CN107528844A - A kind of method that full dynamic password is generated for multiservice system - Google Patents

A kind of method that full dynamic password is generated for multiservice system Download PDF

Info

Publication number
CN107528844A
CN107528844A CN201710769333.4A CN201710769333A CN107528844A CN 107528844 A CN107528844 A CN 107528844A CN 201710769333 A CN201710769333 A CN 201710769333A CN 107528844 A CN107528844 A CN 107528844A
Authority
CN
China
Prior art keywords
user
cipher machine
obtains
information
cipher
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710769333.4A
Other languages
Chinese (zh)
Inventor
袁峰
药乐
蒋楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Word Mumbo-Jumbo Technology Co Ltd
Original Assignee
Beijing Word Mumbo-Jumbo Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Word Mumbo-Jumbo Technology Co Ltd filed Critical Beijing Word Mumbo-Jumbo Technology Co Ltd
Priority to CN201710769333.4A priority Critical patent/CN107528844A/en
Publication of CN107528844A publication Critical patent/CN107528844A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

The present invention relates to a kind of method that full dynamic password is generated for multiservice system, including S1 initialization;S2 obtains the resource information of cipher machine;S3 obtains user's registration information and user cipher service request information, and the user cipher service request information of user is audited, if examination & verification is not by terminating this operation, conversely, registering customers as information storage;S4 obtains the authentication information for accessing user, and judges to access whether user has succeeded in registration, if so, generation user accesses the bill of Virtual Service, and the bill is returned into user, subsequently into step S5, conversely, terminating this operation;Number of containers that S5 is currently running on more each dispatch server successively, reserved resource quantity, cpu load and internal memory are remaining, select the minimum dispatch server of load as performing cipher machine;S6 carries out crypto-operation on cipher machine is performed, and the result of crypto-operation is fed back to and accesses user;S7 terminates this operation.

Description

A kind of method that full dynamic password is generated for multiservice system
Technical field
It is more particularly to a kind of to generate full dynamic password for multiservice system the invention belongs to computer security technique field Method.
Background technology
With the sudden emergence of information-based and E-Government development, particularly network virtualization technology, it is greatly promoted The evolution of rise of knowledge-based economy and human civilization.The mankind also face while information technology acceleration social change is enjoyed Huge information security hidden danger, especially data and information system are more and more urgent to the demand of safety, and using password as core The information security services of the heart will be important technology that security assurance information ability is provided for information system.
At present, operation system applied cryptography service typically by the way of cipher machine is direct-connected, the autgmentability of this mode compared with , the password wasting of resources be present in difference, the cryptographic algorithm limitednumber supported;Different model, type encryption device management interface, There is bigger difference on protocol implementation, can not be managed collectively and transfer.Also, common cloud platform feature be customer volume it is big, User uses variation, ageing the having higher requirements to cryptographic service establishment to cryptographic service, then requires cryptographic service System can provide hundreds of cryptographic service in time.Therefore, when a large number of users uses cryptographic service simultaneously, to meet to use Family high performance cipher computing demand, typically by the way of key synchronization between encryption device, cryptographic algorithm concurrent operation is realized, But it so can quickly consume the key space of encryption device.Therefore, at present merely with the close of existing encryption device itself Key synchronization scenario has significant limitation.
The content of the invention
Goal of the invention:The present invention is directed to the problem of above-mentioned, it is proposed that a kind of to generate full dynamic password for multiservice system Method.The encryption device of different manufacturers, different shape is managed collectively, dispatched by this method, safe and reliable with configuration The durability and scalability that provide cryptographic service for application system, improve equipment, and the encryption device of centralized management In all cryptographic functions and performance, be virtually various resources, the customized service of cryptographic function realized in the form of resource, it is real Controllable, the stable dispensing of existing performance, meets that the different cryptographic services of user customize demand, solves cryptographic service concurrent operation When the key space of encryption device is taken simultaneously, and the problem of cause the key space deficiency of encryption device, disclosure satisfy that big Measure user key storage and use.
Technical scheme:A kind of method that full dynamic password is generated for multiservice system, comprises the following steps:
S1 is initialized, and completes cipher machine configuration, key management configuration, dynamic resource management configuration and user configuration, then Into step S2;
S2 obtains the resource information of cipher machine, subsequently into step S3;
S3 obtains user's registration information and user cipher service request information, and the user cipher service request of user is believed Breath is audited, if examination & verification is not by terminating this operation, conversely, information storage is registered customers as, subsequently into step S4;
S4 obtains the authentication information for accessing user, and judges to access whether user has succeeded in registration, if so, generation User accesses the bill of Virtual Service, and the bill is returned into user, subsequently into step S5, conversely, terminating this behaviour Make;
Number of containers that S5 is currently running on more each dispatch server successively, reserved resource quantity, cpu load and interior Residue is deposited, selects the minimum dispatch server of load as cipher machine is performed, then step S6;
S6 carries out crypto-operation on cipher machine is performed, and the result of crypto-operation is fed back to and accesses user, into step Rapid S7, wherein:
The result of crypto-operation is full dynamic password;
S7 closes Virtual Service, terminates this operation.
Further, in step S2, the resource information of cipher machine includes cipher machine model, cipher machine IP and cipher machine and calculated Method.
Further, step S4 comprises the following steps:
S41 obtains user password Hash, access IP, turn-on time time and the random number r of present load minimum;
S42 user generates random number and carries out summary computing using digest algorithm, generates certification request bag, specific certification association View is as follows:
Hash (user password Hash+ random numbers r+ turn-on times time+ accesses IP)+random number r+ turn-on times time+ User useid;
S43 obtains certification request bag, is then authenticated.
Further, step S43 certification includes:
S431 judges whether within Time Validity, if turn-on time time is before the deadline, into step S432, instead It, terminates this operation;
S432 according to user identify from database query user password summary and and obtain random number r, time value and After local IP address is made a summary, and incoming digest value is contrasted, and checks whether unanimously, if inconsistent, to terminate this behaviour Make, user is generated if consistent and accesses the bill of Virtual Service, and the bill is returned into user, note form is:
Sign (Hash (random number r+time2+ Virtual Service id))+time2+ random number r, wherein:
Time2 represents step S432 operating time;
Virtual Service id represents the proof of identification for the Virtual Service that system creates.
Further, step S6 includes
S61 encryption devices weight is set
System initialization, according to the algorithm weights information for performing cipher machine, cryptographic algorithm load queue is created, and to holding Weight corresponding to the algorithm setting of row cipher machine;
S62 parses job request, obtains the cryptographic algorithm type of user job;
S63 is according to cryptographic algorithm type, the minimum encryption device of acquisition load from corresponding algorithmic load queue, and right It is weighted processing;
The job request of user is sent to execution cipher machine by S64;
S65 performs cipher machine and carries out crypto-operation, and returning result;
Algorithmic load queue corresponding to S66 foundation algorithm types acquisitions, and to carrying out subtracting power processing in execution cipher machine;
The crypto-operation result that user asks is returned to user by S67.
A kind of method that full dynamic password is generated for multiservice system disclosed by the invention has the advantages that:
1st, the encryption device of different manufacturers, different shape is managed collectively, dispatched, safe and reliable with configuration Cryptographic service is provided for application system, improves the durability and scalability of equipment;
2nd, it is virtually various resources all cryptographic functions in the encryption device of centralized management and performance, in the form of resource The customized service of cryptographic function is realized, the controllable of performance is realized and stablizes dispensing, meet that the different cryptographic services of user are determined Inhibition and generation demand;
3. to the key space of encryption device while take when solving cryptographic service concurrent operation and cause encryption device Key space deficiency the problem of, meet a large number of users key storage and use.
Brief description of the drawings
Fig. 1 is a kind of flow chart of method for being the full dynamic password of multiservice system generation disclosed by the invention.
Embodiment:
The embodiment of the present invention is described in detail below.
A kind of method that full dynamic password is generated for multiservice system, comprises the following steps:
S1 is initialized, and completes cipher machine configuration, key management configuration, dynamic resource management configuration and user configuration, then Into step S2;
S2 obtains the resource information of cipher machine, subsequently into step S3;
S3 obtains user's registration information and user cipher service request information, and the user cipher service request of user is believed Breath is audited, if examination & verification is not by terminating this operation, conversely, information storage is registered customers as, subsequently into step S4;
S4 obtains the authentication information for accessing user, and judges to access whether user has succeeded in registration, if so, generation User accesses the bill of Virtual Service, and the bill is returned into user, subsequently into step S5, conversely, terminating this behaviour Make;
Number of containers that S5 is currently running on more each dispatch server successively, reserved resource quantity, cpu load and interior Residue is deposited, selects the minimum dispatch server of load as cipher machine is performed, then step S6;
S6 carries out crypto-operation on cipher machine is performed, and the result of crypto-operation is fed back to and accesses user, into step Rapid S7, wherein:
The result of crypto-operation is full dynamic password;
S7 closes Virtual Service, terminates this operation.
Further, in step S2, the resource information of cipher machine includes cipher machine model, cipher machine IP and cipher machine and calculated Method.
Further, step S4 comprises the following steps:
S41 obtains user password Hash, access IP, turn-on time time and the random number r of present load minimum;
S42 user generates random number and carries out summary computing using digest algorithm, generates certification request bag, specific certification association View is as follows:
Hash (user password Hash+ random numbers r+ turn-on times time+ accesses IP)+random number r+ turn-on times time+ User useid;
S43 obtains certification request bag, is then authenticated.
Further, the certification in step S43 includes:
S431 judges whether within Time Validity, if turn-on time time is before the deadline, into step S432, instead It, terminates this operation;
S432 according to user identify from database query user password summary and and obtain random number r, time value and After local IP address is made a summary, and incoming digest value is contrasted, and checks whether unanimously, if inconsistent, to terminate this behaviour Make, user is generated if consistent and accesses the bill of Virtual Service, and the bill is returned into user, note form is:
Sign (Hash (random number r+time2+ Virtual Service id))+time2+ random number r, wherein:
Time2 represents step S432 operating time;
Virtual Service id represents the proof of identification for the Virtual Service that system creates.
Further, step S6 includes
S61 encryption devices weight is set
System initialization, according to the algorithm weights information for performing cipher machine, cryptographic algorithm load queue is created, and to holding Weight corresponding to the algorithm setting of row cipher machine;
S62 parses job request, obtains the cryptographic algorithm type of user job;
S63 is according to cryptographic algorithm type, the minimum encryption device of acquisition load from corresponding algorithmic load queue, and right It is weighted processing;
The job request of user is sent to execution cipher machine by S64;
S65 performs cipher machine and carries out crypto-operation, and returning result;
Algorithmic load queue corresponding to S66 foundation algorithm types acquisitions, and to carrying out subtracting power processing in execution cipher machine;
The crypto-operation result that user asks is returned to user by S67.
Embodiments of the present invention are elaborated above.But the present invention is not limited to above-mentioned embodiment, In art those of ordinary skill's possessed knowledge, it can also be done on the premise of present inventive concept is not departed from Go out various change.

Claims (5)

  1. A kind of 1. method that full dynamic password is generated for multiservice system, it is characterised in that comprise the following steps:
    S1 is initialized, and completes cipher machine configuration, key management configuration, dynamic resource management configuration and user configuration, subsequently into Step S2;
    S2 obtains the resource information of cipher machine, subsequently into step S3;
    S3 obtains user's registration information and user cipher service request information, and the user cipher service request information of user is entered Row examination & verification, if examination & verification is not by terminating this operation, conversely, information storage is registered customers as, subsequently into step S4;
    S4 obtains the authentication information for accessing user, and judges to access whether user has succeeded in registration, if so, generation user The bill of Virtual Service is accessed, and the bill is returned into user, subsequently into step S5, conversely, terminating this operation;
    Number of containers that S5 is currently running on more each dispatch server successively, reserved resource quantity, cpu load and internal memory remain It is remaining, the minimum dispatch server of load is selected as cipher machine is performed, then step S6;
    S6 carries out crypto-operation on cipher machine is performed, and the result of crypto-operation is fed back to and accesses user, into step S7, Wherein:
    The result of crypto-operation is full dynamic password;
    S7 closes Virtual Service, terminates this operation.
  2. A kind of 2. method that full dynamic password is generated for multiservice system according to claim 1, it is characterised in that step In S2, the resource information of cipher machine includes cipher machine model, cipher machine IP and crypto algorithm.
  3. A kind of 3. method that full dynamic password is generated for multiservice system according to claim 1, it is characterised in that step S4 comprises the following steps:
    S41 obtains user password Hash, access IP, turn-on time time and the random number r of present load minimum;
    S42 user generates random number and carries out summary computing using digest algorithm, generates certification request bag, specific authentication protocol is such as Under:
    Hash (user password Hash+ random numbers r+ turn-on times time+ accesses IP)+random number r+ turn-on time time+ users useid;
    S43 obtains certification request bag, is then authenticated.
  4. A kind of 4. method that full dynamic password is generated for multiservice system according to claim 3, it is characterised in that step Authenticating step in S43 includes:
    S431 judges whether within Time Validity, if turn-on time time is before the deadline, into step S432, conversely, Terminate this operation;
    S432 identifies random number r, the time value and the machine made a summary simultaneously and obtained from database query user password according to user After IP address is made a summary, and incoming digest value is contrasted, and checks whether unanimously, if inconsistent, to terminate this operation, if Consistent then generation user accesses the bill of Virtual Service, and the bill is returned into user, and note form is:
    Sign (Hash (random number r+time2+ Virtual Service id))+time2+ random number r, wherein:
    Time2 represents step S432 operating time;
    Virtual Service id represents the proof of identification for the Virtual Service that system creates.
  5. A kind of 5. method that full dynamic password is generated for multiservice system according to claim 1, it is characterised in that step S6 includes
    S61 encryption devices weight is set
    System initialization, according to the algorithm weights information for performing cipher machine, cryptographic algorithm load queue is created, and it is close to performing Weight corresponding to the algorithm setting of ink recorder;
    S62 parses job request, obtains the cryptographic algorithm type of user job;
    S63 obtains the minimum encryption device of load, and it is entered according to cryptographic algorithm type from corresponding algorithmic load queue Row weighting is handled;
    The job request of user is sent to execution cipher machine by S64;
    S65 performs cipher machine and carries out crypto-operation, and returning result;
    Algorithmic load queue corresponding to S66 foundation algorithm types acquisitions, and to carrying out subtracting power processing in execution cipher machine;
    The crypto-operation result that user asks is returned to user by S67.
CN201710769333.4A 2017-08-31 2017-08-31 A kind of method that full dynamic password is generated for multiservice system Pending CN107528844A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710769333.4A CN107528844A (en) 2017-08-31 2017-08-31 A kind of method that full dynamic password is generated for multiservice system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710769333.4A CN107528844A (en) 2017-08-31 2017-08-31 A kind of method that full dynamic password is generated for multiservice system

