limiting the scope of the present invention.Various other that any technical conceive according to the present invention is made change and distortion accordingly, all should be included in the protection range of the claims in the present invention.
Claims (5)
1., based on a certification recognition methods for fuzzy vault and one-time password, it is characterized in that, comprise the steps:
Server end generates user-specific seed according to user profile;
Carry out N Hash functional operation to described user-specific seed, symbiosis becomes N number of one-time password sequence H{1} ~ H{n};
According to dimmed national treasury algorithm, fragmentation process is carried out to N-1 one-time password sequence H{1} ~ H{n-1} before generation, obtain N-1 fragmentation information M{1} ~ M{n-1}, each fragmentation information M{1} ~ M{n-1} sent to respectively server end and user side and store;
User sends authentication request to server end, server end sends N-1 fragmentation information M{1} ~ M{n-1} storing to user side, N-1 the fragmentation information that user side stores in conjunction with user side, synthesizes complete disposable access password by fuzzy vault algorithm and occurs to server end;
Server end carries out a Hash functional operation after obtaining described disposable access password, obtains disposable access sequence H*{n};
It is right to be carried out by N number of one-time password sequence H{n} that disposable access sequence H*{n} and server end store, if to success, and authentication success.
2. a kind of certification recognition methods based on fuzzy vault and one-time password according to claim 1, it is characterized in that, described method comprises further:
After authentication success, server end receives new user profile by from user side, and generates new one-time password sequence and fragmentation information, the one-time password sequence before automatically deleting and fragmentation information.
3., based on a certification recognition system for fuzzy vault and one-time password, it is characterized in that, comprising:
Acquisition module, for obtaining user profile and generating user-specific seed according to described user profile;
Processing module, generates one-time password sequence for carrying out Hash functional operation to described user-specific seed, and carries out fragmentation process according to dimmed national treasury algorithm to generation one-time password sequence, obtains fragmentation information;
Authentication module, for described fragmentation information is synthesized complete disposable access password by fuzzy vault algorithm, and obtains disposable access sequence by Hash functional operation;
Determination module, for be undertaken described disposable access sequence and described one-time password sequence to and determine whether authentication success.
4. a kind of certification recognition system based on fuzzy vault and one-time password according to claim 3, it is characterized in that, described system also comprises sending module, for described fragmentation information is sent to user side.
5. a kind of certification recognition system based on fuzzy vault and one-time password according to claim 3, it is characterized in that, described system also comprises removing module, for the one-time password sequence before automatically deleting after the authentication has been successful and fragmentation information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510510601.1A CN105141428A (en) | 2015-08-19 | 2015-08-19 | System and method for authentication and identification based on fuzzy fault and one-time password |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510510601.1A CN105141428A (en) | 2015-08-19 | 2015-08-19 | System and method for authentication and identification based on fuzzy fault and one-time password |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105141428A true CN105141428A (en) | 2015-12-09 |
Family
ID=54726648
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510510601.1A Pending CN105141428A (en) | 2015-08-19 | 2015-08-19 | System and method for authentication and identification based on fuzzy fault and one-time password |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105141428A (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1599314A (en) * | 2004-08-25 | 2005-03-23 | 湖南大学 | Two-way verification disposable password verification method based on S/KEY system |
| CN101174953A (en) * | 2007-03-27 | 2008-05-07 | 兰州大学 | Identity authentication method based on S/Key system |
| CN102510330A (en) * | 2011-11-02 | 2012-06-20 | 杭州电子科技大学 | Novel fuzzy vault method based on fingerprint characteristic data and matching algorithm |
| CN102710417A (en) * | 2012-06-18 | 2012-10-03 | 杭州电子科技大学 | Fuzzy vault method based on fingerprint features and Internet key exchange protocol |
| US8290221B2 (en) * | 2008-04-17 | 2012-10-16 | Electronics And Telecommunications Research Institute | Apparatus and method for polynomial reconstruction in fuzzy vault system |
| CN102946310A (en) * | 2012-09-03 | 2013-02-27 | 杭州电子科技大学 | Fingerprint fuzzy vault method based on (k, w) threshold secret sharing scheme |
| CN103026686A (en) * | 2010-08-03 | 2013-04-03 | 西门子公司 | Method and apparatus for providing a one-time password |
| CN103346998A (en) * | 2013-05-18 | 2013-10-09 | 北京凯锐立德科技有限公司 | File breaking encryption-based file security protection method |
| CN103455764A (en) * | 2013-08-27 | 2013-12-18 | 无锡华御信息技术有限公司 | File segmentation and merging technology-based file encryption and decryption systems |
| CN103595793A (en) * | 2013-11-13 | 2014-02-19 | 华中科技大学 | Cloud data safe deleting system and method without support of trusted third party |
| CN103748829A (en) * | 2011-07-15 | 2014-04-23 | 虹膜技术公司 | Authentication method and device using single-use password including biometric image information |
-
2015
- 2015-08-19 CN CN201510510601.1A patent/CN105141428A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1599314A (en) * | 2004-08-25 | 2005-03-23 | 湖南大学 | Two-way verification disposable password verification method based on S/KEY system |
| CN101174953A (en) * | 2007-03-27 | 2008-05-07 | 兰州大学 | Identity authentication method based on S/Key system |
| US8290221B2 (en) * | 2008-04-17 | 2012-10-16 | Electronics And Telecommunications Research Institute | Apparatus and method for polynomial reconstruction in fuzzy vault system |
| CN103026686A (en) * | 2010-08-03 | 2013-04-03 | 西门子公司 | Method and apparatus for providing a one-time password |
| CN103748829A (en) * | 2011-07-15 | 2014-04-23 | 虹膜技术公司 | Authentication method and device using single-use password including biometric image information |
| CN102510330A (en) * | 2011-11-02 | 2012-06-20 | 杭州电子科技大学 | Novel fuzzy vault method based on fingerprint characteristic data and matching algorithm |
| CN102710417A (en) * | 2012-06-18 | 2012-10-03 | 杭州电子科技大学 | Fuzzy vault method based on fingerprint features and Internet key exchange protocol |
| CN102946310A (en) * | 2012-09-03 | 2013-02-27 | 杭州电子科技大学 | Fingerprint fuzzy vault method based on (k, w) threshold secret sharing scheme |
| CN103346998A (en) * | 2013-05-18 | 2013-10-09 | 北京凯锐立德科技有限公司 | File breaking encryption-based file security protection method |
| CN103455764A (en) * | 2013-08-27 | 2013-12-18 | 无锡华御信息技术有限公司 | File segmentation and merging technology-based file encryption and decryption systems |
| CN103595793A (en) * | 2013-11-13 | 2014-02-19 | 华中科技大学 | Cloud data safe deleting system and method without support of trusted third party |
Non-Patent Citations (5)
| Title |
|---|
| 刘艳涛 等.: "一种改进的随机性模糊金库算法.", 《科技通报》 * |
| 吕洋 等.: "基于指纹特征随机值的多模糊金库算法研究.", 《山东大学学报(理学版)》 * |
| 李晓磊.: "基于模糊金库思想的生物特征融合加密方法研究.", 《中国优秀硕士学位论文全文数据库信息科技辑2012年》 * |
| 游林 等.: "基于指纹改进的模糊金库算法.", 《杭州电子科技大学学报自然科学版》 * |
| 范萌生.: "指纹模糊金库算法.", 《中国优秀硕士学位论文全文数据库信息科技辑2013年》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11108546B2 (en) | Biometric verification of a blockchain database transaction contributor | |
| CN110493202B (en) | Login token generation and verification method and device and server | |
| US10680808B2 (en) | 1:N biometric authentication, encryption, signature system | |
| WO2020182151A1 (en) | Methods for splitting and recovering key, program product, storage medium, and system | |
| US9634999B1 (en) | Mobile device key management | |
| JP5710439B2 (en) | Template delivery type cancelable biometric authentication system and method | |
| CN102916970B (en) | Network-based PIN cache method | |
| CN110177134B (en) | Secure password manager based on multi-cloud storage and use method thereof | |
| CN110677382A (en) | Data security processing method, device, computer system and storage medium | |
| CN104735065A (en) | Data processing method, electronic device and server | |
| CN111355591A (en) | Block chain account safety management method based on real-name authentication technology | |
| CN105553667A (en) | Dynamic password generating method | |
| CN106936775A (en) | A kind of authentication method and system based on fingerprint recognition | |
| CN115473703A (en) | Identity-based ciphertext equivalence testing method, device, system and medium for authentication | |
| WO2019178440A1 (en) | System and method for securing private keys behind a biometric authentication gateway | |
| CN109246062B (en) | Authentication method and system based on browser plug-in | |
| CN107437996B (en) | Identity authentication method, device and terminal | |
| CN101667255B (en) | Security authentication method, device and system for radio frequency identification | |
| CN111291398B (en) | Block chain-based authentication method and device, computer equipment and storage medium | |
| CN109412799B (en) | System and method for generating local key | |
| CN113468596B (en) | Multi-element identity authentication method and system for outsourcing calculation of power grid data | |
| CN111885069B (en) | Computer network safety system | |
| CN105141428A (en) | System and method for authentication and identification based on fuzzy fault and one-time password | |
| Ussatova et al. | Two-factor authentication algorithm implementation with additional security parameter based on mobile application | |
| KR102289379B1 (en) | Creating method for decentralized biometric One-time-password |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20151209 |