CN107864136A - A kind of stolen method of anti-locking system short message service - Google Patents

A kind of stolen method of anti-locking system short message service Download PDF

Info

Publication number
CN107864136A
CN107864136A CN201711089004.1A CN201711089004A CN107864136A CN 107864136 A CN107864136 A CN 107864136A CN 201711089004 A CN201711089004 A CN 201711089004A CN 107864136 A CN107864136 A CN 107864136A
Authority
CN
China
Prior art keywords
ciphertext
client
short message
key
service end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711089004.1A
Other languages
Chinese (zh)
Inventor
褚思凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kuwo Technology Co Ltd
Original Assignee
Beijing Kuwo Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kuwo Technology Co Ltd filed Critical Beijing Kuwo Technology Co Ltd
Priority to CN201711089004.1A priority Critical patent/CN107864136A/en
Publication of CN107864136A publication Critical patent/CN107864136A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Abstract

The present invention relates to a kind of method that anti-locking system short message service is stolen, including:Client initiates checking request to service end;After the service end receives the request, a key is generated, and the first ciphertext is encrypted to by the first AES, is sent to the client;After the client is decoded first ciphertext, then with the second AES it is encrypted to the second ciphertext;The client is sent to the service end using the second ciphertext and user profile as parameter;The key is encrypted by second AES for the service end, generates the 3rd ciphertext;When second ciphertext is identical with the 3rd ciphertext matching, the service end generates a new password, and is sent to client.After the present invention encrypts the key of service end generation by client and service end respectively, matched, it is ensured that short message is sent by me, and sets matching times and match time, anti-locking system short message service maliciously to be used.

