CN108833439B - Authentication method, equipment and storage medium based on dynamic password - Google Patents
Authentication method, equipment and storage medium based on dynamic password Download PDFInfo
- Publication number
- CN108833439B CN108833439B CN201810788748.0A CN201810788748A CN108833439B CN 108833439 B CN108833439 B CN 108833439B CN 201810788748 A CN201810788748 A CN 201810788748A CN 108833439 B CN108833439 B CN 108833439B
- Authority
- CN
- China
- Prior art keywords
- dynamic
- forbidden
- password
- codes
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an authentication method, equipment and a storage medium based on a dynamic password, and belongs to the technical field of identity authentication. The method comprises the following steps: the client receives a login request from a user and sends the login request to the authentication terminal, wherein the login request comprises a dynamic password, and the dynamic password comprises a fixed password and a non-forbidden dynamic code; the authentication terminal verifies the received dynamic password according to the stored fixed password and the non-forbidden dynamic code; returning a login result to the client according to the verification result, and updating the forbidden dynamic codes according to the number of the stored forbidden dynamic codes and the non-forbidden dynamic codes contained in the dynamic passwords when the verification result is that the verification is passed; and the client receives the login result returned by the authentication end. According to the invention, identity authentication based on the dynamic password is realized without additional equipment, and the method is convenient and safe.
Description
Technical Field
The present invention relates to the field of identity authentication technologies, and in particular, to an authentication method, device, and storage medium based on a dynamic password.
Background
With the rapid development of science and technology, various intelligent identity authentication methods, such as iris authentication, palm print authentication, face authentication, etc., have come into play. However, for network identity authentication, the traditional authentication method based on the user name and the password still occupies the mainstream, namely, the security of the account is mainly guaranteed by the password. The existing passwords are generally divided into fixed passwords and dynamic passwords, wherein the fixed passwords are easily stolen, so that potential safety hazards are easily caused; although the dynamic password is not stolen every time it changes, the implementation of the current dynamic password generally needs to rely on additional devices, such as a dynamic password token, a mobile device capable of receiving a dynamic verification code, and the like; when these devices are lost or damaged, inconvenience of use and security problems of the account may still occur. Therefore, a more secure and efficient way of password authentication remains of interest.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention provides an authentication method, equipment and a storage medium based on a dynamic password.
In a first aspect, the present invention provides a dynamic password-based authentication method for a client, including:
receiving a login request from a user, wherein the login request comprises a dynamic password, and the dynamic password comprises a fixed password and a non-forbidden dynamic code;
and sending the login request to an authentication end, and receiving a login result returned by the authentication end.
Optionally, before receiving the login request from the user, the method further includes:
receiving a registration request from a user, sending the registration request to an authentication terminal, and receiving a registration result returned by the authentication terminal; the registration request comprises a fixed password, at least two non-forbidden dynamic codes and the number of forbidden dynamic codes, wherein the characters between the fixed password and the non-forbidden dynamic codes are different, and the number of the forbidden dynamic codes is not zero and is less than the number of the non-forbidden dynamic codes.
Optionally, the registration request further includes at least one dynamic flag code;
correspondingly, the dynamic password comprises the fixed password, the non-forbidden dynamic code and a dynamic mark code.
In a second aspect, the present invention provides a dynamic password-based authentication method for an authentication end, including:
receiving a login request sent by a client, wherein the login request comprises a dynamic password, and the dynamic password comprises a fixed password and a non-forbidden dynamic code;
verifying the dynamic password according to the stored fixed password and the non-forbidden dynamic code;
and returning a login result to the client according to the verification result, and updating the forbidden dynamic codes according to the number of the stored forbidden dynamic codes and the non-forbidden dynamic codes contained in the dynamic passwords when the verification result is that the verification is passed.
Optionally, before receiving the login request sent by the client, the method further includes: receiving and verifying a registration request sent by a client, returning a registration result to the client according to a verification result, and correspondingly storing a fixed password, at least two non-forbidden dynamic codes, the number of forbidden dynamic codes and a user name contained in the registration request when the verification result is that the verification is passed.
Optionally, the registration request sent by the verification client includes:
verifying whether the number of fixed passwords, the number of non-forbidden dynamic codes and the number of forbidden dynamic codes contained in the registration request are reasonable or not;
verifying whether the character types of all characters in the fixed password and the non-forbidden dynamic code contained in the registration request are correct or not;
verifying whether characters between a fixed password and a non-forbidden dynamic code contained in the registration request are different or not;
when the verification results are all yes, judging that the verification is passed; otherwise, judging that the verification is not passed.
Optionally, the login request further includes: a user name;
the verifying the dynamic password according to the stored fixed password and the non-forbidden dynamic code comprises the following steps:
searching a fixed password and a non-forbidden dynamic code which are correspondingly stored according to a user name contained in the login request;
judging whether the dynamic password consists of the searched fixed password and any one non-forbidden dynamic code, if so, judging that the verification is passed; otherwise, judging that the verification is not passed.
Optionally, the updating the forbidden dynamic codes according to the number of the stored forbidden dynamic codes and the non-forbidden dynamic codes contained in the dynamic password includes:
when the client logs in for the first time, identifying the non-forbidden dynamic codes contained in the dynamic password as forbidden dynamic codes;
when the client logs in for the non-first time, judging whether the number of the forbidden dynamic codes of the current identification reaches the number of the stored forbidden dynamic codes, if so, updating the forbidden dynamic codes of the first identification into non-forbidden dynamic codes, and identifying the non-forbidden dynamic codes contained in the dynamic password as forbidden dynamic codes; otherwise, identifying the non-forbidden dynamic codes contained in the dynamic password as forbidden dynamic codes.
Optionally, the registration request further includes at least one dynamic identifier, and the dynamic password further includes a dynamic identifier;
correspondingly storing a fixed password, at least two non-forbidden dynamic codes, the number of forbidden dynamic codes and a user name contained in the registration request, which specifically comprises the following steps: correspondingly storing a fixed password, at least two non-forbidden dynamic codes, the number of forbidden dynamic codes, at least one dynamic identification code and a user name contained in the registration request;
correspondingly, the verifying the dynamic password according to the stored fixed password and the non-forbidden dynamic code comprises: and identifying a fixed password and a non-forbidden dynamic code in the dynamic password according to the stored dynamic mark code.
Optionally, the identifying a fixed password and a non-forbidden dynamic code in the dynamic password according to the stored dynamic mark code specifically includes:
and identifying the stored dynamic mark codes in the dynamic password, reading characters among the identified dynamic mark codes to obtain the dynamic code, and taking the characters except the identified dynamic mark codes and the read dynamic code in the dynamic password as a fixed password.
In a third aspect, the present invention provides an authentication method based on a dynamic password, including:
the method comprises the steps that a client receives a login request from a user and sends the login request to an authentication end, wherein the login request comprises a dynamic password, and the dynamic password comprises a fixed password and a non-forbidden dynamic code;
the authentication terminal verifies the dynamic password according to the stored fixed password and the non-forbidden dynamic code;
the authentication end returns a login result to the client according to a verification result, and updates the forbidden dynamic codes according to the number of the stored forbidden dynamic codes and the non-forbidden dynamic codes contained in the dynamic passwords when the verification result is that the verification is passed;
and the client receives the login result returned by the authentication end.
In a fourth aspect, the present invention provides an authentication device based on a dynamic password, including:
one or more processors, storage devices to store one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the method according to any of the first and second aspects of the present invention.
In a fifth aspect, the present invention provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the method according to any of the first and second aspects of the present invention.
The invention has the advantages that:
according to the invention, firstly, a plurality of dynamic passwords which accord with a preset rule can be combined according to a fixed password, at least two non-forbidden dynamic codes and at least one dynamic mark code which are set during registration, so that the dynamic switching of the passwords is realized; secondly, combining the forbidden dynamic codes, so that the client combines the dynamic passwords according to different non-forbidden dynamic codes during each login, and different dynamic passwords are adopted during each login, so that even if the dynamic passwords used during the current login are stolen, the account security of the user can be guaranteed to a certain extent; and thirdly, the dynamic password is realized without additional equipment, such as a dynamic password token or mobile equipment capable of receiving the dynamic verification code, so that the problems of inconvenient use and account security caused by equipment loss are effectively solved.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a flowchart of an authentication method based on a dynamic password for a client according to the present invention;
fig. 2 is a flowchart of an authentication method based on a dynamic password for an authentication end according to the present invention;
FIG. 3 is a flow chart of an authentication method based on dynamic password according to the present invention;
fig. 4 is a block diagram of an authentication system based on dynamic password provided by the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
According to an embodiment of the present invention, there is provided a dynamic password-based authentication method for a client, as shown in fig. 1, including:
step 101: receiving a login request from a user, wherein the login request comprises a dynamic password, and the dynamic password comprises a fixed password and a non-forbidden dynamic code;
according to the embodiment of the present invention, before step 101, the method further includes: receiving a registration request from a user, sending the registration request to an authentication end, and receiving a registration result returned by the authentication end;
wherein the registration request includes a fixed password, at least two non-forbidden dynamic codes, and a number of forbidden dynamic codes.
Specifically, when a user submits a registration request at a client, a fixed password, a non-forbidden dynamic code and the number of forbidden dynamic codes are set according to a preset requirement;
more specifically, the setting of the fixed password, the non-forbidden dynamic code and the number of forbidden dynamic codes according to the preset requirement includes:
setting a fixed password according to a preset character type;
setting at least two non-forbidden dynamic codes according to a preset character type;
setting the number of forbidden dynamic codes according to the number of non-forbidden dynamic codes;
the characters in the fixed password and the non-forbidden dynamic codes are different, and the number of the forbidden dynamic codes is not zero and is smaller than that of the non-forbidden dynamic codes.
Furthermore, the number of the characters in the fixed password and the non-forbidden dynamic code and the preset character type can be set according to the requirement, preferably, the number of the characters in the fixed password and the non-forbidden dynamic code is not less than 2, and the preset character type is a number and/or a letter.
According to the embodiment of the present invention, the registration request further includes: a user name;
optionally, the registration request further includes: at least one dynamic identification code, preferably, each dynamic identification code is a character;
for example, the registration request includes a fixed password 123ab, dynamic codes 444, 555, 666, dynamic flag codes 7, 8, 9, the number of disabled dynamic codes 2, and a user name Testuser.
It should be pointed out that, in the invention, after the user logs in successfully each time, the authentication end identifies the non-forbidden dynamic codes contained in the dynamic password used for logging in as forbidden dynamic codes, and continuously updates the forbidden dynamic codes identified firstly as the non-forbidden dynamic codes according to the number of the forbidden dynamic codes set by the user, so that the login passwords used for logging in by the user are different, and even if the current dynamic password used for logging in is stolen, the account safety of the user can be guaranteed to a certain extent.
According to an embodiment of the present invention, the login request includes a user name and a dynamic password, the dynamic password includes: a fixed password and a non-disabled dynamic code.
Specifically, when a user logs in, a preset dynamic password is combined according to a set fixed password and a current non-forbidden dynamic code;
more specifically, one of the current non-forbidden dynamic codes is selected as a dynamic code to be combined, and the dynamic code to be combined is inserted into any position of the fixed password to obtain the dynamic password.
For example, the dynamic code to be combined is 555, and the resulting dynamic password is 123a555 b.
Further, when the registration request includes at least one dynamic identification code, the dynamic password includes a fixed password, a non-forbidden dynamic code and a dynamic identification code;
specifically, when a user logs in, a preset form of dynamic password is combined according to a set fixed password, a dynamic mark code and a current non-forbidden dynamic code;
more specifically, the combination of the dynamic passwords in the preset form includes:
step A1: selecting one non-forbidden dynamic code from the current non-forbidden dynamic codes as a dynamic code to be combined;
for example, the current non-disabled dynamic codes are 555 and 666, and the selected dynamic code to be combined is 555.
Step A2: selecting one or two dynamic mark codes as mark codes to be combined according to the number of the set dynamic mark codes;
specifically, when the number of the set dynamic mark codes is one, the set dynamic mark code is selected as the mark code to be combined; when the number of the set dynamic mark codes is two or more, one or two of the dynamic mark codes are selected as mark codes to be combined at will.
For example, the flag code to be combined is 8.
Step A3: and combining the dynamic password in a preset form according to the dynamic code to be combined, the mark code to be combined and the set fixed password.
According to the embodiment of the present invention, step a3 is specifically: and inserting the dynamic code to be combined and the mark code to be combined into the set fixed password according to a preset rule to obtain the dynamic password in a preset form.
Optionally, the selected dynamic code to be combined and the selected flag code to be combined are inserted into the set fixed password according to a preset rule, specifically:
generating a dynamic code string according to the dynamic code to be combined and the mark code to be combined, and inserting the dynamic code string to any position in the set fixed password;
or, inserting the dynamic code to be combined into any position in the set fixed password, and inserting the mark code to be combined according to the position of the dynamic code to be combined;
or, the mark code to be combined is inserted into any position in the set fixed password, and the dynamic code to be combined is inserted according to the position of the mark code to be combined.
Wherein, according to waiting to make up the dynamic code and waiting to make up the mark code and generating the dynamic code string, include:
when one dynamic mark code is selected as a mark code to be combined, the mark codes to be combined are respectively added to two ends of the dynamic code to be combined to obtain a dynamic code string; for example, the dynamic code string 85558 is generated from the dynamic code 555 to be combined and the marker code 8 to be combined.
When two dynamic mark codes are selected as mark codes to be combined, adding any one of the mark codes to be combined to any one end of the dynamic code to be combined, and adding the other one to the other end of the dynamic code to be combined to obtain a dynamic code string; for example, the dynamic code to be combined is 555, the flag code to be combined is 7 and 8, and the generated dynamic code string is 75558 or 85557.
Further, inserting the to-be-combined flag code according to the position of the to-be-combined dynamic code includes:
when one dynamic mark code is selected as a mark code to be combined, inserting the mark code to be combined into two ends of the dynamic code to be combined respectively; for example, the number of the to-be-combined flag code is 8, the to-be-combined dynamic code 555 is inserted into any position of the set fixed password 123ab to obtain 123a555b, and the to-be-combined flag code is inserted to obtain the dynamic password 123a85558 b.
When two dynamic mark codes are selected as mark codes to be combined, inserting any one of the mark codes to be combined into any one end of the dynamic code to be combined, and inserting the other end of the dynamic code to be combined; for example, the number of the mark codes to be combined is 7 or 8, the dynamic code 555 to be combined is inserted into any position of the set fixed password 123ab to obtain 123a555b, and the mark code to be combined is inserted to obtain the dynamic password 123a75558b or 123a85557 b.
Furthermore, the inserting the mark code to be combined into any position in the set fixed password and inserting the dynamic code to be combined according to the position of the mark code to be combined includes:
when one dynamic mark code is selected as a mark code to be combined, the mark code to be combined is inserted into any position in the fixed password after being overlapped, and the dynamic code to be combined is inserted between the overlapped mark codes to be combined; for example, the dynamic code to be combined is 555, the mark code to be combined is 8, and then the mark code is superimposed and inserted into any position in the fixed password 123ab to obtain 12388ab, and the dynamic code to be combined is inserted into the mark code to be combined to obtain the dynamic password 12385558 ab.
When two dynamic mark codes are selected as mark codes to be combined, splicing the mark codes to be combined and then inserting the spliced mark codes into any position in the fixed password, and inserting the dynamic codes to be combined between the spliced mark codes to be combined; for example, the dynamic code to be combined is 555, the flag code to be combined is 7 and 8, and then the flag code to be combined is inserted into any position in the fixed password 123ab to obtain 12387ab, and the dynamic code to be combined is inserted into the flag code to be combined to obtain the dynamic password 12385557 ab.
Step 102: and sending a login request to the authentication end, and receiving a login result returned by the authentication end.
According to an embodiment of the present invention, there is also provided a dynamic password-based authentication method for an authentication end, as shown in fig. 2, including:
step 201: receiving a login request sent by a client;
the login request comprises a user name and a dynamic password, and the dynamic password comprises a fixed password and a non-forbidden dynamic code.
According to the embodiment of the present invention, step 201 further comprises: receiving and verifying a registration request sent by a client, returning a registration result to the client according to the verification result, and correspondingly storing a fixed password, at least two non-forbidden dynamic codes, the number of forbidden dynamic codes and a user name contained in the registration request when the verification result is that the verification is passed.
The registration request sent by the verification client is specifically: and verifying whether the number of the fixed passwords, the non-forbidden dynamic codes and the forbidden dynamic codes contained in the registration request sent by the client meets the preset requirement, if so, judging that the verification is passed, and otherwise, judging that the verification is not passed.
More specifically, verifying whether the number of the fixed passwords, the non-forbidden dynamic codes and the forbidden dynamic codes contained in the registration request sent by the client meets the preset requirement includes:
verifying whether the number of fixed passwords, the number of non-forbidden dynamic codes and the number of forbidden dynamic codes contained in a registration request sent by a client are reasonable or not;
verifying whether the character types of all characters in the fixed password and the non-forbidden dynamic code contained in the registration request sent by the client are correct or not;
verifying whether characters between a fixed password and a non-forbidden dynamic code contained in a registration request sent by a client are different or not;
when the verification results are yes, judging that the preset requirements are met, and passing the verification; otherwise, judging that the test result does not meet the preset requirement, and failing to pass the verification.
Further, when the registration request further includes at least one dynamic identifier, the following is correspondingly included:
correspondingly storing a fixed password, at least two non-forbidden dynamic codes, the number of forbidden dynamic codes and a user name contained in the registration request, which specifically comprises the following steps: correspondingly storing a fixed password, at least two non-forbidden dynamic codes, the number of forbidden dynamic codes, at least one dynamic mark code and a user name contained in the registration request;
the method for verifying the registration request sent by the client further comprises the following steps: verifying whether the number of the dynamic mark codes is reasonable or not, verifying whether the character types in the dynamic mark codes are correct or not, verifying whether the dynamic mark codes are different from the characters between the fixed password and the non-forbidden dynamic codes or not, and judging that the verification is passed when the verification is yes; otherwise, judging that the verification is not passed.
For example, the fixed password 123ab, the non-disabled dynamic codes 444, 555 and 666, the dynamic flag codes 7, 8 and 9, the number of disabled dynamic codes 2 and the user name Testuser included in the registration request are correspondingly stored.
Step 202: verifying a dynamic password contained in the login request according to the stored fixed password and the non-forbidden dynamic code;
according to the embodiment of the present invention, before step 202, the method further includes: verifying whether the user name in the login request is valid;
specifically, whether the user name stored in the user name self contains the user name contained in the login request is judged, if yes, the user name is judged to be valid, and the step 202 is executed; otherwise, the user name is judged to be invalid, and login failure information is returned to the client.
Further, verifying the dynamic password contained in the login request according to the stored fixed password and the non-forbidden dynamic code, comprising:
searching a fixed password and a non-forbidden dynamic code which are correspondingly stored according to a user name contained in the login request
Judging whether the dynamic password contained in the login request consists of the searched fixed password and any one non-forbidden dynamic code, if so, judging that the verification is passed; otherwise, judging that the verification is not passed.
Further, when the registration request further includes at least one dynamic identifier, the dynamic password further includes the dynamic identifier correspondingly;
correspondingly, the method for verifying the login request to include the dynamic password according to the stored fixed password and the non-forbidden dynamic code further comprises the following steps: identifying a fixed password and a non-forbidden dynamic code in the dynamic password contained in the login request according to the stored dynamic mark code;
more specifically, the stored dynamic identification codes are identified in the dynamic password, characters between the identified dynamic identification codes are read to obtain the dynamic code, and characters except the identified dynamic identification codes and the read dynamic code in the dynamic password are used as the fixed password.
For example, the dynamic password in the login request is 123a85558b, the two stored dynamic signatures contained therein are identified as 8, the character between the two 8 is read to obtain the dynamic code 555, and the character 123ab except for the two identified dynamic signatures 8 and the read dynamic code 555 is used as the fixed password.
Step 203: and returning a login result to the client according to the verification result, and updating the forbidden dynamic codes according to the number of the stored forbidden dynamic codes and the non-forbidden dynamic codes contained in the dynamic passwords when the verification result is that the verification is passed.
Wherein, according to the quantity of the forbidden dynamic codes and the non-forbidden dynamic codes contained in the dynamic password, the forbidden dynamic codes are updated, and the method comprises the following steps:
when the client logs in for the first time, identifying the non-forbidden dynamic code contained in the dynamic password as the forbidden dynamic code;
when the client logs in for the non-first time, judging whether the number of the forbidden dynamic codes of the current identification reaches the number of the stored forbidden dynamic codes, if so, updating the forbidden dynamic codes of the first identification into non-forbidden dynamic codes, and identifying the non-forbidden dynamic codes contained in the dynamic codes as forbidden dynamic codes; otherwise, the non-forbidden dynamic code contained in the dynamic password is marked as the forbidden dynamic code.
For example, if the number of the disabled dynamic codes stored is 2, the currently identified disabled dynamic codes are 444 and 666, and the non-disabled dynamic code is 555, where the disabling time of 444 is earlier than the disabling time of 666, it is determined that the number of the currently identified disabled dynamic codes reaches the number of the stored disabled dynamic codes, the disabled dynamic code 444 is identified as the non-disabled dynamic code, and the non-disabled dynamic code 555 contained in the dynamic password is identified as the disabled dynamic code.
According to an embodiment of the present invention, there is also provided an authentication method based on a dynamic password, as shown in fig. 3, including:
step 301: the client receives a login request from a user and sends the login request to the authentication end;
according to the embodiment of the present invention, before step 301, the method further includes: the client receives a registration request from a user and sends the registration request to the authentication terminal; and the authentication end returns a registration result and stores the information contained in the registration request.
Optionally, the registration request includes: the number of the fixed passwords, the non-forbidden dynamic codes, the dynamic mark codes and the forbidden dynamic codes and the user names;
correspondingly, the login request comprises: a user name and a dynamic password, wherein the dynamic password comprises: a fixed password, a non-forbidden dynamic code, and a dynamic flag code.
For example, the registration request includes a fixed password 123ab, non-disabled dynamic codes 444, 555, and 666, dynamic flag codes 7, 8, 9, the number of disabled dynamic codes 2, a user name Testuser; the login request includes the user name Testuser, dynamic password 123a75558 b.
It should be noted that the dynamic password 123a75558b is only one of correct dynamic passwords obtained according to the dynamic flag codes 7 and 8, the non-forbidden dynamic code 555, and the fixed password 123ab, and the dynamic passwords 75558123ab, 17555823ab, 12755583ab, 12375558ab, 123ab75558, 85557123ab, 18555723ab, 12855573ab, 12385557ab, 123a85557b, and 123ab85557 are all correct dynamic passwords.
Step 302: the authentication terminal verifies the dynamic password in the received login request according to the stored fixed password and the non-forbidden dynamic code;
specifically, the authentication end identifies a fixed password and a dynamic code in the dynamic password according to the stored dynamic mark code, judges whether the identified fixed password is the same as the stored fixed password, judges whether the identified non-forbidden dynamic code is one of the stored non-forbidden dynamic codes, and judges that the verification is passed if the judgment is yes, or judges that the verification is not passed if the judgment is not yes.
For example, the dynamic password 123a75558b in the login request identifies the self-stored dynamic mark codes contained therein as 7 and 8, reads the characters between 7 and 8 to obtain the non-forbidden dynamic code 555, and takes the characters 123ab except the identified dynamic mark codes 7 and 8 and the read non-forbidden dynamic code 555 as the fixed password; the stored fixed password 123ab is the same as the recognized fixed password 123ab, and the read non-forbidden dynamic code 555 is the stored non-forbidden dynamic code 555, and the verification is judged to be passed.
Step 303: the authentication end returns a login result to the client according to the verification result, and updates the forbidden dynamic codes according to the number of the stored forbidden dynamic codes and the non-forbidden dynamic codes contained in the dynamic passwords when the verification result is that the verification is passed;
for example, a login success message is returned to the client, the first disabled dynamic code 444 is identified as an available dynamic code, and the received dynamic password contains a non-disabled dynamic code 555 that is identified as a disabled dynamic code.
Step 304: and the client receives the login result returned by the authentication end.
According to an embodiment of the present invention, there is also provided a dynamic password-based authentication system, as shown in fig. 4, including: a client and an authentication end;
the client comprises:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving a login request from a user, the login request comprises a dynamic password, and the dynamic password comprises a fixed password and a non-forbidden dynamic code;
the first sending module is used for sending the login request received by the first receiving module to the authentication end;
the first receiving module is also used for receiving a login result returned by the authentication end;
the authentication end comprises:
the second receiving module is used for receiving a login request sent by the client;
the storage module is used for storing the fixed passwords, the non-forbidden dynamic codes and the forbidden dynamic codes;
the first verification module is used for verifying the dynamic password contained in the login request received by the second receiving module according to the fixed password and the non-forbidden dynamic code stored by the storage module;
the second sending module is used for returning a login result to the client according to the verification result of the first verification module;
and the updating module is used for updating the forbidden dynamic codes according to the number of the forbidden dynamic codes stored by the storage module and the non-forbidden dynamic codes contained in the dynamic passwords when the verification result of the first verification module is that the verification is passed.
According to the embodiment of the present invention, the first receiving module is further configured to receive a registration request from a user;
correspondingly, the first sending module is also used for sending the registration request received by the first receiving module to the authentication end;
correspondingly, the first receiving module is further configured to receive a registration result returned by the authentication end.
The registration request comprises a fixed password, at least two non-forbidden dynamic codes, the number of forbidden dynamic codes and a user name, wherein characters between the fixed password and the non-forbidden dynamic codes are different, and the number of forbidden dynamic codes is not zero and is smaller than that of the non-forbidden dynamic codes.
According to the embodiment of the present invention, the registration request may further include at least one dynamic identifier, and preferably, each dynamic identifier is a character;
correspondingly, the dynamic password is composed of a fixed password, a non-forbidden dynamic code and a dynamic mark code according to a preset form.
According to the embodiment of the present invention, the authentication side further includes: a second authentication module;
the second receiving module is also used for receiving a registration request sent by the client;
the second verification module is used for verifying the registration request received by the second receiving module;
the second sending module is also used for returning a registration result to the client according to the verification result of the second verification module;
and the storage module is specifically used for correspondingly storing a fixed password, at least two non-forbidden dynamic codes, the number of forbidden dynamic codes and the user name contained in the registration request when the verification result of the second verification module is verification pass.
According to an embodiment of the present invention, the second verification module is specifically configured to:
verifying whether the number of fixed passwords, the number of non-forbidden dynamic codes and the number of forbidden dynamic codes contained in the registration request are reasonable or not;
verifying whether the character types of all characters in the fixed password and the non-forbidden dynamic code contained in the registration request are correct or not;
verifying whether characters between a fixed password and a non-forbidden dynamic code contained in the registration request are different or not;
when the verification results are all yes, judging that the verification is passed; otherwise, judging that the verification is not passed.
According to the embodiment of the invention, the first verification module comprises a search submodule and a judgment submodule;
the searching submodule is used for searching a fixed password and a non-forbidden dynamic code which are correspondingly stored according to a user name contained in the login request received by the second receiving module;
the judgment submodule is used for judging whether the dynamic password consists of the fixed password searched by the searching submodule and any one non-forbidden dynamic code, and if so, the verification is judged to be passed; otherwise, judging that the verification is not passed.
According to the embodiment of the invention, when the registration request further comprises at least one dynamic mark code, the dynamic password further comprises the dynamic mark code;
correspondingly, the storage module is specifically used for correspondingly storing a fixed password, at least two non-forbidden dynamic codes, at least one dynamic mark code, the number of forbidden dynamic codes and a user name contained in the registration request;
correspondingly, the first verification module further comprises: identifying a submodule;
and the identification submodule is used for identifying the fixed password and the non-forbidden dynamic code in the dynamic password according to the dynamic mark code stored by the storage module.
According to the embodiment of the present invention, the identification submodule is specifically configured to identify the stored dynamic mark codes in the dynamic password, read characters between the identified dynamic mark codes to obtain non-forbidden dynamic codes, and use characters in the dynamic password except for the identified dynamic mark codes and the read non-forbidden dynamic codes as the fixed password.
According to an embodiment of the present invention, the update module is specifically configured to:
when the client logs in for the first time, identifying the non-forbidden dynamic codes contained in the dynamic password as forbidden dynamic codes;
when the client logs in for the non-first time, judging whether the number of the forbidden dynamic codes of the current identification reaches the number of the forbidden dynamic codes stored by the storage module, if so, updating the forbidden dynamic codes of the first identification into non-forbidden dynamic codes, and identifying the non-forbidden dynamic codes contained in the dynamic password as the forbidden dynamic codes; otherwise, the non-forbidden dynamic codes contained in the dynamic password are marked as forbidden dynamic codes.
According to an embodiment of the present invention, there is also provided an authentication apparatus based on a dynamic password, including:
one or more processors, storage devices to store one or more programs; when the one or more programs are executed by the one or more processors, the one or more processors implement the steps of the dynamic password-based authentication method as described above.
According to an embodiment of the present invention, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the dynamic password-based authentication method as described above.
According to the invention, firstly, a plurality of dynamic passwords which accord with a preset rule can be combined according to a fixed password, at least two non-forbidden dynamic codes and at least one dynamic mark code which are set during registration, so that the dynamic switching of the passwords is realized; secondly, combining the forbidden dynamic codes, so that the client combines the dynamic passwords according to different non-forbidden dynamic codes during each login, and different dynamic passwords are adopted during each login, so that even if the dynamic passwords used during the current login are stolen, the account security of the user can be guaranteed to a certain extent; and thirdly, the dynamic password is realized without additional equipment, such as a dynamic password token or mobile equipment capable of receiving the dynamic verification code, so that the problems of inconvenient use and account security caused by equipment loss are effectively solved.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (12)
1. A dynamic password-based authentication method for a client, comprising:
receiving a login request from a user, wherein the login request comprises a dynamic password, and the dynamic password comprises a fixed password and a non-forbidden dynamic code;
sending the login request to an authentication end, and receiving a login result returned by the authentication end;
wherein, before receiving the login request from the user, the method further comprises:
receiving a registration request from a user, sending the registration request to an authentication terminal, and receiving a registration result returned by the authentication terminal; the registration request comprises a fixed password, at least two non-forbidden dynamic codes and the number of forbidden dynamic codes, wherein the characters between the fixed password and the non-forbidden dynamic codes are different, and the number of the forbidden dynamic codes is not zero and is less than the number of the non-forbidden dynamic codes.
2. The method of claim 1, wherein the registration request further comprises: at least one dynamic signature;
the dynamic password comprises the fixed password, one non-forbidden dynamic code and a dynamic mark code.
3. A dynamic password-based authentication method for an authentication end is characterized by comprising the following steps:
receiving a login request sent by a client, wherein the login request comprises a dynamic password, and the dynamic password comprises a fixed password and a non-forbidden dynamic code;
verifying the dynamic password according to the stored fixed password and the non-forbidden dynamic code;
and returning a login result to the client according to the verification result, and updating the forbidden dynamic codes according to the number of the stored forbidden dynamic codes and the non-forbidden dynamic codes contained in the dynamic passwords when the verification result is that the verification is passed.
4. The method of claim 3, wherein before receiving the login request sent by the client, the method further comprises: receiving and verifying a registration request sent by a client, returning a registration result to the client according to a verification result, and correspondingly storing a fixed password, at least two non-forbidden dynamic codes, the number of forbidden dynamic codes and a user name contained in the registration request when the verification result is that the verification is passed.
5. The method of claim 4, wherein verifying the registration request sent by the client comprises:
verifying whether the number of fixed passwords, the number of non-forbidden dynamic codes and the number of forbidden dynamic codes contained in the registration request are reasonable or not;
verifying whether the character types of all characters in the fixed password and the non-forbidden dynamic code contained in the registration request are correct or not;
verifying whether characters between a fixed password and a non-forbidden dynamic code contained in the registration request are different or not;
when the verification results are all yes, judging that the verification is passed; otherwise, judging that the verification is not passed.
6. The method of claim 3, wherein the login request further comprises: a user name;
the verifying the dynamic password according to the stored fixed password and the non-forbidden dynamic code comprises the following steps:
searching a fixed password and a non-forbidden dynamic code which are correspondingly stored according to a user name contained in the login request;
judging whether the dynamic password consists of the searched fixed password and any one non-forbidden dynamic code, if so, judging that the verification is passed; otherwise, judging that the verification is not passed.
7. The method of claim 3, wherein updating the disabled dynamic codes based on the number of the saved disabled dynamic codes and the non-disabled dynamic codes contained in the dynamic password comprises:
when the client logs in for the first time, identifying the non-forbidden dynamic codes contained in the dynamic password as forbidden dynamic codes;
when the client logs in for the non-first time, judging whether the number of the forbidden dynamic codes of the current identification reaches the number of the stored forbidden dynamic codes, if so, updating the forbidden dynamic codes of the first identification into non-forbidden dynamic codes, and identifying the non-forbidden dynamic codes contained in the dynamic password as forbidden dynamic codes; otherwise, identifying the non-forbidden dynamic codes contained in the dynamic password as forbidden dynamic codes.
8. The method of claim 4, wherein the registration request further comprises at least one dynamic token, and wherein the dynamic password further comprises a dynamic token;
correspondingly storing a fixed password, at least two non-forbidden dynamic codes, the number of forbidden dynamic codes and a user name contained in the registration request, specifically: correspondingly storing a fixed password, at least two non-forbidden dynamic codes, the number of forbidden dynamic codes, at least one dynamic identification code and a user name contained in the registration request;
the verifying the dynamic password according to the stored fixed password and the non-forbidden dynamic code comprises the following steps: and identifying a fixed password and a non-forbidden dynamic code in the dynamic password according to the stored dynamic mark code.
9. The method according to claim 8, wherein the identifying the fixed password and the non-forbidden dynamic password according to the stored dynamic signature code specifically comprises:
and identifying the stored dynamic mark codes in the dynamic password, reading characters among the identified dynamic mark codes to obtain the dynamic code, and taking the characters except the identified dynamic mark codes and the read dynamic code in the dynamic password as a fixed password.
10. An authentication method based on a dynamic password, comprising:
the method comprises the steps that a client receives a login request from a user and sends the login request to an authentication end, wherein the login request comprises a dynamic password, and the dynamic password comprises a fixed password and a non-forbidden dynamic code;
the authentication terminal verifies the dynamic password according to the stored fixed password and the non-forbidden dynamic code;
the authentication end returns a login result to the client according to a verification result, and updates the forbidden dynamic codes according to the number of the stored forbidden dynamic codes and the non-forbidden dynamic codes contained in the dynamic passwords when the verification result is that the verification is passed;
and the client receives the login result returned by the authentication end.
11. An authentication device based on a dynamic password, comprising:
one or more processors, storage devices to store one or more programs;
the one or more programs, when executed by the one or more processors, implement the method of any of claims 1-9.
12. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810788748.0A CN108833439B (en) | 2018-07-18 | 2018-07-18 | Authentication method, equipment and storage medium based on dynamic password |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810788748.0A CN108833439B (en) | 2018-07-18 | 2018-07-18 | Authentication method, equipment and storage medium based on dynamic password |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108833439A CN108833439A (en) | 2018-11-16 |
| CN108833439B true CN108833439B (en) | 2020-11-03 |
Family
ID=64140462
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810788748.0A Active CN108833439B (en) | 2018-07-18 | 2018-07-18 | Authentication method, equipment and storage medium based on dynamic password |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108833439B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110365661B (en) * | 2019-06-28 | 2021-11-26 | 苏州浪潮智能科技有限公司 | Network security authentication method and device |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197095A (en) * | 2006-12-10 | 2008-06-11 | 王建 | Variable password |
| CN101777992A (en) * | 2008-12-24 | 2010-07-14 | 华为终端有限公司 | Method, equipment and system for logging in gateway |
| CN102202067A (en) * | 2011-07-15 | 2011-09-28 | 席勇良 | Dynamic random cipher registration method |
| CN102316120A (en) * | 2011-10-17 | 2012-01-11 | 北京信息科技大学 | Dynamic password lock based on network privacy protection |
| CN103580861A (en) * | 2012-07-24 | 2014-02-12 | 阿里巴巴集团控股有限公司 | Dynamic security authentication method and system |
| CN105100035A (en) * | 2014-05-23 | 2015-11-25 | 国网山西省电力公司电力科学研究院 | Method and system for setting password |
| CN105357210A (en) * | 2015-11-23 | 2016-02-24 | 贾如银 | Dynamic password |
| WO2017023203A1 (en) * | 2015-08-03 | 2017-02-09 | Mastercard Asia/Pacific Pte Ltd | Method and system for website verification |
-
2018
- 2018-07-18 CN CN201810788748.0A patent/CN108833439B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197095A (en) * | 2006-12-10 | 2008-06-11 | 王建 | Variable password |
| CN101777992A (en) * | 2008-12-24 | 2010-07-14 | 华为终端有限公司 | Method, equipment and system for logging in gateway |
| CN102202067A (en) * | 2011-07-15 | 2011-09-28 | 席勇良 | Dynamic random cipher registration method |
| CN102316120A (en) * | 2011-10-17 | 2012-01-11 | 北京信息科技大学 | Dynamic password lock based on network privacy protection |
| CN103580861A (en) * | 2012-07-24 | 2014-02-12 | 阿里巴巴集团控股有限公司 | Dynamic security authentication method and system |
| CN105100035A (en) * | 2014-05-23 | 2015-11-25 | 国网山西省电力公司电力科学研究院 | Method and system for setting password |
| WO2017023203A1 (en) * | 2015-08-03 | 2017-02-09 | Mastercard Asia/Pacific Pte Ltd | Method and system for website verification |
| CN105357210A (en) * | 2015-11-23 | 2016-02-24 | 贾如银 | Dynamic password |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108833439A (en) | 2018-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103188668A (en) | Security protection method and security protection system for mobile terminal application | |
| CN107026836B (en) | Service implementation method and device | |
| US20100071041A1 (en) | Identification information integrated management system, identification information integrated management server, and computer readable recording medium recording identification information integrated management program thereon | |
| CN111092899B (en) | Information acquisition method, device, equipment and medium | |
| CN102497635A (en) | Server, terminal and account password acquisition method | |
| US20090210938A1 (en) | Utilizing Previous Password to Determine Authenticity to Enable Speedier User Access | |
| CN105897663A (en) | Method for determining access authority, device and equipment | |
| CN105337997A (en) | Log-in method of application client and relevant device | |
| CN106330812B (en) | File security recognition methods and device | |
| CN107623907B (en) | eSIM card network locking method, terminal and network locking authentication server | |
| CN105072608B (en) | A kind of method and device of administrative authentication token | |
| CN110601832A (en) | Data access method and device | |
| CN108833439B (en) | Authentication method, equipment and storage medium based on dynamic password | |
| CN114339755A (en) | Registration verification method and device, electronic equipment and computer readable storage medium | |
| CN106789930A (en) | A kind of single-point logging method of (SuSE) Linux OS | |
| CN109063461B (en) | Third-party password-free login method and system | |
| CN108156187A (en) | A kind of cloud service system | |
| CN110839215B (en) | Cluster communication method, server, terminal equipment and storage medium | |
| CN113114623B (en) | Data connection method, device, terminal equipment and computer readable storage medium | |
| CN107872786B (en) | Control method and smart card | |
| CN114528542A (en) | Login management method and device, electronic equipment and storage medium | |
| CN113849802A (en) | Equipment authentication method and device, electronic equipment and storage medium | |
| WO2010023508A1 (en) | Method, apparatus and computer program product for providing device security | |
| CN114268445A (en) | Authentication method, device and system for cloud mobile phone application, authentication module and terminal | |
| CN114268472B (en) | User authentication method and system of application system based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |