基于三方分治的个人信息及密码保护方案

打开文本图片集

中图分类号：TP309.7 文献标志码：A

文章编号：1672-7010（2025）06-0020-11

Tripartite framework for personal information and password protection

LI Chunmei，HE Lijuan，CHEN Ping

（School of Big Data and Artificial Inteligence，Anhui Xinhua University，Hefei 23OoOO，China）

Abstract： To address critical issues， including personal information leakage and coercion resistance，a tripartite framework for personal informationand passwordprotection is established：the Registrar（account information），the Authenticator（identity credentials），and the Security Guardian（protection mechanisms）. Each is independently managed bya separate service center，ensuring thesecurity of personal information through mutual coordination and complementary oversight.The Registrar and Authenticator adopt conventional security measures， while the Security Guardian employs a password-card-based scheme with randomized and emergency passwords.A security analysis evaluates the selection of password length and the anti-coercion capabilities of emergency passwords. Colision experiments verify the underlying relationship between randomized and emergency passwords，and selection recommendations are provided based on low operational complexity. This offers a practical solution for effectively safeguarding both personal information and physical security.

Key words： information security；password protection；password card； tripartite framework

目前，市面上的各类软件中的个人信息大都集中于同一个系统中，信息安全通过数据加密（如AES-256、SM4）、匿名化处理（如差分隐私）及访问控制（如RBAC）等技术实现防护[1]，密码防护则依赖多因素认证（multi-factor authentication，MFA）、生物识别（如指纹、人脸等）及高强度加密算法[2]。（剩余11261字）