Publications (1)

Publication Number Publication Date
CN107528844A true CN107528844A (en) 2017-12-29

Family

ID=60683118

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710769333.4A Pending CN107528844A (en) 2017-08-31 2017-08-31 A kind of method that full dynamic password is generated for multiservice system

Country Status (1)

Country Link
CN (1) CN107528844A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110505230A (en) * 2019-08-26 2019-11-26 江苏方天电力技术有限公司 A kind of cipher machine connection control method and system for electric energy meter detection

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070189526A1 (en) * 2006-01-19 2007-08-16 Davidson John H System and method for secure and flexible key schedule generation
CN103259663A (en) * 2013-05-07 2013-08-21 南京邮电大学 User unified authentication method in cloud computing environment
CN103634339A (en) * 2012-08-22 2014-03-12 中国银联股份有限公司 Virtual encryptor device, financial encryptor and method of encrypting message
CN105678156A (en) * 2016-01-04 2016-06-15 成都卫士通信息产业股份有限公司 Cloud cipher service platform based on virtualization technology and working process of platform
CN107040589A (en) * 2017-03-15 2017-08-11 西安电子科技大学 The system and method for cryptographic service is provided by virtualizing encryption device cluster

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070189526A1 (en) * 2006-01-19 2007-08-16 Davidson John H System and method for secure and flexible key schedule generation
CN103634339A (en) * 2012-08-22 2014-03-12 中国银联股份有限公司 Virtual encryptor device, financial encryptor and method of encrypting message
CN103259663A (en) * 2013-05-07 2013-08-21 南京邮电大学 User unified authentication method in cloud computing environment
CN105678156A (en) * 2016-01-04 2016-06-15 成都卫士通信息产业股份有限公司 Cloud cipher service platform based on virtualization technology and working process of platform
CN107040589A (en) * 2017-03-15 2017-08-11 西安电子科技大学 The system and method for cryptographic service is provided by virtualizing encryption device cluster

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110505230A (en) * 2019-08-26 2019-11-26 江苏方天电力技术有限公司 A kind of cipher machine connection control method and system for electric energy meter detection

Similar Documents

Publication Publication Date Title
CN105872094B (en) A kind of service robot cloud platform interface system and method based on SOA
CN106375323A (en) Method for carrying out kerberos identity authentication in multi-tenant mode
CN110365695A (en) The block chain data interactive method and device of changeable common recognition algorithm
CN110572258B (en) Cloud password computing platform and computing service method
CN103259663A (en) User unified authentication method in cloud computing environment
CN106789059B (en) A kind of long-range two-way access control system and method based on trust computing
CN104158791A (en) Safe communication authentication method and system in distributed environment
TW202101165A (en) Secure smart unlocking
US20150256542A1 (en) User authentication
CN105978855B (en) Personal information safety protection system and method under a kind of system of real name
CN108377200A (en) Cloud user management method and system based on LDAP and SLURM
CN104993926B (en) Hierarchical key management System and method for based on cloud computing in intelligent grid
CN110099048A (en) A kind of cloud storage method and apparatus
CN110198318A (en) A kind of container service user authen method
Thomas et al. Single sign-on in cloud federation using CloudSim
CN108170510A (en) A kind of managing computing resources system based on virtualization technology
CN108347426B (en) Teaching system information security management system based on big data and access method
Xie et al. A novel blockchain-based and proxy-oriented public audit scheme for low performance terminal devices
CN107528844A (en) A kind of method that full dynamic password is generated for multiservice system
CN107645474A (en) Log in the method for open platform and log in the device of open platform
CN106713228A (en) Cloud platform key management method and system
CN107786580A (en) Paillier encryption methods based on cloud computing platform
CN102983969A (en) Security login system and security login method for operating system
CN106209751A (en) Service-oriented interface authentication method based on the operating system certificate of authority
Chen et al. A self-sovereign decentralized identity platform based on blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171229

RJ01 Rejection of invention patent application after publication