CN107395581B - Two-dimensional code generation and reading method, device, system, equipment and storage medium - Google Patents

Two-dimensional code generation and reading method, device, system, equipment and storage medium Download PDF

Info

Publication number
CN107395581B
CN107395581B CN201710560433.6A CN201710560433A CN107395581B CN 107395581 B CN107395581 B CN 107395581B CN 201710560433 A CN201710560433 A CN 201710560433A CN 107395581 B CN107395581 B CN 107395581B
Authority
CN
China
Prior art keywords
information
algorithm
server
key
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710560433.6A
Other languages
Chinese (zh)
Other versions
CN107395581A (en
Inventor
谈剑锋
丁振宇
张林海
童勇
孟飞
张迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Peoplenet Security Technology Co Ltd
Original Assignee
Shanghai Peoplenet Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Peoplenet Security Technology Co Ltd filed Critical Shanghai Peoplenet Security Technology Co Ltd
Priority to CN201710560433.6A priority Critical patent/CN107395581B/en
Publication of CN107395581A publication Critical patent/CN107395581A/en
Application granted granted Critical
Publication of CN107395581B publication Critical patent/CN107395581B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/06009Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
    • G06K19/06037Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking multi-dimensional coding
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/14Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
    • G06K7/1404Methods for optical code recognition
    • G06K7/1408Methods for optical code recognition the method being specifically adapted for the type of code
    • G06K7/14172D bar codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Electromagnetism (AREA)
  • Toxicology (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method, a device, a system, equipment and a storage medium for generating and reading a two-dimensional code, wherein the method for generating the two-dimensional code comprises the following steps: the client receives a ciphertext, first key information and encrypted first verification information sent by a first server, wherein the first key information is obtained by sequentially encrypting a key used by the ciphertext by using a first algorithm and a second algorithm, and the second algorithm is uniquely corresponding to the client; verifying the first verification information by using a second algorithm; after the verification is passed, generating second verification information according to the first time factor and the first key information, and encrypting the second verification information by using a second algorithm; and generating a two-dimensional code according to the ciphertext, the second key information and the encrypted second verification information. According to the technical scheme, the two-dimension code information is encrypted, the key for encrypting the two-dimension code information is doubly encrypted, and the key can be obtained only by a client or a server with a corresponding algorithm through decryption, so that the safety of the two-dimension code information and the key is guaranteed.

Description

Two-dimensional code generation and reading method, device, system, equipment and storage medium
Technical Field
The embodiment of the invention relates to an information security technology, in particular to a method, a device, a system, equipment and a storage medium for generating and reading a two-dimensional code.
Background
The two-dimensional code technique is a technique for expressing data information in a two-dimensional direction by using a pattern between black and white. With the development of technologies, two-dimensional code application scenarios are increasing, such as payment, verification, anti-counterfeiting authentication, information display, advertisement, ticket purchasing, and the like. This involves the problem of protecting the two-dimensional code from being forged and stolen.
If the two-dimension code information is simply encrypted by adopting the secret key, the two-dimension code is scanned by using specific equipment and decrypted to read the two-dimension code information, once the secret key is leaked, the content of the two-dimension code is easily stolen, and the information of a user is leaked or property loss occurs.
Disclosure of Invention
The embodiment of the invention provides a method, a device, a system, equipment and a storage medium for generating and reading a two-dimensional code, so as to ensure the safety of two-dimensional code information.
In a first aspect, an embodiment of the present invention provides a two-dimensional code generation method, including:
the method comprises the steps that a client receives a ciphertext, first key information and encrypted first verification information sent by a first server, wherein the first key information is obtained by encrypting a key used by the ciphertext by sequentially using a first algorithm and a second algorithm, and the second algorithm is uniquely corresponding to the client;
the client verifies the first verification information by using the second algorithm;
after the verification is passed, the client generates second verification information according to the first time factor and the second key information, and encrypts the second verification information by using the second algorithm;
and the client generates a two-dimensional code according to the ciphertext, the second key information and the encrypted second verification information.
In a second aspect, an embodiment of the present invention further provides a two-dimensional code reading method, including:
the second server acquires a ciphertext, second key information and encrypted second verification information in the two-dimensional code;
the second server sends the encrypted second verification information to the first server for verification;
after receiving the verification passing message, the second server decrypts the second key information by using a first algorithm to obtain a key, wherein the first algorithm is uniquely corresponding to the second server;
and the second server decrypts the ciphertext by using the secret key to obtain the two-dimensional code information.
In a third aspect, an embodiment of the present invention further provides a two-dimensional code generating device, which is applied to a client, where the device includes:
the information receiving module is used for receiving a ciphertext, first key information and encrypted first verification information sent by a first server, wherein the first key information is obtained by encrypting a key used by the ciphertext by sequentially using a first algorithm and a second algorithm, and the second algorithm is uniquely corresponding to the client;
the information verification module is used for verifying the first verification information by using the second algorithm;
the verification information generation module is used for generating second verification information according to the first time factor and the second key information after the verification is passed, and encrypting the second verification information by using the second algorithm;
and the two-dimensional code generation module is used for generating a two-dimensional code according to the ciphertext, the second key information and the encrypted second verification information.
In a fourth aspect, an embodiment of the present invention further provides a two-dimensional code generation system, including: a client and a first server;
the client comprises the two-dimensional code generating device in any embodiment of the invention;
the first server is used for sending the ciphertext, the first key information and the encrypted first verification information to the client.
In a fifth aspect, an embodiment of the present invention further provides a two-dimensional code reading apparatus, which is applied to a second server, where the apparatus includes:
the information acquisition module is used for acquiring a ciphertext, second key information and encrypted second verification information in the two-dimensional code;
the information sending module is used for sending the encrypted second verification information to the first server for verification;
the first decryption module is used for decrypting the second key information by using a first algorithm after receiving the verification passing message to obtain a key, wherein the first algorithm is uniquely corresponding to the second server;
and the second decryption module is used for decrypting the ciphertext by using the secret key to obtain the two-dimensional code information.
In a sixth aspect, an embodiment of the present invention further provides a two-dimensional code reading system, including: a first server and a second server;
the second server comprises the two-dimensional code reading device in any embodiment of the invention;
the first server is used for receiving the encrypted second verification information; decrypting the encrypted second verification information by using a second algorithm to obtain the second verification information, wherein the second algorithm is uniquely corresponding to the client side which generates the two-dimensional code; generating fourth verification information by using a third algorithm according to the second time factor and second key information stored locally; and comparing the second verification information with the fourth verification information, and if the second verification information is consistent with the fourth verification information, returning a verification passing message to the second server.
In a seventh aspect, an embodiment of the present invention further provides a computer device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the two-dimensional code generating method according to any embodiment of the present invention when executing the program, or implements the two-dimensional code reading method according to any embodiment of the present invention.
In an eighth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the two-dimensional code generation method according to any embodiment of the present invention, or implements the two-dimensional code reading method according to any embodiment of the present invention.
The embodiment of the invention encrypts the two-dimension code information, doubly encrypts the key for encrypting the two-dimension code information, and only a client or a server with a corresponding algorithm can decrypt the key, thereby ensuring the safety of the two-dimension code information and the key and preventing leakage; the verification information in the two-dimensional code comprises a time factor, so that timeliness is realized, and the two-dimensional code can be effectively prevented from being stolen; after the first verification information passes verification, the related operation of generating the two-dimensional code is performed, so that the information security is further ensured. Correspondingly, when the two-dimensional code is read, the first server is used for verifying the second verification information in the two-dimensional code, and after the verification is passed, the decryption of the key information and the decryption of the ciphertext are performed to read the two-dimensional code information, so that the read two-dimensional code information is safe and reliable.
