A multi-server security authentication method based on human-memorable password

A memory password and multi-server technology, which is applied in the field of multi-server security authentication based on human-memorable passwords, can solve the problems of inability to realize user anonymity, inability to resist offline password guessing attacks, etc., and achieve the effect of resisting user imitation attacks

Inactive Publication Date: 2016-08-10
EAST CHINA NORMAL UNIV +1
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] In 2012, Wang and Ma et al. analyzed the security of Shao and Chin's method, and pointed out that their method cannot resist offline password guessing attacks, user imitation attacks, and cannot achieve user anonymity.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A multi-server security authentication method based on human-memorable password
  • A multi-server security authentication method based on human-memorable password

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0021] In a multi-server environment, the security authentication method includes three parties: user U i , server S j and Registration Center RC. Where the registry is considered trusted, it will generate a system private key.

[0022] As a specific embodiment of the present invention, a multi-server security authentication method based on human-memorable passwords includes registration, login and authentication steps, wherein the registration step further includes, the registration center RC according to the received server S j The registration information generation server S j The system pri...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multi-server safety certification method based on passwords capable of being memorized by people. The method includes the steps of registration, logging in and certification. A registration center generates a system private key of a server S<j> according to received registration information of the server S<j>, and the registration center generates a first parameter set according to the received registration information of a user U and writes a second parameter set onto a smart card of the user U, wherein the first parameter set comprises a password protection parameter A and a user uniqueness parameter D, and the second parameter set comprises the user uniqueness parameter D; the smart card performs local verification on the identity of the user, and if the identity of the user is verified to be correct, the smart card generates a third parameter set and sends the third parameter set to the server S<j>; the server S<j> judges whether login information of the user U to be in real time and correct, and if the login information is judged to be correct, the S<j> generates a fourth parameter set and sends the fourth parameter set to the user U; the smart card verifies the legitimacy of the server S<j>, if the legitimacy of the server S<j> is verified to be correct, the server S<j> verifies the legitimacy of the identity of the user, and if the legitimacy of the identity of the user passes the verification, the certification is successful. Due to the technical scheme, the method can resist off-line password conjecture attacks and user imitation attacks.

Description

technical field [0001] The invention relates to the technical field of information security and communication, in particular to a multi-server security authentication method based on human-memorable passwords. Background technique [0002] The multi-server environment means that under the background of the rapid development of Internet technology, a powerful online service provider can provide a variety of different services at the same time. [0003] Human-memorable password means that the password chosen by the user can be remembered by people. The selection of this type of password is generally related to the user's personal life, such as birthday, phone number, license plate number, etc. This means that the randomness of the password selected by the user is not high, that is, the entropy is not high, and it is easy to be obtained by an attacker using an offline dictionary or offline guessing attack. This type of cipher is studied in articles by Jonathan Katz and Rafail ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L9/32
Inventor 崔建明张小军高建新黄贤青徐誉尹霍永刘奕辉孙晓明
Owner EAST CHINA NORMAL UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap