CN108777615A - Dynamic password authentication method and device - Google Patents
Dynamic password authentication method and device Download PDFInfo
- Publication number
- CN108777615A CN108777615A CN201811083683.6A CN201811083683A CN108777615A CN 108777615 A CN108777615 A CN 108777615A CN 201811083683 A CN201811083683 A CN 201811083683A CN 108777615 A CN108777615 A CN 108777615A
- Authority
- CN
- China
- Prior art keywords
- dynamic password
- information
- facility information
- user
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Abstract
The present invention provides a kind of dynamic password authentication method and devices;Wherein, this method includes:Receive the certification instruction that user sends out;It obtains certification and instructs corresponding facility information;According to facility information, the first dynamic password corresponding with current time is generated;First dynamic password is fed back into user, so that the first dynamic password is input in the corresponding equipment of facility information by user, is authenticated by the first dynamic password of equipment pair.The present invention can reduce the property depended on unduly to network communication so that equipment control or certification operation is more convenient, safety higher.
Description
Technical field
The present invention relates to internet of things field, more particularly, to a kind of dynamic password authentication method and device.
Background technology
As internet of things equipment continues to develop, the applications such as online unlocked by mobile telephone, mobile phone control device and equipment identities identification
More and more frequently;It is touched by user terminal (being referred to as client) as shown in Figure 1, existing most common mode is mostly user
Hair operation, for example, specific triggering mode can be the Quick Response Code etc. of scanning device;User terminal (is specifically as follows to server
Cloud server) execution triggering command is sent, server handles the instruction, certification, basis such as subscriber identity information
Assert and searches corresponding device identification etc.;After being disposed, server-side sends out instruction to the corresponding equipment of device identification, with control
The equipment executes corresponding operation.But above-mentioned this mode, when equipment end is under off-line state (such as suspension or in no net
The area of network covering), equipment, which will be unable to receive server, executes request.Also, if servers off-line or delay machine, equipment
Corresponding request can not be executed.
Network communication is excessively relied on for above-mentioned existing equipment control mode or authentication mode, if equipment off-line,
The problem of being difficult to realize the control or certification of equipment not yet proposes effective solution scheme.
Invention content
In view of this, the purpose of the present invention is to provide a kind of dynamic password authentication method and device, to reduce to network
The property depended on unduly of communication so that equipment control or certification operation is more convenient, safety higher.
In a first aspect, an embodiment of the present invention provides a kind of dynamic password authentication method, method is applied to client or clothes
Business device;Method includes:Receive the certification instruction that user sends out;It obtains certification and instructs corresponding facility information;According to facility information,
Generate the first dynamic password corresponding with current time;First dynamic password is fed back into user so that user by first dynamic
In password entry to the corresponding equipment of facility information, it is authenticated by the first dynamic password of equipment pair.
It is above-mentioned according to facility information in preferred embodiments of the present invention, generate the first dynamic corresponding with current time
The step of password, including:First cryptographic calculation is carried out to facility information, obtains information key;By preset Encryption Algorithm and
The corresponding time parameter of current time carries out the second cryptographic calculation to information key, obtains initial dynamic password;Time parameter is
The ratio of current time and preset password effective time length;Intercepting process is carried out to initial dynamic password, obtains default position
The first several dynamic passwords.
In preferred embodiments of the present invention, the above method further includes:What the identity information of acquisition user or user selected
Service type information;It is above-mentioned that first cryptographic calculation carried out to facility information, the step of obtaining information key, including:Equipment is believed
Breath and identity information carry out the first cryptographic calculation, obtain information key;Alternatively, carrying out the to facility information and service type information
One cryptographic calculation, obtains information key.
Second aspect, an embodiment of the present invention provides a kind of dynamic password authentication method, this method is applied to equipment;Method
Including:Receive the first dynamic password input by user;First dynamic password is generated by client or server by following manner:
Receive the certification instruction that user sends out;It obtains certification and instructs corresponding facility information;According to facility information, generation and current time
Corresponding first dynamic password;First dynamic password is fed back into user;According to the facility information of equipment itself, generate and current
Time corresponding second dynamic password;If the second dynamic password matches with the first dynamic password received, dynamic is determined
Password authentication success.
In preferred embodiments of the present invention, the above-mentioned facility information according to equipment itself generates corresponding with current time
The second dynamic password the step of, including:Facility information is subjected to the first cryptographic calculation, obtains information key;By preset
Encryption Algorithm and the corresponding time parameter of current time carry out the second cryptographic calculation to information key, obtain initial dynamic password;
Time parameter is the ratio of current time and preset password effective time length;Intercepting process is carried out to initial dynamic password,
Obtain the second dynamic password of presetting digit capacity.
In preferred embodiments of the present invention, if pre-saved in above-mentioned equipment, there are many service type informations;For
Facility information is carried out the first cryptographic calculation by each service type information, and the step of obtaining information key includes:By facility information
The first cryptographic calculation is carried out with service type information, obtains information key;If having pre-saved multiple validated users in equipment
Identity information;For each identity information, the step of carrying out the first cryptographic calculation, obtain information key facility information, wraps
It includes:Facility information and identity information are subjected to the first cryptographic calculation, obtain information key.
