CN106357679A - Method, system and client for password authentication, and server and intelligent equipment - Google Patents
Method, system and client for password authentication, and server and intelligent equipment Download PDFInfo
- Publication number
- CN106357679A CN106357679A CN201610939568.9A CN201610939568A CN106357679A CN 106357679 A CN106357679 A CN 106357679A CN 201610939568 A CN201610939568 A CN 201610939568A CN 106357679 A CN106357679 A CN 106357679A
- Authority
- CN
- China
- Prior art keywords
- key
- data
- password
- client
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000004891 communication Methods 0.000 claims abstract description 11
- 238000013500 data storage Methods 0.000 claims description 16
- 230000005540 biological transmission Effects 0.000 claims description 12
- 239000000203 mixture Substances 0.000 claims description 2
- 235000013399 edible fruits Nutrition 0.000 claims 1
- 230000008569 process Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention is suitable for the technical field of communications, and provides a method, a system and a client for password authentication, and a server and intelligent equipment. The method comprises the following steps that: the client encrypts input password/key data according to a first key to generate a first encrypted password and sends the first encrypted password to the server; the server decrypts the first encrypted password according to the first key, encrypts the input password/key data obtained after decryption according to a second key to generate a second encrypted password, generates an authentication command message according to the second encrypted password, and forwards the authentication command message to the intelligent equipment; and the intelligent equipment obtains original password/key data from a local place, decrypts the authentication command message by using the second key, then compares the input password data obtained after decryption with the original password data or compares the input key data obtained after decryption with the original key data, and returns an authentication result generated according to a comparison result to the client through the server. The invention can avoid disclosure of the password/key data and the error rate is low.
Description
Technical field
The invention belongs to communication technical field, more particularly, to a kind of method of cipher authentication, system and client, server
And smart machine.
Background technology
User cipher is used to the identity of operator is confirmed, is generally possible to provide correct user cipher to be quilt
It is considered validated user, it is possible to obtain operating right corresponding with user cipher.After initial password storage in the server, visitor
Family end subscriber can client input password, and send described input password be authenticated to server, with determine input close
Whether code mates with initial password, if it does, then can determine input password correctly, user can normal login service device.
By this cipher authentication mode, disabled user can be limited and log in client.
However, in realizing process of the present invention, inventor finds that the method for the cipher authentication that prior art provides at least is deposited
In following problem:
During user's registration, by the initial password of user setup, in plain text or initial password ciphertext is saved in server.User
During certification, by the input password of user input after line transmission is to server, server is defeated by user input for client
Enter the initial password that password preserved with server in plain text or initial password ciphertext data is compared, if consistent, certification is led to
Cross;Otherwise fail.
The mode of this cipher authentication, initial password is in plain text or initial password ciphertext is saved in server database, and
Leak in the data base administration of server or storage dangerous, database data may be led to reveal, occur initial
Decodement or initial password the leakage of password event, and, the input password of client user's input is direct by circuit
It is transferred to server, therefore input password is easily stolen.
Additionally, in the cipher authentication mode that provides of prior art, authentication command message is generated to server by client, by
Server carries out the certification of password.This cipher authentication mode, needs soft according to the different client of different client exploitations
Part, because client haves the characteristics that wide variety and updating decision, so the exploitation of client software, debugging and maintenance workload
Greatly, and the probability that malfunctions is high.
Content of the invention
In view of this, the embodiment of the present invention provides a kind of method of cipher authentication, system and client, server and intelligence
Equipment, may lead to password to reveal event with the method solving the cipher authentication of prior art offer, and the probability malfunctioning is high
Problem.
In a first aspect, providing a kind of method of cipher authentication, original password data or primary key data storage in intelligence
In energy equipment, methods described includes:
Client obtains input code data or input key data, according to first key encryption described input password number
According to or described input key data, generate the first Crypted password, and send described first Crypted password to server;
Server according to described first key to described first Crypted password deciphering, obtain described input code data or
After described input key data, described input code data or described input key data are encrypted according to the second key, generate
Second Crypted password, and generated after authentication command message according to described second Crypted password, described authentication command message is passed through
Client is forwarded to smart machine;
Smart machine first obtains original password data or primary key data, then with described second key to described certification
Command message is decrypted, and obtains described input code data or described input key data, then by described input password
Data is compared with described original password data or is compared described input key data with described primary key data
Right, authentication result is generated according to comparison result, and described authentication result is returned to client by server.
