ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2016, Vol. 53 ›› Issue (10): 2400-2411.doi: 10.7544/issn1000-1239.2016.20160439

Special Issue: 2016网络空间共享安全研究进展专题

Previous Articles     Next Articles

A New Password Authentication Method Based on Fingerprint and Mobile Phone Assistance

An Di, Yang Chao, Jiang Qi, Ma Jianfeng   

  1. (School of Cyber Engineering, Xidian University, Xi’an 710071) (Shaanxi Key Laboratory of Network and System Security (Xidian University), Xi’an 710071)
  • Online:2016-10-01

Abstract: Mobile phones and Internet applications are widely used nowadays,which enables users to authenticate with the server with the help of mobile phones. However,existing schemes need to store the user’s secret or ciphertext on the mobile phone. Once the mobile phone is lost, opponents may get the secret information on the phone, which will bring irreparable loss to the user. Aiming at the above problems, we propose a kind of authentication scheme based on fingerprint and password which has no need to store a secret in the mobile phone. The core idea is to store the encrypted text on the server side. When the user logs in, he uses his mobile phone to generate the private key which is used to decrypt the ciphertext generated during the registration phase. The user needs to enter his password and fingerprint at the private key generation process.When the computer interacts with the mobile phone, the user’s password will be blind so that it can be protected from adversaries’ attacks. Theoretical analysis and experimental results show that our scheme reinforces the security of the user’s secret. Meanwhile,our scheme can resist dictionary attacks,replay attacks and phishing attacks while reducing the storage pressure of the mobile phone along with easy deployment.

Key words: password-based authentication, authentication based on terminal assistance, fingerprint authentication, password attack and protection, blind password based on fingerprint

CLC Number: