Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Identity verification method for resisting password-guessing replay attack

A technology of replay attack and authentication information, applied in the field of authentication against password guessing replay attacks, it can solve the problems of password leakage, forgetting password, improving and so on.

Inactive Publication Date: 2017-03-22
G CLOUD TECH
View PDF5 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 1. Use a password generator to generate a strong password. At this time, the cost of cracking will be greatly increased so that it cannot be successfully cracked within a limited time. However, a strong password is often difficult to remember. For users, it is possible to forget Password, it may also happen that the user stores the password in other places and the password is leaked, which is not conducive to information security;
[0006] 2. Use randomly generated verification codes, but this is only suitable for page-type applications, not for interface-type applications, and the current image recognition technology can already identify verification codes in pictures, and this type of attack can also be automated ;
[0007] 3. Limit the number of consecutive attempts of incorrect passwords, and lock user accounts that exceed the limit. This method can resist password guessing attacks, but it introduces another attack method. Attackers continue to try and fail by guessing user names, which may cause a large number of User accounts are locked, greatly affecting the usability of the application

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Identity verification method for resisting password-guessing replay attack
  • Identity verification method for resisting password-guessing replay attack
  • Identity verification method for resisting password-guessing replay attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] Such as figure 1 , 2 Shown; the following to use the inherent server control Login provided by ASP.net to create a user login page Login.aspx detailed description.

[0035] The page code of Login.aspx is as follows:

[0036]

[0037]

[0038]

[0039]

[0040] Login

[0041]

[0042]

[0043]

[0044]

[0045]

[0046]

[0047]

[0048]

[0049]

[0050]

[0051] Such as figure 2 As shown, the attack process is as follows: the legitimate user sends a normal access request to the web server, but the attacker monitors the communication process. Afterwards, the attacker constructs a request based on the monitored identity information, impersonating a legitimate user to access the web server. For the above ASP.net website, the principle implementation plan of replay attack is as follows:

[0052] 1) The user enters the URL of the web server, and the server responds to the login page Login.aspx;

[0053] 2) The user enters the user name and pas...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the technical field of identity authentication, in particular to an identity verification method for resisting a password-guessing replay attack. The identity verification method related by the invention comprises the following steps: first of all, carrying out time synchronization on a server and a user browser which needs identity verification; then obtaining a shared key by the user browser via an https mechanism; obtaining a current timestamp; carrying out encryption on a usename and the timestamp together with a password by employing the shared key by the user browser; then encrypting whole identity verification information with the shared key again; then carrying out two times of decryption by a server side to obtain two pieces of identity verification information; then making a comparison respectively, and if the two pieces of the identity verification information are completely consistent, comparing the timestamp with a current time; and at last, verifying whether a usename and password combination in the information is consistent with the usename and password combination stored in a system, and if yes, executing the verification is passed. According to the identity verification method related by the invention, the identity verification via the password-guessing attack is avoided; and the identity verification method can be used in the identity verification of a Web application.

Description

technical field [0001] The invention relates to the technical field of identity authentication, in particular to an identity authentication method against password guessing and replay attacks. Background technique [0002] With the log development and wide application of computer technology and Internet technology, people feel more and more strongly that the non-regional and real-time network digital flow is changing the way of information dissemination in an all-round way, making it faster and more efficient. more efficient. However, the problem of information security has become a bottleneck restricting the application of computer networks, and with the rapid development of computer networks, it has become increasingly prominent. [0003] Under the current trend that Web applications are the mainstream, the identity verification system is the most important part of protecting information security. Username / password mechanisms account for the vast majority of authenticati...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/08H04L63/083
Inventor 莫展鹏杨松季统凯
Owner G CLOUD TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com