[go: up one dir, main page]

CN110166225A - A kind of password has timeliness and authenticates the unrestricted dynamic password authentication method of number - Google Patents

A kind of password has timeliness and authenticates the unrestricted dynamic password authentication method of number Download PDF

Info

Publication number
CN110166225A
CN110166225A CN201910582667.XA CN201910582667A CN110166225A CN 110166225 A CN110166225 A CN 110166225A CN 201910582667 A CN201910582667 A CN 201910582667A CN 110166225 A CN110166225 A CN 110166225A
Authority
CN
China
Prior art keywords
user
now
prev
password
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910582667.XA
Other languages
Chinese (zh)
Inventor
朱友文
鲁迁迁
李易乾
戴士博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Aeronautics and Astronautics
Original Assignee
Nanjing University of Aeronautics and Astronautics
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Aeronautics and Astronautics filed Critical Nanjing University of Aeronautics and Astronautics
Priority to CN201910582667.XA priority Critical patent/CN110166225A/en
Publication of CN110166225A publication Critical patent/CN110166225A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

本发明涉及一种口令具有时效且认证次数不受限的动态口令认证方法,属于信息安全领域,该发明利用小学生接力赛步的思想,在用户两次登录间歇生成短的哈希链,用户的每一次成功登录都会将下一次的验证值发送给服务器,通过这样的接力过程,实现动态口令认证次数是无限的;同时每个动态口令都具有时效,无论用户是否使用动态口令,动态口令都只在一个极短的一段时间内有效,从而增加了攻击者破解口令的难度;另外,使用N个不同的哈希函数生成动态口令,避免了生日攻击,进一步提高了用户账户的安全性。本方案适用于用户对口令安全的要求较高,特别适合用户既希望无需重注册又对动态口令安全要求比较高的情况。

The invention relates to a dynamic password authentication method with a time-sensitive password and an unlimited number of authentication times, which belongs to the field of information security. The invention uses the idea of a relay race for elementary school students to generate a short hash chain between two logins of a user, and the user's Each successful login will send the next verification value to the server. Through such a relay process, the number of dynamic password authentications is unlimited; at the same time, each dynamic password has a time limit, no matter whether the user uses the dynamic password or not, the dynamic password is only valid Valid for a very short period of time, which increases the difficulty for attackers to crack passwords; in addition, using N different hash functions to generate dynamic passwords avoids birthday attacks and further improves the security of user accounts. This solution is suitable for users who have high requirements for password security, and is especially suitable for situations where users do not need to re-register and have high requirements for dynamic password security.

Description

一种口令具有时效且认证次数不受限的动态口令认证方法A dynamic password authentication method with time-sensitive password and unlimited authentication times

技术领域technical field

本发明属于信息安全领域,具体涉及一种口令具有时效且认证次数不受限的动态口令认证方法。The invention belongs to the field of information security, and in particular relates to a dynamic password authentication method with time-sensitive password and unlimited authentication times.

背景技术Background technique

随着信息的多元化及数字化的迅猛发展,信息安全技术越来越显示其重要地位,而且信息安全技术应用水平的高低直接影响了信息高速公路建设的发展。在传统的身份认证中,最常用的是静态口令认证方法,但是由于静态口令自身的缺陷,这种方法无法提供足够的访问安全性。动态口令不但具有静态口令的成本低、部署简单等特点,还能提高信息认证的安全性,它正是针对传统静态口令的安全弱点提出的一次一变的身份认证方式。其基本思想是:在用户的每次登录过程中,加入不确定因素以生成动态变化的信息,从而提高登录过程的安全性。动态口令身份认证是目前身份认证领域的前沿和热点,也是一种广泛使用的认证方式。With the diversification of information and the rapid development of digitalization, information security technology is increasingly showing its important position, and the application level of information security technology directly affects the development of information highway construction. In the traditional identity authentication, the most commonly used method is the static password authentication method, but due to the defects of the static password itself, this method cannot provide sufficient access security. Dynamic passwords not only have the characteristics of low cost and simple deployment of static passwords, but also improve the security of information authentication. It is a one-time-change identity authentication method proposed to address the security weaknesses of traditional static passwords. The basic idea is: in each login process of the user, adding uncertain factors to generate dynamically changing information, thereby improving the security of the login process. Dynamic password authentication is the frontier and hot spot in the field of identity authentication, and it is also a widely used authentication method.

美国科学家Lamport在1981年首次提出了利用哈希函数产生动态口令的思想,Haller在Lamport方案的基础上提出S/KEY方案,虽然该方案被广泛地应用于各种口令机制中,但是它仍有许多待改进的地方,如:动态口令的认证次数受哈希链链长的限制,所以口令用完之后需要重注册(重注册是指动态口令的个数受到哈希链长度的限制,由于哈希链链长是固定的,所以产生的动态口令个数也是有限的,当这些动态口令使用完时,用户需要重新生成一条新链,并将验证值提交给服务器);需要消耗一定的时间或者存储空间来计算或者存储所有的OTP的值;不能抵抗小数字攻击、重演攻击等多种攻击。后来许多研究人员对其方案的性能进行了优化。2017年,Kogan提出的“安全哈希链的第二因子认证”[KoganD,Manohar N,Boneh D.T/Key:Second-Factor Authentication From Secure HashChains[J].2017.]方案以及2018年,Park提出的“基于哈希链的无需分享密钥和重注册的动态口令”[Park,Chang-Seop.One-time password based on hash chain withoutshared secret and re-registration[J].Computers&Security,2018:S0167404818301391.]方案产生了非凡的影响。American scientist Lamport first proposed the idea of using a hash function to generate a dynamic password in 1981. Haller proposed the S/KEY scheme on the basis of the Lamport scheme. Although this scheme is widely used in various password mechanisms, it still has There are many areas to be improved, such as: the number of dynamic password authentications is limited by the length of the hash chain, so re-registration is required after the password is used up (re-registration means that the number of dynamic passwords is limited by the length of the hash chain, due to the The chain length is fixed, so the number of dynamic passwords generated is also limited. When these dynamic passwords are used up, the user needs to regenerate a new chain and submit the verification value to the server); it takes a certain amount of time or The storage space is used to calculate or store all OTP values; it cannot resist various attacks such as small number attacks and replay attacks. Later, many researchers optimized the performance of their scheme. In 2017, Kogan proposed "Second-Factor Authentication of Secure Hash Chains" [KoganD, Manohar N, Boneh D.T/Key: Second-Factor Authentication From Secure HashChains[J]. 2017.] and in 2018, Park proposed "Dynamic password based on hash chain without shared secret and re-registration" [Park, Chang-Seop. One-time password based on hash chain without shared secret and re-registration[J]. Computers&Security, 2018: S0167404818301391.] scheme had an extraordinary impact.

Park的贡献主要在于构建一种新型短链并将短链连接成长链,实现了动态口令的认证次数不受限,成功避免了用户需要重注册的问题;同时提高了方案的安全性,它可以抵抗中间人攻击、会话劫持攻击等多种攻击,即使攻击者修改了当前用户发送过来的OTP值,也无法伪造被服务器接受的下一个OTP值。Park's contribution is mainly to build a new type of short chain and connect the short chain to the long chain, which realizes the unlimited number of dynamic password authentications and successfully avoids the problem of users needing to re-register; at the same time, it improves the security of the scheme. It can Resists various attacks such as man-in-the-middle attacks and session hijacking attacks. Even if the attacker modifies the OTP value sent by the current user, he cannot forge the next OTP value accepted by the server.

虽然Park避免了重注册问题同时可以抵抗多种攻击,但是此方案仍存在不足之处:他忽略了口令时效性的问题,动态口令在距离用户最近一次成功登陆和下一次成功登录之前一直是有效的,即动态口令在一个不确定的时间内有效,如果用户两次登陆的时间间隔很长,就给了攻击者可乘之机,而且如果每个认证尝试的计数器值被服务器传送给客户端,则该漏洞被放大,例如S/KEY方案。Although Park avoids the problem of re-registration and can resist various attacks, there are still shortcomings in this scheme: he ignores the problem of password timeliness, and the dynamic password is valid until the user's latest successful login and the next successful login. Yes, that is, the dynamic password is valid for an uncertain time. If the time interval between the user's two logins is long, it will give the attacker an opportunity, and if the counter value of each authentication attempt is sent by the server to the client , the vulnerability is amplified, such as the S/KEY scheme.

Kogan的方案实现了动态口令在一个固定的极短的时间内有效,在此以前,大多数研究人员都忽略了口令有效时间的问题;他使用N个不同的哈希函数生成动态口令,避免了Hu Jakobsson和Perrig提出的“生日攻击”(所谓的生日攻击是指一条长度为N的哈希链是由同一个哈希函数迭代N次而生成,我们取得第i次的口令为xi,记作为x0,然后对x0进行哈希迭代,只要和哈希链中的任何一个哈希值相同,我们就称发生了碰撞,只要发生了碰撞,那么就成功的找到了它的一个原像,所谓原像是指:如果y=h(x),则称x为y的原像,即输入单向散列函数的消息也称为原像,我们把这样的攻击称之为生日攻击)的问题。Kogan's scheme realizes that the dynamic password is valid for a fixed and extremely short time. Before that, most researchers ignored the problem of the valid time of the password; he used N different hash functions to generate the dynamic password, avoiding The "birthday attack" proposed by Hu Jakobsson and Perrig (the so-called birthday attack means that a hash chain with a length of N is generated by iterating the same hash function N times, we obtain the i-th password as x i , denote As x 0 , then perform hash iteration on x 0 , as long as it is the same as any hash value in the hash chain, we say that a collision has occurred, as long as a collision occurs, then a preimage of it has been successfully found , the so-called preimage refers to: if y=h(x), then x is called the preimage of y, that is, the message input into the one-way hash function is also called the preimage, and we call such an attack a birthday attack) The problem.

当然Kogan的方案的缺点也十分明显:仍受限于Lamport方案中链长固定,需要重注册的问题。Of course, the shortcomings of Kogan's scheme are also very obvious: it is still limited by the fixed chain length in the Lamport scheme and the need to re-register.

发明内容Contents of the invention

本发明结合Kogan方案和Park方案的思想以达到两种方案的最佳性能:无需重注册和动态口令具有时效,提出了一种口令具有时效且认证次数不受限的动态口令认证方法。本发明可以在满足无需重注册(重注册是指动态口令的个数受到哈希链长度的限制,由于哈希链链长是固定的,所以产生的动态口令个数也是有限的,当这些动态口令使用完时,用户需要重新生成一条新链,并将验证值提交给服务器)的基础上,实现口令具有时效,无论用户是否登录,口令都在一个极短的时间有效,攻击者几乎不可能在这极短的时间内破解动态口令,从而保护了用户的安全性;同时使用N个不同的哈希函数生成哈希链,避免了生日攻击(所谓的生日攻击是指一条长度为N的哈希链是由同一个哈希函数迭代N次而生成,我们取得第i次的口令为xi,记作为x0,然后对x0进行哈希迭代,只要和哈希链中的任何一个哈希值相同,我们就称发生了碰撞,只要发生了碰撞,那么就成功的找到了它的一个原像(如果y=h(x),则称x为y的原像,即输入单向散列函数的消息也称为原像),我们把这样的攻击称之为生日攻击)。The invention combines the ideas of the Kogan scheme and the Park scheme to achieve the best performance of the two schemes: no re-registration is required and the dynamic password has timeliness, and a dynamic password authentication method with timeliness password and unlimited authentication times is proposed. The present invention can meet without re-registration (re-registration refers to that the number of dynamic passwords is limited by the length of the hash chain, because the length of the hash chain is fixed, so the number of dynamic passwords produced is also limited, when these dynamic When the password is used up, the user needs to regenerate a new chain and submit the verification value to the server), the password is time-sensitive, no matter whether the user logs in or not, the password is valid in a very short time, and it is almost impossible for the attacker Crack the dynamic password in this extremely short time, thereby protecting the security of users; at the same time, use N different hash functions to generate hash chains, avoiding birthday attacks (the so-called birthday attack refers to a hash with a length of N). The Greek chain is generated by iterating the same hash function N times. We obtain the i-th password as x i , record it as x 0 , and then perform hash iterations on x 0 , as long as it is hashed with any one in the hash chain If the Greek values are the same, we say that a collision has occurred. As long as a collision occurs, a preimage of it has been successfully found (if y=h(x), then x is called the preimage of y, that is, the input unidirectional scattering The message of the column function is also called the preimage), and we call such an attack a birthday attack).

本发明的目的就是结合Kogan和Park两个方案中的思想,构造一种新型哈希链以达到两种方案的最佳性能,实现用户无需重注册以及动态口令具有时效,同时可以抵抗生日攻击、小数字攻击、重演攻击等多种方式的攻击。本发明在用户和服务器两端都加入了时钟,设计出了与时间有关的动态口令方案,无论用户是否登录,口令都在很短的一段时间内有效;动态口令的认证次数不再受到哈希链链长固定的限制;同时,使用N个不同的哈希函数生成动态口令,避免了生日攻击,提高了用户账户的安全性。The purpose of the present invention is to combine the ideas in the two schemes of Kogan and Park to construct a new type of hash chain to achieve the best performance of the two schemes, realize that the user does not need to re-register and the dynamic password has timeliness, and can resist birthday attacks, Small number attack, replay attack and other attacks. The present invention adds a clock at both ends of the user and the server, and designs a dynamic password scheme related to time. Regardless of whether the user logs in, the password is valid within a short period of time; the number of authentications of the dynamic password is no longer subject to hash The chain length is fixed; at the same time, N different hash functions are used to generate dynamic passwords, which avoids birthday attacks and improves the security of user accounts.

本发明的目的通过以下技术方案来实现:The purpose of the present invention is achieved through the following technical solutions:

一种口令具有时效且认证次数不受限的动态口令认证方法,其特征在于,所述方法包括以下步骤:A dynamic password authentication method with a time-sensitive password and an unlimited number of authentications, characterized in that the method comprises the following steps:

1、注册阶段:1. Registration stage:

(1)用户:用户提交注册信息如:用户名、静态口令K、手机号、邮箱等;(1) User: The user submits registration information such as: user name, static password K, mobile phone number, email address, etc.;

(2)用户:根据用户提交的静态口令K以及随机盐id、链长N、当前节点j生成N个不同的哈希函数:hj(x)=H(<N-j>c||id||k)|n(2) User: Generate N different hash functions according to the static password K submitted by the user, the random salt id, the chain length N, and the current node j: h j (x)=H(<Nj> c ||id|| k)| n ;

(3)用户:用户随机产生一个种子x0,使用N个不同的哈希函数生成一个长度为N的短链:(3) User: The user randomly generates a seed x 0 and uses N different hash functions to generate a short chain of length N:

x1=h1(x0),x2=h2(h1(x0)),x3=h3(h2(h1(x0)))......y0=xN=hN(hN-1(...h1(x0)));x 1 =h 1 (x 0 ), x 2 =h 2 (h 1 (x 0 )), x 3 =h 3 (h 2 (h 1 (x 0 )))...y 0 = x N = h N (h N-1 (...h 1 (x 0 )));

(4)用户:将用户名、初始验证值y0以及N个不同的哈希函数发送给服务器(服务器获得初始验证值y0并将它记为yprev,同时存储N个不同的哈希函数)。(4) User: Send the user name, initial verification value y 0 and N different hash functions to the server (the server obtains the initial verification value y 0 and records it as y prev , and stores N different hash functions at the same time ).

2、登陆阶段(用户第i次登录):2. Login stage (the user logs in for the first time):

(5)用户:计算第i次用户登录的口令为:t=tnow-tprev(tnow代表着当前时间,tprev代表前几次登录成功的时间的累计值),pt=ht(ht-1(…(xi)))。(5) User: Calculate the password for the i-th user login as: t=t now -t prev (t now represents the current time, t prev represents the accumulated value of the previous successful login times), p t = h t (h t-1 (...( xi ))).

(6)用户:将(pt,yi+1)(yi+1是下一次的验证值,由用户在两次登录间歇生成)发送给服务器。(6) User: Send ( pt , y i+1 ) (y i+1 is the next verification value, generated by the user between two logins) to the server.

(7)服务器:计算:t=tnow-tprev,yi=hN(hN-1(...hN-t+1(pt))),如果yi=yprev则服务器验证成功,验证成功转(8),否则认证失败,转(10)。(7) Server: Calculation: t=t now -t prev , y i =h N (h N-1 (...h N-t+1 (p t ))), if y i =y prev then the server If the verification is successful, go to (8); otherwise, go to (10) if the verification fails.

(8)服务器:判断tnow>N,如果tnow>N,我们认为tnow的累积值过大,为了提高运行效率,我们将时间tnow重新赋值,tnow=tprev=t;否则,我们仅更新tprev:tprev=tprev+t。(8) Server: Judging that t now > N, if t now > N, we think that the cumulative value of t now is too large, in order to improve operating efficiency, we reassign the time t now , t now = t prev = t; otherwise, We only update t prev : t prev =t prev +t.

(9)服务器:更新验证值yprev:yprev=yi+1(9) Server: update the verification value y prev : y prev =y i+1 .

(10)用户:判断是否登录成功,如果登陆失败,则返回失败信息,否则更新t的值:判断tnow>N,如果tnow>N,我们认为tnow的累积值过大,为了提高运行效率,我们将时间tnow重新赋值,tnow=tprev=t;否则,我们更新tprev:tprev=tprev+t,同时生成下一条哈希链。(10) User: judge whether the login is successful, if the login fails, return failure information, otherwise update the value of t: judge t now > N, if t now > N, we think the cumulative value of t now is too large, in order to improve the operation Efficiency, we reassign the time t now , t now =t prev =t; otherwise, we update t prev : t prev =t prev +t, and generate the next hash chain at the same time.

所述步骤(1)中用户提交的静态口令K用来产生N个不同的哈希函数。The static password K submitted by the user in the step (1) is used to generate N different hash functions.

所述步骤(2)中K是指用户提交的静态口令,id是随机产生的盐,N是指生成的哈希链的链长,j是指当前正在生成第j个哈希函数,c是指生成c位二进制数,m||n是指m和n的串联。In the step (2), K refers to the static password submitted by the user, id is the salt generated at random, N refers to the chain length of the generated hash chain, j refers to currently generating the jth hash function, and c is Refers to generating a c-bit binary number, m||n refers to the concatenation of m and n.

所述步骤(3)中x0是用户随机选择的初始哈希链的种子,y0是x0经过N次哈希运算的值,x1=h1(x0),x2=h2(h1(x0)),x3=h3(h2(h1(x0)))......y0=xN=hN(hN-1(...h1(x0)))。In the step (3), x 0 is the seed of the initial hash chain randomly selected by the user, y 0 is the value of x 0 after N times of hash operations, x 1 =h 1 (x 0 ), x 2 =h 2 (h 1 (x 0 )), x 3 =h 3 (h 2 (h 1 (x 0 )))...y 0 =x N =h N (h N-1 (...h 1 (x 0 ))).

所述步骤(4)中用户将用户名以及初始验证值y0发送给服务器,服务器获得第一个验证值,同时存储N个不同的哈希函数,N个不同的哈希函数在后期的验证计算时使用。In the step (4), the user sends the user name and the initial verification value y to the server, and the server obtains the first verification value, and stores N different hash functions at the same time, and the verification of N different hash functions in the later stage used in calculations.

所述步骤(5)中i意味着用户已经成功登录(i-1)次,xi是用户在第(i-2)次和第(i-1)次这两次登录的时间间歇中随机选择的第i条哈希短链的种子,tnow代表着当前时间,tprev代表前几次登录成功的时间的累计值,tnow时刻用户登录的动态口令为ptIn the step (5), i means that the user has successfully logged in (i-1) times, and x i is the user's random time interval between the (i-2) and (i-1) logins. The seed of the selected i-th hash short chain, t now represents the current time, t prev represents the cumulative value of the previous successful login times, and the dynamic password for user login at time t now is p t .

所述步骤(6)中yi+1是用户在第(i-1)次和第i次这两次登录的时间间歇中生成的第(i+1)条哈希短链的链尾,也是下一次用户登录的验证值,用户将tnow时刻登录的动态口令pt和下一次登录的验证值yi+1一起发送给服务器。In the step (6), y i+1 is the chain tail of the (i+1)th hash short chain generated by the user during the time interval between the (i-1)th and i-th two logins, It is also the verification value of the next user login, and the user sends the dynamic password p t logged in at t now and the verification value y i+1 of the next login to the server.

所述步骤(7)中服务器计算yi,如果yi=yprev,则认证成功,认证成功转(8),否则认证失败转(10)。In the step (7), the server calculates y i , if y i =y prev , the authentication is successful, and the authentication is successful, then go to (8); otherwise, the authentication fails, and then go to (10).

所述步骤(8)中对tnow的判断是检测tnow的值是否过大,因为tnow的值在一个极短的时间内动态的累加,如果tnow的值过大会影响我们的运行效率,当tnow>N时我们就认为t的值过大,需要对tnow做类似于清零的过程,由于tnow的值和我们当前的动态口令的获取有关,我们做以下调整:tnow=tprev=t;否则,我们更新时间累计值tprev:tprev=tprev+t。The judgment of t now in the step (8) is to detect whether the value of t now is too large, because the value of t now is dynamically accumulated in a very short time, if the value of t now is too large, it will affect our operating efficiency , when t now > N, we think that the value of t is too large, and we need to do a process similar to clearing t now . Since the value of t now is related to our current dynamic password acquisition, we make the following adjustments: t now =t prev =t; otherwise, we update the time accumulation value t prev : t prev =t prev +t.

所述步骤(9)中是对服务器验证值yprev的更新:yprev=yi+1In the step (9), the server verification value y prev is updated: y prev =y i+1 .

所述步骤(10)中用户首先判断服务器的返回信息,如果是登陆失败,则重新登录,否则也需要对tnow进行类似于步骤(8)中对tnow的操作,同时产生第(i+2)条哈希链。In the step (10), the user first judges the return information of the server, if the login fails, then log in again, otherwise it is necessary to perform the operation similar to the t now in the step (8) to t now , and generate the (i+ 2) Hash chains.

本发明目的中所要解决问题的具体设置环境可以为:用户希望使用动态口令提高账户的安全性,但是又厌烦目前存在的几种动态口令每隔一段时间需要重注册的繁琐过程,本方案既可以满足用户提高账户安全性的要求,动态口令无论用户是否使用都在一个极短的时间内变换,同时避免用户重注册的操作,简洁易用。The specific setting environment for the problem to be solved in the purpose of the present invention can be: the user wishes to use the dynamic password to improve the security of the account, but is tired of the cumbersome process that several dynamic passwords that exist at present need to re-register every once in a while. To meet the user's requirements for improving account security, the dynamic password can be changed in a very short time regardless of whether the user uses it or not, and at the same time avoids the user's re-registration operation, which is simple and easy to use.

本发明的优点是:The advantages of the present invention are:

本发明突出的实质性特点和显著性进步主要体现在以下几点:The outstanding substantive features and remarkable progress of the present invention are mainly reflected in the following points:

1、用户无需重注册,由于哈希链链长是固定的,所以产生的动态口令个数也是有限的,当这些动态口令使用完时,用户需要重新生成一条新链,并将验证值提交给服务器,这样的过程我们称之为重注册,我们采用小学生接力赛步的思想,在用户登录间歇生成短的哈希链,例如生成一个用户可以使用半年的短链,生成这样的短链仅需几秒钟,在这么短的时间内,用户是不可能进行两次登录尝试的,而用户的每一次成功登录都会将下一次的验证值发送给服务器,通过这样的接力过程,我们成功的实现了动态口令认证次数是无限的;1. The user does not need to re-register. Since the chain length of the hash chain is fixed, the number of dynamic passwords generated is also limited. When these dynamic passwords are used up, the user needs to regenerate a new chain and submit the verification value to Server, we call this process re-registration. We adopt the idea of elementary school students' relay race to generate short hash chains between user logins. For example, to generate a short chain that users can use for half a year, it only takes A few seconds, in such a short period of time, it is impossible for the user to make two login attempts, and each successful login of the user will send the next verification value to the server. Through such a relay process, we have successfully implemented The number of dynamic password authentications is unlimited;

2、每个动态口令都具有时效,无论用户是否使用动态口令,动态口令都只在一个极短的一段时间内有效,从而增加了攻击者破解口令的难度,进一步提高了用户账户的安全性;2. Each dynamic password has a time limit, no matter whether the user uses the dynamic password or not, the dynamic password is only valid for a very short period of time, which increases the difficulty for attackers to crack the password and further improves the security of the user account;

3、可以抵抗生日攻击,and提出如果在哈希链的每个步骤中使用相同的哈希函数,那么反转第k次迭代实际上比反转哈希函数的单个实例要容易k倍,另外,Jakobsson and Perrig也指出N次迭代中只要有任意两次哈希迭代计算的结果是相同的,那么我们就找了一个原像,所谓原像是指:如果y=h(x),则称x为y的原像,即输入单向散列函数的消息称为原像,这样的方法称之为生日攻击,而我们采用N个不同的哈希函数可以成功抵抗这种攻击。3. Can resist birthday attacks, and proposes that if the same hash function is used at each step of the hash chain, it is actually k times easier to reverse the kth iteration than to reverse a single instance of the hash function, also Jakobsson and Perrig point out that N times As long as the results of any two hash iteration calculations are the same in the iteration, then we have found a preimage. The so-called preimage means: if y=h(x), then x is called the preimage of y, that is The message input to a one-way hash function is called a preimage, and this method is called a birthday attack, and we can successfully resist this attack by using N different hash functions.

4、本发明的目的、优点和特点,将通过下面优选实施例的非限制性说明进行解释。这些实施例仅是应用本发明技术方案的典型范例,凡采取等同替换或者等效变换而形成的技术方案,均落在本发明要求保护的范围之内。4. The purpose, advantages and characteristics of the present invention will be explained by the non-limiting description of the following preferred embodiments. These embodiments are only typical examples of applying the technical solutions of the present invention, and all technical solutions formed by adopting equivalent replacements or equivalent transformations fall within the protection scope of the present invention.

附图说明Description of drawings

下面结合附图及实施例对本发明作进一步描述:The present invention will be further described below in conjunction with accompanying drawing and embodiment:

图1为本发明注册阶段的流程图Fig. 1 is the flow chart of registration stage of the present invention

图2为本发明认证阶段的流程图Fig. 2 is the flow chart of authentication stage of the present invention

具体实施方式Detailed ways

以下结合具体实施例对上述方案做进一步说明。应理解,这些实施例是用于说明本发明而不限于限制本发明的范围。基于本发明的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明的保护范围。The above solution will be further described below in conjunction with specific embodiments. It should be understood that these examples are used to illustrate the present invention and not to limit the scope of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

本实施例的一种口令具有时效且认证次数不受限的动态口令认证方法实施步骤如下:The implementation steps of a dynamic password authentication method with a time-sensitive password and an unlimited number of authentication times in this embodiment are as follows:

注册阶段:Registration phase:

步骤一:用户注册时,提交注册信息,如用户名,静态口令K,邮箱,手机号等等,根据用户将提交的静态口令K以及随机盐id、链长N、当前节点i等生成N个不同的哈希函数:hj(x)=H(<N-j>c||id||k)|n,其中K是指用户提交的静态口令,id是随机产生的盐,N是指生成的哈希链的链长,j是指当前正在生成第j个哈希函数,c是指生成c位二进制数,m||n是指m和n的串联。用户选择一个随机数x0作为哈希短链的种子,然后使用N个不同的哈希函数生成一条长度为N的哈希短链,x1=h1(x0),x2=h2(h1(x0)),x3=h3(h2(h1(x0)))......y0=xN=hN(hN-1(...h1(x0))),并将用户名、初始验证值y0、以及N个不同的哈希函数发送给服务器,初始验证y0在用户下一次登录时作为验证信息使用,N个不同的哈希函数存储在服务中,在服务器的每次验证计算时都会使用。Step 1: When the user registers, submit the registration information, such as user name, static password K, email address, mobile phone number, etc., and generate N according to the static password K submitted by the user, random salt id, chain length N, current node i, etc. Different hash functions: h j (x)=H(<Nj> c ||id||k)| n , where K refers to the static password submitted by the user, id is the randomly generated salt, and N refers to the generated The chain length of the hash chain, j means that the jth hash function is currently being generated, c means generating a c-digit binary number, and m||n means the concatenation of m and n. The user selects a random number x 0 as the seed of the hash short chain, and then uses N different hash functions to generate a hash short chain of length N, x 1 =h 1 (x 0 ), x 2 =h 2 (h 1 (x 0 )), x 3 =h 3 (h 2 (h 1 (x 0 )))...y 0 =x N =h N (h N-1 (...h 1 (x 0 ))), and send the user name, initial verification value y 0 , and N different hash functions to the server. The initial verification value y 0 is used as verification information when the user logs in next time, and N different hash functions The hash function is stored in the service and is used in every verification calculation of the server.

步骤二:服务器接收用户传送过来的注册信息,将初始验证值y0记作为记为yprev,并将N个不同的哈希函数存储在本地。Step 2: The server receives the registration information sent by the user, records the initial verification value y 0 as y prev , and stores N different hash functions locally.

