CN102045718A - Authentication method and system - Google Patents
Authentication method and system Download PDFInfo
- Publication number
- CN102045718A CN102045718A CN2009102364938A CN200910236493A CN102045718A CN 102045718 A CN102045718 A CN 102045718A CN 2009102364938 A CN2009102364938 A CN 2009102364938A CN 200910236493 A CN200910236493 A CN 200910236493A CN 102045718 A CN102045718 A CN 102045718A
- Authority
- CN
- China
- Prior art keywords
- password
- client
- server
- expressly
- sequence number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention provides an authentication method and an authentication system, wherein the method comprises the following steps: a client encrypts a pre-stored password plaintext so as to generate a password ciphertext; the client sends the number of the client and the password ciphertext to a server; and the server searches a self-stored password plaintext of the client according to the serial number, and judges whether the password plaintext stored in the server is the same as the password plaintext stored in the client, if so, the authentication on the client by the server is successful. The method and the system provided by the invention can ensure the safety of a ring-back tone platform as a server.
Description
Technical field
The present invention relates to the data service technical field, particularly a kind of method for authenticating and system.
Background technology
At present, ring-back tone (RBT) system has realized separating of system layer and operation layer, and system layer is responsible for providing the base interface of One's name is legion, and operation layer is then dressed up corresponding concrete function with these interface group.For this reason, must be open as the ring-back platform of system layer to marketing platform (MP platform) as operation layer, make the MP platform conduct interviews and operate to ring-back platform.
In order to guarantee the safety of ring-back platform, ring-back platform need carry out authentication to the MP platform, and the MP platform that has only authentication to pass through can be visited ring-back platform and be carried out corresponding operating.Existing method for authenticating is: the MP platform sends number of the account and the password of self to ring-back platform, ring-back platform is inquired about the password of the MP platform of preserving in advance according to the number of the account of MP platform, if the password that inquiry obtains is identical with the password of reception, then ring-back platform passes through the authentication of this MP platform.Under this mode, because the MP platform need send the password of self to ring-back platform, and password is easy to be stolen in transmission course, and its fail safe can't guarantee, therefore can influence the safety of ring-back platform.
Summary of the invention
The present invention proposes a kind of method for authenticating, can guarantee to be used for the fail safe of the password of authentication in transmission course, and then guarantees the safety of ring-back platform.
The present invention also proposes a kind of right discriminating system, can guarantee to be used for the fail safe of the password of authentication in transmission course, and then guarantees the safety of ring-back platform.
Technical scheme of the present invention is achieved in that
A kind of method for authenticating comprises:
Client is expressly encrypted the password of preserving in advance, generates the password ciphertext; The numbering and the described password ciphertext of client are sent to server;
Server is searched the password plaintext of the described client of self preserving according to described numbering, judges whether the password plaintext of server preservation is expressly identical with the password of client storage, if identical, then server is to the authentication success of client.
A kind of right discriminating system comprises: client and server,
Described client is used for the password of preserving is in advance expressly encrypted, and generates the password ciphertext; The numbering and the described password ciphertext of client are sent to server;
Described server, the password that is used for searching the described client of self preserving according to described numbering expressly, expressly whether the password with client storage expressly identical to judge the password that server preserves, if identical, then server is successful to the authentication of client.
As fully visible, method for authenticating and system that the present invention proposes when the user end to server transmission is used for the password of authentication, are sent to server with the password ciphertext after encrypting.Avoided password transmission expressly in this way.Therefore the scheme of the present invention's proposition can guarantee the safety as the ring-back platform of server end.
Description of drawings
Fig. 1 is the method for authenticating realization flow figure of the embodiment of the invention.
Embodiment
The present invention proposes a kind of method for authenticating, and referring to Fig. 1, Fig. 1 is the method for authenticating realization flow figure of the embodiment of the invention.In the present embodiment, ring-back platform is as server, and marketing platform is as client; CRBT open an account interface, inquiry open an account final result interface, search music center platform song information interface and download music center platform ring-back tone interface have been increased in the ring-back platform; After ring-back platform passes through the authentication of marketing platform, just allow marketing platform to visit above-mentioned interface, and all daily records that ring-back platform can the detail record marketing platform calls non-query interface are so that complain location and flow to check.
Authentication process shown in Figure 1 comprises:
Step 101: ring-back platform generates identical sequence number with the marketing platform synchronous dynamic.The password that marketing platform will be preserved is in advance expressly encrypted, and generates the password ciphertext; Numbering, sequence number and the password ciphertext of marketing platform are sent to ring-back platform.
In this step, marketing platform sees the following form 1 to above-mentioned 3 parameters that ring-back platform sends:
| Parameter name | Parameter type | Parameter length | Parameter is formed |
| Numbering (DID) | Character string | 7 | Numeral 0~9 |
| Sequence number (SEQ) | Character string | 29 | Numeral 0~9 |
| Password ciphertext (DIDPWD) | Character string | 32 | Numeral 0~9 |
Wherein, sequence number can be divided into three parts: first is the numbering of marketing platform, and length is 7, is distributed by ring-back platform; Second portion is the rise time, and length is 14, and form is metric yyyymmddhhmmss, for example, the sequence number that 20: 32: 25 on the 20th November in 2004 produced, its second portion is metric 20041120203225; Third part is the cycle count position, and length is 8, and by 0 beginning end-around carry, zero clearing after carry has expired restarts counting.Certainly, the above is a kind of form of sequence number, the sequence number that the present invention can also adopt other form (for example, adopt the sequence number of certain-length, by 0 beginning end-around carry, zero clearing after carry has expired restarts counting), use identical sequence number as long as can guarantee ring-back platform synchronously with marketing platform.
The generating mode of password ciphertext can for: with sequence number (SEQ) and the password of preserving in advance expressly make up, form the character string of " sequence number+password expressly ", the hash algorithm of making an appointment is adopted in described combination, encrypt, generate the password ciphertext as the MD5 algorithm.The password ciphertext of this form is transferred to ring-back platform, avoided password transmission expressly on the one hand, guarantee password fail safe expressly; On the other hand, encrypt afterwards, can avoid repeat attack with the sequence number combination of dynamic change.
Step 102: ring-back platform is searched the sequence number of this marketing platform that self generates and the password plaintext of this marketing platform of self preserving according to the numbering of marketing platform; Judge whether the sequence number that finds is identical with the sequence number of reception, and whether the password of judging the ring-back platform preservation is expressly expressly identical with the password that marketing platform is preserved, if twice judged result is all identical, then ring-back platform is to the authentication success of marketing platform.
Because marketing platform expressly adopts the MD5 algorithm to encrypt to the password of self preserving in the step 101, expressly expressly whether identical in order to judge the password that ring-back platform preserves with the password that marketing platform is preserved, the password that ring-back platform can be preserved self expressly adopt with step 101 in same cipher mode encrypt, judge whether the result after encrypting is identical with the password ciphertext of reception, if identical, judge that then the password of ring-back platform preservation is expressly expressly identical with the password that marketing platform is preserved.
In the said process, adopted hash algorithm to encrypt to " sequence number+password expressly ", the present invention also can adopt other cipher mode, for example, marketing platform adopts the PKI of ring-back platform to encrypt to " sequence number+password expressly ", and the password ciphertext after encrypting is sent to ring-back platform; Ring-back platform adopts corresponding private key that the password ciphertext of receiving is decrypted, and obtains password expressly, judges whether this password is expressly expressly identical with the password of self preserving.
Step 103:, allow marketing platform to call the corresponding interface when ring-back platform during to the success of the authentication of marketing platform.Ring-back platform can also write down all daily records of marketing platform calling interface, is used for complaining location and flow to check.
In addition, the present invention also can not adopt sequence number, directly password is expressly encrypted by client, and the password ciphertext that generates is sent to server; Server judges whether the password plaintext of this client that self preserves is expressly identical with the password of client storage, if identical, then server is to the authentication success of client.
Wherein, client judges that to the mode of password plain text encryption and server whether identical the expressly mode of above-mentioned two passwords identical with mode in the foregoing description, do not go to live in the household of one's in-laws on getting married at this.
The foregoing description is to utilize ring-back platform that the detailed process that marketing platform carries out authentication is described, and the present invention also can be applied to the authentication of other servers to client, and the present invention does not limit this.
The present invention also proposes a kind of right discriminating system, comprising: client and server;
Wherein, client can be used for the password of preserving is in advance expressly encrypted, and generates the password ciphertext; The numbering and the described password ciphertext of client are sent to server;
Server, the password that can be used for searching the described client of self preserving according to described numbering expressly, expressly whether the password with client storage expressly identical to judge the password that server preserves, if identical, then server is successful to the authentication of client.
In the said system, client and server is synchronous dynamic formation sequence number further;
Client can expressly make up sequence number that generates and the password of preserving in advance, and described combination is encrypted, and generates the password ciphertext; Sequence number and password ciphertext that the numbering of client, described client are generated are sent to server;
Server, can search the sequence number of the described client that self generates and the password plaintext of the described client of self preserving according to described numbering, whether the sequence number of judging the server generation is identical with the sequence number that client generates, and whether the password plaintext of judging the server preservation is expressly identical with the password of client storage, if it is identical that twice judged result is, then server is to the authentication success of client.
In the said system, client is carried out encrypted packet to described combination and drawn together: the customer end adopted hash algorithm is encrypted described combination.
Server judges whether the password that server is preserved expressly expressly is all mutually with the password of client storage: the password that server is preserved the sequence number and the server of client expressly makes up, adopt this hash algorithm that this combination is encrypted, judge whether the result after encrypting is identical with the password ciphertext of reception, if identical, then expressly the password with client storage is expressly identical for the password of determining server preservation.
As fully visible, method for authenticating and system that the present invention proposes, encrypt this password and laggard the going of sequence number combination that dynamically generates when the ring-back platform transmission is used for the password of authentication at marketing platform, and the password ciphertext after encrypting is sent to ring-back platform.Avoided password transmission expressly in this way, avoided simultaneously by the malicious user repeat attack.After authentication was passed through, ring-back platform just allowed the marketing platform visit to call relevant interface.Therefore the scheme of the present invention's proposition can guarantee the safety as the ring-back platform of server end.In addition, all daily records that ring-back platform can also the detail record marketing platform calls non-query interface are for use in complaining location and flow to check.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (10)
1. a method for authenticating is characterized in that, described method comprises:
Client is expressly encrypted the password of preserving in advance, generates the password ciphertext; The numbering and the described password ciphertext of client are sent to server;
Server is searched the password plaintext of the described client of self preserving according to described numbering, judges whether the password plaintext of server preservation is expressly identical with the password of client storage, if identical, then server is to the authentication success of client.
2. method according to claim 1 is characterized in that, described method further comprises: the dynamic formation sequence of client and server sync number;
Described client is expressly encrypted the password of preserving in advance, generates the password ciphertext and comprises: client expressly makes up sequence number that generates and the password of preserving in advance, and described combination is encrypted, and generates the password ciphertext;
Described client will be numbered and password ciphertext when being sent to server, and further the sequence number that client is generated is sent to server;
Described server is further searched the sequence number of the described client that self generates according to described numbering;
Described server is judged password that server preserves expressly with after the password of client storage is expressly identical, judges further whether the sequence number that server generates is identical with the sequence number that client generates, if identical, then server is successful to the authentication of client.
3. method according to claim 2 is characterized in that, described client is carried out encrypted packet to described combination and drawn together: the customer end adopted hash algorithm is encrypted described combination.
4. method according to claim 3, it is characterized in that, describedly judge that whether identical expressly expressly with the password of the client storage step of password that server preserves comprise: server expressly makes up the sequence number of the client password with the server preservation, adopt described hash algorithm that described combination is encrypted, judge whether the result after encrypting is identical with the password ciphertext of reception, if identical, then expressly the password with client storage is expressly identical for the password of determining server preservation.
5. method according to claim 2 is characterized in that, described sequence number is made up of client numbering, rise time and cycle count position.
6. method according to claim 1 and 2 is characterized in that, described client is a marketing platform, and described server is a ring-back platform, and described ring-back platform provides interface for marketing platform in advance;
Described method further comprises: after the authentication success of ring-back platform to marketing platform, allow marketing platform to call described interface.
7. a right discriminating system is characterized in that, described system comprises: client and server;
Described client is used for the password of preserving is in advance expressly encrypted, and generates the password ciphertext; The numbering and the described password ciphertext of client are sent to server;
Described server, the password that is used for searching the described client of self preserving according to described numbering expressly, expressly whether the password with client storage expressly identical to judge the password that server preserves, if identical, then server is successful to the authentication of client.
8. system according to claim 7 is characterized in that, described client and server synchronous dynamic formation sequence number;
Described client is used for sequence number that will generate and the password of preserving in advance and expressly makes up, and described combination is encrypted, and generates the password ciphertext; Sequence number and password ciphertext that the numbering of client, described client are generated are sent to server;
Described server, be used for searching the sequence number of the described client that self generates and the password plaintext of the described client of self preserving according to described numbering, whether the sequence number of judging the server generation is identical with the sequence number that client generates, and whether the password plaintext of judging the server preservation is expressly identical with the password of client storage, if it is identical that twice judged result is, then server is to the authentication success of client.
9. system according to claim 8 is characterized in that, described client is carried out encrypted packet to described combination and drawn together: the customer end adopted hash algorithm is encrypted described combination.
10. system according to claim 8, it is characterized in that, described server judges whether the password that server is preserved expressly expressly is all mutually with the password of client storage: the password that server is preserved the sequence number and the server of client expressly makes up, adopt described hash algorithm that described combination is encrypted, judge whether the result after encrypting is identical with the password ciphertext of reception, if identical, then expressly the password with client storage is expressly identical for the password of determining server preservation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102364938A CN102045718A (en) | 2009-10-23 | 2009-10-23 | Authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102364938A CN102045718A (en) | 2009-10-23 | 2009-10-23 | Authentication method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102045718A true CN102045718A (en) | 2011-05-04 |
Family
ID=43911374
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009102364938A Pending CN102045718A (en) | 2009-10-23 | 2009-10-23 | Authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102045718A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701761A (en) * | 2012-09-28 | 2014-04-02 | 中国电信股份有限公司 | Authentication method for invoking open interface and system |
| CN103942501A (en) * | 2014-05-11 | 2014-07-23 | 西安科技大学 | Hash ciphertext re-encrypting method and decryption method after re-encryption |
| CN103942500A (en) * | 2014-05-11 | 2014-07-23 | 西安科技大学 | Hash ciphertext re-encryption method based on noise and decryption method after re-encryption |
| CN104869122A (en) * | 2015-05-27 | 2015-08-26 | 北京天威诚信电子商务服务有限公司 | Gesture password identity authentication method based on electronic signature and system thereof |
| CN105554001A (en) * | 2015-12-23 | 2016-05-04 | 北京奇虎科技有限公司 | Communication method and system based on encryption |
| CN105721399A (en) * | 2014-12-03 | 2016-06-29 | 中国移动通信集团河南有限公司 | Customized ring back tone request processing system and method |
| CN106998316A (en) * | 2016-01-22 | 2017-08-01 | 中国移动通信集团公司 | A kind of method for authenticating, applications client and gateway device |
| CN112600811A (en) * | 2020-12-07 | 2021-04-02 | 广州芯德通信科技股份有限公司 | Tr069 protocol-based automatic authorization CPE method and system |
-
2009
- 2009-10-23 CN CN2009102364938A patent/CN102045718A/en active Pending
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701761B (en) * | 2012-09-28 | 2017-07-18 | 中国电信股份有限公司 | Authentication method and system that open interface is called |
| CN103701761A (en) * | 2012-09-28 | 2014-04-02 | 中国电信股份有限公司 | Authentication method for invoking open interface and system |
| CN103942501A (en) * | 2014-05-11 | 2014-07-23 | 西安科技大学 | Hash ciphertext re-encrypting method and decryption method after re-encryption |
| CN103942500A (en) * | 2014-05-11 | 2014-07-23 | 西安科技大学 | Hash ciphertext re-encryption method based on noise and decryption method after re-encryption |
| CN103942501B (en) * | 2014-05-11 | 2017-01-18 | 西安科技大学 | Hash ciphertext re-encrypting method and decryption method after re-encryption |
| CN103942500B (en) * | 2014-05-11 | 2017-02-22 | 西安科技大学 | Hash ciphertext re-encryption method based on noise and decryption method after re-encryption |
| CN105721399B (en) * | 2014-12-03 | 2019-07-02 | 中国移动通信集团河南有限公司 | A kind of CRBT demand processing system and method |
| CN105721399A (en) * | 2014-12-03 | 2016-06-29 | 中国移动通信集团河南有限公司 | Customized ring back tone request processing system and method |
| CN104869122A (en) * | 2015-05-27 | 2015-08-26 | 北京天威诚信电子商务服务有限公司 | Gesture password identity authentication method based on electronic signature and system thereof |
| CN105554001A (en) * | 2015-12-23 | 2016-05-04 | 北京奇虎科技有限公司 | Communication method and system based on encryption |
| CN106998316A (en) * | 2016-01-22 | 2017-08-01 | 中国移动通信集团公司 | A kind of method for authenticating, applications client and gateway device |
| CN112600811A (en) * | 2020-12-07 | 2021-04-02 | 广州芯德通信科技股份有限公司 | Tr069 protocol-based automatic authorization CPE method and system |
| CN112600811B (en) * | 2020-12-07 | 2021-11-02 | 广州芯德通信科技股份有限公司 | Tr069 protocol-based automatic authorization CPE method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102045718A (en) | Authentication method and system | |
| US9977918B2 (en) | Method and system for verifiable searchable symmetric encryption | |
| CN105610793B (en) | A kind of outsourcing data encryption storage and cryptogram search system and its application process | |
| Wang et al. | Secure ranked keyword search over encrypted cloud data | |
| US20180375652A1 (en) | Method for re-keying an encrpyted data file | |
| CN106254324A (en) | A kind of encryption method storing file and device | |
| Chen et al. | A security framework of group location-based mobile applications in cloud computing | |
| JP2009529714A (en) | Method and system for decryptable and searchable encryption | |
| CN104009989A (en) | Link-stealing-prevention method and system for media files and server | |
| CN103095733A (en) | Keyword cipher text retrieval method for cloud storage | |
| CN104967693A (en) | Document similarity calculation method facing cloud storage based on fully homomorphic password technology | |
| CN101330524A (en) | Method and apparatus for processing download and dispatching file as well as transmission file system | |
| CN110213669A (en) | A kind of video content burglary-resisting system and method based on TS slice | |
| CN111639357B (en) | Encryption network disk system and authentication method and device thereof | |
| CN113779612A (en) | Data sharing method and system based on block chain and hidden strategy attribute encryption | |
| CN104978542B (en) | The method and system of safe data storage and access data | |
| CN106789069A (en) | A kind of zero-knowledge status authentication method | |
| CN111709040A (en) | Sensitive data oriented secure discrete storage method | |
| Hu et al. | Efficient and secure multi‐functional searchable symmetric encryption schemes | |
| CN108737390A (en) | Protect the authentication method and system of user name privacy | |
| CN110138558A (en) | Transmission method, equipment and the computer readable storage medium of session key | |
| CN112398832B (en) | Service end user data encryption method and decryption method | |
| JP2018037938A (en) | Key exchange method and key exchange system | |
| CN105959099A (en) | Method for encrypting SSR password | |
| Wanpeng et al. | Adaptive and dynamic mobile phone data encryption method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110504 |