In preferred embodiments of the present invention, if above-mentioned second dynamic password and the first dynamic password phase received
Match, determines the successful step of dynamic password authentication, including:Judge the difference of the second dynamic password and the first dynamic password received
Whether value is in default range;If so, determining dynamic password authentication success.
In preferred embodiments of the present invention, after the successful step of above-mentioned determining dynamic password authentication, method further includes:
Execute the task program to match with the second dynamic password.
The third aspect, an embodiment of the present invention provides a kind of dynamic password authentication device, the device be set to client or
Server;Device includes:Command reception module, the certification instruction sent out for receiving user;Data obtaining module, for obtaining
Certification instructs corresponding facility information;First command generation module, for according to facility information, generating corresponding with current time
First dynamic password;Password feedback module, for the first dynamic password to be fed back to user, so that user is by the first dynamic password
It is input in the corresponding equipment of facility information, is authenticated by the first dynamic password of equipment pair.
Fourth aspect, an embodiment of the present invention provides a kind of dynamic password authentication device, device is set to equipment;Device packet
It includes:Password receiving module, for receiving the first dynamic password input by user;First dynamic password is led to by client or server
Cross following manner generation:Receive the certification instruction that user sends out;It obtains certification and instructs corresponding facility information;Believed according to equipment
Breath generates the first dynamic password corresponding with current time;First dynamic password is fed back into user;Second password generated mould
Block generates the second dynamic password corresponding with current time for the facility information according to equipment itself;Authentication module is used for
If the second dynamic password matches with the first dynamic password received, dynamic password authentication success is determined.
The embodiment of the present invention brings following advantageous effect:
A kind of dynamic password authentication method and device provided in an embodiment of the present invention receive the certification instruction that user sends out
Afterwards, it obtains the certification and instructs corresponding facility information;And then according to the facility information, it is dynamic to generate corresponding with current time first
State password;First dynamic password is finally fed back into user, so that the first dynamic password is input to facility information pair by user
In the equipment answered, it is authenticated by the first dynamic password of equipment pair.Which may be implemented by way of dynamic password from
The control of line equipment or off-line device reduce the property depended on unduly to network communication, make to the access authority authentication of user
Equipment control or certification operation is more convenient, safety higher.
Other features and advantages of the present invention will illustrate in the following description, alternatively, Partial Feature and advantage can be with
Deduce from specification or unambiguously determine, or by implement the present invention above-mentioned technology it can be learnt that.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, better embodiment cited below particularly, and match
Appended attached drawing is closed, is described in detail below.
Description of the drawings
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art are briefly described, it should be apparent that, in being described below
Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor
It puts, other drawings may also be obtained based on these drawings.
Fig. 1 is equipment control mode schematic diagram in the prior art;
Fig. 2 is a kind of flow chart of dynamic password authentication method provided in an embodiment of the present invention;
Fig. 3 is the flow chart of another dynamic password authentication method provided in an embodiment of the present invention;
Fig. 4 is the flow chart of another dynamic password authentication method provided in an embodiment of the present invention;
Fig. 5 is the flow chart of another dynamic password authentication method provided in an embodiment of the present invention;
Fig. 6 is the flow chart of another dynamic password authentication method provided in an embodiment of the present invention;
Fig. 7 is the flow chart of another dynamic password authentication method provided in an embodiment of the present invention;
Fig. 8 is a kind of structural schematic diagram of dynamic password authentication device provided in an embodiment of the present invention;
Fig. 9 is the structural schematic diagram of another dynamic password authentication device provided in an embodiment of the present invention.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention
Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than
Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise
Lower obtained every other embodiment, shall fall within the protection scope of the present invention.
It is difficult if equipment off-line in view of existing equipment control mode or authentication mode excessively rely on network communication
The problem of control or certification to realize equipment, an embodiment of the present invention provides a kind of dynamic password authentication method and devices;It should
Technology can be applied in the control of off-line device or the verification process of off-line device;For ease of understanding the present embodiment,
It describes in detail first to a kind of dynamic password authentication method disclosed in the embodiment of the present invention.
A kind of dynamic password authentication method provided in an embodiment of the present invention, this method are applied to client or server;?
In actual implementation, this method can also be executed by client executing by server;Wherein, which is specifically as follows
The mobile terminals such as mobile phone, tablet computer;The server is specifically as follows cloud server.
As shown in Fig. 2, this method comprises the following steps:
Step S202 receives the certification instruction that user sends out;
If this method be applied to client, the certification instruction can on the client be clicked by user corresponding button or
It scans, fill in corresponding information and obtain;For example, user can get equipment by the Quick Response Code in client scan equipment
Certification instruction is sent out after information.If this method is applied to cloud server, user can be sent out by mobile terminals such as mobile phones
Go out certification instruction.At this point, usually carrying the identity information of user, such as account information, cell-phone number in certification instruction.
Step S204 obtains certification and instructs corresponding facility information;
The facility information generally comprises the device identification for unique mark equipment identities;The facility information can be from certification
It is extracted in instruction, it can also be by being extracted in device identification library.For example, after Quick Response Code of the user by client scan equipment, it can
To obtain the device identification of the equipment from Quick Response Code, client carries the device identification into above-mentioned certification instruction, in turn
It is sent to cloud server, at this point, facility information can be obtained from certification instruction.For another example, before user sends out certification instruction again,
Device identification is selected from the equipment library representation in client, at this point it is possible to obtain the facility information according to the user's choice.
Step S206 generates the first dynamic password corresponding with current time according to facility information;
Specifically, the generating algorithm of dynamic password can be pre-set, using above equipment information and current time as
Input parameter is input in the generating algorithm, obtains the first dynamic password;Wherein, current time can be to receive certification to refer to
The time of order, the current time can specifically be indicated by the form of timestamp.The generating algorithm of above-mentioned dynamic password specifically may be used
Think Encryption Algorithm or other data transformation algorithms;The input parameter of the generating algorithm except above equipment information and current time with
It outside, can also the service type information comprising user's selection, the identity information of user, the term of validity of dynamic password, dynamic password
Digit etc..Above-mentioned first dynamic password is specifically as follows the character string of specified digit, the character string can be number, symbol,
The types such as letter, Chinese character can also include multiple types therein simultaneously.
First dynamic password is fed back to user by step S208, is believed so that the first dynamic password is input to equipment by user
It ceases in corresponding equipment, is authenticated by the first dynamic password of equipment pair.
User can be input to from the interactive interface in the equipment by above-mentioned first dynamic password in equipment;The interactive interface
Can be keyboard, touch screen, scanner or image recognizer etc.;It, can be according to this after equipment receives high first dynamic password
The device identification of equipment itself and current time generate second dynamic password, according to second dynamic password to above-mentioned first
Dynamic password is authenticated.Specifically, (such as phase if the first dynamic password received and the second dynamic password match
Together or the difference of the two within a preset range), then illustrate first dynamic password input by user for the equipment, this
When, equipment can be confirmed that the user has the permission for accessing, controlling or operate the equipment, thus equipment executes corresponding action;
For example, unlocking, starting device provides related service etc..
A kind of dynamic password authentication method provided in an embodiment of the present invention obtains after receiving the certification instruction that user sends out
The certification is taken to instruct corresponding facility information;And then according to the facility information, generate the first dynamic mouth corresponding with current time
It enables;First dynamic password is finally fed back into user, so that the first dynamic password is input to facility information is corresponding by user
In equipment, it is authenticated by the first dynamic password of equipment pair.Which may be implemented to set offline by way of dynamic password
Standby control or off-line device reduces the property depended on unduly to network communication so that set to the access authority authentication of user
The operation of standby control or certification is more convenient, safety higher.
The embodiment of the present invention additionally provides another dynamic password authentication method, and this method is applied to client or service
Device;This method is realized shown in above-described embodiment on the basis of method, as shown in figure 3, this method comprises the following steps:
Step S302 receives the certification instruction that user sends out;
Step S304 obtains certification and instructs corresponding facility information;Obtain the identity information of user or the clothes of user's selection
Service type information;
In actual implementation, in addition to obtaining facility information, it is also necessary to according to the different type of equipment, obtain the identity of user
Information or the service type information of user's selection;Specifically, the equipment for providing service, such as shared bicycle, shared massage armchair
Deng the service type information for needing acquisition user to select;For massage armchair, when which can be massage
Between, the information such as massage part, therefore service type information is referred to as package information.For the equipment with security properties,
Such as Intranet monitoring camera equipment, needs whether certification active user has access or operating right, needs to obtain user at this time
Identity information, such as identification card number, cell-phone number or face characteristic.
Step S306 carries out the first cryptographic calculation to facility information and identity information, obtains information key;Alternatively, pair setting
Standby information and service type information carry out the first cryptographic calculation, obtain information key.Furthermore it is also possible to only be carried out to facility information
First cryptographic calculation, obtains information key;First cryptographic calculation can be Hash operation, multiple Hash operation or other passwords
Algorithm.
Step S308 carries out the by preset Encryption Algorithm and the corresponding time parameter of current time to information key
Two cryptographic calculations obtain initial dynamic password;The time parameter is the ratio of current time and preset password effective time length
Value;
The preset Encryption Algorithm can be that (Hash-based Message Authentication Code are breathed out HMAC
Uncommon message authentication code)-SHA1 Encryption Algorithm, naturally it is also possible to it is realized by other Encryption Algorithm;Above-mentioned time parameter can also
C values referred to as in time interval, the time interval are above-mentioned password effective time length, which can be according to the time
Demand is set, for example, several seconds, a few minutes etc.;Above-mentioned current time can specifically include current year, month, day, hour, min, second,
Can also only include a part therein.Above-mentioned current time can be indicated with current time stamp;Therefore, in above-mentioned time interval
C values=current time stamp/time interval.
Since the time is changing always, current time stamp also changes therewith, and therefore, above-mentioned initial dynamic password would generally be with
The variation for the time is different always, therefore, the randomness bigger of the initial dynamic password, so as to improve the peace of dynamic password
Quan Xing.
Step S310 carries out intercepting process to initial dynamic password, obtains the first dynamic password of presetting digit capacity.
The initial dynamic password obtained by above-mentioned second cryptographic calculation may have very long digit, for the ease of user
Input, can preset the digit of dynamic password, the character of the presetting digit capacity is intercepted from above-mentioned initial dynamic password, is obtained
Above-mentioned first dynamic password.Specifically, it can be intercepted from the specified location of initial dynamic password head, tail portion or centre default
The character of digit can also extract the character of presetting digit capacity at random from initial dynamic password, form above-mentioned first dynamic password.
First dynamic password is fed back to user by step S312, is believed so that the first dynamic password is input to equipment by user
It ceases in corresponding equipment, is authenticated by the first dynamic password of equipment pair.
The control or offline of off-line device may be implemented in above-mentioned dynamic password authentication method by way of dynamic password
Equipment reduces the property depended on unduly to network communication to the access authority authentication of user so that equipment controls or the behaviour of certification
Make more convenient, safety higher.
The embodiment of the present invention additionally provides another dynamic password authentication method, and this method is applied to equipment, which can
With the equipment for providing service for shared bicycle, shared massage armchair etc., or Intranet monitoring camera equipment etc. has confidentiality
The equipment etc. of matter;As shown in figure 4, this method comprises the following steps:
Step S402 receives the first dynamic password input by user;First dynamic password is passed through by client or server
Following manner generates:Receive the certification instruction that user sends out;It obtains certification and instructs corresponding facility information;According to facility information,
Generate the first dynamic password corresponding with current time;First dynamic password is fed back into user;
Step S404 generates the second dynamic password corresponding with current time according to the facility information of equipment itself;
Specifically, the generating algorithm of dynamic password can be pre-set, using above equipment information and current time as
Input parameter is input in the generating algorithm, obtains the second dynamic password;The generating algorithm usually with above-mentioned client or service
Used generating algorithm matches when device the first dynamic password of generation, so that second dynamic password and the first dynamic password have
There is comparativity.
Above-mentioned current time can be to receive the time of certification instruction, which can specifically pass through timestamp
Form indicates.The generating algorithm of above-mentioned dynamic password is specifically as follows Encryption Algorithm or other data transformation algorithms;The generation is calculated
The input parameter of method can also include the service type information of user's selection, use in addition to above equipment information and current time
The identity information at family, the term of validity of dynamic password, digit of dynamic password etc..Above-mentioned first dynamic password is specifically as follows specified
The character string of digit, the character string can be the types such as number, symbol, letter, Chinese character, can also include therein a variety of simultaneously
Type.
Step S406 determines that dynamic password is recognized if the second dynamic password matches with the first dynamic password received
It demonstrate,proves successfully.
In view of the current time of the first dynamic password and the current time of the second dynamic password are poor there are the regular hour,
Thus the second dynamic password is identical as the first dynamic password possibility, it is also possible to not exactly the same;If the difference of the two is default
In range, then dynamic password authentication success can be determined.
Above-mentioned dynamic password authentication method provided in an embodiment of the present invention, equipment receive the first dynamic mouth input by user
After order, according to the equipment facility information of itself, the second dynamic password corresponding with current time is generated;If second dynamic
Password matches with the first dynamic password received, determines dynamic password authentication success.The side which passes through dynamic password
Formula may be implemented off-line device control or off-line device to the access authority authentication of user, reduce the mistake to network communication
Spend dependence so that equipment control or certification operation is more convenient, safety higher.
The embodiment of the present invention additionally provides another dynamic password authentication method, and this method is applied to equipment;This method exists
It is realized on the basis of method shown in above-described embodiment, as shown in figure 5, this method comprises the following steps:
Step S502 receives the first dynamic password input by user;First dynamic password is led to by client or server
Cross following manner generation:Receive the certification instruction that user sends out;It obtains certification and instructs corresponding facility information;Believed according to equipment
Breath generates the first dynamic password corresponding with current time;First dynamic password is fed back into user;
Step S504, if pre-saved in equipment, there are many service type informations;It, will for each service type information
Facility information and service type information carry out the first cryptographic calculation, obtain information key.If pre-saved in equipment multiple
The identity information of validated user;Facility information and identity information are subjected to the first cryptographic calculation, obtain information key.In addition, also
Can the first cryptographic calculation only be carried out to facility information, obtain information key;First cryptographic calculation can be Hash operation, more
Weight Hash operation or other cryptographic algorithms.
Step S506 carries out the by preset Encryption Algorithm and the corresponding time parameter of current time to information key
Two cryptographic calculations obtain initial dynamic password;The time parameter is the ratio of current time and preset password effective time length
Value;
The preset Encryption Algorithm can be that (Hash-based Message Authentication Code are breathed out HMAC
Uncommon message authentication code)-SHA1 Encryption Algorithm, naturally it is also possible to it is realized by other Encryption Algorithm;In general, equipment is to information key
It carries out Encryption Algorithm used in the second cryptographic calculation and the second encryption fortune is carried out to information key with aforementioned client or server
Encryption Algorithm matches used in calculating.
Above-mentioned time parameter is referred to as the C values in time interval, which is above-mentioned password effective time
Length, the time interval can be set according to time demand, for example, several seconds, a few minutes etc.;Above-mentioned current time can specifically wrap
Current year, month, day, hour, min, second are included, can also only include a part therein.Above-mentioned current time can use current time
Stamp indicates;Therefore, C values=current time stamp/time interval in above-mentioned time interval.
Since the time is changing always, current time stamp also changes therewith, and therefore, above-mentioned initial dynamic password would generally be with
The variation for the time is different always, therefore, the randomness bigger of the initial dynamic password, so as to improve the peace of dynamic password
Quan Xing.
Step S508 carries out intercepting process to initial dynamic password, obtains the second dynamic password of presetting digit capacity.
The initial dynamic password obtained by above-mentioned second cryptographic calculation may have very long digit, for the ease of user
Input, can preset the digit of dynamic password, the character of the presetting digit capacity is intercepted from above-mentioned initial dynamic password, is obtained
Above-mentioned second dynamic password.Specifically, it can be intercepted from the specified location of initial dynamic password head, tail portion or centre default
The character of digit can also extract the character of presetting digit capacity at random from initial dynamic password, form above-mentioned second dynamic password.
Step S510, judges the second dynamic password and whether the difference of the first dynamic password that receives is in preset range
It is interior;If so, executing step S512;If not, executing step S514;
Step S512 determines dynamic password authentication success, executes the task program to match with the second dynamic password.
Step S514 determines that dynamic password authentication fails.
The embodiment of the present invention additionally provides another dynamic password authentication method, and this method is applied to equipment;This method exists
It is realized on the basis of method shown in above-described embodiment, in the present embodiment, to be pre-saved in equipment, there are many service type informations
For be specifically described;As shown in fig. 6, this method comprises the following steps:
Step S602 receives the first dynamic password input by user;
Step S604, the initial value that i is arranged are 1;
Step S606 obtains i-th of service type information from pre-saving in a variety of service type informations;
Step S608, judges whether i is less than or equal to N, and N is service type information type sum;If so, executing step
S610, if not, terminating;
Facility information and service type information are carried out the first cryptographic calculation, obtain information key by step S610;
Step S612 carries out the by preset Encryption Algorithm and the corresponding time parameter of current time to information key
Two cryptographic calculations obtain initial dynamic password;The time parameter is the ratio of current time and preset password effective time length
Value;
Step S614 carries out intercepting process to initial dynamic password, obtains the second dynamic password of presetting digit capacity.
Step S616, judges the second dynamic password and whether the difference of the first dynamic password that receives is in preset range
It is interior;If so, executing step S618;If not, i=i+1, continues to execute step S606;
Step S618 determines dynamic password authentication success, executes the task program to match with the second dynamic password.
Aforesaid way may be implemented by way of dynamic password off-line device control or off-line device to user's
Access authority authentication reduces the property depended on unduly to network communication so that equipment controls or the operation of certification is more convenient, pacifies
Full property higher.
The embodiment of the present invention additionally provides another dynamic password authentication method, and this method passes through user, client or clothes
Business device and off-line device tripartite, which interact, to be realized;As shown in fig. 7, this method comprises the following steps:
Step S702, user send certification instruction to client or service charge;Certification instruction can be used for user right
Certification, unlocking, control device operation etc..
Step S704, client or server generate the first dynamic password;
Step S706, client or server show the first dynamic password to user;
Step S708, user input the first dynamic password to equipment;
Step S710, equipment generates the second dynamic password, according to second verifying dynamic password, first dynamic password;
Step S712, after being verified, equipment starts to execute corresponding action.
The dynamic password authentication method that above-described embodiment provides is suitable for the safety certification of universal off-line device;It should be from
Line certification can not only carry out user identity card, moreover it is possible to bring corresponding information certification, such as package information, authority information into;The party
Method does not need more user terminals (client) third party's hardware, such as the support of bluetooth/near-field communication NFC device.
Corresponding to above method embodiment, a kind of structural schematic diagram of dynamic password authentication device shown in Figure 8 should
Device is set to client or server;The device includes:
Command reception module 80, the certification instruction sent out for receiving user;
Data obtaining module 81 instructs corresponding facility information for obtaining certification;
First command generation module 82, for according to facility information, generating the first dynamic password corresponding with current time;
Password feedback module 83, for the first dynamic password to be fed back to user, so that user is defeated by the first dynamic password
Enter to the corresponding equipment of facility information, is authenticated by the first dynamic password of equipment pair.
The structural schematic diagram of another dynamic password authentication device shown in Figure 9, the device are set to equipment;The dress
Set including:
Password receiving module 90, for receiving the first dynamic password input by user;First dynamic password by client or
Server is generated by following manner:Receive the certification instruction that user sends out;It obtains certification and instructs corresponding facility information;According to
Facility information generates the first dynamic password corresponding with current time;First dynamic password is fed back into user;
Second command generation module 91, for according to the facility information of equipment itself, generating corresponding with current time the
Two dynamic passwords;
Authentication module 92 determines dynamic if matched with the first dynamic password received for the second dynamic password
Password authentication success.
Dynamic password authentication device provided in an embodiment of the present invention, the dynamic password authentication method provided with above-described embodiment
Technical characteristic having the same reaches identical technique effect so can also solve identical technical problem.
The computer program product of dynamic password authentication method and device that the embodiment of the present invention is provided, including store
The computer readable storage medium of program code, the instruction that said program code includes can be used for executing in previous methods embodiment
The method, specific implementation can be found in embodiment of the method, and details are not described herein.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be expressed in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic disc or CD.
Finally it should be noted that:Embodiment described above, only specific implementation mode of the invention, to illustrate the present invention
Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair
It is bright to be described in detail, it will be understood by those of ordinary skill in the art that:Any one skilled in the art
In the technical scope disclosed by the present invention, it can still modify to the technical solution recorded in previous embodiment or can be light
It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make
The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover the protection in the present invention
Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. a kind of dynamic password authentication method, which is characterized in that the method is applied to client or server;The method packet
It includes:
Receive the certification instruction that user sends out;
It obtains the certification and instructs corresponding facility information;
According to the facility information, the first dynamic password corresponding with current time is generated;
First dynamic password is fed back into the user so that the user first dynamic password is input to it is described
In the corresponding equipment of facility information, first dynamic password is authenticated by the equipment.
2. according to the method described in claim 1, it is characterized in that, according to the facility information, generate corresponding with current time
The first dynamic password the step of, including:
First cryptographic calculation is carried out to the facility information, obtains information key;
By preset Encryption Algorithm and the corresponding time parameter of current time, the second encryption is carried out to described information key and is transported
It calculates, obtains initial dynamic password;The time parameter is the ratio of the current time and preset password effective time length;
Intercepting process is carried out to the initial dynamic password, obtains the first dynamic password of presetting digit capacity.
3. according to the method described in claim 2, it is characterized in that, the method further includes:Obtain the identity letter of the user
Breath or the service type information of user selection;
The step of is carried out by the first cryptographic calculation, obtains information key for the facility information, including:
First cryptographic calculation is carried out to the facility information and the identity information, obtains information key;
Alternatively, carrying out the first cryptographic calculation to the facility information and the service type information, information key is obtained.
4. a kind of dynamic password authentication method, which is characterized in that the method is applied to equipment;The method includes:
Receive the first dynamic password input by user;First dynamic password is given birth to by client or server by following manner
At:Receive the certification instruction that user sends out;It obtains the certification and instructs corresponding facility information;It is raw according to the facility information
At the first dynamic password corresponding with current time;First dynamic password is fed back into the user;
According to the equipment facility information of itself, the second dynamic password corresponding with current time is generated;
If second dynamic password matches with first dynamic password received, determine dynamic password authentication at
Work(.
5. according to the method described in claim 4, it is characterized in that, described according to the equipment facility information of itself, generation
The step of the second dynamic password corresponding with current time, including:
The facility information is subjected to the first cryptographic calculation, obtains information key;
By preset Encryption Algorithm and the corresponding time parameter of current time, the second encryption is carried out to described information key and is transported
It calculates, obtains initial dynamic password;The time parameter is the ratio of the current time and preset password effective time length;
Intercepting process is carried out to the initial dynamic password, obtains the second dynamic password of presetting digit capacity.
6. according to the method described in claim 5, it is characterized in that, there are many service types if pre-saved in the equipment
Information;It is described that the facility information is subjected to the first cryptographic calculation for each service type information, obtain the step of information key
Suddenly include:The facility information and the service type information are subjected to the first cryptographic calculation, obtain information key;
If pre-saving the identity information of multiple validated users in the equipment;It is described by institute for each identity information
Stating the step of facility information carries out the first cryptographic calculation, obtains information key includes:The facility information and the identity are believed
Breath carries out the first cryptographic calculation, obtains information key.
7. according to the method described in claim 4, it is characterized in that, if second dynamic password and receive described the
One dynamic password matches, and determines the successful step of dynamic password authentication, including:
Judge second dynamic password and whether the difference of first dynamic password that receives is in default range;
If so, determining dynamic password authentication success.
8. described according to the method described in claim 4, it is characterized in that, after determining the successful step of dynamic password authentication
Method further includes:Execute the task program to match with second dynamic password.
9. a kind of dynamic password authentication device, which is characterized in that described device is set to client or server;Described device packet
It includes:
Command reception module, the certification instruction sent out for receiving user;
Data obtaining module instructs corresponding facility information for obtaining the certification;
First command generation module, for according to the facility information, generating the first dynamic password corresponding with current time;
Password feedback module, for first dynamic password to be fed back to the user, so that the user is by described first
Dynamic password is input in the corresponding equipment of the facility information, is recognized first dynamic password by the equipment
Card.
10. a kind of dynamic password authentication device, which is characterized in that described device is set to equipment;Described device includes:
Password receiving module, for receiving the first dynamic password input by user;First dynamic password is by client or clothes
Business device is generated by following manner:Receive the certification instruction that user sends out;It obtains the certification and instructs corresponding facility information;Root
According to the facility information, the first dynamic password corresponding with current time is generated;First dynamic password is fed back to described
User;
Second command generation module, for according to the equipment facility information of itself, generating corresponding with current time second
Dynamic password;
Authentication module determines dynamic if matched with first dynamic password received for second dynamic password
The success of state password authentication.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811083683.6A CN108777615B (en) | 2018-09-17 | 2018-09-17 | Dynamic password authentication method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811083683.6A CN108777615B (en) | 2018-09-17 | 2018-09-17 | Dynamic password authentication method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108777615A true CN108777615A (en) | 2018-11-09 |
CN108777615B CN108777615B (en) | 2021-07-16 |
Family
ID=64029038
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811083683.6A Active CN108777615B (en) | 2018-09-17 | 2018-09-17 | Dynamic password authentication method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108777615B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109814808A (en) * | 2018-12-29 | 2019-05-28 | 国网山东省电力公司博兴县供电公司 | A kind of power monitoring data-link processing method and system |
CN109977038A (en) * | 2019-03-19 | 2019-07-05 | 湖南麒麟信安科技有限公司 | A kind of access control method of encrypted U disk, system and medium |
CN111371867A (en) * | 2020-02-26 | 2020-07-03 | 杭州涂鸦信息技术有限公司 | Control method and device of Internet of things equipment and electronic equipment |
CN112134885A (en) * | 2020-09-23 | 2020-12-25 | 国网江苏省电力有限公司泰州供电分公司 | Method and system for encrypting access of internet terminal |
CN113285948A (en) * | 2021-05-21 | 2021-08-20 | 中国电信股份有限公司 | Reverse dynamic password authentication method, device, medium and electronic equipment |
CN116232634A (en) * | 2022-12-05 | 2023-06-06 | 中央军委政治工作部军事人力资源保障中心 | Cross-domain dynamic password identity security authentication system and method |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1977490A (en) * | 2004-06-28 | 2007-06-06 | 株式会社东芝 | Storage medium processing method, storage medium processing apparatus, and program |
CN101197665A (en) * | 2007-12-24 | 2008-06-11 | 北京飞天诚信科技有限公司 | Dynamic password generation method and device thereof |
CN101291228A (en) * | 2008-06-18 | 2008-10-22 | 华为技术有限公司 | Generating, authenticating method for super code, system and device thereof |
CN101420302A (en) * | 2008-12-01 | 2009-04-29 | 成都市华为赛门铁克科技有限公司 | Safe identification method and device |
CN102148685A (en) * | 2010-02-04 | 2011-08-10 | 陈祖石 | Method and system for dynamically authenticating password by multi-password seed self-defined by user |
CN102843236A (en) * | 2012-09-12 | 2012-12-26 | 飞天诚信科技股份有限公司 | Generation and authentication method and system for dynamic password |
CN103078739A (en) * | 2012-12-27 | 2013-05-01 | 华为技术有限公司 | Dynamic-password authenticating method, device and network system |
CN103491090A (en) * | 2013-09-23 | 2014-01-01 | 金蝶软件(中国)有限公司 | Safety authentication method, device and system |
CN103607281A (en) * | 2013-11-12 | 2014-02-26 | 飞天诚信科技股份有限公司 | Safety device unlocking method and system |
CN107086622A (en) * | 2017-05-08 | 2017-08-22 | 上海熊家信息科技有限公司 | Barcode scanning charging equipment and barcode scanning charging method, system |
US20170329944A1 (en) * | 2016-05-11 | 2017-11-16 | Ca, Inc. | Two-way authentication in single password with agent |
CN107689097A (en) * | 2017-08-29 | 2018-02-13 | 重庆壹元电科技有限公司 | Synchronizing Passwords generation and checking system and its application based on frequency hopping |
CN107979472A (en) * | 2017-12-01 | 2018-05-01 | 江苏乐希科技有限公司 | A kind of coding lock system and authentication method |
-
2018
- 2018-09-17 CN CN201811083683.6A patent/CN108777615B/en active Active
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1977490A (en) * | 2004-06-28 | 2007-06-06 | 株式会社东芝 | Storage medium processing method, storage medium processing apparatus, and program |
CN101197665A (en) * | 2007-12-24 | 2008-06-11 | 北京飞天诚信科技有限公司 | Dynamic password generation method and device thereof |
CN101291228A (en) * | 2008-06-18 | 2008-10-22 | 华为技术有限公司 | Generating, authenticating method for super code, system and device thereof |
CN101420302A (en) * | 2008-12-01 | 2009-04-29 | 成都市华为赛门铁克科技有限公司 | Safe identification method and device |
CN102148685A (en) * | 2010-02-04 | 2011-08-10 | 陈祖石 | Method and system for dynamically authenticating password by multi-password seed self-defined by user |
CN102843236A (en) * | 2012-09-12 | 2012-12-26 | 飞天诚信科技股份有限公司 | Generation and authentication method and system for dynamic password |
CN103078739A (en) * | 2012-12-27 | 2013-05-01 | 华为技术有限公司 | Dynamic-password authenticating method, device and network system |
CN103491090A (en) * | 2013-09-23 | 2014-01-01 | 金蝶软件(中国)有限公司 | Safety authentication method, device and system |
CN103607281A (en) * | 2013-11-12 | 2014-02-26 | 飞天诚信科技股份有限公司 | Safety device unlocking method and system |
US20170329944A1 (en) * | 2016-05-11 | 2017-11-16 | Ca, Inc. | Two-way authentication in single password with agent |
CN107086622A (en) * | 2017-05-08 | 2017-08-22 | 上海熊家信息科技有限公司 | Barcode scanning charging equipment and barcode scanning charging method, system |
CN107689097A (en) * | 2017-08-29 | 2018-02-13 | 重庆壹元电科技有限公司 | Synchronizing Passwords generation and checking system and its application based on frequency hopping |
CN107979472A (en) * | 2017-12-01 | 2018-05-01 | 江苏乐希科技有限公司 | A kind of coding lock system and authentication method |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109814808A (en) * | 2018-12-29 | 2019-05-28 | 国网山东省电力公司博兴县供电公司 | A kind of power monitoring data-link processing method and system |
CN109977038A (en) * | 2019-03-19 | 2019-07-05 | 湖南麒麟信安科技有限公司 | A kind of access control method of encrypted U disk, system and medium |
CN109977038B (en) * | 2019-03-19 | 2021-02-05 | 湖南麒麟信安科技股份有限公司 | Access control method, system and medium for encrypted USB flash disk |
CN111371867A (en) * | 2020-02-26 | 2020-07-03 | 杭州涂鸦信息技术有限公司 | Control method and device of Internet of things equipment and electronic equipment |
CN112134885A (en) * | 2020-09-23 | 2020-12-25 | 国网江苏省电力有限公司泰州供电分公司 | Method and system for encrypting access of internet terminal |
CN113285948A (en) * | 2021-05-21 | 2021-08-20 | 中国电信股份有限公司 | Reverse dynamic password authentication method, device, medium and electronic equipment |
CN116232634A (en) * | 2022-12-05 | 2023-06-06 | 中央军委政治工作部军事人力资源保障中心 | Cross-domain dynamic password identity security authentication system and method |
CN116232634B (en) * | 2022-12-05 | 2024-04-16 | 中央军委政治工作部军事人力资源保障中心 | Cross-domain dynamic password identity security authentication system and method |
Also Published As
Publication number | Publication date |
---|---|
CN108777615B (en) | 2021-07-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108777615A (en) | Dynamic password authentication method and device | |
CN107302539B (en) | Electronic identity registration and authentication login method and system | |
TWI578749B (en) | Methods and apparatus for migrating keys | |
US10205711B2 (en) | Multi-user strong authentication token | |
US9887989B2 (en) | Protecting passwords and biometrics against back-end security breaches | |
Ibrokhimov et al. | Multi-factor authentication in cyber physical system: A state of art survey | |
CN108965222B (en) | Identity authentication method, system and computer readable storage medium | |
JP2017503253A (en) | Authentication system and method using QR code | |
CN110311895B (en) | Session permission verification method and system based on identity authentication and electronic equipment | |
KR102274285B1 (en) | An OTP security management method by using dynamic shared secret distribution algorithm | |
WO2017117520A1 (en) | A method, system and apparatus using forward-secure cryptography for passcode verification | |
KR101052294B1 (en) | Apparatus and method for contents security | |
CN111726369A (en) | Identity authentication method, system and server | |
CN113221128A (en) | Account and password storage method and registration management system | |
CN106487758B (en) | data security signature method, service terminal and private key backup server | |
TW201544983A (en) | Data communication method and system, client terminal and server | |
CN111163164A (en) | Cloud desktop secure transmission method and device based on Roc chip | |
CN109861954B (en) | Authentication method, mobile terminal, PC (personal computer) terminal and auxiliary authentication server | |
AU2018100503A4 (en) | Split data/split storage | |
JP7250960B2 (en) | User authentication and signature device using user biometrics, and method thereof | |
US20210365531A1 (en) | Method and electronic device for authenticating a user | |
CN108280330A (en) | Data output method and system | |
TW201843613A (en) | Personal identity authentication method and system using graphic lock capable of ensuring a high-security identity authentication | |
Johnson et al. | With vaulted voice verification my voice is my key | |
Oduguwa et al. | A Review of Password-less User Authentication Schemes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Dynamic password authentication method and device Effective date of registration: 20221216 Granted publication date: 20210716 Pledgee: Bank of Jiangsu Limited by Share Ltd. Shanghai Changning branch Pledgor: SHANGHAI BINGSOFT TECHNOLOGY Co.,Ltd. Registration number: Y2022310000379 |