Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Password verification method and system for preventing library collision attack, middleware and storage medium

A verification method and password technology, applied in middleware and storage media, password verification method to prevent credential stuffing attacks, system field, can solve problems such as low security index, and achieve the effect of reducing the risk of credential stuffing attacks

Inactive Publication Date: 2019-08-02
中科赛诺(北京)科技有限公司
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this kind of verification code mechanism can be bypassed after one request, and it is widely used, and its safety index is relatively low.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Password verification method and system for preventing library collision attack, middleware and storage medium
  • Password verification method and system for preventing library collision attack, middleware and storage medium
  • Password verification method and system for preventing library collision attack, middleware and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0061] like figure 1 As shown, the password verification method for preventing credential stuffing attacks includes the following steps,

[0062] Decompose the user password PW into two interrelated login random factors and

[0063] combined user ID u random factor of two said logins and Perform password verification with the user registration information generated by registration;

[0064] Wherein, the user registration information includes the user identity ID u and two interrelated registration random factors decomposed by the user password PW and

[0065] The basic design idea of ​​the password verification method of the present invention is to decompose a password input by a user into two random factors, and perform password verification on the two random factors and the server. The risk of library attack can save the user from using different passwords to prevent the trouble of credential library attack. Therefore, this method is more convenient, practica...

Embodiment 2

[0067] On the basis of the first embodiment above, registering and generating user registration information specifically includes the following steps, setting the user identity ID u and the user password PW, calculate the hash value h of the user password PW u ,

[0068] The group Z of integers modulo q q * Randomly select one of the registered random factors within use the formula calculates another of the enrollment random factors so that the user password PW is decomposed into two interrelated registration random factors and

[0069] is the user registration information.

Embodiment 3

[0071] On the basis of the above-mentioned embodiment 1 or embodiment 2, the user password PW is decomposed into two interrelated login random factors and Specifically include the following steps,

[0072] Calculate the hash value h of the user password PW u ,

[0073] The group of integers modulo q Randomly select one of the login random factors within use the formula Calculates another of said login random factors so that the user password PW is decomposed into two interrelated random factors of the login and

[0074] is based on modulo q in the group of integers The operation inside guarantees the non-infinity of the operation, and in addition is chosen randomly, so each calculated The results are not the same.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a password verification method and system for preventing library collision attack, a middleware and a storage medium. The password verification method comprises the followingsteps of decomposing a user password PW into two mutually associated login random factors, and carrying out password verification on the two login random factors and the user registration informationgenerated by registration in combination with a user identity identifier IDu, wherein the user registration information comprises the user identity identifier IDu and two mutually associated registration random factors decomposed from the user password PW. The basic design idea of the password verification method is that a password inputted by a user is decomposed into two random factors, and thetwo random factors and the server are subjected to password verification, so that the risk that a user uses the same password on different application servers to suffer from library collision attacksis reduced, the trouble that the user uses different passwords to prevent library collision attacks is omitted, and therefore the method is more convenient, practical and safer.

Description

technical field [0001] The invention relates to the field of Internet password verification, in particular to a password verification method, system, middleware and storage medium for preventing credential stuffing attacks. Background technique [0002] With the development and popularization of the Internet, the problem of user information leakage has become more and more significant. For example, the JD.com smear incident, the previous CSDN, and the data leakage of well-known hotel groups. In the Internet age, everyone seems to be transparent. Once personal information enters the Internet, it is completely exposed to the eyes of others. Although the defenders of network order have been fighting against hackers who steal information, non-professionals often have insufficient understanding of this professional behavior, do not know how to prevent attacks, and do not even have the awareness to prevent being attacked. The credentialing attacks to be prevented by the present i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/30H04L9/08H04L29/06
CPCH04L9/0869H04L9/302H04L63/083
Inventor 邱政超董文全盛磊
Owner 中科赛诺(北京)科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products