WO2016188402A1 - Appareil, procédé, et système d'anti-hameçonnage réseau - Google Patents

Appareil, procédé, et système d'anti-hameçonnage réseau Download PDF

Info

Publication number
WO2016188402A1
WO2016188402A1 PCT/CN2016/083135 CN2016083135W WO2016188402A1 WO 2016188402 A1 WO2016188402 A1 WO 2016188402A1 CN 2016083135 W CN2016083135 W CN 2016083135W WO 2016188402 A1 WO2016188402 A1 WO 2016188402A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
identification
website
random number
platform device
Prior art date
Application number
PCT/CN2016/083135
Other languages
English (en)
Chinese (zh)
Inventor
邵通
Original Assignee
邵通
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 邵通 filed Critical 邵通
Priority to CN201680029862.4A priority Critical patent/CN107615704B/zh
Publication of WO2016188402A1 publication Critical patent/WO2016188402A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/80Arrangements enabling lawful interception [LI]

Definitions

  • the invention belongs to the field of information security.
  • the present invention relates to an apparatus, method and system for hiding identification data to prevent phishing using a one-way function.
  • it relates to an apparatus, method and system for protecting user identification data by using a one-way function to hide user identification data against phishing.
  • the SSL protocol is used.
  • the website uses the HTTPS page to solve the encryption problem of the encrypted login core data (identification data) PAN and PIN.
  • identification data the encrypted login core data
  • PAN and PIN the encrypted login core data
  • One is that when a user enters a phishing website, and the phishing website has a legitimate certificate, it is obviously phishing, that is, the phishing website illegally obtains the user's PAN and PIN; the second is that the user enters the phishing website, and the website provides HTTP.
  • the plug-in solution has the issue of whether the plug-in is a Trojan plug-in authentication problem, and is also an area where ordinary users are easily installed with phishing software.
  • the browser only needs to send the encrypted form of the PAN and the PIN without using the web form form.
  • SSL protocol the ideas and techniques of PKI are used. But the management of website certificates, distribution is a system engineering, more complicated.
  • H represents a hash function or other one-way function for making an encrypted identifier for the data.
  • the essence of the invention is to use the cryptographic function to generate the identification retrieval data and the identification authentication data according to the user identification data and the random number to form a hidden token. Hide hidden user IDs with hidden tokens.
  • the essence is to use the user identification data (and other data) shared by both the website device and the platform device as the already assigned key.
  • This system does not require key distribution and implements encryption authentication.
  • PKI technology can also be used to hide user identification data, so there is no need to assign a key, but It is still necessary to authenticate the public key (PKI is a complex system), otherwise it is vulnerable to "phishing attacks.”
  • a network anti-phishing system includes: a platform device that generates a hidden token according to the identification data; and a website device that confirms the identification data according to the obtained hidden token to determine whether to further operate;
  • the website device is connected to the network device; the platform device obtains the website device network address; the platform device obtains (enters) the identification data, such as the PAN and/or the PIN; and the platform device calculates the identification search data by using the one-way function according to the obtained identification data;
  • the platform device calculates the identification authentication data by using a cryptographic function according to the random number and the identification data; the platform device forms the identification retrieval data and the identification authentication data into a hidden token, and transmits the information to the website device according to the network address; and the website device searches according to the identifier of the hidden token. Data, find the relevant user identification data item, and confirm the identification data according to the random number and the identification data of the hidden token, and decide whether to further operate.
  • the random number in the platform device may be time data, or usage number data, or temporarily generated random number, or geographical location information, or identity authentication data, or received random number and combinations thereof.
  • the platform device may be a browser, and the application device is a web page. Further operations here may be the operations after the login confirmation. It can also be another post-authentication operation.
  • a network anti-phishing device includes: a computing device, a random number device, an identification data device, a communication device; a network anti-phishing device obtains a network address of a website; and an identification data device obtains (inputs) an identifier Data, such as PAN and/or PIN; the computing device uses the one-way function to calculate the identification search data according to the identification data; obtains the random number from the random number device, and according to the random number and the identification data, the computing device calculates the identification authentication data by using the cryptographic function.
  • the identification search data and the identification authentication data constitute a hidden token, and the result is transmitted to the website through the communication device and the network address.
  • the random number device may be a device that generates time, or may be a device that stores the number of uses, or may be a true random number generating device, or a geographical location information device, or an identity authentication data device, or a random received by the communication device. Number and combination.
  • the network anti-phishing device can be a browser.
  • a network anti-phishing method includes: (Step A) the platform device obtains a website device network address; (Step B) the platform device obtains (inputs) the identification data; (Step C) the platform device is based on The obtained identification data is obtained by using a one-way function to obtain the identification search data; (Step D) the platform device calculates the identification authentication data by using the cryptographic function according to the random number and the identification data; (Step E) the platform device identifies the identification data and the identification of the identification The data constitutes a hidden token, which is transmitted to the website device according to the network address; (Step F) the website device retrieves the data according to the identifier of the hidden token, finds the relevant user identification data item, and authenticates the data according to the random number and the hidden token identification. Confirm the identification data and decide whether to proceed further.
  • the random number in step D may be time data, or usage count data, or temporarily generated random number, or geographical location information, or identity authentication data, or received random number and combinations thereof.
  • step D it is also possible to have the step of generating a symmetric encryption key with the user identification data, the key for the cryptographic function of step D, the encryption identification authentication data or (and) the identity authentication data.
  • a platform device shares data with the website device for identifying the generation of the retrieved data.
  • a platform device obtains a login network address according to the current application device.
  • 1 is a schematic view showing a preferred embodiment 1, 2, and 3 network anti-fishing method and system
  • FIG. 2 is a schematic diagram showing the apparatus for network anti-phishing of the preferred embodiment 4;
  • F to represent accounts (PAN, identification data, user name, etc.), H for one-way functions (such as SM3), PIN for personal identification (identity authentication data), DES for symmetry.
  • Encryption algorithm (such as SM4).
  • FIG. 1 A method and system associated with network anti-phishing in this embodiment is shown in FIG. 1 .
  • the system consists of a website device 1, a network 2, a platform device 3, and an application device 4.
  • the website device 1 and the platform device 3 are connected via a network 2; the application device 4 is connected to the platform device 3.
  • a website device is a website
  • a platform device is a computer and a browser
  • an application device is an HTML web page that is interpreted and executed by a browser.
  • the platform device 3 includes: F, PIN and a one-way function H; the website device 1 includes: a user table (F, H (F), PIN) and a one-way function H.
  • F is the primary account (PAN).
  • the user table establishment procedure of the security device 1 is:
  • the website device 1 establishes a user entry: (F, H(F), PIN).
  • the steps to log in are:
  • the platform device 3 obtains the network address of the currently registered website device 1 according to the current application device 4;
  • the user selects the login function of the platform device 3, and inputs (acquires) F and PIN;
  • the platform device 3 has a random number R, obtains F and PIN, and calculates H(F) identification search data;
  • the platform device 3 calculates (H(F
  • the platform device 3 through the network 2, according to the network address obtained in step 1, transmitting the identification data and identification of the authentication data consisting of hidden tokens to the website device 1;
  • the website device 1 receives the hidden token (H(F), H(F
  • PIN1) H(F
  • Step 1 If the platform device is a browser, it is obvious that the browser can open multiple web pages at the same time.
  • the user name and PIN code entered on the platform are related to the website that needs to be logged in.
  • the browser cannot know which website the user wants to log in to, so it is necessary to select or obtain the web address of the currently logged-in website, generally selecting the website of the current web page.
  • the operating system is regarded as a platform device, then the application is an application device.
  • the essence of the patent requires that the login data of the application is input in the operating system instead of being input in the application. This will prevent the application from fishing. That is to say we trust the operating system to not trust the application. Looking at the browser, we trust the security of the browser and do not trust the security of the webpage.
  • the random number R in step 3 can be generated by the website device 1 and transmitted to the platform device 3, which can prevent replay attacks. It is also possible for the platform device 3 to generate a time-based number such as (random number + time) as R, as well as to prevent replay attacks. It may also be the geographical location information of the platform device 3.
  • the user name and password are input on the platform device, and the hiding of the user name identification data is realized by the calculation of the one-way function.
  • the role of H(F) is for the website device 1 to find the data item corresponding to F, so it is called the identification search data, and the role of H(F
  • the data F which is consistent with the F in the user device, is called the identification authentication data, and it also authenticates the correctness of the PIN.
  • the identification retrieval data and the identification authentication data constitute a hidden token. If the random number R is generated by the user device, it is apparent that R must be transmitted to the security device for identity authentication; at this time the hidden token also includes the random number R.
  • the website has an attack on a phishing website. Since the platform device does not have a key to share the public and secret data before logging into the website device, the username and password can only be transmitted to the security device in plaintext. In this way, when the platform device mistakenly enters the phishing website, its username and password are transmitted to the phishing website.
  • the platform device is distributed to the device by the website device through a secure way, so that it can be considered that they can perform key negotiation and then encrypt the interactive data, such as the mobile phone APP.
  • the second is to use the SSL protocol, the website device uses HTTPS, and the platform device performs signature authentication to prevent phishing websites.
  • the first solution is essentially the distribution of user devices on every website. Then the security guarantee of the distribution process is a big problem.
  • the essence of the second solution is the correctness of the authentication signature, and it is a set of PKI. It is impossible to distinguish the legality from the website without signature. At the same time, PKI signatures are operated in many markets, and mutual authentication is also a difficult task.
  • the first embodiment it is shown that as long as everyone follows the same standard data format and uses the same one-way function, unified login security protection can be realized.
  • the browser can be seen as a platform device, which is the method, device and system of the browser's anti-phishing website. Because when we enter the phishing website, the phishing website can get (H(F), H(F
  • PIN1) H(F
  • the website device may be a website
  • the platform device may be an application that needs to log in to the website, such as a browser or a mail client.
  • FIG. 1 A method and system associated with network anti-phishing in this embodiment is shown in FIG. 1 .
  • System by website device 1, network 2 The platform device 3 and the application device 4 are composed.
  • the website device 1 and the platform device 3 are connected via a network 2;
  • the application device 4 is connected to the platform device 3.
  • a website device is a website
  • a platform device is a computer and a browser
  • an application device is an HTML web page that is interpreted and executed by a browser.
  • the platform device 3 includes: F, PIN, one-way function H and symmetric cryptographic algorithm DES.
  • the website device 1 includes: a user table (F, H0(F), H(PIN
  • F is a user name (PAN), and SZ is a salt.
  • H0(F) represents the first half of H(F) (such as the first 128 bits of SM3)
  • H1(F) represents the last half of H(F) (such as the last 128 bits of SM3).
  • the user table establishment procedure of the security device 1 is:
  • the website device 1 establishes a user entry: (F, H0(F), H(PIN
  • the steps to log in are:
  • the platform device 3 obtains the network address of the currently registered website device 1 according to the current application device 4;
  • the user selects the login function of the platform device 3, and inputs (acquires) F and PIN;
  • the platform device 3 has a random number R, obtains F and PIN, and calculates H0 (F) identification search data;
  • the platform device 3 calculates DES H1(F) (F ⁇ R ⁇ PIN), and R) identifies the authentication data;
  • the platform device 3 through the network 2, according to the network address obtained in step 1, transmitting the identification data and identification of the authentication data consisting of hidden tokens to the website device 1;
  • the website device 1 receives the hidden token (H0(F), DES H1(F) (F ⁇ R ⁇ PIN), R), and according to H0(F), finds the user table to obtain (F1, H0(F), H(PIN1
  • SZ) H(PIN
  • the random number R in step 3 can be generated by the website device 1 and transmitted to the platform device 3, which can prevent replay attacks. It is also possible for the platform device 3 to generate a time-based number such as (random number + time) as R, as well as to prevent replay attacks. It may also be the geographical location information of the platform device 3. The random number R may also contain geographic location information of the platform device 3.
  • the first half of H(F) is used to identify the data
  • the second half is the key of DES. Obviously it is impossible to get the second half from the first half. But when there is F, it is easy to get these two parts.
  • the core of using a symmetric encryption algorithm is how to obtain the key for encryption and decryption.
  • the core of this patent application is that no key distribution work is performed. Therefore, it can only be realized by using the user names F, PIN and R shared by the website device and the platform device.
  • the example uses H1(F), the latter half of H(F). In fact, it can also be implemented using a part of H(F
  • the website device may be a website
  • the platform device may be an application that needs to log in to the website, such as a browser or a mail client.
  • Embodiments 1 and 2 both use H(F) as the identification search data.
  • the one-way function of H is a public algorithm, so the attacker can exhaust F to obtain the crack H(F). Therefore, in order to increase the difficulty of cracking, F
  • PIN can be used instead of F to generate the identifier search data, so the difficulty of cracking is greatly improved.
  • symbol indicates that the data before and after is concatenated into one data, that is, a string concatenation.
  • FIG. 1 A method and system associated with network anti-phishing in this embodiment is shown in FIG. 1 .
  • the system consists of a website device 1, a network 2, a platform device 3, and an application device 4.
  • the website device 1 and the platform device 3 are connected via a network 2; the application device 4 is connected to the platform device 3.
  • a website device is a website
  • a platform device is a computer and a browser
  • an application device is an HTML web page that is interpreted and executed by a browser.
  • the platform device 3 includes: F, PIN, one-way function H and symmetric cryptographic algorithm DES.
  • the website device 1 includes a user table (F, H0 (F
  • F is a user name (PAN) and SZ is a salt.
  • H0(F) represents the first half of H(F) (such as the first 128 bits of SM3)
  • H1(F) represents the last half of H(F) (such as the last 128 bits of SM3).
  • the user table establishment procedure of the security device 1 is:
  • the website device 1 establishes a user entry: (F, H0(F
  • the steps to log in are:
  • the platform device 3 obtains the network address of the currently registered website device 1 according to the current application device 4;
  • the user selects the login function of the platform device 3, and inputs (acquires) F and PIN;
  • the platform device 3 has a random number R, obtains F and PIN, and calculates H0 (F
  • the platform device 3 calculates (DES H1(F) (F
  • the platform device 3 through the network 2, according to the network address obtained in step 1, transmitting the identification data and identification of the authentication data consisting of hidden tokens to the website device 1;
  • the website device 1 receives (H0(F
  • SZ)); with R, assuming F1 F, then DES H1(F) (DES H1(F) (F
  • SZ) H(PIN1
  • the random number R in step 3 can be generated by the website device 1 and transmitted to the platform device 3, which can prevent replay attacks. It is also possible for the platform device to generate a time-based number, such as (random number + time) as R, which also prevents replay. attack. It may also be the geographical location information of the platform device 3.
  • the first half of H(F) is used to identify the data
  • the second half is the key of DES. Obviously it is impossible to get the second half from the first half. But when there is F, it is easy to get these two parts. In fact, it can also be implemented using a part of H(F
  • the identification retrieval data may not be all data generated by a one-way function. It is also possible to use part of it as an identifier to retrieve data. Which part to use as long as the website device is consistent with the platform device. It can also be seen from the embodiment that the symmetrically encrypted key can also be constructed with the part identifying the result of the data one-way function to ensure that the website device can securely transmit the identity authentication data (such as PIN) when there is a corresponding user name.
  • identity authentication data such as PIN
  • This embodiment also describes an embodiment in which identity authentication data and identification data are used to collectively generate identification search data.
  • the website device may be a website
  • the platform device may be an application that needs to log in to the website, such as a browser or a mail client.
  • FIG. 2 A fourth embodiment of the present invention is shown in FIG. 2.
  • a device associated with the network anti-phishing device of this embodiment is shown in FIG. 2.
  • the device is composed of a computing device 11, a random number device 12, an identification data device 13, and a communication device 14.
  • the platform device 1 obtains the network address; the platform device 1 obtains (inputs) the identification data, such as the PAN and/or the PIN, from the identification data device 13, the platform device 1 obtains the random number R from the random number device 12, and provides it to the computing device 11; The computing device 11 calculates (H(F), H(F
  • the identification data such as the PAN and/or the PIN
  • the platform device 1 obtains the network address, which can obviously be an input. Of course, if the platform device is a browser, the network address of the current web page can also be automatically selected.
  • the identification authentication data is calculated by a one-way function. According to Embodiment 3, it can be known that the symmetric cryptographic function calculation can also be used, and other needs to be changed accordingly.
  • the random number R produced by the random number device 12 is such that (H(F), H(F
  • the user In the prior art, the user generally declares a username (PAN) and then submits corresponding identity authentication data. For the server, the user first searches for the corresponding data item information in the customer database by using the user name (PAN), and then uses the received identity authentication data and the identity authentication data in the data item to perform identity authentication.
  • PAN user name
  • the user name (PAN) held by the server and the user name (PAN) held by the client itself can be used as a secret.
  • the user name (PAN) can be regarded as the key with the traditional technology authentication on both sides of the same, that is, there are many traditional authentication servers and customers to master the same user name (PAN) authentication technology.
  • this hidden user name (PAN) technology is not limited to any particular website. As long as the website name is entered into the calculation of the one-way function, the hidden input of the user name (PAN) of multiple websites can be realized, provided that the authenticated website has a user name (PAN) consistent with the customer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Information Transfer Between Computers (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un appareil, un procédé, et un système d'anti-hameçonnage réseau, qui peuvent être utilisés dans les champs tels que l'ouverture d'une session sur un serveur de réseau, l'ouverture d'une session de jeu, un paiement bancaire et des réseaux anti-hameçonnage. Lorsqu'un terminal informatique est utilisé, un compte de paiement (nom d'utilisateur) peut être caché au moyen d'une technologie de masquage par jeton. Le procédé peut être utilisé dans un réseau de paiement, et permet de résoudre simplement et sûrement le problème lié à la protection d'un identifiant d'utilisateur dans un service bancaire, un jeu et d'autres services, via une combinaison à un protocole d'authentification par mot de passe de bonne qualité
PCT/CN2016/083135 2015-05-25 2016-05-24 Appareil, procédé, et système d'anti-hameçonnage réseau WO2016188402A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201680029862.4A CN107615704B (zh) 2015-05-25 2016-05-24 一种网络防钓鱼的装置、方法和系统

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510268747.X 2015-05-25
CN201510268747 2015-05-25

Publications (1)

Publication Number Publication Date
WO2016188402A1 true WO2016188402A1 (fr) 2016-12-01

Family

ID=57392518

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/CN2016/083135 WO2016188402A1 (fr) 2015-05-25 2016-05-24 Appareil, procédé, et système d'anti-hameçonnage réseau
PCT/CN2016/083130 WO2016188401A1 (fr) 2015-05-25 2016-05-24 Appareil, procédé, et système permettant de cacher des données d'identification d'utilisateur

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/083130 WO2016188401A1 (fr) 2015-05-25 2016-05-24 Appareil, procédé, et système permettant de cacher des données d'identification d'utilisateur

Country Status (2)

Country Link
CN (2) CN107615797B (fr)
WO (2) WO2016188402A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108564373A (zh) * 2018-03-16 2018-09-21 阿里巴巴集团控股有限公司 支付方法、装置及设备
CN108805540B (zh) * 2018-05-04 2021-10-29 中电信用服务有限公司 一种支付处理系统、方法和数字对象标识
CN112261005B (zh) * 2020-09-27 2022-12-06 中孚安全技术有限公司 一种Web安全登录密码的隐藏方法及系统
CN115630400B (zh) * 2022-12-21 2023-05-26 中电科网络安全科技股份有限公司 一种去标识化数据的查询方法、装置、设备及存储介质

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050132192A1 (en) * 2003-12-11 2005-06-16 International Business Machines Corporation Efficient method for providing secure remote access
CN102624740A (zh) * 2012-03-30 2012-08-01 奇智软件(北京)有限公司 一种数据交互方法及客户端、服务器

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1761926B (zh) * 2003-03-21 2010-09-01 皇家飞利浦电子股份有限公司 对关于用户和数据之间的关联的信息给出用户访问的方法和设备
US7751584B2 (en) * 2003-11-14 2010-07-06 Intel Corporation Method to provide transparent information in binary drivers via steganographic techniques
EP1913509B1 (fr) * 2005-08-05 2011-10-19 Hewlett-Packard Development Company, L.P. Systeme, procede et dispositif permettant d'obtenir une cle de chiffrement/dechiffrement/recuperation de donnees aupres d'un systeme de gestion de cle cryptographique d'entreprise
CN101471770B (zh) * 2007-12-24 2011-08-03 毛华 问答式双向身份、交易确认方法
CN101667255B (zh) * 2008-09-04 2011-12-21 华为技术有限公司 一种射频识别的安全认证方法、装置及系统
CN102075937B (zh) * 2011-01-06 2013-04-03 西安电子科技大学 移动ip注册时实现移动节点身份匿名性的方法
CN102136079B (zh) * 2011-03-07 2014-08-20 中兴通讯股份有限公司 一种读写器与标签卡之间的动态认证方法及实现装置
CN102143190B (zh) * 2011-05-11 2015-05-20 江汉大学 一种安全登陆方法和装置
CN102195782A (zh) * 2011-06-07 2011-09-21 吉林大学 身份与口令相融合的邮件系统双向身份认证方法
JP5275432B2 (ja) * 2011-11-11 2013-08-28 株式会社東芝 ストレージメディア、ホスト装置、メモリ装置、及びシステム
CN103139136B (zh) * 2011-11-22 2016-06-08 阿里巴巴集团控股有限公司 一种密码的管理方法和设备
US20130226812A1 (en) * 2012-02-24 2013-08-29 Mads Landrok Cloud proxy secured mobile payments
CN103415011B (zh) * 2013-08-05 2015-12-23 浙江工商大学 车载自组织网络的基于智能卡安全认证方法
CN103595710B (zh) * 2013-10-25 2016-11-23 北京交通大学 一种一体化标识网络连接标识生成方法
CN104408623A (zh) * 2014-10-11 2015-03-11 福建升腾资讯有限公司 一种适用于支付产品的身份认证方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050132192A1 (en) * 2003-12-11 2005-06-16 International Business Machines Corporation Efficient method for providing secure remote access
CN102624740A (zh) * 2012-03-30 2012-08-01 奇智软件(北京)有限公司 一种数据交互方法及客户端、服务器

Also Published As

Publication number Publication date
WO2016188401A1 (fr) 2016-12-01
CN107615704B (zh) 2021-06-25
CN107615797A (zh) 2018-01-19
CN107615704A (zh) 2018-01-19
CN107615797B (zh) 2021-01-26

Similar Documents

Publication Publication Date Title
CN109088889B (zh) 一种ssl加解密方法、系统及计算机可读存储介质
US9537861B2 (en) Method of mutual verification between a client and a server
Hwang et al. Improvement on Peyravian-Zunic's password authentication schemes
US7231526B2 (en) System and method for validating a network session
TWI436627B (zh) 使用瀏覽器認證線上交易的方法
US8209744B2 (en) Mobile device assisted secure computer network communication
US9661021B2 (en) System and method for anti-phishing authentication
US8275984B2 (en) TLS key and CGI session ID pairing
Yeh et al. A secure one-time password authentication scheme using smart cards
Kaur et al. A Secure Two‐Factor Authentication Framework in Cloud Computing
JP2016502377A (ja) 安全計算を用いて安全性を提供する方法
US20110179478A1 (en) Method for secure transmission of sensitive data utilizing network communications and for one time passcode and multi-factor authentication
WO2017185911A1 (fr) Procédé d'authentification d'un utilisateur de réseau
JP2010503323A (ja) 公衆ネットワークにおいて、リアルタイムに認証および保証された通信チャネルを確立するための方法およびシステム
CN109716725B (zh) 数据安全系统及其操作方法和计算机可读存储介质
CN106464493B (zh) 包含一次性通行码的持久性认证系统
US20060143695A1 (en) Anonymous Spoof resistant authentication and enrollment methods
WO2016188402A1 (fr) Appareil, procédé, et système d'anti-hameçonnage réseau
Huang et al. A token-based user authentication mechanism for data exchange in RESTful API
US20240305607A1 (en) Authentication procedure in a virtual private network
US9455973B1 (en) Secure storage and retrieval of data in a database with multiple data classes and multiple data identifiers
Raddum et al. Security analysis of mobile phones used as OTP generators
CN110784305A (zh) 基于不经意伪随机函数和签密的单点登录认证方法
Aboud Secure password authentication system using smart card
JP6165044B2 (ja) 利用者認証装置、システム、方法及びプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16799290

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16799290

Country of ref document: EP

Kind code of ref document: A1