CN107196972B - Authentication method and system, terminal and server - Google Patents
Authentication method and system, terminal and server Download PDFInfo
- Publication number
- CN107196972B CN107196972B CN201710591304.3A CN201710591304A CN107196972B CN 107196972 B CN107196972 B CN 107196972B CN 201710591304 A CN201710591304 A CN 201710591304A CN 107196972 B CN107196972 B CN 107196972B
- Authority
- CN
- China
- Prior art keywords
- authentication
- terminal
- hash value
- characteristic information
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Telephonic Communication Services (AREA)
Abstract
The application provides an authentication method and system, a terminal and a server, wherein the authentication method comprises the following steps: sending an authentication request containing an authentication identifier representing non-primary authentication to a server, and obtaining a verification code sent by the server; extracting characteristic information of a terminal, and performing hash operation on the characteristic information to obtain a hash value of the characteristic information; performing a salting hash operation by taking the hash value of the characteristic information as a salt value and combining the verification code to obtain a salting hash value; and sending the salted hash value to the server so that the server can perform authentication by using the salted hash value. According to the method and the device, the terminal characteristics are adopted to authenticate whether the user has the terminal use authority, so that the abnormal user can not pass the authentication even if the normal user short message is intercepted to obtain the verification code under the condition that the abnormal user does not have the use authority of the user equipment, and the abnormal user can not pass the authentication.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to an authentication method and system, a terminal, and a server.
Background
The rapid development and wide application of mobile communication technology brings great convenience to people's lives, but also brings many potential safety hazards. For example, in many cases, the user identity needs to be authenticated, and at present, a verification code is usually issued to a user terminal in a short message manner, so as to authenticate whether the user is a valid user through the verification code.
However, since the wireless channel is open, an abnormal user (attacker) can use the corresponding receiving device to intercept the short message of the terminal, and use the verification code to pass authentication, thereby disguising as a legitimate user and damaging the normal user benefit.
Disclosure of Invention
In view of this, the present application provides an authentication method and system, in which feature information of a terminal is used to authenticate whether a current user has a terminal usage right, so that an abnormal user cannot pass authentication even though a normal user short message is intercepted to obtain a verification code without the terminal usage right, thereby ensuring that the abnormal user cannot pass authentication.
In order to achieve the above object, the present application provides the following technical features:
an authentication method, comprising:
sending an authentication request containing an authentication identifier representing non-primary authentication to a server, and obtaining a verification code sent by the server;
extracting characteristic information of a terminal, and performing hash operation on the characteristic information to obtain a hash value of the characteristic information;
performing a salting hash operation by taking the hash value of the characteristic information as a salt value and combining the verification code to obtain a salting hash value;
and sending the salted hash value to the server so that the server can perform authentication by using the salted hash value.
Optionally, before sending the authentication request including the authentication identifier indicating non-first-time authentication to the server, the method further includes:
judging whether the terminal is authenticated for the first time;
if the authentication is not the first authentication, generating an authentication request containing an authentication identifier representing the non-first authentication; wherein the authentication request further comprises a user identification.
Optionally, the method further includes:
if the authentication is the first authentication, generating an authentication request containing an authentication identifier representing the first authentication; wherein the authentication request further comprises a user identification;
sending an authentication request containing a first identifier to the server, and executing forced authentication operation with the server;
extracting characteristic information of a terminal, and performing hash operation on the characteristic information to obtain a hash value of the characteristic information;
and sending the user identification and the hash value of the characteristic information to the server so that the server adds the corresponding relation between the user identification and the hash value of the characteristic information in the terminal use permission relation.
Optionally, the method further includes:
and receiving and displaying the authentication result sent by the server.
An authentication method, comprising:
a receiving terminal sends an authentication request; the authentication request comprises a user identifier and an authentication identifier which represents whether the terminal is authenticated for the first time;
generating a verification code and sending the verification code to the terminal under the condition that the terminal is determined not to carry out authentication request for the first time based on the authentication identifier;
searching a hash value of the characteristic information corresponding to the user identification in the terminal use permission relation; the terminal use permission relation comprises a one-to-one correspondence relation between each user identifier and the hash value of each characteristic information, and the hash value of the characteristic information is obtained by executing a first hash operation on the characteristic information of the terminal with the user identifier use permission;
taking the hash value of the characteristic information as a salt value, and executing a salt adding hash operation by combining the verification code to obtain a salt adding hash value;
and comparing the salted hash value with the salted hash value sent by the terminal, and sending an authentication result to the terminal according to the comparison result.
Optionally, after the receiving terminal sends the authentication request, the method further includes:
and executing forced authentication operation with the terminal under the condition that the terminal is determined to carry out the authentication request for the first time based on the authentication identifier.
Optionally, after performing the forced authentication operation with the terminal, the method further includes:
receiving a hash value and a user identification of the characteristic information sent by the terminal;
and adding the corresponding relation between the hash value of the characteristic information and the user identification in the terminal use permission relation.
A terminal, comprising:
the communication module is used for sending an authentication request containing an authentication identifier representing non-primary authentication to a server and acquiring a verification code sent by the server; sending the salted hash value calculated by the processor to the server so that the server can authenticate by using the salted hash value;
the processor is used for extracting the characteristic information of the terminal and executing hash operation on the characteristic information to obtain a hash value of the characteristic information; and performing a salting hash operation by taking the hash value of the characteristic information as a salt value and combining the verification code to obtain a salting hash value.
A server, comprising:
the communication module is used for receiving an authentication request sent by a terminal; the authentication request comprises a user identifier and an authentication identifier which represents whether the terminal is authenticated for the first time, and an authentication result is sent to the terminal;
the processor is used for generating a verification code and sending the verification code to the terminal under the condition that the terminal is determined not to carry out authentication request for the first time based on the authentication identification; searching a hash value of the characteristic information corresponding to the user identification in the terminal use permission relation; the terminal use permission relation comprises a one-to-one correspondence relation between each user identifier and the hash value of each characteristic information, and the hash value of the characteristic information is obtained by executing a first hash operation on the characteristic information of the terminal with the user identifier use permission; taking the hash value of the characteristic information as a salt value, and executing a salt adding hash operation by combining the verification code to obtain a salt adding hash value; and comparing the salted hash value with the salted hash value sent by the terminal to obtain an authentication result.
An authentication system comprising:
the terminal is used for sending an authentication request containing an authentication identifier representing non-primary authentication to the server and acquiring a verification code sent by the server; the authentication request comprises a user identifier and an authentication identifier which represents whether the terminal is authenticated for the first time; extracting characteristic information of a terminal, and performing hash operation on the characteristic information to obtain a hash value of the characteristic information; performing a salting hash operation by taking the hash value of the characteristic information as a salt value and combining the verification code to obtain a salting hash value; sending the salted hash value to the server; and receiving the authentication result sent by the server.
The server is used for receiving an authentication request sent by the terminal; generating a verification code and sending the verification code to the terminal under the condition that the terminal is determined not to carry out authentication request for the first time based on the authentication identifier; searching a hash value of the characteristic information corresponding to the user identification in the terminal use permission relation; the terminal use permission relation comprises a one-to-one correspondence relation between each user identifier and the hash value of each characteristic information, and the hash value of the characteristic information is obtained by executing a first hash operation on the characteristic information of the terminal with the user identifier use permission; taking the hash value of the characteristic information as a salt value, and executing a salt adding hash operation by combining the verification code to obtain a salt adding hash value; and comparing the salted hash value with the salted hash value sent by the terminal, and sending an authentication result to the terminal according to the comparison result.
Through the technical means, the following beneficial effects can be realized:
the method and the device adopt the characteristic information of the terminal to authenticate whether the user has the terminal use authority, so that the abnormal user can not pass the authentication even if the abnormal user eavesdrops the short message of the normal user to obtain the verification code under the condition that the abnormal user does not have the user terminal use authority, and the abnormal user can not pass the authentication. In addition, the operation of the user still only needs to input the verification code, and the user experience is not influenced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of an authentication system disclosed in an embodiment of the present application;
fig. 2 is a flowchart of an authentication method disclosed in an embodiment of the present application;
FIG. 3 is a flow chart of yet another authentication method disclosed in an embodiment of the present application;
fig. 4 is a schematic structural diagram of a terminal disclosed in an embodiment of the present application;
fig. 5 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
To facilitate those skilled in the art to understand the application scenario of the present application, referring to fig. 1, the present application provides an authentication system, which includes a terminal 100 and a server 200.
According to an embodiment provided by the application, an authentication method is provided based on the authentication system shown in fig. 1. Referring to fig. 2, the method specifically includes the following steps:
step S201: the terminal 100 determines whether or not it is the first authentication.
The application is generally applied to a client with an application installed on a terminal. It is understood that the server 200 corresponds to the client 100. For example, in the chinese bank behavior example, the client 100 is a client of "chinese bank", and correspondingly, the server 200 is a server of "chinese bank".
When a client on the terminal 100 performs some operations (e.g., sensitive operations such as login operation, payment operation, or transfer operation), the client needs to authenticate the current user. In this case, the client on the terminal 100 determines whether the authentication is the first authentication.
The client on the terminal 100 includes an authentication identity which may indicate whether it has been authenticated on the server 200.
For example, taking the authentication flag as a flag, when the authentication flag is "1", it indicates that the terminal 100 has already performed authentication on the server 200, and this time authentication is performed with the server 200, but it is not first authentication. When the authentication flag is "0", it indicates that the terminal 100 has not authenticated the server 200, and this authentication with the server 200 is the first authentication.
The terminal 100 may determine whether to authenticate for the first time based on the authentication identifier stored in the client.
Step S202: if the authentication is the first authentication, generating an authentication request containing an authentication identifier representing the first authentication; wherein the authentication request further comprises a user identification.
And if the authentication identifier indicates that the terminal is authenticated for the first time, generating an authentication request containing the authentication identifier, wherein the authentication identifier indicates that the terminal is authenticated for the first time to the server. In addition, the authentication request also includes the user identification of the login client.
Step S203: the terminal 100 sends an authentication request containing the first identification to the server 200.
Step S204: the server 200 receives an authentication request containing a first identifier sent by the terminal 100, and executes forced authentication operation with the terminal under the condition that the terminal is determined to be performing the authentication request for the first time based on the authentication identifier.
The server 200 receives the authentication request sent by the terminal 100, and can know that the terminal 100 is authenticated for the first time through the authentication identifier in the authentication request, and the server 200 has not been authenticated before. In this authentication process, the server 200 and the terminal 100 may perform a forced authentication operation.
The forced authentication operation may be one of existing authentication operations, for example, the server 200 transmits a verification code to the terminal 100 for authentication. This process is well-established and will not be described herein.
Step S205: the terminal 100 extracts the characteristic information of the terminal, performs a hash operation on the characteristic information to obtain a hash value of the characteristic information, and sends the user identifier and the hash value of the characteristic information to the server 200.
After the terminal 100 performs the forced authentication operation with the server 200, the terminal 100 may extract the characteristic information of the terminal. The characteristic information is information that can uniquely represent the terminal. For example, the IMEI number of the terminal, the factory number of the terminal, etc.
The purpose of acquiring the characteristic information of the terminal in the application is to verify whether the current user of the login client is a legal user by using the characteristic information and the verification code. Since the verification code issued by the server 200 is easy to steal, the present application adds the characteristic information of the terminal in addition to the verification code.
In general, a terminal used by a valid user is basically unchanged, so the characteristic information of the terminal may indicate whether the current user logged in to the client has a terminal usage right.
For example, the current user who logs in the client usually logs in by using a terminal whose feature information is a, which indicates that the current user has the terminal usage right whose feature information is a. And if the current user adopts the terminal with the characteristic information B to log in, the current user does not have the terminal use authority with the characteristic information B.
The terminal 100 may directly transmit the characteristic information of the terminal to the server 200 for storage by the server 200.
Generally, however, in order to improve transmission efficiency and avoid stealing the feature information, a hash operation may be performed on the feature information of the terminal, so as to obtain a hash value of the feature information. The number of bytes of the hash value is smaller than the number of bytes of the characteristic information, so that the transmission efficiency can be improved. Moreover, after the hash operation is performed on the characteristic information of the terminal, the characteristic information of the terminal can be prevented from being directly transmitted in a clear text in a network, and the characteristic information of the terminal can be protected.
Step S206: the server 200 receives the hash values of the user identifier and the feature information, and adds the corresponding relationship between the user identifier and the hash value of the feature information in the terminal use permission relationship.
The server 200 has a terminal usage right relationship, which includes a corresponding relationship between each user identifier and a hash value of each corresponding feature information. Taking a corresponding relationship as an example, if the user identifier a and the hash value a of the feature information have a corresponding relationship, the user identifier a has the usage right of the terminal corresponding to the feature information.
According to another embodiment of the present application, an authentication method is further provided based on the authentication system shown in fig. 1. Referring to fig. 3, the following steps are specifically included:
step S301: the terminal 100 transmits an authentication request including an authentication flag indicating non-primary authentication to the server 200.
If the terminal 100 determines that the authentication identifier in the client is not the first authentication, it generates an authentication request including the authentication identifier, which is an identifier indicating that authentication is not performed to the server for the first time. In addition, the authentication request also includes the user identification of the login client.
Step S302: the server 200 receives an authentication request including an authentication identifier indicating non-primary authentication, generates a verification code and transmits the verification code to the terminal when it is determined that the terminal does not perform the authentication request for the first time based on the authentication identifier.
The server 200 receives the authentication request sent by the terminal 100, and can know that the terminal 100 is not authenticated for the first time through the authentication identifier in the authentication request. Therefore, a new authentication approach can be used: and a double verification mode of the characteristic information and the verification code of the terminal is utilized.
Therefore, the server 200 generates the verification code first, and the manner of generating the verification code may be various and is a mature technology, and is not described herein again.
Step S303: the server 300 searches a hash value of the characteristic information corresponding to the user identifier in the terminal use permission relationship; and taking the hash value of the characteristic information as a salt value, and executing a salt adding hash operation by combining the verification code to obtain a salt adding hash value.
As can be seen from the above-described embodiment shown in fig. 2: the terminal use permission relation comprises a one-to-one correspondence relation between each user identifier and the hash value of each characteristic information, and the hash value of the characteristic information is obtained after the characteristic information of the terminal with the user identifier use permission executes a first hash operation.
The server 200 obtains the user identifier in the authentication request, and searches the hash value of the feature information corresponding to the user identifier in the terminal use permission relationship.
The process of the salting hash operation may be: the hash operation (captcha + salt) is a hash value. That is, the server 200 takes the hash value of the feature information as a salt value, and then combines the salt value and the verification code, thereby performing a hash operation on the combined data, thereby obtaining a salted hash value.
Step S304: the terminal 100 receives the verification code sent by the server, extracts the characteristic information of the terminal, and performs hash operation on the characteristic information to obtain a hash value of the characteristic information; performing a salting hash operation by taking the hash value of the characteristic information as a salt value and combining the verification code to obtain a salting hash value; sending the salted hash value to the server 200.
The process performed by the terminal 100 is similar to the process of step S303, and is not described herein again.
Step S305: the server 200 compares the calculated salted hash value with the salted hash value sent by the terminal, and sends an authentication result to the terminal according to the comparison result.
The server 200 calculates a hash value and a verification code according to the pre-stored feature information to obtain a salted hash value, and uses the salted hash value as an authentication basis.
The terminal 100 extracts the characteristic information of the terminal and obtains a hash value of the characteristic information, and obtains a salted hash value by using the hash value of the characteristic information and the received verification code, and uses the salted hash value as an authentication certificate.
The server 200 compares the two salted hash values, and if the two salted hash values are consistent, it indicates that the user has the terminal use authority, and the verification code is correctly input, that is, the current user passes the authentication and is a valid user.
If the two salted hash values are consistent, the current user does not have the terminal use authority, or the verification code is input wrongly, namely the current user is not authenticated as an illegal user.
The server 200 transmits the authentication result to the terminal 100.
The terminal 100 is configured to receive and display the authentication result.
Through the two embodiments, it can be seen that the application has the following beneficial effects:
compared with the mode of directly using the verification code in the prior art, the method and the device have the advantage that the attack terminal does not have normal equipment use permission because the attack terminal cannot obtain the characteristic information of the normal terminal under the condition that an attacker eavesdrops the user short message to obtain the verification code. That is, the attack terminal cannot provide the salt value required for calculating the salted hash operation, and cannot calculate the correct salted hash value (authentication credential).
In the embodiment, the hash value of the device information is used as the salt value, and the hash value cannot be exhausted, so that the method can effectively prevent an attacker from passing authentication under the condition that the eavesdropper does not have corresponding terminal use authority and the characteristic information is not leaked. And moreover, the hash value of the characteristic information is used as a salt value, so that the method is safer than the method of directly using the characteristic information, and the leakage of the characteristic information is prevented.
In addition, the operation of the user still only needs to input the verification code, and the user experience is not influenced.
An example of an application of the present application is described below:
when the client of the terminal 100 determines that the authentication is the first authentication, it sends an authentication request to the server 200, and both parties perform forced authentication operation to establish a secure and reliable channel. On this basis, the terminal 100 reads the IMEI code of the terminal as the characteristic information, calculates the hash value S of the characteristic information, and transmits the hash value S to the server 200. And the server correspondingly stores the user identification and the S value.
The terminal 100 initiates an authentication request to the server 200, and the server 200 issues a verification code through a short message. The terminal 100 reads the IMEI code of the terminal, performs hash operation to obtain a hash value S ', uses the hash value S ' as a salt, and performs hash operation again on the received verification code to obtain an authentication credential H '; the authentication credential H' is sent to the server 200.
The server 200 searches for a value S corresponding to the user identifier as a salt value, performs a hash operation on the generated verification code to obtain an authentication credential H, and compares whether H is the same as H'. If the two are the same, the authentication is passed; if not, authentication fails.
Referring to fig. 4, the present application also provides a terminal including:
a communication module 101, configured to send an authentication request including an authentication identifier indicating non-primary authentication to a server, and obtain a verification code sent by the server; sending the salted hash value calculated by the processor to the server so that the server can authenticate by using the salted hash value;
the processor 102 is configured to extract feature information of the terminal, and perform a hash operation on the feature information to obtain a hash value of the feature information; and performing a salting hash operation by taking the hash value of the characteristic information as a salt value and combining the verification code to obtain a salting hash value.
Referring to fig. 5, the present application also provides a server, including:
a communication module 201, configured to receive an authentication request sent by a terminal; the authentication request comprises a user identifier and an authentication identifier which represents whether the terminal is authenticated for the first time, and an authentication result is sent to the terminal;
a processor 202, configured to generate a verification code and send the verification code to the terminal when it is determined that the terminal does not perform an authentication request for the first time based on the authentication identifier; searching a hash value of the characteristic information corresponding to the user identification in the terminal use permission relation; the terminal use permission relation comprises a one-to-one correspondence relation between each user identifier and the hash value of each characteristic information, and the hash value of the characteristic information is obtained by executing a first hash operation on the characteristic information of the terminal with the user identifier use permission; taking the hash value of the characteristic information as a salt value, and executing a salt adding hash operation by combining the verification code to obtain a salt adding hash value; and comparing the salted hash value with the salted hash value sent by the terminal to obtain an authentication result.
The functions described in the method of the present embodiment, if implemented in the form of software functional units and sold or used as independent products, may be stored in a storage medium readable by a computing device. Based on such understanding, part of the contribution to the prior art of the embodiments of the present application or part of the technical solution may be embodied in the form of a software product stored in a storage medium and including several instructions for causing a computing device (which may be a personal computer, a server, a mobile computing device or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. An authentication method, comprising:
sending an authentication request containing an authentication identifier representing non-primary authentication to a server, and obtaining a verification code sent by the server; extracting characteristic information of a terminal, and performing hash operation on the characteristic information to obtain a hash value of the characteristic information;
performing a salting hash operation by taking the hash value of the characteristic information as a salt value and combining the verification code to obtain a salting hash value;
sending the salted hash value to the server so that the server can perform authentication by using the salted hash value;
before sending the authentication request containing the authentication identifier representing non-first authentication to the server, the method further comprises the following steps:
judging whether the terminal is authenticated for the first time;
if the authentication is not the first authentication, generating an authentication request containing an authentication identifier representing the non-first authentication; wherein the authentication request further comprises a user identification.
2. The method of claim 1, further comprising:
if the authentication is the first authentication, generating an authentication request containing an authentication identifier representing the first authentication; wherein the authentication request further comprises a user identification;
sending an authentication request containing a first identifier to the server, and executing forced authentication operation with the server;
extracting characteristic information of a terminal, and performing hash operation on the characteristic information to obtain a hash value of the characteristic information;
and sending the user identification and the hash value of the characteristic information to the server so that the server adds the corresponding relation between the user identification and the hash value of the characteristic information in the terminal use permission relation.
3. The method of claim 1, further comprising:
and receiving and displaying the authentication result sent by the server.
4. An authentication method, comprising:
a receiving terminal sends an authentication request; the authentication request comprises a user identifier and an authentication identifier which represents whether the terminal is authenticated for the first time;
generating a verification code and sending the verification code to the terminal under the condition that the terminal is determined not to carry out authentication request for the first time based on the authentication identifier; searching a hash value of the characteristic information corresponding to the user identification in the terminal use permission relation; the terminal use permission relation comprises a one-to-one correspondence relation between each user identifier and the hash value of each characteristic information, and the hash value of the characteristic information is obtained by executing a first hash operation on the characteristic information of the terminal with the user identifier use permission;
taking the hash value of the characteristic information as a salt value, and executing a salt adding hash operation by combining the verification code to obtain a salt adding hash value;
comparing the salted hash value with the salted hash value sent by the terminal, and sending an authentication result to the terminal according to the comparison result;
after the receiving terminal sends the authentication request, the method further comprises the following steps:
and executing forced authentication operation with the terminal under the condition that the terminal is determined to carry out the authentication request for the first time based on the authentication identifier.
5. The method of claim 4, after performing the forced authentication operation with the terminal, further comprising:
receiving a hash value and a user identification of the characteristic information sent by the terminal;
and adding the corresponding relation between the hash value of the characteristic information and the user identification in the terminal use permission relation.
6. A terminal, comprising:
the communication module is used for sending an authentication request containing an authentication identifier representing non-primary authentication to a server and acquiring a verification code sent by the server; sending the salted hash value calculated by the processor to the server so that the server can authenticate by using the salted hash value;
the processor is used for extracting the characteristic information of the terminal and executing hash operation on the characteristic information to obtain a hash value of the characteristic information; and performing a salting hash operation by taking the hash value of the characteristic information as a salt value and combining the verification code to obtain a salting hash value.
7. A server, comprising:
the communication module is used for receiving an authentication request sent by a terminal; the authentication request comprises a user identifier and an authentication identifier which represents whether the terminal is authenticated for the first time, and an authentication result is sent to the terminal;
the processor is used for generating a verification code and sending the verification code to the terminal under the condition that the terminal is determined not to carry out authentication request for the first time based on the authentication identification; searching a hash value of the characteristic information corresponding to the user identification in the terminal use permission relation; the terminal use permission relation comprises a one-to-one correspondence relation between each user identifier and the hash value of each characteristic information, and the hash value of the characteristic information is obtained by executing a first hash operation on the characteristic information of the terminal with the user identifier use permission; taking the hash value of the characteristic information as a salt value, and executing a salt adding hash operation by combining the verification code to obtain a salt adding hash value; and comparing the salted hash value with the salted hash value sent by the terminal to obtain an authentication result.
8. An authentication system, comprising:
the terminal is used for sending an authentication request containing an authentication identifier representing non-primary authentication to the server and acquiring a verification code sent by the server; the authentication request comprises a user identifier and an authentication identifier which represents whether the terminal is authenticated for the first time; extracting characteristic information of a terminal, and performing hash operation on the characteristic information to obtain a hash value of the characteristic information; performing a salting hash operation by taking the hash value of the characteristic information as a salt value and combining the verification code to obtain a salting hash value; sending the salted hash value to the server; receiving an authentication result sent by a server;
the server is used for receiving an authentication request sent by the terminal; generating a verification code and sending the verification code to the terminal under the condition that the terminal is determined not to carry out authentication request for the first time based on the authentication identifier; searching a hash value of the characteristic information corresponding to the user identification in the terminal use permission relation; the terminal use permission relation comprises a one-to-one correspondence relation between each user identifier and the hash value of each characteristic information, and the hash value of the characteristic information is obtained by executing a first hash operation on the characteristic information of the terminal with the user identifier use permission; taking the hash value of the characteristic information as a salt value, and executing a salt adding hash operation by combining the verification code to obtain a salt adding hash value; and comparing the salted hash value with the salted hash value sent by the terminal, and sending an authentication result to the terminal according to the comparison result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710591304.3A CN107196972B (en) | 2017-07-19 | 2017-07-19 | Authentication method and system, terminal and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710591304.3A CN107196972B (en) | 2017-07-19 | 2017-07-19 | Authentication method and system, terminal and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107196972A CN107196972A (en) | 2017-09-22 |
| CN107196972B true CN107196972B (en) | 2020-12-22 |
Family
ID=59883298
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710591304.3A Active CN107196972B (en) | 2017-07-19 | 2017-07-19 | Authentication method and system, terminal and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107196972B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108134770A (en) * | 2017-10-19 | 2018-06-08 | 黄策 | Verify the application layer theft preventing method of short message |
| CN107733656A (en) * | 2017-10-23 | 2018-02-23 | 北京深思数盾科技股份有限公司 | A kind of cipher authentication method and device |
| CN108566278B (en) * | 2018-03-21 | 2020-04-14 | 北京金堤科技有限公司 | Data cooperation method and device |
| CN108763303B (en) * | 2018-04-20 | 2021-03-09 | 广东省科技基础条件平台中心 | Platform verification method and device, computer equipment and storage medium |
| CN109450917B (en) * | 2018-11-28 | 2021-11-26 | 珠海金山网络游戏科技有限公司 | Account login method and device, computing equipment and storage medium |
| CN115600177B (en) * | 2022-10-09 | 2024-04-16 | 北京金和网络股份有限公司 | Identity authentication method and device, storage medium and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101500232A (en) * | 2009-03-13 | 2009-08-05 | 北京华大智宝电子系统有限公司 | Method and system for implementing dynamic identity authentication |
| CN103841130A (en) * | 2012-11-21 | 2014-06-04 | 深圳市腾讯计算机系统有限公司 | Verification information pushing method and device, and identity authentication method and device |
| CN104869570A (en) * | 2015-04-10 | 2015-08-26 | 电子科技大学 | Speaking terminal confirmation method based on language channel |
| CN104901925A (en) * | 2014-03-05 | 2015-09-09 | 中国移动通信集团北京有限公司 | End-user identity authentication method, device and system and terminal device |
| CN106878324A (en) * | 2017-03-15 | 2017-06-20 | 中国联合网络通信集团有限公司 | Short message authentication method, short message certification server and terminal |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20140050322A (en) * | 2012-10-19 | 2014-04-29 | 삼성전자주식회사 | Method and apparatus for providing unique identifier of user device |
| CN104243155B (en) * | 2013-06-18 | 2019-01-22 | 腾讯科技(深圳)有限公司 | The method and device of safety verification |
| CN105407074A (en) * | 2014-09-11 | 2016-03-16 | 腾讯科技(深圳)有限公司 | Authentication method, apparatus and system |
| CN105591743B (en) * | 2014-10-23 | 2020-07-24 | 腾讯科技(深圳)有限公司 | Method and device for identity authentication through equipment operation characteristics of user terminal |
| CN106790056B (en) * | 2016-12-20 | 2020-01-14 | 中国科学院苏州生物医学工程技术研究所 | Method and system for reducing data stealing risk of data bank |
-
2017
- 2017-07-19 CN CN201710591304.3A patent/CN107196972B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101500232A (en) * | 2009-03-13 | 2009-08-05 | 北京华大智宝电子系统有限公司 | Method and system for implementing dynamic identity authentication |
| CN103841130A (en) * | 2012-11-21 | 2014-06-04 | 深圳市腾讯计算机系统有限公司 | Verification information pushing method and device, and identity authentication method and device |
| CN104901925A (en) * | 2014-03-05 | 2015-09-09 | 中国移动通信集团北京有限公司 | End-user identity authentication method, device and system and terminal device |
| CN104869570A (en) * | 2015-04-10 | 2015-08-26 | 电子科技大学 | Speaking terminal confirmation method based on language channel |
| CN106878324A (en) * | 2017-03-15 | 2017-06-20 | 中国联合网络通信集团有限公司 | Short message authentication method, short message certification server and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107196972A (en) | 2017-09-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107196972B (en) | Authentication method and system, terminal and server | |
| CN107295011B (en) | Webpage security authentication method and device | |
| CN103067402A (en) | Method and system for digital certificate generation | |
| CN112989426B (en) | Authorization authentication method and device, and resource access token acquisition method | |
| CN103905400B (en) | A kind of service authentication method, apparatus and system | |
| CN106304264B (en) | Wireless network access method and device | |
| US20170289159A1 (en) | Security support for free wi-fi and sponsored connectivity for paid wi-fi | |
| CN111130798B (en) | Request authentication method and related equipment | |
| KR101531662B1 (en) | Method and system for mutual authentication between client and server | |
| CN103888938A (en) | PKI private key protection method of dynamically generated key based on parameters | |
| CN103905194A (en) | Identity traceability authentication method and system | |
| CN109729000B (en) | Instant messaging method and device | |
| CN106452763B (en) | One kind using cipher key method by remote dummy USB device | |
| CN103686651A (en) | Emergency call based authentication method, device and system | |
| CN110113351A (en) | The means of defence and device, storage medium, computer equipment of CC attack | |
| CN109451504B (en) | Internet of things module authentication method and system | |
| CN108900595B (en) | Method, device and equipment for accessing data of cloud storage server and computing medium | |
| CN112769789B (en) | Encryption communication method and system | |
| CN106912049B (en) | Method for improving user authentication experience | |
| CN108574658B (en) | Application login method and device | |
| CN114389903B (en) | Digital identity information encryption and authentication method | |
| CN108632295B (en) | Method for preventing terminal from repeatedly attacking server | |
| CN113343278B (en) | Login request verification method and device for preventing CSRF attack | |
| CN106961417B (en) | Identity verification method based on ciphertext | |
| Wu et al. | A secure strong-password authentication protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |