CN101420298A - Method and system for negotiating cipher - Google Patents
Method and system for negotiating cipher Download PDFInfo
- Publication number
- CN101420298A CN101420298A CNA2008102220763A CN200810222076A CN101420298A CN 101420298 A CN101420298 A CN 101420298A CN A2008102220763 A CNA2008102220763 A CN A2008102220763A CN 200810222076 A CN200810222076 A CN 200810222076A CN 101420298 A CN101420298 A CN 101420298A
- Authority
- CN
- China
- Prior art keywords
- dynamic password
- service end
- dynamic
- module
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The present invention discloses a method and a system of key arrangement, pertaining to the field of information safety. The method comprises the steps that a client receives identification information and a first dynamic password of a dynamic password generation device from a user and sends them to a server for requiring check, and the server inquiries dynamic factors by using the received identification information as an index and generates a second dynamic password according to the dynamic factors; the server checks whether the second dynamic password is the same as the first dynamic password or not, if true, the server and the dynamic password generation device stores dynamic factors of themselves respectively, and the server and the client generate session keys according to the same method; if not, the check number is judged to determine whether it exceeds a predetermined check number threshold value, if true, errors are pointed out, if not, the dynamic factors are modified to generate a second dynamic password for checking until that the check is successful to generate a session key or the check number exceeds the predetermined check number threshold value. The system comprises a client, a server and a dynamic password generation device. According to the present invention, security of key arrangement process of two communication parties is improved.
Description
Technical field
The present invention relates to information security field, particularly a kind of method and system of arranging key.
Background technology
Along with Internet development, various tradition are used and have been moved on the network, because the inadequate natural endowment of the Internet, give some lawless person's opportunities, they utilize virus, wooden horse or other rogue programs arbitrarily to invade others' computer, perhaps arbitrarily intercept and capture the information that others is transmitting, caused great loss to the user.
At present, mainly contain at these ways to solve the problem: communicating pair is at first consulted a key, transmit leg is encrypted the data that will transmit, after receiving, the recipient is decrypted with the key of consulting before again, but often the process of communicating pair arranging key is unsafe, the assailant adopts network monitoring, peeps, methods such as wooden horse is stolen, conjecture, exhaustive attack just can crack others' password, thereby know the secret content of transmission.
In the prior art, the method for arranging key has a variety of, but in most of scheme, key all is to transmit in network with form expressly, makes that key is easy to be obtained by other people, thereby its fail safe extreme difference.And adopt public and private key method of encrypting to come arranging key can cause the process of arranging key to become very slow.
Summary of the invention
In order to improve the fail safe of key agreement, the invention provides a kind of method and system of arranging key.
A kind of method of arranging key is characterized in that, described method comprises:
Client sends to the service end requests verification with the identification information and first dynamic password of the dynamic password generating apparatus of user's input, and described first dynamic password is that described dynamic password generating apparatus generates according to current dynamic factor;
After described service end is received described first dynamic password and identification information, with described identification information is index, inquiry and the corresponding dynamic factor of described dynamic password generating apparatus, the described dynamic factor that finds as current dynamic factor, is generated second dynamic password according to described current dynamic factor;
Described service end verifies whether described second dynamic password is identical with first dynamic password of receiving;
If it is identical, then described service end and dynamic password generating apparatus generate interim dynamic password according to identical preset rules respectively and preserve separately current dynamic factor respectively, described client receives the interim dynamic password by the described dynamic password generating apparatus generation of described user's input, and described client generates session key according to identical presetting method with service end respectively according to the interim dynamic password that obtains separately;
If it is different, then described service end judges whether the checking number of times surpasses default checking number of times threshold value, if surpass, then point out error message, otherwise, revise the current dynamic factor of described service end and regenerate second dynamic password and continue checking, till being proved to be successful the generation session key or surpassing described checking number of times threshold value according to amended dynamic factor.
Described preset rules is to generate one or more interim dynamic passwords in default step-length or after the time interval.
Described presetting method in the interim dynamic password that will obtain any as session key, in the interim dynamic password that perhaps will obtain any changes, as session key, any a plurality of combinations back in the interim dynamic password that perhaps will obtain is as session key with the value after changing.
Described client and service end generate after the session key according to identical presetting method respectively according to the interim dynamic password that obtains separately, also comprise:
Described client is treated the file that is transferred to described service end with described session key and is encrypted, and obtains first packet, and described first packet is sent to described service end;
Described service end receives described first packet, with described session key described first packet is decrypted, and obtains described file.
Described client and service end generate after the session key according to identical presetting method respectively according to the interim dynamic password that obtains separately, also comprise:
Described client sends the application of the password that obtains encrypt file and correspondence to described service end;
After described service end is received described application, described password is encrypted, obtained second packet, and described second packet and encrypt file are sent to described client with described session key;
After described client receives described second packet and encrypt file, described second packet is decrypted, obtains described password, and described encrypt file is decrypted with described password with described session key.
Described dynamic factor is to share key, authentication number of times or time.
A kind of system of arranging key, described system comprise client, service end and dynamic password generating apparatus;
Described client comprises:
Receiver module, be used to receive first dynamic password of user's input and the identification information of dynamic password generating apparatus, described first dynamic password is that described dynamic password generating apparatus generates according to current dynamic factor, also be used to receive the authorization information that described service end is returned, and receive the interim dynamic password that the dynamic password generating apparatus of user's input obtains;
Sending module is used for described first dynamic password that the receiver module of described client is received and the identification information of described dynamic password generating apparatus and sends to described service end requests verification;
Key production module after being used for receiver module in described client and receiving the interim dynamic password that described dynamic password generating apparatus obtains, generates session key according to this interim dynamic password according to presetting method;
Described service end comprises:
Receiver module is used to receive first dynamic password of described client transmission and the identification information of described dynamic password generating apparatus;
Generation module, the identification information that is used for the described dynamic password generating apparatus received with the receiver module of described service end is an index, search the dynamic factor corresponding with this dynamic password generating apparatus, the described dynamic factor that finds out as current dynamic factor, is generated second dynamic password according to described current dynamic factor;
Authentication module, be used to verify whether first dynamic password that described service end receives is identical with second dynamic password that described service end generates, if it is identical, then send the notice that generates session key, and the information that transmission is proved to be successful is to described client, if it is different, judge whether the checking number of times surpasses default checking number of times threshold value, if surpass, then point out error message, otherwise, revise the current dynamic factor of described service end, and trigger described generation module and regenerate second dynamic password according to described amended dynamic factor;
Key production module is used for generating interim dynamic password according to preset rules after the notice that the authentication module of receiving described service end is sent, and generates session key according to this interim dynamic password according to the described presetting method identical with described client;
Memory module is used to store the current dynamic factor of described service end;
Described dynamic password generating apparatus comprises:
Generation module is used for generating first dynamic password according to current dynamic factor, and generates interim dynamic password according to the described preset rules identical with described service end;
Display module, first dynamic password and the interim dynamic password that are used for the generation module of described dynamic password generating apparatus is generated are presented at screen, check for described user;
Memory module is used to store the current dynamic factor of described dynamic password generating apparatus.
Described client also comprises:
Encrypting module is used for the session key that the key production module according to described client obtains, and treats the file that is transferred to described service end and encrypts, and obtains first packet;
The sending module of described client also is used to send first packet that described encrypting module obtains to described service end;
The receiver module of described service end also is used to receive described first packet that the sending module of described client sends;
Described service end also comprises:
Deciphering module is used for being decrypted with described first packet that described session key is received the receiver module of described service end, obtains described file.
The sending module of described client also is used to send the application of the password that obtains encrypt file and correspondence to described service end;
The receiver module of described service end also is used to receive the described application that the sending module of described client sends;
Described service end also comprises:
Encrypting module is used for after the receiver module of described service end is received described application, according to the session key that the key production module of described service end obtains, described password is encrypted, and obtains second packet;
Sending module is used to send second packet that the encrypting module of described service end obtains and described encrypt file to described client;
The receiver module of described client also is used to receive described second packet and the encrypt file that the sending module of described service end sends;
Described client also comprises:
Deciphering module is used for being decrypted with described second packet that described session key is received the receiver module of described client, obtains described password, and with described password described encrypt file is decrypted.
The generation module of described dynamic password generating apparatus specifically comprises:
Receiving element is used to receive the interim dynamic password generation order that the dynamic password generation is ordered and the user sends that the user sends;
Generation unit, be used for after described receiving element receives that described dynamic password generates order, generate first dynamic password according to dynamic factor, after described receiving element receives that described interim dynamic password generates order, generate interim dynamic password according to the described preset rules identical with described service end.
Described receiving element is specially button, finger scan unit, audio-switch, body temperature sensing unit, pressure sensitive unit or optoelectronic induction unit.
Beneficial effect of the present invention: the invention provides a kind of simple, efficient, guarantee the method for the arranging key of safety, thereby improved the efficient of arranging key, guaranteed the fail safe of arranging key.
Description of drawings
Fig. 1 is the method flow diagram of a kind of arranging key of providing of the embodiment of the invention 1;
Fig. 2 is the method flow diagram of the another kind of arranging key that provides of the embodiment of the invention 2;
Fig. 3 is the system construction drawing of a kind of arranging key of providing of the embodiment of the invention 3.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
Embodiment 1
Referring to Fig. 1, the embodiment of the invention provides a kind of method of arranging key, is applied to the scene of client to service end transmission encrypt file, specifically comprises:
Step 101: the user sends dynamic password to the dynamic password generating apparatus and generates order.
Concrete, the user can send dynamic password by modes such as button, finger scan, audio-switch, body temperature induction, pressure sensitive and optoelectronic inductions and generate order.
Step 102: the dynamic password generating apparatus generates first dynamic password according to current dynamic factor, and first dynamic password is presented on the screen after receiving the dynamic password generation order of user's transmission, checks for the user.
Wherein, current dynamic factor is that the dynamic password generating apparatus sets in advance when initialization, can be to share key, authentication number of times or time.
Step 103: the user is input to client with the identification information of dynamic password generating apparatus and first dynamic password of dynamic password apparatus demonstration.
Step 104: client sends it to the service end requests verification after receiving the identification information and first dynamic password of the dynamic password generating apparatus that the user imports.
Step 105: service end receives the identification information of first dynamic password and dynamic password generating apparatus, and with the identification information of dynamic password generating apparatus as the index condition, the inquiry dynamic factor corresponding with this dynamic password generating apparatus in service end is with the dynamic factor that the finds current dynamic factor as service end.
Wherein, service end stores the dynamic factor that the dynamic password generating apparatus sets in advance and the identification information of dynamic password generating apparatus in advance, and the mode of storage has multiple, for example is stored in the database.
Step 106: service end generates second dynamic password according to current dynamic factor.
Step 107: whether first dynamic password that the service end checking receives is identical with second dynamic password of generation, if different, execution in step 108, if identical, execution in step 111.
Step 108: service end judges whether the checking number of times surpasses default checking number of times threshold value, if surpass checking number of times threshold value, execution in step 109; Otherwise, execution in step 110.
Step 109: service end finishes to the Client-Prompt error message.
Step 110: service end is revised the current dynamic factor of self, with amended dynamic factor as the present dynamic factor, execution in step 106 then, promptly regenerate second dynamic password according to amended dynamic factor, continue checking, till being proved to be successful or surpassing checking number of times threshold value.
Step 111: service end sends the information that is proved to be successful to client, generates an interim dynamic password according to preset rules, and preserves the current dynamic factor of self, then according to the interim dynamic password that generates, generates session key according to presetting method.
Step 112: client receives that service end sends be proved to be successful information after, notify the user to trigger the dynamic password generating apparatus and generate interim dynamic password, the dynamic password generating apparatus is after the interim dynamic password that receives the user generates order, generate an interim dynamic password according to the preset rules identical with service end, and be shown to the user, preserve the current dynamic factor of self again, the user is input to the interim dynamic password that the dynamic password generating apparatus generates in the client then, client generates session key according to this interim dynamic password that receives according to the presetting method identical with service end.
In the present embodiment, preset rules is to generate interim dynamic password in default step-length or after the time interval, and the interim dynamic password of generation can be one, also can be for a plurality of.Wherein, Yu She step-length can also be 0 for a step-length or a plurality of step-length of dynamic password generating apparatus; The default time interval can also be 0 for a time interval or a plurality of time interval of dynamic password generating apparatus.Dynamic password generating apparatus and service end are all according to this preset rules generation interim dynamic password separately.
Above-mentioned presetting method can in the interim dynamic password that will obtain any as session key, in the interim dynamic password that perhaps will obtain any changes, as session key, any a plurality of combinations back in the interim dynamic password that perhaps will obtain is as session key with the value after changing.In the present embodiment, presetting method is specially 32 MD5 values calculating above-mentioned interim dynamic password, and should be worth as session key, and service end and client are all according to each self-generating session key of this presetting method.
Step 113: client is treated the file that is transferred to service end with the session key that obtains in the step 112 and is encrypted, and obtains first packet.
Concrete, client can adopt symmetry algorithm with session key file waiting for transmission to be encrypted, as Des or IDEA.
Step 114: service end receives first packet, with above-mentioned session key first packet is decrypted, and obtains above-mentioned file, further can also preserve this document.
Concrete, service end can adopt with step 113 in identical symmetry algorithm with session key first packet is decrypted, as Des or IDEA.
Embodiment 2
Referring to Fig. 2, the embodiment of the invention also provides a kind of method of arranging key, is applied to client and obtains the scene of encrypt file from service end, specifically comprises:
Step 201: the user sends dynamic password to the dynamic password generating apparatus and generates order.
Concrete, the user can send dynamic password by modes such as button, finger scan, audio-switch, body temperature induction, pressure sensitive and optoelectronic inductions and generate order.
Step 202: the dynamic password generating apparatus generates first dynamic password according to current dynamic factor, and first dynamic password is presented on the screen after receiving the dynamic password generation order of user's transmission, checks for the user.
Wherein, current dynamic factor is that the dynamic password generating apparatus sets in advance when initialization, can be to share key, authentication number of times or time.
Step 203: the user is input to client with the identification information of dynamic password generating apparatus and first dynamic password of dynamic password apparatus demonstration.
Step 204: client sends it to the service end requests verification after receiving the identification information and first dynamic password of dynamic password generating apparatus of user input.
Step 205: service end receives the identification information and first dynamic password of dynamic password generating apparatus, and with the identification information of dynamic password generating apparatus as the index condition, the inquiry dynamic factor corresponding in service end with this dynamic password generating apparatus, with the dynamic factor that finds as the present dynamic factor.
Wherein, service end stores the dynamic factor that the dynamic password generating apparatus sets in advance and the identification information of dynamic password generating apparatus in advance, for example is stored in the database.
Step 206: service end generates second dynamic password according to current dynamic factor.
Step 207: whether first dynamic password that the service end checking receives is identical with second dynamic password of generation, if different, execution in step 208, if identical, execution in step 211.
Step 208: service end judges whether the checking number of times surpasses default checking number of times threshold value, if surpass checking number of times threshold value, then execution in step 209; Otherwise, execution in step 210.
Step 209: service end finishes to the Client-Prompt error message.
Step 210: service end is revised the current dynamic factor of self, amended dynamic factor as current dynamic factor, is carried out 206 then, and promptly service end regenerates second dynamic password according to amended dynamic factor, continue checking, verify the number of times threshold value up to being proved to be successful or surpassing.
Step 211: service end sends to client and is proved to be successful information, and generates interim dynamic password according to preset rules, and preserves the current dynamic factor of self, then according to the interim dynamic password that generates, generates session key according to presetting method.
Step 212: client receives that service end sends be proved to be successful information after, notify the user to trigger the dynamic password generating apparatus and generate interim dynamic password, the dynamic password generating apparatus is after the interim dynamic password that receives user's transmission generates order, generate interim dynamic password according to the preset rules identical with service end, and be shown to the user, preserve the current dynamic factor of self again, the user is input to the interim dynamic password that the dynamic password generating apparatus generates in the client then, client generates session key according to this interim dynamic password that receives according to the presetting method identical with service end.
In the present embodiment, preset rules is to generate one or more interim dynamic passwords in default step-length or after the time interval, and wherein, default step-length can also be 0 for a step-length or a plurality of step-length of dynamic password generating apparatus; The default time interval can also be 0 for a time interval or a plurality of time interval of dynamic password generating apparatus.Dynamic password generating apparatus and service end are all according to this preset rules generation interim dynamic password separately.
Above-mentioned presetting method in the interim dynamic password that will obtain any as session key, in the interim dynamic password that perhaps will obtain any changes, as session key, any a plurality of combinations back in the interim dynamic password that perhaps will obtain is as session key with the value after changing.Service end and client are all according to each self-generating session key of this presetting method.Be specially in the present embodiment any a plurality of interim dynamic passwords are made up the back as session key, for example, a plurality of interim dynamic passwords by being linked in sequence of generating, are perhaps connected to form key according to named order.
Step 213: client sends the application of the password that obtains encrypt file and correspondence to service end.
Wherein, encrypt file is that service end is encrypted with password certain file in advance and obtained.
Step 214: after service end is received the application of the password that obtains encrypt file and correspondence that client sends, with the session key that generates in the step 211 password of encrypt file correspondence is encrypted, obtain second packet, again second packet and encrypt file are sent to client.
Concrete, service end can adopt symmetry algorithm with session key the password of encrypt file to be encrypted, as Des or IDEA.
Step 215: client receives second packet and the encrypt file that service end is sent, and with above-mentioned session key second packet is decrypted, and obtains the above-mentioned password corresponding with encrypt file, and with this password encrypt file is decrypted, thereby obtain file.
Concrete, client can be used in symmetry algorithm identical in the step 214 and with session key second packet is decrypted, as Des or IDEA.
Embodiment 3
Referring to Fig. 3, the embodiment of the invention also provides a kind of system of arranging key, comprising: client 300, service end 400 and dynamic password generating apparatus 500;
Client 300 comprises:
Receiver module 301, be used to receive first dynamic password of user's input and the identification information of dynamic password generating apparatus, first dynamic password is that dynamic password generating apparatus 500 generates according to current dynamic factor, also be used to receive the authorization information that service end is returned, and receive the interim dynamic password that the dynamic password generating apparatus 500 of user's input obtains;
Wherein, current dynamic factor is that dynamic password generating apparatus 500 sets in advance when initialization, can be to share key, authentication number of times or time.
Sending module 302 is used for first dynamic password that receiver module 301 is received and the identification information of dynamic password generating apparatus and sends to service end 400 requests verification;
Key production module 303 is used for generating session key according to this interim dynamic password according to presetting method after receiver module 301 receives the interim dynamic password that dynamic password generating apparatus 500 obtains;
Service end 400 comprises:
Receiver module 401 is used to receive first dynamic password of client 300 transmissions and the identification information of dynamic password generating apparatus 500;
Generation module 402, the identification information that is used for the dynamic password generating apparatus 500 received with the receiver module 401 of service end 400 is an index, search the dynamic factor corresponding with this dynamic password generating apparatus, the dynamic factor that finds out as current dynamic factor, is generated second dynamic password according to this current dynamic factor;
Wherein, service end 400 stores the dynamic factor that dynamic password generating apparatus 500 sets in advance and the identification information of dynamic password generating apparatus 500 in advance, for example is stored in the database.
Authentication module 403, whether be used for first dynamic password that the receiver module 401 of service for checking credentials end 400 receives identical with second dynamic password that generation module 402 generates, if it is identical, then send the notice that generates session key, and the information that transmission is proved to be successful is to client 300, if it is different, judge whether the checking number of times surpasses default checking number of times threshold value, if surpass, then point out error message, otherwise, the current dynamic factor of modification service end 400, and triggering generation module 402 regenerates second dynamic password according to amended dynamic factor;
Key production module 404 is used for generating interim dynamic password according to preset rules after the notice of receiving authentication module 403, generates session key according to this interim dynamic password according to the described presetting method identical with client 300;
Memory module 405 is used for the current dynamic factor of stores service end 400;
Dynamic password generating apparatus 500 comprises:
Generation module 501 is used for generating first dynamic password according to current dynamic factor, and generates interim dynamic password according to the described preset rules identical with service end 400;
Display module 502 is used for first dynamic password and interim dynamic password that the generation module 501 with dynamic password generating apparatus 500 generates and is presented at screen, checks for the user;
Memory module 503 is used to store the current dynamic factor of dynamic password generating apparatus 500.
In the present embodiment, further, client 300 also comprises:
Encrypting module 304 is used for the session key that the key production module 303 according to client 300 obtains, and treats the file that is transferred to service end 400 and encrypts, and obtains first packet;
Concrete, encrypting module 304 can adopt symmetry algorithm to treat transfer files with session key and encrypt, as Des or IDEA.
The sending module 302 of client 300 also is used to send first packet that encrypting module 304 obtains to service end 400;
The receiver module 401 of service end 400 also is used to receive first packet that the sending module 302 of client 300 sends;
Service end 400 also comprises:
Deciphering module 405 is used for being decrypted with first packet that session key is received the receiver module 401 of service end 400, obtains file.
Concrete, service end 400 adopts the symmetry algorithm identical with client 300 with session key first packet to be decrypted, as Des or IDEA.
In the present embodiment, further, the sending module 302 of client 300 also is used to send the application of the password that obtains encrypt file and correspondence to service end 400;
Wherein, encrypt file is that service end 400 obtains with password encryption certain file in advance.
The receiver module 401 of service end 400 also is used to receive the application that the sending module 302 of client 300 sends;
Service end 400 also comprises:
Encrypting module 406 is used for after the receiver module 401 of service end 400 is received application, according to the session key that the key production module 404 of service end 400 obtains, password is encrypted, and obtains second packet;
Concrete, encrypting module 409 can adopt symmetry algorithm with session key the password of encrypt file to be encrypted, as Des or IDEA.
Sending module 407 is used to send second packet that the encrypting module 406 of service end 400 obtains and encrypt file to client 300;
The receiver module 301 of client 300 also is used to receive second packet and the encrypt file that the sending module 407 of service end 400 sends;
Client 300 also comprises:
Deciphering module 305 is used for being decrypted with second packet that above-mentioned session key is received the receiver module 301 of client 300, obtains password, and with password encrypt file is decrypted.
Concrete, client 300 adopts the symmetry algorithm identical with service end 400 with session key second packet to be decrypted, as Des or IDEA.
In the present embodiment, the generation module 501 of dynamic password generating apparatus 500 specifically comprises:
Receiving element is used to receive the interim dynamic password generation order that the dynamic password generation is ordered and the user sends that the user sends;
Generation unit, be used for after receiving element receives that dynamic password generates order, generate first dynamic password according to dynamic factor, after receiving element receives that interim dynamic password generates order, generate interim dynamic password according to the described preset rules identical with service end 400.
Wherein, receiving element can be specially button, finger scan unit, audio-switch, body temperature sensing unit, pressure sensitive unit or optoelectronic induction unit.
The beneficial effect of the embodiment of the invention is: the embodiment of the invention provide a kind of simple, efficient, guarantee the method for the arranging key of safety, thereby improved the efficient of arranging key, guaranteed the fail safe of arranging key.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (11)
1. the method for an arranging key is characterized in that, described method comprises:
Client sends to the service end requests verification with the identification information and first dynamic password of the dynamic password generating apparatus of user's input, and described first dynamic password is that described dynamic password generating apparatus generates according to current dynamic factor;
After described service end is received described first dynamic password and identification information, with described identification information is index, inquiry and the corresponding dynamic factor of described dynamic password generating apparatus, the described dynamic factor that finds as current dynamic factor, is generated second dynamic password according to described current dynamic factor;
Described service end verifies whether described second dynamic password is identical with first dynamic password of receiving;
If it is identical, then described service end and described dynamic password generating apparatus generate interim dynamic password according to identical preset rules respectively and preserve separately current dynamic factor respectively, described client receives the interim dynamic password by the described dynamic password generating apparatus generation of described user's input, and described client generates session key according to identical presetting method with service end respectively according to the interim dynamic password that obtains separately;
If it is different, then described service end judges whether the checking number of times surpasses default checking number of times threshold value, if surpass, then point out error message, otherwise, revise the current dynamic factor of described service end and regenerate second dynamic password and continue checking, till being proved to be successful the generation session key or surpassing described checking number of times threshold value according to amended dynamic factor.
2. the method for arranging key according to claim 1 is characterized in that, described preset rules is to generate one or more interim dynamic passwords in default step-length or after the time interval.
3. the method for arranging key according to claim 1, it is characterized in that, described presetting method in the interim dynamic password that will obtain any as session key, in the interim dynamic password that perhaps will obtain any changes, as session key, any a plurality of combinations back in the interim dynamic password that perhaps will obtain is as session key with the value after changing.
4. the method for arranging key according to claim 1 is characterized in that, described client and service end generate after the session key according to identical presetting method respectively according to the interim dynamic password that obtains separately, also comprise:
Described client is treated the file that is transferred to described service end with described session key and is encrypted, and obtains first packet, and described first packet is sent to described service end;
Described service end receives described first packet, with described session key described first packet is decrypted, and obtains described file.
5. the method for arranging key according to claim 1 is characterized in that, described client and service end generate after the session key according to identical presetting method respectively according to the interim dynamic password that obtains separately, also comprise:
Described client sends the application of the password that obtains encrypt file and correspondence to described service end;
After described service end is received described application, described password is encrypted, obtained second packet, and described second packet and encrypt file are sent to described client with described session key;
After described client receives described second packet and encrypt file, described second packet is decrypted, obtains described password, and described encrypt file is decrypted with described password with described session key.
6. the method for arranging key according to claim 1 is characterized in that, described dynamic factor is to share key, authentication number of times or time.
7. the system of an arranging key is characterized in that, described system comprises client, service end and dynamic password generating apparatus;
Described client comprises:
Receiver module, be used to receive first dynamic password of user's input and the identification information of dynamic password generating apparatus, described first dynamic password is that described dynamic password generating apparatus generates according to current dynamic factor, also be used to receive the authorization information that described service end is returned, and receive the interim dynamic password that the dynamic password generating apparatus of user's input obtains;
Sending module is used for described first dynamic password that the receiver module of described client is received and the identification information of described dynamic password generating apparatus and sends to described service end requests verification;
Key production module after being used for receiver module in described client and receiving the interim dynamic password that described dynamic password generating apparatus obtains, generates session key according to this interim dynamic password according to presetting method;
Described service end comprises:
Receiver module is used to receive first dynamic password of described client transmission and the identification information of described dynamic password generating apparatus;
Generation module, the identification information that is used for the described dynamic password generating apparatus received with the receiver module of described service end is an index, search the dynamic factor corresponding with this dynamic password generating apparatus, the described dynamic factor that finds out as current dynamic factor, is generated second dynamic password according to described current dynamic factor;
Authentication module, be used to verify whether first dynamic password that described service end receives is identical with second dynamic password that described service end generates, if it is identical, then send the notice that generates session key, and the information that transmission is proved to be successful is to described client, if it is different, judge whether the checking number of times surpasses default checking number of times threshold value, if surpass, then point out error message, otherwise, revise the current dynamic factor of described service end, and trigger described generation module and regenerate second dynamic password according to described amended dynamic factor;
Key production module is used for generating interim dynamic password according to preset rules after the notice that the authentication module of receiving described service end is sent, and generates session key according to this interim dynamic password according to the described presetting method identical with described client;
Memory module is used to store the current dynamic factor of described service end;
Described dynamic password generating apparatus comprises:
Generation module is used for generating first dynamic password according to current dynamic factor, and generates interim dynamic password according to the described preset rules identical with described service end;
Display module, first dynamic password and the interim dynamic password that are used for the generation module of described dynamic password generating apparatus is generated are presented at screen, check for described user;
Memory module is used to store the current dynamic factor of described dynamic password generating apparatus.
8. the system of arranging key according to claim 7 is characterized in that, described client also comprises:
Encrypting module is used for the session key that the key production module according to described client obtains, and treats the file that is transferred to described service end and encrypts, and obtains first packet;
The sending module of described client also is used to send first packet that described encrypting module obtains to described service end;
The receiver module of described service end also is used to receive described first packet that the sending module of described client sends;
Described service end also comprises:
Deciphering module is used for being decrypted with described first packet that described session key is received the receiver module of described service end, obtains described file.
9. the system of arranging key according to claim 7 is characterized in that,
The sending module of described client also is used to send the application of the password that obtains encrypt file and correspondence to described service end;
The receiver module of described service end also is used to receive the described application that the sending module of described client sends;
Described service end also comprises:
Encrypting module is used for after the receiver module of described service end is received described application, according to the session key that the key production module of described service end obtains, described password is encrypted, and obtains second packet;
Sending module is used to send second packet that the encrypting module of described service end obtains and described encrypt file to described client;
The receiver module of described client also is used to receive described second packet and the encrypt file that the sending module of described service end sends;
Described client also comprises:
Deciphering module is used for being decrypted with described second packet that described session key is received the receiver module of described client, obtains described password, and with described password described encrypt file is decrypted.
10. the system of arranging key according to claim 7 is characterized in that, the generation module of described dynamic password generating apparatus specifically comprises:
Receiving element is used to receive the interim dynamic password generation order that the dynamic password generation is ordered and the user sends that the user sends;
Generation unit, be used for after described receiving element receives that described dynamic password generates order, generate first dynamic password according to dynamic factor, after described receiving element receives that described interim dynamic password generates order, generate interim dynamic password according to the described preset rules identical with described service end.
11. the system of arranging key according to claim 10 is characterized in that, described receiving element is specially button, finger scan unit, audio-switch, body temperature sensing unit, pressure sensitive unit or optoelectronic induction unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102220763A CN101420298B (en) | 2008-09-08 | 2008-09-08 | Method and system for negotiating cipher |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102220763A CN101420298B (en) | 2008-09-08 | 2008-09-08 | Method and system for negotiating cipher |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101420298A true CN101420298A (en) | 2009-04-29 |
| CN101420298B CN101420298B (en) | 2011-05-18 |
Family
ID=40630924
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008102220763A Active CN101420298B (en) | 2008-09-08 | 2008-09-08 | Method and system for negotiating cipher |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101420298B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101777158B (en) * | 2010-01-13 | 2012-05-23 | 飞天诚信科技股份有限公司 | Method and system for secure transaction |
| CN103580861A (en) * | 2012-07-24 | 2014-02-12 | 阿里巴巴集团控股有限公司 | Dynamic security authentication method and system |
| CN105323251A (en) * | 2015-11-13 | 2016-02-10 | 飞天诚信科技股份有限公司 | Method for realizing voice broadcast authentication and cloud authentication server |
| CN106209756A (en) * | 2015-06-01 | 2016-12-07 | 华为技术有限公司 | Password update method, subscriber equipment, subscriber location servers and territory router |
| CN106911479A (en) * | 2017-03-22 | 2017-06-30 | 北京华大信安科技有限公司 | A kind of security certification system, method and terminal device |
| CN108923913A (en) * | 2018-06-14 | 2018-11-30 | 温州极客物联网开发实验室有限公司 | A kind of algorithm of calling type dynamic key |
| WO2019006848A1 (en) * | 2017-07-07 | 2019-01-10 | 克洛斯比尔有限公司 | Password generation method and apparatus, and password check method and apparatus |
| CN112751821A (en) * | 2020-07-29 | 2021-05-04 | 上海安辰网络科技有限公司 | Data transmission method, electronic equipment and storage medium |
| CN114760253A (en) * | 2022-03-31 | 2022-07-15 | 慧之安信息技术股份有限公司 | Rapid data transmission method and system for Internet of things |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1731723A (en) * | 2005-08-19 | 2006-02-08 | 上海林果科技有限公司 | Electron/handset token dynamic password identification system |
-
2008
- 2008-09-08 CN CN2008102220763A patent/CN101420298B/en active Active
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101777158B (en) * | 2010-01-13 | 2012-05-23 | 飞天诚信科技股份有限公司 | Method and system for secure transaction |
| CN103580861A (en) * | 2012-07-24 | 2014-02-12 | 阿里巴巴集团控股有限公司 | Dynamic security authentication method and system |
| CN103580861B (en) * | 2012-07-24 | 2017-03-01 | 阿里巴巴集团控股有限公司 | A kind of dynamic security certification method and system |
| CN106209756B (en) * | 2015-06-01 | 2019-08-13 | 华为技术有限公司 | Password update method, user equipment, subscriber location servers and domain router |
| CN106209756A (en) * | 2015-06-01 | 2016-12-07 | 华为技术有限公司 | Password update method, subscriber equipment, subscriber location servers and territory router |
| CN105323251A (en) * | 2015-11-13 | 2016-02-10 | 飞天诚信科技股份有限公司 | Method for realizing voice broadcast authentication and cloud authentication server |
| CN106911479A (en) * | 2017-03-22 | 2017-06-30 | 北京华大信安科技有限公司 | A kind of security certification system, method and terminal device |
| WO2019006848A1 (en) * | 2017-07-07 | 2019-01-10 | 克洛斯比尔有限公司 | Password generation method and apparatus, and password check method and apparatus |
| CN108923913A (en) * | 2018-06-14 | 2018-11-30 | 温州极客物联网开发实验室有限公司 | A kind of algorithm of calling type dynamic key |
| CN108923913B (en) * | 2018-06-14 | 2021-09-14 | 温州极客物联网开发实验室有限公司 | Calling type dynamic key algorithm |
| CN112751821A (en) * | 2020-07-29 | 2021-05-04 | 上海安辰网络科技有限公司 | Data transmission method, electronic equipment and storage medium |
| CN112751821B (en) * | 2020-07-29 | 2022-12-13 | 上海安辰网络科技有限公司 | Data transmission method, electronic equipment and storage medium |
| CN114760253A (en) * | 2022-03-31 | 2022-07-15 | 慧之安信息技术股份有限公司 | Rapid data transmission method and system for Internet of things |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101420298B (en) | 2011-05-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101420297B (en) | Method and system for negotiating cipher | |
| CN101420298B (en) | Method and system for negotiating cipher | |
| US11336446B2 (en) | System and method for generating and depositing keys for multi-point authentication | |
| CN102685110B (en) | Universal method and system for user registration authentication based on fingerprint characteristics | |
| KR101753859B1 (en) | Server and method for managing smart home environment thereby, method for joining smart home environment and method for connecting communication session with smart device | |
| CN104158827B (en) | Ciphertext data sharing method, device, inquiry server and upload data client | |
| CN102761870B (en) | Terminal authentication and service authentication method, system and terminal | |
| CN103051628A (en) | Method and system for obtaining authentication token based on servers | |
| CN102780698A (en) | User terminal safety communication method in platform of Internet of Things | |
| CN101815091A (en) | Cipher providing equipment, cipher authentication system and cipher authentication method | |
| CN102946392A (en) | URL (Uniform Resource Locator) data encrypted transmission method and system | |
| CN104754571A (en) | User authentication realizing method, device and system thereof for multimedia data transmission | |
| CN102624687A (en) | Networking program user authentication method based on mobile terminal | |
| CN103414562A (en) | Method and device for controlling user right based on URL fingerprint technology | |
| CN105281902A (en) | Web system safety login method based on mobile terminal | |
| CN105978688B (en) | A kind of cross-domain safety certifying method based on information separation management | |
| CN106230840A (en) | A kind of command identifying method of high security | |
| CN109726578A (en) | A kind of anti-fake solution of novel dynamic two-dimension code | |
| KR102625879B1 (en) | Method for generating key in crypto system using biometric information | |
| CN104394532A (en) | Anti-brute force safe log-in method for mobile terminal | |
| CN201717885U (en) | Code providing equipment and code identification system | |
| KR102053993B1 (en) | Method for Authenticating by using Certificate | |
| CN102014136B (en) | Peer to peer (P2P) network secure communication method based on random handshake | |
| CN103916372A (en) | Third-party login information hosting method and system | |
| CN107864136A (en) | A kind of stolen method of anti-locking system short message service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: FEITIAN CHENGXIN TECHNOLOGY CO., LTD. Free format text: FORMER NAME: BEIJING FEITIAN CHENGXIN SCIENCE + TECHNOLOGY CO. LTD. |
|
| CP03 | Change of name, title or address |
Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer Patentee after: Feitian Technologies Co., Ltd. Address before: 100083, Haidian District, Xueyuan Road, No. 40 research, 7 floor, 5 floor, Beijing Patentee before: Beijing Feitian Chengxin Science & Technology Co., Ltd. |