| 摘要 |
Systems, methods and software employ zero-knowledge password, ZKP, protocols to provide strong authentication using low-grade passwords that people can easily memorize. To enroll, a user chooses a password (201) and constructs a master key K composed of multiple shares. A set of random values, {y1, y2,...yn} is selected (202), and each share is computed as Ki=Pyi in a suitable finite group. Each yi value is distributed to the ith one of N servers (203). To authenticate, the client chooses a random secret with each server. The client reconstructs K (203, 204), performs a validation test on K (206), and uses K to decrypt a private digital signature key U (208). When the validation test succeeds, the client signs a message with U that contains P and any other values sent by the client based on incorrect passwords entered by the same user (207). Each server verifies the signed message to authenticate the user, and to forgive the user for some reasonable number of mistakes. With knowledge of valid messages, mistakes and all, the server fine-tunes the accounting of bad access attempts. Password security is maintained in a very simple model, requiring no previously secured or server authenticated channel between the client and any servers. |
