CN116827560B - Dynamic password authentication method and system based on asynchronous password - Google Patents
Dynamic password authentication method and system based on asynchronous password Download PDFInfo
- Publication number
- CN116827560B CN116827560B CN202311107808.5A CN202311107808A CN116827560B CN 116827560 B CN116827560 B CN 116827560B CN 202311107808 A CN202311107808 A CN 202311107808A CN 116827560 B CN116827560 B CN 116827560B
- Authority
- CN
- China
- Prior art keywords
- key
- dynamic
- public
- password
- private
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 57
- 238000010586 diagram Methods 0.000 description 10
- 238000004590 computer program Methods 0.000 description 7
- 230000001360 synchronised effect Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000004075 alteration Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
The invention discloses a dynamic password authentication method and system based on an asynchronous password, and belongs to the technical field. The method of the invention comprises the following steps: generating a dynamic password authentication request, and generating a pair of public key_key_c and private key_key_c by using a key exchange algorithm after the dynamic password authentication request is received; calculating and generating a dynamic password1 based on a public key_key_s and the private key_key_c which are generated in advance by using a key exchange algorithm; generating url with the public key public_key_c, and accessing the url to obtain the public key public_key_c; calculating and generating a dynamic password2 based on a private key_key_s and a public key_key_c which are generated in advance by an asynchronous password by using a key exchange algorithm; and authenticating the dynamic password1 through the dynamic password2, and if the password2 is equal to the password1, authenticating successfully. The method of the invention has high safety, and when the equipment is cracked and public_key_s is leaked, the dynamic password can not be cracked.
Description
Technical Field
The present invention relates to the technical field, and in particular, to a dynamic password authentication method and system based on an asynchronous password.
Background
The dynamic password is a password which changes at any time, and the password input every time is not fixed, so that the password cannot be lost even if being stolen once.
The dynamic password does not need to be memorized, the use is convenient, the password is not fixed, and the password is safer.
The dynamic password comprises a synchronous password technology and an asynchronous password technology, and the synchronous password technology is divided into a time synchronous password and an event synchronous password.
The synchronous password technology relies on state synchronization of both parties, and verification fails when the state difference is too large.
The time synchronization password depends on time synchronization, and during authentication, both sides calculate the export password according to the current time, so that authentication fails when the time difference between both sides is too large.
The event synchronous password depends on the internal state, and during authentication, both sides calculate the export command according to the current internal state, update the internal state at the same time, and fail in verification when the difference of the internal states of both sides is too large.
Disclosure of Invention
In order to prevent the problem of equipment security caused by password leakage, the invention provides a dynamic password authentication method based on an asynchronous password, which comprises the following steps:
generating a dynamic password authentication request, and generating a pair of public key_key_c and private key_key_c by using a key exchange algorithm after the dynamic password authentication request is received;
calculating and generating a dynamic password1 based on a public key_key_s and the private key_key_c which are generated in advance by using a key exchange algorithm;
generating url with the public key public_key_c, and accessing the url to obtain the public key public_key_c;
calculating and generating a dynamic password2 based on a private key_key_s and a public key_key_c which are generated in advance by an asynchronous password by using a key exchange algorithm;
and authenticating the dynamic password1 through the dynamic password2, and if the password2 is equal to the password1, authenticating successfully.
Alternatively, public key_key_s and private key_key_s, which are pre-generated based on the asynchronous password, are stored in different devices, respectively.
Optionally, url is provided with access rights, allowing access to the visitor granted access rights.
Optionally, the key exchange algorithm is an elliptic curve key exchange algorithm, and typical values of public_key_c, private_key_c, dynamic password1 and dynamic password2 generated by using the elliptic curve key exchange algorithm are all smaller than 50 bytes.
Optionally, the method further comprises: generating a dynamic password authentication request, generating a dynamic password1 after receiving the dynamic password authentication request, encrypting the dynamic password1 based on a public key public_key_s and a private key private_key_s which are generated in advance by an asynchronous password to obtain a dynamic password2, decrypting the dynamic password2 based on the public key public_key_s and the private key_key_s which are generated in advance by the asynchronous password to obtain a dynamic password3, authenticating the dynamic password1 and the dynamic password3, and if the password3 is equal to the password1, authenticating successfully.
In yet another aspect, the present invention provides a dynamic password authentication system based on an asynchronous password, including:
the key generation unit is used for generating a dynamic password authentication request, and generating a pair of public key_key_c and private key_key_c by using a key exchange algorithm after the dynamic password authentication request is received;
the first password generation unit is used for calculating and generating a dynamic password1 based on a public key public_key_s and the private key private_key_c which are generated in advance by using a key exchange algorithm;
a key obtaining unit, configured to generate url with the public key_key_c, and obtain the public key public_key_c by accessing the url;
the second password generating unit is used for calculating and generating a dynamic password2 by using a key exchange algorithm based on a private key_key_s and the public key public_key_c which are generated in advance by the asynchronous password;
and the authentication unit is used for authenticating the dynamic password1 through the dynamic password2, and if the password2 is equal to the password1, the authentication is successful.
Alternatively, public key_key_s and private key_key_s, which are pre-generated based on the asynchronous password, are stored in different devices, respectively.
Optionally, url is provided with access rights, allowing access to the visitor granted access rights.
Optionally, the key exchange algorithm is an elliptic curve key exchange algorithm, and typical values of public_key_c, private_key_c, dynamic password1 and dynamic password2 generated by using the elliptic curve key exchange algorithm are all smaller than 50 bytes.
Optionally, the system further comprises: the third password generating unit is used for generating a dynamic password authentication request, generating a dynamic password1 after receiving the dynamic password authentication request, encrypting the dynamic password1 based on a public key_key_s and a private key_key_s which are generated in advance by an asynchronous password to obtain a dynamic password2, decrypting the dynamic password2 based on the public key public_key_s and the private key_key_s which are generated in advance by the asynchronous password to obtain a dynamic password3, authenticating the dynamic password1 and the dynamic password3, and if the password3 is equal to the password1, authenticating successfully.
Compared with the prior art, the invention has the beneficial effects that:
the invention provides a dynamic password authentication method based on an asynchronous password, which comprises the following steps: generating a dynamic password authentication request, and generating a pair of public key_key_c and private key_key_c by using a key exchange algorithm after the dynamic password authentication request is received; calculating and generating a dynamic password1 based on a public key_key_s and the private key_key_c which are generated in advance by using a key exchange algorithm; generating url with the public key public_key_c, and accessing the url to obtain the public key public_key_c; calculating and generating a dynamic password2 based on a private key_key_s and a public key_key_c which are generated in advance by an asynchronous password by using a key exchange algorithm; and authenticating the dynamic password1 through the dynamic password2, and if the password2 is equal to the password1, authenticating successfully. The method of the invention has high safety, and when the equipment is cracked and public_key_s is leaked, the dynamic password can not be cracked.
Drawings
FIG. 1 is a flow chart of embodiment 1 of the asynchronous password based dynamic password authentication method of the present invention;
FIG. 2 is a flow chart of embodiment 2 of the asynchronous password based dynamic password authentication method of the present invention;
FIG. 3 is a flow chart of embodiment 3 of the asynchronous password based dynamic password authentication method of the present invention;
FIG. 4 is a flow chart of embodiment 4 of the asynchronous password based dynamic password authentication method of the present invention;
FIG. 5 is a schematic diagram of an embodiment 4 of the dynamic password authentication method based on an asynchronous password of the present invention;
FIG. 6 is a flow chart of embodiment 5 of the asynchronous password based dynamic password authentication method of the present invention;
FIG. 7 is a schematic diagram of an asynchronous password based dynamic password authentication system according to embodiment 6 of the present invention;
FIG. 8 is a schematic diagram of a dynamic password authentication system based on an asynchronous password according to embodiment 7 of the present invention;
fig. 9 is a schematic structural diagram of an embodiment 8 of an asynchronous password-based dynamic password authentication system of the present invention.
Detailed Description
The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the examples described herein, which are provided to fully and completely disclose the present invention and fully convey the scope of the invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, like elements/components are referred to by like reference numerals.
Unless otherwise indicated, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. In addition, it will be understood that terms defined in commonly used dictionaries should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
Example 1:
the invention provides a dynamic password authentication method 100 based on an asynchronous password, as shown in fig. 1, comprising the following steps:
step 101, generating a dynamic password authentication request, and generating a pair of public key_key_c and private key_key_c by using a key exchange algorithm after receiving the dynamic password authentication request;
step 102, calculating and generating a dynamic password1 by using a key exchange algorithm based on a public key public_key_s and the private key private_key_c which are generated in advance by an asynchronous password;
step 103, generating url with the public key_key_c, and accessing the url to obtain the public key_key_c;
step 104, calculating and generating a dynamic password2 by using a key exchange algorithm based on a private key_key_s and the public key public_key_c which are generated in advance by an asynchronous password;
step 105, authenticating the dynamic password1 through the dynamic password2, and if the password2 is equal to the password1, authenticating successfully.
The public key_key_s and the private key_key_s which are generated in advance based on the asynchronous password are respectively stored in different devices.
Wherein url is provided with access rights, allowing access to the visitor granted access rights.
The key exchange algorithm is an elliptic curve key exchange algorithm, and typical values of a public key public_key_c, a private key private_key_c, a dynamic password1 and a dynamic password2 generated by using the elliptic curve key exchange algorithm are all smaller than 50 bytes.
Example 2:
the invention provides a dynamic password authentication method 200 based on an asynchronous password, as shown in fig. 2, comprising the following steps:
step 201, generating a dynamic password authentication request, and generating a pair of public key_key_c and private key_key_c by using a key exchange algorithm after receiving the dynamic password authentication request;
step 202, calculating and generating a dynamic password1 by using a key exchange algorithm based on a public key public_key_s and the private key private_key_c which are generated in advance by an asynchronous password;
step 203, generating url with the public key_key_c, and accessing the url to obtain the public key_key_c;
step 204, calculating and generating a dynamic password2 by using a key exchange algorithm based on a private key_key_s and the public key public_key_c which are generated in advance by an asynchronous password;
step 205, authenticating the dynamic password1 through the dynamic password2, and if the password2 is equal to the password1, then the authentication is successful;
the public key_key_s and the private key_key_s which are generated in advance based on the asynchronous password are respectively stored in different devices.
Wherein url is provided with access rights, allowing access to the visitor granted access rights.
The key exchange algorithm is an elliptic curve key exchange algorithm, and typical values of a public key public_key_c, a private key private_key_c, a dynamic password1 and a dynamic password2 generated by using the elliptic curve key exchange algorithm are all smaller than 50 bytes.
If the steps 202-205 are not performed, step 206 may be performed for authentication;
step 206, generating a dynamic password authentication request, generating a dynamic password1 after receiving the dynamic password authentication request, encrypting the dynamic password1 based on a public key public_key_s and a private key private_key_s which are generated in advance by an asynchronous password to obtain a dynamic password2, decrypting the dynamic password2 based on the public key public_key_s and the private key private_key_s which are generated in advance by the asynchronous password to obtain a dynamic password3, and authenticating the dynamic password1 and the dynamic password3, wherein the authentication is successful if the password3 is equal to the password 1.
Example 3:
the invention provides a dynamic password authentication method 300 based on an asynchronous password, as shown in fig. 3, comprising the following steps:
step 301, generating a dynamic password authentication request;
step 302, after receiving a dynamic password authentication request, generating a dynamic password1;
step 303, encrypting the dynamic password1 based on a public key_key_s and a private key_key_s which are generated in advance by the asynchronous password to obtain a dynamic password2;
step 304, decrypting the dynamic password2 by using a public key_key_s and a private key private_key_s which are pre-generated based on the asynchronous password to obtain a dynamic password3;
step 305, authenticating the dynamic password1 and the dynamic password3, and if the password3 is equal to the password1, then the authentication is successful.
Example 4:
the invention provides a dynamic password authentication method 400 based on an asynchronous password, as shown in fig. 4, the implementation principle is as shown in fig. 5, and the method comprises the following steps:
step 401, performing initial setting operation, generating a pair of public key private_key_s and private_key_s, storing the public key private_key_s by the device, and storing the private key private_key_s by the server;
after the initial setting is completed, normal authentication operations can be performed, the authentication operations can be repeatedly performed, the authentication operations can be concurrent, and a plurality of authentication operations can be performed simultaneously.
Step 402, a user operating device requests authentication, the device dynamically generates a pair of new public key private keys, public_key_c and private_key_c, the device uses a key exchange algorithm to calculate and generate a one-time password1 by the public_key_s and private_key_c, the device generates url containing the public_key_c, and the url is displayed to the user;
step 403, a user accesses the url (through a device with internet access capability such as a mobile phone and a computer, only an authorized user needs to access the url, so that the access to the device can be ensured to be authorized), the server obtains public_key_c through the url, and the server uses a key exchange algorithm to calculate and generate a one-time password2 from the public_key_c and private_key_s;
step 404, the server displays the password2 to the user, the user inputs the password2 into the device, the device compares whether the password2 is identical to the password1 generated in the device, if so, the authentication is successful, otherwise, the authentication is failed.
Example 5:
the invention provides a dynamic password authentication method 500 based on an asynchronous password, as shown in fig. 6, comprising the following steps:
the key is preset on the device and the server in advance by using a preset key encryption mode, and the authentication process is as follows:
step 501, the device generates a dynamic password1, encrypts the password1 through a key to obtain a password2, and displays the password2 to a user;
step 502, decrypting the password2 by using the key to obtain a password3, and inputting the password3 into the device by the user;
step 503, the device compares whether the password3 is the same as the password1 generated in the device, if so, the authentication is successful, otherwise, the authentication fails
Example 6:
the invention provides a dynamic password authentication system 600 based on an asynchronous password, as shown in fig. 7, comprising:
a key generation unit 601, configured to generate a dynamic password authentication request, and generate a pair of public_key_c and private_key_c using a key exchange algorithm after receiving the dynamic password authentication request;
a first password generating unit 602, configured to calculate and generate, using a key exchange algorithm, a dynamic password1 based on a public_key_s and the private_key_c that are generated in advance by using an asynchronous password;
a key obtaining unit 603, configured to generate url with the public key_key_c, and obtain the public key public_key_c by accessing the url;
a second password generating unit 604, configured to calculate and generate, using a key exchange algorithm, a dynamic password2 based on a private key_key_s and the public key public_key_c that are generated in advance by using an asynchronous password;
and the authentication unit 605 is configured to authenticate the dynamic password1 through the dynamic password2, and if the password2 is equal to the password1, authentication is successful.
The public key_key_s and the private key_key_s which are generated in advance based on the asynchronous password are respectively stored in different devices.
Wherein url is provided with access rights, allowing access to the visitor granted access rights.
The key exchange algorithm is an elliptic curve key exchange algorithm, and typical values of a public key public_key_c, a private key private_key_c, a dynamic password1 and a dynamic password2 generated by using the elliptic curve key exchange algorithm are all smaller than 50 bytes.
Example 7:
the invention provides a dynamic password authentication system 700 based on an asynchronous password, as shown in fig. 8, comprising:
a key generating unit 701, configured to generate a dynamic password authentication request, and generate a pair of public_key_c and private_key_c using a key exchange algorithm after receiving the dynamic password authentication request;
a first password generating unit 702, configured to calculate and generate, using a key exchange algorithm, a dynamic password1 based on a public_key_s and the private_key_c that are generated in advance by using an asynchronous password;
a key obtaining unit 703, configured to generate url with the public key_key_c, and obtain the public key public_key_c by accessing the url;
a second password generating unit 704, configured to calculate and generate, using a key exchange algorithm, a dynamic password2 based on a private key_key_s and the public key public_key_c that are generated in advance by using an asynchronous password;
and the authentication unit 705 is configured to authenticate the dynamic password1 through the dynamic password2, and if the dynamic password2 is equal to the dynamic password1, the authentication is successful.
The public key_key_s and the private key_key_s which are generated in advance based on the asynchronous password are respectively stored in different devices.
Wherein url is provided with access rights, allowing access to the visitor granted access rights.
The key exchange algorithm is an elliptic curve key exchange algorithm, and typical values of a public key public_key_c, a private key private_key_c, a dynamic password1 and a dynamic password2 generated by using the elliptic curve key exchange algorithm are all smaller than 50 bytes.
When 701-705 do not work, a third password generating unit 706 is started;
the third password generating unit 706 is configured to generate a dynamic password authentication request, generate a dynamic password1 after receiving the dynamic password authentication request, encrypt the dynamic password1 based on a public key_key_s and a private key_key_s that are generated in advance by using an asynchronous password to obtain a dynamic password2, decrypt the dynamic password2 using the public key_key_s and the private key_key_s that are generated in advance based on the asynchronous password to obtain a dynamic password3, and authenticate the dynamic password1 and the dynamic password3, and if the password3 is equal to the password1, the authentication is successful.
Example 8:
the invention provides a dynamic password authentication system 800 based on an asynchronous password, as shown in fig. 9, comprising: the third password generating unit 806 is configured to generate a dynamic password authentication request, generate a dynamic password1 after receiving the dynamic password authentication request, encrypt the dynamic password1 based on a public key_key_s and a private key_key_s that are generated in advance by using an asynchronous password to obtain a dynamic password2, decrypt the dynamic password2 using the public key_key_s and the private key_key_s that are generated in advance based on the asynchronous password to obtain a dynamic password3, and authenticate the dynamic password1 and the dynamic password3, and if the password3 is equal to the password1, then authentication is successful.
The device applying the invention can use dynamic password authentication without accessing the Internet;
compared with the scheme of presetting the secret key, the invention has high safety, and when the equipment is cracked and public_key_s is leaked, the dynamic password cannot be cracked (because private_key cannot be obtained), so that other equipment using the public_key cannot be influenced
Compared with a dynamic password based on time, the authentication process of the invention does not depend on time, does not need accurate time of equipment, adopts elliptic curve encryption algorithm, can provide higher security at the same key length compared with rsa, and has less exchange data (the typical value is less than 50 bytes depending on the key length).
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The scheme in the embodiment of the invention can be realized by adopting various computer languages, such as object-oriented programming language Java, an transliteration script language JavaScript and the like.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (8)
1. A dynamic password authentication method based on an asynchronous password, the method comprising:
generating a dynamic password authentication request by a user;
after receiving a dynamic password authentication request, the device generates a pair of public key public_key_c and private key_key_c by using a key exchange algorithm, calculates and generates a dynamic password1 by using the key exchange algorithm based on a public key public_key_s and the private key_key_c which are generated in advance by an asynchronous password, and generates url with the public key public_key_c;
after the user side accesses the url, the server acquires the public key public_key_c through the url, and calculates and generates a dynamic password2 by using a key exchange algorithm based on a private key_key_s and the public key public_key_c which are generated in advance by an asynchronous password;
the server displays the dynamic password2 to a user side, and the user side transmits the dynamic password2 to equipment;
the device authenticates the dynamic password1 through the dynamic password2, and if the password2 is equal to the password1, the authentication is successful.
2. The method of claim 1, wherein the public key_key_s and the private key_key_s, which are pre-generated based on the asynchronous password, are stored in different devices, respectively.
3. The method of claim 1, wherein the url is provided with access rights, access being allowed to a visitor granted access rights.
4. The method of claim 1, wherein the key exchange algorithm is an elliptic curve key exchange algorithm, and typical values of public key_key_c, private key private_key_c, dynamic password1 and dynamic password2 generated using the elliptic curve key exchange algorithm are all less than 50 bytes.
5. A dynamic password authentication system based on an asynchronous password, the system comprising:
the key generation unit is used for generating a dynamic password authentication request based on the user side, and generating a pair of public key public_key_c and private key private_key_c based on the equipment by using a key exchange algorithm after the equipment receives the dynamic password authentication request;
the first password generating unit is used for calculating and generating a dynamic password1 based on a public key public_key_s and the private key private_key_c which are generated in advance by using a key exchange algorithm by the equipment;
the key acquisition unit is used for generating url with the public key public_key_c based on equipment, and acquiring the public key public_key_c through the url based on a server after a user accesses the url;
the second password generation unit is used for calculating and generating a dynamic password2 based on a private key_key_s and a public key public_key_c which are generated in advance by using a key exchange algorithm based on a server, displaying the dynamic password2 to a user terminal based on the server, and transmitting the dynamic password2 to equipment based on the user terminal;
and the authentication unit is used for authenticating the dynamic password1 through the dynamic password2 based on the equipment, and if the password2 is equal to the password1, the authentication is successful.
6. The system of claim 5, wherein the public key_key_s and the private key_key_s, which are pre-generated based on the asynchronous password, are stored in different devices, respectively.
7. The system of claim 5, wherein the url is provided with access rights, access being allowed to a visitor granted access rights.
8. The system of claim 5, wherein the key exchange algorithm is an elliptic curve key exchange algorithm, and typical values of public key_key_c, private key private_key_c, dynamic password1 and dynamic password2 generated using the elliptic curve key exchange algorithm are all less than 50 bytes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311107808.5A CN116827560B (en) | 2023-08-31 | 2023-08-31 | Dynamic password authentication method and system based on asynchronous password |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311107808.5A CN116827560B (en) | 2023-08-31 | 2023-08-31 | Dynamic password authentication method and system based on asynchronous password |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116827560A CN116827560A (en) | 2023-09-29 |
| CN116827560B true CN116827560B (en) | 2023-11-17 |
Family
ID=88117056
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311107808.5A Active CN116827560B (en) | 2023-08-31 | 2023-08-31 | Dynamic password authentication method and system based on asynchronous password |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116827560B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20020085734A (en) * | 2001-05-10 | 2002-11-16 | (주) 비씨큐어 | Recoverable Password-Based Mutual Authentication and Key Exchange Protocol |
| CN101662465A (en) * | 2009-08-26 | 2010-03-03 | 深圳市腾讯计算机系统有限公司 | Method and device for verifying dynamic password |
| CN104967993A (en) * | 2015-04-29 | 2015-10-07 | 深圳市中兴物联科技有限公司 | Authorization key dynamic generation method based on CDMA, authorization key dynamic generation system based on CDMA and authorization key dynamic generation device based on CDMA |
| CN111327629A (en) * | 2020-03-04 | 2020-06-23 | 广州柏视医疗科技有限公司 | Identity verification method, client and server |
| CN111371555A (en) * | 2020-04-13 | 2020-07-03 | 猫岐智能科技(上海)有限公司 | Signature authentication method and system |
-
2023
- 2023-08-31 CN CN202311107808.5A patent/CN116827560B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20020085734A (en) * | 2001-05-10 | 2002-11-16 | (주) 비씨큐어 | Recoverable Password-Based Mutual Authentication and Key Exchange Protocol |
| CN101662465A (en) * | 2009-08-26 | 2010-03-03 | 深圳市腾讯计算机系统有限公司 | Method and device for verifying dynamic password |
| CN104967993A (en) * | 2015-04-29 | 2015-10-07 | 深圳市中兴物联科技有限公司 | Authorization key dynamic generation method based on CDMA, authorization key dynamic generation system based on CDMA and authorization key dynamic generation device based on CDMA |
| CN111327629A (en) * | 2020-03-04 | 2020-06-23 | 广州柏视医疗科技有限公司 | Identity verification method, client and server |
| CN111371555A (en) * | 2020-04-13 | 2020-07-03 | 猫岐智能科技(上海)有限公司 | Signature authentication method and system |
Non-Patent Citations (2)
| Title |
|---|
| 基于椭圆曲线的隐私增强认证密钥协商协议;曹天杰 等;电子学报;36(2);全文 * |
| 曹天杰 等.基于椭圆曲线的隐私增强认证密钥协商协议.电子学报.2008,36(2),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116827560A (en) | 2023-09-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110519260B (en) | Information processing method and information processing device | |
| US9673975B1 (en) | Cryptographic key splitting for offline and online data protection | |
| CN110378139B (en) | Data key protection method, system, electronic equipment and storage medium | |
| US10601801B2 (en) | Identity authentication method and apparatus | |
| CN108377190B (en) | Authentication equipment and working method thereof | |
| US8930700B2 (en) | Remote device secure data file storage system and method | |
| US20200302043A1 (en) | Authentication system | |
| CN102651743B (en) | Method for generating token seeds | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| CN105391734A (en) | Secure login system, secure login method, login server and authentication server | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN110677382A (en) | Data security processing method, device, computer system and storage medium | |
| CN108173648B (en) | Digital security processing method, device and storage medium based on private key escrow | |
| CN113326518A (en) | Data processing method and device | |
| Crocker et al. | Two factor encryption in cloud storage providers using hardware tokens | |
| CN114189862A (en) | Wireless terminal and interface access authentication method of wireless terminal in Uboot mode | |
| CN107483187A (en) | A kind of data guard method and device based on credible password module | |
| CN116827560B (en) | Dynamic password authentication method and system based on asynchronous password | |
| CN116244750A (en) | Secret-related information maintenance method, device, equipment and storage medium | |
| CN111338841A (en) | Data processing method, device, equipment and storage medium | |
| CN107070648B (en) | Key protection method and PKI system | |
| CN115766192A (en) | UKEY-based offline security authentication method, device, equipment and medium | |
| CN115801232A (en) | Private key protection method, device, equipment and storage medium | |
| CN111404680B (en) | Password management method and device | |
| CN114329390A (en) | Financial institution database access password protection method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |