WO2014079256A1 - 基于多哈希值的密码系统 - Google Patents
基于多哈希值的密码系统 Download PDFInfo
- Publication number
- WO2014079256A1 WO2014079256A1 PCT/CN2013/082903 CN2013082903W WO2014079256A1 WO 2014079256 A1 WO2014079256 A1 WO 2014079256A1 CN 2013082903 W CN2013082903 W CN 2013082903W WO 2014079256 A1 WO2014079256 A1 WO 2014079256A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- password
- user
- hash value
- account
- server
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
Definitions
- the user account cloud management directly submits the user account and password to the service provider for storage, so that the service provider has the ability to grasp the user account and password, which is not conducive to the protection of user privacy. If the user uses the same password at different service providers, as long as one service provider's security measures are not in place and the password is compromised, all account security may be threatened.
- Hash value characteristics (A- refers to the data source, B- refers to the hash value obtained after the A operation):
- B can be obtained from A, but cannot be calculated back from A to B;
- the operation method can be:
- One-way operation including but not limited to: md5* (username + password + account logo (zhanghao) + service provider ) with one-way operation md5* (username + password + data flag (shujv) + service provider) ⁇
- md5* username + password + data flag (shujv) + service provider
- the user can encrypt the password by answering the answer to the question, and then upload it to the server for storage. When necessary, restore the password by answering the answer (optional download ciphertext, local recovery password).
- the implementation server provides services to users and protects user privacy without knowing the user password and data content.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
多哈希值密码系统是:将用户密码通过一定的单向运算生成多个值(或字符串),分别用于不同的用途。用回答问题的方式加解密恢复用户密码。实现服务器在不知道用户密码和数据内容的情况下,给用户提供服务、有利用保护用户隐私。
Description
计算机、互联网、密码学。
目前用户账户云管理直接把用户账户和密码提交到服务商保存,使服务商具有掌握用户账户和密码的能力,不利于用户隐私的保护。如果用户在不同服务商那里使用相同的密码,只要一个服务商安全措施不到位,密码泄露,就可能造成所有账户安全受到威胁。
常见哈希值:MD5、SHA
哈希值特性(以下A-指代数据源,B-指代A运算后获得的哈希值):
1.单向性:从A可以运算获得B,但从B不能运算回A;
2.数据源A发生微小变化,结果B发生巨大变化。
3.无碰撞:不同数据源A会获得不同结果B,但B的长度是有限的,而数据源A是无限的,因此发生碰撞是一定存在的。
这些特性常被用于文件、字符串的特征识别(杀毒、反钓鱼网址)。
1.0)将用户密码通过一定的单向运算(如:md4、md5)生成多个值(或字符串),分别用于不同的用途。运算方式可以是:
1.1)不同算法,同一算法结果截取不同部分;
1.2)不同算法因子(如:长度);
1.3)将用户密码或原哈希值加一定变化(如:加前缀或后缀-user+password+blog.com、user+password+cloud.com
、user+password+server.com、user+password+DataService+server.com、user+password+RecyleService+server.com、user+passwordHash+server.com)然后再进行同一种哈希值算法计算作为相应用途。
1.4)将用户密码通过多次同一单向算法计算生成不同值(或字符串)。
1.5)除了可以用用户密码,还可以用文件作为密码来计算哈希值。
1.6)上面方法的组合运用。
2.1)用户登录,用户登录时用使用用户密码的哈希值【或部分】作为密码。
2.2)单向运算(包括但不限于:md5)*【用户名+密码+服务类型+服务商】(任意组合)=实际提交给服务商密码,实现一个明文密码获得多个不同实际密码的多账号管理,用户只需要记住1个密码,就可以实现多个账户密码不一样,并且可以保护密码明文。使用方法是:用前面方法生成各个服务商的密码,然后把它设置成相应服务商账户的密码;下次登陆时重新用明文运算出实际密码来登陆;在账户管家自动登陆中,只保存账户用户名而不保存密码,用户在输入1次明文密码后,自动生成各个服务商的实际密码从而自动登陆所有账户。
2.3)包括: 单向运算{包括但不限于:md5*( 用户名 +密码+账号标志(zhanghao)+服务商
)与单向运算md5*( 用户名 +密码+数据标志(shujv)+服务商 )
}实现一个明文密码但实际账号密码与数据密码的不同,从而保证在账号密码或加密数据泄露的情况下,保证数据加密的安全。
2.4)用原密码变化计算出的哈希值加密用户数据(可选本地加解密后上传)。
2.5)用户可以使用回答问题的答案对密码进行加密,然后可上传到服务器存储,需要的时候再用回答答案方式恢复密码(可选下载密文,本地恢复密码)。实现服务器在不知道用户密码和数据内容的情况下,给用户提供服务、有利用保护用户隐私。
Claims (7)
- 多哈希值的密码系统,其特征是:对用户密码单向运算出多个值(或字符串),然后分别用计算出来的值(或字符串)用于用不同目的;用回答问题的答案加解密用户密码。
- 如权利1,包括:对用户密码单向运算(包括但不限于不同运算方式、一个运算结果截取不同部分、通过原密码变化(增加字符)、通过多次重复运算、几种种方法组合运用)出多个值(或字符串),然后分别用计算出来的值(或字符串)用于用不同目的。
- 如权利1,单向运算方式包括但不限于:md4、md5、sha1。
- 包括:用用户密码在本地计算出来的哈希值或部分哈希值然后再提交给服务器与服务器存储的哈希值进行验证实现登录账户,而不是用户提交明文密码到服务器,然后在服务器计算出哈希值进行登录账户验证。
- 包括:用用户可以使用回答问题的答案对密码进行加密,然后可上传到服务器存储,需要的时候再用回答答案方式恢复密码(可下载密文,本地恢复密码)。
- 包括:单向运算{包括但不限于:md5*【用户名+密码+服务类型+服务商】(任意组合)=实际提交给服务商密码},实现一个明文密码获得多个不同实际密码的 多账号管理。
- 包括: 单向运算{包括但不限于:md5*( 用户名 +密码+账号标志(zhanghao)+服务商 )与单向运算md5*( 用户名 +密码+数据标志(shujv)+服务商 ) }实现一个明文密码但实际账号密码与数据密码的不同,从而保证在账号密码或加密数据泄露的情况下,保证数据加密的安全。
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012104707794 | 2012-11-20 | ||
CN201210470779 | 2012-11-20 | ||
CN2012104808422 | 2012-11-23 | ||
CN201210480842 | 2012-11-23 | ||
CN2012105820169A CN103107989A (zh) | 2012-11-20 | 2012-12-28 | 基于多哈希值的密码系统 |
CN2012105820169 | 2012-12-28 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014079256A1 true WO2014079256A1 (zh) | 2014-05-30 |
Family
ID=50775484
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2013/082903 WO2014079256A1 (zh) | 2012-11-20 | 2013-09-04 | 基于多哈希值的密码系统 |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2014079256A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116055067A (zh) * | 2023-04-01 | 2023-05-02 | 北京江民新科技术有限公司 | 一种弱口令检测的方法、装置、电子设备及介质 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060156026A1 (en) * | 2002-10-25 | 2006-07-13 | Daniil Utin | Password encryption key |
CN101145911A (zh) * | 2007-10-30 | 2008-03-19 | 江汉大学 | 具有私密保护及口令找回功能的身份认证方法 |
-
2013
- 2013-09-04 WO PCT/CN2013/082903 patent/WO2014079256A1/zh active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060156026A1 (en) * | 2002-10-25 | 2006-07-13 | Daniil Utin | Password encryption key |
CN101145911A (zh) * | 2007-10-30 | 2008-03-19 | 江汉大学 | 具有私密保护及口令找回功能的身份认证方法 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116055067A (zh) * | 2023-04-01 | 2023-05-02 | 北京江民新科技术有限公司 | 一种弱口令检测的方法、装置、电子设备及介质 |
CN116055067B (zh) * | 2023-04-01 | 2023-06-30 | 北京江民新科技术有限公司 | 一种弱口令检测的方法、装置、电子设备及介质 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10652015B2 (en) | Confidential communication management | |
US11381398B2 (en) | Method for re-keying an encrypted data file | |
Yang et al. | Provable data possession of resource-constrained mobile devices in cloud computing | |
Ni et al. | On the security of an efficient dynamic auditing protocol in cloud storage | |
US20150033020A1 (en) | Protocol for Controlling Access to Encryption Keys | |
US9608822B2 (en) | Method for generating an HTML document that contains encrypted files and the code necessary for decrypting them when a valid passphrase is provided | |
US11757625B2 (en) | Multi-factor-protected private key distribution | |
CN109472130A (zh) | Linux密码管理方法、中控机、可读存储介质 | |
CN104394172A (zh) | 单点登录装置和方法 | |
CN104967693A (zh) | 面向云存储的基于全同态密码技术的文档相似度计算方法 | |
CN103107989A (zh) | 基于多哈希值的密码系统 | |
Yu et al. | Provable data possession supporting secure data transfer for cloud storage | |
Sivasakthi et al. | Applying digital signature with encryption algorithm of user authentication for data security in cloud computing | |
Lai et al. | Secure file storage on cloud using hybrid cryptography | |
CN105871858A (zh) | 一种保证数据安全的方法及系统 | |
Fahl et al. | Trustsplit: usable confidentiality for social network messaging | |
WO2014079256A1 (zh) | 基于多哈希值的密码系统 | |
Abbdal et al. | Secure third party auditor for ensuring data integrity in cloud storage | |
KR20170087120A (ko) | 무인증서 공개키 암호 시스템 및 수신 단말기 | |
CN115065470B (zh) | 数据传输方法和设备 | |
CN114143026B (zh) | 基于非对称与对称加密的数据安全接口及其工作方法 | |
Tummalapalli et al. | Multi-level and mutual log integrity preservation approach for cloud forensics using public key infrastructure | |
Giuliani et al. | Passwords Management via Split-Key | |
EP3869730B1 (en) | Confidential communication management | |
Yalin et al. | The Research and Application of Cloud Printing Platform Based on Improved AES-RSA Encryption Algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13856568 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13856568 Country of ref document: EP Kind code of ref document: A1 |