CN107528844A - A kind of method that full dynamic password is generated for multiservice system - Google Patents
A kind of method that full dynamic password is generated for multiservice system Download PDFInfo
- Publication number
- CN107528844A CN107528844A CN201710769333.4A CN201710769333A CN107528844A CN 107528844 A CN107528844 A CN 107528844A CN 201710769333 A CN201710769333 A CN 201710769333A CN 107528844 A CN107528844 A CN 107528844A
- Authority
- CN
- China
- Prior art keywords
- user
- cipher machine
- obtains
- information
- cipher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Abstract
The present invention relates to a kind of method that full dynamic password is generated for multiservice system, including S1 initialization;S2 obtains the resource information of cipher machine;S3 obtains user's registration information and user cipher service request information, and the user cipher service request information of user is audited, if examination & verification is not by terminating this operation, conversely, registering customers as information storage;S4 obtains the authentication information for accessing user, and judges to access whether user has succeeded in registration, if so, generation user accesses the bill of Virtual Service, and the bill is returned into user, subsequently into step S5, conversely, terminating this operation;Number of containers that S5 is currently running on more each dispatch server successively, reserved resource quantity, cpu load and internal memory are remaining, select the minimum dispatch server of load as performing cipher machine;S6 carries out crypto-operation on cipher machine is performed, and the result of crypto-operation is fed back to and accesses user;S7 terminates this operation.
Description
Technical field
It is more particularly to a kind of to generate full dynamic password for multiservice system the invention belongs to computer security technique field
Method.
Background technology
With the sudden emergence of information-based and E-Government development, particularly network virtualization technology, it is greatly promoted
The evolution of rise of knowledge-based economy and human civilization.The mankind also face while information technology acceleration social change is enjoyed
Huge information security hidden danger, especially data and information system are more and more urgent to the demand of safety, and using password as core
The information security services of the heart will be important technology that security assurance information ability is provided for information system.
At present, operation system applied cryptography service typically by the way of cipher machine is direct-connected, the autgmentability of this mode compared with
, the password wasting of resources be present in difference, the cryptographic algorithm limitednumber supported;Different model, type encryption device management interface,
There is bigger difference on protocol implementation, can not be managed collectively and transfer.Also, common cloud platform feature be customer volume it is big,
User uses variation, ageing the having higher requirements to cryptographic service establishment to cryptographic service, then requires cryptographic service
System can provide hundreds of cryptographic service in time.Therefore, when a large number of users uses cryptographic service simultaneously, to meet to use
Family high performance cipher computing demand, typically by the way of key synchronization between encryption device, cryptographic algorithm concurrent operation is realized,
But it so can quickly consume the key space of encryption device.Therefore, at present merely with the close of existing encryption device itself
Key synchronization scenario has significant limitation.
The content of the invention
Goal of the invention:The present invention is directed to the problem of above-mentioned, it is proposed that a kind of to generate full dynamic password for multiservice system
Method.The encryption device of different manufacturers, different shape is managed collectively, dispatched by this method, safe and reliable with configuration
The durability and scalability that provide cryptographic service for application system, improve equipment, and the encryption device of centralized management
In all cryptographic functions and performance, be virtually various resources, the customized service of cryptographic function realized in the form of resource, it is real
Controllable, the stable dispensing of existing performance, meets that the different cryptographic services of user customize demand, solves cryptographic service concurrent operation
When the key space of encryption device is taken simultaneously, and the problem of cause the key space deficiency of encryption device, disclosure satisfy that big
Measure user key storage and use.
Technical scheme:A kind of method that full dynamic password is generated for multiservice system, comprises the following steps:
S1 is initialized, and completes cipher machine configuration, key management configuration, dynamic resource management configuration and user configuration, then
Into step S2;
S2 obtains the resource information of cipher machine, subsequently into step S3;
S3 obtains user's registration information and user cipher service request information, and the user cipher service request of user is believed
Breath is audited, if examination & verification is not by terminating this operation, conversely, information storage is registered customers as, subsequently into step S4;
S4 obtains the authentication information for accessing user, and judges to access whether user has succeeded in registration, if so, generation
User accesses the bill of Virtual Service, and the bill is returned into user, subsequently into step S5, conversely, terminating this behaviour
Make;
Number of containers that S5 is currently running on more each dispatch server successively, reserved resource quantity, cpu load and interior
Residue is deposited, selects the minimum dispatch server of load as cipher machine is performed, then step S6;
S6 carries out crypto-operation on cipher machine is performed, and the result of crypto-operation is fed back to and accesses user, into step
Rapid S7, wherein:
The result of crypto-operation is full dynamic password;
S7 closes Virtual Service, terminates this operation.
Further, in step S2, the resource information of cipher machine includes cipher machine model, cipher machine IP and cipher machine and calculated
Method.
Further, step S4 comprises the following steps:
S41 obtains user password Hash, access IP, turn-on time time and the random number r of present load minimum;
S42 user generates random number and carries out summary computing using digest algorithm, generates certification request bag, specific certification association
View is as follows:
Hash (user password Hash+ random numbers r+ turn-on times time+ accesses IP)+random number r+ turn-on times time+
User useid;
S43 obtains certification request bag, is then authenticated.
Further, step S43 certification includes:
S431 judges whether within Time Validity, if turn-on time time is before the deadline, into step S432, instead
It, terminates this operation;
S432 according to user identify from database query user password summary and and obtain random number r, time value and
After local IP address is made a summary, and incoming digest value is contrasted, and checks whether unanimously, if inconsistent, to terminate this behaviour
Make, user is generated if consistent and accesses the bill of Virtual Service, and the bill is returned into user, note form is:
Sign (Hash (random number r+time2+ Virtual Service id))+time2+ random number r, wherein:
Time2 represents step S432 operating time;
Virtual Service id represents the proof of identification for the Virtual Service that system creates.
Further, step S6 includes
S61 encryption devices weight is set
System initialization, according to the algorithm weights information for performing cipher machine, cryptographic algorithm load queue is created, and to holding
Weight corresponding to the algorithm setting of row cipher machine;
S62 parses job request, obtains the cryptographic algorithm type of user job;
S63 is according to cryptographic algorithm type, the minimum encryption device of acquisition load from corresponding algorithmic load queue, and right
It is weighted processing;
The job request of user is sent to execution cipher machine by S64;
S65 performs cipher machine and carries out crypto-operation, and returning result;
Algorithmic load queue corresponding to S66 foundation algorithm types acquisitions, and to carrying out subtracting power processing in execution cipher machine;
The crypto-operation result that user asks is returned to user by S67.
A kind of method that full dynamic password is generated for multiservice system disclosed by the invention has the advantages that:
1st, the encryption device of different manufacturers, different shape is managed collectively, dispatched, safe and reliable with configuration
Cryptographic service is provided for application system, improves the durability and scalability of equipment;
2nd, it is virtually various resources all cryptographic functions in the encryption device of centralized management and performance, in the form of resource
The customized service of cryptographic function is realized, the controllable of performance is realized and stablizes dispensing, meet that the different cryptographic services of user are determined
Inhibition and generation demand;
3. to the key space of encryption device while take when solving cryptographic service concurrent operation and cause encryption device
Key space deficiency the problem of, meet a large number of users key storage and use.
Brief description of the drawings
Fig. 1 is a kind of flow chart of method for being the full dynamic password of multiservice system generation disclosed by the invention.
Embodiment:
The embodiment of the present invention is described in detail below.
A kind of method that full dynamic password is generated for multiservice system, comprises the following steps:
S1 is initialized, and completes cipher machine configuration, key management configuration, dynamic resource management configuration and user configuration, then
Into step S2;
S2 obtains the resource information of cipher machine, subsequently into step S3;
S3 obtains user's registration information and user cipher service request information, and the user cipher service request of user is believed
Breath is audited, if examination & verification is not by terminating this operation, conversely, information storage is registered customers as, subsequently into step S4;
S4 obtains the authentication information for accessing user, and judges to access whether user has succeeded in registration, if so, generation
User accesses the bill of Virtual Service, and the bill is returned into user, subsequently into step S5, conversely, terminating this behaviour
Make;
Number of containers that S5 is currently running on more each dispatch server successively, reserved resource quantity, cpu load and interior
Residue is deposited, selects the minimum dispatch server of load as cipher machine is performed, then step S6;
S6 carries out crypto-operation on cipher machine is performed, and the result of crypto-operation is fed back to and accesses user, into step
Rapid S7, wherein:
The result of crypto-operation is full dynamic password;
S7 closes Virtual Service, terminates this operation.
Further, in step S2, the resource information of cipher machine includes cipher machine model, cipher machine IP and cipher machine and calculated
Method.
Further, step S4 comprises the following steps:
S41 obtains user password Hash, access IP, turn-on time time and the random number r of present load minimum;
S42 user generates random number and carries out summary computing using digest algorithm, generates certification request bag, specific certification association
View is as follows:
Hash (user password Hash+ random numbers r+ turn-on times time+ accesses IP)+random number r+ turn-on times time+
User useid;
S43 obtains certification request bag, is then authenticated.
Further, the certification in step S43 includes:
S431 judges whether within Time Validity, if turn-on time time is before the deadline, into step S432, instead
It, terminates this operation;
S432 according to user identify from database query user password summary and and obtain random number r, time value and
After local IP address is made a summary, and incoming digest value is contrasted, and checks whether unanimously, if inconsistent, to terminate this behaviour
Make, user is generated if consistent and accesses the bill of Virtual Service, and the bill is returned into user, note form is:
Sign (Hash (random number r+time2+ Virtual Service id))+time2+ random number r, wherein:
Time2 represents step S432 operating time;
Virtual Service id represents the proof of identification for the Virtual Service that system creates.
Further, step S6 includes
S61 encryption devices weight is set
System initialization, according to the algorithm weights information for performing cipher machine, cryptographic algorithm load queue is created, and to holding
Weight corresponding to the algorithm setting of row cipher machine;
S62 parses job request, obtains the cryptographic algorithm type of user job;
S63 is according to cryptographic algorithm type, the minimum encryption device of acquisition load from corresponding algorithmic load queue, and right
It is weighted processing;
The job request of user is sent to execution cipher machine by S64;
S65 performs cipher machine and carries out crypto-operation, and returning result;
Algorithmic load queue corresponding to S66 foundation algorithm types acquisitions, and to carrying out subtracting power processing in execution cipher machine;
The crypto-operation result that user asks is returned to user by S67.
Embodiments of the present invention are elaborated above.But the present invention is not limited to above-mentioned embodiment,
In art those of ordinary skill's possessed knowledge, it can also be done on the premise of present inventive concept is not departed from
Go out various change.
Claims (5)
- A kind of 1. method that full dynamic password is generated for multiservice system, it is characterised in that comprise the following steps:S1 is initialized, and completes cipher machine configuration, key management configuration, dynamic resource management configuration and user configuration, subsequently into Step S2;S2 obtains the resource information of cipher machine, subsequently into step S3;S3 obtains user's registration information and user cipher service request information, and the user cipher service request information of user is entered Row examination & verification, if examination & verification is not by terminating this operation, conversely, information storage is registered customers as, subsequently into step S4;S4 obtains the authentication information for accessing user, and judges to access whether user has succeeded in registration, if so, generation user The bill of Virtual Service is accessed, and the bill is returned into user, subsequently into step S5, conversely, terminating this operation;Number of containers that S5 is currently running on more each dispatch server successively, reserved resource quantity, cpu load and internal memory remain It is remaining, the minimum dispatch server of load is selected as cipher machine is performed, then step S6;S6 carries out crypto-operation on cipher machine is performed, and the result of crypto-operation is fed back to and accesses user, into step S7, Wherein:The result of crypto-operation is full dynamic password;S7 closes Virtual Service, terminates this operation.
- A kind of 2. method that full dynamic password is generated for multiservice system according to claim 1, it is characterised in that step In S2, the resource information of cipher machine includes cipher machine model, cipher machine IP and crypto algorithm.
- A kind of 3. method that full dynamic password is generated for multiservice system according to claim 1, it is characterised in that step S4 comprises the following steps:S41 obtains user password Hash, access IP, turn-on time time and the random number r of present load minimum;S42 user generates random number and carries out summary computing using digest algorithm, generates certification request bag, specific authentication protocol is such as Under:Hash (user password Hash+ random numbers r+ turn-on times time+ accesses IP)+random number r+ turn-on time time+ users useid;S43 obtains certification request bag, is then authenticated.
- A kind of 4. method that full dynamic password is generated for multiservice system according to claim 3, it is characterised in that step Authenticating step in S43 includes:S431 judges whether within Time Validity, if turn-on time time is before the deadline, into step S432, conversely, Terminate this operation;S432 identifies random number r, the time value and the machine made a summary simultaneously and obtained from database query user password according to user After IP address is made a summary, and incoming digest value is contrasted, and checks whether unanimously, if inconsistent, to terminate this operation, if Consistent then generation user accesses the bill of Virtual Service, and the bill is returned into user, and note form is:Sign (Hash (random number r+time2+ Virtual Service id))+time2+ random number r, wherein:Time2 represents step S432 operating time;Virtual Service id represents the proof of identification for the Virtual Service that system creates.
- A kind of 5. method that full dynamic password is generated for multiservice system according to claim 1, it is characterised in that step S6 includesS61 encryption devices weight is setSystem initialization, according to the algorithm weights information for performing cipher machine, cryptographic algorithm load queue is created, and it is close to performing Weight corresponding to the algorithm setting of ink recorder;S62 parses job request, obtains the cryptographic algorithm type of user job;S63 obtains the minimum encryption device of load, and it is entered according to cryptographic algorithm type from corresponding algorithmic load queue Row weighting is handled;The job request of user is sent to execution cipher machine by S64;S65 performs cipher machine and carries out crypto-operation, and returning result;Algorithmic load queue corresponding to S66 foundation algorithm types acquisitions, and to carrying out subtracting power processing in execution cipher machine;The crypto-operation result that user asks is returned to user by S67.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710769333.4A CN107528844A (en) | 2017-08-31 | 2017-08-31 | A kind of method that full dynamic password is generated for multiservice system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710769333.4A CN107528844A (en) | 2017-08-31 | 2017-08-31 | A kind of method that full dynamic password is generated for multiservice system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107528844A true CN107528844A (en) | 2017-12-29 |
Family
ID=60683118
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710769333.4A Pending CN107528844A (en) | 2017-08-31 | 2017-08-31 | A kind of method that full dynamic password is generated for multiservice system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107528844A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110505230A (en) * | 2019-08-26 | 2019-11-26 | 江苏方天电力技术有限公司 | A kind of cipher machine connection control method and system for electric energy meter detection |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070189526A1 (en) * | 2006-01-19 | 2007-08-16 | Davidson John H | System and method for secure and flexible key schedule generation |
CN103259663A (en) * | 2013-05-07 | 2013-08-21 | 南京邮电大学 | User unified authentication method in cloud computing environment |
CN103634339A (en) * | 2012-08-22 | 2014-03-12 | 中国银联股份有限公司 | Virtual encryptor device, financial encryptor and method of encrypting message |
CN105678156A (en) * | 2016-01-04 | 2016-06-15 | 成都卫士通信息产业股份有限公司 | Cloud cipher service platform based on virtualization technology and working process of platform |
CN107040589A (en) * | 2017-03-15 | 2017-08-11 | 西安电子科技大学 | The system and method for cryptographic service is provided by virtualizing encryption device cluster |
-
2017
- 2017-08-31 CN CN201710769333.4A patent/CN107528844A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070189526A1 (en) * | 2006-01-19 | 2007-08-16 | Davidson John H | System and method for secure and flexible key schedule generation |
CN103634339A (en) * | 2012-08-22 | 2014-03-12 | 中国银联股份有限公司 | Virtual encryptor device, financial encryptor and method of encrypting message |
CN103259663A (en) * | 2013-05-07 | 2013-08-21 | 南京邮电大学 | User unified authentication method in cloud computing environment |
CN105678156A (en) * | 2016-01-04 | 2016-06-15 | 成都卫士通信息产业股份有限公司 | Cloud cipher service platform based on virtualization technology and working process of platform |
CN107040589A (en) * | 2017-03-15 | 2017-08-11 | 西安电子科技大学 | The system and method for cryptographic service is provided by virtualizing encryption device cluster |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110505230A (en) * | 2019-08-26 | 2019-11-26 | 江苏方天电力技术有限公司 | A kind of cipher machine connection control method and system for electric energy meter detection |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105872094B (en) | A kind of service robot cloud platform interface system and method based on SOA | |
CN106375323A (en) | Method for carrying out kerberos identity authentication in multi-tenant mode | |
CN110365695A (en) | The block chain data interactive method and device of changeable common recognition algorithm | |
CN110572258B (en) | Cloud password computing platform and computing service method | |
CN103259663A (en) | User unified authentication method in cloud computing environment | |
CN106789059B (en) | A kind of long-range two-way access control system and method based on trust computing | |
CN104158791A (en) | Safe communication authentication method and system in distributed environment | |
TW202101165A (en) | Secure smart unlocking | |
US20150256542A1 (en) | User authentication | |
CN105978855B (en) | Personal information safety protection system and method under a kind of system of real name | |
CN108377200A (en) | Cloud user management method and system based on LDAP and SLURM | |
CN104993926B (en) | Hierarchical key management System and method for based on cloud computing in intelligent grid | |
CN110099048A (en) | A kind of cloud storage method and apparatus | |
CN110198318A (en) | A kind of container service user authen method | |
Thomas et al. | Single sign-on in cloud federation using CloudSim | |
CN108170510A (en) | A kind of managing computing resources system based on virtualization technology | |
CN108347426B (en) | Teaching system information security management system based on big data and access method | |
Xie et al. | A novel blockchain-based and proxy-oriented public audit scheme for low performance terminal devices | |
CN107528844A (en) | A kind of method that full dynamic password is generated for multiservice system | |
CN107645474A (en) | Log in the method for open platform and log in the device of open platform | |
CN106713228A (en) | Cloud platform key management method and system | |
CN107786580A (en) | Paillier encryption methods based on cloud computing platform | |
CN102983969A (en) | Security login system and security login method for operating system | |
CN106209751A (en) | Service-oriented interface authentication method based on the operating system certificate of authority | |
Chen et al. | A self-sovereign decentralized identity platform based on blockchain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171229 |
|
RJ01 | Rejection of invention patent application after publication |