44 results about "Dictionary attack" patented technology

A computer system that may include a trusted platform module (TPM) along with a processor hashes a user-supplied password for a predetermined time period that is selected to render infeasible a dictionary attack on the password. The results of the hash are used to render an AES key, which is used to encrypt an RSA key. The encrypted RSA key along with the total number of hash cycles that were used is stored and the RSA key is provided to the TPM as a security key. In the event that the RSA key in the TPM must be recovered, the encrypted stored version is decrypted with an AES key that is generated based on the user inputting the same password and hashing the password for the stored number of cycles.

The invention discloses a USB (universal serial bus)-key and an application method thereof. The application method includes the following steps: performing mutual authentication between a USB-key and a terminal connected with the same; judging whether the authentication between the USB-key and the terminal succeeds or not; judging the terminal to be a trustable terminal on success so that the USB-key can work normally on the terminal; and judging the terminal to be an non-trustable terminal on failure so that the USB-key cannot be identified by the terminal. With the USB-key, an illegal user cannot use the USB-key on the non-trustable terminal if the USB-key of a user is lost, so that the illegal user has no chance to input a PIN (personal identification number) code on a present terminal, dictionary attack to the PIN code of the user from the illegal user can be prevented, and usage security of the USB-key for the user is improved.

Embodiments disclosed herein are directed to methods and systems of password-based threshold authentication, which distributes the role of an authentication server among multiple servers. Any t servers can collectively verify passwords and generate authentication tokens, while no t−1 servers can forge a valid token or mount offline dictionary attacks.

Using a password (π), a client (C) computes part (H1(<C,πC>) of the password verification information of a server (S), and together they use this information to authenticate each other and establish a cryptographic key (K′), possibly using a method resilient to offline dictionary attacks. Then over a secure channel based on that cryptographic key, the server sends an encryption (EE<C,π>(sk)) of a signing key (sk) to a signature scheme for which the server know a verification key (pk). The encryption is possibly non-malleable and / or includes a decryptable portion (E<C,π>(sk)) and a verification portion (H8(sk)) used to verify the decrypted value obtained by decrypting the decryptable portion. The signing key is based on the password and unknown to the server. The client obtains the signing key using the password, signs a message, and returns the signature to the server. The server verifies this signature using the verification key, hence getting additional proof that the client has knowledge of the password. The client and the server generate a shared secret key (K″), more secure than the password, for subsequent communication.

A key is securely injected into a POS PIN pad processor in its usual operating environment. In response to entry of a personal identification number (PIN) into a PIN pad, the processor puts the PIN into a PIN block; puts additional random data into the PIN block; and encrypts the entire PIN block using asymmetric cryptography with a public key derived from the injected key residing in the PIN pad processor. The corresponding private key may be held securely and secretly by an acquirer processor for decrypting the PIN block to retrieve the PIN. The encrypted random data defends the PIN against dictionary attacks. Time stamp data and constant data encrypted with the PIN block enables a defense of the PIN against replay attacks and tampering. The method may also include accepting the PIN from a mobile phone in communication with the processor.

Improved cryptographic techniques are provided by which a device that performs private key operations (e.g., signatures and / or decryptions), and whose private key operations are protected by a password, is immunized against offline dictionary attacks in case of capture by forcing the device to confirm a password guess with a designated entity or party in order to perform a private key operation, and by which the initiating device may dynamically delegate the password-checking function (i.e., confirmation of the password guess) from the originally designated entity or party to another designated entity or party.

A method for avoiding attack on dictionary includes setting a nonvolatile storing region in computer for storing counting figure of failure authority test, locking time figure and locking mark; providing a timer by computer for timing lock time ; setting threshold for number of failure authority ; locking said computer when set threshold is exceeded by counting figure of failure authority test; only responding to starting up, self detection and reset request by computer as it is in locking period.

The embodiment of the invention provides an identity verification method and device, computer equipment and a storage medium, and the method comprises the steps: receiving a verification request sentby a client, the verification request comprising a user name, verification summary information and a user counter, and the verification summary information being summary information generated for a password by taking the user counter as the frequency of calculating a summary, searching registration parameters which are recorded during client registration and associated with the user name, the registration parameters comprising a service counter and a standard ciphertext, matching the user counter with the service counter to detect the consistency of the numerical value during identity verification, and if the user counter is successfully matched with the service counter, verifying the identity of the client according to the difference between the standard ciphertext and the verification abstract information, within 1RTT, the client completes password verification, the abstract calculation frequency of the password is decreased progressively, eavesdropping attacks and replay attacks ofthe password in the network transmission process can be prevented, and potential dictionary attacks are prevented.

Efficient secure password protocols are constructed that remain secure against offline dictionary attacks even when a large, but bounded, part of the storage of a server responsible for password verification is retrieved by an adversary through a remote or local connection. A registration algorithm and a verification algorithm accomplish the goal of defeating a dictionary attack. A password protocol where a server, on input of a login and a password, carefully selects several locations from the password files, properly combines their content according to some special function, and stores the result of this function as a tag that can be associated with this password and used in a verification phase to verify access by users. Two main instantiations of our method are given; in one, a combination of mathematical tools, called dispersers and pairwise-independent hash functions is used to achieve security against adaptive intrusions (dispersers make sure that the password of each user depends on randomly chosen locations in a large password file, and pairwise-independent hash functions help in making this dependency sufficiently random); in a second one, a combination of mathematical tools, called k-wise independent hash functions and locally-computable and strong extractors (k-wise independent hash functions make sure that the locations chosen in the large password file from each password are sufficiently random, and locally-computable and strong extractors are used to combine the contents of these locations to generate a single long random value, which makes verification harder for the adversary to foil).