手机APP会在用户登录的时间间隙内,生成下一条短链,如用户已经成功登录i-1次,现在尝试第i次登陆,手机会在用户第i-1次和第i次的登录间隙生成长度为N的短链,并记作第i+1条短链,无需担心用户两次登录的时间间隔太短而无法生成新的短的哈希链的问题,我们以用户使用半年所需要的哈希链链长的所需注册时间为例,假设动态口令每隔30秒变更换一次,那半年所需的OTP的个数为:5*105,即N=5*104,而生成这样的一条哈希短链所需要的时间为4秒左右,Kogan在“安全哈希链的第二因子认证”一文中也提到生成一条使用两年的哈希链所需要的时间少于15秒,用户几乎不可能在4秒如此短的时间内进行两次连续登录尝试,因此我们有足够的时间生成下一条哈希链。The mobile APP will generate the next short link within the time gap of the user's login. If the user has successfully logged in for i-1 times and now tries to log in for the i-th time, the mobile phone will generate the next short link between the user's i-1 and i-th login times. Generate a short chain with a length of N and record it as the i+1th short chain. There is no need to worry about the problem that the time interval between the user's two logins is too short to generate a new short hash chain. We use the user for half a year. Take the registration time required for the chain length of the hash chain as an example, assuming that the dynamic password is changed every 30 seconds, the number of OTPs required for that half year is: 5*10 5 , that is, N=5*10 4 , and The time required to generate such a short hash chain is about 4 seconds. Kogan also mentioned in the article "Second Factor Authentication of Secure Hash Chain" that the time required to generate a two-year hash chain is less than 15 seconds, it is almost impossible for a user to make two consecutive login attempts in such a short time of 4 seconds, so we have enough time to generate the next hash chain.

认证阶段:Authentication phase:

步骤三:第i次登录,在tnow时刻用户的动态口令为pt,用户将(pt,yi+1)(yi+1是用户在第i-1和第i次这两次登录间隙生成的下一条哈希链)发送给服务器;服务器接收到用户发送过来的信息,计算:t=tnow-tprev,yi=hN(hN-1(...hN-t+1(pt))),接着查看yi是否等于yprev,如果yi的值等于prev,服务器认证成功,并将验证信息更新为yi+1,同时判断时间计数器tnow的值,如果tnow>N,我们认为时间计数器tnow的值过大,已经影响了我们的运行效率,tnow的值是在一个极短的时间内动态的累加,如果tnow的值不加以限制,数值过大肯定会影响运行效率,而且当tnow的值累加到一定程度必定会产生值溢出的问题,因此,如果tnow>N,我们这里对tnow进行类似于清零的操作:tnow=tpreb=t,否则我们认为tnow的值可以接受,更新时间累计值tprev:tprev=tprev+t。Step 3: Log in for the i-th time, the dynamic password of the user at t now is p t , the user will (p t , y i+1 ) (y i+1 is the user's two times at the i-1 and i-th time The next hash chain generated by the login gap) is sent to the server; the server receives the information sent by the user, and calculates: t=t now -t pre v, y i =h N (h N-1 (...h N -t+1 (p t ))), then check whether y i is equal to y prev , if the value of yi is equal to p rev , the server authentication is successful, and the verification information is updated to y i+1 , and at the same time judge the time counter t now value, if t now > N, we think that the value of the time counter t now is too large, which has affected our operating efficiency, the value of t now is dynamically accumulated in a very short time, if the value of t now is not added If the value is too large, it will definitely affect the operating efficiency, and when the value of t now is accumulated to a certain extent, there will be a problem of value overflow. Therefore, if t now > N, we will perform an operation similar to zeroing on t now : t now =t preb =t, otherwise we consider the value of t now acceptable, and update the time accumulative value t prev : t prev =t prev +t.

步骤四:用户判断服务器发送过来的信息,如果服务器认证成功,则用户同样需要判断tnow的值是否过大,如果tnow的值过大,即tnow>N,我们做类类似清零的操作:tnow=tprev=t,否则我们认为tnow的值仍在可接受范围,更新时间累计值tprev:tprev=tprev+t;同时生成下一条哈希链。如果服务器返回的是登录失败,则重新登录。Step 4: The user judges the information sent by the server. If the server authentication is successful, the user also needs to judge whether the value of t now is too large. If the value of t now is too large, that is, t now > N, we do something similar to clearing Operation: t now =t prev =t, otherwise we think that the value of t now is still within the acceptable range, update the cumulative value t prev of time: t prev =t prev +t; generate the next hash chain at the same time. If the server returns login failure, log in again.

Claims (7)

1.一种口令具有时效性且认证次数不受限制的动态口令认证方法,其特征在于,所述方法包括以下步骤:1. A kind of dynamic password authentication method that password has timeliness and authentication number of times is not limited, it is characterized in that, described method comprises the following steps: 注册阶段:Registration phase: (1)用户:用户提交注册信息如:用户名、静态口令K、手机号、邮箱等;(1) User: The user submits registration information such as: user name, static password K, mobile phone number, email address, etc.; (2)用户:根据用户提交的静态口令K以及随机盐id、链长N、当前节点j生成N个不同的哈希函数:hj(x)=H(<N-j>c||id||k)|n(2) User: Generate N different hash functions according to the static password K submitted by the user, the random salt id, the chain length N, and the current node j: h j (x)=H(<Nj> c ||id|| k)| n ; (3)用户:用户随机产生一个种子x0,使用N个不同的哈希函数生成一个长度为N的短链:x1=h1(x0),x2=h2(h1(x0)),x3=h3(h2(h1(x0)))......y0=xN=hN(hN-1(...h1(x0)));(3) User: The user randomly generates a seed x 0 , and uses N different hash functions to generate a short chain of length N: x 1 =h 1 (x 0 ), x 2 =h 2 (h 1 (x 0 )), x 3 =h 3 (h 2 (h 1 (x 0 )))...y 0 =x N =h N (h N-1 (...h 1 (x 0 ) )); (4)用户:将用户名、初始验证值y0以及N个不同的哈希函数发送给服务器(服务器获得初始验证值y0并将它记为yprev,同时存储N个不同的哈希函数)。(4) User: Send the user name, initial verification value y 0 and N different hash functions to the server (the server obtains the initial verification value y 0 and records it as y prev , and stores N different hash functions at the same time ). 登陆阶段(用户第i次登录):Login phase (the user logs in for the ith time): (5)用户:计算第i次用户登录的口令为:t=tnow-tprev(tnow代表着当前时间,tprev代表前几次登录成功的时间的累计值),pt=ht(ht-1(…(xi)))。(5) User: Calculate the password for the i-th user login as: t=t now -t prev (t now represents the current time, t prev represents the accumulated value of the previous successful login times), p t = h t (h t-1 (...( xi ))). (6)用户:将(pt,yi+1)(yi+1是下一次的验证值,由用户在两次登录间歇生成)发送给服务器。(6) User: Send ( pt , y i+1 ) (y i+1 is the next verification value, generated by the user between two logins) to the server. (7)服务器:计算:t=tnow-tprev,yi=hN(hN-1(...hN-t+1(pt))),如果yi=yprev则服务器验证成功,验证成功转(8),否则认证失败,转(10)。(7) Server: Calculation: t=t now -t prev , y i =h N (h N-1 (...h N-t+1 (p t ))), if y i =y prev then the server If the verification is successful, go to (8); otherwise, go to (10) if the verification fails. (8)服务器:判断tnow>N,如果tnow>N,我们认为tnow的累积值过大,为了提高运行效率,我们将时间tnow重新赋值,tnow=tprev=t;否则,我们仅更新tprev:tprev=tprev+t。(8) Server: Judging that t now > N, if t now > N, we think that the cumulative value of t now is too large, in order to improve operating efficiency, we reassign the time t now , t now = t prev = t; otherwise, We only update t prev : t prev =t prev +t. (9)服务器:更新验证值yprev:yprev=yi+1(9) Server: update the verification value y prev : y prev =y i+1 . (10)用户:判断是否登录成功,如果登陆失败,则返回失败信息,否则更新t的值:判断tnow>N,如果tnow>N,我们认为tnow的累积值过大,为了提高运行效率,我们将时间tnow重新赋值,tnow=tprev=t;否则,我们更新tprev:tprev=tprev+t,同时生成下一条哈希链。(10) User: judge whether the login is successful, if the login fails, return failure information, otherwise update the value of t: judge t now > N, if t now > N, we think the cumulative value of t now is too large, in order to improve the operation Efficiency, we reassign the time t now , t now =t prev =t; otherwise, we update t prev : t prev =t prev +t, and generate the next hash chain at the same time. 2.根据权利要求1所述的口令具有时效性且认证次数不受限制的动态口令认证方法,其特征在于,2. password according to claim 1 has timeliness and the dynamic password authentication method that authentication number of times is not limited, it is characterized in that, 所述步骤(2)中K是指用户提交的静态口令,id是随机产生的盐,N是指生成的哈希链的链长,j是指当前正在生成第j个哈希函数,c是指生成c位二进制数,m||n是指m和n的串联。In the step (2), K refers to the static password submitted by the user, id is the salt generated at random, N refers to the chain length of the generated hash chain, j refers to currently generating the jth hash function, and c is Refers to generating a c-bit binary number, m||n refers to the concatenation of m and n. 3.根据权利要求1所述的无需重注册并支持离线认证的动态口令认证方法,其特征在于,3. The dynamic password authentication method that does not need to re-register and supports offline authentication according to claim 1, wherein, 所述步骤(3)中x0是用户随机选择的初始哈希链的种子,y0是x0经过N次哈希运算的值,x1=h1(x0),x2=h2(h1(x0)),x3=h3(h2(h1(x0)))......y0=xN=hN(hN-1(...h1(x0)))。In the step (3), x 0 is the seed of the initial hash chain randomly selected by the user, y 0 is the value of x 0 after N times of hash operations, x 1 =h 1 (x 0 ), x 2 =h 2 (h 1 (x 0 )), x 3 =h 3 (h 2 (h 1 (x 0 )))...y 0 =x N =h N (h N-1 (...h 1 (x 0 ))). 4.根据权利要求1所述的口令具有时效性且认证次数不受限制的动态口令认证方法,其特征在于,4. password according to claim 1 has timeliness and the dynamic password authentication method that authentication number of times is not limited, it is characterized in that, 所述步骤(4)中用户将用户名以及初始验证值y0发送给服务器,服务器获得第一个验证值,同时存储N个不同的哈希函数,N个不同的哈希函数在后期的验证计算时使用。In the step (4), the user sends the user name and the initial verification value y to the server, and the server obtains the first verification value, and stores N different hash functions at the same time, and the verification of N different hash functions in the later stage used in calculations. 5.根据权利要求1所述的口令具有时效性且认证次数不受限制的动态口令认证方法,其特征在于,5. password according to claim 1 has timeliness and the dynamic password authentication method that authentication number of times is not limited, it is characterized in that, 所述步骤(5)中i意味着用户已经成功登录(i-1)次,xi是用户在第(i-2)次和第(i-1)次这两次登录的时间间歇中随机选择的第i条哈希短链的种子,tnow代表着当前时间,tprev代表前几次登录成功的时间的累计值,tnow时刻用户登录的动态口令为ptIn the step (5), i means that the user has successfully logged in (i-1) times, and x i is the user's random time interval between the (i-2) and (i-1) logins. The seed of the selected i-th hash short chain, t now represents the current time, t prev represents the cumulative value of the previous successful login times, and the dynamic password for user login at time t now is p t . 6.根据权利要求1所述的口令具有时效性且认证次数不受限制的动态口令认证方法,其特征在于,6. password according to claim 1 has timeliness and the dynamic password authentication method that authentication number of times is not limited, it is characterized in that, 所述步骤(6)中yi+1是用户在第(i-1)次和第i次这两次登录的时间间歇中生成的第(i+1)条哈希短链的链尾,也是下一次用户登录的验证值,用户将tnow时刻登录的动态口令pt和下一次登录的验证值yi+1一起发送给服务器。In the step (6), y i+1 is the chain tail of the (i+1)th hash short chain generated by the user during the time interval between the (i-1)th and i-th two logins, It is also the verification value of the next user login, and the user sends the dynamic password p t logged in at t now and the verification value y i+1 of the next login to the server. 7.根据权利要求1所述的口令具有时效性且认证次数不受限制的动态口令认证方法,其特征在于,7. password according to claim 1 has timeliness and the dynamic password authentication method that authentication number of times is not limited, it is characterized in that, 所述步骤(8)中对tnow的判断是检测tnow的值是否过大,因为tnow的值在一个极短的时间内动态的累加,如果tnow的值过大会影响我们的运行效率,当tnow>N时我们就认为t的值过大,需要对tnow做类似于清零的过程,由于tnow的值和我们当前的动态口令的获取有关,我们做以下调整:tnow=tprev=t;否则,我们更新时间累计值tprev:tprev=tprev+t。The judgment of t now in the step (8) is to detect whether the value of t now is too large, because the value of t now is dynamically accumulated in a very short time, if the value of t now is too large, it will affect our operating efficiency , when t now > N, we think that the value of t is too large, and we need to do a process similar to clearing t now . Since the value of t now is related to our current dynamic password acquisition, we make the following adjustments: t now =t prev =t; otherwise, we update the time accumulation value t prev : t prev =t prev +t.
CN201910582667.XA 2019-06-27 2019-06-27 A kind of password has timeliness and authenticates the unrestricted dynamic password authentication method of number Pending CN110166225A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910582667.XA CN110166225A (en) 2019-06-27 2019-06-27 A kind of password has timeliness and authenticates the unrestricted dynamic password authentication method of number

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910582667.XA CN110166225A (en) 2019-06-27 2019-06-27 A kind of password has timeliness and authenticates the unrestricted dynamic password authentication method of number

Publications (1)

Publication Number Publication Date
CN110166225A true CN110166225A (en) 2019-08-23

Family

ID=67637522

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910582667.XA Pending CN110166225A (en) 2019-06-27 2019-06-27 A kind of password has timeliness and authenticates the unrestricted dynamic password authentication method of number

Country Status (1)

Country Link
CN (1) CN110166225A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112235105A (en) * 2020-10-26 2021-01-15 南京邮电大学 A dynamic password authentication method against man-in-the-middle attack
CN112507306A (en) * 2020-12-21 2021-03-16 南京航空航天大学 Password protection method based on honeyword

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080065892A1 (en) * 2006-02-03 2008-03-13 Bailey Daniel V Authentication Methods and Apparatus Using Pairing Protocols and Other Techniques
CN101582763A (en) * 2009-04-02 2009-11-18 北京飞天诚信科技有限公司 Method and system for identity authentication based on dynamic password
CN102026195A (en) * 2010-12-17 2011-04-20 北京交通大学 One-time password (OTP) based mobile terminal identity authentication method and system
US20130191899A1 (en) * 2010-06-27 2013-07-25 King Saud University One-time password authentication with infinite nested hash claims
EP3130104A1 (en) * 2014-04-11 2017-02-15 Guardtime IP Holdings Limited System and method for sequential data signatures
CN108964919A (en) * 2018-05-02 2018-12-07 西南石油大学 The lightweight anonymous authentication method with secret protection based on car networking

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080065892A1 (en) * 2006-02-03 2008-03-13 Bailey Daniel V Authentication Methods and Apparatus Using Pairing Protocols and Other Techniques
CN101582763A (en) * 2009-04-02 2009-11-18 北京飞天诚信科技有限公司 Method and system for identity authentication based on dynamic password
US20130191899A1 (en) * 2010-06-27 2013-07-25 King Saud University One-time password authentication with infinite nested hash claims
CN102026195A (en) * 2010-12-17 2011-04-20 北京交通大学 One-time password (OTP) based mobile terminal identity authentication method and system
EP3130104A1 (en) * 2014-04-11 2017-02-15 Guardtime IP Holdings Limited System and method for sequential data signatures
CN108964919A (en) * 2018-05-02 2018-12-07 西南石油大学 The lightweight anonymous authentication method with secret protection based on car networking

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
EMIR ERDEM: "《OTPaaS—One Time Password as a Service》", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112235105A (en) * 2020-10-26 2021-01-15 南京邮电大学 A dynamic password authentication method against man-in-the-middle attack
CN112235105B (en) * 2020-10-26 2022-07-29 南京邮电大学 Dynamic password authentication method for resisting man-in-the-middle attack
CN112507306A (en) * 2020-12-21 2021-03-16 南京航空航天大学 Password protection method based on honeyword

Similar Documents

Publication Publication Date Title
CN110086822B (en) Method and system for implementing micro-service architecture-oriented unified identity authentication strategy
US9866544B2 (en) Systems and methods for location-based authentication
US6993596B2 (en) System and method for user enrollment in an e-community
Grosse et al. Authentication at scale
US11477028B2 (en) Preventing account lockout through request throttling
US20160078219A1 (en) Authentication using proof of work and possession
CN109981689A (en) Cross-domain logical is isolated by force and safety access control method and device under scenes of internet of things
US20050198501A1 (en) System and method of providing credentials in a network
EP3796613B1 (en) Techniques for repeat authentication
CN110166225A (en) A kind of password has timeliness and authenticates the unrestricted dynamic password authentication method of number
US20110225648A1 (en) Method and apparatus for reducing the use of insecure passwords
US20180082287A1 (en) Cryptocurrency lock for online accounts
CN102143131A (en) User logout method and authentication server
TW201325175A (en) Confirmation mechanism for random and dynamic passwords
JP2022534677A (en) Protecting online applications and web pages that use blockchain
CN116151826B (en) Power transaction terminal trust management method based on blockchain
Kim et al. A Simple Attack on a Recently Introduced Hash-based Strong-password Authentication Scheme.
CN101674576A (en) Key exchange authentication method with no need of hometown network participation when in roaming
CN115174122A (en) Verification code generation method, verification code verification method, device, equipment and medium
Han et al. Using a smart phone to strengthen password-based authentication
Kumar et al. PB verification and authentication for server using multi communication
Jeyanthi et al. Backup key generation model for one-time password security protocol
WO2019006848A1 (en) Password generation method and apparatus, and password check method and apparatus
Kaila Oauth and openid 2.0
Kumar et al. One time password (otp) life cycle and challenges: Case study

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20190823

WD01 Invention patent application deemed withdrawn after publication