CN112311794A - Bidirectional identity authentication method based on MFA algorithm - Google Patents

Bidirectional identity authentication method based on MFA algorithm Download PDF

Info

Publication number
CN112311794A
CN112311794A CN202011188627.6A CN202011188627A CN112311794A CN 112311794 A CN112311794 A CN 112311794A CN 202011188627 A CN202011188627 A CN 202011188627A CN 112311794 A CN112311794 A CN 112311794A
Authority
CN
China
Prior art keywords
user
face
authentication server
authentication
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011188627.6A
Other languages
Chinese (zh)
Inventor
张正雅
张宝玉
蒋绪升
郑茂
张新岩
史兴辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Wanwei Information Technology Co Ltd
Original Assignee
China Telecom Wanwei Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Wanwei Information Technology Co Ltd filed Critical China Telecom Wanwei Information Technology Co Ltd
Priority to CN202011188627.6A priority Critical patent/CN112311794A/en
Publication of CN112311794A publication Critical patent/CN112311794A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention relates to the technical field of information technology, in particular to a bidirectional identity authentication method based on an MFA algorithm; the user completes the identity authentication of the authentication server A and stores the one-time password P of the ith login of the useriA 1 is to PiF operation is performed again to obtain P' primei‑1I.e. Pi‑1=F(Pi) P' to Pi‑1And Pi‑1Making comparison, if P ″', thei‑1=Pi‑1And then, carrying out the next step; p' isi‑1≠Pi‑1Considering that a small number of attacks are in risk, and limiting login; the authentication server A receives the encrypted information M and carries out integrity verification; verifying that no tampering exists, and then operating P ″', whereini=Fn‑i(W + S), decryption Key P ″, andidecrypting M to obtain a face characteristic value T; if the verification comparison rate exceeds a preset threshold value, verifying compliance of the pair C; the invention fully utilizes the simple use, higher security and uniqueness of face identification of the one-time password, realizes the security of network transmission by utilizing an encryption system, and further successfully preventsAnd (4) attack behaviors such as impersonation, tampering and replay in identity authentication.

Description

Bidirectional identity authentication method based on MFA algorithm
Technical Field
The invention relates to the technical field of information technology, in particular to a bidirectional identity authentication method based on an MFA algorithm.
Background
Under the extremely rapid advance of informatization and networking, all the fields of society need information systems to support business, the dependence of society, enterprises and individuals on the information systems is higher and higher, and the relevance of the society, enterprises and individuals to daily work and life is tighter and tighter. The information system is developed at a high speed, so that the system security problem is more and more prominent. Identity authentication is the first line of defense of information systems and plays a crucial role in information system security. In the research and practice process of the prior art, most information systems in the prior art adopt an identity authentication mechanism mode of 'account + static password', and are likely to be attacked by bypassing security protection devices such as a firewall and intrusion detection. Because the single-factor identity authentication method has fixity, staticity and long-term use, the single-factor identity authentication method is easy to be attacked in various forms such as replay and exhaustion, and once the password is leaked, the personal identity is impersonated.
Disclosure of Invention
The invention aims to provide a bidirectional identity authentication method based on an MFA algorithm, provides a bidirectional identity authentication method combining face recognition and a dynamic password, and can solve the technical problem that single-factor identity authentication is easy to attack and impersonate.
In order to solve the technical problem, the invention discloses a bidirectional identity authentication method based on an MFA algorithm, which comprises the following steps:
s1, user registration:
s1.1, registering a user dynamic password: the user sets a secret communication phrase W, the authentication server A generates a seed value S for the user, the user sets the maximum element number N of the one-time password sequence, and the maximum element number N and the seed value S are transmitted to the authentication through a secure channelA server; the authentication server A calculates to obtain a one-time password P0In which P is0=Fn(W+S);
S1.2, registering the face of the user: acquiring a user face through a camera and extracting an initial face characteristic value T ' of the user, transmitting the initial face characteristic value T ' to an authentication server A through a safety channel, storing the initial face characteristic value T ' into a face data feature library of the authentication server A, wherein the registration information of the user in the face data feature library comprises: user ID, user secret communication phrase W, user N, user seed value S, user one-time password P0And an initial face feature value T' of the user;
s2, the ith user authentication:
s2.1: a user initiates an application to an authentication server by using an identity mark ID;
s2.2: the authentication server A responds to the application of step S2.1, and the authentication server A encrypts S + N-i + P through H (W)i-1To obtain EH(W)(seed+N-i+Pi-1) A 1 is mixing EH(W)(seed+N-i+Pi-1) And the hash value hash is transmitted to the user;
s2.3: the user receives the challenge information and verifies the integrity of the data at the same time, if the data is not tampered, the S, N-i, P can be obtained by decryptioni-1And calculates the one-time password P of the ith login of the useriIn which P isi=Fn-i(W+S);
S2.4: the user completes the identity authentication of the authentication server A and stores the one-time password P of the ith login of the useriA 1 is to PiF operation is performed again to obtain P' primei-1I.e. Pi-1=F(Pi) P' to Pi-1And Pi-1The comparison is carried out, and the comparison is carried out,
s2.4.1 if P ″i-1=Pi-1And then, carrying out the next step;
s2.4.2 if P ″i-1≠Pi-1Considering that a small number of attacks are in risk, and limiting login;
s2.5: collecting the face of a user through a camera and extracting the face characteristic value T of the user to obtain PiAsymmetric encryption is performed on T for the secret key, and simultaneously, the encrypted information is obtainedM and its hash value hash are passed to the authentication server A, i.e. the encryption information M = Epi(T);
S2.6: the authentication server A receives the encrypted information M and carries out integrity verification;
s2.6.1: if S2.6 verifies that no tampering exists, P' is operatedi=Fn-i(W + S), decryption Key P ″, andidecrypting M to obtain a face characteristic value T;
s2.6.2 if S2.6 verifies that the comparison rate exceeds a predetermined threshold, then verifying compliance for C;
s2.7 authentication Server A changes the stored data, decrements the sequence number by 1, and changes the authentication password to PiPreparing for the next successful login; once the sequence number is decremented to 0, initialization must be done.
Further, in step S1.2, an initial face feature value T' is obtained by using a boundary Fisher Analysis local Fisher Analysis algorithm, abbreviated as MFA algorithm, the MFA algorithm draws near samples of close neighbors in similar face sample data, and the MFA algorithm pushes away samples of close neighbors among heterogeneous face sample data.
The invention has the beneficial effects that: the method comprises the following steps of S1, registering a user; s1.1, registering a user dynamic password; s1.2, registering the face of a user; s2, authenticating the ith user; a user initiates an application to an authentication server by using an identity mark ID; the authentication server A responds to the application of step S2.1, and the authentication server A encrypts S + N-i + P through H (W)i-1To obtain EH(W)(seed+N-i+Pi-1) A 1 is mixing EH(W)(seed+N-i+Pi-1) And the hash value hash is transmitted to the user; the user receives the challenge information and verifies the integrity of the data at the same time, if the data is not tampered, the S, N-i, P can be obtained by decryptioni-1And calculates the one-time password P of the ith login of the useriIn which P isi=Fn-i(W + S); the user completes the identity authentication of the authentication server A and stores the one-time password P of the ith login of the useriA 1 is to PiF operation is performed again to obtain P' primei-1I.e. Pi-1=F(Pi) P' to Pi-1And Pi-1Making comparison, if P ″', thei-1=Pi-1And then, carrying out the next step; p' isi-1≠Pi-1Considering that a small number of attacks are in risk, and limiting login; collecting the face of a user through a camera and extracting the face characteristic value T of the user to obtain PiAsymmetric encryption is carried out on T for the key, and the encryption information M and the hash value hash thereof are transmitted to the authentication server A, namely the encryption information M = Epi(T); the authentication server A receives the encrypted information M and carries out integrity verification; if the verification shows that the P 'is not tampered, P' is operatedi=Fn-i(W + S), decryption Key P ″, andidecrypting M to obtain a face characteristic value T; if the verification comparison rate exceeds a preset threshold value, verifying compliance of the pair C; the invention takes the authentication server as a bastion machine and encrypts and stores the most valuable face characteristic value and the secret pass phrase. By the method, the use of the disposable password is simple, the safety and the uniqueness of face recognition are high, the safety of network transmission is realized by utilizing an encryption system, and further the occurrence of attack behaviors such as impersonation, tampering, replay and the like in identity authentication is successfully prevented.
Drawings
FIG. 1 is a flow chart of face recognition according to the present invention;
FIG. 2 is a schematic diagram of the MFA algorithm of the present invention;
FIG. 3 is a flow chart of user registration according to the present invention;
FIG. 4 is a flowchart illustrating user authentication according to the present invention.
Detailed Description
The invention discloses a bidirectional identity authentication method based on an MFA algorithm, which comprises the following steps:
s1, user registration:
s1.1, registering a user dynamic password: the user sets a secret communication phrase W, the authentication server A generates a seed value S for the user, the user sets the maximum element number N of the one-time password sequence, and the maximum element number N and the seed value S are transmitted to the authentication server through a secure channel; the authentication server A calculates to obtain a one-time password P0In which P is0=Fn(W+S);
S1.2, registering the face of the user: collecting user face through camera and extracting initial face of userThe characteristic value T ' and the initial face characteristic value T ' are transmitted to the authentication server A through a security channel, the initial face characteristic value T ' is stored in a face data characteristic library of the authentication server A, and the registration information of users in the face data characteristic library comprises: user ID, user secret communication phrase W, user N, user seed value S, user one-time password P0And an initial face feature value T' of the user;
s2, the ith user authentication:
s2.1: a user initiates an application to an authentication server by using an identity mark ID;
s2.2: the authentication server A responds to the application of step S2.1, and the authentication server A encrypts S + N-i + P through H (W)i-1To obtain EH(W)(seed+N-i+Pi-1) A 1 is mixing EH(W)(seed+N-i+Pi-1) And the hash value hash is transmitted to the user;
s2.3: the user receives the challenge information and verifies the integrity of the data at the same time, if the data is not tampered, the S, N-i, P can be obtained by decryptioni-1And calculates the one-time password P of the ith login of the useriIn which P isi=Fn-i(W+S);
S2.4: the user completes the identity authentication of the authentication server A and stores the one-time password P of the ith login of the useriA 1 is to PiF operation is performed again to obtain P' primei-1I.e. Pi-1=F(Pi) P' to Pi-1And Pi-1The comparison is carried out, and the comparison is carried out,
s2.4.1 if P ″i-1=Pi-1And then, carrying out the next step;
s2.4.2 if P ″i-1≠Pi-1Considering that a small number of attacks are in risk, and limiting login;
s2.5: collecting the face of a user through a camera and extracting the face characteristic value T of the user to obtain PiAsymmetric encryption is carried out on T for the key, and the encryption information M and the hash value hash thereof are transmitted to the authentication server A, namely the encryption information M = Epi(T);
S2.6: the authentication server A receives the encrypted information M and carries out integrity verification;
S2.6.1:if S2.6 verifies that no tampering exists, P' is operatedi=Fn-i(W + S), decryption Key P ″, andidecrypting M to obtain a face characteristic value T;
s2.6.2 if S2.6 verifies that the comparison rate exceeds a predetermined threshold, then verifying compliance for C;
s2.7 authentication Server A changes the stored data, decrements the sequence number by 1, and changes the authentication password to PiPreparing for the next successful login; once the sequence number is decremented to 0, initialization must be done.
Further, in step S1.2, an initial face feature value T' is obtained by using a boundary Fisher Analysis local Fisher Analysis algorithm, abbreviated as MFA algorithm, the MFA algorithm draws near samples of close neighbors in similar face sample data, and the MFA algorithm pushes away samples of close neighbors among heterogeneous face sample data.
As shown in fig. 1, in the face recognition, identity identification information contained in a face image to be recognized is extracted from the face image acquired by an acquisition device, and the face image is compared with an image in a built face database by using a classification algorithm to determine the identity of a person to be recognized. The whole process of the face recognition system is shown in the figure, and the face recognition system is composed of face image preprocessing, face detection, face feature positioning and normalization, face image feature extraction and face image classification design. Among them, the key to the decision recognition is the effective discriminativity of the feature extraction data.
A boundary Fisher Analysis Marinal Fisher Analysis algorithm, MFA algorithm for short, is a supervised and nonlinear feature extraction algorithm, and the discrimination criterion is to draw up samples close to each other in similar face sample data and push away samples close to each other in different face sample data. The MFA algorithm sets an intra-class divergence matrix to describe the degree of centralized distribution of the same class of image data points and an inter-class divergence matrix to describe the degree of discrete distribution of heterogeneous image data points, aiming at constructing an intrinsic graph and a penalty graph as shown in fig. 2.
As shown in fig. 3, ID is an identity of user C, a is an authentication server (authentication server); w is a user secret pass phrase; n is an initial sequence number; s is the seed value; t isIs face feature data; piIs the one-time password of the ith login of the user; f (x) is a one-way hash function; fi(x) Calculating x for i times by using a hash function; ekAnd (m) carrying out encryption calculation on the data m by using the key k. According to the advantages of the face recognition system and the S/Key system, the S/Key system has potential decimal attack risk, so the client side needs to perform identity authentication on the authentication server by using the idea of bidirectional identity authentication, the S/Key system further improves the safety of the one-time password system, and the two-way authentication of the one-way hash function is used for following the P which is successfully logged in at the previous time by the random number (S and N-i)iAnd verifying the identity of the authentication server. The user registration process is as follows:
1) and registering the dynamic password. The user sets and remembers a secret communication phrase W, and the authentication server generates a seed value S for each user; the user sets the maximum element number N of the one-time password sequence; the input N and S are transmitted to an authentication server through a secure channel; the authentication server calculates to obtain a one-time password: p0=Fn(W+S)。
2) And (5) registering the human face. And C, extracting a face characteristic value T ' of the user by adopting a camera and other acquisition devices, transmitting the face characteristic value T ' to A through a safety channel, and storing the face characteristic value T ' in a face data characteristic library of A. The registration information of the user C in the face data feature library comprises ID, W, N, S and P0And T'.
Referring to fig. 4, the ith user authentication process is as follows:
1) c → A, C initiates an authentication application ID to A;
2) a → C: a, responding to the application, encrypting S + N-i + P through H (W)i-1To obtain EH(W)(seed+N-i+Pi-1) A 1 is mixing EH(W)(seed+N-i+Pi-1) And the hash value hash is passed to C.
3) And C, receiving the challenge information and verifying the integrity of the data. If there is no tampering, decryption yields S, N-i, Pi-1And operation Pi=Fn-i(W+S)。
4) And C, completing the identity authentication of A. Store PiSimultaneously adding PiF operation is performed again to obtain P´i-1I.e. Pi-1=F(Pi). Pair Pi-1And Pi-1Comparing, if equal, turning to (5); otherwise, the risk of decimal attack is considered, and login is limited.
5) C → A: c, collecting face information of the user by using an image collector such as a camera and the like, further extracting face characteristic data T, and using P to obtainiEncrypting T for the key, and simultaneously transmitting the encrypted information M and its hash value hash to A, i.e. M = Epi(T)。
6) A, integrity verification is carried out after M is received, and if the M is not tampered, P' is operatedi=Fn-i(W + S), decryption Key P ″, andidecrypting the M to obtain a face feature vector T; and further comparing the human face feature vector T 'with the human face feature vector T' stored in the human face feature database. If the alignment rate exceeds a predetermined threshold, then the compliance is verified for C.
7) Changing the data stored in A, decrementing the serial number by 1, and changing the authentication password to PiPrepare for the next successful login. Once the sequence number is decremented to 0, initialization must be done.
After the system is deployed, secret pass phrases of the users are not transmitted on the network in the system. Identity authentication data such as a one-time password, a seed value, a serial number, face feature data and the like which are communicated between two parties are transmitted after being encrypted, and the occurrence of eavesdropping can be avoided to the maximum extent. And completing the bidirectional identity authentication between the authentication server and the client. If P isiAnd F (P)i) If the values are different, the identity authentication is finished, so that a hacker is difficult to make decimal attack. The authentication server and the client both adopt the hash value to verify the integrity of the data and prevent the information from being tampered. The one-time password for each login is encrypted and then transmitted, so that the face information is ensured not to be leaked, and the face information is encrypted by using different one-time passwords each time, so that a hacker has a difficult chance of replay attack.
The system takes the authentication server as a bastion machine and encrypts and stores the most valuable face characteristic value and the secret pass phrase. By the method, the use of the disposable password is simple, the safety and the uniqueness of face recognition are high, the safety of network transmission is realized by utilizing an encryption system, and further the occurrence of attack behaviors such as impersonation, tampering, replay and the like in identity authentication is successfully prevented.

Claims (3)

1. A bidirectional identity authentication method based on MFA algorithm is characterized in that: the method comprises the following steps:
s1, user registration:
s1.1, registering a user dynamic password: the user sets a secret communication phrase W, the authentication server A generates a seed value S for the user, the user sets the maximum element number N of the one-time password sequence, and the maximum element number N and the seed value S are transmitted to the authentication server through a secure channel; the authentication server A calculates to obtain a one-time password P0In which P is0=Fn(W+S);
S1.2, registering the face of the user: acquiring a user face through a camera and extracting an initial face characteristic value T ' of the user, transmitting the initial face characteristic value T ' to an authentication server A through a safety channel, storing the initial face characteristic value T ' into a face data feature library of the authentication server A, wherein the registration information of the user in the face data feature library comprises: user ID, user secret communication phrase W, user N, user seed value S, user one-time password P0And an initial face feature value T' of the user;
s2, the ith user authentication:
s2.1: a user initiates an application to an authentication server by using an identity mark ID;
s2.2: the authentication server A responds to the application of step S2.1, and the authentication server A encrypts S + N-i + P through H (W)i-1To obtain EH(W)(seed+N-i+Pi-1) A 1 is mixing EH(W)(seed+N-i+Pi-1) And the hash value hash is transmitted to the user;
s2.3: the user receives the challenge information and verifies the integrity of the data at the same time, if the data is not tampered, the S, N-i, P can be obtained by decryptioni-1And calculates the one-time password P of the ith login of the useriIn which P isi=Fn-i(W+S);
S2.4: the user completes the identity authentication of the authentication server A and stores the one-time password P of the ith login of the useriA 1 is to PiF operation is performed again to obtain P' primei-1I.e. Pi-1=F(Pi) P' to Pi-1And Pi-1Comparing;
s2.4.1 if P ″i-1=Pi-1And then, carrying out the next step;
s2.4.2 if P ″i-1≠Pi-1Considering that a small number of attacks are in risk, and limiting login;
s2.5: collecting the face of a user through a camera and extracting the face characteristic value T of the user to obtain PiAsymmetric encryption is carried out on T for the key, and the encryption information M and the hash value hash thereof are transmitted to the authentication server A, namely the encryption information M = Epi(T);
S2.6: the authentication server A receives the encrypted information M and carries out integrity verification;
s2.6.1: if S2.6 verifies that no tampering exists, P' is operatedi=Fn-i(W + S), decryption Key P ″, andidecrypting M to obtain a face characteristic value T;
s2.6.2 if S2.6 verifies that the comparison rate exceeds a predetermined threshold, then verifying compliance for C;
s2.7 authentication Server A changes the stored data, decrements the sequence number by 1, and changes the authentication password to PiPreparing for the next successful login; once the sequence number is decremented to 0, initialization must be done.
2. The MFA algorithm-based two-way identity authentication method of claim 1, wherein: the initial face feature value T' in step S1.2 is the relative position and relative size of the face and the five sense organs extracted by the camera.
3. The MFA algorithm-based two-way identity authentication method of claim 2, wherein: in the step S1.2, an initial face feature value T' is obtained by using a boundary Fisher Analysis algorithm, abbreviated as MFA algorithm, the MFA algorithm draws near neighbor samples in similar face sample data, and the MFA algorithm pushes away neighbor samples among heterogeneous face sample data.
CN202011188627.6A 2020-10-30 2020-10-30 Bidirectional identity authentication method based on MFA algorithm Pending CN112311794A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011188627.6A CN112311794A (en) 2020-10-30 2020-10-30 Bidirectional identity authentication method based on MFA algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011188627.6A CN112311794A (en) 2020-10-30 2020-10-30 Bidirectional identity authentication method based on MFA algorithm

Publications (1)

Publication Number Publication Date
CN112311794A true CN112311794A (en) 2021-02-02

Family

ID=74332650

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011188627.6A Pending CN112311794A (en) 2020-10-30 2020-10-30 Bidirectional identity authentication method based on MFA algorithm

Country Status (1)

Country Link
CN (1) CN112311794A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114172684A (en) * 2021-10-27 2022-03-11 广东中科云量信息安全技术有限公司 Cloud computing-oriented network security early warning method and system
CN114626860A (en) * 2022-05-12 2022-06-14 武汉和悦数字科技有限公司 Dynamic identity identification method and device for online commodity payment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1599314A (en) * 2004-08-25 2005-03-23 湖南大学 Two-way verification disposable password verification method based on S/KEY system
CN101098232A (en) * 2007-07-12 2008-01-02 兰州大学 Dynamic password and multiple biological characteristics combined identification authenticating method
CN101174953A (en) * 2007-03-27 2008-05-07 兰州大学 Identity authentication method based on S/Key system
CN102184384A (en) * 2011-04-18 2011-09-14 苏州市慧视通讯科技有限公司 Face identification method based on multiscale local phase quantization characteristics
US20150302252A1 (en) * 2014-04-16 2015-10-22 Lucas A. Herrera Authentication method using multi-factor eye gaze
US20190034920A1 (en) * 2017-12-29 2019-01-31 Intel Corporation Contextual Authentication of an Electronic Wallet
CN111464512A (en) * 2020-03-18 2020-07-28 紫光云技术有限公司 Mobile phone token MFA scheme based on visual password

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1599314A (en) * 2004-08-25 2005-03-23 湖南大学 Two-way verification disposable password verification method based on S/KEY system
CN101174953A (en) * 2007-03-27 2008-05-07 兰州大学 Identity authentication method based on S/Key system
CN101098232A (en) * 2007-07-12 2008-01-02 兰州大学 Dynamic password and multiple biological characteristics combined identification authenticating method
CN102184384A (en) * 2011-04-18 2011-09-14 苏州市慧视通讯科技有限公司 Face identification method based on multiscale local phase quantization characteristics
US20150302252A1 (en) * 2014-04-16 2015-10-22 Lucas A. Herrera Authentication method using multi-factor eye gaze
US20190034920A1 (en) * 2017-12-29 2019-01-31 Intel Corporation Contextual Authentication of an Electronic Wallet
CN111464512A (en) * 2020-03-18 2020-07-28 紫光云技术有限公司 Mobile phone token MFA scheme based on visual password

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114172684A (en) * 2021-10-27 2022-03-11 广东中科云量信息安全技术有限公司 Cloud computing-oriented network security early warning method and system
CN114626860A (en) * 2022-05-12 2022-06-14 武汉和悦数字科技有限公司 Dynamic identity identification method and device for online commodity payment

Similar Documents

Publication Publication Date Title
US11824991B2 (en) Securing transactions with a blockchain network
US10728027B2 (en) One-time passcodes with asymmetric keys
Mishra et al. Cryptanalysis and improvement of Yan et al.’s biometric-based authentication scheme for telecare medicine information systems
WO2017164159A1 (en) 1:n biometric authentication, encryption, signature system
CN103124269B (en) Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment
CN108173871B (en) Wireless network access authentication system and method based on radio frequency fingerprint and biological fingerprint
CN114125833B (en) Multi-factor authentication key negotiation method for intelligent device communication
CN101420301A (en) Human face recognizing identity authentication system
Baruah et al. An improved biometric-based multi-server authentication scheme using smart card
CN103067390A (en) User registration authentication method and system based on facial features
CN112311794A (en) Bidirectional identity authentication method based on MFA algorithm
CN103297237B (en) Identity registration and authentication method, system, personal authentication apparatus and certificate server
Luo et al. Anonymous biometric access control based on homomorphic encryption
Lu et al. An enhanced biometrics-based remote user authentication scheme using smart cards
Takahashi et al. Parameter management schemes for cancelable biometrics
Khalid et al. Cloud server security using bio-cryptography
Mohammedi et al. Secure and lightweight biometric-based remote patient authentication scheme for home healthcare systems
KR101468192B1 (en) Secure User Authentication Scheme Based on Facial Recognition for Smartwork Environment
CN111698253A (en) Computer network safety system
Sun et al. A lightweight multi-factor mobile user authentication scheme
JP2001312477A (en) System, device, and method for authentication
Hwang et al. Cryptanalysis of Kumar's Remote User Authentication Scheme with Smart Card
Syta et al. Private eyes: Secure remote biometric authentication
Mishra Cryptanalysis of multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics
CN117896079B (en) Efficient authentication method based on PUF and revocable biological characteristics

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210202