Security cloud password manager control system and method

Abstract

The invention belongs to the technical field of security authentication, and discloses a security cloud password manager control system and method. A password manager stores user names and passwords of user login websites and systems; the cloud stores a password manager; a mobile device and a client execute a massively pseudo-random protocol to generate a randomized main password for encrypting ordecrypting the password manager; a server authenticates a user name and a password of user login; a client user inputs a main password. According to the invention, the main password of the user is blindly calculated by using mobile equipment of the user, the user account is expanded into a randomized main password which is highly secure enough, and then a randomized main password encryption password manager stores the randomized main password into the cloud, so that an offline dictionary guessing attack can be prevented, meanwhile, each user account is bound with a website domain name, an attacker cannot execute a phishing attack, and the security and reliability of communication are effectively improved.

Description

technical field [0001] The invention belongs to the technical field of security authentication, and in particular relates to a security cloud password manager control system and control method. Background technique [0002] Currently, passwords are the most widely used identity authentication method. With the widespread popularization of the Internet, Internet companies that continue to grow and develop have emerged in recent years, and the number of software is also increasing day by day. This makes the burden of memorizing and managing people's daily passwords increasingly heavy as the number of software used increases. The common mode is that users choose a user name and password for each website or system, but due to the limitation of human memory, users tend to use simple passwords and reuse the same password between multiple systems, these phenomena lead to password authentication. safety is reduced. Attacks on passwords mainly include online and offline guessing at...

AI Technical Summary

Problems solved by technology

The advantage of this type of password manager is that password management is simple, but the disadvantage is that the master password selected by the user is often a weak password that is easy to remember. Encrypting the password manager with a weak master password is easy to implement offline dictionary guessing attacks, so attackers can use The cracked master password decrypts the cloud password manager and obtains the passwords of all accounts of the user

The third category is a multi-cloud-based password manager. This type of password manager uses secret sharing technology to disperse and store user accounts and passwords on multiple clouds. This method obviously improves security, but there is integrity and reliability. Sexual problem, when some secrets distributed to some clouds are modified, it will not be possible to recover the user's password

The cloud password manager should not use the user's main password to directly encrypt / decrypt, but should use a sufficiently strong password to encrypt / decrypt the cloud password manager; at the same time, in order to improve usability, the user only needs to memorize a general-strength master password to generate A strong key encrypts / decrypts the password manager, while an attacker cannot decrypt the cloud password manager even if the master password is cracked

Images