CN109560937B - Password authentication method, device and computer readable storage medium - Google Patents
Password authentication method, device and computer readable storage medium Download PDFInfo
- Publication number
- CN109560937B CN109560937B CN201910008849.6A CN201910008849A CN109560937B CN 109560937 B CN109560937 B CN 109560937B CN 201910008849 A CN201910008849 A CN 201910008849A CN 109560937 B CN109560937 B CN 109560937B
- Authority
- CN
- China
- Prior art keywords
- password
- user
- registration
- login
- fake
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Abstract
The invention discloses a password authentication method, which comprises the following steps: acquiring a registration account and a registration password of a user; generating a false password corresponding to the registration password by using a trained false password generation model; storing a registration password of the user and a fake password corresponding to the registration password; when detecting that the registered account of the user is used for login, acquiring a current password of the current login; comparing the current password with the registration password of the user and the fake password corresponding to the registration password; and if the current password is the same as the password corresponding to the registered password, judging that the current login is abnormal, and sending warning information to a preset terminal. The invention also provides a password authentication method and device and a computer readable storage medium. The invention can ensure that an attacker cannot obtain real user data and send out warning in time, thereby avoiding or reducing the invasion of the privacy and property of the user.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a password authentication method and apparatus, and a computer-readable storage medium.
Background
The scale of the internet is huge, the application of the internet is diversified, and the network economy is rapidly increased. The internet is not only an important source for acquiring information, but also an important platform for communication, entertainment and consumption, and a plurality of economic activities, such as online shopping, hotel reservation, contract booking and other services, are moved from off-line to on-line in a large scale. With the increasing use of the internet, people gradually attract attention to the security problem of the internet, wherein the problem of password disclosure is the most serious. The client, the communication network and even the server end all have the risk of password leakage.
User identity authentication based on passwords is the mainstream identity authentication mode of the internet at present. However, the identity authentication method is vulnerable, and a common attack method is that an attacker acquires a hash-encrypted user password and obtains the password by cracking the hash value. Once an attacker recovers a certain user login password, the user login password can be disguised as the user login, so that the privacy property of the user is damaged, and immeasurable loss is brought to enterprises.
Disclosure of Invention
The invention provides a password authentication method, a password authentication device and a computer readable storage medium, and mainly aims to realize the password authentication method.
In order to achieve the above object, the present invention further provides a password authentication method, including:
acquiring a registration account and a registration password of a user;
generating a false password corresponding to the registration password by using a trained false password generation model;
storing a registration password of the user and a fake password corresponding to the registration password;
when detecting that the registered account of the user is used for login, acquiring a current password of the current login;
comparing the current password with the registration password of the user and the fake password corresponding to the registration password;
and if the current password is the same as the password corresponding to the registered password, judging that the current login is abnormal, and sending warning information to a preset terminal.
Optionally, the training the holiday generation model comprises:
obtaining a corpus consisting of revealed passwords;
processing the corpus to obtain a password dictionary;
acquiring a combination mode with the highest occurrence frequency from the corpus;
analyzing the combination mode with the highest occurrence frequency to generate a syntax tree;
and training the parameters of the grammar tree based on a password dictionary to obtain a trained false password generation model.
Optionally, the processing the corpus to obtain a password dictionary includes:
counting words, numbers and special symbols with the highest frequency of occurrence in the revealed passwords by utilizing Hash mapping;
and classifying words, numbers and special symbols with the highest frequency of occurrence according to the prefix and the suffix of the revealed password and integrating the words, the numbers and the special symbols into a password dictionary.
Optionally, the storing the login password of the user and the fake password corresponding to the login password includes:
establishing a plurality of fields in a data table of a database for storing the registration passwords of the users and the false passwords corresponding to the registration passwords, wherein the real password of each user in the database is located in different fields.
Optionally, the sending of the warning information to the preset terminal includes one or more of the following combinations:
sending alarm information to terminal equipment of an administrator;
and sending the abnormal information to the terminal equipment of the user.
Optionally, the method further comprises:
generating fake privacy data with the user;
and presenting the false privacy data on the user interface after the current login is successful.
Optionally, the generating false privacy data with the user comprises:
generating a random character, wherein the random character comprises a number and a character string;
and cross-obfuscating the real private data of the user with a random character, wherein the real private data of the user includes data of a number type, data of a date type, and data of a character string type.
In order to achieve the above object, the present invention further provides a password authentication apparatus, which includes a memory and a processor, wherein the memory stores a password authentication method program operable on the processor, and the password authentication method program, when executed by the processor, implements the following steps:
acquiring a registration account and a registration password of a user;
generating a false password corresponding to the registration password by using a trained false password generation model;
storing a registration password of the user and a fake password corresponding to the registration password;
when detecting that the registered account of the user is used for login, acquiring a current password for current login;
comparing the current password with the login password of the user and the fake password corresponding to the login password;
and if the current password is the same as the password corresponding to the registered password, judging that the current login is abnormal, and sending warning information to a preset terminal.
Optionally, the training the holiday generation model comprises:
obtaining a corpus consisting of revealed passwords;
processing the corpus to obtain a password dictionary;
acquiring a combination mode with the highest occurrence frequency from the corpus;
analyzing the combination mode with the highest occurrence frequency to generate a syntax tree;
and training the parameters of the grammar tree based on a password dictionary to obtain a trained false password generation model.
Further, to achieve the above object, the present invention also provides a computer-readable storage medium having stored thereon a password authentication method program, which is executable by one or more processors to implement the steps of the password authentication method as described above.
The password authentication method, the password authentication device and the computer readable storage medium provided by the invention can enable an attacker not to obtain real user data and send out warning in time, thereby avoiding or reducing the invasion of user privacy property.
Drawings
Fig. 1 is a flowchart illustrating a password authentication method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an internal structure of a password authentication apparatus according to an embodiment of the present invention;
fig. 3 is a block diagram illustrating a password authentication method procedure in the password authentication apparatus according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
The invention provides a password authentication method. Fig. 1 is a schematic flowchart of a password authentication method according to an embodiment of the present invention. The method may be performed by an apparatus, which may be implemented by software and/or hardware.
In this embodiment, the password authentication method includes:
and S10, acquiring the registration account number and the registration password of the user.
In this embodiment, when a user registers for the first time, a registration account and a registration password input by the user on a user interface are acquired. And the registered account and the registered password are used for identity authentication of a user in a subsequent login system.
And S11, generating a false password corresponding to the registration password by using the trained false password generation model.
In this embodiment, the training of the vacation generation model includes:
(1) and acquiring a corpus consisting of the revealed password.
In this embodiment, the large number of compromised passwords may grab compromised passwords from many databases.
(2) And processing the corpus to obtain a password dictionary.
In a specific implementation, the processing the corpus to obtain a password dictionary includes:
utilizing Hashmap to count words, numbers and special symbols with highest frequency of occurrence in the leaked passwords;
and classifying words, numbers and special symbols with the highest frequency of occurrence according to prefix and suffix of the leaked passwords and integrating the words, the numbers and the special symbols into a password dictionary.
Specifically, the method for calculating the word, the number and the special symbol with the highest frequency of occurrence in the revealed password by hashmap comprises the following steps: all words, numbers and special symbols are mapped one by one into a hash table. If a word, number and special symbol have appeared in the hash table, the operation of adding 1 to the frequency of appearance is performed. After the mapping is completed, a statistical information with the number of all words, numbers and special symbols in the revealed password file is obtained. And returning the words, the numbers and the special symbols with the maximum frequency times by traversing the hash table.
(3) And acquiring the combination mode with the highest occurrence frequency from the corpus.
In this embodiment, statistics of the combination frequency of the leaked passwords are distinguished according to differences of letters, numbers and special symbols ASCII codes in the leaked passwords. The ASCII codes of ten Arabic numerals from 0 to 9 are 48-57, the ASCII codes of 26 capital English letters are 65-90, the ASCII codes of 26 small capital English letters are 97-122, and the ASCII code value of the special symbol is other values different from letters and numbers. And counting the combination mode with the highest occurrence frequency in the leaked passwords by judging each character ASCII code of the leaked passwords with a certain word length in the password dictionary through the C language program.
(4) The combination method with the highest frequency of occurrence is analyzed to generate a syntax tree (PCFG).
In this embodiment, the leaked password also has certain composition rules, and the false passwords can be generated in batch after syntax analysis is performed on the leaked password. In a specific implementation, the syntax of the combination with the highest frequency of occurrence is parsed to generate a syntax tree. Because the combination mode with the highest occurrence frequency is generally the mode frequently used by an attacker, the grammar tree obtained by analyzing the combination mode with the highest occurrence frequency can generate a false password which is in accordance with the attempt of login of the attacker.
In a specific implementation, the highest-frequency combination mode is analyzed by adopting Context-Free Grammar (Context-Free Grammar) and probability distribution Context-Free Grammar (Probabilistic) to realize the highest-frequency combination mode.
(5) And training the parameters of the grammar tree based on a password dictionary to obtain a trained false password generation model.
In a specific implementation, after the fake password generation model is trained, the login password of the user is used as the input of the fake password generation model, so as to obtain the fake password corresponding to the login password. Wherein the fake password corresponding to the registration password may comprise a plurality of fake passwords.
And S12, storing the registration password of the user and the fake password corresponding to the registration password.
In this embodiment, the storing the login password of the user and the fake password corresponding to the login password includes:
establishing a plurality of fields in a data table of a database for storing the registered password of the user and the false password corresponding to the registered password, wherein the real password of each user in the database can be positioned in different fields.
Specifically, a hash table (hash table) is used as a data structure for storing the user's login password and several false passwords, and the values of the user's login password and several false passwords are mapped to a position in the hash table through a hash function to access the record. Different users 'true passwords are mapped by a hash function, and each user's true password may be in a different field.
The hash function enables a faster and more efficient access process to a data sequence, by which the data elements will be located faster.
And S13, when detecting that the registered account of the user is used for login, acquiring the current password of the current login.
In this embodiment, when it is detected that the login account of the user is input on the login interface, that is, the login account of the user is being used for login. And acquiring the current password of the current login from the login interface.
S14, comparing the current password with the user' S registration password and the fake password corresponding to the registration password.
In this embodiment, if the current password is the same as the login password of the user, it indicates that the current login is a normal login. And if the current password is the same as a false password corresponding to the login password of the user, determining that the current login is abnormal. I.e. it means that an attacker is trying to log on the user's account several times with different passwords during the current login.
And S15, if the current password is the same as the password corresponding to the login password, judging that the current login is abnormal, and sending warning information to a preset terminal.
In this embodiment, the sending of the warning information to the preset terminal includes one or more of the following combinations:
sending alarm information to terminal equipment of an administrator;
and sending abnormal information to the terminal equipment of the user.
Specifically, when an attacker logs in, the system immediately and automatically notifies an administrator and a user, and the administrator starts emergency response and tracing. The user is notified by sending an email or a short message to the user through a mailbox or a telephone number bound during user registration.
In a specific implementation, the method further comprises:
generating fake privacy data with the user;
and presenting false privacy data on the user interface after the current login is successful.
The generating false privacy data with the user comprises:
generating a random character, wherein the random character comprises a number and a character string;
and cross-obfuscating the real private data of the user with random characters, wherein the real private data of the user comprises data of a number type, data of a date type and data of a character string type.
Specifically, where false private data is generated based on the real private data of all users already in possession, random obfuscation and interleaving is performed on the basis of the real data, thereby producing a large amount of data that appears to be real but is actually all false. By dividing the real private data of the user into: the number, date and character string 3 types are respectively obfuscated.
The first confusion mode: the data confusion of the digital type is the simplest, a random function RAND () is used, if the data is an integer, the integer is obtained by multiplying the integer by a coefficient, and the generated random number can be added to the original data, so that the range of the data is kept in the same distribution of the original real data. For example, a Revenue field is the Revenue from the customer, the Revenue numbers of the parameters of the large customer and the small customer cannot be completely random, and the number within 10000 can be randomly increased on the basis of the original Revenue: revenue + RAND (). 10000.
Second confusion mode: the date type data confusion may be formed by adding or subtracting a random number of days on the basis of the original date or the current date, and the DATEADD () function and the RAND () function may be used. Such as the date within the last 100 days of generating the random: DATEADD ("day",0-RAND (). 100, GETDATE ()).
A third confusion approach: string-type data obfuscation is most complicated because strings have a very definite meaning, such as name fields, company name fields, etc., and if the characters are randomly generated, there will be no meaning. In this case, it is considered that the character string is divided into two parts and then cross-combined, and the true data is replaced by random cross-combination. For example, the original name is: liyuchun, Zeng rank and Liu Ji can be formed by cross combination: plum is a combination of Yunchun, Zeng Yuchun, and Liu rank.
The splitting of the name is divided into a first name and a second name, and the splitting of the company can be divided into the first 2 words and the following words. In the case of an english name or an english company name, the english character string may be divided into a first word and a following word according to the first space. And then storing the two generated fields into a temporary table, performing cross connection by using the two temporary tables to obtain all combinations of the two fields, then randomly selecting a certain number of data, and replacing the original data by using the selected random data.
According to the technical scheme, a piece of fake data is automatically generated, and when an attacker uses a fake password to log in, the system automatically presents the fake data generated by simulation to the attacker, so that the privacy of the user is prevented from being revealed.
In summary, the invention obtains the registration account and the registration password of the user; generating a false password corresponding to the registration password by using a trained false password generation model; storing a registration password of the user and a fake password corresponding to the registration password; when detecting that the registered account of the user is used for login, acquiring a current password of the current login; comparing the current password with the registration password of the user and the fake password corresponding to the registration password; and if the current password is the same as the password corresponding to the registered password, determining that the current login is abnormal, and sending warning information to the associated personnel. The invention can ensure that an attacker can not obtain real user data, and when the attacker uses the false password to log in, the manager and the user respond in time at the same time, thereby avoiding or reducing the invasion of the privacy property of the user.
The invention also provides a password authentication device. Fig. 2 is a schematic diagram of an internal structure of a password authentication method and apparatus according to an embodiment of the present invention.
In the present embodiment, the password authentication apparatus 1 may be a Personal Computer (PC), or may be a terminal device such as a smartphone, a tablet computer, or a mobile computer. The password authentication method apparatus 1 includes at least a memory 11, a processor 12, a communication bus 13, and a network interface 14.
The memory 11 includes at least one type of readable storage medium, which includes a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The memory 11 may in some embodiments be an internal storage unit of the password authentication method apparatus 1, for example a hard disk of the password authentication method apparatus 1. In other embodiments, the memory 11 may also be an external storage device of the password authentication method apparatus 1, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the password authentication method apparatus 1. Further, the memory 11 may also include both an internal storage unit of the password authentication method apparatus 1 and an external storage device. The memory 11 may be used not only to store application software installed in the password authentication method apparatus 1 and various types of data, such as a code of the password authentication method program 01, but also to temporarily store data that has been output or is to be output.
The processor 12, which in some embodiments may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data Processing chip, is used for executing program codes or Processing data stored in the memory 11, such as executing the password authentication method program 01.
The communication bus 13 is used to realize connection communication between these components.
The network interface 14 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), typically used to establish a communication link between the apparatus 1 and other electronic devices.
Optionally, the apparatus 1 may further comprise a user interface, which may comprise a Display (Display), an input unit such as a Keyboard (Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an Organic Light-Emitting Diode (OLED) touch screen, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the password authentication method apparatus 1 and for displaying a visual user interface.
Fig. 2 shows only the password authentication apparatus 1 having the components 11 to 14 and the password authentication program 01, and it will be understood by those skilled in the art that the structure shown in fig. 1 does not constitute a limitation of the password authentication method apparatus 1, and may include fewer or more components than those shown, or combine some components, or a different arrangement of components.
In the embodiment of the device 1 shown in fig. 2, a password authentication program 01 is stored in the memory 11; the processor 12 implements the following steps when executing the password authentication program 01 stored in the memory 11:
and acquiring a registration account number and a registration password of the user.
In this embodiment, when a user registers for the first time, a registration account and a registration password input by the user on a user interface are acquired. And the registered account and the registered password are used for identity authentication of a subsequent login system of the user.
And generating a false password corresponding to the registration password by using the trained false password generation model.
In this embodiment, the training of the vacation generation model includes:
(1) and acquiring a corpus consisting of the revealed password.
In this embodiment, the large number of compromised passwords may grab compromised passwords from many databases.
(2) And processing the corpus to obtain a password dictionary.
In a specific implementation, the processing the corpus to obtain the password dictionary includes:
utilizing Hashmap to count words, numbers and special symbols with highest frequency of occurrence in the leaked passwords;
and classifying words, numbers and special symbols with the highest frequency of occurrence according to the prefix and the suffix of the revealed password and integrating the words, the numbers and the special symbols into a password dictionary.
Specifically, the method for calculating the word, the number and the special symbol with the highest frequency of occurrence in the revealed password by hashmap comprises the following steps: all words, numbers and special symbols are mapped into a hash table one by one. If a word, number and special symbol have appeared in the hash table, the operation of adding 1 to the frequency of appearance is performed. After the mapping is completed, a statistical information with the number of all words, numbers and special symbols in the revealed password file is obtained. By traversing the hash table, the words, numbers and special symbols with the largest frequency number are returned.
(3) And acquiring the combination mode with the highest occurrence frequency from the corpus.
In this embodiment, statistics of the combination frequency of the leaked passwords are distinguished according to differences of letters, numbers and special symbols ASCII codes in the leaked passwords. The ASCII codes of ten Arabic numerals from 0 to 9 are 48-57, the ASCII codes of 26 capital English letters are 65-90, the ASCII codes of 26 small capital English letters are 97-122, and the ASCII code value of the special symbol is other values different from letters and numbers. And counting the combination mode with the highest occurrence frequency in the leaked passwords by judging each character ASCII code of the leaked passwords with a certain word length in the password dictionary through the C language program.
(4) The combination method with the highest frequency of occurrence is analyzed to generate a syntax tree (PCFG).
In this embodiment, the leaked passwords also have certain composition rules, and the false passwords can be generated in batch after syntax analysis is performed on the leaked passwords. In a specific implementation, the syntax of the combination with the highest frequency of occurrence is parsed to generate a syntax tree. Because the combination mode with the highest occurrence frequency is generally the mode frequently used by an attacker, the grammar tree obtained by analyzing the combination mode with the highest occurrence frequency can generate a false password which is in accordance with the attempt of login of the attacker.
In a specific implementation, the highest-frequency combination mode is analyzed by adopting Context-Free Grammar (Context-Free Grammar) and probability distribution Context-Free Grammar (Probabilistic) to realize the highest-frequency combination mode.
(5) And training the parameters of the grammar tree based on a password dictionary to obtain a trained false password generation model.
In a specific implementation, after the fake password generation model is trained, the login password of the user is used as the input of the fake password generation model, so as to obtain the fake password corresponding to the login password. Wherein the fake password corresponding to the registration password may comprise a plurality of fake passwords.
And storing the registration password of the user and the fake password corresponding to the registration password.
In this embodiment, the storing the login password of the user and the fake password corresponding to the login password includes:
establishing a plurality of fields in a data table of a database for storing the registration passwords of the users and the false passwords corresponding to the registration passwords, wherein the real password of each user in the database can be located in different fields.
Specifically, a hash table (hash table) is used to store the user's login password and several false passwords, and the values of the user's login password and several false passwords are mapped to a position in the hash table through a hash function to access the record. Different users 'true passwords are mapped by a hash function, and each user's true password may be in a different field.
The hash function enables a more rapid and efficient access process to a data sequence, by which the data elements are located more quickly.
And when detecting that the registered account of the user is being used for login, acquiring a current password of the current login.
In this embodiment, when it is detected that the login account of the user is input on the login interface, that is, the login account of the user is being used for login. And acquiring the current password of the current login from the login interface.
And comparing the current password with the registration password of the user and the fake password corresponding to the registration password.
In this embodiment, if the current password is the same as the login password of the user, it indicates that the current login is a normal login. And if the current password is the same as the password corresponding to the registration password of the user, determining that the current login is abnormal. I.e. indicating that an attacker is trying to log on to the user's account several times during the current login.
If the current password is the same as the password corresponding to the registered password, judging that the current login is abnormal, and sending warning information to a preset terminal.
In this embodiment, the sending of the warning information to the preset terminal includes one or more of the following combinations:
sending alarm information to terminal equipment of an administrator;
and sending abnormal information to the terminal equipment of the user.
Specifically, when an attacker logs in, the system immediately and automatically informs an administrator and a user, and the administrator starts emergency response and tracing. The user is notified by sending an email or a short message to the user through a mailbox or a telephone number bound during user registration.
In a specific implementation, the method further comprises:
generating fake privacy data with the user;
and presenting the false privacy data on the user interface after the current login is successful.
The generating false privacy data with the user comprises:
generating a random character, wherein the random character comprises a number and a character string;
and cross-obfuscating the real private data of the user with random characters, wherein the real private data of the user comprises data of a number type, data of a date type and data of a character string type.
Specifically, where the generation of false privacy data is based on the real privacy data of all users already in possession, random obfuscation and interleaving is performed on the basis of the real data, thereby producing a large amount of data that appears to be real but is all false in nature. By dividing the real private data of the user into: the number, date and character string 3 types are respectively obfuscated.
The first obfuscation approach: the data confusion of the digital type is the simplest, only a random function RAND () is used, if the data is an integer, the integer can be obtained by multiplying a coefficient, and the generated random number can also be added to the original data, so that the range of the data is kept in the same distribution of the original real data. For example, a Revenue field is the Revenue from the customer, the Revenue numbers of the parameters of the large customer and the small customer cannot be completely random, and the number within 10000 can be randomly increased on the basis of the original Revenue: revenue + RAND () 10000.
Second confusion mode: the date type data confusion may be formed by adding or subtracting a random number of days on the basis of the original date or the current date, and the DATEADD () function and the RAND () function may be used. Such as the date within the last 100 days of generating the random: DATEADD ("day",0-RAND (). 100, GETDATE ()).
The third confusion approach: string-type data obfuscation is most complicated because strings have a very definite meaning, such as name fields, company name fields, etc., and if the characters are randomly generated, there will be no meaning. In this case, it is conceivable to split the character string into two parts and then perform cross-combination, and replace the true data with random cross-combination. For example, the original name is: liyuchun, once anecdotal, Liu Ji, can be formed through cross combination: plum is a combination of Yunchun, Zeng Yuchun, and Liu rank.
The splitting of the name is divided into a first name and a second name, and the splitting of the company can be divided into the first 2 words and the following words. In the case of an english name or an english company name, the english character string may be divided into a first word and a subsequent word according to the first space. And then storing the two generated fields into a temporary table, performing cross connection by using the two temporary tables to obtain all combinations of the two fields, then randomly selecting a certain number of data, and replacing the original data by using the selected random data.
According to the technical scheme, a piece of fake data is automatically generated, and when an attacker logs in by using a fake password, the system automatically presents the fake data generated by simulation to the attacker, so that the privacy of a user is prevented from being revealed.
In summary, the invention obtains the registration account and the registration password of the user; generating a false password corresponding to the registration password by using a trained false password generation model; storing a registration password of the user and a fake password corresponding to the registration password; when detecting that the registered account of the user is used for login, acquiring a current password for current login; comparing the current password with the login password of the user and the fake password corresponding to the login password; if the current password is the same as the password corresponding to the registered password, determining that the current login is abnormal, and sending warning information to the associated personnel. The invention can ensure that an attacker can not obtain real user data, and when the attacker uses the false password to log in, the manager and the user respond in time at the same time, thereby avoiding or reducing the invasion of the privacy property of the user.
Alternatively, in other embodiments, the password authentication program 01 may be further divided into one or more modules, and the one or more modules are stored in the memory 11 and executed by one or more processors (in this embodiment, the processor 12) to implement the present invention, where the modules referred to in the present invention refer to a series of computer program instruction segments capable of performing specific functions to describe the execution process of the password authentication method program 01 in the password authentication apparatus 1.
For example, referring to fig. 3, which is a schematic diagram of program modules of the password authentication program 01 of the present invention, in this embodiment, the password authentication program 01 may be divided into an obtaining module 10, a generating module 20, a storing module 30, a comparing module 40, and an alerting module 50, which exemplarily:
the obtaining module 10 obtains a registration account and a registration password of a user;
the generating module 20 generates a fake password corresponding to the registration password by using the trained fake password generating model;
the storage module 30 stores the login password of the user and the fake password corresponding to the login password;
the obtaining module 10 obtains a current password of a current login when detecting that a registered account of the user is being used for login;
the comparison module 40 compares the current password with the registration password of the user and the fake password corresponding to the registration password;
if the current password is the same as the password corresponding to the registered password, the warning module 50 determines that the current login is abnormal and sends warning information to the associated person.
The functions or operation steps of the above-mentioned obtaining module 10, generating module 20, storing module 30, comparing module 40 and warning module 50 when executed are substantially the same as those of the above-mentioned embodiments, and are not described herein again.
Furthermore, an embodiment of the present invention also provides a computer-readable storage medium, on which a password authentication program is stored, where the password authentication program is executable by one or more processors to implement the following operations:
acquiring a registration account and a registration password of a user;
generating a false password corresponding to the registration password by using a trained false password generation model;
storing a registration password of the user and a fake password corresponding to the registration password;
when detecting that the registered account of the user is used for login, acquiring a current password for current login;
comparing the current password with the registration password of the user and the fake password corresponding to the registration password;
and if the current password is the same as the password corresponding to the registered password, judging that the current login is abnormal, and sending warning information to a preset terminal.
The specific implementation of the computer-readable storage medium of the present invention is substantially the same as the embodiments of the password authentication method, apparatus and method, and will not be described herein again.
It should be noted that, the above numbers of the embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments. And the terms "comprises," "comprising," or any other variation thereof, herein are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that includes the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, and all equivalent structures or equivalent processes performed by the present invention or directly or indirectly applied to other related technical fields are also included in the scope of the present invention.
Claims (8)
1. A method of password authentication, the method comprising:
acquiring a registration account and a registration password of a user;
generating a fake password corresponding to the registration password by using a trained fake password generation model, wherein the training process of the fake password generation model comprises the following steps: obtaining a corpus consisting of revealed passwords; processing the corpus to obtain a password dictionary; acquiring a combination mode with the highest frequency of occurrence from the corpus, and distinguishing the statistics of the combination mode frequency of the revealed password according to the difference of letters, numbers and special symbols ASCII codes in the revealed password; analyzing the combination mode with the highest occurrence frequency to generate a syntax tree; training the parameters of the grammar tree based on a password dictionary to obtain a trained false password generation model;
storing a registration password of the user and a fake password corresponding to the registration password;
when detecting that the registered account of the user is used for login, acquiring a current password for login;
comparing the current password with the registration password of the user and the fake password corresponding to the registration password;
and if the current password is the same as the password corresponding to the registered password, judging that the current login is abnormal, and sending warning information to a preset terminal.
2. The password authentication method of claim 1, wherein the processing the corpus to obtain a password dictionary comprises:
counting words, numbers and special symbols with the highest frequency of occurrence in the revealed passwords by utilizing Hash mapping;
and classifying words, numbers and special symbols with the highest frequency of occurrence according to prefix and suffix of the leaked passwords and integrating the words, the numbers and the special symbols into a password dictionary.
3. The password authentication method of claim 1, wherein the storing the login password of the user and the fake password corresponding to the login password comprises:
establishing a plurality of fields in a data table of a database for storing the registration passwords of the users and the false passwords corresponding to the registration passwords, wherein the real password of each user in the database is located in different fields.
4. The password authentication method of claim 1, wherein the sending of the warning message to the predetermined terminal comprises one or more of the following:
sending alarm information to terminal equipment of an administrator;
and sending the abnormal information to the terminal equipment of the user.
5. The password authentication method of claim 1, wherein said method further comprises:
generating fake privacy data for the user;
and presenting false privacy data on the user interface after the current login is successful.
6. The password authentication method of claim 5, wherein the generating false privacy data with the user comprises:
generating a random character, wherein the random character comprises a number and a character string;
and cross-obfuscating the real private data of the user with a random character, wherein the real private data of the user includes data of a number type, data of a date type, and data of a character string type.
7. A password authentication method apparatus, comprising a memory and a processor, wherein the memory stores a password authentication method program operable on the processor, and the password authentication method program, when executed by the processor, implements the steps of:
acquiring a registration account and a registration password of a user;
generating a fake password corresponding to the registration password by using a trained fake password generation model, wherein the training process of the fake password generation model comprises the following steps: obtaining a corpus consisting of revealed passwords; processing the corpus to obtain a password dictionary; acquiring a combination mode with the highest frequency of occurrence from the corpus, and distinguishing the statistics of the combination mode frequency of the revealed password according to the difference of letters, numbers and special symbols ASCII codes in the revealed password; analyzing the combination mode with the highest occurrence frequency to generate a syntax tree; training the parameters of the grammar tree based on a password dictionary to obtain a trained false password generation model;
storing a registration password of the user and a fake password corresponding to the registration password;
when detecting that the registered account of the user is used for login, acquiring a current password for login;
comparing the current password with the login password of the user and the fake password corresponding to the login password;
and if the current password is the same as the password corresponding to the registered password, judging that the current login is abnormal, and sending warning information to a preset terminal.
8. A computer-readable storage medium, having stored thereon a password authentication method program executable by one or more processors to implement the password authentication method as claimed in any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910008849.6A CN109560937B (en) | 2019-01-04 | 2019-01-04 | Password authentication method, device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910008849.6A CN109560937B (en) | 2019-01-04 | 2019-01-04 | Password authentication method, device and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109560937A CN109560937A (en) | 2019-04-02 |
| CN109560937B true CN109560937B (en) | 2022-09-27 |
Family
ID=65872482
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910008849.6A Active CN109560937B (en) | 2019-01-04 | 2019-01-04 | Password authentication method, device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109560937B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110766841A (en) * | 2019-06-12 | 2020-02-07 | 天津新泰基业电子股份有限公司 | User registration and verification method and device |
| CN113032765A (en) * | 2021-04-29 | 2021-06-25 | 中国工商银行股份有限公司 | Password authentication method, device and equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1442782A (en) * | 2002-03-05 | 2003-09-17 | 三星电子株式会社 | User confirmation method using word of command |
| CN103455737A (en) * | 2012-05-28 | 2013-12-18 | 百度在线网络技术(北京)有限公司 | User information protection method and device |
| CN107977559A (en) * | 2017-11-22 | 2018-05-01 | 杨晓艳 | A kind of identity identifying method, device, equipment and computer-readable recording medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9264423B2 (en) * | 2014-06-12 | 2016-02-16 | Nadapass, Inc. | Password-less authentication system and method |
-
2019
- 2019-01-04 CN CN201910008849.6A patent/CN109560937B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1442782A (en) * | 2002-03-05 | 2003-09-17 | 三星电子株式会社 | User confirmation method using word of command |
| CN103455737A (en) * | 2012-05-28 | 2013-12-18 | 百度在线网络技术(北京)有限公司 | User information protection method and device |
| CN107977559A (en) * | 2017-11-22 | 2018-05-01 | 杨晓艳 | A kind of identity identifying method, device, equipment and computer-readable recording medium |
Non-Patent Citations (1)
| Title |
|---|
| PassGAN: A Deep Learning Approach for Password Guessing;Briland Hitaj;《https://arxiv.org/abs/1709.00440v2》;20180309;1-13 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109560937A (en) | 2019-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11399021B2 (en) | Filtering passwords based on a plurality of criteria | |
| US11470029B2 (en) | Analysis and reporting of suspicious email | |
| Shay et al. | Designing password policies for strength and usability | |
| US20200279050A1 (en) | Generating and monitoring fictitious data entries to detect breaches | |
| US9680836B2 (en) | Generation of a visually obfuscated representation of an alphanumeric message that indicates availability of a proposed identifier | |
| US20170134407A1 (en) | Identifying Attack Patterns in Requests Received by Web Applications | |
| US11461458B2 (en) | Measuring data-breach propensity | |
| US11558409B2 (en) | Detecting use of passwords that appear in a repository of breached credentials | |
| US11386224B2 (en) | Method and system for managing personal digital identifiers of a user in a plurality of data elements | |
| CN110602052A (en) | Micro-service processing method and server | |
| CN110177114B (en) | Network security threat indicator identification method, equipment, device and computer readable storage medium | |
| CN105391674B (en) | Information processing method and system, server and client | |
| US9984228B2 (en) | Password re-usage identification based on input method editor analysis | |
| CN109560937B (en) | Password authentication method, device and computer readable storage medium | |
| WO2015131510A1 (en) | Input resource pushing method and system, computer storage medium and device | |
| CN112417443A (en) | Database protection method and device, firewall and computer readable storage medium | |
| Hu | On password strength: a survey and analysis | |
| EP3465455B1 (en) | Computer-implemented methods and systems for ldentifying visually similar text character strings | |
| US20170169211A1 (en) | One kind of website passwords generating method and apparatus | |
| Blakemore et al. | Fingerprinting for web applications: From devices to related groups | |
| US20230107191A1 (en) | Data obfuscation platform for improving data security of preprocessing analysis by third parties | |
| US20220269774A1 (en) | Methods, media, and systems for screening malicious content from a web browser | |
| KR20190040046A (en) | Information collection system, information collection method and recording medium | |
| US20170032484A1 (en) | Systems, devices, and methods for detecting firearm straw purchases | |
| KR101998472B1 (en) | User terminal, method for managing personal data, and computer readable recording medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |