CN102281137A - Dynamic password authentication method of mutual-authentication challenge response mechanism - Google Patents

Dynamic password authentication method of mutual-authentication challenge response mechanism Download PDF

Info

Publication number
CN102281137A
CN102281137A CN2010101992970A CN201010199297A CN102281137A CN 102281137 A CN102281137 A CN 102281137A CN 2010101992970 A CN2010101992970 A CN 2010101992970A CN 201010199297 A CN201010199297 A CN 201010199297A CN 102281137 A CN102281137 A CN 102281137A
Authority
CN
China
Prior art keywords
dynamic password
password generator
sequence number
dynamic
generator
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2010101992970A
Other languages
Chinese (zh)
Inventor
高智勇
童寅
杨晓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HANGZHOU YUQIANG TECHNOLOGY Co Ltd
Original Assignee
HANGZHOU YUQIANG TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by HANGZHOU YUQIANG TECHNOLOGY Co Ltd filed Critical HANGZHOU YUQIANG TECHNOLOGY Co Ltd
Priority to CN2010101992970A priority Critical patent/CN102281137A/en
Publication of CN102281137A publication Critical patent/CN102281137A/en
Pending legal-status Critical Current

Links

Abstract

The invention discloses a dynamic password authentication method of a mutual-authentication challenge response mechanism. The dynamic password authentication method comprises the following steps: a dynamic password generator initiates an authentication session and transmitting a sequence number of the dynamic password generator to a server; the server carries out processing according to the received sequence number of the password generator to form a challenge code and feeds back the challenge code to the dynamic password generator; the dynamic password generator verifies the received challenge code, if the received challenge code is legal, the dynamic password generator generates and displays a dynamic token A, and if the received challenge code is illegal, the dynamic password generator cancels and terminates display of the dynamic token A; a dynamic password generator user transmits the dynamic token A displayed by the current dynamic password generator to the server; and the server receives the dynamic token A, then generates a dynamic token B by adopting the dynamic token A, compares the two dynamic tokens, feeds back a comparison result to the dynamic password generator and closes an authentication conversation. According to the invention, the challenge code provided by a server side can be verified by the dynamic password generator, and phishing websites and intermediate attacks can be better prevented.

Description

A kind of dynamic cipher authentication method of two-way authentication formula challenge response mechanism
Technical field
The present invention relates to dynamic cipher verification, relate in particular to a kind of dynamic cipher authentication method of two-way authentication formula challenge response mechanism.
Background technology
Along with Development of E-business, client's Account Security has become a major issue, the identity validation mode that single dependence static password is concluded the business, existing serious quilt to break gets, problems such as conjecture cracks, adopt dynamic password token mode to address the above problem, but on certification mode, there is certain defective at present, most password products adopt the unilateral authentication pattern, promptly when giving, only award the computing that random digit is carried out dynamic password, at fail safe and protection phishing attack with the client challenges sign indicating number by the traditional challenge response pattern of dynamic password token, be short of to some extent in the performance during man-in-the-middle attack.
Summary of the invention
At the problems referred to above, the invention provides a kind of dynamic cipher authentication method that has increased the two-way authentication formula challenge response mechanism that authenticates of server end.
The technical solution used in the present invention is as follows
A kind of dynamic cipher authentication method of two-way authentication formula challenge response mechanism is realized by at least one server and at least one user's dynamic password generator, comprises the steps:
S1, described dynamic password generator is initiated authen session to described server, and sends described dynamic password generator sequence number to described server;
S2, described server uses cryptographic algorithm to handle according to the cipher code generator sequence number that receives, and forms challenge code and feeds back to described dynamic password generator;
S3, described dynamic password generator is verified the challenge code that receives, if the illegal dynamic password generator cancellation of challenge code shows and termination process that the dynamic password generator generates dynamic password A according to cryptographic algorithm and shows if challenge code is legal;
S4, described dynamic password generator sends the dynamic password A that current dynamic password generator shows to described server;
S5, after described server receives dynamic password A, adopt the algorithm identical to produce dynamic password B, and dynamic password A and dynamic password B compared obtain authentication result, feed back to described dynamic password generator and close authen session with described dynamic password generator.
Further, challenge code described in the S2 is realized by the AES cryptographic algorithm, is specifically comprised:
S2-1, described server produces a random number,
S2-2 uses the computing of aes cryptographic algorithm according to described dynamic password generator sequence number that receives and pairing parameter cryptographic seed thereof, and two specified byte of getting the gained result are respectively to 10 deliverys;
S3-3, the end with the delivery result is spliced to the random number of described server generation forms challenge code.
Further, among the S2, described server uses before cryptographic algorithm handles according to the cipher code generator sequence number that receives, and also comprises: the step that described dynamic password generator sequence number is verified.
Further, described described dynamic password generator sequence number is verified, its mode is: described dynamic password generator sequence number prestores on described server, after described server receives the sequence number that described dynamic password generator sends, the dynamic password generator sequence number that prestores and the described dynamic password generator sequence number of reception are compared, if unanimity then carry out downwards, otherwise termination process.
Further, when described dynamic password generator sequence number compare inconsistent after, further comprise: the step that sends prompting sequence number non-existent information to described dynamic password generator.
Further, described dynamic password generates and further comprises: using the aes algorithm encryption seed, is key with Salt, uses the ECB mode promptly directly to call encryption function, generates one 128 ciphertext blocks;
Use high-end N byte of this ciphertext blocks, with its respectively divided by 10 remainder as wherein one of final described dynamic password, finally obtain the dynamic password of a N decimal digit.
Beneficial effect of the present invention
Utilize dynamic password generator of the present invention to verify the challenge code that server end provides, this bidirectional authentication mechanism can better protect fishing website and man-in-the-middle attack.
Description of drawings
Fig. 1 is the present invention's one specific embodiment flow chart.
Embodiment
For describing the present invention better, describe the present invention in detail below in conjunction with accompanying drawing.
(dynamic password is generally dynamically generated according to special algorithm by the handheld terminal of a kind of built-in power, algorithm chip and display screen this programme in the dynamic password authentication mode of traditional challenge response mechanism, be characterized in changing once every the regular hour, password after using once and passing password are all invalid) in added the authentication of client to server end, specific as follows:
Described dynamic password generator is initiated authen session by step 101 to described server, and sends described dynamic password generator sequence number to described server end;
Server is verified according to step 102 pair described dynamic password generator sequence number, verify whether it is legal, verification mode is: described dynamic password generator sequence number prestores on described server, after described server receives the sequence number that described dynamic password generator sends, the dynamic password generator sequence number that prestores and the described dynamic password generator sequence number of reception are compared, if unanimity then carry out step 104, otherwise by step 103 termination process and point out dynamic password generator sequence number not exist.
The cipher code generator sequence number that described server receives by step 104 basis, pairing certain special parameter of dynamic password generator sequence number that receives is carried out the aes computing as key, with gained result's specific double figures to 10 deliverys, and, form 6/8 challenge code and feed back to the dynamic password generator the end that the delivery result is spliced to the random number of server generation;
Described dynamic password generator is verified by the step 105 pair challenge code that receives, if the illegal dynamic password generator of challenge code shows and termination process that by step 107 cancellation the dynamic password generator generates dynamic password A by step 106 according to cryptographic algorithm and shows if challenge code is legal;
Described dynamic password generator sends the dynamic password A that current dynamic password generator shows by step 108 to described server;
After server receives dynamic password A, adopt the algorithm identical to produce dynamic password B by step 109 with described dynamic password generator, and dynamic password A and dynamic password B compared obtain authentication result, feed back to described dynamic password generator and close authen session by step 110.
The algorithm principle of the above dynamic password is as follows:
Dynamic password adopts aes algorithm: the dynamic password generator generates 6 metric disposal passwords according to seed (seed) and 128 salt of one 128.For the dynamic password generator of determining, seed (Seed) is the number of one 128 true random, writes in the handheld terminal when producing and preserves, and therefore for a definite handheld terminal, this is a constant.Salt is 128 bit data that are made of sequence number, time and filler.In present algorithm, per minute produces a password, calculates with minute unit, and fill with 0 when participating in calculating real-time clock position second; In order further to increase the difficulty that is cracked, we can revise algorithm, for every 30s produces a password, or customize according to customer requirement.
The above generation OTP is that the process of dynamic password is: using aes algorithm (128 bit data, the version of 128 keys) encryption seed, is key with Salt, uses ECB mode (being exactly directly to call encryption function), does not fill (Padding).This can generate one 128 ciphertext blocks, on this basis, in order to obtain a N decimal digit (N=6 in realizing at present, or according to the customer requirements customized lengths) the OTP password, we use high-end N byte of this ciphertext blocks, current byte are removed as final OTP of 10 remainder respectively.
For example, if aes algorithm obtains following ciphertext blocks:
0x11?0x22?0x33?0x44?0x55?0x66?0x77?0x88
0x990xAA?0xBB?0xCC?0xDD?0xEE?0xFF0x00
Get 0x11 0x22 0x33 0x44 0x55 0x66 (17,34,51,68,85,102) this moment
Can obtain after blocking: 741852
More than describe the present invention in detail by specific embodiment; but it should be appreciated by those skilled in the art that the present invention is not limited to the above embodiment, within the spirit and principles in the present invention all; any modification of being done, be equal to replacement etc., all should be included within protection scope of the present invention.

Claims (6)

1. the dynamic cipher authentication method of a two-way authentication formula challenge response mechanism is realized by at least one server and at least one user's dynamic password generator, it is characterized in that: comprise the steps:
S1, described dynamic password generator is initiated authen session to described server, and sends described dynamic password generator sequence number to described server;
S2, described server uses cryptographic algorithm to handle according to the cipher code generator sequence number that receives, and forms challenge code and feeds back to described dynamic password generator;
S3, described dynamic password generator is verified the challenge code that receives, if the illegal dynamic password generator cancellation of challenge code shows and termination process that the dynamic password generator generates dynamic password A according to cryptographic algorithm and shows if challenge code is legal;
S4, described dynamic password generator sends the dynamic password A that current dynamic password generator shows to described server;
S5, after described server receives dynamic password A, adopt the algorithm identical to produce dynamic password B, and dynamic password A and dynamic password B compared obtain authentication result, feed back to described dynamic password generator and close authen session with described dynamic password generator.
2. the dynamic cipher authentication method of two-way authentication formula challenge response mechanism according to claim 1 is characterized in that:
Challenge code described in the S2 is realized by the AES cryptographic algorithm, is specifically comprised:
S2-1, described server produces a random number,
S2-2 uses the computing of aes cryptographic algorithm according to described dynamic password generator sequence number that receives and pairing parameter cryptographic seed thereof, and two specified byte of getting the gained result are respectively to 10 deliverys;
S3-3, the end with the delivery result is spliced to the random number of described server generation forms challenge code.
3. the dynamic cipher authentication method of two-way authentication formula challenge response mechanism according to claim 2, it is characterized in that: among the S2, described server uses before cryptographic algorithm handles according to the cipher code generator sequence number that receives, and also comprises: the step that described dynamic password generator sequence number is verified.
4. the dynamic cipher authentication method of two-way authentication formula challenge response mechanism according to claim 3, it is characterized in that: described described dynamic password generator sequence number is verified, its mode is: described dynamic password generator sequence number prestores on described server, after described server receives the sequence number that described dynamic password generator sends, the dynamic password generator sequence number that prestores and the described dynamic password generator sequence number of reception are compared, if unanimity then carry out downwards, otherwise termination process.
5. the dynamic cipher authentication method of two-way authentication formula challenge response mechanism according to claim 4, it is characterized in that: when described dynamic password generator sequence number compare inconsistent after, further comprise: the step that sends prompting sequence number non-existent information to described dynamic password generator.
6. the dynamic cipher authentication method of two-way authentication formula challenge response mechanism according to claim 1, it is characterized in that: described dynamic password generates and further comprises: use the aes algorithm encryption seed, with Salt is key, use the ECB mode promptly directly to call encryption function, generate one 128 ciphertext blocks;
Use high-end N byte of this ciphertext blocks, with its respectively divided by 10 remainder as wherein one of final described dynamic password, finally obtain the dynamic password of a N decimal digit.
CN2010101992970A 2010-06-12 2010-06-12 Dynamic password authentication method of mutual-authentication challenge response mechanism Pending CN102281137A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010101992970A CN102281137A (en) 2010-06-12 2010-06-12 Dynamic password authentication method of mutual-authentication challenge response mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010101992970A CN102281137A (en) 2010-06-12 2010-06-12 Dynamic password authentication method of mutual-authentication challenge response mechanism

Publications (1)

Publication Number Publication Date
CN102281137A true CN102281137A (en) 2011-12-14

Family

ID=45106336

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010101992970A Pending CN102281137A (en) 2010-06-12 2010-06-12 Dynamic password authentication method of mutual-authentication challenge response mechanism

Country Status (1)

Country Link
CN (1) CN102281137A (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102904883A (en) * 2012-09-25 2013-01-30 上海交通大学 Man-in-middle attack defense method of online trading system
CN103297413A (en) * 2012-01-28 2013-09-11 查平 Sharable online file secure safe
CN103580874A (en) * 2013-11-15 2014-02-12 清华大学 Identity authentication method and system and password protection device
CN104378199A (en) * 2014-12-05 2015-02-25 珠海格力电器股份有限公司 Dynamic password generating method and system and dynamic password generator of unit
CN104410498A (en) * 2014-12-03 2015-03-11 上海众人科技有限公司 Dynamic password authentication method and system
WO2015032248A1 (en) * 2013-09-06 2015-03-12 天地融科技股份有限公司 Token, dynamic password generation method, and dynamic password authentication method and system
CN104426662A (en) * 2013-09-05 2015-03-18 珠海格力电器股份有限公司 Physical equipment login password processing method and device
CN105024813A (en) * 2014-04-15 2015-11-04 中国银联股份有限公司 Server, user equipment and interactive method of the user equipment and the server
CN105530094A (en) * 2014-09-28 2016-04-27 中国移动通信集团公司 Method, device and system for identity authentication and cipher device
CN105807681A (en) * 2016-03-04 2016-07-27 广东格兰仕集团有限公司 Method for guaranteeing communication safety of smart products
CN108040030A (en) * 2017-10-24 2018-05-15 武汉米风通信技术有限公司 Position message mutual authentication method
CN108234519A (en) * 2013-09-30 2018-06-29 瞻博网络公司 Detect and prevent the man-in-the-middle attack on encryption connection
CN108964884A (en) * 2017-05-24 2018-12-07 武汉斗鱼网络科技有限公司 Generation method, storage medium, electronic equipment and the system of mobile terminal dynamic password

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1569381A1 (en) * 2004-02-24 2005-08-31 Intersil Americas INC. System and method for authentification
CN1703002A (en) * 2005-07-05 2005-11-30 江苏乐希科技有限公司 Portable one-time dynamic password generator and security authentication system using the same
CN1992590A (en) * 2005-12-29 2007-07-04 盛大计算机(上海)有限公司 Identity authentication system of network user and method
US20070277224A1 (en) * 2006-05-24 2007-11-29 Osborn Steven L Methods and Systems for Graphical Image Authentication
CN101163014A (en) * 2007-11-30 2008-04-16 中国电信股份有限公司 Dynamic password identification authenticating system and method
CN101252437A (en) * 2008-01-15 2008-08-27 深圳市九思泰达技术有限公司 Dynamic verification method, system and apparatus of client terminal identification under C/S architecture

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1569381A1 (en) * 2004-02-24 2005-08-31 Intersil Americas INC. System and method for authentification
CN1703002A (en) * 2005-07-05 2005-11-30 江苏乐希科技有限公司 Portable one-time dynamic password generator and security authentication system using the same
CN1992590A (en) * 2005-12-29 2007-07-04 盛大计算机(上海)有限公司 Identity authentication system of network user and method
US20070277224A1 (en) * 2006-05-24 2007-11-29 Osborn Steven L Methods and Systems for Graphical Image Authentication
CN101163014A (en) * 2007-11-30 2008-04-16 中国电信股份有限公司 Dynamic password identification authenticating system and method
CN101252437A (en) * 2008-01-15 2008-08-27 深圳市九思泰达技术有限公司 Dynamic verification method, system and apparatus of client terminal identification under C/S architecture

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《中国信息科技》 20090228 黄朝阳,徐颖 一种改进的基于挑战_应答机制的动态口令认证方案 , 第4期 *
黄朝阳,徐颖: "一种改进的基于挑战_应答机制的动态口令认证方案", 《中国信息科技》 *

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103297413A (en) * 2012-01-28 2013-09-11 查平 Sharable online file secure safe
CN103297413B (en) * 2012-01-28 2018-02-02 查平 A kind of security network document storing method and system
CN102904883A (en) * 2012-09-25 2013-01-30 上海交通大学 Man-in-middle attack defense method of online trading system
CN102904883B (en) * 2012-09-25 2015-07-08 上海交通大学 Man-in-middle attack defense method of online trading system
CN104426662A (en) * 2013-09-05 2015-03-18 珠海格力电器股份有限公司 Physical equipment login password processing method and device
CN104426662B (en) * 2013-09-05 2018-11-06 珠海格力电器股份有限公司 The processing method and processing device of physical equipment login password
WO2015032248A1 (en) * 2013-09-06 2015-03-12 天地融科技股份有限公司 Token, dynamic password generation method, and dynamic password authentication method and system
CN108234519B (en) * 2013-09-30 2020-11-24 瞻博网络公司 Detecting and preventing man-in-the-middle attacks on encrypted connections
CN108234519A (en) * 2013-09-30 2018-06-29 瞻博网络公司 Detect and prevent the man-in-the-middle attack on encryption connection
CN103580874B (en) * 2013-11-15 2017-01-04 清华大学 Identity identifying method, system and cipher protection apparatus
CN103580874A (en) * 2013-11-15 2014-02-12 清华大学 Identity authentication method and system and password protection device
CN105024813A (en) * 2014-04-15 2015-11-04 中国银联股份有限公司 Server, user equipment and interactive method of the user equipment and the server
CN105024813B (en) * 2014-04-15 2018-06-22 中国银联股份有限公司 A kind of exchange method of server, user equipment and user equipment and server
CN105530094B (en) * 2014-09-28 2019-04-23 中国移动通信集团公司 A kind of identity identifying method, device, system and scrambler
CN105530094A (en) * 2014-09-28 2016-04-27 中国移动通信集团公司 Method, device and system for identity authentication and cipher device
CN104410498B (en) * 2014-12-03 2018-04-03 上海众人网络安全技术有限公司 A kind of dynamic password authentication method and its system
CN104410498A (en) * 2014-12-03 2015-03-11 上海众人科技有限公司 Dynamic password authentication method and system
CN104378199B (en) * 2014-12-05 2018-05-25 珠海格力电器股份有限公司 A kind of generation method, system and the time dynamic password generator of unit dynamic password
CN104378199A (en) * 2014-12-05 2015-02-25 珠海格力电器股份有限公司 Dynamic password generating method and system and dynamic password generator of unit
CN105807681A (en) * 2016-03-04 2016-07-27 广东格兰仕集团有限公司 Method for guaranteeing communication safety of smart products
CN108964884A (en) * 2017-05-24 2018-12-07 武汉斗鱼网络科技有限公司 Generation method, storage medium, electronic equipment and the system of mobile terminal dynamic password
CN108040030A (en) * 2017-10-24 2018-05-15 武汉米风通信技术有限公司 Position message mutual authentication method

Similar Documents

Publication Publication Date Title
CN102281137A (en) Dynamic password authentication method of mutual-authentication challenge response mechanism
TW201812630A (en) Block chain identity system
US8132020B2 (en) System and method for user authentication with exposed and hidden keys
Nyang et al. Keylogging-resistant visual authentication protocols
CN101197667B (en) Dynamic password authentication method
US20130042111A1 (en) Securing transactions against cyberattacks
CN105072125B (en) A kind of http communication system and method
CN103929307A (en) Password input method, intelligent secret key device and client device
CN1879072A (en) System and method providing disconnected authentication
CN103036681B (en) A kind of password safety keyboard device and system
CN109361508A (en) Data transmission method, electronic equipment and computer readable storage medium
CN104125064B (en) A kind of dynamic cipher authentication method, client and Verification System
EP2840735A1 (en) Electronic cipher generation method, apparatus and device, and electronic cipher authentication system
CN108040048A (en) A kind of mobile client end subscriber dynamic secret key encryption communication method based on http protocol
CN106685644A (en) Communication encryption method, apparatus, gateway, server, intelligent terminal and system
CN113067823A (en) Mail user identity authentication and key distribution method, system, device and medium
SG175860A1 (en) Methods of robust multi-factor authentication and authorization and systems thereof
JP5324813B2 (en) Key generation apparatus, certificate generation apparatus, service provision system, key generation method, certificate generation method, service provision method, and program
CN102227106B (en) Method and system for intelligent secret key equipment to communicate with computer
US11693944B2 (en) Visual image authentication
Long et al. Energy-efficient and intrusion-resilient authentication for ubiquitous access to factory floor information
Kaur et al. A comparative analysis of various multistep login authentication mechanisms
WO2006062838A1 (en) Anti-phising logon authentication object oriented system and method
CN103929743B (en) A kind of encryption method to mobile intelligent terminal transmission data
CN103825740B (en) A kind of mobile terminal payment password Transmission system and method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20111214