Further, if primary key data storage, in smart machine, obtains input code data in described client
Afterwards, also include:
The described input code data getting is converted into described input key data by client.
Further, described first key is preset or consulted to generate before client with server communication;
Described second key is preset or consulted to generate before server with smart device communication.
Further, described first key is symmetric key or described first key is unsymmetrical key;
Described second key is symmetric key or described second key is unsymmetrical key.
Further, when described first key is unsymmetrical key, public private key pair is generated by server, public key is sent to
Client;
When described second key is unsymmetrical key, public private key pair is generated by smart machine, public key is sent to server.
Further, described original password data or described primary key data storage are in the safety chip of smart machine
In.
Second aspect, provides a kind of client, and described client includes:
First Crypted password sending module, for obtaining input code data or input key data, close according to first
Key encryption described input code data or described input key data, generates the first Crypted password, and send described first plus
Password is to server;
Authentication command packet forwarding module, for authentication command message is forwarded to smart machine, described authentication command report
Literary composition is server according to described first key to described first Crypted password deciphering, obtains described input code data or described
After input key data, described input code data or described input key data are encrypted according to the second key, generate second
Crypted password, and generated according to described second Crypted password;
Authentication result receiver module, the authentication result returning for the reception server, described authentication result is smart machine
First obtain original password data or primary key data, then with described second key, described authentication command message is solved
Close, obtain described input code data or described input key data, then will be original with described for described input code data
Code data is compared or described input key data is compared with described primary key data, according to comparison result
Generate.
Further, described client also includes:
Password modular converter, for being converted into described input key data by described input code data.
The third aspect, provides a kind of server, and described server includes:
First Crypted password receiver module, for receiving the first Crypted password of client transmission, described first encryption is close
Code be client obtain input code data or input key data, according to first key encryption described input code data or
Generate after input key data described in person;
Authentication command message sending module, obtains to described first Crypted password deciphering for according to described first key
After described input code data or described input key data, described input code data or institute are encrypted according to the second key
State input key data, generate the second Crypted password, and generate after authentication command message according to described second Crypted password, by institute
State authentication command message and smart machine is forwarded to by client;
Authentication result forwarding module, the authentication result for generating described smart machine is back to client, described recognizes
Card result is that smart machine first obtains original password data or primary key data, then with described second key to described certification
Command message is decrypted, and obtains described input code data or described input key data, then by described input password
Data is compared with described original password data or is compared described input key data with described primary key data
Right, generated according to comparison result.
Fourth aspect, provides a kind of smart machine, original password data or primary key data storage in described intelligence
In equipment, described smart machine includes:
Authentication module, for first obtaining original password data or primary key data, then is ordered to certification with the second key
Make message be decrypted, obtain input code data or input key data, then by described input code data with described
Original password data is compared or described input key data is compared with described primary key data, according to comparison
Result generates authentication result, and returns described authentication result to client by server;
Wherein, described authentication command message is that server is deciphered to the first Crypted password according to first key, obtains described
After input code data or described input key data, described input code data or described defeated is encrypted according to the second key
Enter key data, generate the second Crypted password, and according to described second Crypted password generation;
Described first Crypted password is that client obtains described input code data or described input key data, according to
Generate after first key encryption described input code data or described input key data.
5th aspect, provides a kind of system of cipher authentication, and described system includes client as above, as mentioned above
Server and smart machine as above.
The beneficial effect that the embodiment of the present invention compared with prior art exists is: the embodiment of the present invention is passed through original password
Data or primary key data storage are in smart machine, without storage in the server, and former without carrying out on the line
Beginning code data or the transmission of primary key data, can avoid original password data or the leakage of primary key data.
In addition, when carrying out inputting cipher authentication, being encrypted to input code data or input key data using key, online
On road, transmission is the encryption data comprising to input code data or input key data, therefore input code data or defeated
Enter key data to be also not easy to be stolen, so that the transmission of input code data or input key data is safer,
The method overcoming the cipher authentication of offer may lead to password to reveal the problem of event.Additionally, certification life is generated by server
Make message it is not necessary to develop different client softwares for client, so the exploitation of client software, debugging and maintenance
Little, and the probability malfunctioning is low.
Brief description
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, below will be to embodiment or description of the prior art
In required use accompanying drawing be briefly described it should be apparent that, drawings in the following description be only the present invention some
Embodiment, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these
Accompanying drawing obtains other accompanying drawings.
Fig. 1 is the flowchart of the method for cipher authentication that first embodiment of the invention provides;
Fig. 2 is the structured flowchart of the client that second embodiment of the invention provides;
Fig. 3 is the structured flowchart of the server that third embodiment of the invention provides;
Fig. 4 is the structured flowchart of the smart machine that fourth embodiment of the invention provides;
Fig. 5 is the structured flowchart of the system of cipher authentication that fifth embodiment of the invention provides.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, below in conjunction with drawings and Examples, right
The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only in order to explain the present invention, and
It is not used in the restriction present invention.
It should be noted that the executive agent of the embodiment of the present invention includes server, client and smart machine.Wherein,
C/s (client/server) structure, i.e. client-server structure, client can be met between client and server
Can also meet b/s (browser/server) structure between server, i.e. browser and server structure, in addition, client
End can be mobile phone or computer, and here is all not construed as limiting.
Below in conjunction with specific embodiment, the realization of the present invention is described in detail:
Embodiment one
Fig. 1 show the embodiment of the present invention one provide the method for cipher authentication realize flow process, details are as follows:
In step s101, client obtains input code data or input key data, is encrypted according to first key
Described input code data or described input key data, generate the first Crypted password, and send described first Crypted password
To server.
In embodiments of the present invention, user can input password by client, and client receives the defeated of user input
After entering code data, the first Crypted password can be generated according to first key key1 encryption described input code data, and send
Described first Crypted password is to server.
Preferably, after client receives the input code data of user input, can be first by described input code data
It is converted into and described input code data corresponding input key data by predetermined conversion method, then according to first key
Encryption described input key data generates the first Crypted password, and sends described first Crypted password to server.Specifically, institute
Stating conversion method can be cryptographic calculation or hash computing etc., and here does not limit.
Which kind of mode to be converted into input key data corresponding with inputting code data by inputting code data especially by,
It is not limited in the embodiment of the present invention.
Specifically, first key key1 is preset or consulted to generate before client with server communication.
In addition, first key key1 can be symmetric key or unsymmetrical key.
Preferably, first key key1 is unsymmetrical key, if first key key1 is unsymmetrical key, by server
Generate public private key pair, public key is sent to client.
In step s102, server obtains described defeated according to described first key to described first Crypted password deciphering
After entering code data or described input key data, described input code data or described input are encrypted according to the second key
Key data, generates the second Crypted password, and generates after authentication command message according to described second Crypted password, by described certification
Command message is forwarded to smart machine by client.
In embodiments of the present invention, after server receives the first Crypted password of client transmission, according to first key
Key1 is decrypted to described first Crypted password, it is possible to obtain input code data or input key that step s101 obtains
Data, after obtaining described input code data or described input key data, server can add according to the second key key2
Close described input code data or described input key data, generate the second Crypted password, and close according to the described second encryption
After code generates authentication command message, described authentication command message is forwarded to smart machine by client.
Specifically, first key key1 is preset or consulted to generate before client with server communication.
In addition, the second key key2 can be symmetric key or unsymmetrical key.
Preferably, the second key key2 is unsymmetrical key, if the second key key2 is unsymmetrical key, by intelligently setting
Standby generation public private key pair, public key is sent to server.
In step s103, smart machine first obtains original password data or primary key data, then with described second
Key is decrypted to described authentication command message, obtains described input code data or described input key data, then
By described input code data compare with described original password data or will described input key data original with described
Key data is compared, and generates authentication result according to comparison result, and returns described authentication result to client by server
End.
In embodiments of the present invention, after smart machine receives the authentication command message of server transmission, first obtain local
The original password data of storage or primary key data, then with the second key key2, described authentication command message is solved
Close, obtain input code data or the input key data that step s101 obtains, then by described input code data and institute
State original password data compare or by described input key data compare with described primary key data, according to than
Authentication result is generated to result, and described authentication result is returned to client by server.