Drawings
Fig. 1 is a flowchart of a two-dimensional code generation method according to an embodiment of the present invention;
fig. 2 is an interaction flowchart of a two-dimensional code generation method provided by the third embodiment of the present invention;
fig. 3 is a flowchart of a two-dimensional code reading method according to a fourth embodiment of the present invention;
fig. 4 is an interaction flowchart of a two-dimensional code reading method according to a fourth embodiment of the present invention;
fig. 5 is a block diagram of a two-dimensional code generating apparatus according to a fifth embodiment of the present invention;
fig. 6 is a block diagram of a two-dimensional code generation system according to a sixth embodiment of the present invention;
fig. 7 is a block diagram of a two-dimensional code reading apparatus according to a seventh embodiment of the present invention;
fig. 8 is a block diagram of a two-dimensional code reading system according to an eighth embodiment of the present invention;
fig. 9 is a schematic structural diagram of an apparatus according to a ninth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a two-dimensional code generation method according to an embodiment of the present invention, which is applicable to a situation where a user purchases a ticket, for example, purchases a ticket, an entrance ticket, and the like, and generates a two-dimensional code including ticket service information, where the two-dimensional code may be used for ticket checking. The method can be executed by a two-dimensional code generating device, such as an APP installed on a terminal, a special ticket purchasing terminal corresponding to a unique user, and the like. As shown in fig. 1, the method specifically includes the following steps:
in step 110, the client receives the ciphertext, the first key information and the encrypted first verification information sent by the first server.
The ciphertext is obtained by encrypting two-dimensional code information by using a key, and the two-dimensional code information may be ticket information, such as ticket information including date, time, train number, seat, starting point, ending point, passenger information and the like, and entrance ticket information including date, time, item, address, seat number and the like (such as movie tickets, concert tickets, tickets for amusement parks and the like).
The first key information is obtained by encrypting the key by sequentially using a first algorithm and a second algorithm, the second algorithm is uniquely corresponding to the client, and the first algorithm is uniquely corresponding to a second server (namely, a ticket issuing party server, such as a station background server and a ticket background server). The first server is used as an intermediate platform for generating the two-dimensional code and reading the two-dimensional code, and stores a first algorithm and a corresponding relation between the algorithm and the second server, and a second algorithm and a corresponding relation between the algorithm and the client.
The second server stores only a portion of its unique corresponding first algorithm, which enables the content encrypted by the first server using the first algorithm to be decrypted only by the second server, and the content encrypted by the second server using the first algorithm to be decrypted only by the first server, specifically, the first algorithm may include two algorithm pairs: the encryption algorithm a1 and the corresponding decryption algorithm a1 ', the encryption algorithm a2 and the corresponding decryption algorithm a2 ' are stored in the second server, and the encryption algorithm a1 and the decryption algorithm a2 ' are stored in the second server, so that mutual decryption between the first server and the second server can be realized.
The client stores only a part of the second algorithm uniquely corresponding to the client, where the part enables only the client to decrypt the content encrypted by the first server using the second algorithm, and only the first server to decrypt the content encrypted by the client using the second algorithm, and specifically, the second algorithm may include two algorithm pairs: the encryption algorithm B1 and the corresponding decryption algorithm B1 ', the encryption algorithm B2 and the corresponding decryption algorithm B2 ' are stored in the client, and the encryption algorithm B1 and the decryption algorithm B2 ' are stored in the client, so that mutual decryption between the first server and the client can be realized.
The first server may issue a part of the first algorithm to the second server in the form of a plug-in, and issue a part of the second algorithm to the client, where the identification information of the algorithm may be a plug-in number. The second server is capable of generating two-dimensional code information, so the ciphertext is generated by the second server. The first key information is generated by the first server. The first verification information is generated by the first server and used for the client to verify whether the source of the two-dimensional code information is reliable, and specifically, the first verification information may be summary information.
And 120, the client verifies the first verification information by using a second algorithm. And if the verification is passed, the information source of the two-dimensional code is reliable.
And step 130, after the verification is passed, the client generates second verification information according to the first time factor and the second key information, and encrypts the second verification information by using a second algorithm.
And the second verification information is used for verifying whether the two-dimensional code source is reliable or not during ticket checking. The first time factor may be OTP (One-time Password) time agreed in advance between the client and the first server; the current time may also be used, when the client generates the second verification information, the client performs time synchronization with the first server, for example, a change value of the time factor is set, so that the first server forms a verification group with the second verification information according to the changed time and the verification information generated by other corresponding information, and if the two verification groups are the same, the verification passes.
And 140, the client generates a two-dimensional code according to the ciphertext, the second key information and the encrypted second verification information.
The second key information is obtained by encrypting the key by the first server using the first algorithm, and specifically, the second key information may be obtained by decrypting the first key information by the client using the second algorithm. The two-dimensional Code may be generated by using an existing method, for example, Code One, Maxi Code, QR Code, etc., which will not be described in detail in the present invention. It can be seen that the two-dimensional code generated according to the above steps includes: ciphertext (containing ticket information), second key information (containing a key for encrypting the ticket information), and encrypted second verification information (which can be used for verifying whether the two-dimensional code source is reliable).
According to the technical scheme of the embodiment, the two-dimension code information is encrypted, the key for encrypting the two-dimension code information is doubly encrypted, and the key can be obtained only by a client or a server with a corresponding algorithm through decryption, so that the safety of the two-dimension code information and the key is ensured, and leakage is prevented; the verification information in the two-dimensional code comprises a time factor, so that timeliness is realized, and the two-dimensional code can be effectively prevented from being stolen; after the first verification information is verified (namely the information source of the two-dimensional code is determined to be reliable), the related operation of generating the two-dimensional code is performed, and the information security is further ensured.
Correspondingly, when the two-dimensional code is read, the second verification information in the two-dimensional code needs to be verified first, and the decryption operation of the key information and the ciphertext is performed after the verification is passed, so that even if a lawbreaker obtains the key, the two-dimensional code reading process cannot be correctly performed, and the two-dimensional code information cannot be stolen. If the lawbreaker counterfeits the two-dimensional code, the counterfeited two-dimensional code is invalid because the lawbreaker cannot counterfeit the correct second verification information and cannot correctly perform the two-dimensional code reading process.
The generated two-dimensional code can be printed out or displayed on a user terminal for ticket checking.
On the basis of the above technical solution, step 120 may include: the client generates third verification information by using a third algorithm according to the client user information; the client decrypts the encrypted first verification information by using a second algorithm to obtain first verification information; the client compares the first verification information with the third verification information, and if the first verification information is consistent with the third verification information, the verification is passed.
The client user information may include one or more of the following: user identity information, a mobile phone number, a user address, an account password of a user login client, identification information (such as a plug-in number) of a second algorithm, time information and the like. The third algorithm may be a hashing algorithm, such as MD2, MD4, MD5, SHA-1, or the like. The first authentication information is obtained by processing the received client user information by the first server through a hash algorithm. If the verification is passed, it indicates that the source of the information (e.g., the ciphertext, the first key information) received by the client is reliable.
On the basis of the above technical solution, step 130 may include: the client decrypts the first key information by using a second algorithm to obtain second key information; and the client generates second verification information by using a third algorithm according to the first time factor and the second key information. The second verification information comprises a time factor, so that timeliness is achieved, and the two-dimensional code can be effectively prevented from being stolen. In addition, the second key information is information for encrypting the key using the first algorithm, and since the first algorithm uniquely corresponds to the second server, the two-dimensional code information in the two-dimensional code cannot be read and verified by the other devices except the second server.
Example two
In this embodiment, on the basis of the first embodiment, a generation manner of the first algorithm and the second algorithm is provided, specifically, the first server generates the first algorithm and the second algorithm, locally stores a correspondence between the generated algorithms and the client (or server), and issues a part of the algorithms to the corresponding client (or server), where the part of the algorithms enable the corresponding client (or server) and the first server to decrypt each other. The main idea of the generation algorithm is: the first server generates two key parameters related to the user information according to the user information of the client (or the server), and generates an algorithm uniquely corresponding to the client (or the server) according to the two key parameters, a preset encryption algorithm and a corresponding decryption algorithm (namely, a preset symmetric algorithm). Through algorithm reconstruction, different users correspond to different algorithms, and therefore safety can be enhanced.
In practical application, the client can apply for authentication from the first server, and if the client has the two-dimensional code generation algorithm, the authentication is passed. After the first server generates the corresponding algorithm, a part of the algorithm is issued to the corresponding client or server in a plug-in mode, and the plug-in is installed after the client or server receives the plug-in.
For the second server, a first algorithm uniquely corresponding to the second server can be generated by the following steps:
(1) the first server receives first user information sent by the second server, wherein the first user information is information capable of uniquely identifying the second server and/or a user of the second server.
(2) The first server generates a first key parameter and a second key parameter according to the first user information, wherein the first key parameter and the second key parameter can be random numbers.
(3) The first server generates a first algorithm according to the first key parameter, the second key parameter, the first preset encryption algorithm and the corresponding first preset decryption algorithm. Wherein the first algorithm comprises: a first encryption algorithm a1 and a corresponding first decryption algorithm a1 ', a second encryption algorithm a2 and a corresponding second decryption algorithm a 2'.
The first predetermined encryption algorithm and the corresponding first predetermined decryption algorithm may be algorithms stored in the first server, or may be algorithms determined according to information input by a user of the server, such as an SM4 algorithm. The first preset encryption algorithm and the corresponding first preset decryption algorithm are not limited in the embodiment of the present invention, and the current or future encryption and decryption algorithms may be included in the content of the present invention.
Specifically, a first encryption algorithm may be generated according to the first key parameter and a first preset encryption algorithm, a first decryption algorithm may be generated according to the first key parameter and the first preset decryption algorithm, a second encryption algorithm may be generated according to the second key parameter and the first preset encryption algorithm, and a second decryption algorithm may be generated according to the second key parameter and the first preset decryption algorithm.
(4) The first server sends the first encryption algorithm and the second decryption algorithm to the second server.
Further, in step (3), a new algorithm is generated according to the key parameter and the preset algorithm, and the generation (or referred to as reconstruction) mechanism at least includes one of the following mechanisms: determining the operation sequence of the new algorithm according to the key parameters; determining the structure of the grouped data blocks of the new algorithm and the operation sequence of the grouped data blocks according to the key parameters; the fixed parameters in the new algorithm are determined from the key parameters. Taking the example of generating the first encryption algorithm according to the first key parameter and the first preset encryption algorithm, the generating mechanism at least includes one of the following: determining the operation sequence of a first encryption algorithm according to the first key parameter; determining the structure of a packet data block of a first encryption algorithm and the operation sequence of the packet data block according to the first key parameter; a fixed parameter in the first encryption algorithm is determined from the first key parameter.
In the present embodiment, since the first user information is unique, the first key parameter and the second key parameter are associated with the first user information and are unpredictable, and the first algorithm obtained by reconstruction is also unique, the complexity and the security of the information obtained by the algorithm can be improved.
For the client, a second algorithm uniquely corresponding to the client can be generated through the following steps:
(1) the first server receives second user information sent by the client, wherein the second user information is information capable of uniquely identifying a user, such as a user name, a password, a mobile phone number and the like.
(2) The first server generates a third key parameter and a fourth key parameter according to the second user information, wherein the third key parameter and the fourth key parameter may be random numbers.
(3) And the first server generates a second algorithm according to the third key parameter, the fourth key parameter, the second preset encryption algorithm and the corresponding second preset decryption algorithm. Wherein the second algorithm comprises: a third encryption algorithm B1 and a corresponding third decryption algorithm B1 ', a fourth encryption algorithm B2 and a corresponding fourth decryption algorithm B2'.
The second preset encryption algorithm and the corresponding second preset decryption algorithm may be algorithms stored in the first server, or may be algorithms determined according to user input information, such as an SM4 algorithm. The second preset encryption algorithm and the corresponding second preset decryption algorithm are not limited in the embodiment of the invention, and the current or future encryption and decryption algorithms can be included in the content of the invention.
Specifically, a third encryption algorithm may be generated according to the third key parameter and the second preset encryption algorithm, a third decryption algorithm may be generated according to the third key parameter and the second preset decryption algorithm, a fourth encryption algorithm may be generated according to the fourth key parameter and the second preset encryption algorithm, and a fourth decryption algorithm may be generated according to the fourth key parameter and the second preset decryption algorithm.
(4) The first server sends the third encryption algorithm and the fourth decryption algorithm to the client.
Further, in step (3), a new algorithm is generated according to the key parameter and the preset algorithm, and the generation (or referred to as reconstruction) mechanism at least includes one of the following mechanisms: determining the operation sequence of the new algorithm according to the key parameters; determining the structure of the grouped data blocks of the new algorithm and the operation sequence of the grouped data blocks according to the key parameters; the fixed parameters in the new algorithm are determined from the key parameters. Taking the example of generating the third encryption algorithm according to the third key parameter and the second preset encryption algorithm, the generation mechanism at least includes one of the following: determining the operation sequence of a third encryption algorithm according to the third key parameter; determining the structure of a packet data block of a third encryption algorithm and the operation sequence of the packet data block according to the third key parameter; and determining a fixed parameter in the third encryption algorithm according to the third key parameter.
In the present embodiment, since the second user information is unique, the third key parameter and the fourth key parameter are associated with the second user information and are unpredictable, and the second algorithm obtained by reconstruction is also unique, the complexity and the security of the information obtained by the algorithm can be improved.
EXAMPLE III
Fig. 2 is an interaction flowchart of a two-dimensional code generation method according to a third embodiment of the present invention, and in this embodiment, based on the first embodiment and the second embodiment, related operations executed by a first server and a second server in a two-dimensional code generation process are added. In this embodiment, the related contents in the first and second embodiments are not repeatedly explained, and refer to the first embodiment specifically. The second server stores a portion of the first algorithm a, namely a first encryption algorithm a1 and a second decryption algorithm a 2'. The client stores a part of the second algorithm B, namely a third encryption algorithm B1 and a fourth decryption algorithm B2'. The first server stores complete first algorithm a and second algorithm B, that is: a first encryption algorithm a1 and a corresponding first decryption algorithm a1 ', a second encryption algorithm a2 and a corresponding second decryption algorithm a 2'; a third encryption algorithm B1 and a corresponding third decryption algorithm B1 ', a fourth encryption algorithm B2 and a corresponding fourth decryption algorithm B2'.
As shown in fig. 2, the method specifically includes the following steps:
in step 210, the second server receives the request information sent by the client.
The request information may be a ticket purchase request to start the whole process of generating the two-dimensional code. The request information carries client user information and requirement information, wherein the client user information may include one or more of the following: user identity information, a mobile phone number, a user address, an account password of a user login client, identification information (such as a plug-in number) of a second algorithm, time information and the like; the demand information may be information related to purchased tickets such as date, time, number of vehicles, start point, end point, item, address, seat number, etc. input or selected by the user. In practical applications, the user may input or select the requirement information on a ticket purchasing interface (for example, a ticket purchasing interface presented by the APP is opened or a ticket purchasing interface displayed on a dedicated ticket purchasing terminal), and then the client sends the requirement information and the client user information to the second server.
And step 220, the second server generates two-dimensional code information M according to the request information, and encrypts the two-dimensional code information M by using the key to obtain a ciphertext M'. The second server encrypts the key by using the first encryption algorithm a1 in the first algorithm a to obtain third key information a1 (key).
The two-dimension code information is generated according to the request information, and the two-dimension code information can be obtained by integrating client user information and demand information.
In step 230, the second server sends the ciphertext M', the third key information a1(key), and the client user information to the first server.
In step 240, the first server receives the ciphertext M', the third key information a1(key) and the client user information sent by the second server. The first server decrypts the third key information a1(key) by using the first decryption algorithm a 1' in the first algorithm a, so as to obtain the key. The first server encrypts the key using a second encryption algorithm a2 in the first algorithm a and a fourth encryption algorithm B2 in the second algorithm B in sequence to obtain first key information B2(a2 (key)).
The first server may search for the second algorithm B corresponding to the client by using the client user information, and may also search for the first algorithm a corresponding to the second server by using identification information of the second server (the identification information may be obtained through communication between the first server and the second server, for example, when the second server sends information, an identifier of the second server is given as a communication source).
In step 250, the first server generates first verification information v(s) by using a third algorithm (e.g. hash algorithm) according to the client user information, and encrypts the first verification information v(s) by using a fourth encryption algorithm B2 in the second algorithm B to obtain encrypted first verification information B2(v (s)).
In step 260, the first server transmits the ciphertext M', the first key information B2(a2(key)), and the encrypted first authentication information B2(v (s)) to the client.
In step 270, the client receives the ciphertext M', the first key information B2(a2(key)) and the encrypted first verification information B2(v (s)) sent by the first server. The client verifies the first verification information v(s) by using a second algorithm B, specifically, the client processes local client user information by using a third algorithm (hash algorithm) to generate third verification information v(s)'; the client decrypts the encrypted first verification information B2(V (S)) by using a fourth decryption algorithm B2' in the second algorithm B to obtain first verification information V (S); and comparing V (S) with V (S)', and if the two are consistent, passing the verification.
In step 280, after the verification is passed, the client decrypts the first key information B2(a2(key)) by using a fourth decryption algorithm B2' in the second algorithm B, so as to obtain second key information a2 (key).
Step 290, the client generates second verification information v (c) according to the first time factor t1 and the second key information a2(key), and encrypts the second verification information v (c) by using a third encryption algorithm B1 in the second algorithm B to obtain encrypted second verification information B1(v (c)); the two-dimensional code is generated from the ciphertext M', the second key information a2(key), and the encrypted second verification information B1(v (c)). Specifically, the client uses a third algorithm (hash algorithm) to process the first time factor t1 and the second key information a2(key), so as to generate the second verification information v (c).
In this embodiment, the first server encrypts the key twice, and only the corresponding client or server uses the corresponding algorithm to decrypt the key, thereby ensuring the security of the key and the two-dimensional code information. The first server generates first verification information for the client to verify whether the source of the two-dimensional code information is reliable or not, and relevant operations for generating the two-dimensional code are performed after the verification is passed, so that the safety and reliability of the information are further guaranteed. In addition, information transmission between the first server and the second server is encrypted through an algorithm, the algorithm is uniquely corresponding to the first server, other devices cannot decrypt the information, and information safety can be guaranteed.
Example four
Fig. 3 is a flowchart of a two-dimensional code reading method according to a fourth embodiment of the present invention, which is applicable to check tickets with two-dimensional codes, such as tickets, entrance tickets, and the like. The method may be performed by a two-dimensional code reading apparatus, such as a scanning terminal and a server. The two-dimensional code read by the embodiment is the two-dimensional code generated by any of the above embodiments, and the two-dimensional code generation method and the two-dimensional code reading method belong to the same inventive concept. In this embodiment, the related contents in the first to third embodiments are not repeatedly explained, and specific reference is made to the first to third embodiments. As shown in fig. 3, the two-dimensional code reading method specifically includes the following steps:
in step 310, the second server obtains the ciphertext, the second key information and the encrypted second verification information in the two-dimensional code.
The scanning device can be used for scanning the two-dimensional code, acquiring a ciphertext, second key information and encrypted second verification information in the two-dimensional code, and transmitting the acquired information to the second server. The ciphertext is obtained by encrypting the two-dimension code information by using the key. The second key information is obtained by encrypting the key using a first algorithm, and the first algorithm uniquely corresponds to the second server. The second verification information is generated by the client side according to the first time factor and the second key information by using a third algorithm (which can be a hash algorithm), and the second verification information is used for verifying whether the two-dimensional code source is reliable or not during ticket checking.
And step 320, the second server sends the encrypted second verification information to the first server for verification.
And step 330, after receiving the verification passing message, the second server decrypts the second key information by using the first algorithm to obtain the key. Wherein, the verification is reliable by representing the source of the two-dimensional code.
And 340, the second server decrypts the ciphertext by using the key to obtain the two-dimensional code information.
The reading of the two-dimensional code is completed, the second server can also compare the two-dimensional code information with pre-stored information and output a verification result, and the verification result can be output to equipment connected with the scanning terminal, such as an alarm lamp, a loudspeaker, a display screen and the like. If the two-dimension code information is completely matched with the pre-stored information, outputting the two-dimension code correctly; and if the two-dimension code information is not matched with the pre-stored information, outputting a two-dimension code error, thereby realizing two-dimension code ticket checking. The second server is used as a server of the ticket issuing party and stores all ticket information managed by the second server.
According to the technical scheme of the embodiment, the first server is used for verifying the second verification information in the two-dimensional code, and after the verification is passed, namely the source of the two-dimensional code is determined to be reliable, the decryption of the key information and the decryption of the ciphertext are carried out to read the two-dimensional code information, so that the read two-dimensional code information is safe and reliable; meanwhile, the second verification information comprises a time factor, so that timeliness is achieved, and the two-dimensional code can be effectively prevented from being stolen. Even if a lawbreaker obtains the key, the two-dimension code reading process cannot be correctly carried out, so that the two-dimension code information cannot be stolen. If the lawbreaker counterfeits the two-dimensional code, the counterfeited two-dimensional code is invalid because the lawbreaker cannot counterfeit the correct second verification information and cannot correctly perform the two-dimensional code reading process.
On the basis of the above technical solution, step 320 may include: the first server receives the encrypted second verification information; the first server decrypts the encrypted second verification information by using a second algorithm to obtain second verification information, wherein the second algorithm is uniquely corresponding to the client side which generates the two-dimensional code; the first server generates fourth verification information by using a third algorithm according to the second time factor and second key information stored locally; and the first server compares the second verification information with the fourth verification information, and returns a verification passing message to the second server if the second verification information is consistent with the fourth verification information.
The second time factor may be OTP (One-time Password) time agreed in advance between the client and the first server; or the time of time synchronization with the first server when the client generates the second authentication information. The fourth verification information is obtained by processing the second time factor and the second key information stored locally by the first server through the second algorithm, and if the verification is passed, the scanned two-dimensional code is reliable in source.
As shown in fig. 4, an interaction flowchart of a two-dimensional code reading method includes the following steps:
in step 410, the second server obtains the ciphertext M', the second key information a2(key) and the encrypted second verification information B1(v (c)) in the two-dimensional code.
In step 420, the second server sends B1(v (c)) to the first server.
430, the first server decrypts B1(v (c)) by using a third decryption algorithm B1' to obtain second verification information v (c); the first server processes t2 and local A2(key) by using a hash algorithm, generates fourth verification information V (C) ', compares V (C)' with the second verification information V (C), and if the two are consistent, the verification is passed.
The first server sends a verification pass message to the second server, step 440.
And step 450, after receiving the verification passing message, the second server decrypts the second key information a2(key) by using a second decryption algorithm a2 'to obtain a key, and decrypts the ciphertext M' by using the key to obtain the two-dimensional code information M.
Taking a ticket buying and ticket checking scene as an example, a user applies for authorization to a first server by using a terminal with a two-dimensional code generation algorithm (such as a mobile phone of the user or a ticket buying terminal which is purchased by the user and is exclusive to the user), the first server performs algorithm reconstruction according to user information to obtain a second algorithm which is uniquely corresponding to the user, and the user can use the terminal to buy tickets after the user terminal downloads and installs a corresponding second algorithm plug-in. Specifically, the ticket two-dimensional code can be generated by using the methods described in embodiments one to three.
The ticket-issuing party server applies for authorization to the first server, the first server carries out algorithm reconstruction according to server information or user information to obtain a first algorithm uniquely corresponding to the server, and ticket checking can be carried out after the ticket-issuing party server downloads and installs a corresponding first algorithm plug-in. Specifically, the ticket two-dimensional code may be read according to the method described in the fourth embodiment, and whether the read information is correct or not is checked, and if the read information is correct, the ticket checking is successful, and the user may take a bus, watch (movie, concert), or play normally.
In the ticket purchasing and ticket checking process, the two-dimensional code information source of the client and the two-dimensional code source of the first server are verified in two directions, and the two-dimensional code information can be verified in two times only by the algorithm uniquely corresponding to the client, so that the two-dimensional code information is not stolen easily, the two-dimensional code which is generated by the first server and is uniquely corresponding to the algorithm protection of the client is difficult to forge, the possibility that the forged two-dimensional code is used for stealing user information and property or attacking user equipment is avoided, and the safety and the integrity of the transmission of the two-dimensional code related information are ensured.
EXAMPLE five
Fig. 5 is a block diagram of a two-dimensional code generation apparatus according to a fifth embodiment of the present invention, where the apparatus may be applied to a client and may be used to implement the two-dimensional code generation method according to the foregoing embodiment, and details of the implementation may refer to a method embodiment, which is not described in detail in this embodiment. As shown in fig. 5, the two-dimensional code generating apparatus includes: an information receiving module 510, an information verifying module 520, a verification information generating module 530, and a two-dimensional code generating module 540.
The information receiving module 510 is configured to receive a ciphertext, first key information, and encrypted first verification information sent by a first server, where the first key information is obtained by encrypting a key used by the ciphertext by using a first algorithm and a second algorithm in sequence, and the second algorithm uniquely corresponds to the client;
an information verification module 520, configured to verify the first verification information by using a second algorithm;
the verification information generating module 530 is configured to generate second verification information according to the first time factor and the second key information after the verification is passed, and encrypt the second verification information by using a second algorithm;
and a two-dimensional code generating module 540, configured to generate a two-dimensional code according to the ciphertext, the second key information, and the encrypted second verification information.
According to the technical scheme of the embodiment, the two-dimension code information is encrypted, the key for encrypting the two-dimension code information is doubly encrypted, and the key can be obtained only by a client or a server with a corresponding algorithm through decryption, so that the safety of the two-dimension code information and the key is ensured, and leakage is prevented; the verification information in the two-dimensional code comprises a time factor, so that timeliness is realized, and the two-dimensional code can be effectively prevented from being stolen; after the first verification information is verified (namely the information source of the two-dimensional code is determined to be reliable), the related operation of generating the two-dimensional code is performed, and the information security is further ensured.
Further, the information verification module 520 may include: the first information generating unit is used for generating third verification information by using a third algorithm according to the client user information; the verification information decryption unit is used for decrypting the encrypted first verification information by using a second algorithm to obtain first verification information; and the information verification unit is used for comparing the first verification information with the third verification information, and if the first verification information is consistent with the third verification information, the verification is passed.
Further, the verification information generating module 530 may include: the decryption unit is used for decrypting the first key information by using a second algorithm to obtain second key information; and the second information generating unit is used for generating second verification information by using a third algorithm according to the first time factor and the second key information.
The two-dimensional code generation device provided by the embodiment of the invention can execute the two-dimensional code generation method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
EXAMPLE six
Fig. 6 is a block diagram of a two-dimensional code generation system according to a sixth embodiment of the present invention, where the system may be used to implement the two-dimensional code generation method according to the sixth embodiment of the present invention, and details of the specific implementation may refer to the method embodiment, which is not described in detail in this embodiment. As shown in fig. 6, the two-dimensional code generation system includes: a client 100 and a first server 200. The client 100 includes the two-dimensional code generating apparatus according to the fifth embodiment, and the first server 200 is configured to send the ciphertext, the first key information, and the encrypted first verification information to the client 100.
As shown in fig. 6, the system may further include: a second server 300, configured to receive request information sent by the client 100, where the request information carries client user information and requirement information; generating two-dimensional code information according to the request information, and encrypting the two-dimensional code information by using a secret key to obtain a ciphertext; encrypting the key by using a first algorithm to obtain third key information; and transmits the ciphertext, the third key information, and the client user information to the first server 200.
Further, the first server 200 is further configured to: receiving the ciphertext, the third key information and the client user information sent by the second server 300; decrypting the third key information by using a first algorithm to obtain a key; encrypting the key by using a first algorithm and a second algorithm in sequence to obtain first key information, wherein the first algorithm is uniquely corresponding to the second server 300; generating first verification information by using a third algorithm according to the client user information, and encrypting the first verification information by using a second algorithm; the ciphertext, the first key information, and the encrypted first authentication information are sent to the client 100.
The first server 200 may also be used to perform algorithm reconstruction, generating an algorithm that uniquely corresponds to the client 100, and an algorithm that uniquely corresponds to the second server 300.
For the second server 300, the first server 200 may further be configured to: receiving first user information sent by the second server 300; generating a first key parameter and a second key parameter according to the first user information; generating a first algorithm according to the first key parameter, the second key parameter, the first preset encryption algorithm and the corresponding first preset decryption algorithm, wherein the first algorithm comprises: a first encryption algorithm and a corresponding first decryption algorithm, a second encryption algorithm and a corresponding second decryption algorithm; the first encryption algorithm and the second decryption algorithm of the first algorithm are transmitted to the second server 300.
For the client 100, the first server 200 may further be configured to: receiving second user information sent by the client 100; generating a third key parameter and a fourth key parameter according to the second user information; generating a second algorithm according to the third key parameter, the fourth key parameter, a second preset encryption algorithm and a corresponding second preset decryption algorithm, wherein the second algorithm comprises: a third encryption algorithm and a corresponding third decryption algorithm, a fourth encryption algorithm and a corresponding fourth decryption algorithm; and transmitting a third encryption algorithm and a fourth decryption algorithm of the second algorithms to the client 100.
The two-dimensional code generation system provided by the embodiment of the invention can execute the two-dimensional code generation method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
EXAMPLE seven
Fig. 7 is a block diagram of a two-dimensional code reading apparatus according to a seventh embodiment of the present invention, where the apparatus may be applied to a second server and may be used to implement the two-dimensional code reading method according to the seventh embodiment of the present invention, and details of the implementation may refer to the method embodiment, which is not described in detail in this embodiment. As shown in fig. 7, the two-dimensional code reading apparatus includes: an information acquisition module 710, an information transmission module 720, a first decryption module 730, and a second decryption module 740.
The information obtaining module 710 is configured to obtain a ciphertext, second key information, and encrypted second verification information in the two-dimensional code; preferably, the information in the two-dimensional code can be acquired from the scanning terminal;
the information sending module 720 is configured to send the encrypted second authentication information to the first server for authentication;
the first decryption module 730 is configured to decrypt the second key information by using a first algorithm after receiving the verification passing message, so as to obtain a key, where the first algorithm uniquely corresponds to the second server;
the second decryption module 740 is configured to decrypt the ciphertext with the key to obtain the two-dimensional code information.
According to the technical scheme of the embodiment, the first server is used for verifying the second verification information in the two-dimensional code, and after the verification is passed, namely the source of the two-dimensional code is determined to be reliable, the decryption of the key information and the decryption of the ciphertext are carried out to read the two-dimensional code information, so that the read two-dimensional code information is safe and reliable; meanwhile, the second verification information comprises a time factor, so that timeliness is achieved, and the two-dimensional code can be effectively prevented from being stolen.
The two-dimensional code reading device provided by the embodiment of the invention can execute the two-dimensional code reading method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example eight
Fig. 8 is a block diagram of a two-dimensional code reading system according to an eighth embodiment of the present invention, where the system may be used to implement the two-dimensional code reading method according to the eighth embodiment of the present invention, and details of the implementation may refer to the method embodiment, which is not described in detail in this embodiment. As shown in fig. 8, the two-dimensional code reading system includes: a first server 200 and a second server 300.
Wherein, the second server 300 includes the two-dimensional code reading apparatus according to the seventh embodiment, and the first server 200 is configured to: receiving the encrypted second verification information; decrypting the encrypted second verification information by using a second algorithm to obtain second verification information, wherein the second algorithm is uniquely corresponding to the client side which generates the two-dimensional code; generating fourth verification information by using a third algorithm according to the second time factor and second key information stored locally; and comparing the second authentication information with the fourth authentication information, and returning an authentication pass message to the second server 300 if the second authentication information is identical to the fourth authentication information.
The two-dimensional code reading system provided by the embodiment of the invention can execute the two-dimensional code reading method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example nine
The embodiment provides a computer device, which includes a memory, a processor, and a computer program that is stored in the memory and can be run on the processor, and when the processor executes the computer program, the two-dimensional code generation method according to any one of the first to third embodiments of the present invention may be implemented, or the two-dimensional code reading method according to the fourth embodiment of the present invention may be implemented.
Specifically, the computer device of this embodiment may be a terminal installed with a client, and when a processor in the terminal executes a program stored in a memory, the operation of the client in the two-dimensional code generation method of the embodiment of the present invention may be implemented.
The computer device of this embodiment may also be a server, and when the processor in the server executes the program stored in the memory, the operation of the first server in the two-dimensional code generation method and the two-dimensional code reading method of the embodiments of the present invention may be implemented.
The computer device of this embodiment may also be a server, and when the processor in the server executes the program stored in the memory, the operation of the second server in the two-dimensional code generation method and the two-dimensional code reading method of the embodiments of the present invention may be implemented.
The following describes a specific structure of the computer device with reference to fig. 9, taking a terminal as an example. Fig. 9 is a schematic structural diagram of a computer device according to a ninth embodiment of the present invention, and as shown in fig. 9, the computer device includes: a processor 910, a memory 920, an input device 930, and an output device 940; the number of the processors 910 in the computer device may be one or more, and one processor 910 is taken as an example in fig. 9; the processor 910, the memory 920, the input device 930, and the output device 940 in the computer apparatus may be connected by a bus or other means, and the connection by the bus is exemplified in fig. 9.
The memory 920 is used as a computer-readable storage medium for storing software programs, computer-executable programs, and modules, such as corresponding program instructions/modules in the two-dimensional code generation method according to the embodiment of the present invention (for example, the information receiving module 510, the information verification module 520, the verification information generation module 530, and the two-dimensional code generation module 540 in the two-dimensional code generation apparatus). The processor 910 executes various functional applications and data processing of the computer device by running software programs, instructions and modules stored in the memory 920, that is, implements the two-dimensional code generation method described above.
The memory 920 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 920 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 920 may further include memory located remotely from the processor 910, which may be connected to a computer device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input unit 930 may be used to receive input numerical or character information and to generate key signal inputs related to user settings and function control of the computer apparatus, for example, to receive user input or selected ticket purchase related information. The output device 940 may include a display device such as a display screen for displaying the two-dimensional code.
Example ten
The present embodiment provides a computer-readable storage medium on which a computer program is stored, where the computer program, when executed by a processor, implements a two-dimensional code generation method according to any one of the first to third embodiments of the present invention, or implements a two-dimensional code reading method according to the fourth embodiment of the present invention.
Specifically, the computer-readable storage medium provided in this embodiment, when being executed by a processor, may implement the operation of the client in the two-dimensional code generation method according to the embodiment of the present invention. I.e. the storage medium may be provided on the terminal.
The computer-readable storage medium provided in this embodiment may also implement the operation of the first server in the two-dimensional code generation method and the two-dimensional code reading method according to the embodiments of the present invention when the computer program stored on the computer-readable storage medium is executed by the processor. That is, the storage medium may be provided on a server, for example, a first server.
The computer-readable storage medium provided in this embodiment, when the computer program stored thereon is executed by the processor, may further implement the operation of the second server in the two-dimensional code generation method and the two-dimensional code reading method according to the embodiments of the present invention. I.e. the storage medium may be provided on a server, e.g. a second server.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiments of the two-dimensional code generating device and system, and the two-dimensional code reading device and system, each included unit and module are only divided according to functional logic, but are not limited to the above division, as long as the corresponding functions can be realized; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (13)

1. A two-dimensional code generation method is characterized by comprising the following steps:
the client receives a ciphertext, first key information and encrypted first verification information sent by a first server, wherein the first key information is obtained by encrypting a key used by the ciphertext by using a first algorithm and a second algorithm in sequence; the second algorithm uniquely corresponds to the client, and the first algorithm uniquely corresponds to a second server; the ciphertext is obtained by encrypting two-dimensional code information by using the key by the second server, wherein the two-dimensional code information comprises ticket information;
the client verifies the first verification information by using the second algorithm;
after the verification is passed, the client generates second verification information according to the first time factor and the second key information, and encrypts the second verification information by using the second algorithm;
the client generates a two-dimensional code according to the ciphertext, the second key information and the encrypted second verification information;
wherein the client verifying the first verification information by using the second algorithm comprises:
the client generates third verification information by using a third algorithm according to the client user information;
the client decrypts the encrypted first verification information by using the second algorithm to obtain the first verification information;
the client compares the first verification information with the third verification information, and if the first verification information is consistent with the third verification information, the verification is passed; the first authentication information is obtained by processing the received client user information by the first server by using the third algorithm;
the client generates second verification information according to the first time factor and the second key information, and the method includes:
the client decrypts the first key information by using the second algorithm to obtain the second key information;
and the client generates second verification information by using a third algorithm according to the first time factor and the second key information.
2. The method according to claim 1, wherein before the client receives the ciphertext, the first key information and the encrypted first verification information sent by the first server, the method further comprises:
the second server receives request information sent by the client, wherein the request information carries client user information and demand information;
the second server generates two-dimensional code information according to the request information, and encrypts the two-dimensional code information by using the secret key to obtain the ciphertext;
the second server encrypts the key by using the first algorithm to obtain third key information;
and the second server sends the ciphertext, the third key information and the client user information to the first server.
3. The method according to claim 1, wherein before the client receives the ciphertext, the first key information and the encrypted first verification information sent by the first server, the method further comprises:
the first server receives the ciphertext, the third key information and the client user information sent by the second server;
the first server decrypts the third key information by using the first algorithm to obtain the key;
the first server encrypts the key by using the first algorithm and the second algorithm in sequence to obtain the first key information, wherein the first algorithm is uniquely corresponding to the second server;
the first server generates the first verification information by using a third algorithm according to the client user information, and encrypts the first verification information by using the second algorithm;
and the first server sends the ciphertext, the first key information and the encrypted first verification information to the client.
4. The method of claim 2, wherein before the second server receives the request message sent by the client, the method further comprises:
the first server receives first user information sent by the second server;
the first server generates a first key parameter and a second key parameter according to the first user information;
the first server generates the first algorithm according to the first key parameter, the second key parameter, a first preset encryption algorithm and a corresponding first preset decryption algorithm, wherein the first algorithm includes: a first encryption algorithm and a corresponding first decryption algorithm, a second encryption algorithm and a corresponding second decryption algorithm;
the first server sends the first encryption algorithm and the second decryption algorithm to the second server.
5. The method according to claim 1, wherein before the client receives the ciphertext, the first key information and the encrypted first verification information sent by the first server, the method further comprises:
the first server receives second user information sent by the client;
the first server generates a third key parameter and a fourth key parameter according to the second user information;
the first server generates the second algorithm according to the third key parameter, the fourth key parameter, a second preset encryption algorithm and a corresponding second preset decryption algorithm, wherein the second algorithm includes: a third encryption algorithm and a corresponding third decryption algorithm, a fourth encryption algorithm and a corresponding fourth decryption algorithm;
the first server sends the third encryption algorithm and the fourth decryption algorithm to the client.
6. A two-dimensional code reading method is characterized by comprising the following steps:
the second server acquires a ciphertext, second key information and encrypted second verification information in the two-dimensional code;
the second server sends the encrypted second verification information to the first server for verification;
after receiving the verification passing message, the second server decrypts the second key information by using a first algorithm to obtain a key, wherein the first algorithm is uniquely corresponding to the second server;
the second server decrypts the ciphertext by using the secret key to obtain two-dimensional code information; the two-dimension code information comprises ticket business information;
the sending, by the second server, the encrypted second authentication information to the first server for authentication includes:
the first server receives the encrypted second verification information;
the first server decrypts the encrypted second verification information by using a second algorithm to obtain the second verification information, wherein the second algorithm is uniquely corresponding to the client side which generates the two-dimensional code;
the first server generates fourth verification information by using a third algorithm according to the second time factor and second key information stored locally;
and the first server compares the second verification information with the fourth verification information, and returns a verification passing message to the second server if the second verification information is consistent with the fourth verification information.
7. A two-dimensional code generating device is applied to a client side, and is characterized by comprising:
the information receiving module is used for receiving a ciphertext, first key information and encrypted first verification information sent by a first server, wherein the first key information is obtained by encrypting a key used by the ciphertext by using a first algorithm and a second algorithm in sequence; the second algorithm uniquely corresponds to the client, and the first algorithm uniquely corresponds to a second server; the ciphertext is obtained by encrypting two-dimensional code information by using the key by the second server, wherein the two-dimensional code information comprises ticket information;
the information verification module is used for verifying the first verification information by using the second algorithm;
the verification information generation module is used for generating second verification information according to the first time factor and the second key information after the verification is passed, and encrypting the second verification information by using the second algorithm;
the two-dimensional code generation module is used for generating a two-dimensional code according to the ciphertext, the second key information and the encrypted second verification information;
wherein, the information verification module comprises:
the first information generating unit is used for generating third verification information by using a third algorithm according to the client user information;
the verification information decryption unit is used for decrypting the encrypted first verification information by using a second algorithm to obtain first verification information;
the information verification unit is used for comparing the first verification information with the third verification information, and if the first verification information is consistent with the third verification information, the verification is passed; the first authentication information is obtained by processing the received client user information by the first server by using the third algorithm;
wherein, the verification information generation module comprises:
the decryption unit is used for decrypting the first key information by using a second algorithm to obtain second key information;
and the second information generating unit is used for generating second verification information by using a third algorithm according to the first time factor and the second key information.
8. A two-dimensional code generation system, comprising: a client and a first server;
the client includes the two-dimensional code generation apparatus of claim 7;
the first server is used for sending a ciphertext, first key information and encrypted first verification information to the client;
the ciphertext is obtained by encrypting two-dimensional code information by using the key by the second server, wherein the two-dimensional code information comprises ticket information;
the first key information is obtained by encrypting the key used by the ciphertext by using a first algorithm and a second algorithm in sequence; the second algorithm uniquely corresponds to the client, and the first algorithm uniquely corresponds to a second server;
the first authentication information is obtained by processing the received client user information by the first server by using the third algorithm.
9. The system of claim 8, further comprising:
the second server is used for receiving request information sent by the client, wherein the request information carries client user information and demand information; generating two-dimensional code information according to the request information, and encrypting the two-dimensional code information by using a secret key to obtain the ciphertext; encrypting the key by using the first algorithm to obtain third key information; and sending the ciphertext, the third key information, and the client user information to the first server.
10. A two-dimensional code reading device is applied to a second server, and is characterized by comprising:
the information acquisition module is used for acquiring a ciphertext, second key information and encrypted second verification information in the two-dimensional code;
the information sending module is used for sending the encrypted second verification information to the first server for verification;
the first decryption module is used for decrypting the second key information by using a first algorithm after receiving the verification passing message to obtain a key, wherein the first algorithm is uniquely corresponding to the second server;
the second decryption module is used for decrypting the ciphertext by using the secret key to obtain two-dimensional code information; the two-dimension code information comprises ticket business information;
wherein, the first server carries out verification, including: the first server receives the encrypted second verification information;
the first server decrypts the encrypted second verification information by using a second algorithm to obtain the second verification information, wherein the second algorithm is uniquely corresponding to the client side which generates the two-dimensional code;
the first server generates fourth verification information by using a third algorithm according to the second time factor and second key information stored locally;
and the first server compares the second verification information with the fourth verification information, and returns a verification passing message to the second server if the second verification information is consistent with the fourth verification information.
11. A two-dimensional code reading system, comprising: a first server and a second server;
the second server includes the two-dimensional code reading apparatus of claim 10;
the first server is used for receiving the encrypted second verification information; decrypting the encrypted second verification information by using a second algorithm to obtain the second verification information, wherein the second algorithm is uniquely corresponding to the client side which generates the two-dimensional code; generating fourth verification information by using a third algorithm according to the second time factor and second key information stored locally; and comparing the second verification information with the fourth verification information, and if the second verification information is consistent with the fourth verification information, returning a verification passing message to the second server.
12. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the two-dimensional code generation method according to any one of claims 1 to 5 or implements the two-dimensional code reading method according to claim 6 when executing the program.
13. A computer-readable storage medium on which a computer program is stored, characterized in that the program, when executed by a processor, implements the two-dimensional code generation method according to any one of claims 1 to 5, or implements the two-dimensional code reading method according to claim 6.
CN201710560433.6A 2017-07-11 2017-07-11 Two-dimensional code generation and reading method, device, system, equipment and storage medium Active CN107395581B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710560433.6A CN107395581B (en) 2017-07-11 2017-07-11 Two-dimensional code generation and reading method, device, system, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710560433.6A CN107395581B (en) 2017-07-11 2017-07-11 Two-dimensional code generation and reading method, device, system, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN107395581A CN107395581A (en) 2017-11-24
CN107395581B true CN107395581B (en) 2020-11-17

Family

ID=60339108

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710560433.6A Active CN107395581B (en) 2017-07-11 2017-07-11 Two-dimensional code generation and reading method, device, system, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN107395581B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108495309B (en) * 2018-02-06 2022-03-25 咪咕文化科技有限公司 Information processing method, electronic device, and storage medium
CN110119643B (en) * 2018-02-07 2020-11-03 北京三快在线科技有限公司 Two-dimensional code generation method and device and two-dimensional code identification method and device
CN108650082B (en) * 2018-05-08 2020-10-30 腾讯科技(深圳)有限公司 Encryption and verification method of information to be verified, related device and storage medium
CN109034996A (en) * 2018-06-07 2018-12-18 郝迎晓 Information processing method, the apparatus and system of bank account are opened up based on two dimensional code
CN108960385A (en) * 2018-06-29 2018-12-07 苏州酷豆物联科技有限公司 Two dimensional code generation and verification method and system based on the encryption of multiple code key
CN110071907A (en) * 2019-03-01 2019-07-30 阿里巴巴集团控股有限公司 The generation method and device of two dimensional code
CN109949521A (en) * 2019-03-07 2019-06-28 爱布客(武汉)科技有限公司 A kind of method of self-help book returning, system, terminal and storage medium
CN110908660B (en) * 2019-11-21 2022-10-28 苏州达家迎信息技术有限公司 Two-dimensional code generation method and device, computer equipment and storage medium
CN113852587A (en) * 2020-06-28 2021-12-28 山东爱城市网信息技术有限公司 Two-dimensional code remote authorization method and equipment based on encryption algorithm
CN112788046A (en) * 2021-01-22 2021-05-11 中信银行股份有限公司 Method and system for encrypting transmission information
CN112987942B (en) * 2021-03-10 2024-04-16 京东科技控股股份有限公司 Method, device and system for inputting information by keyboard, electronic equipment and storage medium
CN115001676B (en) * 2022-06-02 2022-12-02 深圳市爱克信智能股份有限公司 Two-dimensional code encryption method, decryption method, system, terminal and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102843377A (en) * 2012-09-13 2012-12-26 杭州也要买电子商务有限公司 Fast encryption method for social websites
CN103561023A (en) * 2013-10-31 2014-02-05 曙光云计算技术有限公司 Method and device for sending and receiving communication information
US8924712B2 (en) * 2011-11-14 2014-12-30 Ca, Inc. Using QR codes for authenticating users to ATMs and other secure machines for cardless transactions
CN104598801A (en) * 2015-01-23 2015-05-06 上海众人科技有限公司 Dynamic two-dimension code generation method based on algorithm reconstruction
CN104618334A (en) * 2014-12-29 2015-05-13 通邮(中国)科技有限公司 Method and system for generating and verifying dynamic two-dimensional code
CN105162764A (en) * 2015-07-30 2015-12-16 北京石盾科技有限公司 Dual authentication method, system and device for SSH safe login
CN105592080A (en) * 2015-12-18 2016-05-18 汕头市超声仪器研究所有限公司 Interactive identity authentication method between terminals
CN106780775A (en) * 2016-11-22 2017-05-31 中南大学 two-dimensional code electronic ticket management method and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9256881B2 (en) * 2013-11-08 2016-02-09 Vattaca, LLC Authenticating and managing item ownership and authenticity
US10362114B2 (en) * 2015-12-14 2019-07-23 Afero, Inc. Internet of things (IoT) apparatus and method for coin operated devices

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8924712B2 (en) * 2011-11-14 2014-12-30 Ca, Inc. Using QR codes for authenticating users to ATMs and other secure machines for cardless transactions
CN102843377A (en) * 2012-09-13 2012-12-26 杭州也要买电子商务有限公司 Fast encryption method for social websites
CN103561023A (en) * 2013-10-31 2014-02-05 曙光云计算技术有限公司 Method and device for sending and receiving communication information
CN104618334A (en) * 2014-12-29 2015-05-13 通邮(中国)科技有限公司 Method and system for generating and verifying dynamic two-dimensional code
CN104598801A (en) * 2015-01-23 2015-05-06 上海众人科技有限公司 Dynamic two-dimension code generation method based on algorithm reconstruction
CN105162764A (en) * 2015-07-30 2015-12-16 北京石盾科技有限公司 Dual authentication method, system and device for SSH safe login
CN105592080A (en) * 2015-12-18 2016-05-18 汕头市超声仪器研究所有限公司 Interactive identity authentication method between terminals
CN106780775A (en) * 2016-11-22 2017-05-31 中南大学 two-dimensional code electronic ticket management method and system

Also Published As

Publication number Publication date
CN107395581A (en) 2017-11-24

Similar Documents

Publication Publication Date Title
CN107395581B (en) Two-dimensional code generation and reading method, device, system, equipment and storage medium
CN106789018B (en) Secret key remote acquisition methods and device
CN106656488B (en) Key downloading method and device for POS terminal
KR100670005B1 (en) Apparatus for verifying memory integrity remotely for mobile platform and system thereof and method for verifying integrity
US10045210B2 (en) Method, server and system for authentication of a person
CN107743067B (en) Method, system, terminal and storage medium for issuing digital certificate
CN109525400A (en) Security processing, system and electronic equipment
CN111107066A (en) Sensitive data transmission method and system, electronic equipment and storage medium
CN106527673A (en) Method and apparatus for binding wearable device, and electronic payment method and apparatus
CN111275419B (en) Block chain wallet signature right confirming method, device and system
TWI529641B (en) System for verifying data displayed dynamically by mobile and method thereof
CN103051451A (en) Encryption authentication of security service execution environment
US20160132871A1 (en) Secure redemption code generation for gift cards and promotions
CN104322003A (en) Cryptographic authentication and identification method using real-time encryption
CN106656993B (en) Dynamic verification code verification method and device
CN106789024A (en) A kind of remote de-locking method, device and system
CN111401901A (en) Authentication method and device of biological payment device, computer device and storage medium
CN105191332B (en) For the method and apparatus of the embedded watermark in unpressed video data
CN117436043A (en) Method and device for verifying source of file to be executed and readable storage medium
JP7400444B2 (en) Public key certificate generation method for IoT key management system, secure device, IoT device, device management device, and secure element
CN104883260B (en) Certificate information processing and verification method, processing terminal and authentication server
JP2003198541A (en) Data verification system and device therefor
CN113592484B (en) Account opening method, system and device
CN115225286A (en) Application access authentication method and device
CN108268756A (en) Copyright and transaction processing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant