CN114626050A - Authentication method, device, equipment and medium - Google Patents
Authentication method, device, equipment and medium Download PDFInfo
- Publication number
- CN114626050A CN114626050A CN202011456198.6A CN202011456198A CN114626050A CN 114626050 A CN114626050 A CN 114626050A CN 202011456198 A CN202011456198 A CN 202011456198A CN 114626050 A CN114626050 A CN 114626050A
- Authority
- CN
- China
- Prior art keywords
- target account
- dynamic password
- instruction
- shared
- receiving
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an authentication method, an authentication device, authentication equipment and an authentication medium, which are used for solving the safety problem existing in the prior art when a user logs in a system. In the embodiment of the invention, if a sending instruction of the shared key is received, the shared key is sent to the target account carried by the sending instruction, and when a login instruction sent by the target account is received, a first dynamic password is generated according to time, the target account and the shared key, if the first dynamic password is matched with a second dynamic password carried by the login instruction, the target account is determined to pass authentication, and if any one of the time, the target account and the shared key is different during authentication, the generated dynamic passwords are different, so that the security of a system login link of the Linux system in an application scene can be effectively improved.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to an authentication method, apparatus, device, and medium.
Background
The Linux system occupies a very high market share in the field of server operating systems because of the characteristics of open source, stability and high performance. However, the operation and maintenance levels of the system are very different and uneven due to various reasons among a huge number of user groups, and a great number of Linux users directly open the server to the public network for the convenience of operation and maintenance, which is equivalent to directly exposing the root of the information system to the attack risks of various black products and gray products. Therefore, it is necessary to improve the security of the system login link of the Linux system in the application scene.
In the prior art, the traditional static password is used for logging in, however, in the prior art, the static password is mostly a regular characteristic symbol for the convenience of memory, so the static password is easy to guess and crack, a hacker can directly intercept the static password from a network or a telephone line, if the static password is transmitted in an unencrypted mode, the static password can be easily acquired, and an internal worker of the Linux system can obtain the user password through legal authorization and illegally use the user password.
Disclosure of Invention
The invention provides an authentication method, an authentication device, authentication equipment and an authentication medium, which are used for solving the safety problem existing in the prior art when a user logs in a system.
In a first aspect, an embodiment of the present invention provides an authentication method, where the method includes:
if a sending instruction of the shared key is received, sending the shared key to a target account according to the target account carried in the sending instruction;
receiving a login instruction sent by the target account, and generating a first dynamic password according to the first time for receiving the login instruction, the target account and the shared key;
and if the first dynamic password is matched with a second dynamic password carried by the login instruction, determining that the target account passes the authentication.
In a second aspect, an embodiment of the present invention provides an authentication method, where the method includes:
receiving a shared secret key;
receiving a dynamic password generation instruction, and generating a second dynamic password according to a target account stored in advance, the shared secret key and a second time when the dynamic password generation instruction is received;
and sending a login instruction carrying the target account and the second dynamic password.
In a third aspect, an embodiment of the present invention provides an authentication apparatus, where the apparatus includes:
the sending module is used for sending the shared secret key to a target account according to the target account carried in a sending instruction if the sending instruction of the shared secret key is received;
the generation module is used for receiving a login instruction sent by the target account and generating a first dynamic password according to the first time for receiving the login instruction, the target account and the shared key;
and the determining module is used for determining that the target account passes the authentication if the first dynamic password is matched with a second dynamic password carried by the login instruction.
In a fourth aspect, an embodiment of the present invention provides an authentication apparatus, where the apparatus includes:
a receiving module, configured to receive a shared key;
the processing module is used for receiving a dynamic password generation instruction and generating a second dynamic password according to a target account stored in advance, the shared secret key and second time when the dynamic password generation instruction is received;
and the sending module is used for sending a login instruction carrying the target account and the second dynamic password.
In a fifth aspect, an embodiment of the present invention provides an electronic device, where the electronic device includes at least a processor and a memory, and the processor is configured to execute any of the authentication steps described above when executing a computer program stored in the memory.
In a sixth aspect, an embodiment of the present invention provides a computer-readable storage medium, which stores a computer program, and the computer program, when executed by a processor, performs any of the above-mentioned steps of authentication.
In the embodiment of the invention, if a sending instruction of the shared key is received, the shared key is sent to the target account carried by the sending instruction, and when a login instruction sent by the target account is received, the first dynamic password is generated according to the time, the target account and the shared key, if the first dynamic password is matched with the second dynamic password carried by the login instruction, the target account is determined to pass the authentication.
Drawings
In order to more clearly illustrate the technical solutions of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic diagram illustrating an authentication method according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating a procedure of an authentication method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an authentication apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an authentication apparatus according to an embodiment of the present invention;
fig. 5 is an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the purpose, technical solutions and advantages of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application are within the scope of protection of the present application.
In order to improve security during authentication, embodiments of the present invention provide an authentication method, apparatus, device, and medium.
Example 1:
fig. 1 provides a schematic process diagram of an authentication method according to an embodiment of the present invention, where the process includes the following steps:
s101: and if a sending instruction of the shared key is received, sending the shared key to the target account according to the target account carried in the sending instruction.
The authentication method provided by the embodiment of the invention is applied to the electronic equipment, and the electronic equipment can be intelligent equipment such as a PC (personal computer) or a server.
In order to perform authentication, in the embodiment of the present invention, encryption is performed based on the shared key, so if a sending instruction of the shared key is received and a target account is carried in the sending instruction in order to accurately send the shared key, the electronic device sends the shared key to the target account.
In the embodiment of the present invention, sending the shared key to the target account may be sent through a network or in other manners, and how to send is not limited herein.
S102: and receiving a login instruction sent by the target account, and generating a first dynamic password according to the first time for receiving the login instruction, the target account and the shared key.
For authentication, after receiving a login instruction sent by a target account, the electronic device acquires a first time when the login instruction is received and the target account sending the login instruction, and generates a first dynamic password according to the first time, the target account and a stored shared key.
S103: and if the first dynamic password is matched with a second dynamic password carried by the login instruction, determining that the target account passes the authentication.
In order to perform authentication, the login instruction carries a second dynamic password, wherein the second dynamic password is generated based on an algorithm which is the same as an algorithm adopted by the first dynamic password, so that when the first dynamic password is generated and the second dynamic password carried in the login instruction are judged, whether the first dynamic password and the second dynamic password are matched is judged, and if the first dynamic password and the second dynamic password are matched, the target account is determined to pass the authentication. Wherein whether the first dynamic password matches the second dynamic password may be whether they match, because the first dynamic password and the second dynamic password are calculated at a first time when the login command is received and a second time when the dynamic password generation command is received, respectively, because the client generates the second dynamic password after receiving the dynamic password generation instruction and sends the login instruction carrying the second dynamic password to the electronic equipment in the embodiment of the invention, thus, if, without considering network delays, the first time is generally considered to be coincident with the second time, if there is no problem with the target account and the shared key, the generated first dynamic password is considered to match the second dynamic password, the first dynamic password does not match the second dynamic password if there is a problem with the target account and the shared secret.
In the embodiment of the invention, if a sending instruction of the shared key is received, the shared key is sent to the target account carried by the sending instruction, and when a login instruction sent by the target account is received, a first dynamic password is generated according to time, the target account and the shared key, if the first dynamic password is matched with a second dynamic password carried by the login instruction, the target account is determined to pass authentication, and if any one of the time, the target account and the shared key is different during authentication, the generated dynamic passwords are different, so that the security of a system login link of the Linux system in an application scene can be effectively improved.
Example 2:
for authentication, on the basis of the foregoing embodiment, in an embodiment of the present invention, before sending the shared key to the target account according to the target account carried in the sending instruction, the method includes:
and receiving a shared password generation instruction, generating a shared key and storing the shared key.
In the embodiment of the present invention, the first dynamic password and the second dynamic password are generated based on the shared key, so that the shared key is generated and stored after receiving the shared key generation instruction for the target account in order to ensure the security of authentication. And if the shared key generation instruction aiming at the target account is received again, randomly generating the shared key aiming at the target account again, and updating the shared key stored aiming at the target account.
For authentication, on the basis of the foregoing embodiments, in an embodiment of the present invention, the generating a first dynamic password according to the first time when the login instruction is received, the target account, and the shared key includes:
and generating a first dynamic password according to the first time for receiving the login instruction, the target account and the shared secret key based on a hash SM3 digest algorithm.
In the embodiment of the invention, the first dynamic password is generated based on an SM3 digest algorithm, the first dynamic password is generated according to the first time for receiving the login command, the target account and the shared key, if the target accounts are different, the generated first dynamic password is different, if the shared key is different, the generated first dynamic password is also different, however, when the dynamic password is generated based on the SM3 digest algorithm, the time has a slight error, the generated passwords may be the same, therefore, if the first time for receiving the login command and the second time for receiving the dynamic password generation command have a slight error, the generated first dynamic password is not influenced, wherein the slight error between the first time and the second time means that the time interval between the first time and the second time is within a certain error range, and does not mean that the same first dynamic password may be generated at any two times, therefore, in the embodiment of the invention, a certain error is allowed to exist between the first time when the login instruction is received and the second time when the dynamic password generation instruction is received.
In order to perform authentication accurately, on the basis of the foregoing embodiments, in an embodiment of the present invention, after the receiving of the login instruction sent by the target account, before the generating of the first dynamic password according to the first time of receiving the login instruction, the target account, and the shared key, the method includes:
judging whether the target account has the authority of sharing the shared key or not according to pre-stored information of the account having the authority of sharing the shared key;
if yes, executing the subsequent operation.
Because each target account does not have the information of the account sharing the shared key authority, in the embodiment of the invention, the information of the account sharing the shared key authority is pre-stored, and all the accounts sharing the shared key authority are the accounts having the login authority, after the login instruction carrying the target account is received, whether the target account is the account sharing the shared key authority is judged, and if yes, the subsequent operation can be carried out. If not, the authentication fails.
In the embodiment of the invention, the authentication is carried out based on the login of the Linux system, so that a one-time password (OTP) dynamic authentication module in the electronic equipment is used for generating a first dynamic password and a shared key, wherein the OTP dynamic authentication module is developed according to the PAM standard and can be directly embedded into the authentication process of the Linux login system to replace a static password authentication module carried by the Linux system, and the OTP dynamic authentication module has a key management function.
Example 3:
fig. 2 is a schematic diagram of an authentication method process provided in the embodiment of the present invention, where the process includes the following steps:
s201: a shared key is received.
The authentication method provided by the embodiment of the invention is applied to the client.
For authentication, the client encrypts based on the shared key and generates the second dynamic password based on the shared key, so in the embodiment of the present invention, the client receives the shared key sent by the electronic device and saves after receiving the shared key. And generating a second dynamic password to realize authentication based on the received shared secret key.
S202: and receiving a dynamic password generation instruction, and generating a second dynamic password according to a target account stored in advance, the shared secret key and a second time when the dynamic password generation instruction is received.
In the embodiment of the invention, after the dynamic password generation instruction is received, the second time when the dynamic password generation instruction is received, the target account and the shared key of the target account sent by the electronic equipment are pre-stored in the client, and the second dynamic password is generated according to the second time, the target account and the shared key.
S203: and sending a login instruction carrying the target account and the second dynamic password.
And after the second dynamic password is generated, the client sends a login instruction carrying the target account and the second dynamic password to the electronic equipment.
In the embodiment of the present invention, for authentication, the client may be an OTP authentication dynamic Application (APP), and the OTP authentication dynamic APP has a built-in algorithm similar to that of the OTP authentication module, and can accurately generate the second dynamic password according to the second time, the target account, and the shared key, that is, the OTP authentication dynamic APP also has a key management function.
In order to perform authentication accurately, in addition to the above embodiments, in an embodiment of the present invention, the generating a second dynamic password according to a target account saved in advance, the received shared key, and a second time when the dynamic password generation instruction is received includes:
and generating a second dynamic password according to a target account which is saved in advance, the shared secret key and a second time when the dynamic password generating instruction is received based on a hash SM3 digest algorithm.
In the embodiment of the present invention, the second dynamic password is generated based on an SM3 digest algorithm, and the second dynamic password is generated according to the second time of receiving the login instruction, the target account and the shared key, if the target accounts are different, the generated second dynamic password is necessarily different, and if the shared key is different, the generated second dynamic password is also necessarily different, however, in the SM3 digest algorithm, a slight error exists in time, and the generated passwords may be the same, so if a slight error exists between the second time of receiving the dynamic password generation instruction and the first time of receiving the login instruction, the generated second dynamic password is not affected, wherein the slight error exists in the second time means that a time interval is within a certain error range, and does not mean that any two times may generate the same second dynamic password, therefore, in the embodiment of the present invention, the second time of receiving the dynamic password generation instruction and the login instruction are allowed to be received, and the second time of receiving the login instruction and the same second dynamic password are allowed There is a certain error in the first time of the instruction.
Example 4:
fig. 3 is a schematic structural diagram of an authentication apparatus according to an embodiment of the present invention, where the authentication apparatus includes:
a sending module 301, configured to send a shared key to a target account according to the target account carried in a sending instruction if the sending instruction of the shared key is received;
a generating module 302, configured to receive a login instruction sent by the target account, and generate a first dynamic password according to a first time for receiving the login instruction, the target account, and the shared key;
a determining module 303, configured to determine that the target account passes authentication if the first dynamic password is matched with the second dynamic password carried by the login instruction.
In a possible embodiment, the apparatus further comprises: and the processing module 304 is configured to receive a shared password generation instruction, generate a shared password, and store the shared password.
In a possible implementation, the generating module 302 is specifically configured to generate a first dynamic password according to the first time when the login instruction is received, the target account, and the shared key based on a hash SM3 digest algorithm.
In one possible embodiment, the apparatus further comprises: a determining module 305, configured to determine whether the target account has an authority to share the shared key according to information of an account having an authority to share the shared key, which is pre-stored; if yes, executing the subsequent operation.
Fig. 4 is a schematic structural diagram of an authentication apparatus according to an embodiment of the present invention, where the authentication apparatus includes:
a receiving module 401, configured to receive a shared key;
a processing module 402, configured to receive a dynamic password generation instruction, and generate a second dynamic password according to a pre-stored target account, the shared key, and a second time when the dynamic password generation instruction is received;
a sending module 403, configured to send a login instruction carrying the target account and the second dynamic password.
In a possible implementation manner, the processing module 402 is specifically configured to generate a second dynamic password according to a pre-saved target account, the shared key, and a second time when the dynamic password generation instruction is received, based on a hash SM3 digest algorithm.
Example 5:
on the basis of the foregoing embodiments, an embodiment of the present invention further provides an electronic device, as shown in fig. 5, including: the system comprises a processor 501, a communication interface 502, a memory 503 and a communication bus 504, wherein the processor 501, the communication interface 502 and the memory 503 are communicated with each other through the communication bus 504.
The memory 503 has stored therein a computer program which, when executed by the processor 501, causes the processor 501 to perform the steps of:
if a sending instruction of the shared key is received, sending the shared key to a target account according to the target account carried in the sending instruction;
receiving a login instruction sent by the target account, and generating a first dynamic password according to the first time for receiving the login instruction, the target account and the shared key;
and if the first dynamic password is matched with a second dynamic password carried by the login instruction, determining that the target account passes the authentication.
In a possible implementation manner, before sending the shared key to the target account according to the target account carried in the sending instruction, the method includes:
and receiving a shared password generation instruction, generating a shared password and storing the shared password.
In a possible implementation manner, the generating a first dynamic password according to the first time of receiving the login instruction, the target account and the shared key includes:
and generating a first dynamic password according to the first time for receiving the login instruction, the target account and the shared secret key based on a hash SM3 digest algorithm.
In a possible implementation manner, after the receiving of the login instruction sent by the target account, before the generating of the first dynamic password according to the first time of receiving the login instruction, the target account and the shared key, the method includes:
judging whether the target account has the authority of sharing the shared key or not according to pre-stored information of the account having the authority of sharing the shared key;
if yes, executing the subsequent operation.
On the basis of the above embodiments, an embodiment of the present invention further provides an electronic device, including: the system comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus.
Receiving a shared secret key;
receiving a dynamic password generation instruction, and generating a second dynamic password according to a target account stored in advance, the shared secret key and a second time when the dynamic password generation instruction is received;
and sending a login instruction carrying the target account and the second dynamic password.
In a possible implementation manner, the generating a second dynamic password according to the pre-saved target account, the received shared secret key, and a second time when the dynamic password generation instruction is received includes:
and generating a second dynamic password according to a target account which is saved in advance, the shared secret key and a second time when the dynamic password generating instruction is received based on a hash SM3 digest algorithm.
Because the principle of the electronic device for solving the problem is similar to that of the communication method, the implementation of the electronic device may refer to the implementation of the method, and repeated details are not repeated.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface 502 is used for communication between the above-described electronic apparatus and other apparatuses.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Alternatively, the memory may be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a central processing unit, a Network Processor (NP), and the like; but may also be a Digital instruction processor (DSP), an application specific integrated circuit, a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like.
Example 6:
on the basis of the foregoing embodiments, the present invention further provides a computer-readable storage medium, in which a computer program executable by a processor is stored, and when the program runs on the processor, the processor is caused to execute the following steps:
if a sending instruction of the shared key is received, sending the shared key to a target account according to the target account carried in the sending instruction;
receiving a login instruction sent by the target account, and generating a first dynamic password according to the first time for receiving the login instruction, the target account and the shared key;
and if the first dynamic password is matched with a second dynamic password carried by the login instruction, determining that the target account passes the authentication.
In a possible implementation manner, before sending the shared key to the target account according to the target account carried in the sending instruction, the method includes:
and receiving a shared password generation instruction, generating a shared password and storing the shared password.
In a possible implementation manner, the generating a first dynamic password according to the first time of receiving the login instruction, the target account and the shared key includes:
and generating a first dynamic password according to the first time for receiving the login instruction, the target account and the shared secret key based on a hash SM3 digest algorithm.
In a possible implementation manner, after the receiving of the login instruction sent by the target account, before the generating of the first dynamic password according to the first time of receiving the login instruction, the target account and the shared key, the method includes:
judging whether the target account has the authority of sharing the shared key or not according to pre-stored information of the account having the authority of sharing the shared key;
if yes, executing the subsequent operation.
On the basis of the foregoing embodiments, the present invention further provides a computer-readable storage medium, in which a computer program executable by a processor is stored, and when the program runs on the processor, the processor is caused to execute the following steps:
receiving a shared secret key;
receiving a dynamic password generation instruction, and generating a second dynamic password according to a target account stored in advance, the shared secret key and a second time when the dynamic password generation instruction is received;
and sending a login instruction carrying the target account and the second dynamic password.
In a possible implementation manner, the generating a second dynamic password according to the pre-saved target account, the received shared secret key, and a second time when the dynamic password generation instruction is received includes:
and generating a second dynamic password according to a target account which is saved in advance, the shared secret key and a second time when the dynamic password generating instruction is received based on a hash SM3 digest algorithm.
Because the principle of the computer readable medium for solving the problem is similar to the audio and video data sharing method, after the processor executes the computer program in the computer readable medium, the steps implemented may refer to the other embodiments, and repeated parts are not described again.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. An authentication method, the method comprising:
if a sending instruction of the shared key is received, sending the shared key to a target account according to the target account carried in the sending instruction;
receiving a login instruction sent by the target account, and generating a first dynamic password according to the first time for receiving the login instruction, the target account and the shared key;
and if the first dynamic password is matched with a second dynamic password carried by the login instruction, determining that the target account passes the authentication.
2. The method according to claim 1, wherein before sending the shared key to the target account according to the target account carried in the sending instruction, the method comprises:
and receiving a shared password generation instruction, generating a shared password and storing the shared password.
3. The method of claim 1, wherein generating a first dynamic password based on the first time at which the login instruction was received, the target account, and the shared key comprises:
and generating a first dynamic password according to the first time for receiving the login instruction, the target account and the shared secret key based on a hash SM3 digest algorithm.
4. The method according to claim 1, wherein after receiving the login instruction sent by the target account, before generating the first dynamic password according to the first time of receiving the login instruction, the target account and the shared key, the method comprises:
judging whether the target account has the authority of sharing the shared key or not according to pre-stored information of the account having the authority of sharing the shared key;
if yes, executing the subsequent operation.
5. An authentication method, the method comprising:
receiving a shared secret key;
receiving a dynamic password generation instruction, and generating a second dynamic password according to a target account stored in advance, the shared secret key and a second time when the dynamic password generation instruction is received;
and sending a login instruction carrying the target account and the second dynamic password.
6. The method of claim 5, wherein generating a second dynamic password based on the pre-saved target account, the received shared secret key, and a second time when the dynamic password generation instruction is received comprises:
and generating a second dynamic password according to a target account which is saved in advance, the shared secret key and a second time when the dynamic password generating instruction is received based on a hash SM3 digest algorithm.
7. An authentication apparatus, characterized in that the apparatus comprises:
the sending module is used for sending the shared secret key to a target account according to the target account carried in a sending instruction if the sending instruction of the shared secret key is received;
the generation module is used for receiving a login instruction sent by the target account and generating a first dynamic password according to the first time for receiving the login instruction, the target account and the shared key;
and the determining module is used for determining that the target account passes the authentication if the first dynamic password is matched with a second dynamic password carried by the login instruction.
8. An authentication apparatus, characterized in that the apparatus comprises:
a receiving module, configured to receive a shared key;
the processing module is used for receiving a dynamic password generation instruction and generating a second dynamic password according to a target account stored in advance, the shared secret key and second time when the dynamic password generation instruction is received;
and the sending module is used for sending a login instruction carrying the target account and the second dynamic password.
9. An electronic device, characterized in that the electronic device comprises at least a processor and a memory, the processor being adapted to perform the steps of authenticating according to any one of claims 1-6 when executing a computer program stored in the memory.
10. A computer-readable storage medium, characterized in that it stores a computer program which, when being executed by a processor, performs the steps of authenticating according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011456198.6A CN114626050A (en) | 2020-12-11 | 2020-12-11 | Authentication method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011456198.6A CN114626050A (en) | 2020-12-11 | 2020-12-11 | Authentication method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114626050A true CN114626050A (en) | 2022-06-14 |
Family
ID=81895294
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011456198.6A Pending CN114626050A (en) | 2020-12-11 | 2020-12-11 | Authentication method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114626050A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115086040A (en) * | 2022-06-16 | 2022-09-20 | 北京金山云网络技术有限公司 | Login authentication method, device, storage medium and electronic equipment |
-
2020
- 2020-12-11 CN CN202011456198.6A patent/CN114626050A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115086040A (en) * | 2022-06-16 | 2022-09-20 | 北京金山云网络技术有限公司 | Login authentication method, device, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10484185B2 (en) | Method and system for distributing attestation key and certificate in trusted computing | |
| WO2021012552A1 (en) | Login processing method and related device | |
| US11223480B2 (en) | Detecting compromised cloud-identity access information | |
| CN110378139B (en) | Data key protection method, system, electronic equipment and storage medium | |
| CN110401615B (en) | Identity authentication method, device, equipment, system and readable storage medium | |
| CN107483509A (en) | A kind of auth method, server and readable storage medium storing program for executing | |
| CN111404696B (en) | Collaborative signature method, security service middleware, related platform and system | |
| CN106454528A (en) | Service processing method based on trusted execution environment and client side | |
| CN106295350B (en) | identity verification method and device of trusted execution environment and terminal | |
| EP3457309A1 (en) | Processing method for presenting copy attack, and server and client | |
| CN110175466B (en) | Security management method and device for open platform, computer equipment and storage medium | |
| CN111935095A (en) | Source code leakage monitoring method and device and computer storage medium | |
| CN111814132B (en) | Security authentication method and device, security authentication chip and storage medium | |
| JP2022534677A (en) | Protecting online applications and web pages that use blockchain | |
| CN113395406B (en) | Encryption authentication method and system based on power equipment fingerprint | |
| CN111585995A (en) | Method and device for transmitting and processing safety wind control information, computer equipment and storage medium | |
| KR102364649B1 (en) | APPARATUS AND METHOD FOR AUTHENTICATING IoT DEVICE BASED ON PUF | |
| CN111193730B (en) | IoT trusted scene construction method and device | |
| CN114626050A (en) | Authentication method, device, equipment and medium | |
| US20090210719A1 (en) | Communication control method of determining whether communication is permitted/not permitted, and computer-readable recording medium recording communication control program | |
| CN116881936A (en) | Trusted computing method and related equipment | |
| CN114553566B (en) | Data encryption method, device, equipment and storage medium | |
| US20240113898A1 (en) | Secure Module and Method for App-to-App Mutual Trust Through App-Based Identity | |
| CN115834149A (en) | Numerical control system safety protection method and device based on state cryptographic algorithm | |
| CN112926101B (en) | Disk partition encryption method, system, device and computer readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |