共查询到20条相似文献,搜索用时 156 毫秒
1.
身份认证是网络安全技术的一个重要组成部分,而动态口令认证系统可以有效地避免因用户密码被盗而带来的巨大损失。文章在基于挑战/应答认证机制的基础上提出了基于动态口令的认证机制,并介绍了静态口令与动态口令的区别,论述了用动态口令设计身份认证的原理,提出了动态口令身份认证系统的实现方法。 相似文献
2.
身份认证是网络安全技术的一个重要组成部分,而动态口令认证系统可以有效地避免因用户密码被盗而带来的巨大损失.文章在基于挑战/应答认证机制的基础上提出了基于动态口令的认证机制,并介绍了静态口令与动态口令的区别,论述了用动态口令设计身份认证的原理,提出了动态口令身份认证系统的实现方法. 相似文献
3.
4.
针对当前远程教育系统所采用的静态口令身份认证技术的不足,通过研究基于口令的身份认证系统,设计了基于手机短信平台的一次一用动态口令系统方案。对登录用户进行多因素动态身份认证,以提高远程教育学习系统的安全性,进一步推动远程教育的发展。 相似文献
5.
6.
身份认证系统的设计与实现 总被引:3,自引:0,他引:3
身份认证就是通过特定手段对用户所声称的身份进行认证的过程,它是实现网络安全的重要机制.本文介绍了动态口令身份认证的实现原理,并在著名的Schnorr身份认证协议的基础上.用Java语言设计并实现了一个动态口令身份认证系统. 相似文献
7.
本文提出了一种采用安全单钥管理技术,在客户机和认证中心两端建立加密和认证协议,将用户在客户机端输入的静态口令和认证系统自动生成的静态口令,通过密钥元素代替表,代替成一次一变的认证密钥,再生成动态口令实现身份认证,从而,建立基于动态口令身份认证系统. 相似文献
8.
基于ATM应用的身份认证系统 总被引:1,自引:0,他引:1
身份认证是银行网络安全技术的一个重要组成部分.对当前自动柜员机(ATM)应用中的安全缺陷进行了分析,介绍了动态口令技术原理,设计了一个基于ATM应用的身份认证系统,并对系统的组成及其功能进行了阐述.给出了认证服务器的部分调用代码,讨论了基于动态口令技术的ATM应用流程,并对身份认证系统的安全性进行了剖析.设计的认证系统克服了传统口令认证的弱点,解决了ATM应用中用户身份认证的安全问题. 相似文献
9.
10.
身份认证在网络应用系统中起着重要的作用.动态口令身份认证弥补了传统口令身份认证的不足,是一种更安全的身份认证机制.公开密钥密码体制的出现,为信息提供了更安全的加密方法.将公开密钥密码体制应用于身份认证系统,提出了一种挑战/应答方式的动态口令身份认证系统的实现方法. 相似文献
11.
具有主动报警功能的动态身份认证系统 总被引:1,自引:0,他引:1
针对目前普遍存在的身份认证密码易被破解的问题,本文提出一种基于物理噪声源的动态身份认证系统,该系统将编码后的随机密码通过无线通讯的方式传送给合法用户,这既使得攻击者不可能推断出下一口令,又解决了已有的一次一密认证系统给用户带来的麻烦和负担。此外,系统还提供了无线报警提示功能,可将用户的登录信息及时地发送送给对应的合法用户,从而能够有效地主动防止非法用户的假冒攻击行为。 相似文献
12.
针对当前B/S 模式下公共网络中进行身份认证的安全问题,设计了使用静态口令和动态口令结合进行一次一密身份认证的方案,它将认证服务器与应用程序服务器分离,使静态口令认证在安全通道内进行,有效保障口令的安全。动态口令认证采用著名的Schnorr 身份认证协议,其私钥采用复杂的混沌序列生成以确保密钥敏感安全性,结合Java Applet 技术对公共网络上传输的信息采用对称DES 算法加密,提升了整个系统的可靠性。研究方案最后通过实例验证了系统的可行性和安全保障性。 相似文献
13.
Joseph A. Cazier B. Dawn Medlin 《Information Security Journal: A Global Perspective》2013,22(6):45-55
Abstract Strong passwords are essential to the security of any e-commerce site as well as to individual users. Without them, hackers can penetrate a network and stop critical processes that assist consumers and keep companies operating. For most e-commerce sites, consumers have the responsibility of creating their own passwords and often do so without guidance from the web site or system administrator. One fact is well known about password creation—consumers do not create long or complicated passwords because they cannot remember them. Through an empirical analysis, this paper examines whether the passwords created by individuals on an e-commerce site use either positive or negative password practices. This paper also addresses the issue of crack times in relationship to password choices. The results of this study will show the actual password practices of current consumers, which could enforce the need for systems administrators to recommend secure password practices on e-commerce sites and in general. 相似文献
14.
John Charles Gyorffy Andrew F. Tappenden James Miller 《International Journal of Information Security》2011,10(6):321-336
Given that phishing is an ever-increasing problem, a better authentication system is required. We propose a system that uses
a graphical password deployed from a Trojan and virus-resistant embedded device. The graphical password utilizes a personal
image to construct an image hash, which is provided as input into a cryptosystem that returns a password. The graphical password
requires the user to select a small number of points on the image. The embedded device will then stretch these points into
a long alphanumeric password. With one graphical password, the user can generate many passwords from their unique embedded
device. The image hash algorithm employed by the device is demonstrated to produce random and unique 256-bit message digests
and was found to be responsive to subtle changes in the underlying image. Furthermore, the device was found to generate passwords
with entropy significantly larger than that of users passwords currently employed today. 相似文献
15.
本文主要探讨了默认密码、弱密码、系统保存密码的缺陷、密码取回等等问题,以及简单介绍了在线破解、离线破解、非技术破解等等破解手段。同时,本文还提出一些加强我们的密码的方法,如密码字符随机化、字符多元化、加长密码的长度和其他一些设置密码的技巧。最后,给出了评估密码强度的方法并展望了下一代密码技术。 相似文献
16.
口令认证一直是最主要的身份认证方式。考虑到口令要满足口令策略和易记忆的要求,用户常常会将个人信息组合起来作为口令。因此,为了调查此类口令的比例,以2011年泄露的四种真实口令集为实验素材,预先设定口令的组合结构和格式,使用程序统计使用个人信息组合作为口令的比例。实验结果表明,使用姓名、电话号码、特殊日期等信息组合而成的口令比例为12.41%~25.53%。根据这一规律,提出了动态字典攻击。攻击者可以在获得用户部分个人信息后,生成具有针对性的动态字词典,并以此来破解用户口令。最后,还讨论了如何选择口令以防止攻击者通过动态字典破解用户口令。 相似文献
17.
Christina Katsini Christos Fidas Marios Belk George Samaras Nikolaos Avouris 《International journal of human-computer interaction》2013,29(19):1800-1812
ABSTRACTGraphical password composition is an important part of graphical user authentication which affects the strength of the chosen password. Considering that graphical authentication is associated with visual search, perception, and information retrieval, in this paper we report on an eye-tracking study (N = 109) that aimed to investigate the effects of users’ cognitive styles toward the strength of the created passwords and shed light into whether and how the visual strategy of the users during graphical password composition is associated with the passwords’ strength. For doing so, we adopted Witkin’s Field Dependence-Independence theory, which underpins individual differences in visual information and cognitive processing, as graphical password composition tasks are associated with visual search. The analysis revealed that users with different cognitive processing characteristics followed different patterns of visual behavior during password composition which affected the strength of the created passwords. The findings underpin the need of considering human-cognitive characteristics as a design factor in graphical password schemes. The paper concludes by discussing implications for improving recognition-based graphical passwords through adaptation and personalization techniques based on individual cognitive characteristics. 相似文献
18.
《Computers & Security》2007,26(7-8):445-451
Password-based authentication is frequently criticised on the basis of the ways in which the approach can be compromised by end-users. However, a fundamental point in the defence of many users is that they may not know any better, and lack appropriate guidance and support when choosing their passwords and subsequently attempting to manage them. Given that such support could reasonably be expected to come from the systems upon which the passwords are used, this paper presents an assessment of password practices on 10 popular websites, examining the extent to which they provide guidance for password selection, enforce restrictions on password choices, and support easy and effective recovery or reset if passwords are forgotten. The findings reveal that the situation is extremely variable, with none of the assessed sites performing ideally across all of the assessed criteria. Better efforts are consequently required if password practices amongst the general populous are expected to improve. 相似文献
19.
20.
《International journal of human-computer studies》2007,65(8):744-757
Personal information and organizational information need to be protected, which requires that only authorized users gain access to the information. The most commonly used method for authenticating users who attempt to access such information is through the use of username–password combinations. However, this is a weak method of authentication because users tend to generate passwords that are easy to remember but also easy to crack. Proactive password checking, for which passwords must satisfy certain criteria, is one method for improving the security of user-generated passwords. The present study evaluated the time and number of attempts needed to generate unique passwords satisfying different restrictions for multiple accounts, as well as the login time and accuracy for recalling those passwords. Imposing password restrictions alone did not necessarily lead to more secure passwords. However, the use of a technique for which the first letter of each word of a sentence was used coupled with a requirement to insert a special character and digit yielded more secure passwords that were more memorable. 相似文献
