CN101202631A - System and method for identification authentication based on cipher key and timestamp - Google Patents
System and method for identification authentication based on cipher key and timestamp Download PDFInfo
- Publication number
- CN101202631A CN101202631A CNA200710303753XA CN200710303753A CN101202631A CN 101202631 A CN101202631 A CN 101202631A CN A200710303753X A CNA200710303753X A CN A200710303753XA CN 200710303753 A CN200710303753 A CN 200710303753A CN 101202631 A CN101202631 A CN 101202631A
- Authority
- CN
- China
- Prior art keywords
- key
- authentication information
- user
- terminal
- method based
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention adopts an identify authentication system and a method based on a cipher code and a timestamp to solve the security hidden troubles existed when a user logs in the same network resource with the same logging information. In the invention, the user has the cipher code and the authentication information transmitted from a terminal to an authentication server is added with the current time information to lead the identify authentication information cipher code every time, thus the safety of the identify authentication of the user can not be endangered even if the identify authentication information for one time at one terminal transmitted by the user is leaked.
Description
Technical field
The present invention relates to a kind of identity authorization system and method based on key and timestamp.
Background technology
The resource that provides based on the Internet and the quantity of service is very huge and it is swift and violent to increase, the Internet has become the main channel that people obtain information resources and information service, many internet resources and service request user login and verify that this has just produced some problems.Some are important resource and service concerning the user, as: online game account number, ecommerce account number or the like usually are faced with the puzzlement of internet safe deficiency.The high opening of the Internet has caused its low-security, and there is the danger of revealing in logon information in transport process.Like this, if landing the consolidated network resource with identical logon information at every turn, the user will have very big potential safety hazard.
Summary of the invention
The present invention adopts a kind of identity authorization system and method based on key and timestamp, solves above-mentioned problem.The user has key among the present invention, and, in mailing to the authentication information of certificate server, terminal added current time information, make each authentication information all can be different, like this, even certain authentication information that the user sends on certain terminal is leaked, the also later authentication safety of entail dangers to user not.And user key of the present invention can also be stored among the mobile IC, makes the user can finish safe authentication on different terminals.
The present invention is achieved in that a kind of identity authorization system and method based on key and timestamp, this system comprises terminal system and identification service system, both interconnect by network, wherein, terminal system user has key X, identification service system is storing corresponding key Y, key X and key Y are the key of same symmetric cryptography or the key of a pair of asymmetric encryption, terminal system user also has user identification code (AUID) in identification service system, this method may further comprise the steps:
1) terminal system generates authentication information, and the information that is wherein comprising the system time of terminal system when comprising key X at least and generating authentication information is carried out the result of mathematical computations;
2) identification service system is received authentication information B, and identification service system is received the information about this user AUID simultaneously, is included among the authentication information B or is not included among the authentication information B about the information of this user AUID;
3) identification service system finds corresponding key Y with AUID, at least the mathematical computations that comprises key Y and authentication information B, wherein, during above Verification System set upper limit value, could pass through by authentication with the time interval of identification service system current system time for the system time that has only the terminal system among the correct and authentication information B when result of calculation.
Wherein, described terminal system is the system with computer function, comprises main frame and is attached thereto the annex that connects.Wherein, main frame can be that computer, mobile phone or other have the equipment of computer function.
Wherein, the annex of described terminal system comprises removable IC, and user key X is stored on the removable IC, and removable IC can interconnect with different terminal systems.
Wherein, described authentication information generates on removable IC.
Wherein, either party does not have administrative power or control to the opposing party's System Privileges among described terminal system, application service system and the identification service system three.
Wherein, described application service system is a plurality of, and a terminal use has several different APID respectively on the several application service system, and these APID can be corresponding to the same AUID of this terminal use on same identification service system.
Wherein, described identification service system is a plurality of, and a terminal use has several different AUID respectively on the several application service system, and these AUID can be corresponding to the same APID of this terminal use on same application service system.
Wherein, storing the corresponding relation of APID and AUID in the application service system, perhaps storing the corresponding relation of APID and AUID in the identification service system, perhaps APID is identical with AUID.
