67 results about "Guessing attack" patented technology

A pseudo-random number generator (PRNG) for a cryptographic processing system is disclosed in which the PRNG is reseeded at each instance of input entropy and in which a standard timestamp variable used in determining random sequence outputs is replaced with a running counter. The method employed by the PRNG demonstrates increased resistance to iterative-guessing attacks and chosen-input attacks than those of previous technologies. The PRNG is suitable for use in, for example, a mobile telephone system for accomplishing secure communications.

An information processing system for remote access comprising a network access server and an authentication server is augmented with the ability to provide a simulated authentication process for authentication requests from attackers which do not correspond to authorized user names. Attackers whose requests form a password guessing attack for a user identity selected from a set of reject user names are redirected to a honeypot server.

The invention discloses an attribute-based searchable encrypted electronic medical record system and an encryption method. The system comprises a key distribution center and a cloud storage center, wherein the key distribution center generates public parameters and a master key to initialize the system; the key distribution center generates and distributes keys containing user attributes to users;a data owner sets an access strategy before uploading medical record data, encrypts the data, and then uploads the data to the cloud storage center; a data visitor generates a trap door according tokeywords and the keys, and provides a query request to the cloud storage center; and after receiving the query request, the cloud storage center determines to return corresponding encrypted data to the data visitor according to the trap door and keyword ciphertexts. According to the scheme of the invention, the difficulty of key management in a multi-user environment can be reduced, data users canbe supported to accurately query the keywords of the ciphertexts, guessing attacks of the keywords can be resisted, and the leakage of privacy data can be effectively prevented.

A system for authenticating a user and his local device to a secured remote service with symmetrical keys, which utilizes a PIN from the user and a unique random value from the local device in such a way that prevents the remote service from ever learning the user's PIN, or a hash of that PIN. The system also provides mutual authentication, verifying to the user and local device that the correct remote service is being used. At the same time, the system protects against PIN guessing attacks by requiring communication with the said remote service in order to verify if the correct PIN is known. Also, the system works in such a way as to change the random value stored on the user's local device after each authentication session.

The invention discloses a public key encryption method for supporting multi-keyword search to resist the attack of keyword guess. The method comprises the following steps: a data owner and a data receiver are registered as a legal authorized user in a trusted third party; the trusted third party runs the global parameter generation algorithm, outputs the global parameter set and sends it to the cloud server, the authorized data owner and the authorized data receiver. The data owner receives the global parameter set and sends the encrypted document set and the keyword ciphertext to the cloud server. The data receiver receives the global parameter set, constructs the keyword trap according to the query sentence, and sends the keyword trap to the cloud server. The cloud server receives the global parameter set, encrypts the ciphertext document, the keyword ciphertext and the keyword trap, and returns the satisfied ciphertext document to the authorized data recipient by running the test algorithm verification. The invention effectively solves the problem of keyword guess attack, realizes keyword search, and has obvious advantages in computational efficiency and communication cost.

The invention provides a double-factor authentication key agreement protocol suitable for a multi-gateway wireless sensor network. The protocol is divided into five stages: an initialization stage, aregistration stage, a login stage, an authentication stage and a key change stage. Fuzzy verification and honeywords methods are adopted in the user authentication part, so that the united password identity guessing attack based on the stolen intelligent card is effectively resisted. In the scheme, key negotiation is based on discrete elliptic curve encryption and can resist sensor capture attacks, so that the forward security of the protocol is ensured.

The invention discloses a fuzzy keyword public key searchable encryption scheme achieving an unrecognizable trap door. According to the scheme, the public key of a server is used for encrypting keywords and data files and an external attacker cannot acquire any information if not having the secret key of the server, thereby being incapable of using a safety channel for transmission. The scheme also achieves unrecognizable trap door such that the external attacker cannot attack the trap door by using keyword guessing attack. The scheme not only supports accurate keyword searchable encryption, but also supports search when input keywords have any spelling mistake or inconsistent formats, thereby greatly improving system availability.