Specifically, smart machine can return described authentication result to client by following steps by server:
Step 1, smart machine generate authentication result response data according to described authentication result;
Step 2, smart machine send described authentication result response data to server;
Step 3, server parse described authentication result response data, obtain described authentication result;
Step 4, server send described authentication result to client.
Wherein, after client receives the authentication result of server transmission, described authentication result can be shown to user.
Preferably, original password data or primary key data storage be in the safety chip of smart machine, this safety
Chip is the safety chip through the close certification of state and the certification of associated safety department, and original password data or primary key data are deposited
Storage, in the safe space of described safety chip, can limit the data that user reads this safe space, and user can only be by recognizing
The mode of card obtains, and can not obtain described primary key data by other any modes.
Preferably, number of retries can be set, when number of retries exceedes described certification number of retries, intelligence can be locked
Equipment.
Specifically, the code data original password data locally stored with smart machine or solution are inputted when what deciphering obtained
The close input key data the obtaining primary key data locally stored with smart machine is compared, and authentication result is inconsistent
When, number of retries of can successively decreasing, when number of retries is 0, lock smart machine;When authentication result is consistent, then recover to retry
Number of times, certification success.
By the embodiment of the present invention, can by original password data or primary key data storage in smart machine,
Without storage in the server, and on the line without the transmission carrying out original password data or primary key data, permissible
Avoid original password data or the leakage of primary key data.In addition, when carrying out inputting cipher authentication, using key to defeated
Enter code data or input key data is encrypted, transmit on the line is to comprise to input code data or input close
The encryption data of key data, therefore input code data or input key data are also not easy to be stolen, so that input
The transmission of code data or input key data is safer, and the method overcoming the cipher authentication of offer may lead to password
The problem of leakage event.Additionally, authentication command message is generated by server it is not necessary to develop different clients for client
Software, so the exploitation of client software, debugging and maintenance are little, and the probability malfunctioning is low.
In addition, original password data or primary key data storage in the safety chip of smart machine so that user
Primary key data can not be got by any mode of the other outside cipher authentication mode, further increase primary key
The safety of data storage.
Additionally, the communication between client and server, between server and smart machine is all encryption, particularly adopt
When using unsymmetrical key, safety is higher.
It should be understood that in embodiments of the present invention, the size of the sequence number of above-mentioned each process is not meant to the elder generation of execution sequence
Afterwards, the execution sequence of each process should be determined with its function and internal logic, and should not be to the implementation process structure of the embodiment of the present invention
Become any restriction.
One of ordinary skill in the art will appreciate that realizing all or part of step in the various embodiments described above method is can
Completed with the hardware instructing correlation by program, corresponding program can be stored in a computer read/write memory medium
In, described storage medium, such as rom/ram, disk or CD etc..
Embodiment two
Fig. 2 shows the concrete structure block diagram of the client that the embodiment of the present invention two provides, and for convenience of description, only illustrates
The part related to the embodiment of the present invention.This client 2 constitutes the system of cipher authentication together with smart machine, server,
Wherein, in smart machine, this client 2 includes: the first Crypted password for original password data or primary key data storage
Sending module 21, authentication command packet forwarding module 22 and authentication result receiver module 23.
Wherein, the first Crypted password sending module 21, for obtaining input code data or input key data, according to
First key encryption described input code data or described input key data, generate the first Crypted password, and send described
First Crypted password is to server;
Authentication command packet forwarding module 22, for authentication command message is forwarded to smart machine, described authentication command
Message is that server is deciphered to described first Crypted password according to described first key, obtains described input code data or institute
After stating input key data, described input code data or described input key data is encrypted according to the second key, generate the
Two Crypted passwords, and generated according to described second Crypted password;
Authentication result receiver module 23, the authentication result returning for the reception server, described authentication result is that intelligence sets
Standby first acquisition original password data or primary key data, then with described second key, described authentication command message is solved
Close, obtain described input code data or described input key data, then will be original with described for described input code data
Code data is compared or described input key data is compared with described primary key data, according to comparison result
Generate.
Preferably, described client 2 also includes:
Password modular converter, for being converted into described input key data by described input code data.
Client provided in an embodiment of the present invention can be applied in aforementioned corresponding embodiment of the method one, and details are referring to upper
State the description of embodiment one, will not be described here.
Embodiment three
Fig. 3 shows the concrete structure block diagram of the server that the embodiment of the present invention three provides, and for convenience of description, only illustrates
The part related to the embodiment of the present invention.This server 3 constitutes the system of cipher authentication together with client, smart machine,
Wherein, in smart machine, this server 3 includes: the first Crypted password for original password data or primary key data storage
Receiver module 31, authentication command message sending module 32 and authentication result forwarding module 33.
Wherein, the first Crypted password receiver module 31, for receive client transmission the first Crypted password, described first
Crypted password is that client obtains input code data or input key data, encrypts described input password according to first key
Generate after data or described input key data;
Authentication command message sending module 32, obtains to described first Crypted password deciphering for according to described first key
Described input code data or described input key data after, according to second key encrypt described input code data or
Described input key data, generates the second Crypted password, and generates after authentication command message according to described second Crypted password, will
Described authentication command message is forwarded to smart machine by client;
Authentication result forwarding module 33, the authentication result for generating described smart machine is back to client, described
Authentication result is that smart machine first obtains original password data or primary key data, then is recognized to described with described second key
Card command message is decrypted, and obtains described input code data or described input key data, then will be close for described input
Code data is compared with described original password data or is carried out described input key data with described primary key data
Compare, generated according to comparison result.
Example IV
Fig. 4 shows the concrete structure block diagram of the smart machine that the embodiment of the present invention four provides, and for convenience of description, only shows
Go out the part related to the embodiment of the present invention.What this smart machine 4 constituted cipher authentication together with client, server is
System, wherein, in smart machine 4, this smart machine 4 includes: certification mould for original password data or primary key data storage
Block 41.
Wherein, authentication module 41, for first obtaining original password data or primary key data, then with the second key pair
Authentication command message is decrypted, and obtains input code data or input key data, then by described input code data
Compare with described original password data or described input key data is compared with described primary key data, root
Generate authentication result according to comparison result, and described authentication result is returned to client by server;
Wherein, described authentication command message is that server is deciphered to the first Crypted password according to first key, obtains described
After input code data or described input key data, described input code data or described defeated is encrypted according to the second key
Enter key data, generate the second Crypted password, and according to described second Crypted password generation;
Described first Crypted password is that client obtains described input code data or described input key data, according to
Generate after first key encryption described input code data or described input key data.
Embodiment five
Fig. 5 shows the concrete structure block diagram of the system of cipher authentication that the embodiment of the present invention five provides, for the ease of saying
Bright, illustrate only the part related to the embodiment of the present invention.The system 5 of this cipher authentication includes the clothes as described in embodiment three
Client described in business device, embodiment two and the smart machine described in example IV.Wherein, server and client connect
Connect, both can be with direction communication;Smart machine and client connect, and smart machine is communicated with server by client.
Described in the work visible embodiment one to four of interaction between specific service device, client and smart machine, will not be described here.
Those of ordinary skill in the art are it is to be appreciated that combine the list of each example of the embodiments described herein description
Unit and algorithm steps, being capable of being implemented in combination in electronic hardware or computer software and electronic hardware.These functions are actually
To be executed with hardware or software mode, the application-specific depending on technical scheme and design constraint.Professional and technical personnel
Each specific application can be used different methods to realize described function, but this realization is it is not considered that exceed
The scope of the present invention.
Those skilled in the art can be understood that, for convenience and simplicity of description, the system of foregoing description,
Device and the specific work process of unit, may be referred to the corresponding process in preceding method embodiment, will not be described here.
It should be understood that disclosed system, apparatus and method in several embodiments provided herein, permissible
Realize by another way.For example, device embodiment described above is only schematically, for example, described unit
Divide, only a kind of division of logic function, actual can have other dividing mode when realizing, for example multiple units or assembly
Can in conjunction with or be desirably integrated into another system, or some features can be ignored, or does not execute.Another, shown or
The coupling each other discussing or direct-coupling or communication connection can be by some interfaces, the indirect coupling of device or unit
Close or communicate to connect, can be electrical, mechanical or other forms.
The described unit illustrating as separating component can be or may not be physically separate, show as unit
The part showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.The mesh to realize this embodiment scheme for some or all of unit therein can be selected according to the actual needs
's.
In addition, can be integrated in a processing unit in each functional unit in each embodiment of the present invention it is also possible to
It is that unit is individually physically present it is also possible to two or more units are integrated in a unit.
If described function realized using in the form of SFU software functional unit and as independent production marketing or use when, permissible
It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words
Partly being embodied in the form of software product of part that prior art is contributed or this technical scheme, this meter
Calculation machine software product is stored in a storage medium, including some instructions with so that a computer equipment (can be individual
People's computer, server, or network equipment etc.) execution each embodiment methods described of the present invention all or part of step.
And aforesaid storage medium includes: u disk, portable hard drive, read only memory (rom, read-only memory), random access memory are deposited
Reservoir (ram, random access memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
The above, the only specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, and any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, all should contain
Cover within protection scope of the present invention.Therefore, protection scope of the present invention should described be defined by scope of the claims.
Claims (11)
1. a kind of method of cipher authentication is it is characterised in that original password data or primary key data storage set in intelligence
In standby, methods described includes:
Client obtain input code data or input key data, according to first key encryption described input code data or
Input key data described in person, generate the first Crypted password, and send described first Crypted password to server;
Server obtains described input code data or described according to described first key to described first Crypted password deciphering
After input key data, described input code data or described input key data are encrypted according to the second key, generate second
Crypted password, and generated after authentication command message according to described second Crypted password, described authentication command message is passed through client
End is forwarded to smart machine;
Smart machine first obtains original password data or primary key data, then with described second key to described authentication command
Message is decrypted, and obtains described input code data or described input key data, then by described input code data
Compare with described original password data or described input key data is compared with described primary key data, root
Generate authentication result according to comparison result, and described authentication result is returned to client by server.
If 2. the method for claim 1 is it is characterised in that primary key data storage is in smart machine, described
After client obtains input code data, also include:
The described input code data getting is converted into described input key data by client.
3. the method for claim 1 is it is characterised in that described first key is preset or in client and service
Consult generation before device communication;
Described second key is preset or consulted to generate before server with smart device communication.
4. the method for claim 1 is it is characterised in that described first key is symmetric key or described first key
It is unsymmetrical key;
Described second key is symmetric key or described second key is unsymmetrical key.
5. method as claimed in claim 4 is it is characterised in that when described first key is unsymmetrical key, given birth to by server
Become public private key pair, public key is sent to client;
When described second key is unsymmetrical key, public private key pair is generated by smart machine, public key is sent to server.
6. the method for claim 1 is it is characterised in that described original password data or described primary key data storage
In the safety chip of smart machine.
7. a kind of client is it is characterised in that described client includes:
First Crypted password sending module, for obtaining input code data or input key data, according to first key plus
Close described input code data or described input key data, generate the first Crypted password, and it is close to send described first encryption
Code is to server;
Authentication command packet forwarding module, for authentication command message is forwarded to smart machine, described authentication command message is
Server obtains described input code data or described input according to described first key to described first Crypted password deciphering
After key data, described input code data or described input key data are encrypted according to the second key, generate the second encryption
Password, and generated according to described second Crypted password;
Authentication result receiver module, the authentication result returning for the reception server, described authentication result is that smart machine first obtains
Take original password data or primary key data, then with described second key, described authentication command message is decrypted, obtain
Obtain described input code data or described input key data, then by described input code data and described original password number
Compare with described primary key data according to comparing or by described input key data, generated according to comparison result
's.
8. client as claimed in claim 7 is it is characterised in that described client also includes:
Password modular converter, for being converted into described input key data by described input code data.
9. a kind of server is it is characterised in that described server includes:
First Crypted password receiver module, for receiving the first Crypted password of client transmission, described first Crypted password is
Client obtains input code data or input key data, according to first key encryption described input code data or institute
Generate after stating input key data;
Authentication command message sending module, obtains described for according to described first key to described first Crypted password deciphering
After input code data or described input key data, described input code data or described defeated is encrypted according to the second key
Enter key data, generate the second Crypted password, and generated after authentication command message according to described second Crypted password, recognize described
Card command message is forwarded to smart machine by client;
Authentication result forwarding module, the authentication result for generating described smart machine is back to client, described certification knot
Fruit is that smart machine first obtains original password data or primary key data, then with described second key to described authentication command
Message is decrypted, and obtains described input code data or described input key data, then by described input code data
Compare with described original password data or described input key data is compared with described primary key data, root
Generate according to comparison result.
10. a kind of smart machine is it is characterised in that original password data or primary key data storage are in described smart machine
In, described smart machine includes:
Authentication module, for first obtaining original password data or primary key data, then with the second key to authentication command report
Literary composition is decrypted, and obtains input code data or input key data, then will be original with described for described input code data
Code data is compared or described input key data is compared with described primary key data, according to comparison result
Generate authentication result, and described authentication result is returned to client by server;
Wherein, described authentication command message is that server is deciphered to the first Crypted password according to first key, obtains described input
After code data or described input key data, described input code data is encrypted according to the second key or described input is close
Key data, generates the second Crypted password, and according to described second Crypted password generation;
Described first Crypted password is that client obtains described input code data or described input key data, according to first
Generate after key encryption described input code data or described input key data.
A kind of 11. systems of cipher authentication are it is characterised in that described system includes the client described in any one of claim 7 to 8
End, the server as described in any one of claim 9 and the smart machine as described in any one of claim 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610939568.9A CN106357679B (en) | 2016-10-24 | 2016-10-24 | Method, system and the client of cipher authentication, server and smart machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610939568.9A CN106357679B (en) | 2016-10-24 | 2016-10-24 | Method, system and the client of cipher authentication, server and smart machine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106357679A true CN106357679A (en) | 2017-01-25 |
| CN106357679B CN106357679B (en) | 2019-09-13 |
Family
ID=57864407
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610939568.9A Expired - Fee Related CN106357679B (en) | 2016-10-24 | 2016-10-24 | Method, system and the client of cipher authentication, server and smart machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106357679B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107195132A (en) * | 2017-04-28 | 2017-09-22 | 深圳怡化电脑股份有限公司 | A kind of finance self-help traction equipment and its auth method |
| CN107948065A (en) * | 2017-12-29 | 2018-04-20 | 杭州迪普科技股份有限公司 | A kind of link-state information acquisition methods and device |
| CN109547208A (en) * | 2018-11-16 | 2019-03-29 | 交通银行股份有限公司 | Electronic Finance equipment master key online distribution method and system |
| CN109684790A (en) * | 2018-12-26 | 2019-04-26 | 佛山市瑞德物联科技有限公司 | Software start-up method, soft ware authorization verification method, equipment and storage medium |
| CN110278083A (en) * | 2018-03-16 | 2019-09-24 | 腾讯科技(深圳)有限公司 | ID authentication request treating method and apparatus, equipment replacement method and apparatus |
| CN112069472A (en) * | 2020-07-23 | 2020-12-11 | 中国铁道科学研究院集团有限公司电子计算技术研究所 | User login authentication method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020031225A1 (en) * | 2000-09-08 | 2002-03-14 | Hines Larry Lee | User selection and authentication process over secure and nonsecure channels |
| CN101296086A (en) * | 2008-06-18 | 2008-10-29 | 华为技术有限公司 | Method, system and device for access authentication |
| CN101741860A (en) * | 2009-11-27 | 2010-06-16 | 华中科技大学 | Computer remote security control method |
| CN102469080A (en) * | 2010-11-11 | 2012-05-23 | 中国电信股份有限公司 | Method for pass user to realize safety login application client and system thereof |
| CN104484596A (en) * | 2015-01-07 | 2015-04-01 | 宇龙计算机通信科技(深圳)有限公司 | Method and terminal for creating password in multi-operation system |
| CN105656864A (en) * | 2014-11-27 | 2016-06-08 | 航天恒星科技有限公司 | TCM-based key management system and management method |
-
2016
- 2016-10-24 CN CN201610939568.9A patent/CN106357679B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020031225A1 (en) * | 2000-09-08 | 2002-03-14 | Hines Larry Lee | User selection and authentication process over secure and nonsecure channels |
| CN101296086A (en) * | 2008-06-18 | 2008-10-29 | 华为技术有限公司 | Method, system and device for access authentication |
| CN101741860A (en) * | 2009-11-27 | 2010-06-16 | 华中科技大学 | Computer remote security control method |
| CN102469080A (en) * | 2010-11-11 | 2012-05-23 | 中国电信股份有限公司 | Method for pass user to realize safety login application client and system thereof |
| CN105656864A (en) * | 2014-11-27 | 2016-06-08 | 航天恒星科技有限公司 | TCM-based key management system and management method |
| CN104484596A (en) * | 2015-01-07 | 2015-04-01 | 宇龙计算机通信科技(深圳)有限公司 | Method and terminal for creating password in multi-operation system |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107195132A (en) * | 2017-04-28 | 2017-09-22 | 深圳怡化电脑股份有限公司 | A kind of finance self-help traction equipment and its auth method |
| CN107948065A (en) * | 2017-12-29 | 2018-04-20 | 杭州迪普科技股份有限公司 | A kind of link-state information acquisition methods and device |
| CN110278083A (en) * | 2018-03-16 | 2019-09-24 | 腾讯科技(深圳)有限公司 | ID authentication request treating method and apparatus, equipment replacement method and apparatus |
| CN110278083B (en) * | 2018-03-16 | 2021-11-30 | 腾讯科技(深圳)有限公司 | Identity authentication request processing method and device, and equipment resetting method and device |
| CN114039734A (en) * | 2018-03-16 | 2022-02-11 | 腾讯科技(深圳)有限公司 | Device resetting method and device |
| CN109547208A (en) * | 2018-11-16 | 2019-03-29 | 交通银行股份有限公司 | Electronic Finance equipment master key online distribution method and system |
| CN109684790A (en) * | 2018-12-26 | 2019-04-26 | 佛山市瑞德物联科技有限公司 | Software start-up method, soft ware authorization verification method, equipment and storage medium |
| CN112069472A (en) * | 2020-07-23 | 2020-12-11 | 中国铁道科学研究院集团有限公司电子计算技术研究所 | User login authentication method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106357679B (en) | 2019-09-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106357679A (en) | Method, system and client for password authentication, and server and intelligent equipment | |
| CN103595718B (en) | A kind of POS terminal Activiation method, system, service platform and POS terminal | |
| CN101742499B (en) | Account number protection system for mobile communication equipment terminal and application method thereof | |
| US8904195B1 (en) | Methods and systems for secure communications between client applications and secure elements in mobile devices | |
| CN108270739B (en) | Method and device for managing encryption information | |
| CN104715187A (en) | Method and apparatus used for authenticating nodes of electronic communication system | |
| CN101771699A (en) | Method and system for improving SaaS application security | |
| CN101815091A (en) | Cipher providing equipment, cipher authentication system and cipher authentication method | |
| CN104113839A (en) | Mobile data safety protection system and method based on SDN | |
| CN106034123A (en) | Authentication method, application system server and client | |
| CN105007163B (en) | Transmission, acquisition methods and the transmission of wildcard, acquisition device | |
| CN105764051B (en) | Authentication method, authentication device, mobile device and server | |
| CN109274500A (en) | A kind of key downloading method, client, encryption device and terminal device | |
| CN101707522B (en) | Method and system for authentication and connection | |
| CN106060073A (en) | Channel key negotiation method | |
| CN106452752B (en) | Method, system and the client of Modify password, server and smart machine | |
| CN110493177A (en) | Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system | |
| US20200092096A1 (en) | Method for secure management of secrets in a hierarchical multi-tenant environment | |
| CN104506509A (en) | Multifunctional security authentication terminal and authentication method based on terminal | |
| CN100561913C (en) | A kind of method of access code equipment | |
| CN201717885U (en) | Code providing equipment and code identification system | |
| CN101646172B (en) | Method and device for generating key in distributed MESH network | |
| CN108229193B (en) | Wearing device terminal information encryption method, encrypted data early warning device and wearing device terminal | |
| CN114170709B (en) | Cash box management method and system based on Internet of Things | |
| KR102053993B1 (en) | Method for Authenticating by using Certificate |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190913 |