WO2020095120A1

WO2020095120A1 - Password generation method which simultaneously satisfies security and usability

Info

Publication number: WO2020095120A1
Application number: PCT/IB2019/052719
Authority: WO
Inventors: 苏云; 希莫
Original assignee: 苏云; 希莫
Priority date: 2019-04-03
Filing date: 2019-04-03
Publication date: 2020-05-14
Also published as: CN113841146A

Abstract

The present invention relates to an authentication password generation method which is both very secure and very easy to use. Intermediate variables, which are referred to as substitute character strings, are set in a piece of password management software developed on the basis of the technical solution of the present invention, and a string of characters, which is inputted by means of a keyboard and known as an apparent password, is converted into a real password, which is outputted externally for identity authentication. The apparent password does not participate in the actual identity authentication, and may therefore be set in a simple manner. In addition, the substitute character strings stored in the software do not have any actual significance, and are only promptly combined according to a preset mixed insertion means when outputting an authentication password, to generate the real password, which is then outputted by means of a single key to an external password authentication form, for the actual identity authentication.

Description

Instructions

Name of invention: [Password generator that satisfies both security and ease of use

[0001] The present invention relates to the field of identity authentication of username + password, and in particular to a method for generating an authentication password that can satisfy both ease of use and security. Background technique

[0002] It has been more than half a century since the identity authentication model of username and password has been available. Logging in to various accounts in this way is not only an integral part of people ’s work in the information technology era It is also an important part of people's daily life.

[0003] The general operation method of this authentication mode is that, first, an authentication password needs to be generated, and the user selects several single characters according to a certain habit or password security policy among Arabic numerals, uppercase and lowercase Latin characters, and punctuation characters. , Combined into a string, which is used as the user's authentication password. Then, through a physical or virtual keyboard, enter the characters one by one into a password form that requires identity authentication, such as a computer, mobile phone, various software, email, website, database, or copy and paste this password into this In the password form, in order to carry out identity authentication, and then access to the relevant protected resources.

[0004] Designing a complex password is the key to the security of this authentication mode. In this process, the so-called password security strategy seems to play a vital role. For more than half a century, people have developed many password management methods and strategies that are considered to be highly secure and easy to use. Some are even mandatory. Many large enterprises, various institutions and websites have all launched their own passwords. Security strategy, and even developed some hardware products. Due to the cross-industry nature of this certification model, the participation involves almost all industries and the daily lives of ordinary people. Gradually, people have established some rules and standards and reached some basic consensus. The mainstream view is that the length of a password, including multiple characters, randomness and uniqueness are the key elements of a secure password, and the length of the password is particularly important. A long string of sufficient length, such as more than 10 digits, mixed with numbers, uppercase and lowercase letters, and punctuation marks, and combined out of order, is considered a secure password.

[0005] Some websites provide password security checking services for educational purposes, and determine the time required to crack a password through technical means to determine whether the password is safe. For example, the ButterBuys website uses 2019 technology to conduct a 12-digit password “abcdefghi jkl” composed entirely of lowercase letters. After the inspection, the results showed that it would take 100 years to crack it. However, the test result of the same 12-digit password "ABCdef-2016g" with some numbers, punctuation marks, and uppercase and lowercase letters shows that it takes 726,526,000 years to crack it, and it is almost impossible to crack a password that is more than 700 million years old. Cracked! If the order of letters, numbers and symbols in the password is disrupted, the randomness of the password will increase, which will further increase the difficulty of cracking. The test results and the analysis of the website show that a password of sufficient length and disorderly mixing various characters is a secure password that is difficult to crack.

[0006] However, the key to the problem is that the more digits, the more complex, and the more disordered the password, the more naturally it meets the requirements of password security, but the greater the difficulty for users to remember such passwords, and the difficulty of use Large, that is, the ease of use of very complex security passwords is very low. As a user, it is natural to hope that while the password is convenient to use, it can also ensure the security of the password. However, for a long time, the security of the password and the ease of use seem to be a contradictory relationship, and the obstacles between the two It seems insurmountable, which has become a super problem in the field of password authentication. As a result, in the actual operation process, the security of the password often succumbs to the convenience of use. With the help of the security policy, the user set a seemingly safe password, but because it is too complicated to copy it down, post it on the screen, or save it in the electronic device in clear code. Although it is convenient to use, the security of the password is virtually useless, which makes the account face huge risks. What's more worrying is that many users simply use passwords such as "123456" and "password" to make such super weak passwords top the list of the worst passwords of the US security software and service provider SplashData website for several consecutive years. First and second, highlight the helplessness and helplessness of most users with technology. In all these cases, users can't help but sigh: The only security is the password you can't remember!

[0007] As early as 2003, the National Institute of Standards and Technology wrote a report "NIST Special Publication 800-63, Appendix A", which made some guidelines for setting up secure passwords: use characters, numbers, and sizes Write letters and change the password regularly. In 2017, NIST revised the above report to emphasize the importance of password length. It is recommended to use a set of English words to form a password instead of a single character, that is, use "passphrase" instead of "password". It is no longer recommended to change the password regularly and weaken it. The role of mixed characters. Because words are easier to remember, longer passwords can be set and used. In view of the authority of NIST, the above report has already become the default password security strategy for government departments, enterprises, institutions and individual users, and in fact has become the industry standard.

[0008] We know that any security strategy is some artificial rules, recommendations or requirements. For example, select some words from the dictionary to set the password, use techniques such as "L8" instead of "Late", and choose irrelevant The vocabulary consists of "passphrase", such as "correct horse battery staple", and even designs some "vocabulary" that only you can understand. However, such a password security policy conflicts with the requirements of randomness. The more artificial factors, the worse the randomness, and the less secure the generated password. Because it is undeniable that such a security strategy is helpful for users to set a strong password, but it is more helpful to unauthorized users and hackers, because they rely on exactly this security strategy to crack passwords, and they This is better than the average user or even an industry expert. Another point is that the use of English vocabulary will greatly limit the scope of users.

[0009] Various problems in the prior art are concentrated on the weakness and helplessness of the user terminal in password management. In the more than half a century of the username and password authentication model, technology has developed rapidly, various service providers and hackers are advancing with the times, and encryption and decryption technologies have also continued to improve. For technical reasons, the weak situation in password management has never been reversed.

[0010] In order to solve these problems, people have developed many third-party and online password management software to help users generate, store, remember, and use complex passwords for identity authentication. This type of software plays a very important role in helping users set and store a large number of complex passwords, especially remembering these passwords. The more popular management software includes Dashlane, IPassword, LastPass and so on. The common feature of this type of software is that the password generated in the software is the password that is actually output and authenticated. More importantly, the confidential information such as the password of all accounts is directly encrypted and stored in these password management software, and the security status is always Worrying. Therefore, such software must set a login password that is sufficiently secure, generally called the master password, and the user must remember it firmly. In this way, the master password becomes the only line of defense for the security of such software. Once it is cracked, the confidential information stored in it will face the risk of leakage. In view of these deficiencies, some financial institutions and websites explicitly prohibit customers from using such password management software for account security reasons. Summary of the invention

[0011] The stringent requirements and severe status quo for password security have brought huge challenges to the generation, storage, memory, and use of passwords. In order to overcome these difficulties, and ultimately provide a user end that can meet the ease of use and For a secure password management method, the present invention provides the following technical solutions: In a password management software (hereinafter referred to as the software) developed based on the technical solutions of the present invention, the user arbitrarily selects a single character from the keyboard When entering this character, the software immediately converts it into a random character string, defined as a substitution character string, whose length or number of characters is greater than or equal to 1. For example, the character "n" is converted into the character string "& 0m (o" (Figure 1). After the conversion is completed, the replacement character string is stored in the software. Now, This software corresponds to a character “n” entered by the user from the keyboard, and corresponds to a character string “& 0m (o” stored in it. When the user enters the character “n” from the keyboard, the software reads from its memory The corresponding string "& 0m (o

[0012] Any character can be subjected to such random conversion in this software, for example, the capital letter "K" can be converted into the substitution string "# X9v", and the number "7" can be converted into "c ~ 6EL", Will symbol

Change to "P9g", convert the number "0" to "l? SG", and so on (Figure 2). Now, the user uses these five single characters to form a password "nK7 @ 0", which is defined as an apparent password, and the characters are defined as apparent characters.

[0013] These substitution strings are not the actual passwords that ultimately implement the authentication, but are only the products of some intermediate processes, have no practical meaning in themselves, and are separately encrypted and stored in the memory of the software. After the above character conversion process is completed, the password required for authentication can be generated. Taking the converted set of apparent characters as an example, when the user enters the five apparent characters in sequence through the keyboard, that is, when entering the apparent password, the software will immediately replace the corresponding corresponding characters The character strings are sequentially called out from the memory, and then these substitution character strings are sequentially combined according to a special order called premixing method preset by the user to form a longer character string. This is the real implementation of authentication password. Then use the one-key function of this software to export it to the password form for external authentication, or copy and paste it into this password form. For convenience of description, the apparent password and the real password are defined as a password pair.

[0014] The present invention emphasizes the important role of randomness in irreplaceable password security. Password length is undoubtedly a necessary condition for security, but if a long password lacks randomness, such as a "passphrase" or "password" generated based on a certain password security policy, the important role of password length will be great discount. After all, the man-made strategy is to eliminate some uncertainties, and thus lacks randomness. It helps users and gives hackers an opportunity. Therefore, only by increasing the randomness of the password and increasing its uncertainty, so that it can be found irregularly and without policy, can it be unique, and therefore it cannot be used by hackers. Therefore, randomness is a sufficient condition for password security. Brief description of the drawings

[0015] In order to more clearly and accurately explain the technical solutions of the embodiments of the present invention, the following will briefly introduce the drawings that need to be used in the embodiments. Obviously, the drawings described below are only some embodiments of the present application. For those skilled in the art, on the premise that no creative work is required, other related drawings can be derived from these drawings.

[0016] FIG. 1 is a schematic diagram of a method for converting a single character into a character string provided by an embodiment of the present invention.

[0017] FIG. 2 is a schematic diagram of converting a set of apparent characters into a set of substitution character strings provided by an embodiment of the present invention.

[0018] FIG. 3 is a flowchart of generating a real password according to a preset mixed interpolation method provided by an embodiment of the present invention.

[0019] FIG. 4 is a schematic diagram of modifying and outputting a real password provided by an embodiment of the present invention. Description of Examples

[0020] In order to make the technical solution of the present invention, the problems that can be solved more clear, the following will make a detailed and complete description of the technical solution of the present invention in conjunction with the accompanying drawings and embodiments. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all the embodiments, especially on the sufficient and complete definition of the hybrid interpolation method. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

[0021] Embodiments of the present invention provide a method for generating an identity authentication password that is both safe and very easy to use, to solve the contradiction between password security and ease of use in the prior art. The core of the present invention is to introduce an intermediate variable called substitution string, which divides the password input from the keyboard and the password output from the software for identity authentication into two different concepts, giving different definitions, and Different generation methods. The purpose of this character substitution is first to ensure the security and convenience of the password entered from the keyboard. Because the real password for identity authentication is not entered through the keyboard, the password can be set very personally according to the principle of simplicity. The second is to ensure the security and convenience of the password for identity authentication output from this software. Because the real passwords of all accounts are not directly stored in the software, but when the output is required for authentication, the stored related substitution strings are recalled from the memory and immediately combined according to a special mixing method , Generate a real password for authentication, and then output to an external password form. Accordingly, the present invention reinforces the security and ease of use on these two passwords, respectively, and solves the problem that the prior art has never been able to achieve the ease of use and security of the authentication password at the same time. The detailed description of the embodiment will be developed in several steps below.

[0022] FIG. 1 is a schematic diagram of a method for converting a single character into a substitution character string according to an embodiment of the present invention.

Enter a single character in the "Character Form" under the "Appearance Password"column; after selecting the number of digits in the substitution string in the drop-down menu below the "Character Digits" column, the substitution string is generated; click "" Substitution character The replacement character string under the "string" column can change the character combination. When the character entered by the user from the keyboard is the lowercase Latin letter "n" and the number of characters is selected as "5", the random character string generated by the software conversion is

"& 0m (o". Such a single character conversion is called a "single character substitution item".

[0023] Any universal character used by a computer can perform such character conversion, for example, converting the capital Latin letter "K" into a substitution string "# X9v", and converting the number "7" into "c ~" 6EL ", will

Convert to "P9g", convert the number "0" to "l? SG", etc.

[0024] FIG. 2 is a schematic diagram of converting a set of apparent characters into a set of substitution character strings according to an embodiment of the present invention.

Functionally, it is a combination of several single character conversion functions shown in Figure 1. The specific method is:

1) Enter a number in the "Number Form" on the right side of the "Appearance Characters" column in Figure 2, such as "5", and five single-character substitution items appear below, where each "Character Form" can be entered An apparent character. Directly click on the "Appearance Characters" column to change these 5 characters with one click;

2) Enter a number, such as "21", in the "digit number form" on the right side of the "Character digits" column in Figure 2 to limit the total number of characters of the 5 replacement strings. In the "Character digits" The number of substitution strings can be selected in the drop-down menu below the column. Click the "Character Digits" column directly to change these 5 digit values with one click;

3) After the number of characters is determined, 5 substitution strings are generated immediately. Click on them respectively to change the character combination, or you can directly click on the "Substitution String" field and change their character combination with one click. After the setting is completed, all substitution strings are separately encrypted and stored in the software.

[0025] FIG. 3 shows the process of combining and outputting real passwords according to the special order set by the user: This is based on FIG. 2 and adds a method and sequence for combining various substitution character strings, that is, a mixed insertion method. In the drop-down menu under the "Mixed Insertion Mode" column, you can select the mixed insertion mode of each substitution character string, such as "6wP", etc. The specific meaning of such labels will be explained in detail below. You can also directly click on the "Mixed Insertion" column and change them with one click.

[0026] After the above settings are completed, the apparent password “nK7 @ 0” is displayed at the bottom left of FIG. 3, click this button, and a 21-digit string “& 0m ( _O # X9 _VC ~ 6ELP9gl? SG ”, this is the real password that is output to the outside for identity authentication. This is the simplest end-to-end mixed interpolation method, which combines 5 substitution strings to generate a real password, including 5 Arabic numerals, 6 lowercase letters, 5 uppercase letters, 5 punctuation marks. [0027] It should be particularly pointed out that the apparent password box and the real password box at the bottom of FIG. 3 are simulated password boxes added to illustrate the technical solution of the present invention, and it is not the real function of the software, because the software does not The real password of each account is not saved.

[0028] There is a special case in the conversion mode of FIG. 3, if the number of digits of each substitution string is set to "1", the software will not need to perform character conversion, and each substitution string becomes A single character is also equal to the corresponding apparent character. The result is that the apparent password is exactly the same as the real password.

[0029] At this point, the apparent password and the real password of an account, that is, the password pair of the account, are set.

Since the apparent password is not the password for actual identity authentication, it can be set more simple and personalized, as long as the user is easy to remember and use, but it must be converted into a strong real password, remember! Although the real password generated by this software is very complex and safe enough, users do not need to remember it or enter it manually for identity authentication. It can be seen that the security and ease of use of the password are also reflected in this password pair. In addition, the software only saves all substitution strings, but does not save the real password of any account, which pushes the security of the account password to the extreme and makes up for the biggest hidden danger of the existing password management software.

[0030] When entering this password into the BetterBuys website for testing, the conclusion given is "Infinity", meaning "infinite", indicating that this password can never be cracked, it is unique and meets all the requirements of a secure password.

[0031] In order to further strengthen the security of the real password, the user may select a more complicated method for generating the real password, which mainly depends on the selection of the mixed interpolation method. Taking the mode of FIG. 3 as an example, the description is as follows: Embodiment 1

[0032] When entering the characters "n" and "K" in the character form, the software generates two corresponding substitution strings "& 0m (o" and "# X9v". The latter is combined with the former The mixing methods are:

[0033] The first type of mixed interpolation method is to treat the character string "# X9v" as a whole and insert it into the previous character string

At any position of "& 0m (o", lowercase letter "w" is used to indicate this type of interpolating method. There are 6 insertion points in the string "& 0m (o", starting from the left of the character "&" and starting from "1 "To" 6 "sorting. Select the position" 2 "or the characters"&"and" 0 "as the insertion point, insert the string of" K "into the whole in a positive sequence from left to right, and get a 9-bit Temporary string of numbers "&# X9v0m (o", this mixed interpolation method is marked as "2wP", the number "2" indicates the position of the insertion point, and the capital letter "P" indicates the positive sequence. If you press at the same insertion point When inserted in reverse order from right to left, the temporary string obtained is "& v9X # 0m (o", marked as "2wR", capitalized The letter "R" means reverse order, that is, the character string "# X9v" is reversed to "v9X #" and then inserted. It is not difficult to figure out that there are 12 possible intermixing methods for the "K" character string, and 12 different 9-digit temporary character strings can be combined.

[0034] The software provides many kinds of mixed substitution string combinations, respectively using letters + numbers to label them, each label represents a mixed insertion substitution string sequence and method. According to the above-mentioned mixed interpolation method, the label “6wP” in FIG. 3 means that at the end of the previous substitution character string “& 0m (o), that is, at the sixth insertion point, the character string“ # X9v "Whole, positive sequence insertion, get 9-digit temporary character string" &# X9v0m (o ". The mixed way marked" 10wP "is to insert the temporary character of the replacement character string" c ~ 6EL "whole, positive sequence The far right of the string, the 10th insertion point, gets a 14-bit temporary string. By analogy, we can see the meaning of "15wP" and "18wP" until the final real password is generated. It is not difficult to work out, follow this When one type of mixed interpolation method combines the above five substitution character strings, a total of 98 different real passwords can be generated.

[0035] The second type of mixed insertion method is to imitate the card shuffling method of the poker game, set the software to insert the substitution string of "K" into the string of "n", and mark this with the letter "s" Type of mixed interpolation. Select the position "3" of the replacement character string "& 0m (o" as the insertion point, insert the character string "# X9v" in a positive order, and insert it at intervals of "1", thus obtaining a 9-digit temporary character string "& 0 #mX (9ov ", this mixed interpolation method is marked as" 3sPGl ", the letter" G "indicates equal interval, and the" 1 "on the right side is the interval value. If you insert in reverse order at the same insertion point, you will get The temporary character string is "v9 & X0 # m ( _O ", marked as "3sRGl". Easy lj removes the two results that are repeated with the first type of interpolating method. The "K" character string has 10 possible interpolating results. It is not difficult to figure out that after all the above five substitution character strings are interpolated according to this type of interpolated method, a total of 90 different real passwords can be generated.

[0036] When a different interval value is selected, for example, "2", "3" or "4", many kinds of marked interpolated ways are generated, and more real passwords are generated. If you select a mixed interpolation method with unequal intervals, for example the sequence "1, 3

5, 7 ", or" 2, 4, 6, 8 ", or Fibonacci numbers, or larger spans or even unordered interval values, more temporary strings and real passwords will be generated. All of these The mixed insertion method will be set in this software for users to choose and use. In actual use, the user may understand the meaning of various signs, without having to remember them, as far as possible, use the one-click function of the "mixed insertion method" column, Give full play to the convenience of password setting. [0037] The reason why the mixed interpolation method is important is that, although all the substitution strings are randomly generated and encrypted, they have no practical meaning, but after storage, their character structure is fixed Down, that is, the order between characters is fixed, which is equivalent to a certain regularity. Therefore, for the sake of absolute security, the order and structure of the original substitution strings must be completely and thoroughly disrupted when generating real passwords. On the premise of ensuring the length of the password, the requirements for randomness are fully met. Set up a truly secure authentication password to realize the security concept of "the only security is the password that does not rely on artificial policies".

[0038] After adopting the technical solution of the present invention, whether the password is designed using "passphrase" or "password" is not much different. Choose a few words from the English dictionary (although we do not recommend it), regardless of whether the user understands them, using the unique mixing method of the present invention to completely disrupt their existing order and meaning, it can also generate disorder and randomness , Secure password without any clues and rules.

Example 3

[0039] FIG. 4 is a schematic diagram of an account modification and output of a real password. Separate two parts to elaborate:

1) When a group of asterisks appears in the password box under the "Password" column in the figure, it means that the account password pair has been set. Clicking on this password box will pop up a password form. After entering the apparent password of the account, you will enter the password pair setting mode shown in Figure 3. You can modify the old password pair.

2) When outputting the real password, click the arrow icon in the figure to pop up a password form. After entering the corresponding apparent password authentication, the software will immediately combine the related substitution strings to generate the real password and output it to Identity verification is performed in an external password form. You can also click the copy icon in the figure and enter the apparent password authentication of the account in the pop-up password form. The software will copy and paste the generated real password into the external form for authentication.

[0040] The authentication functions of the three pop-up password forms under the “Password” column of FIG. 4 are all optional, and the user can set them all to the apparent password of this account, or can directly enter without clicking them by clicking the password box For the setting and modification mode of the password pair, click the arrow icon to output the real password with one key, and click the copy icon to paste and output the real password. For users with high password security requirements, setting these three apparent passwords is to build a second line of defense for their accounts. Since you can enter the password pair setting mode by clicking the password box under the "Password" column, the apparent passwords, substitution strings, and mixed insertion methods of this account will be at a glance, so it is very important to set an authentication password for this modification function. necessary. In general, there is no need to change the password frequently, and there are not many opportunities to use this function. It is necessary to set up an apparent password to seal the account information. As for the setting of the apparent password of the other two output keys, it can vary from person to person. [0041] There are two situations where a password pair needs to be set:

1) Set a password pair to log in to the software. The apparent password, which is the master password, is the only password the user must remember. The real password is stored in this software, which is the only real password in the present invention that needs to be stored locally. It should be emphasized that the master password must not be the same as the three apparent passwords under the "Password" column in Figure 4;

2) Set a password pair for an account. The apparent password is responsible for the password authentication of the three functions under the "Password" column in Figure 4. The real password in the password pair is a password that is generated immediately and needs to be externally authenticated when it needs to be output, and it is not saved in the software. Industrial applicability

[0042] This software is a tool for realizing the technical solution of the present invention. With reference to the above embodiments, this password management software can be developed. After introducing the concept of substitution character string, it simultaneously satisfies the ease of use and security of the authentication password, breaks through the bottleneck of the existing technology, and embodies the value of the present invention in practical applications. Compared with the prior art, the beneficial effects of the present invention are:

[0043] 1. The introduction of the substitution string concept makes the password entered by the keyboard and the password output by the password management software for identity authentication into two different concepts, bringing a brand-new idea to the field of password setting. In the present invention, the correspondence between the apparent password and the real password is unique. More importantly, the correct connection between these two passwords can only be established on the terminal of the user who installed the software. It is impossible to establish this connection on any other device. This makes the apparent password a password that is not afraid of peeping or sniffing, can be set easily and is easy to use, and users can convert a simple and personalized apparent password into an arbitrary and complex real password. What is more useful is that when the technical solution of the present invention is applied to the occasion of online password management, the beneficial effects are more prominent, because only when logging in to the online account in the web page opened on the user's own terminal can two passwords be established Correct connection between them, and when logging into the same account through the same web page on any other terminal, even if the user ’s apparent password has been cracked, it is impossible to achieve such a correct connection, because there is no substitution of intermediate variables String. Unless the cracker of the apparent password also has a user terminal with this software installed.

[0044] 2. There is only one password that the user must remember, that is, the master password. On the surface, this seems to be the same as the existing technology, but in fact it is essentially different. The prior art password management software relies heavily on the master password. It is the only line of defense for account information in the software. Once leaked, it may affect the information security of the entire account. The key difference of the present invention is that the confidential information of any account is not directly saved in this software, even in extreme cases, The master password and the user ’s terminal are leaked to the same malicious user at the same time, and a second line of defense can protect the security of the account information. This is where the substitution string does not carry any useful information and has the advantage and application value.

[0045] 3. In the user name + password authentication mode, the weakness and helplessness of the user end is finally reversed in the present invention, and the improvement of the user end in turn benefits the server, this advantage and application value The invention will benefit a wider range of users.

[0046] 4. The characters involved in the present invention are mainly ASCI I characters, but are not limited thereto. Characters that can be processed and printed by operating systems in any language can be used in the password setting of the present invention, such as UNICODE, even radicals in Chinese, Japanese pseudonyms, etc., further increasing the difficulty of cracking passwords. List of reference signs

[0047] 100: conversion principle of a single character

[0048] 150: Principle of conversion of a group of characters

[0049] 152: Process of generating real password by combining combinations

[0050] 200: Password pair setting, modification and output principle of real password

[0051] 120: column of “apparent characters”

[0052] 122: Character form, enter apparent characters into it

[0053] 124: digital form, limited character substitution item, or the number of apparent characters, or the number of digits of the apparent password [0054] 140: "character digits" column

[0055] 142: drop-down menu of character digits

[0056] 144: digit table, limiting the total digits of all substitution strings in the account, or the digits of the real password

[0057] 160: "Substitution String" column

[0058] 162: Substitution string display column

[0059] 180: "Mixed Insertion Mode" column

[0060] 182: Indication of mixed insertion mode

[0061] 202: Account password box, click to enter the password pair setting or modification mode

[0062] 204: arrow icon, click to output real password directly [0063] 206: Copy icon, click to copy, paste and output real password reference file list

Patent Literature

[0064] Patent Literature 1: Systems and methods for evaluating a password policy.

United States Patent: 8769607 (Filed: January 26, 2011), July 1, 2014. Jerdonet et al.

[0065] Patent Literature 2: Cloud-based active password manager. United States Patent: 9824208 (Filed: July 6, 2015), November 21, 2017. Cavanagh et al.

[0066] Patent Literature 3: Systems and methods for providing a covert password

manager. United States Patent: 9716706 (Filed: December 29, 2016). July 25, 2017. Fitzgerald.

[0067] Patent Literature 4: Method and system for efficient password input. United States Patent: 10075430 (Filed:). September 2018. Guo. Non-Patent Literature

[0068] Non-Patent Document 1: Shay, et al. "Correct horse battery staple: exploring the usability of system-assigned passphrases.," Symposium on Usable Privacy and Security (SOUPS) 2012, Jul. 11-13, 2012, pp . 1-20.

[0069] Non-Patent Literature 2: Li. Zhiwei, et al. “The Emperor ’s New Password

Manager: Security Analysis of Web-based Password Managers. ’’ USENIX Security Symposium. 2014. pp. 465-479.

[0070] Non-Patent Literature 3: Dashlane, áURL: https://www.dashlane.com/

[0071] Non-Patent Literature 4: IPassword, áURL: https://lpassword.com/>

[0072] Non-Patent Literature 5: LastPass, URL: https: // www. Lastpass. Com />

[0073] Non-Patent Document 6: Yubikey, URL: https: // www. Yubico. Com /> [0074] Non-Patent Document 7: Troy Hunt, “A brief Sony password analysis.” Jun. 6, 2011. áURL: https://www.troyhunt.com/brief-sony-password-analysis/>

[0075] Non-Patent Literature 8: BetterBuy, “Estimating your password cracking times.,’ URL: https: // www. Betterbuys.com/estimating-passwords-cracking-times/>

[0076] Non-Patent Document 9: John Hall, "SplashData, s Top 100 Worst Passwords of 2018 ·" Dec. 13, 2018. áURL: https:.. // www teamid com / splashdatas_top-100- worst-passwords-of -2018>

[0077] Non-Patent Literature 10: Grassi, et al. “Digital Identity Guideline, NIST

Special Publication 800-63 _· ”Jun. 22, 2017. áURL:

https: // doi. org / 10. 6028 / NIST. SP. 800-63-3 ñ

[0078] Non-Patent Document 11: Microsoft, "Password Must Meet Complexity

Requirements. ”Sep. 8, 2017. áURL: https: // docs. Microsoft. Com / en- us / windows / security / threat-protection / security-policy-settings / password- must-meet-complexity-requirements>

[0079] Non-Patent Document 12: Tayler McDowell, "The 10 Password Commandments." Now.

14, 2016. áURL: http: // blog. Nfrontsecurity. Com / 2016/11 / the-10-password-commandments />

[0080] Non-Patent Document 13: Issac Sabes, Pandora Security, “10 Commandments of Password Security.,’ URL: https: // www. Pandoralabs. Net / 10-commandments-of-password-security />

[0081] Non-Patent Literature 14: Dennis 0, Reilly, "Keep your data safe by following the password commandments." CNET News, Feb. 27, 2008. áURL:

https: // www. cnet. com / news / keep-your-data-saf e-by-fol lowing-the-password- commandments />

[0082] Non-Patent Document 15: Randall Stross, “A strong password is n’t the

strongest security., ’The New York Times, Sep. 4, 2040. áURL:

http: // www. ny times. com / 2010/09/05 / business / 05digi / html? scp = l & sq = passwprd & ^_ st ^_ cse ñ [0083] Non-Patent Document 16: Ives B., Walsh KR and Schneider H. (2004) "The Domino Effect of Password Reuse.," Communications of the ACM, 47: 4, 75-78.

[0084] Non-Patent Literature 17: AMP Bank Ltd., Account access and operating terms and conditions, pp. 16-17. ÁURL:

https: // www. amp. com. au / personal / banking / security / bank-terms-and- conditions> |

Claims

[Claim i] [A method for generating an authentication password, characterized in that the method includes: a user logs in to a password management software developed based on the technical solution of the present invention, which is referred to as the software for short; setting the software will A single character, defined as an apparent character, is converted into a string, defined as a substitution string; the user uses several of the apparent characters to form a password, which is defined as an apparent password, and all of the Convert the concept characters into a set of the replacement character strings; the user selects a mixed interpolation method from the software to insert a replacement character string into the previous replacement character string or the previous one In the pre-selected insertion point on the temporary string. Repeat this operation in turn until the last substitution of the substitution strings is completed, and a longer string is obtained, defined as the real password; using the one-key function of the software, the substitution strings are immediately combined Get up, generate a real password, and simultaneously output or copy and paste it into an external password form with one key to perform actual identity authentication; the software provides many kinds of mixed insertion methods, which are respectively marked with a combination of numbers and letters For users to choose to use; define the apparent password and the real password as a password pair.

[Claim 2] The password generating method according to claim 1, characterized in that the software converts one of the apparent characters into the substitution character string (100), which is a single character substitution item Specific operation methods include:

1) Enter one of the apparent characters in the character form (122) and select one of the digit values in the drop-down menu (142), and the apparent character will be converted into a substitution character with a corresponding number of digits String (162);

2) Click on the substitution character string (162) to further change the character group cooperation. The number of characters of the newly generated substitution character string must be equal to the value in the drop-down menu (142).

[Claim 3] The password generating method according to claim 1, characterized in that one of the apparent passwords is set, and the software converts each of the apparent characters into one of the substitutions String (150), and:

1) Enter a number in the number form (124), and the corresponding number of the single-character substitution items appears below, which is also the number of digits of the apparent password;

2) In each of the character forms (122), enter each of the apparent characters, or click the "Appearance of Characters" column (120), and generate or change all of the apparent characters with one click;

3) Enter a number in the digit table (144) and enter the total number of digits in all the substitution strings Line limit

4) In each drop-down menu (142), select the number of digits of the substitution string one by one, or click the "Number of Characters" column (140) to generate or change each substitution string with one click Number of digits

5) Click on each of the substitution character strings (162) to modify the character combinations in it, or click on the "Substitution String" column (160) and modify all the character combinations with one click.

[Claim 4] The password generating method according to claim 1, characterized in that the software provides many kinds of the mixed interpolating methods, which are respectively marked with a combination of "numbers and letters" for users to choose to use Each of the labels represents a method and sequence of mixing and inserting one substitution character string into the insertion point of the previous substitution character string or temporary character string.

[Claim 5] The method for generating a password according to claim 4, characterized in that the first type of mixed interpolation method (182) provided by the software is to treat each of the substitution character strings as As a whole, it is inserted at the insertion point in the previous substitution character string or the temporary character string. The operation is performed in order from the top to the bottom according to the replacement character string (162), and the specific method is:

1) The operation rule of the first item in the label (182) is to set the insertion point on the first substitution string (162) under the “Substitution String” column, and set the insertion point The two replacement character strings as a whole are inserted into the insertion point in a positive order from left to right or in reverse order from right to left to generate the first temporary character string;

2) The second rule of operation in the sign (182) is to set a second insertion point on the first temporary character string and replace the third substitution character string (162) Insert the whole in positive or reverse order to generate the second temporary character string;

3) By analogy, until the last substitution string is inserted into the previous temporary string in positive or reverse order, the setting of the real password is completed.

[Claim 6] The method for generating a password according to claim 4, characterized in that the second type of the mixed insertion method provided by the software is to imitate the method of shuffling cards in a poker game, which The substitution character strings are intermixed and inserted into the insertion point in the previous substitution character string or the temporary character string. The operations are performed in order from the top to the bottom of each substitution character string (162), and the specific mixed insertion method includes but is not limited to the following steps:

1) Set the insertion point in the first substitution character string, insert the second substitution character string at regular intervals in a positive or reverse order, and generate the first Temporary String

2) Set the second insertion point in the first temporary character string, and insert the third substitution character string in regular or reverse order at regular intervals according to the shuffle method to generate the first Three said temporary character strings;

3) By analogy, until the last substitution string is inserted at the preset insertion point in the previous temporary string, the setting of the real password is completed.

[Claim 7] The password generating method according to claim 4, characterized in that, after the setting of the real password is completed, each combination of the number of character digits (142) and each of the substitution character strings ( The combination of 162), as well as the combination of each of the mixed insertion methods (182), are fixed and encrypted and stored in the software.

[Claim 8] The method for generating a password according to claim 4, characterized in that, in the software, possible mixing methods are classified and marked with a combination of "numbers and letters", The classification of mixed interpolation methods includes but is not limited to:

1) The lowercase Latin letter "w" represents that the substitution string is regarded as a whole and is inserted into the previous substitution string or the temporary string;

2) The lower-case letter " _s " represents that one of the substitution character strings is mixed and inserted into the previous substitution character string or the temporary character string in the manner of shuffling;

3) The capital letter "P" indicates that the mixed insertion method is a positive sequence from left to right; the capital letter "R" indicates that the mixed insertion method is a reverse sequence from right to left;

4) The capital letter "G" indicates that the mixed interpolation method is equally spaced, and the number following it represents the interval value; the capital letter "N" represents non-equally spaced, and the subsequent number or sequence of numbers is parallel to the mixed interpolation Way for further classification;

5) The label of each of the mixed insertion modes can be selected item by item in the corresponding drop-down menu (182), or you can click the "Mixed insertion mode" column (180) to select or change all the mixed The indication of the insertion mode.

[Claim 9] The password production method according to claim 1, characterized in that there are two methods for generating and outputting the real password at the same time to perform actual external password authentication (200) _:

1) Click the arrow icon (204), a password form pops up, after entering the apparent password of the account and passing the authentication, the software immediately transfers the corresponding set of substitution strings (162) from the It is called from the memory of the software, combined according to the preset mixed insertion method to generate the real password, and directly output to the outside for password authentication. The user can choose not to set the apparent password, the password form will not pop up, but directly output the real password to the external password form for authentication;

2) Click the copy icon (206), a password form pops up, and after entering the apparent password of the account through authentication, the software immediately transfers the corresponding set of substitution strings (162) from the text It is called from the memory of the software, combined according to the preset mixed insertion mode to generate the real password, and pasted and output to the outside to implement password authentication. The user can choose not to set the apparent password, the password form will not pop up, but paste the real password into the external password form for authentication.

[Claim 10] The cipher production method according to claim 1, characterized in that, in the software, the specific method of setting and modifying any one of the cipher pairs is (200):

1) When setting the password pair for a newly opened account, click the blank password box of the account to enter the password pair setting mode (152). After setting the password pair and exiting, the blank password box Has been filled with a set of asterisks (202);

2) When modifying the password pair of an account, click the password box (202), enter the apparent password of the account in the pop-up password form, and enter the setting mode after authentication

(152) implement the necessary modifications;

3) When setting the master password for logging in to the software, it will directly enter the setting mode (152), and the master password must be remembered by the user. When modifying the master password, enter the old master password in the pop-up password form, and enter the setting mode (152) for modification after authentication.

[Claim 11] The password production method according to claim 1, characterized in that the memory of the software will:

1) Store all the substitution strings separately;

2) Store the combination of the number of character digits (142) that generated the real password (152), and the combination of preset preset mixed insertion modes (182);

3) Store the real password corresponding to the master password, which is the only real password stored in the software. 1