The invention belongs to the communication technical field, relating to the safety problem of network communication, in particular to the three party key exchange protocol, namely, 3PAKE protocol focusing on password authentication of a network structure. Basing on the CDH assumption and using the difficulty of discrete logarithm and the unilateralism of hash function, the invention includes three key steps that firstly, the certifications of the two users asking for communication are certified by the server; secondly, the certification of the server is verified by the two users asking for communication; thirdly, certifications of the two users asking for communication are mutually verified. The invention overcomes the vulnerabilities of masquerading attack for the starter, masquerading attack from the responder, the attack from the middleman and the on-line password guess attack all existed in the S-3PAKE protocol; has the capacities of resisting frequent attack, the attack from the middleman, the masquerading attack from the starter, the masquerading attack from the responder, the off-line guess attack and the replay attack; has forward security and known key security; and also has the characteristic of perfectly resisting on-line guess attack.

The invention provides a digital signature verification method and system. The user identity is used as the public key of the user, the private key is calculated by the trusted third party using the identity private key generation method, and the user does not need to apply for and exchange the certificate, thus greatly simplifying the complexity of cryptographic system management. The generated identity private key is protected using the PIN code and system features at the signature terminal. The signature terminal signatures information using the protected identity private key and a part of identity cryptographic system parameters, so that the digital signature function is achieved, and the ability to resist the PIN code guessing attack is effectively improved.

The invention discloses a safety authentication method based on intelligent home. The invention comprises the following steps: step 1, a user registers and authenticates at a home gateway; step 2, theuser registers and authenticates at a home gateway. 2, the home gateway sends a message to the intelligent terminal; 3, authenticating the intelligent terminal and forming a session secret key replyphase; 4, the home gateway replies to the user stage; 5, a session secret key is formed between the user and the intelligent terminal. The invention provides a new M2M mode, which is based on the usermobile terminal to transmit information through the home gateway to control the intelligent home terminal, so as to realize the intelligent safety authentication of the home environment, and ensure the message transmission and the data safety in the intelligent home. The invention can provide security attributes such as user anonymity, mutual authentication, session key security, perfect forwardsecurity and the like, and can also resist offline password guessing attack and camouflage attack. And the performance comparison shows that the proposed mechanism has high efficiency.

The invention discloses a radio frequency identification system safety certification and key agreement method. According to the radio frequency identification system safety certification and key agreement method, transmission of public values of the two communication parties is simplified, the public values are transmitted through a certification server, influences on the safety performance are avoided, and therefore even through the server is broken into, it is certain that following certification can not be passed. In the certification process, three-round communication and seven-step operation are required to be executed to generate a session key, and compared with same-class methods, the radio frequency identification system safety certification and key agreement method has the advantage that efficiency is greatly improved. The radio frequency identification system safety certification and key agreement method has the advantages of being safe, low in storage cost and communication cost, novel, easy to implement and the like. By means of the radio frequency identification system safety certification and key agreement method, server leakage attack, midwayer attack, off-line guessing attack and not-detectable on-line guessing attack can be effectively defended, meanwhile, a bidirectional certification session key with high safety performance and forward safety performance are provided, and the radio frequency identification system safety certification and key agreement method is quite suitable for RFID application systems which must provide privacy protection.

The invention discloses a group-based password intensity assessment method. The method comprises the steps of password assessment preparation, neural network training and group password intensity assessment, wherein the password assessment preparation step comprises the sub-steps of determining group attribute features, constructing a group set according to the attribute features, collecting a password set, cleaning password set data, and finishing password set data preprocessing; the neural network training step comprises the sub-steps of determining a neural network model, and collecting preprocessing results to train a neural network; and the group password intensity assessment step comprises the sub-steps of inputting a password to the trained neural network, and assessing the intensity of the password in a trained group. The intensity of the password in the group is assessed by utilizing the neural network; the neural network is compressed to achieve the plug and play effect; thepassword intensity is timely fed back; a weak password of the group is eliminated to a certain extent; the capability of resisting password guessing attacks by the password is enhanced; and the password security is improved.

The invention relates to the technical field of identity authentication, in particular to an identity verification method for resisting a password-guessing replay attack. The identity verification method related by the invention comprises the following steps: first of all, carrying out time synchronization on a server and a user browser which needs identity verification; then obtaining a shared key by the user browser via an https mechanism; obtaining a current timestamp; carrying out encryption on a usename and the timestamp together with a password by employing the shared key by the user browser; then encrypting whole identity verification information with the shared key again; then carrying out two times of decryption by a server side to obtain two pieces of identity verification information; then making a comparison respectively, and if the two pieces of the identity verification information are completely consistent, comparing the timestamp with a current time; and at last, verifying whether a usename and password combination in the information is consistent with the usename and password combination stored in a system, and if yes, executing the verification is passed. According to the identity verification method related by the invention, the identity verification via the password-guessing attack is avoided; and the identity verification method can be used in the identity verification of a Web application.

The invention discloses a semantic transformation-based password enhancing method. The method comprises the following steps of: command blacklist matching: matching a password submitted by a user withan existing password blacklist; password strength assessment: assessing the strength of the password through comparing a generation probability for calculating user passwords with a set probability threshold value; password segmentation: segmenting the password into a plurality of fragments after carrying out semantic analysis on weak password; and password semantic transformation and enhancement: transforming the password fragments through a predefined transformation algorithm to ensure that the enhanced password and the original password has certain similarity. According to the method, theusers are fundamentally enabled to use fewer weak passwords through using a blacklist technology, and algorithms such as password strength assessment and semantic analysis and segmentation are used, so that the password availability is ensured, the password strength is improved, the guessing attack defensing ability of the passwords is strengthened and the password safety is improved.

The invention discloses a password strength evaluation method based on weak password deduction, and the method comprises the following steps: 1) generation of a weak password set: selecting highly ranked passwords as the weak password set from a password sample according to a mode of a descending order of frequency of occurrence; 2) grammar training: parsing passwords in a training set based on the weak password set, and generating a probability context-free grammar table with a weak password tag; 3) password strength evaluation: inputting the password, calculating probability of the passwordaccording to the grammar table generated through the grammar training, wherein the higher a probability value is, the lower the password strength is; 4) updating of the grammar table: according to theinput password, dynamically adjusting distribution probability of the probability context-free grammar with the weak password tag. In the method provided by the invention, the password similar as thepassword in the weak password set is deduced through the existing probability context-free grammar, the method inherits efficiency and robustness of the conventional password strength evaluation method and simultaneously can eliminate potential weak passwords, enhance password-guessing attack resistance ability of the passwords and improve security of users.

The invention relates to a searchable attribute-based encryption method for resisting keyword guessing attack. A cloud storage provider (CSP) is responsible for storing data and providing keyword retrieval for legal users in a system. The authorization center is responsible for initialization of the system, generation of a secret key and updating operation of a ciphertext and the secret key. And the data owner is responsible for uploading ciphertext data of a specified access structure. The data user obtains the private key or the updated private key from the authorization center; a ciphertextis downloaded from a cloud storage provider (CSP), the ciphertext is successfully decrypted only when an attribute list of the ciphertext is matched with an access structure embedded in the ciphertext, and after a receiver decrypts the ciphertext, a data user can submit encrypted keywords to the cloud storage provider to retrieve the ciphertext. According to the method, fine-grained access control and ciphertext retrieval in a cloud environment can be realized, and keyword guessing attacks can be resisted.

The invention discloses a privacy-protected identity-based encryption method with keyword search. The method comprises the steps of generating public parameters and a main private key of a system, generating a private key of an entity, generating a keyword ciphertext, generating a keyword trap door and testing. The invention also discloses a privacyprotected identity-based encryption system with keyword search. The system comprises a system parameter generation module, a key generation module, a keyword ciphertext generation module, a keyword trap door generation module and a test module. According to the technical scheme, a ciphertext search function for privacy protection is provided, keyword guessing attacks based on an identity encryption method for existing keyword search can be effectively resisted, and the purpose of protecting user privacy is achieved.

The invention provides a lightweight searchable encryption method and device based on an elliptic curve. The method comprises the following steps: a system initialization step; a user public and private key pair generation step; an encryption step based on keyword search; encrypting the original data file by using a universal public key encryption technology; a search trap door generating step; and a cloud server search testing step. According to the keyword guessing attack resistant lightweight searchable encryption method, an elliptic curve cryptographic algorithm is utilized, and the requirements on calculation and storage expenditure are relatively low, so that the keyword guessing attack resistant lightweight searchable encryption method has a lightweight characteristic, can be widelyapplied to various mobile intelligent terminal platforms with limited hardware resources, and has a keyword guessing resistance characteristic; therefore, the server cannot guess the keywords queriedby the user, and the information security of the cloud data is effectively guaranteed.

The invention relates to a connection keyword authentication searchable encryption method based on a national cryptographic algorithm. The method comprises the following steps of: (1) initializing analgorithm; (2) generating a public and private key pair; (3) generating an encryption key through key negotiation; (4) encrypting a document; (5) generating a security index; (6) sending a security list to a cloud server; (7) generating a search token; (8) generating search results; (9) comparing the results; (10) circulating; (11) feeding back the search results; and (12) obtaining a plaintext result. Connection keyword search is supported, it is ensured that a security index can only be generated by a data sender, and keyword guessing attacks of the cloud server are resisted. It is ensured that the token is only matched with the security index sent by the data sender, the ciphertext of the data sender is obtained, the method does not involve bilinear pairing operation with large calculation expenditure when the keyword index is generated, and only one-time bilinear pairing operation is needed when the search token is generated.

The invention belongs to the technical field of network security, and particularly relates to a lightweight password guessing dictionary generation method and device based on a variational auto-encoder, and the method comprises the steps: carrying out the preprocessing of passwords in a training set according to a preset condition, and obtaining a password set in a unified format; dividing the password set according to the structure to obtain password fragments, and segmenting each password fragment into character combinations by using an n-gram method; screening out a common character combination according to preset parameters, and then coding the password in a vector form; initializing a variational auto-encoder model, and training the variational auto-encoder model by using the vector form password until a loss function value does not decrease any more; and generating guess passwords by using the trained variational auto-encoder model, and performing descending order arrangement according to the occurrence frequency of the generated passwords to obtain a password guess dictionary. According to the method, the model training time and the generation time of the password guessing dictionary are greatly shortened, the success rate of password guessing is improved, and the timeliness of dictionary guessing attacks is ensured.

The invention discloses a password enhanced and updatable blind key management method in cloud storage, and belongs to the technical field of communication. According to the invention, a group of authentication servers are introduced, before interaction between the user and the key server, identity authentication is carried out on the user and the authentication servers through passwords, and meanwhile, the authentication times of the user in one period are limited, so that pretending attack and password guessing attack of an enemy are prevented. According to the invention, the collusion between the honest but curious cloud server and the key server is resisted, and by introducing a group of authentication servers, the collusion between the key server and the cloud server cannot recover the ciphertext message of the user. According to the invention, a plurality of key servers are introduced, so that the single-point failure attack of one key server is avoided.

The invention discloses a wireless sensor network authentication method and a system, and electronic equipment, and aims to solve the problems that off-line password guessing attacks cannot be resisted and forward security cannot be ensured. The method comprises the following steps: carrying out initialization setting on a gateway node and a sensor node of the wireless sensor network by utilizingan elliptic curve modular multiplication, and determining basic identity information; accessing the wireless sensor network by the sensor node and a user terminal according to the basic identity information; determining a target sensor node according to the communication request of the user terminal; and adopting corresponding authentication negotiation modes for different target sensor nodes, andauthenticating and negotiating the user terminal and the target sensor nodes to determine a session key. The system and the electronic equipment are used for executing the wireless sensor network authentication method.

The invention discloses an identity-based double-server authorization ciphertext equivalence judgment method, which takes a unique identity identifier of a user as a public key, stores user data and executes ciphertext equivalence judgment in a non-conspired double-server mode, and can effectively resist single-server keyword guessing attack. Before the double servers are not authorized, the double servers do not have the right to execute any operation on the outsourcing ciphertext of the user. After the authorization generated by the user is obtained, the master server and the slave server can only execute the ciphertext equivalence judgment process in succession, that is, the master server generates intermediate parameters for ciphertext judgment, and the slave server completes ciphertext equivalence judgment according to the intermediate parameters and returns a final judgment result to the user. The problems that an existing related public key encryption method faces public key certificate management burden, and a related method based on a single server model is difficult to resist keyword guessing attacks are solved.