Wherein, described application service system is server or server farm, and described identification service system is server or server farm.
Wherein, described APID and AUID are the code of identifying user in system, the sequence that can be made up of any symbol.
Wherein, according to the difference of concrete application, on basic step and procedure basis, specific implementation step of the present invention has various variation.
Wherein, described network is meant the Internet.
Wherein, the connected mode of described network comprises wired mode and wireless mode.
Wherein, the sequence formed by any symbol of described user identification code.
Wherein, described mathematical computations is meant and carries out following one or more mathematical computations: computations, deciphering calculating, digital digest calculating etc.
Description of drawings
Fig. 1 is the schematic diagram of basic step of the present invention and program;
Fig. 2 is a basic system structure schematic diagram of the present invention;
Fig. 3 is the step procedure schematic diagram of embodiments of the invention 1.
Fig. 4 is the step procedure schematic diagram of embodiments of the invention 2;
Fig. 5 is the system configuration schematic diagram of embodiments of the invention 3;
Embodiment
Below in conjunction with accompanying drawing, the embodiment of the invention is described in detail.
Embodiment 1 is that 1 typical case of steps flow chart of the present invention in the concrete application of the authentication that 2 sides participate in realizes.Embodiment 2 is that 1 typical case of steps flow chart of the present invention in the concrete application of the authentication that 3 sides participate in realizes.
Embodiment 3 is a kind of typical implementations of system configuration of the present invention.
Embodiment 1
Fig. 3 is the step procedure schematic diagram of embodiments of the invention 1.Embodiment 1 is that 1 typical case of steps flow chart of the present invention in the concrete application of the authentication that 2 sides participate in realizes, specifically may further comprise the steps:
1) terminal system generates authentication information, is wherein comprising the system time of terminal system when generating authentication information and user's APID, and the digital digest of this authentication information is encrypted by key X;
2) identification service system is received the digital digest after authentication information and its are encrypted;
3) identification service system finds corresponding key Y with AUID, digital digest with key Y decrypted authentication information, wherein, during above Verification System set upper limit value, could pass through by authentication with the time interval of identification service system current system time for the system time that has only the terminal system in the correct and authentication information when decrypted result;
4) identification service system is to the information of terminal system transmission about identity authentication result;
Embodiment 2
Fig. 4 is the step procedure schematic diagram of embodiments of the invention 2.Embodiment 2 is that 1 typical case of steps flow chart of the present invention in the concrete application of the authentication that 3 sides participate in realizes.In the present embodiment, the user identification code in the identification service system (AUID) is that the identifying information by the user identification code (APID) of this terminal use in application service system and this application service system constitutes (SI), that is: AUID=APID+SI.Specifically may further comprise the steps:
1) terminal system generates authentication information, is wherein comprising the system time of terminal system when generating authentication information and user's APID, and the digital digest of this authentication information is encrypted by key X;
2) application service system is received the digital digest of authentication information and its encryption, and application service system constitutes an identity authentication request together with the digital digest of this authentication information and its encryption and the identifying information of application service system;
3) identification service system is received the ID authentication request of application service system;
4) identification service system obtains AUID with APID+SI and finds corresponding key Y, digital digest with key Y decrypted authentication information, wherein, during above Verification System set upper limit value, could pass through by authentication with the time interval of identification service system current system time for the system time that has only the terminal system in the correct and authentication information when decrypted result;
5) identification service system is to the information of application service system transmission about identity authentication result;
Embodiment 3
Fig. 5 is the system configuration schematic diagram of embodiments of the invention 3.The terminal system of present embodiment comprises that wherein user key X is stored on the key USB flash disk on main frame and the key USB flash disk that is connected by the main frame USB interface.Authentication information B can generate on main frame, or generates in the key USB flash disk.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those skilled in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (8)
1. identity authorization system and method based on a key and a timestamp, this system comprises terminal system and identification service system, both interconnect by network, it is characterized in that, terminal system user has key X, and identification service system is storing corresponding key Y, and key X and key Y are the key of same symmetric cryptography or the key of a pair of asymmetric encryption, terminal system user also has user identification code (AUID) in identification service system, this method may further comprise the steps:
I) terminal system generates authentication information, and the information that is wherein comprising the system time of terminal system when comprising key X at least and generating authentication information is carried out the result of mathematical computations;
2) identification service system is received authentication information B, and identification service system is received the information about this user AUID simultaneously, is included among the authentication information B or is not included among the authentication information B about the information of this user AUID;
3) identification service system finds corresponding key Y with AUID, at least the mathematical computations that comprises key Y and authentication information B, wherein, during above Verification System set upper limit value, could pass through by authentication with the time interval of identification service system current system time for the system time that has only the terminal system among the correct and authentication information B when result of calculation.
2. identity authorization system and method based on key and timestamp according to claim 1 is characterized in that the sequence that described user identification code is made up of any symbol.
3. identity authorization system and method based on key and timestamp according to claim 1 is characterized in that described terminal system is the system with computer function, comprise main frame and are attached thereto the annex that connects.
4. identity authorization system and method based on key and timestamp according to claim 3, it is characterized in that, the annex of described terminal system comprises removable IC, and user key X is stored on the removable IC, and removable IC can interconnect with different terminal systems.
5. identity authorization system and method based on key and timestamp according to claim 4 is characterized in that described authentication information generates on removable IC.
6. identity authorization system and method based on key and timestamp according to claim 1 is characterized in that described identification service system is server or server farm.
7. identity authorization system and method based on key and timestamp according to claim 1 is characterized in that described network is meant the Internet.
8. identity authorization system and method based on key and timestamp according to claim 1 is characterized in that the connected mode of described network comprises wired mode and wireless mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200710303753XA CN101202631A (en) | 2007-12-21 | 2007-12-21 | System and method for identification authentication based on cipher key and timestamp |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200710303753XA CN101202631A (en) | 2007-12-21 | 2007-12-21 | System and method for identification authentication based on cipher key and timestamp |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101202631A true CN101202631A (en) | 2008-06-18 |
Family
ID=39517614
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA200710303753XA Pending CN101202631A (en) | 2007-12-21 | 2007-12-21 | System and method for identification authentication based on cipher key and timestamp |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101202631A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102270285A (en) * | 2010-06-01 | 2011-12-07 | 华为技术有限公司 | Key authorization information management method and device |
| CN102510336A (en) * | 2011-12-05 | 2012-06-20 | 任少华 | Security certification system or method |
| CN103237034A (en) * | 2013-04-28 | 2013-08-07 | 北京小米科技有限责任公司 | Login method and device |
| CN103312502A (en) * | 2012-03-08 | 2013-09-18 | 欧姆龙汽车电子株式会社 | Communication system, communication method, and portable machine |
| CN104065652A (en) * | 2014-06-09 | 2014-09-24 | 韩晟 | Method, device and system for identity verification and related device |
| CN104978144A (en) * | 2015-06-26 | 2015-10-14 | 中国工商银行股份有限公司 | Gesture password input device and system and method for transaction based on system |
| CN105590071A (en) * | 2015-12-16 | 2016-05-18 | 深圳雷美瑞智能控制有限公司 | LED display screen encryption method, encrypted LED display screen and LED display screen control device |
| CN108429730A (en) * | 2018-01-22 | 2018-08-21 | 北京智涵芯宇科技有限公司 | Feedback-less safety certification and access control method |
| CN109600354A (en) * | 2017-09-30 | 2019-04-09 | 优仕达资讯股份有限公司 | Network identity validation System and method for |
| CN111586442A (en) * | 2020-04-23 | 2020-08-25 | 深圳奇迹智慧网络有限公司 | Stream media encryption method and device, computer equipment and storage medium |
| CN112287369A (en) * | 2020-11-02 | 2021-01-29 | 珠海格力电器股份有限公司 | Decryption method, decryption device, computer equipment and storage medium |
-
2007
- 2007-12-21 CN CNA200710303753XA patent/CN101202631A/en active Pending
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102270285A (en) * | 2010-06-01 | 2011-12-07 | 华为技术有限公司 | Key authorization information management method and device |
| WO2011150650A1 (en) * | 2010-06-01 | 2011-12-08 | 华为技术有限公司 | Method and device for key authorization information management |
| CN102270285B (en) * | 2010-06-01 | 2013-12-04 | 华为技术有限公司 | Key authorization information management method and device |
| CN102510336A (en) * | 2011-12-05 | 2012-06-20 | 任少华 | Security certification system or method |
| CN103312502A (en) * | 2012-03-08 | 2013-09-18 | 欧姆龙汽车电子株式会社 | Communication system, communication method, and portable machine |
| CN103312502B (en) * | 2012-03-08 | 2016-11-09 | 欧姆龙汽车电子株式会社 | Communication system, communication means and portable machine |
| CN103237034A (en) * | 2013-04-28 | 2013-08-07 | 北京小米科技有限责任公司 | Login method and device |
| CN104065652B (en) * | 2014-06-09 | 2015-10-14 | 北京石盾科技有限公司 | A kind of auth method, device, system and relevant device |
| CN104065652A (en) * | 2014-06-09 | 2014-09-24 | 韩晟 | Method, device and system for identity verification and related device |
| CN104978144A (en) * | 2015-06-26 | 2015-10-14 | 中国工商银行股份有限公司 | Gesture password input device and system and method for transaction based on system |
| CN105590071A (en) * | 2015-12-16 | 2016-05-18 | 深圳雷美瑞智能控制有限公司 | LED display screen encryption method, encrypted LED display screen and LED display screen control device |
| CN105590071B (en) * | 2015-12-16 | 2019-01-22 | 深圳雷美瑞智能控制有限公司 | LED display encryption method, encryption LED display and LED display screen control device |
| CN109600354A (en) * | 2017-09-30 | 2019-04-09 | 优仕达资讯股份有限公司 | Network identity validation System and method for |
| CN108429730A (en) * | 2018-01-22 | 2018-08-21 | 北京智涵芯宇科技有限公司 | Feedback-less safety certification and access control method |
| CN111586442A (en) * | 2020-04-23 | 2020-08-25 | 深圳奇迹智慧网络有限公司 | Stream media encryption method and device, computer equipment and storage medium |
| CN111586442B (en) * | 2020-04-23 | 2022-05-20 | 深圳奇迹智慧网络有限公司 | Stream media encryption method and device, computer equipment and storage medium |
| CN112287369A (en) * | 2020-11-02 | 2021-01-29 | 珠海格力电器股份有限公司 | Decryption method, decryption device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101202631A (en) | System and method for identification authentication based on cipher key and timestamp | |
| CN108965230B (en) | Secure communication method, system and terminal equipment | |
| CN111614637B (en) | Secure communication method and system based on software cryptographic module | |
| CN101291223A (en) | System and method for a third party to provide identity authentication service | |
| CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
| CN105791272A (en) | Method and device for secure communication in Internet of Things | |
| CN103297403A (en) | Method and system for achieving dynamic password authentication | |
| US10742426B2 (en) | Public key infrastructure and method of distribution | |
| JP2012530311A5 (en) | ||
| TWI632798B (en) | Server, mobile terminal, and network real-name authentication system and method | |
| Chen et al. | Security analysis and improvement of user authentication framework for cloud computing | |
| CN105554018A (en) | Network real name verification method | |
| CN115842680B (en) | Network identity authentication management method and system | |
| CN103973714A (en) | E-mail account generating method and system | |
| CN106533677A (en) | User login method, user terminal and server | |
| CN104486322B (en) | Terminal access authentication authorization method and terminal access authentication authoring system | |
| CN106789845A (en) | A kind of method of network data security transmission | |
| CN104243435A (en) | Communication method for HTTP based on OAuth | |
| CN110661816B (en) | Cross-domain authentication method based on block chain and electronic equipment | |
| CN111147471B (en) | Terminal network access authentication method, device, system and storage medium | |
| CN101252438A (en) | Third party identification authentication system based on mobile type IC | |
| CN108566274B (en) | Method, equipment and storage equipment for seamless docking between block chain authentication systems | |
| CN106603547B (en) | Unified login method | |
| CN115442037A (en) | Account management method, device, equipment and storage medium | |
| CN103986724A (en) | Real-name authentication method and system for e-mail |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20080618 |