KR101600474B1 - Authentication method by salted password - Google Patents
Authentication method by salted password Download PDFInfo
- Publication number
- KR101600474B1 KR101600474B1 KR1020150122084A KR20150122084A KR101600474B1 KR 101600474 B1 KR101600474 B1 KR 101600474B1 KR 1020150122084 A KR1020150122084 A KR 1020150122084A KR 20150122084 A KR20150122084 A KR 20150122084A KR 101600474 B1 KR101600474 B1 KR 101600474B1
- Authority
- KR
- South Korea
- Prior art keywords
- password
- salt
- variable
- user
- rule
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention allows a user to input, into a server, a SOLID password generated by mixing a password included in an OTP provided by a server with a password according to a predetermined salt rule, and the server transmits the SOLID password A salt password authentication method of deciding whether or not to authenticate a user using an extracted password generated by applying the salt rule in reverse. The solved password authentication method according to the present invention performs a member registration step in which a user connects to a server and registers a member, and an authentication step in which a user accesses a server and performs an authentication procedure.
Description
[0001] The present invention relates to a password authentication method, and more particularly, to a password authentication method in which a server (hereinafter, referred to as a server) of a client server system provides a user with an OTP (One Time Password) (Salt variable) at a position specified in the Salt rule among a plurality of variables constituting the password, and inputs the generated password into the server. The server inserts the salt into the salt variable, You have selected the correct salt variable from the OTP, selected the appropriate number of salt variables, inserted the salt variable into the correct position of the password, and entered the password with pre-commit And determines whether the user is authenticated by judging whether or not the encrypted password is matched. Seward relates to authentication methods.
User authentication is a procedure for verifying the eligibility to access certain information. It is introduced to prevent unauthorized access to confidential information of a country to be protected, confidential information of a company, and confidential information of an individual. User authentication consists of a knowledge-based authentication method that uses passwords and pre-established questions and answers, a token-based authentication method that uses information held by the user such as a public certificate or an OTP (One-Time Password) Based authentication method that uses the fingerprint or iris of the user who has made the authentication.
Based authentication methods that use public certificates or one-time passwords, OTP, are used for online banking, online games, portal sites, and corporate networks because they can maintain a high level of security. There are S / KEY method, time synchronization method, challenge / response method and event synchronization method as authentication methods using OTP, but it is vulnerable when OTP list is leaked or synchronization fails, There is a disadvantage.
In the bio-based authentication method, the recognition rate of the fingerprint is not high, and the repetitive operation is required in many cases. In the case of using the red body, the installation cost is considerable.
The above-described knowledge-based authentication is used as a basic authentication method for client / server-based user authentication, and financial institutions and public institutions use the above-described token-based authentication when enhanced authentication is required. Hacker's attack on user accounts is mainly based on attacks on knowledge-based authentication, which is based on Brute Force Attack.
To prevent hacking, KISA proposes to use passwords of 8 digits or more in three character types or more, or to use passwords of 10 digits or more in length with two or more types of characters. However, the knowledge-based authentication method has a disadvantage that it is easy for a user to forget a password having a complicated structure because the same condition is different according to the conditions of the password for each site.
SUMMARY OF THE INVENTION The present invention has been made in view of the above problems, and it is an object of the present invention to provide a solved password authentication method using a variable password generated by applying a variable OTP in order to disable a hacker's attack such as a random assignment attack using a weak point that a password is fixed And the like.
According to another aspect of the present invention, there is provided a method of authenticating a password in a server, the method comprising the steps of: In the authentication step, the user selects an N (N is a natural number of 2 or more) variables generated and provided by the server by using the arbitrary connection means, and according to the salt rule stored in advance, Selects a specified variable, and transmits the selected password and ID obtained by mixing the selected variable with the password according to the salt rule, to the server, and the server reverses the salt rule to the received password received from the user And compares the acquired password with the ID and password stored in the database to confirm suitability of the ID and the secret password inputted by the user.
A method of authenticating a password according to the present invention is a method in which a password for authentication to be transmitted to a server is changed each time a user tries to authenticate, so that attacks such as a random assignment attack by a hacker and a random assignment attack It is possible to protect user accounts of users of countries, enterprises and individuals from attacks using network loopholes such as sniffing.
In addition, the user only needs to memorize the salt rules and the relatively uncomplicated passwords that have been promised to the server, and it is inconvenient to carry the OTP in order to enhance the security, and the complicated and difficult to memorize password And it is possible to eliminate the inconvenience of having to change the password periodically.
FIG. 1 shows a member registration step of the SOLID password authentication method according to the present invention.
FIG. 2 shows an authentication step of the SOLID password authentication method according to the present invention.
FIG. 3 shows the step of generating a salt variable string during the authentication step shown in FIG.
Figure 4 illustrates a method for generating a solids password using a salt variable string, a salt rule, and a password.
Figure 5 illustrates the effect of using a salt rule according to the present invention.
6 shows an initial screen provided by the server.
FIG. 7 shows a hacking time for a password that does not use the SOLID password authentication method according to the present invention.
FIG. 8 shows the hacking time for a solicited password determined using the solved password authentication method according to the present invention.
In order to fully understand the present invention and the operational advantages of the present invention and the objects achieved by the practice of the present invention, reference should be made to the accompanying drawings, which are provided for explaining exemplary embodiments of the present invention, and the contents of the accompanying drawings.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.
FIG. 1 shows a member registration step of the SOLID password authentication method according to the present invention.
1, a
Here, the client server system is a concept including a web system, and a server of a client server system and a server which is a substitute term thereof are concepts including a web server.
The first connection means, which is a means for a user to connect to the server for registration and authentication after use of the member, and the second connection means, which is used in the following description, may be various, for example, a computer or a smart phone. Therefore, the first connection means and the second connection means used in the following description mean one of various means that can be connected to the server wirelessly or wiredly, such as a computer or a smart phone.
When the user connects (111) to the server for registration of the member, the server requests the user to manually input the ID, password and salt rule to be used in the future (112), and the user inputs the ID, A password and a salt rule (113) to the server.
The server judges whether or not the ID and the password received from the user are duplicated or not. If the ID and the password are found to be usable, the server registers 114 an ID, a password and a salt rule. (115), the ID, the encryption password, and the salt rule are collected and stored in the database (116).
In the above description, the method of accessing and performing the
The salt rule proposed in the present invention will be described later in detail together with the salt variable string to be described later.
After the above process, the user's ID, password, and salt rule are registered, the
FIG. 2 shows an authentication step of the SOLID password authentication method according to the present invention.
2, the
In the
In the salt variable
A session is a technique for maintaining the identity of a user on a client server system by not communicating again within a certain time-out after the start of communication or by closing the browser used. When storing the
In the input
In the authentication
In the ID
In the case of judging whether or not the identity inputted by the user is included in the database (Yes) in the identity
The extracted
In the
If it is determined that the ID inputted by the user is not included in the database in the ID suitability determination step 217 (No), the solved password
In the present invention, as described above, in the authentication process, when a wrong user's wrong information is inputted as well as a mistake of a legitimate user input as well as a wrong user, a new salt variable string is generated and a new secure password is generated using the new salt variable string So that the possibility of hacking is minimized.
If it is determined in the
In the above description, the step of judging the solicited
FIG. 3 shows the step of generating a salt variable string during the authentication step shown in FIG.
3, in the salt variable
The salt variable string displayed in the salt variable string window in the input
The salt variable string proposed in the present invention is a string of N variables randomly selected from at least one of a plurality of characters, a plurality of numbers (0 to 9) and a plurality of symbols. The greater the number of N, the more effective it will be. Here, it is preferable to use at least one of alphabetic uppercase letters (A to Z) and lowercase alphabetic characters (a to z).
The salt rule includes a first selection rule for selecting at least one variable in a plurality of variables constituting a salt variable string, that is, a salt variable, and a second selection rule for selecting a salt variable selected in accordance with the first selection rule, And a second selection rule for determining which one of the variables is to be inserted next. Accordingly, the solid password can be obtained by inserting the salt variable selected according to the first selection rule at a selected position according to the second selection rule among the plurality of variables constituting the password.
For example, if the first selection rule is set to a salt variable of 4, it indicates to select the fourth variable from the left among the plurality of variables constituting the salt variable string. Also, if the second selection rule is set to 3, it indicates to insert the variable selected by the first selection rule after the third variable among the plurality of variables constituting the password.
Figure 4 illustrates a method for generating a solids password using a salt variable string, a salt rule, and a password.
4, when the password is preset to "entersoft", the first selection rule is 4, the second selection rule is 3, and the salt variable string provided from the server is N (10) Assuming "MK6QY92C4H", the user must input the signed password "entQersoft" which is obtained by inserting "Q", the fourth character of the salt variable string to be non-portable OTP, after the third character of the password Will be.
It can be seen that the ten variables constituting the salt variable string shown in FIG. 4 are not merely letters and numbers but are images modified by the CAPTCHA method for the corresponding letters and numbers.
CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Aparts) is an image obtained by intentionally twisting or overlaying objects that can be distinguished from one another by a computer, but the hacking program reads the OTP string and automatically logs in. So that it can not be attempted.
4, numeral 4 is selected in the first selection rule. If two variables are set in the salt variable, such as 4 and 6, the salt variable inserted in the password is set to "9" Will be included. In this case, the second selection rule may also retain the existing "3 ", but for example," 4 "may be added.
Quot; Q "and" 9 "should be inserted consecutively after the third digit of the password, and when the second selection rule is selected as 3 and 4, "Q" is inserted after the digit, but "9" should be inserted after the fourth digit of the password. The method of inserting, etc., can be set in various ways by a program in advance, and the above description is made by taking one of them as an example.
Figure 5 illustrates the effect of using a salt rule according to the present invention.
Referring to FIG. 5, which shows the use of the password (no Salt), inserting one salt variable into the password (1 Salt) and inserting 2 salt variables into the password (2 Salts) The number of salt variables to be added to the password is one, the number of each case in no Salt, 1 Salt and 2 Salts is 62 , 1240 and 5580, and when the number of salt variables is two, 3844, 115320 and 1037880, respectively. When the number of salt variables is 8, it can be seen that the use of two salt variables (2 Salts) has a number of 3240 times as compared to the case of no salt (no salt).
6 shows an initial screen provided by the server.
Referring to FIG. 6, the user inputs his / her ID into the ID input window (ID *) presented at the upper part, selects a predetermined variable according to a predetermined salt rule among the variables presented in the salt variable string window , It can be understood that a password generated by inserting the selected variable into the agreed position of the password according to the salt rule can be input into the password input window (password *) shown in the middle. The form and position of the ID input window, the password input window, and the salt variable string window may be different according to the embodiment.
The effect of the solved password authentication method according to the present invention can be confirmed on an internet site (https://howsecureismypassword.net/) which indicates the possibility of password hacking.
FIG. 7 shows a hacking time for a password that does not use the SOLID password authentication method according to the present invention.
Referring to FIG. 7, as a result of examining the possibility of hacking provided by an Internet site, it was determined that the time spent for hacking when using "entersoft" as the password was 22 minutes (22 minutes).
FIG. 8 shows the hacking time for a solicited password determined using the solved password authentication method according to the present invention.
Referring to FIG. 8, it can be seen that hacking takes one year if one variable is inserted into the password.
Referring to FIG. 7 and FIG. 8, it can be seen that when one variable Y is added to the password, 23891 times of the time is required for hacking, compared to the case in which one variable is not further inserted into the password.
The description of FIG. 7 and FIG. 8 is for the case where the added variable is fixed to "Y", and in reality, the added variable is changed every time it is tried, so that the hacking of the random assignment attack method will become impossible.
As described above, the SOLID password authentication method according to the present invention, which proposes to use a combination of token-based authentication using OTP and knowledge-based authentication using a password, does not carry the OTP, which is one of the disadvantages of OTP The dictionary attack is a dictionary attack that can be used as a password, and it can be created within a range of strings by checking the passwords one by one. Hacking methods such as random assignment attack that assigns all passwords are ineffective. By applying CAPTCHA to the constituent variables of the OTP, the automated attack was originally blocked.
While the present invention has been described in connection with what is presently considered to be the most practical and preferred embodiment, it is to be understood that the invention is not limited to the disclosed embodiments. It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the scope of the present invention.
110: Member registration step
120: setting information input step 130: information storing step
210: authentication step
211: connection step
212: Steps for creating a salt variable string
214: Input window provisioning step
215: Step of inputting authentication information
217: Identity suitability determination step
219: Solved password suitability determination step
220: Detached Password Encryption Phase
222: password determination step
Claims (10)
In the authentication step, it is confirmed whether or not the variable inserted into the solicit password by the user has been selected from the salt variable string according to the salt rule and whether the selected variable is inserted at the position of the solicit password according to the salt rule A solved password authentication method characterized by.
A user or an administrator of the server promises and registers a salt rule applied to a process of inputting an ID, a password and a password required for user authentication when a user accesses the server by using arbitrary connection means, and the server registers A member registration step of storing a registered ID, a registered password, and a registered salt rule in a database;
The method of claim 1, further comprising:
Wherein the salt rule includes a first selection rule for selecting at least one variable in a predetermined position among a plurality of variables constituting the salt variable string and a second selection rule for selecting a variable selected in accordance with the first selection rule, And a second selection rule for determining which one of the variables is to be inserted next,
The above-
Wherein a variable selected according to the first selection rule is inserted between a plurality of variables constituting the password at a selected position according to the second selection rule.
Wherein the password is at least one of an uppercase alphabet, a lowercase alphabet, and a special character.
Wherein the image is an image modified by using a CAPTCHA method.
A setting information input step of inputting an ID, a password and a salt rule according to an input method provided by a server connected by a user wishing to register a member using the arbitrary connecting means; And
The server registers the ID, the salt rule and the password inputted by the user through the predetermined deliberation procedure set in advance in the setting information input step, and registers the encrypted password, the registered ID, and the registered salt rule Storing information in the database;
And the password is authenticated.
A connection step in which a user accesses the server using any of the connection means;
A salt variable string generating step of generating the salt variable string in the server and storing the generated salt variable string in the database or the session variable;
An input window providing step in which the server provides an ID input window, a password input window, and a salt variable string window to the user through the arbitrary connection means;
An authentication information input step in which a user generates a solicited password using the salt rule and a salt variable string provided in the salt variable string window and inputs a user ID and the solicited password into the input window;
An ID suitability determination step of determining whether an ID input by a user is included in an ID stored in the database;
Wherein the password is performed when an ID input by the user is included in the database, extracting an extracted password by applying the salt rule to the solicit password in a reverse manner, An extracted password encryption step of encrypting the extracted password in the same manner as the method of encrypting the registered password to generate an encrypted assigned password; And
And a password determination step of determining whether the encrypted password is the same as the encrypted password stored in the database,
If it is determined that the ID input by the user is not included in the database in the ID suitability determination step and if the encrypted password is not matched with the encrypted password stored in the database in the password determination step, Re-execute the generation step,
And authenticating the user when it is determined that the encrypted password is the same as the encrypted password stored in the database as a result of the password determination.
The method according to any one of claims 1 to 3, further comprising: determining whether the ID entered by the user is included in the database in the ID suitability determination step; comparing the salt variable stored in the database or the session variable with the salt rule stored in the database; Judging whether or not the generated password is created according to the salt rule;
The extracted password encryption step is performed when it is determined that the solicit password entered by the user in the solicit password conformity determination step has been created according to the Salt rule,
Wherein the step of generating the salt variable string further comprises the step of re-executing the step of generating the salt variable string if it is determined in the step of judging whether or not the solicit password inputted by the user is not created according to the salt rule.
A variable selecting step of randomly selecting N variables among a plurality of characters, a plurality of numbers and a plurality of symbols;
Storing a salt variable string storing N variables selected in the variable selecting step in the database or the session variable;
A variable image transforming step of generating and storing the N variables selected in the variable selecting step in an image state using a CAPTCHA technique; And
A variable string generating step of arranging N variables in a modified image state in a line to generate the salt variable string;
And the password is authenticated.
And generating the extracted password by removing a variable added to the password among the parameters constituting the solicit password using the salt rule stored in the database and the salt variable string stored in the database or the session variable A solved password authentication method characterized by.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150122084A KR101600474B1 (en) | 2015-08-28 | 2015-08-28 | Authentication method by salted password |
PCT/KR2016/008316 WO2017039156A1 (en) | 2015-08-28 | 2016-07-28 | Salted password authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150122084A KR101600474B1 (en) | 2015-08-28 | 2015-08-28 | Authentication method by salted password |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101600474B1 true KR101600474B1 (en) | 2016-03-07 |
Family
ID=55540381
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150122084A KR101600474B1 (en) | 2015-08-28 | 2015-08-28 | Authentication method by salted password |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR101600474B1 (en) |
WO (1) | WO2017039156A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112636910A (en) * | 2020-12-29 | 2021-04-09 | 北京深思数盾科技股份有限公司 | Method, device and system for generating and verifying temporary password |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10320774B2 (en) * | 2016-08-05 | 2019-06-11 | Route1 Inc. | Method and system for issuing and using derived credentials |
CN113078999A (en) * | 2021-04-13 | 2021-07-06 | 傲普(上海)新能源有限公司 | Password security encryption storage mode |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005044054A (en) * | 2003-07-25 | 2005-02-17 | Base Technology Inc | Processing system for code string |
JP2007310819A (en) * | 2006-05-22 | 2007-11-29 | Sharp Corp | Password generation method with improved resistance to password analysis, and authentication apparatus using this password |
KR101221955B1 (en) * | 2010-11-02 | 2013-01-15 | 한국과학기술정보연구원 | Method for certificating one time password and apparatus thereof |
JP2014029650A (en) * | 2012-07-31 | 2014-02-13 | Kyocera Document Solutions Inc | Password generation device and electronic apparatus |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101467247B1 (en) * | 2014-01-20 | 2014-12-02 | 성균관대학교산학협력단 | System and method for verifying one-time password based on graphical images |
-
2015
- 2015-08-28 KR KR1020150122084A patent/KR101600474B1/en not_active IP Right Cessation
-
2016
- 2016-07-28 WO PCT/KR2016/008316 patent/WO2017039156A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005044054A (en) * | 2003-07-25 | 2005-02-17 | Base Technology Inc | Processing system for code string |
JP2007310819A (en) * | 2006-05-22 | 2007-11-29 | Sharp Corp | Password generation method with improved resistance to password analysis, and authentication apparatus using this password |
KR101221955B1 (en) * | 2010-11-02 | 2013-01-15 | 한국과학기술정보연구원 | Method for certificating one time password and apparatus thereof |
JP2014029650A (en) * | 2012-07-31 | 2014-02-13 | Kyocera Document Solutions Inc | Password generation device and electronic apparatus |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112636910A (en) * | 2020-12-29 | 2021-04-09 | 北京深思数盾科技股份有限公司 | Method, device and system for generating and verifying temporary password |
CN112636910B (en) * | 2020-12-29 | 2021-08-24 | 北京深思数盾科技股份有限公司 | Method, device and system for generating and verifying temporary password |
Also Published As
Publication number | Publication date |
---|---|
WO2017039156A1 (en) | 2017-03-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8041954B2 (en) | Method and system for providing a secure login solution using one-time passwords | |
US9684780B2 (en) | Dynamic interactive identity authentication method and system | |
US9117065B2 (en) | Dynamic interactive identity authentication method and system | |
US10848304B2 (en) | Public-private key pair protected password manager | |
US8407762B2 (en) | System for three level authentication of a user | |
US10909230B2 (en) | Methods for user authentication | |
CZ2015473A3 (en) | The method of authentication security in electronic communication | |
KR101600474B1 (en) | Authentication method by salted password | |
RU2730386C2 (en) | Authentication and encryption system and method with interception protection | |
Hossain et al. | Implementing Biometric or Graphical Password Authentication in a Universal Three-Factor Authentication System | |
KR100927280B1 (en) | How to prevent secure string exposure using fake rounds | |
US11347831B2 (en) | System and method for user recognition based on cognitive interactions | |
Kenneth et al. | Web application authentication using visual cryptography and cued clicked point recall-based graphical password | |
Kansuwan et al. | Authentication model using the bundled CAPTCHA OTP instead of traditional password | |
CA2611549C (en) | Method and system for providing a secure login solution using one-time passwords | |
Nasiri et al. | Using Combined One-Time Password for Prevention of Phishing Attacks. | |
US20160021102A1 (en) | Method and device for authenticating persons | |
Edwards et al. | FFDA: A novel four-factor distributed authentication mechanism | |
Shah et al. | New factor of authentication: Something you process | |
KR101632582B1 (en) | Method and system for user authentication using password included random key | |
Majdalawieh et al. | Assessing the Attacks Against the Online Authentication Methods Using a Comparison Matrix: A Case of Online Banking | |
US20230057862A1 (en) | Fraud resistant passcode entry system | |
Παπασπύρου | A novel two-factor honey token authentication mechanism | |
KR20210141438A (en) | Secure user authentication system and method | |
JP2008512765A (en) | Authentication system and method based on random partial digital path recognition |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
LAPS | Lapse due to unpaid annual fee |