Description

A kind of stolen method of anti-locking system short message service
Technical field
It is stolen the present invention relates to anti-locking system short message service, field, more particularly to a kind of anti-locking system is used by malice The stolen method of short message service.
Background technology
We have this road program of short-message verification in registration of website, bank paying, and user is received by mobile phone and verified Code, for ensureing the authenticity of user's fill message, also provides new proving program for the payment of user to a certain extent, plays The effect informed and be vigilant.With the popularization of smart mobile phone, it would be desirable to which the thing of registration is more and more, almost can all receive daily To the short message verification code from every field such as bank, website, client, ticketing service companies.
In order to which the short breath service function of anti-locking system is maliciously used, each large platform is most commonly used at present three kinds of methods:
(1) short message sending is arranged at intervals, and is set jack per line to repeat the time interval sent, is traditionally arranged to be 50s- 100s;
(2) IP is limited, and according to the business characteristic of oneself, sets the daily maximum traffic volumes of each IP;
(3) phone number limits, and according to business characteristic, sets the daily maximum traffic volume of each phone number.
Although three of the above method prevent to some extent system short message service and maliciously be used, but due to short message The various limitations such as number, transmission time interval are sent, substantially reduce Consumer's Experience.And work as and trigger to the interface of sending short message by mobile phone When, these interfaces may be exposed and then be illegally used, and safety problem is brought to user, may send out some useless harassing and wrecking Information, also economic loss can be brought to company while corporate reputation is damaged.
The content of the invention
In order to overcome system short message service maliciously to be used and safety problem, the present invention propose a kind of anti-locking system short message The stolen method of service.After the present invention encrypts the key of service end generation by client and service end respectively, progress Match somebody with somebody, it is ensured that short message is sent by me, and sets matching times and match time, anti-locking system short message service maliciously to be used.
To achieve the above object, the invention provides a kind of method that anti-locking system short message service is stolen, including:Client Hold to service end and initiate checking request;After the service end receives the request, a key is generated, and pass through the first encryption Algorithm for encryption is sent to the client into the first ciphertext;After the client is decoded first ciphertext, then with Two AESs are encrypted to the second ciphertext;The client is sent to the clothes using the second ciphertext and cellphone information as parameter Business end;The key is encrypted by second AES for the service end, generates the 3rd ciphertext;When described second When ciphertext is identical with the 3rd ciphertext matching, the service end generates a new password, and is sent to client.
Preferably, first AES is DES algorithms.
Preferably, first ciphertext is decoded into the key by the client, then passes through second AES The key is encrypted to the second ciphertext.
Preferably, second AES is MD5, and in the client, the MD5 algorithms will be by the first ciphertext solution The close key out is encrypted to second ciphertext;In service end, the key is encrypted to described by the MD5 algorithms 3rd ciphertext.
Preferably, when second ciphertext matches different with the 3rd ciphertext, the server is not handled.
Preferably, after second ciphertext uses once with the 3rd ciphertext matched interfaces, the key failure.
Preferably, second ciphertext is lost with the 3rd ciphertext match time beyond time, the key is pre-set Effect.
Preferably, the cellphone information includes:Phone number information.
After the present invention encrypts the key of service end generation by client and service end respectively, matched, only With successful just more new password, to ensure that short message is sent by me, ensure short message service security;And by setting matching times And match time, anti-locking system short message service are maliciously used.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment Accompanying drawing be briefly described.It should be evident that drawings in the following description are only some embodiments of the present invention, for this For the those of ordinary skill of field, on the premise of not paying creative work, it can also be obtained according to these accompanying drawings other Accompanying drawing.
Fig. 1 is the stolen method flow diagram of the anti-locking system short message service of the present invention;
Fig. 2 is short message service process flow diagram flow chart of the embodiment of the present invention.
Embodiment
Fig. 1 is the stolen method flow diagram of the anti-locking system short message service of the present invention.As shown in figure 1, the present invention proposes A kind of stolen method of anti-locking system short message service, specific steps include:
Step 101, client initiates checking request to service end.
Specifically, it is necessary to which input handset number carries out user's verification, visitor when user forgets client login password Just checking request is initiated to service end in family end.
Step 102, after the service end receives the request, a key is generated, and add by the first AES It is close into the first ciphertext, be sent to the client.
Specifically, service end receives the request sent after client, according to the phone number received generation one at random Individual key.In order to send safety, service end is then forwarded to client after key is encrypted.
Wherein, service end uses the first AES DES (Data Encrypt ion Standard, data encryption mark Standard, a kind of DEA) key is encrypted.Key after des encryption is not the 3rd in addition to service end and client Known to side, so the first ciphertext after its encryption can not be decrypted by stranger, primary key also just can't see.
Step 103, after the client is decoded first ciphertext, then with the second AES it is encrypted to second Ciphertext;The client is sent to the service end using the second ciphertext and cellphone information as parameter.
Specifically, after client receives the first ciphertext that service end sends over, carried out decoding first original Key, then to primary key, using the second AES MD5, (Message-Digest Algorithm 5, disappear client again Breath digest algorithm the 5th edition) it is encrypted, the second ciphertext is encrypted to, last client believes the second ciphertext after encryption and mobile phone Breath is used as parameter, sends jointly to service end.
Wherein, the number that cellphone information can be phone number or user is set.Client by cellphone information and Second ciphertext is sent to service end together as parameter, it is ensured that the second transmitted ciphertext is that user oneself sends, and is prevented not People obtains the password updated with another client after having usurped key.
Step 104, the key is encrypted by second AES for the service end, and generation the 3rd is close Text;When second ciphertext is identical with the 3rd ciphertext matching, the service end generates a new password, and is sent to visitor Family end.
Specifically, the key of service end generation is after the first AES des encryption merely through not being sent to client, and Service end generates the 3rd ciphertext by the second AES md5 encryption.Therefore, the key of service end generation, in the client, lead to MD5 algorithm for encryption is crossed into the second ciphertext;In service end, by MD5 algorithm for encryption into the 3rd ciphertext.
Service end is by the 3rd ciphertext of generation and receives the second ciphertext for coming and is matched, when the second ciphertext and the 3rd close When text matching is identical, service end will reset password, generate a new password, and be sent to client;When the second ciphertext and the 3rd When ciphertext matching is different, server is not handled.
Wherein, it is once with setting matching times in the 3rd ciphertext matched interfaces in the second ciphertext of service end, when second After ciphertext is once matched with the 3rd ciphertext, original key will be arranged to invalid by service end automatically, if it is desired to again Once, user need to start checking request again for matching.This method is by realizing that the single availability of interface can solve the problem that safety is asked Topic, short message interface are also not in risk even if this interface exposes using once immediately failing afterwards.
Service end can also pre-set match time, when service end since the first ciphertext of transmission or client receive first Ciphertext starts timing, and the parameter that client is sent is received in preset time, if not receiving parameter in preset time, clothes Original key is also arranged to invalid by business end.
In the present invention, if primary key will be arranged to invalid by the legitimacy that service end demonstrates the second ciphertext, Even if so someone, which has stolen the first ciphertext and imitated the second ciphertext of generation, is sent to service end, server will not also be located Reason, because now matched mistake once, cannot be matched again, thus effectively eliminate the hidden danger of short message bombing.
To make what the technical scheme of the embodiment of the present invention and advantage expressed to become apparent from, below by drawings and examples, Technical scheme is described in further detail.
Fig. 2 is system short message service verification process flow chart of the embodiment of the present invention.As shown in Fig. 2 provide a germline System short message service verification process flow chart, this method include:
Step S201, client just initiate checking request to service end;
Step S202, after service end receives checking request, generate unique key Key;
Auth is encrypted into DES in the key Key of generation by step S203, service end;
The auth of generation is sent to client by step S204, service end;
Step S205, after client receives auth, decode it, and auth2 is calculated as with MD5;
The auth2 and phone number of generation are sent to service end by step S206, client as parameter;
Key Key is directly encrypted to auth3 by step S207, service end with MD5;
Step S208, service end receive the parameter of client transmission, auth2 are matched with auth3, judges them It is whether identical, if auth2 is identical with auth3, perform step S209;If auth2 and auth3 are differed, verification process terminates;
Step S209, if auth2 is identical with auth3, service end will reset password, generate a new password, and be sent to Client.
After the present invention encrypts the key of service end generation by client and service end respectively, matched, only With successful just more new password, to ensure that short message is sent by me, ensure short message service security.
Above-described embodiment, the purpose of the present invention, technical scheme and beneficial effect are carried out further Describe in detail, should be understood that the embodiment that the foregoing is only the present invention, be not intended to limit the present invention Protection domain, within the spirit and principles of the invention, any modification, equivalent substitution and improvements done etc., all should include Within protection scope of the present invention.

Claims (8)

1. a kind of stolen method of anti-locking system short message service, it is characterised in that including:
Client initiates checking request to service end;
After the service end receives the request, a key is generated, and the first ciphertext is encrypted to by the first AES, It is sent to the client;
After the client is decoded first ciphertext, then with the second AES it is encrypted to the second ciphertext;The visitor Family end is sent to the service end using the second ciphertext and cellphone information as parameter;
The key is encrypted by second AES for the service end, generates the 3rd ciphertext;When described second When ciphertext is identical with the 3rd ciphertext matching, the service end generates a new password, and is sent to client.
2. the stolen method of anti-locking system short message service according to claim 1, it is characterised in that first encryption Algorithm is DES algorithms.
3. the stolen method of anti-locking system short message service according to claim 1, it is characterised in that the client will First ciphertext is decoded into the key, then the key is encrypted into the second ciphertext by second AES.
4. the stolen method of anti-locking system short message service according to claim 1, it is characterised in that second encryption Algorithm is MD5, and in the client, the key decrypted by first ciphertext is encrypted to described by the MD5 algorithms Second ciphertext;In service end, the key is encrypted to the 3rd ciphertext by the MD5 algorithms.
5. the stolen method of anti-locking system short message service according to claim 1, it is characterised in that second ciphertext When matching different with the 3rd ciphertext, the server is not handled.
6. the stolen method of anti-locking system short message service according to claim 5, it is characterised in that second ciphertext After being used once with the 3rd ciphertext matched interfaces, the key failure.
7. the stolen method of anti-locking system short message service according to claim 1, it is characterised in that second ciphertext Failed with the 3rd ciphertext match time beyond time, the key is pre-set.
8. the stolen method of anti-locking system short message service according to claim 1, it is characterised in that the cellphone information Including:Phone number information.
CN201711089004.1A 2017-11-08 2017-11-08 A kind of stolen method of anti-locking system short message service Pending CN107864136A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711089004.1A CN107864136A (en) 2017-11-08 2017-11-08 A kind of stolen method of anti-locking system short message service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711089004.1A CN107864136A (en) 2017-11-08 2017-11-08 A kind of stolen method of anti-locking system short message service

Publications (1)

Publication Number Publication Date
CN107864136A true CN107864136A (en) 2018-03-30

Family

ID=61701327

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711089004.1A Pending CN107864136A (en) 2017-11-08 2017-11-08 A kind of stolen method of anti-locking system short message service

Country Status (1)

Country Link
CN (1) CN107864136A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112565156A (en) * 2019-09-10 2021-03-26 北京京东尚科信息技术有限公司 Information registration method, device and system
CN114302403A (en) * 2021-12-29 2022-04-08 中国建设银行股份有限公司 Short message authenticity verifying method and device, electronic equipment and storage medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6826686B1 (en) * 2000-04-14 2004-11-30 International Business Machines Corporation Method and apparatus for secure password transmission and password changes
CN101146261A (en) * 2007-10-19 2008-03-19 吕利勇 A realization method for digital protection of electronic media
CN101677269A (en) * 2008-09-17 2010-03-24 比亚迪股份有限公司 Method and system for transmitting keys
CN102724205A (en) * 2012-06-27 2012-10-10 浙江中控软件技术有限公司 Method for encrypting communication process in industrial field and data collection device
US20150195280A1 (en) * 2014-01-08 2015-07-09 Panasonic Intellectual Property Management Co., Ltd. Authentication system and authentication method
CN104883255A (en) * 2015-06-24 2015-09-02 郑州悉知信息技术有限公司 Password resetting method and device
CN105376216A (en) * 2015-10-12 2016-03-02 华为技术有限公司 Remote access method, agent server and client end
CN105704095A (en) * 2014-11-26 2016-06-22 阿里巴巴集团控股有限公司 Identity authentication method and identity authentication device
CN106713327A (en) * 2016-12-29 2017-05-24 上海众人网络安全技术有限公司 Authentication method and system of verification code security reinforcement

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6826686B1 (en) * 2000-04-14 2004-11-30 International Business Machines Corporation Method and apparatus for secure password transmission and password changes
CN101146261A (en) * 2007-10-19 2008-03-19 吕利勇 A realization method for digital protection of electronic media
CN101677269A (en) * 2008-09-17 2010-03-24 比亚迪股份有限公司 Method and system for transmitting keys
CN102724205A (en) * 2012-06-27 2012-10-10 浙江中控软件技术有限公司 Method for encrypting communication process in industrial field and data collection device
US20150195280A1 (en) * 2014-01-08 2015-07-09 Panasonic Intellectual Property Management Co., Ltd. Authentication system and authentication method
CN105704095A (en) * 2014-11-26 2016-06-22 阿里巴巴集团控股有限公司 Identity authentication method and identity authentication device
CN104883255A (en) * 2015-06-24 2015-09-02 郑州悉知信息技术有限公司 Password resetting method and device
CN105376216A (en) * 2015-10-12 2016-03-02 华为技术有限公司 Remote access method, agent server and client end
CN106713327A (en) * 2016-12-29 2017-05-24 上海众人网络安全技术有限公司 Authentication method and system of verification code security reinforcement

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112565156A (en) * 2019-09-10 2021-03-26 北京京东尚科信息技术有限公司 Information registration method, device and system
CN114302403A (en) * 2021-12-29 2022-04-08 中国建设银行股份有限公司 Short message authenticity verifying method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN102651739B (en) Login validation method, system and IM server
CN106453361B (en) A kind of security protection method and system of the network information
CN105306211B (en) A kind of identity identifying method of client software
US10263782B2 (en) Soft-token authentication system
TWI632798B (en) Server, mobile terminal, and network real-name authentication system and method
CN112989426B (en) Authorization authentication method and device, and resource access token acquisition method
CN106304264B (en) Wireless network access method and device
EP2806667A1 (en) Message filtering method and system
CN105357186A (en) Secondary authentication method based on out-of-band authentication and enhanced OTP (One-time Password) mechanism
CN104753674A (en) Application identity authentication method and device
CN101420298B (en) Method and system for negotiating cipher
CN104754571A (en) User authentication realizing method, device and system thereof for multimedia data transmission
CN109729000B (en) Instant messaging method and device
CN109728896A (en) A kind of incoming call certification and source tracing method and process based on block chain
CN111914291A (en) Message processing method, device, equipment and storage medium
CN106453321A (en) Authentication server, system and method, and to-be-authenticated terminal
CN104125230A (en) Short message authentication service system and authentication method
CN113595985A (en) Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip
US9160739B2 (en) Secure data transmission system
CN105141629A (en) Method for improving network security of public Wi-Fi based on WPA/WPA2 PSK multiple passwords
KR101358375B1 (en) Prevention security system and method for smishing
CN106789845A (en) A kind of method of network data security transmission
CN103685181A (en) Key negotiation method based on SRTP
CN107864136A (en) A kind of stolen method of anti-locking system short message service
CN104901967A (en) Registration method for trusted device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180330

RJ01 Rejection of invention patent application after publication