Abstract：Mobile phones and Internet applications are widely used nowadays,which enables users to authenticate with the server with the help of mobile phones. However,existing schemes need to store the user’s secret or ciphertext on the mobile phone. Once the mobile phone is lost, opponents may get the secret information on the phone, which will bring irreparable loss to the user. Aiming at the above problems, we propose a kind of authentication scheme based on fingerprint and password which has no need to store a secret in the mobile phone. The core idea is to store the encrypted text on the server side. When the user logs in, he uses his mobile phone to generate the private key which is used to decrypt the ciphertext generated during the registration phase. The user needs to enter his password and fingerprint at the private key generation process.When the computer interacts with the mobile phone, the user’s password will be blind so that it can be protected from adversaries’ attacks. Theoretical analysis and experimental results show that our scheme reinforces the security of the user’s secret. Meanwhile,our scheme can resist dictionary attacks,replay attacks and phishing attacks while reducing the storage pressure of the mobile phone along with easy deployment.
基金资助:国家自然科学基金青年基金项目(61303219)；国家自然科学基金面上项目(61672415) This work was supported by the National Natural Science Foundation for Young Scholars of China (61303219) and the General Program of National Natural Science Foundation of China (61672415).
安迪,杨超,姜奇,马建峰. 一种新的基于指纹与移动端协助的口令认证方法[J]. 计算机研究与发展, 2016, 53(10): 2400-2411.
An Di, Yang Chao, Jiang Qi, Ma Jianfeng. A New Password Authentication Method Based on Fingerprint and Mobile Phone Assistance. Journal of Computer Research and Development, 2016, 53(10): 2400-2411.