CN1731724A - Tai Ji active cipher verification technique - Google Patents
Tai Ji active cipher verification technique Download PDFInfo
- Publication number
- CN1731724A CN1731724A CN 200510060446 CN200510060446A CN1731724A CN 1731724 A CN1731724 A CN 1731724A CN 200510060446 CN200510060446 CN 200510060446 CN 200510060446 A CN200510060446 A CN 200510060446A CN 1731724 A CN1731724 A CN 1731724A
- Authority
- CN
- China
- Prior art keywords
- password
- sign indicating
- tai
- warning value
- indicating number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
Disclosed is a method for verifying password. The method includes: setting a group passwords that discrete each other and be sequential and circular for an account; two random continuous passwords for logging in are different. An integrate password includes several sections: additive identifying code, two or three bits of random characters, circular variable codes, parity flag and random number working codes. When initializing password, user will verify the original password and changing rules and the real valid password for each logging is consisted of original password, changing rules and current serial number.
Description
Technical field
The present invention relates to the family verification method.
Background technology
For safety requirements is attempted to login to one or the user of request resource carries out certain checking, to determine that he (or she) is exactly that people who oneself is declared.
Three kinds of verification methods are arranged:
One, the content known to him is as the corresponding answer of password or certain problem;
Two, the article that he had are as smart card, badge, corresponding work card;
Three, his biological characteristic is as fingerprint, retina, sound.
Three kinds of verification modes respectively have its inherent weakness.
For long-range or multi-user access, second, third kind verification mode realizes difficulty, expensive, the shortage flexibility of cost, so the mode of password authentification becomes most widely used a kind of verification mode.
But password authentification also has its weakness, and the validity of password authentification is maintained secrecy based on the password content, in case there is others to know that this content can pretend to be this person to login.
Know that other people have the mode of password: the cracking of historical record, the tracking of keyboard physics, keyboard software are followed the tracks of, are witnessed etc. in powerful conjecture (traversal), video recording, network monitoring, data cutout, the machine.
For accessing to your password in public places, increased the risk of revealing especially greatly, as using Internet bar's computer, using notebook computer etc. in public.The people who lands instant messenger, online game, on-line payment instrument in the Internet bar is a lot, and the thing that number of the account is usurped is also a lot, and most usurp success be because to the cracking of historical record in the machine, keyboard is followed the tracks of, directly visual etc.
Be tightening security property, existing at present multiple dynamic password verification technology.
Find that by literature search the present dynamic password verification technology that has patented and applied for mainly is divided into following a few class:
1, based on the solution of password generating means or smart card, the advantage of this class scheme is that fail safe is good, but needs equipment such as smart card, card reader, must unify distribution ﹠ management by administrative center, and when checking amount of calculation big.Therefore be fit to the project that safety requirements is higher and capital budgeting is sufficient.
2, the solution of secret parameter+random number, generally produce random number by server, utilize secret parameter that it is processed by client again, server contrast client is returned adds number and whether equals oneself to use number with quadrat method processing gained, if equal then be proved to be successful.The client of this class scheme does not generally need equipment such as smart card, card reader, reduced the realization cost, but the user gets and carefully keeps secret parameter, can not lose or damage these data (virus, hard disk failure, format), and the user will login just very inconvenient on different computers.
3, the solution of random number being processed by the user, promptly produce random number by server, the processing rule of being remembered according to oneself by the client is processed (the number processor changes the people into by machine) to it again, server contrast client returns adds number and whether equals oneself to use number with quadrat method processing, if equal then be proved to be successful.The client of this class scheme need not keep dense parameter, the user can login on different computers, but say the processing rule that can not whole users all be provided with enough complexity from entire system, if, can break through wherein more number of the account probably so 500 numbers of the account are attacked with 100 kinds of not too complicated processing rules.
4, based on the solution of digital certificate, the advantage of this class scheme is that fail safe is good, and technology maturation, and client also not necessarily will be installed extras.But say the cost height from overall system, configuration is complicated, the maintenance requirement height.
Various schemes respectively have its pluses and minuses, and the present invention is devoted to that cost is low, flexibility and practicality are good.
Summary of the invention
The present invention is intended to increase fail safe and a kind of outer layer protection of one deck operation level.
To a number of the account, set up one group to be worth discretely each other, use sequential password, the password of login all can be inequality continuously for secondary arbitrarily.And service provides the unit that the audit function of keeping the score is safely arranged.
A password is formed by a plurality of sections, can select additions and deletions to character field according to safety requirements and factor such as easy to use in specific embodiment.
A complete password is formed by following section:
Additional identification sign indicating number+two or three any character+circulation change sign indicating number+parity flag+random number code processing.
The additional identification sign indicating number: being provided at random by server, can be upper and lower case letter, numeral and additional character etc.
Two or three any characters: arbitrarily import when at every turn logining by the user.
Circulation change sign indicating number: when foundation for the first time or change password, set up a source code character to scurry earlier, then in scurrying, this source code character chooses some positions wantonly, do the variable position, and determine that a kind of orderly rule change, the actual available cycles of landing each time later on change sign indicating number and determined jointly by source code, rule change and current sequence number.
Circulation change sign indicating number form 1:
Set up a source pin.Then optional some positions in this code characters is scurried are done the variable position, and are determined each variation element, and available password sum determines that value is discrete each other, recycle, and order is arranged.(position is called for short in the variable position, and variable element is called for short bit) as shown in Figure 1.
Circulation change sign indicating number form 2:
Set up a source pin.Then the variable position is done in optional some positions in this code characters is scurried, and definite variable element type, change step, cycle limit; Actual available password each time is by source pin, variable element type, and change step and current sequence number determine jointly.As shown in Figure 2.
Parity flag: the sign that when the circulation change sign indicating number of input odd indexed, should add odd indexed;
When the circulation change sign indicating number of input even number sequence number, should add the sign of even number sequence number.
But parity flag unit, but also multidigit, and the figure place of two signs can be unequal.
The parity flag of unit:
As: with " Q " sign as odd indexed; With " # " sign as the even number sequence number.
When the password of odd indexed such as input (one) (three) number, should add " Q " so;
When the password of input (two) (four) number sequence number such as even numbers such as grade, should add " # ".
The parity flag of multidigit:
As: with " Qi5 " sign as odd indexed; With " p4 " sign as the even number sequence number.
Random number code processing: when foundation for the first time or change password, set up a processing rule.
When requiring login, provide a random number by server, the user is according to predefined rule processing, the new number input after the processing.Processing rule can be the adding of step-by-step, subtract, multiplication and division, or whole add, subtract, multiplication and division, to shifting left, right shift, inverted order is arranged, combination is processed etc.
For putting in order of the available password of each reality, also can be used as secret information.
As determine a kind of putting in order to provide when perhaps logining by server when the initialization password at every turn by the user.
Service login flow example and score formula audit regulation see accompanying drawing 3 for details.
Embodiment
Embodiments of the invention are hereinafter described.
Registration phase:
The user proposes register requirement to server.
Server returns register interface.
The application user is by name: User1.
The user is provided with the circulation change sign indicating number:
Password: the MingSi of unit, variable bit: 3,5,6, change element: 3eqG,
Changing method: a variation element of turning left from the right side is pressed into variable bit.As shown in Figure 4.
Parity flag: with " Q " sign as odd indexed; With " p4 " sign as the even number sequence number;
Random number processing rule: addition without carry 3, as more than or equal to 10, then get units.
The login authentication stage:
Login for the first time:
The user imports at account's frame: User1, send logging request,
Server returns, and the additional identification picture is being write above: " HG3E ", random number: " 917 ", current available cycles change sign indicating number number: " (one) ".And point out putting in order of current complete password to be:
Additional identification sign indicating number+two/three any character+circulation change sign indicating number+parity flag+random number code processing.
The user imports at password box: HG3EXkMingSiQ240.
Login successfully.The user can come into play, and the Account Status of management oneself.
1. can change password or next time and land the password sequence number;
2. single warning value and accumulative total warning value can be checked, and the accumulative total warning value can be revised.
And the accumulative total warning value is greater than having prompting at 3 o'clock.If at this moment the user does not change security set.
Login for the second time:
The user imports at account's frame: User1, send logging request,
Server returns, the additional identification picture, writing above: " 5UA ", random number: " 3807 ", current available cycles changes sign indicating number number: " (two) ", and point out putting in order of current complete password to be: and circulation change sign indicating number+additional identification sign indicating number+random number code processing+two/three any character+parity flag.
The user imports at password box: Mi3geq5UA6130GCkp4.
Login successfully.
But fail safe and generalization analysis
Security kernel of the present invention is: circulation change sign indicating number+parity flag+random number code processing.
Can select additions and deletions to character field according to safety requirements and factor such as easy to use in concrete enforcement project, such as omitting circulation change sign indicating number or random number code processing.
The system of selection of multiple simple circulation change sign indicating number is arranged, enumerates one of them system of selection:
If 4 of total available password numerical digits, original code is: O
1O
2O
3O
4O
5O
6, the variable position is: the three, the 5th, and variable element is: X
1X
2X
3X
4, changing method is: from right to left variable element is pressed into the variable position, each unnecessary two need not.As shown in Figure 5.
The extra memory content of validated user is two variable positions and four variable element.If only know one of them password for illegal appropriator, he can not infer and other passwords.
For the random number code processing processing rule that much is simple and easy to usefulness is arranged also, as:
If: the random number that server provides=0189,
1, a position more than or equal to 10, is got in step-by-step+3, gets 3412;
2, step-by-step get and, 18;
3, front two multiplies each other, the number of back-6, and negative takes absolute value, and gets 123;
4, inverted order is arranged, and a position more than or equal to 10, is got in head and the tail number+4, gets 3814; Or the like
Random number processing rule does not appear in the input and transmission course of password, if the assailant of intercepting password successfully intercepts and captures password, but does not know random number corresponding, can't extrapolate the processing rule.
Multiple system of selection of circulation change sign indicating number and the regular existence of random number processing that is simple and easy to usefulness arranged, but be the important assurance of the present invention's generalization.
User of the present invention need not buy and carry the storage medium of IC-card and so on, user side need not installed extras, it is very little to provide the unit to increase extra computation burden to service, being easy to programming realizes, cost is low, and flexibility is strong, and the user can login on random client, the back is logined in success can not stay any record in client, can cooperate any bottom encryption technology.
Yet possesses fail safe preferably.Can resist replay attack, during owing to each login, use different passwords, so can resist replay attack.And other people learn the password that once login is used, and are difficult to successfully land number of the account, and are more difficult especially at short notice because the existence of score formula security audit also is difficult to successfully land number of the account even learn two, give protection of number of the account.The public computer of increase use reaches the fail safe when accessing to your password in public places greatly.
Though the password among the present invention to some extra memory requirement of user, as long as the user has grasped after some using skills, does not constitute too big obstacle.In view of the raising of fail safe, some users that wish to obtain economically additional safety this password of can taking like a shot, particularly young colony is easier to accept and use this password.
In view of can under the situation that does not break away from spirit of the present invention and substantive characteristics, changing some part and make multiple embodiments, thus application process of the present invention and scope, including but not limited to above-mentioned example.
Claims (10)
1, a kind of Tai Ji active cipher verification technique when the user asks login service that the unit is provided, requires the user to input correct password, it is characterized in that:
To a number of the account, set up one group to be worth discretely each other, the password of use order is arranged, the password of login all can be inequality continuously for secondary arbitrarily.
A complete password is formed by following section:
Additional identification sign indicating number+two or three any character+circulation change sign indicating number+parity flag+random number code processing.
And service provides the unit that the audit function of keeping the score is safely arranged.
2, Tai Ji active cipher verification technique as claimed in claim 1 is characterized in that:
Additional identification sign indicating number wherein: being provided at random by server, can be any ascii character, GB2312-80 character, Unicode character, promptly can be the multiple symbol of upper and lower case letter, numeral, additional character and Chinese character.
The form of providing can directly be a character, also can be the form of picture, can also be the escape symbol sebolic addressing.
3, Tai Ji active cipher verification technique as claimed in claim 1 is characterized in that:
Two or three any characters wherein: arbitrarily import when at every turn logining by the user.
4, Tai Ji active cipher verification technique as claimed in claim 1 is characterized in that:
Circulation change sign indicating number wherein: when foundation for the first time or change password, set up a source code character to scurry earlier, then in scurrying, this source code character chooses some positions wantonly, do the variable position, and determine that a kind of orderly rule change, the actual available cycles of landing each time later on change sign indicating number and determined jointly by source code, rule change and current sequence number.
5, Tai Ji active cipher verification technique as claimed in claim 4 is characterized in that:
The concrete endless form of circulation change sign indicating number wherein can have multiple variation, so including but not limited to following form.
Circulation change sign indicating number form 1:
Set up a source pin.Then optional some positions in this code characters is scurried are done the variable position, and are determined each variation element, and available password sum determines that value is discrete each other, recycle, and order is arranged.
Circulation change sign indicating number form 2:
Set up a source pin.Then the variable position is done in optional some positions in this code characters is scurried, and definite variable element type, change step, cycle limit; Actual available password each time is by source pin, variable element type, and change step and current sequence number determine jointly.
6, Tai Ji active cipher verification technique as claimed in claim 1 is characterized in that:
Parity flag wherein: the sign that when the circulation change sign indicating number of input odd indexed, should add odd indexed; When the circulation change sign indicating number of input even number sequence number, should add the sign of even number sequence number.Parity flag can have only one, but also multidigit, and the figure place of two signs can be unequal.
7, Tai Ji active cipher verification technique as claimed in claim 1 is characterized in that:
Random number code processing wherein: when foundation for the first time or change password, set up a processing rule.
When requiring login, provide a random number by server, the user is according to predefined rule processing, the new number input after the processing.Processing rule can be the adding of step-by-step, subtract, multiplication and division, or whole add, subtract, multiplication and division, to shifting left, right shift, inverted order is arranged, combination is processed.Because concrete processing rule is intimate unlimited from mathematics, so can't enumerate one by one at this.
8, Tai Ji active cipher verification technique as claimed in claim 1 is characterized in that:
In specific embodiment, can select additions and deletions to the code characters section according to safety requirements and factor such as easy to use.
9, Tai Ji active cipher verification technique as claimed in claim 1 is characterized in that:
For putting in order of the available password of each reality, also can be used as secret information.Can determine a kind of putting in order to provide when perhaps logining by server when the initialization password by the user at every turn.
10, Tai Ji active cipher verification technique as claimed in claim 1 is characterized in that:
The formula of wherein scoring audit regulation is: after service provides the password that the unit receives user input, judge whether to equal legal password,
Equal then to be proved to be successful.
Be not equal to further judgement,
Whether the circulation change sign indicating number is in the code presupposition one of them, for quoting from conveniently this judgement note is made A,
Whether parity flag equals one of them, for quoting from conveniently this judgement note is made B,
Whether random number meets the processing rule, for quoting from conveniently this judgement note is made C;
A=is true, and B=is true, and C=is true, then single warning value, accumulative total warning value+X1;
The A=vacation, B=is true, and C=is true, then single warning value, accumulative total warning value+X2;
A=is true, and B=is true, C=vacation, then single warning value, accumulative total warning value+X3;
The A=vacation, B=is true, C=vacation, then single warning value, accumulative total warning value+X4;
The A=vacation, B=vacation, C=vacation, then single warning value, accumulative total warning value+X5;
If single warning value>S2 then locked number of the account T2 hour;
If accumulative total warning value>S1 then locked number of the account T1 hour; Send out the warning mail to the user.
If do not surpass the warning threshold values, return: " number of the account or password mistake.Please retry.”
The accumulative total warning value is every the T3 S3 that descends automatically.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510060446 CN1731724A (en) | 2005-08-22 | 2005-08-22 | Tai Ji active cipher verification technique |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510060446 CN1731724A (en) | 2005-08-22 | 2005-08-22 | Tai Ji active cipher verification technique |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1731724A true CN1731724A (en) | 2006-02-08 |
Family
ID=35964033
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200510060446 Pending CN1731724A (en) | 2005-08-22 | 2005-08-22 | Tai Ji active cipher verification technique |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1731724A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101799857A (en) * | 2010-03-19 | 2010-08-11 | 深圳市奔凯生物识别技术有限公司 | Password authentication method |
| CN101425896B (en) * | 2007-10-29 | 2010-12-22 | 李斯鸿 | Network account ciphering method |
| CN102694766A (en) * | 2011-03-21 | 2012-09-26 | 刘冠双 | Multi-party interactive password check |
| CN103546287A (en) * | 2012-07-17 | 2014-01-29 | 联想(北京)有限公司 | Password verification method and electronic equipment |
| CN107092839A (en) * | 2016-02-17 | 2017-08-25 | 深圳市维申斯科技有限公司 | The antitheft input method of code keypad based on random diastema password |
| CN107273739A (en) * | 2017-05-26 | 2017-10-20 | 遵义师范学院 | A kind of coded lock unlocking method |
-
2005
- 2005-08-22 CN CN 200510060446 patent/CN1731724A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101425896B (en) * | 2007-10-29 | 2010-12-22 | 李斯鸿 | Network account ciphering method |
| CN101799857A (en) * | 2010-03-19 | 2010-08-11 | 深圳市奔凯生物识别技术有限公司 | Password authentication method |
| CN102694766A (en) * | 2011-03-21 | 2012-09-26 | 刘冠双 | Multi-party interactive password check |
| CN103546287A (en) * | 2012-07-17 | 2014-01-29 | 联想(北京)有限公司 | Password verification method and electronic equipment |
| CN107092839A (en) * | 2016-02-17 | 2017-08-25 | 深圳市维申斯科技有限公司 | The antitheft input method of code keypad based on random diastema password |
| CN107273739A (en) * | 2017-05-26 | 2017-10-20 | 遵义师范学院 | A kind of coded lock unlocking method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11599624B2 (en) | Graphic pattern-based passcode generation and authentication | |
| Alkaldi et al. | Why do people adopt, or reject, smartphone password managers? | |
| Thorpe et al. | Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. | |
| US8881251B1 (en) | Electronic authentication using pictures and images | |
| Al-Ameen et al. | Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues | |
| US9111073B1 (en) | Password protection using pattern | |
| US20140157382A1 (en) | Observable authentication methods and apparatus | |
| US11361068B2 (en) | Securing passwords by using dummy characters | |
| Tao | Pass-Go, a new graphical password scheme | |
| US10474807B2 (en) | Password/encryption protection | |
| US11604867B2 (en) | Graphic pattern-based authentication with adjustable challenge level | |
| CN1731724A (en) | Tai Ji active cipher verification technique | |
| CN112560067A (en) | Access method, device and equipment based on token authority verification and storage medium | |
| Warkentin et al. | Introducing the check-off password system (COPS): an advancement in user authentication methods and information security | |
| CN103870725A (en) | Method and device for generating and verifying verification codes | |
| US20140282973A1 (en) | Systems and methods for securely transferring authentication information between a user and an electronic resource | |
| CN1759403A (en) | Information management system | |
| US20150046993A1 (en) | Password authentication method and system | |
| CN1992592A (en) | System and method of dynamic password identification | |
| CN1894882A (en) | Authentication system | |
| Marky et al. | Assistance in daily password generation tasks | |
| Campbell et al. | The good and not so good of enforcing password composition rules | |
| CN1961273A (en) | Method for safely logging onto a technical system | |
| Converse | CAPTCHA generation as a web service | |
| KR20170016821A (en) | Server system, communication system, communication terminal device, program, recording medium, and communication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C57 | Notification of unclear or unknown address | ||
| DD01 | Delivery of document by public notice |
Addressee: Zhuo Tike Document name: Notification of the application for patent for invention to go through the substantive examination procedure |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |