CN101771535B - Mutual authentication method between terminal and server - Google Patents
Mutual authentication method between terminal and server Download PDFInfo
- Publication number
- CN101771535B CN101771535B CN2008102051125A CN200810205112A CN101771535B CN 101771535 B CN101771535 B CN 101771535B CN 2008102051125 A CN2008102051125 A CN 2008102051125A CN 200810205112 A CN200810205112 A CN 200810205112A CN 101771535 B CN101771535 B CN 101771535B
- Authority
- CN
- China
- Prior art keywords
- server
- terminal
- operation result
- identify label
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a mutual authentication method between a terminal and a server. The method comprises that: the terminal generates an identity number and a first random number and sends the identity number and the first random number to the server; the server verifies whether the identity number exists in a database of the server; the server generates a first operation result according to the identity number, the first random number and a server secret key, and the first operation result and a second random number are transmitted to the terminal; the terminal generates a second operation result according to the identity number, the first random number and the server secret key and carries out authentication on the server according to the first and second operation results; the terminal generates a third operation result according to the second random number and a terminal secret key and sends the third operation result to the server; and the server generates a fourth operation result according to the second random number and the terminal secret key and carries out authentication on the terminal according to the third and fourth operation results.
Description
Technical field
The present invention relates to the mutual authentication method between a kind of terminal and the server.
Background technology
Along with development of Communication Technique; The kind of telecom terminal product is more and more; And use more and more widely; But the suffered attack of communication network is also more and more, and therefore, existing communication network adopted mode that fixed-line subscriber name and password carry out authentication with the increase fail safe to the terminal before inserting mostly.But because the long-term username and password of fixing that adopts makes that username and password is easy to be stolen, therefore, the fail safe of the communication mode of employing fixed-line subscriber name and password is lower.
Summary of the invention
In order to solve the lower problem of communications security between terminal of the prior art and the server, be necessary to provide a kind of terminal of communications security and mutual authentication method between the server of improving.
Mutual authentication method between a kind of terminal and the server is characterized in that, this method comprises: this terminal produces the identify label number and first random number, and sends to this server; Whether this identity recognition number of this server authentication is present in this server database; This server produces one first operation result according to this identify label number, this first random number and server key, and this first operation result and one second random number are sent to this terminal; This terminal produces one second operation result according to this identify label number, this first random number and this server key, according to this this terminal of first, second operation result this server is carried out authentication; This terminal produces one the 3rd operation result according to this second random number and terminal key, and the 3rd operation result is sent to this server; This server produces one the 4th operation result according to this second random number and this terminal key, according to the 3rd, the 4th this server of operation result authentication is carried out at this terminal.
Compared with prior art, the mutual authentication method between terminal of the present invention and the server comprises the process that process that the terminal authentication server is whether legal and server authentication terminal be whether legal, thereby guarantees safety of data transmission and privacy.And this mutual authentication method only needs server key and two private keys of terminal key to carry out, and this mutual authentication method is simpler.Utilize the identify label number at this terminal in the mutual authentication method between terminal of the present invention and the server; Only prior registered identify label number can be to this server registration in this data in server storehouse; If use an identify label that was not registered number to this server registration, then this terminal will be by this server authentication failure.If identical identify label is number to this server registration; Then show terminal software by unauthorized copying, therefore, utilize the identify label number tracking at this terminal and the quantity of control active terminals; Prevent that terminal software from being duplicated totally, thereby realize protection terminal software.
Description of drawings
Fig. 1 is the flow chart of the mutual authentication method between terminal of the present invention and the server.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, the present invention is made further detailed description below in conjunction with accompanying drawing.
Mutual authentication method between terminal of the present invention and the server is applicable to general terminal (client)-server communication framework, and other communication terminals can be waited for PC (Personal Computer) machine, mobile phone, PDA (PersonalDigital Assistant), PMP (Personal Media Player) in this terminal.
Seeing also Fig. 1, is the flow chart of the mutual authentication method between terminal of the present invention and the server.Mutual authentication method between this terminal and the server comprises the process that process that the terminal authentication server is whether legal and server authentication terminal be whether legal; Wherein, Whether legal process comprises the terminal authentication server: this terminal produces the identify label number and first random number, and sends to this server; Whether this identity recognition number of this server authentication is present in this server database; This server produces one first operation result according to this identify label number, this first random number and server key, and this first operation result and one second random number are sent to this terminal; This terminal produces one second operation result according to this identify label number, this first random number and this server key, according to this this terminal of first, second operation result this server is carried out authentication.Whether legal process comprises at this server authentication terminal: this terminal produces one the 3rd operation result according to this two random number and terminal key, and the 3rd operation result is sent to this server; This server produces one the 4th operation result according to this two random number and this terminal key, according to the 3rd, the 4th this server of operation result authentication is carried out at this terminal.
Whether legal this terminal authentication server concrete steps following:
Step 101: the terminal produces different identify label number according to different production producer; This identify label number can be unique for each terminal equipment; International mobile device identification (the International Mobile Equipment Identity that for example is used for mobile phone; IMEI) number, data in server stock has all legal identify labels number.This terminal produces one first random number simultaneously, and this first random number and this identify label number are sent to this server.
Step 102: after this server receives this first random number and this identify label number; Verify whether this identify label number is present in this data in server storehouse; If this identify label number is not present in this data in server storehouse, then withdraw from this two-way authentication program.If this identify label number is present in this data in server storehouse, then carry out step 103.This server is searched in database in the process of identity recognition number, and using the algorithm of HASH table is a kind of execution mode of this step.
Step 103: this server carries out cryptographic calculation with the identify label that receives number, this first random number and server key.And produce one first operation result.This server sends to the terminal with this first operation result and one second random number.The process of this cryptographic calculation can adopt symmetric key algorithm, MD5 algorithm or privately owned AES for example commonly used.
Step 104: cryptographic calculation is carried out with this identify label number, this first random number and this server end key in this terminal, and produces one second operation result.The algorithm of the cryptographic calculation that adopt at this terminal is identical with the algorithm of the cryptographic calculation that server adopted in the step 103.
Step 105: this terminal receives first operation result that this server produces, and compares with this second operation result, judges whether this first, second operation result is identical.If this first, second operation result is different, then withdraw from this two-way authentication program.If this operation result is identical, whether legal terminal authentication server legitimacy then get into server authentication terminal process.Whether legal this server authentication terminal concrete steps following:
Step 106: cryptographic calculation is carried out with second random number and the terminal key that receive in this terminal, produces one the 3rd operation result, and the 3rd operation result is sent to this server.
Step 107: this server carries out cryptographic calculation with this second random number and terminal key, and produces one the 4th operation result.The algorithm that the terminal encryption computing is adopted in the algorithm that this server for encrypting computing is adopted and the step 106 is identical.
Step 108: the 3rd operation result and the 4th operation result that this server will receive compare, and judge whether the 3rd, the 4th operation result is identical.If the 3rd, the 4th operation result is different, then withdraw from this two-way authentication program, if the 3rd, the 4th operation result is identical, then the server authentication terminal is legal, gets into step 109.
Step 109: after accomplishing the whether legal process in whether legal process of terminal authentication server and server authentication terminal, operations such as the terminal can be logined, calling.
Compared with prior art, the mutual authentication method between terminal of the present invention and the server comprises the process that process that the terminal authentication server is whether legal and server authentication terminal be whether legal, thereby guarantees safety of data transmission and privacy.And this mutual authentication method only needs server key and two private keys of terminal key to carry out, and this mutual authentication method is simpler.Simultaneously, this server key and terminal key can all be solidificated in the software in advance, and this mutual authentication method is easier to realize, and cost is low, and interactive speed is fast.
Compared with prior art; Utilize the identify label number at this terminal in the mutual authentication method between terminal of the present invention and the server; Only prior registered identify label number can be to this server registration in this data in server storehouse; If use an identify label that was not registered number to this server registration, then this terminal will be by this server authentication failure.If identical identify label is number to this server registration; Then show terminal software by unauthorized copying, therefore, utilize the identify label number tracking at this terminal and the quantity of control active terminals; Prevent that terminal software from being duplicated totally, thereby realize protection terminal software.
In the mutual authentication method between terminal of the present invention and the server, the data interaction between terminal and the server can be passed through public or private data network with communicating by letter, and carries out such as the Internet, local area network (LAN), circuit handover network etc.
Under situation without departing from the spirit and scope of the present invention, can also constitute many very embodiment of big difference that have.Should be appreciated that except like enclosed claim limited, the invention is not restricted at the specific embodiment described in the specification.
Claims (5)
1. the mutual authentication method between terminal and the server is characterized in that this method comprises:
This terminal produces the identify label number and first random number, and sends to this server;
Whether this identify label of this server authentication number is present in this server database; If this identify label number is not present in this data in server storehouse, then withdraw from end; If this identify label number is present in this data in server storehouse, then proceed subsequent treatment;
This server produces one first operation result according to this identify label number, this first random number and server key, and this first operation result and one second random number are sent to this terminal;
This terminal produces one second operation result according to this identify label number, this first random number and this server key, according to this this terminal of first, second operation result this server is carried out authentication, is specially:
If this first, second operation result is different, then withdraw from the process of this two-way authentication, if this first, second operation result is identical, terminal authentication server legitimacy then; This terminal produces one the 3rd operation result according to this second random number and terminal key, and the 3rd operation result is sent to this server;
This server produces one the 4th operation result according to this second random number and this terminal key, according to the 3rd, the 4th this server of operation result authentication is carried out at this terminal, is specially:
If the 3rd, the 4th operation result is different, then withdraw from the process of this two-way authentication, if the 3rd, the 4th operation result is identical, then the server authentication terminal is legal.
2. the mutual authentication method between terminal as claimed in claim 1 and the server is characterized in that: this identify label number is international mobile device identifier.
3. the mutual authentication method between terminal as claimed in claim 1 and the server is characterized in that: this identify label number is unique for each terminal.
4. the mutual authentication method between terminal as claimed in claim 1 and the server is characterized in that: the data interaction between this terminal and this server utilizes the Internet or local area network (LAN) or circuit handover network with communicating by letter.
5. the mutual authentication method between terminal as claimed in claim 1 and the server is characterized in that: this server uses the algorithm of HASH table in database, to search identify label number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102051125A CN101771535B (en) | 2008-12-30 | 2008-12-30 | Mutual authentication method between terminal and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102051125A CN101771535B (en) | 2008-12-30 | 2008-12-30 | Mutual authentication method between terminal and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101771535A CN101771535A (en) | 2010-07-07 |
| CN101771535B true CN101771535B (en) | 2012-07-11 |
Family
ID=42504156
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008102051125A Expired - Fee Related CN101771535B (en) | 2008-12-30 | 2008-12-30 | Mutual authentication method between terminal and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101771535B (en) |
Families Citing this family (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102377759B (en) * | 2010-08-25 | 2014-10-08 | 中国移动通信有限公司 | Service processing system, user identity identification method and related devices |
| CN102387052B (en) * | 2010-09-06 | 2013-09-25 | 中商商业发展规划院有限公司 | Integral system of rural circulation management service platform and method thereof |
| CN102413224B (en) * | 2010-09-25 | 2015-02-04 | 中国移动通信有限公司 | Methods, systems and equipment for binding and running security digital card |
| CN102457373B (en) * | 2010-10-19 | 2016-09-07 | 鸿富锦精密工业(深圳)有限公司 | Handheld device bi-directional verification system and method |
| CN102868665B (en) * | 2011-07-05 | 2016-07-27 | 华为软件技术有限公司 | The method of data transmission and device |
| CN102882676A (en) * | 2011-07-15 | 2013-01-16 | 深圳市汇川控制技术有限公司 | Method and system for equipment to safely access Internet of things |
| CN102446251B (en) * | 2011-08-24 | 2015-01-14 | 杭州华三通信技术有限公司 | Device activation realizing method and equipment |
| CN103491094B (en) * | 2013-09-26 | 2016-10-05 | 成都三零瑞通移动通信有限公司 | A kind of rapid identity authentication method based on C/S model |
| CN104023013B (en) * | 2014-05-30 | 2017-04-12 | 上海帝联信息科技股份有限公司 | Data transmission method, server side and client |
| CN105721153B (en) * | 2014-09-05 | 2020-03-27 | 三星Sds株式会社 | Key exchange system and method based on authentication information |
| CN104346556A (en) * | 2014-09-26 | 2015-02-11 | 中国航天科工集团第二研究院七〇六所 | Hard disk security protection system based on wireless security certification |
| CN104581706B (en) * | 2015-01-09 | 2018-05-18 | 上海华申智能卡应用系统有限公司 | Data safety exchange method between intelligent mobile terminal based on asymmetric encryption techniques |
| CN106161032B (en) * | 2015-04-24 | 2019-03-19 | 华为技术有限公司 | A kind of identity authentication method and device |
| CN106549919B (en) | 2015-09-21 | 2021-01-22 | 创新先进技术有限公司 | Information registration and authentication method and device |
| CN105307160A (en) * | 2015-09-29 | 2016-02-03 | 北京元心科技有限公司 | Data transmission method and device by use of Wi-Fi network |
| CN105975846B (en) * | 2016-04-29 | 2019-04-12 | 宇龙计算机通信科技(深圳)有限公司 | The authentication method and system of terminal |
| CN106528669B (en) * | 2016-10-31 | 2019-09-17 | 青岛海信电器股份有限公司 | The identification information processing method of terminal device, apparatus and system |
| WO2018076365A1 (en) * | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
| CN106973054B (en) * | 2017-03-29 | 2021-03-30 | 山东超越数控电子有限公司 | Trusted platform based operating system login authentication method and system |
| CN109714298B (en) * | 2017-10-25 | 2020-08-11 | 腾讯科技(深圳)有限公司 | Verification method, verification device and storage medium |
| CN110035033B (en) | 2018-01-11 | 2022-11-25 | 华为技术有限公司 | Key distribution method, device and system |
| CN110098915B (en) * | 2018-01-30 | 2022-09-23 | 阿里巴巴集团控股有限公司 | Authentication method and system, and terminal |
| CN108848070A (en) * | 2018-05-30 | 2018-11-20 | 郑州云海信息技术有限公司 | A kind of identity identifying method and system |
| CN109214221B (en) * | 2018-08-23 | 2022-02-01 | 武汉普利商用机器有限公司 | Authentication method of identity card reader, upper computer and identity card reader |
| CN113472728B (en) * | 2020-03-31 | 2022-05-27 | 阿里巴巴集团控股有限公司 | Communication method and device |
| CN111541715B (en) * | 2020-05-11 | 2022-05-20 | 青岛海信网络科技股份有限公司 | Method and device for improving communication between traffic signal control machine and upper computer |
| CN111931158A (en) * | 2020-08-10 | 2020-11-13 | 深圳大趋智能科技有限公司 | Bidirectional authentication method, terminal and server |
| CN113536281A (en) * | 2021-06-04 | 2021-10-22 | 福建海山机械股份有限公司 | Road pollution removing vehicle bound with cleaning device and method for binding cleaning device and vehicle machine |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101083843A (en) * | 2007-07-17 | 2007-12-05 | 中兴通讯股份有限公司 | Method and system for confirming terminal identity in mobile terminal communication |
-
2008
- 2008-12-30 CN CN2008102051125A patent/CN101771535B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101083843A (en) * | 2007-07-17 | 2007-12-05 | 中兴通讯股份有限公司 | Method and system for confirming terminal identity in mobile terminal communication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101771535A (en) | 2010-07-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101771535B (en) | Mutual authentication method between terminal and server | |
| CN104065652B (en) | A kind of auth method, device, system and relevant device | |
| CN101465735B (en) | Network user identification verification method, server and client terminal | |
| CN104065653B (en) | A kind of interactive auth method, device, system and relevant device | |
| CN109347635A (en) | A kind of Internet of Things security certification system and authentication method based on national secret algorithm | |
| CN102006306B (en) | Security authentication method for WEB service | |
| CN108173822A (en) | Intelligent door lock management-control method, intelligent door lock and computer readable storage medium | |
| CN102685749B (en) | Wireless safety authentication method orienting to mobile terminal | |
| CN110336788B (en) | Data security interaction method for Internet of things equipment and mobile terminal | |
| TWI632798B (en) | Server, mobile terminal, and network real-name authentication system and method | |
| CN104869102A (en) | Authorization method, device and system based on xAuth protocols | |
| CN107612949B (en) | Wireless intelligent terminal access authentication method and system based on radio frequency fingerprint | |
| CN105828332A (en) | Method of improving wireless local area authentication mechanism | |
| CN101232372A (en) | Authentication method, authentication system and authentication device | |
| CN104063650B (en) | A kind of key storage device and using method thereof | |
| CN104751538A (en) | Implementation method for opening access controller, and access control system | |
| CN105656862A (en) | Authentication method and device | |
| CN104754571A (en) | User authentication realizing method, device and system thereof for multimedia data transmission | |
| CN105119716A (en) | Secret key negotiation method based on SD cards | |
| Dong et al. | Blockchain-based cross-domain authentication strategy for trusted access to mobile devices in the IoT | |
| CN104618360B (en) | Bypass authentication method and system based on 802.1X agreement | |
| CN116248351A (en) | Resource access method and device, electronic equipment and storage medium | |
| CN103179564B (en) | Based on the network application login method of mobile terminal authentication | |
| CN106789845A (en) | A kind of method of network data security transmission | |
| CN108737390A (en) | Protect the authentication method and system of user name privacy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120711 Termination date: 20141230 |
|
| EXPY | Termination of patent right or utility model |