CN109075965B - 使用口令码验证的前向安全密码技术的方法、系统和装置 - Google Patents

使用口令码验证的前向安全密码技术的方法、系统和装置 Download PDF

Info

Publication number
CN109075965B
CN109075965B CN201680077508.9A CN201680077508A CN109075965B CN 109075965 B CN109075965 B CN 109075965B CN 201680077508 A CN201680077508 A CN 201680077508A CN 109075965 B CN109075965 B CN 109075965B
Authority
CN
China
Prior art keywords
value
authentication
client
server
state variable
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201680077508.9A
Other languages
English (en)
Chinese (zh)
Other versions
CN109075965A (zh
Inventor
斯蒂文·默多克
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wansi Ban North America Co
Original Assignee
Vasco Data Security Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vasco Data Security Inc filed Critical Vasco Data Security Inc
Publication of CN109075965A publication Critical patent/CN109075965A/zh
Application granted granted Critical
Publication of CN109075965B publication Critical patent/CN109075965B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Radar Systems Or Details Thereof (AREA)
CN201680077508.9A 2015-12-30 2016-12-30 使用口令码验证的前向安全密码技术的方法、系统和装置 Active CN109075965B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201562273138P 2015-12-30 2015-12-30
US62/273,138 2015-12-30
PCT/US2016/069464 WO2017117520A1 (en) 2015-12-30 2016-12-30 A method, system and apparatus using forward-secure cryptography for passcode verification

Publications (2)

Publication Number Publication Date
CN109075965A CN109075965A (zh) 2018-12-21
CN109075965B true CN109075965B (zh) 2022-02-15

Family

ID=57799953

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680077508.9A Active CN109075965B (zh) 2015-12-30 2016-12-30 使用口令码验证的前向安全密码技术的方法、系统和装置

Country Status (6)

Country Link
US (1) US10511438B2 (enExample)
EP (1) EP3398289B1 (enExample)
JP (1) JP6927981B2 (enExample)
CN (1) CN109075965B (enExample)
ES (1) ES2952534T3 (enExample)
WO (1) WO2017117520A1 (enExample)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102014015814B4 (de) * 2014-10-24 2016-05-04 Unify Gmbh & Co. Kg Verfahren zum Authentifizieren eines Benutzergeräts bei der Anmeldung an einem Server
EP3376421A1 (en) * 2017-03-17 2018-09-19 Gemalto Sa Method for authenticating a user and corresponding device, first and second servers and system
JP2019054466A (ja) * 2017-09-15 2019-04-04 株式会社 エヌティーアイ 通信システム、第1通信装置、第2通信装置、方法、コンピュータプログラム
WO2019147251A1 (en) * 2018-01-25 2019-08-01 Visa International Service Association Token offline provisioning
US10389708B1 (en) 2019-01-03 2019-08-20 Capital One Services, Llc Secure authentication of a user associated with communication with a service representative
GB2585010B (en) * 2019-06-24 2022-07-13 Blockstar Developments Ltd Cryptocurrency key management
US11080413B2 (en) * 2019-10-25 2021-08-03 Integrity Security Services Llc Methods and systems for creating, verifying, and entering security information
FR3105481B1 (fr) * 2019-12-24 2022-12-16 Thales Sa Procédé de vérification du mot de passe d'un dongle, programme d'ordinateur, dongle et terminal utilisateur associés
JP2021141460A (ja) * 2020-03-05 2021-09-16 キヤノン株式会社 被認証装置、認証システムおよび認証方法
US20220059098A1 (en) * 2020-08-24 2022-02-24 Verified Technologies, Inc. Dynamic electronic agreements
JP7607873B2 (ja) * 2021-01-04 2025-01-06 株式会社 エヌティーアイ ユーザ装置、方法、コンピュータプログラム
US12238087B2 (en) * 2021-10-04 2025-02-25 Globus Medical, Inc. Validating credential keys based on combinations of credential value strings and input order strings
US20230208644A1 (en) * 2021-12-23 2023-06-29 Eque Corporation Systems configured for credential exchange with a dynamic cryptographic code and methods thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101163014A (zh) * 2007-11-30 2008-04-16 中国电信股份有限公司 一种动态口令身份认证系统和方法
WO2012005744A1 (en) * 2010-06-27 2012-01-12 King Saud University One-time password authentication with infinite nested hash claims
US8832807B1 (en) * 2010-08-05 2014-09-09 Christine E. Kuo Method and apparatus for asynchronous dynamic password
CN104753682A (zh) * 2015-04-03 2015-07-01 北京云安世纪科技有限公司 一种会话秘钥的生成系统及方法

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7085840B2 (en) * 2001-10-29 2006-08-01 Sun Microsystems, Inc. Enhanced quality of identification in a data communications network
US8281378B2 (en) * 2006-10-20 2012-10-02 Citrix Systems, Inc. Methods and systems for completing, by a single-sign on component, an authentication process in a federated environment to a resource not supporting federation
US20090210712A1 (en) * 2008-02-19 2009-08-20 Nicolas Fort Method for server-side detection of man-in-the-middle attacks
US8302167B2 (en) * 2008-03-11 2012-10-30 Vasco Data Security, Inc. Strong authentication token generating one-time passwords and signatures upon server credential verification
US8756706B2 (en) * 2010-10-12 2014-06-17 Blackberry Limited Method for securing credentials in a remote repository
US8683562B2 (en) * 2011-02-03 2014-03-25 Imprivata, Inc. Secure authentication using one-time passwords
US9225717B1 (en) * 2013-03-14 2015-12-29 Emc Corporation Event-based data signing via time-based one-time authentication passcodes
EP2885904B1 (en) * 2012-08-03 2018-04-25 Vasco Data Security International GmbH User-convenient authentication method and apparatus using a mobile authentication application
US9218476B1 (en) * 2012-11-07 2015-12-22 Amazon Technologies, Inc. Token based one-time password security
EP2939363A1 (en) * 2012-12-28 2015-11-04 Vasco Data Security International GmbH Remote authentication and transaction signatures
CN103258312B (zh) * 2013-03-20 2015-10-28 东北大学 具有快速密钥流生成机制的数字图像加密方法
JP2017507549A (ja) * 2013-12-30 2017-03-16 バスコ データ セキュリティー インターナショナル ゲゼルシャフト ミット ベシュレンクテル ハフツング ブルートゥースインタフェースを備える認証装置
EP3090521B1 (en) * 2013-12-31 2020-04-01 OneSpan International GmbH A method and apparatus for securing a mobile application
CN103916234B (zh) * 2014-04-11 2016-09-07 中国人民解放军沈阳军区总医院 一种应用于隐私保护的混沌医学图像加密方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101163014A (zh) * 2007-11-30 2008-04-16 中国电信股份有限公司 一种动态口令身份认证系统和方法
WO2012005744A1 (en) * 2010-06-27 2012-01-12 King Saud University One-time password authentication with infinite nested hash claims
US8832807B1 (en) * 2010-08-05 2014-09-09 Christine E. Kuo Method and apparatus for asynchronous dynamic password
CN104753682A (zh) * 2015-04-03 2015-07-01 北京云安世纪科技有限公司 一种会话秘钥的生成系统及方法

Also Published As

Publication number Publication date
US20170195316A1 (en) 2017-07-06
WO2017117520A1 (en) 2017-07-06
EP3398289A1 (en) 2018-11-07
JP6927981B2 (ja) 2021-09-01
CN109075965A (zh) 2018-12-21
JP2019506789A (ja) 2019-03-07
WO2017117520A8 (en) 2018-08-30
EP3398289C0 (en) 2023-06-07
ES2952534T3 (es) 2023-11-02
US10511438B2 (en) 2019-12-17
EP3398289B1 (en) 2023-06-07

Similar Documents

Publication Publication Date Title
CN109075965B (zh) 使用口令码验证的前向安全密码技术的方法、系统和装置
US11770369B2 (en) System and method for identity verification across mobile applications
CN107409049B (zh) 用于保护移动应用的方法和装置
US10797879B2 (en) Methods and systems to facilitate authentication of a user
CN106575326B (zh) 利用非对称加密实施一次性密码的系统和方法
CN111512608B (zh) 基于可信执行环境的认证协议
US10523441B2 (en) Authentication of access request of a device and protecting confidential information
US12052367B2 (en) Optimized access in a service environment
CN105187382A (zh) 防止撞库攻击的多因子身份认证方法
Kochovski et al. CSCI468/968 Advanced Network Security Multi-Factor Authentication
Malaysia Suggested Mechanisms for Understanding the Ideas in Authentication System
HK1236636B (zh) 利用非对称加密实施一次性密码的系统和方法
HK1236636A1 (en) System and method for implementing a one-time-password using asymmetric cryptography
BR112017014014B1 (pt) Método e sistema de personalização de token

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Glattbrugg Switzerland

Applicant after: VASCO DATA SECURTY, Inc.

Address before: Glattbrugg Switzerland

Applicant before: Onispan International Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20250911

Address after: U.S.A.

Patentee after: Wansi Ban North America Co.

Country or region after: U.S.A.

Address before: Swiss Glatt Brygge

Patentee before: VASCO DATA SECURTY, Inc.

Country or region before: Switzerland

TR01 Transfer of patent right