CN108777615A - Dynamic password authentication method and device - Google Patents

Dynamic password authentication method and device Download PDF

Info

Publication number
CN108777615A
CN108777615A CN201811083683.6A CN201811083683A CN108777615A CN 108777615 A CN108777615 A CN 108777615A CN 201811083683 A CN201811083683 A CN 201811083683A CN 108777615 A CN108777615 A CN 108777615A
Authority
CN
China
Prior art keywords
dynamic password
information
facility information
user
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811083683.6A
Other languages
Chinese (zh)
Other versions
CN108777615B (en
Inventor
汤晓冬
程谦谦
魏娜
汪勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Union Software Technology Co Ltd
Original Assignee
Shanghai Union Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Union Software Technology Co Ltd filed Critical Shanghai Union Software Technology Co Ltd
Priority to CN201811083683.6A priority Critical patent/CN108777615B/en
Publication of CN108777615A publication Critical patent/CN108777615A/en
Application granted granted Critical
Publication of CN108777615B publication Critical patent/CN108777615B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Abstract

The present invention provides a kind of dynamic password authentication method and devices;Wherein, this method includes:Receive the certification instruction that user sends out;It obtains certification and instructs corresponding facility information;According to facility information, the first dynamic password corresponding with current time is generated;First dynamic password is fed back into user, so that the first dynamic password is input in the corresponding equipment of facility information by user, is authenticated by the first dynamic password of equipment pair.The present invention can reduce the property depended on unduly to network communication so that equipment control or certification operation is more convenient, safety higher.

Description

Dynamic password authentication method and device
Technical field
The present invention relates to internet of things field, more particularly, to a kind of dynamic password authentication method and device.
Background technology
As internet of things equipment continues to develop, the applications such as online unlocked by mobile telephone, mobile phone control device and equipment identities identification More and more frequently;It is touched by user terminal (being referred to as client) as shown in Figure 1, existing most common mode is mostly user Hair operation, for example, specific triggering mode can be the Quick Response Code etc. of scanning device;User terminal (is specifically as follows to server Cloud server) execution triggering command is sent, server handles the instruction, certification, basis such as subscriber identity information Assert and searches corresponding device identification etc.;After being disposed, server-side sends out instruction to the corresponding equipment of device identification, with control The equipment executes corresponding operation.But above-mentioned this mode, when equipment end is under off-line state (such as suspension or in no net The area of network covering), equipment, which will be unable to receive server, executes request.Also, if servers off-line or delay machine, equipment Corresponding request can not be executed.
Network communication is excessively relied on for above-mentioned existing equipment control mode or authentication mode, if equipment off-line, The problem of being difficult to realize the control or certification of equipment not yet proposes effective solution scheme.
Invention content
In view of this, the purpose of the present invention is to provide a kind of dynamic password authentication method and device, to reduce to network The property depended on unduly of communication so that equipment control or certification operation is more convenient, safety higher.
In a first aspect, an embodiment of the present invention provides a kind of dynamic password authentication method, method is applied to client or clothes Business device;Method includes:Receive the certification instruction that user sends out;It obtains certification and instructs corresponding facility information;According to facility information, Generate the first dynamic password corresponding with current time;First dynamic password is fed back into user so that user by first dynamic In password entry to the corresponding equipment of facility information, it is authenticated by the first dynamic password of equipment pair.
It is above-mentioned according to facility information in preferred embodiments of the present invention, generate the first dynamic corresponding with current time The step of password, including:First cryptographic calculation is carried out to facility information, obtains information key;By preset Encryption Algorithm and The corresponding time parameter of current time carries out the second cryptographic calculation to information key, obtains initial dynamic password;Time parameter is The ratio of current time and preset password effective time length;Intercepting process is carried out to initial dynamic password, obtains default position The first several dynamic passwords.
In preferred embodiments of the present invention, the above method further includes:What the identity information of acquisition user or user selected Service type information;It is above-mentioned that first cryptographic calculation carried out to facility information, the step of obtaining information key, including:Equipment is believed Breath and identity information carry out the first cryptographic calculation, obtain information key;Alternatively, carrying out the to facility information and service type information One cryptographic calculation, obtains information key.
Second aspect, an embodiment of the present invention provides a kind of dynamic password authentication method, this method is applied to equipment;Method Including:Receive the first dynamic password input by user;First dynamic password is generated by client or server by following manner: Receive the certification instruction that user sends out;It obtains certification and instructs corresponding facility information;According to facility information, generation and current time Corresponding first dynamic password;First dynamic password is fed back into user;According to the facility information of equipment itself, generate and current Time corresponding second dynamic password;If the second dynamic password matches with the first dynamic password received, dynamic is determined Password authentication success.
In preferred embodiments of the present invention, the above-mentioned facility information according to equipment itself generates corresponding with current time The second dynamic password the step of, including:Facility information is subjected to the first cryptographic calculation, obtains information key;By preset Encryption Algorithm and the corresponding time parameter of current time carry out the second cryptographic calculation to information key, obtain initial dynamic password; Time parameter is the ratio of current time and preset password effective time length;Intercepting process is carried out to initial dynamic password, Obtain the second dynamic password of presetting digit capacity.
In preferred embodiments of the present invention, if pre-saved in above-mentioned equipment, there are many service type informations;For Facility information is carried out the first cryptographic calculation by each service type information, and the step of obtaining information key includes:By facility information The first cryptographic calculation is carried out with service type information, obtains information key;If having pre-saved multiple validated users in equipment Identity information;For each identity information, the step of carrying out the first cryptographic calculation, obtain information key facility information, wraps It includes:Facility information and identity information are subjected to the first cryptographic calculation, obtain information key.
In preferred embodiments of the present invention, if above-mentioned second dynamic password and the first dynamic password phase received Match, determines the successful step of dynamic password authentication, including:Judge the difference of the second dynamic password and the first dynamic password received Whether value is in default range;If so, determining dynamic password authentication success.
In preferred embodiments of the present invention, after the successful step of above-mentioned determining dynamic password authentication, method further includes: Execute the task program to match with the second dynamic password.
The third aspect, an embodiment of the present invention provides a kind of dynamic password authentication device, the device be set to client or Server;Device includes:Command reception module, the certification instruction sent out for receiving user;Data obtaining module, for obtaining Certification instructs corresponding facility information;First command generation module, for according to facility information, generating corresponding with current time First dynamic password;Password feedback module, for the first dynamic password to be fed back to user, so that user is by the first dynamic password It is input in the corresponding equipment of facility information, is authenticated by the first dynamic password of equipment pair.
Fourth aspect, an embodiment of the present invention provides a kind of dynamic password authentication device, device is set to equipment;Device packet It includes:Password receiving module, for receiving the first dynamic password input by user;First dynamic password is led to by client or server Cross following manner generation:Receive the certification instruction that user sends out;It obtains certification and instructs corresponding facility information;Believed according to equipment Breath generates the first dynamic password corresponding with current time;First dynamic password is fed back into user;Second password generated mould Block generates the second dynamic password corresponding with current time for the facility information according to equipment itself;Authentication module is used for If the second dynamic password matches with the first dynamic password received, dynamic password authentication success is determined.
The embodiment of the present invention brings following advantageous effect:
A kind of dynamic password authentication method and device provided in an embodiment of the present invention receive the certification instruction that user sends out Afterwards, it obtains the certification and instructs corresponding facility information;And then according to the facility information, it is dynamic to generate corresponding with current time first State password;First dynamic password is finally fed back into user, so that the first dynamic password is input to facility information pair by user In the equipment answered, it is authenticated by the first dynamic password of equipment pair.Which may be implemented by way of dynamic password from The control of line equipment or off-line device reduce the property depended on unduly to network communication, make to the access authority authentication of user Equipment control or certification operation is more convenient, safety higher.
Other features and advantages of the present invention will illustrate in the following description, alternatively, Partial Feature and advantage can be with Deduce from specification or unambiguously determine, or by implement the present invention above-mentioned technology it can be learnt that.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, better embodiment cited below particularly, and match Appended attached drawing is closed, is described in detail below.
Description of the drawings
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art are briefly described, it should be apparent that, in being described below Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor It puts, other drawings may also be obtained based on these drawings.
Fig. 1 is equipment control mode schematic diagram in the prior art;
Fig. 2 is a kind of flow chart of dynamic password authentication method provided in an embodiment of the present invention;
Fig. 3 is the flow chart of another dynamic password authentication method provided in an embodiment of the present invention;
Fig. 4 is the flow chart of another dynamic password authentication method provided in an embodiment of the present invention;
Fig. 5 is the flow chart of another dynamic password authentication method provided in an embodiment of the present invention;
Fig. 6 is the flow chart of another dynamic password authentication method provided in an embodiment of the present invention;
Fig. 7 is the flow chart of another dynamic password authentication method provided in an embodiment of the present invention;
Fig. 8 is a kind of structural schematic diagram of dynamic password authentication device provided in an embodiment of the present invention;
Fig. 9 is the structural schematic diagram of another dynamic password authentication device provided in an embodiment of the present invention.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Lower obtained every other embodiment, shall fall within the protection scope of the present invention.
It is difficult if equipment off-line in view of existing equipment control mode or authentication mode excessively rely on network communication The problem of control or certification to realize equipment, an embodiment of the present invention provides a kind of dynamic password authentication method and devices;It should Technology can be applied in the control of off-line device or the verification process of off-line device;For ease of understanding the present embodiment, It describes in detail first to a kind of dynamic password authentication method disclosed in the embodiment of the present invention.
A kind of dynamic password authentication method provided in an embodiment of the present invention, this method are applied to client or server;? In actual implementation, this method can also be executed by client executing by server;Wherein, which is specifically as follows The mobile terminals such as mobile phone, tablet computer;The server is specifically as follows cloud server.
As shown in Fig. 2, this method comprises the following steps:
Step S202 receives the certification instruction that user sends out;
If this method be applied to client, the certification instruction can on the client be clicked by user corresponding button or It scans, fill in corresponding information and obtain;For example, user can get equipment by the Quick Response Code in client scan equipment Certification instruction is sent out after information.If this method is applied to cloud server, user can be sent out by mobile terminals such as mobile phones Go out certification instruction.At this point, usually carrying the identity information of user, such as account information, cell-phone number in certification instruction.
Step S204 obtains certification and instructs corresponding facility information;
The facility information generally comprises the device identification for unique mark equipment identities;The facility information can be from certification It is extracted in instruction, it can also be by being extracted in device identification library.For example, after Quick Response Code of the user by client scan equipment, it can To obtain the device identification of the equipment from Quick Response Code, client carries the device identification into above-mentioned certification instruction, in turn It is sent to cloud server, at this point, facility information can be obtained from certification instruction.For another example, before user sends out certification instruction again, Device identification is selected from the equipment library representation in client, at this point it is possible to obtain the facility information according to the user's choice.
Step S206 generates the first dynamic password corresponding with current time according to facility information;
Specifically, the generating algorithm of dynamic password can be pre-set, using above equipment information and current time as Input parameter is input in the generating algorithm, obtains the first dynamic password;Wherein, current time can be to receive certification to refer to The time of order, the current time can specifically be indicated by the form of timestamp.The generating algorithm of above-mentioned dynamic password specifically may be used Think Encryption Algorithm or other data transformation algorithms;The input parameter of the generating algorithm except above equipment information and current time with It outside, can also the service type information comprising user's selection, the identity information of user, the term of validity of dynamic password, dynamic password Digit etc..Above-mentioned first dynamic password is specifically as follows the character string of specified digit, the character string can be number, symbol, The types such as letter, Chinese character can also include multiple types therein simultaneously.
First dynamic password is fed back to user by step S208, is believed so that the first dynamic password is input to equipment by user It ceases in corresponding equipment, is authenticated by the first dynamic password of equipment pair.
User can be input to from the interactive interface in the equipment by above-mentioned first dynamic password in equipment;The interactive interface Can be keyboard, touch screen, scanner or image recognizer etc.;It, can be according to this after equipment receives high first dynamic password The device identification of equipment itself and current time generate second dynamic password, according to second dynamic password to above-mentioned first Dynamic password is authenticated.Specifically, (such as phase if the first dynamic password received and the second dynamic password match Together or the difference of the two within a preset range), then illustrate first dynamic password input by user for the equipment, this When, equipment can be confirmed that the user has the permission for accessing, controlling or operate the equipment, thus equipment executes corresponding action; For example, unlocking, starting device provides related service etc..
A kind of dynamic password authentication method provided in an embodiment of the present invention obtains after receiving the certification instruction that user sends out The certification is taken to instruct corresponding facility information;And then according to the facility information, generate the first dynamic mouth corresponding with current time It enables;First dynamic password is finally fed back into user, so that the first dynamic password is input to facility information is corresponding by user In equipment, it is authenticated by the first dynamic password of equipment pair.Which may be implemented to set offline by way of dynamic password Standby control or off-line device reduces the property depended on unduly to network communication so that set to the access authority authentication of user The operation of standby control or certification is more convenient, safety higher.
The embodiment of the present invention additionally provides another dynamic password authentication method, and this method is applied to client or service Device;This method is realized shown in above-described embodiment on the basis of method, as shown in figure 3, this method comprises the following steps:
Step S302 receives the certification instruction that user sends out;
Step S304 obtains certification and instructs corresponding facility information;Obtain the identity information of user or the clothes of user's selection Service type information;
In actual implementation, in addition to obtaining facility information, it is also necessary to according to the different type of equipment, obtain the identity of user Information or the service type information of user's selection;Specifically, the equipment for providing service, such as shared bicycle, shared massage armchair Deng the service type information for needing acquisition user to select;For massage armchair, when which can be massage Between, the information such as massage part, therefore service type information is referred to as package information.For the equipment with security properties, Such as Intranet monitoring camera equipment, needs whether certification active user has access or operating right, needs to obtain user at this time Identity information, such as identification card number, cell-phone number or face characteristic.
Step S306 carries out the first cryptographic calculation to facility information and identity information, obtains information key;Alternatively, pair setting Standby information and service type information carry out the first cryptographic calculation, obtain information key.Furthermore it is also possible to only be carried out to facility information First cryptographic calculation, obtains information key;First cryptographic calculation can be Hash operation, multiple Hash operation or other passwords Algorithm.
Step S308 carries out the by preset Encryption Algorithm and the corresponding time parameter of current time to information key Two cryptographic calculations obtain initial dynamic password;The time parameter is the ratio of current time and preset password effective time length Value;
The preset Encryption Algorithm can be that (Hash-based Message Authentication Code are breathed out HMAC Uncommon message authentication code)-SHA1 Encryption Algorithm, naturally it is also possible to it is realized by other Encryption Algorithm;Above-mentioned time parameter can also C values referred to as in time interval, the time interval are above-mentioned password effective time length, which can be according to the time Demand is set, for example, several seconds, a few minutes etc.;Above-mentioned current time can specifically include current year, month, day, hour, min, second, Can also only include a part therein.Above-mentioned current time can be indicated with current time stamp;Therefore, in above-mentioned time interval C values=current time stamp/time interval.
Since the time is changing always, current time stamp also changes therewith, and therefore, above-mentioned initial dynamic password would generally be with The variation for the time is different always, therefore, the randomness bigger of the initial dynamic password, so as to improve the peace of dynamic password Quan Xing.
Step S310 carries out intercepting process to initial dynamic password, obtains the first dynamic password of presetting digit capacity.
The initial dynamic password obtained by above-mentioned second cryptographic calculation may have very long digit, for the ease of user Input, can preset the digit of dynamic password, the character of the presetting digit capacity is intercepted from above-mentioned initial dynamic password, is obtained Above-mentioned first dynamic password.Specifically, it can be intercepted from the specified location of initial dynamic password head, tail portion or centre default The character of digit can also extract the character of presetting digit capacity at random from initial dynamic password, form above-mentioned first dynamic password.
First dynamic password is fed back to user by step S312, is believed so that the first dynamic password is input to equipment by user It ceases in corresponding equipment, is authenticated by the first dynamic password of equipment pair.
The control or offline of off-line device may be implemented in above-mentioned dynamic password authentication method by way of dynamic password Equipment reduces the property depended on unduly to network communication to the access authority authentication of user so that equipment controls or the behaviour of certification Make more convenient, safety higher.
The embodiment of the present invention additionally provides another dynamic password authentication method, and this method is applied to equipment, which can With the equipment for providing service for shared bicycle, shared massage armchair etc., or Intranet monitoring camera equipment etc. has confidentiality The equipment etc. of matter;As shown in figure 4, this method comprises the following steps:
Step S402 receives the first dynamic password input by user;First dynamic password is passed through by client or server Following manner generates:Receive the certification instruction that user sends out;It obtains certification and instructs corresponding facility information;According to facility information, Generate the first dynamic password corresponding with current time;First dynamic password is fed back into user;
Step S404 generates the second dynamic password corresponding with current time according to the facility information of equipment itself;
Specifically, the generating algorithm of dynamic password can be pre-set, using above equipment information and current time as Input parameter is input in the generating algorithm, obtains the second dynamic password;The generating algorithm usually with above-mentioned client or service Used generating algorithm matches when device the first dynamic password of generation, so that second dynamic password and the first dynamic password have There is comparativity.
Above-mentioned current time can be to receive the time of certification instruction, which can specifically pass through timestamp Form indicates.The generating algorithm of above-mentioned dynamic password is specifically as follows Encryption Algorithm or other data transformation algorithms;The generation is calculated The input parameter of method can also include the service type information of user's selection, use in addition to above equipment information and current time The identity information at family, the term of validity of dynamic password, digit of dynamic password etc..Above-mentioned first dynamic password is specifically as follows specified The character string of digit, the character string can be the types such as number, symbol, letter, Chinese character, can also include therein a variety of simultaneously Type.
Step S406 determines that dynamic password is recognized if the second dynamic password matches with the first dynamic password received It demonstrate,proves successfully.
In view of the current time of the first dynamic password and the current time of the second dynamic password are poor there are the regular hour, Thus the second dynamic password is identical as the first dynamic password possibility, it is also possible to not exactly the same;If the difference of the two is default In range, then dynamic password authentication success can be determined.
Above-mentioned dynamic password authentication method provided in an embodiment of the present invention, equipment receive the first dynamic mouth input by user After order, according to the equipment facility information of itself, the second dynamic password corresponding with current time is generated;If second dynamic Password matches with the first dynamic password received, determines dynamic password authentication success.The side which passes through dynamic password Formula may be implemented off-line device control or off-line device to the access authority authentication of user, reduce the mistake to network communication Spend dependence so that equipment control or certification operation is more convenient, safety higher.
The embodiment of the present invention additionally provides another dynamic password authentication method, and this method is applied to equipment;This method exists It is realized on the basis of method shown in above-described embodiment, as shown in figure 5, this method comprises the following steps:
Step S502 receives the first dynamic password input by user;First dynamic password is led to by client or server Cross following manner generation:Receive the certification instruction that user sends out;It obtains certification and instructs corresponding facility information;Believed according to equipment Breath generates the first dynamic password corresponding with current time;First dynamic password is fed back into user;
Step S504, if pre-saved in equipment, there are many service type informations;It, will for each service type information Facility information and service type information carry out the first cryptographic calculation, obtain information key.If pre-saved in equipment multiple The identity information of validated user;Facility information and identity information are subjected to the first cryptographic calculation, obtain information key.In addition, also Can the first cryptographic calculation only be carried out to facility information, obtain information key;First cryptographic calculation can be Hash operation, more Weight Hash operation or other cryptographic algorithms.
Step S506 carries out the by preset Encryption Algorithm and the corresponding time parameter of current time to information key Two cryptographic calculations obtain initial dynamic password;The time parameter is the ratio of current time and preset password effective time length Value;
The preset Encryption Algorithm can be that (Hash-based Message Authentication Code are breathed out HMAC Uncommon message authentication code)-SHA1 Encryption Algorithm, naturally it is also possible to it is realized by other Encryption Algorithm;In general, equipment is to information key It carries out Encryption Algorithm used in the second cryptographic calculation and the second encryption fortune is carried out to information key with aforementioned client or server Encryption Algorithm matches used in calculating.
Above-mentioned time parameter is referred to as the C values in time interval, which is above-mentioned password effective time Length, the time interval can be set according to time demand, for example, several seconds, a few minutes etc.;Above-mentioned current time can specifically wrap Current year, month, day, hour, min, second are included, can also only include a part therein.Above-mentioned current time can use current time Stamp indicates;Therefore, C values=current time stamp/time interval in above-mentioned time interval.
Since the time is changing always, current time stamp also changes therewith, and therefore, above-mentioned initial dynamic password would generally be with The variation for the time is different always, therefore, the randomness bigger of the initial dynamic password, so as to improve the peace of dynamic password Quan Xing.
Step S508 carries out intercepting process to initial dynamic password, obtains the second dynamic password of presetting digit capacity.
The initial dynamic password obtained by above-mentioned second cryptographic calculation may have very long digit, for the ease of user Input, can preset the digit of dynamic password, the character of the presetting digit capacity is intercepted from above-mentioned initial dynamic password, is obtained Above-mentioned second dynamic password.Specifically, it can be intercepted from the specified location of initial dynamic password head, tail portion or centre default The character of digit can also extract the character of presetting digit capacity at random from initial dynamic password, form above-mentioned second dynamic password.
Step S510, judges the second dynamic password and whether the difference of the first dynamic password that receives is in preset range It is interior;If so, executing step S512;If not, executing step S514;
Step S512 determines dynamic password authentication success, executes the task program to match with the second dynamic password.
Step S514 determines that dynamic password authentication fails.
The embodiment of the present invention additionally provides another dynamic password authentication method, and this method is applied to equipment;This method exists It is realized on the basis of method shown in above-described embodiment, in the present embodiment, to be pre-saved in equipment, there are many service type informations For be specifically described;As shown in fig. 6, this method comprises the following steps:
Step S602 receives the first dynamic password input by user;
Step S604, the initial value that i is arranged are 1;
Step S606 obtains i-th of service type information from pre-saving in a variety of service type informations;
Step S608, judges whether i is less than or equal to N, and N is service type information type sum;If so, executing step S610, if not, terminating;
Facility information and service type information are carried out the first cryptographic calculation, obtain information key by step S610;
Step S612 carries out the by preset Encryption Algorithm and the corresponding time parameter of current time to information key Two cryptographic calculations obtain initial dynamic password;The time parameter is the ratio of current time and preset password effective time length Value;
Step S614 carries out intercepting process to initial dynamic password, obtains the second dynamic password of presetting digit capacity.
Step S616, judges the second dynamic password and whether the difference of the first dynamic password that receives is in preset range It is interior;If so, executing step S618;If not, i=i+1, continues to execute step S606;
Step S618 determines dynamic password authentication success, executes the task program to match with the second dynamic password.
Aforesaid way may be implemented by way of dynamic password off-line device control or off-line device to user's Access authority authentication reduces the property depended on unduly to network communication so that equipment controls or the operation of certification is more convenient, pacifies Full property higher.
The embodiment of the present invention additionally provides another dynamic password authentication method, and this method passes through user, client or clothes Business device and off-line device tripartite, which interact, to be realized;As shown in fig. 7, this method comprises the following steps:
Step S702, user send certification instruction to client or service charge;Certification instruction can be used for user right Certification, unlocking, control device operation etc..
Step S704, client or server generate the first dynamic password;
Step S706, client or server show the first dynamic password to user;
Step S708, user input the first dynamic password to equipment;
Step S710, equipment generates the second dynamic password, according to second verifying dynamic password, first dynamic password;
Step S712, after being verified, equipment starts to execute corresponding action.
The dynamic password authentication method that above-described embodiment provides is suitable for the safety certification of universal off-line device;It should be from Line certification can not only carry out user identity card, moreover it is possible to bring corresponding information certification, such as package information, authority information into;The party Method does not need more user terminals (client) third party's hardware, such as the support of bluetooth/near-field communication NFC device.
Corresponding to above method embodiment, a kind of structural schematic diagram of dynamic password authentication device shown in Figure 8 should Device is set to client or server;The device includes:
Command reception module 80, the certification instruction sent out for receiving user;
Data obtaining module 81 instructs corresponding facility information for obtaining certification;
First command generation module 82, for according to facility information, generating the first dynamic password corresponding with current time;
Password feedback module 83, for the first dynamic password to be fed back to user, so that user is defeated by the first dynamic password Enter to the corresponding equipment of facility information, is authenticated by the first dynamic password of equipment pair.
The structural schematic diagram of another dynamic password authentication device shown in Figure 9, the device are set to equipment;The dress Set including:
Password receiving module 90, for receiving the first dynamic password input by user;First dynamic password by client or Server is generated by following manner:Receive the certification instruction that user sends out;It obtains certification and instructs corresponding facility information;According to Facility information generates the first dynamic password corresponding with current time;First dynamic password is fed back into user;
Second command generation module 91, for according to the facility information of equipment itself, generating corresponding with current time the Two dynamic passwords;
Authentication module 92 determines dynamic if matched with the first dynamic password received for the second dynamic password Password authentication success.
Dynamic password authentication device provided in an embodiment of the present invention, the dynamic password authentication method provided with above-described embodiment Technical characteristic having the same reaches identical technique effect so can also solve identical technical problem.
The computer program product of dynamic password authentication method and device that the embodiment of the present invention is provided, including store The computer readable storage medium of program code, the instruction that said program code includes can be used for executing in previous methods embodiment The method, specific implementation can be found in embodiment of the method, and details are not described herein.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially in other words The part of the part that contributes to existing technology or the technical solution can be expressed in the form of software products, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention. And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic disc or CD.
Finally it should be noted that:Embodiment described above, only specific implementation mode of the invention, to illustrate the present invention Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair It is bright to be described in detail, it will be understood by those of ordinary skill in the art that:Any one skilled in the art In the technical scope disclosed by the present invention, it can still modify to the technical solution recorded in previous embodiment or can be light It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover the protection in the present invention Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. a kind of dynamic password authentication method, which is characterized in that the method is applied to client or server;The method packet It includes:
Receive the certification instruction that user sends out;
It obtains the certification and instructs corresponding facility information;
According to the facility information, the first dynamic password corresponding with current time is generated;
First dynamic password is fed back into the user so that the user first dynamic password is input to it is described In the corresponding equipment of facility information, first dynamic password is authenticated by the equipment.
2. according to the method described in claim 1, it is characterized in that, according to the facility information, generate corresponding with current time The first dynamic password the step of, including:
First cryptographic calculation is carried out to the facility information, obtains information key;
By preset Encryption Algorithm and the corresponding time parameter of current time, the second encryption is carried out to described information key and is transported It calculates, obtains initial dynamic password;The time parameter is the ratio of the current time and preset password effective time length;
Intercepting process is carried out to the initial dynamic password, obtains the first dynamic password of presetting digit capacity.
3. according to the method described in claim 2, it is characterized in that, the method further includes:Obtain the identity letter of the user Breath or the service type information of user selection;
The step of is carried out by the first cryptographic calculation, obtains information key for the facility information, including:
First cryptographic calculation is carried out to the facility information and the identity information, obtains information key;
Alternatively, carrying out the first cryptographic calculation to the facility information and the service type information, information key is obtained.
4. a kind of dynamic password authentication method, which is characterized in that the method is applied to equipment;The method includes:
Receive the first dynamic password input by user;First dynamic password is given birth to by client or server by following manner At:Receive the certification instruction that user sends out;It obtains the certification and instructs corresponding facility information;It is raw according to the facility information At the first dynamic password corresponding with current time;First dynamic password is fed back into the user;
According to the equipment facility information of itself, the second dynamic password corresponding with current time is generated;
If second dynamic password matches with first dynamic password received, determine dynamic password authentication at Work(.
5. according to the method described in claim 4, it is characterized in that, described according to the equipment facility information of itself, generation The step of the second dynamic password corresponding with current time, including:
The facility information is subjected to the first cryptographic calculation, obtains information key;
By preset Encryption Algorithm and the corresponding time parameter of current time, the second encryption is carried out to described information key and is transported It calculates, obtains initial dynamic password;The time parameter is the ratio of the current time and preset password effective time length;
Intercepting process is carried out to the initial dynamic password, obtains the second dynamic password of presetting digit capacity.
6. according to the method described in claim 5, it is characterized in that, there are many service types if pre-saved in the equipment Information;It is described that the facility information is subjected to the first cryptographic calculation for each service type information, obtain the step of information key Suddenly include:The facility information and the service type information are subjected to the first cryptographic calculation, obtain information key;
If pre-saving the identity information of multiple validated users in the equipment;It is described by institute for each identity information Stating the step of facility information carries out the first cryptographic calculation, obtains information key includes:The facility information and the identity are believed Breath carries out the first cryptographic calculation, obtains information key.
7. according to the method described in claim 4, it is characterized in that, if second dynamic password and receive described the One dynamic password matches, and determines the successful step of dynamic password authentication, including:
Judge second dynamic password and whether the difference of first dynamic password that receives is in default range;
If so, determining dynamic password authentication success.
8. described according to the method described in claim 4, it is characterized in that, after determining the successful step of dynamic password authentication Method further includes:Execute the task program to match with second dynamic password.
9. a kind of dynamic password authentication device, which is characterized in that described device is set to client or server;Described device packet It includes:
Command reception module, the certification instruction sent out for receiving user;
Data obtaining module instructs corresponding facility information for obtaining the certification;
First command generation module, for according to the facility information, generating the first dynamic password corresponding with current time;
Password feedback module, for first dynamic password to be fed back to the user, so that the user is by described first Dynamic password is input in the corresponding equipment of the facility information, is recognized first dynamic password by the equipment Card.
10. a kind of dynamic password authentication device, which is characterized in that described device is set to equipment;Described device includes:
Password receiving module, for receiving the first dynamic password input by user;First dynamic password is by client or clothes Business device is generated by following manner:Receive the certification instruction that user sends out;It obtains the certification and instructs corresponding facility information;Root According to the facility information, the first dynamic password corresponding with current time is generated;First dynamic password is fed back to described User;
Second command generation module, for according to the equipment facility information of itself, generating corresponding with current time second Dynamic password;
Authentication module determines dynamic if matched with first dynamic password received for second dynamic password The success of state password authentication.
CN201811083683.6A 2018-09-17 2018-09-17 Dynamic password authentication method and device Active CN108777615B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811083683.6A CN108777615B (en) 2018-09-17 2018-09-17 Dynamic password authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811083683.6A CN108777615B (en) 2018-09-17 2018-09-17 Dynamic password authentication method and device

Publications (2)

Publication Number Publication Date
CN108777615A true CN108777615A (en) 2018-11-09
CN108777615B CN108777615B (en) 2021-07-16

Family

ID=64029038

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811083683.6A Active CN108777615B (en) 2018-09-17 2018-09-17 Dynamic password authentication method and device

Country Status (1)

Country Link
CN (1) CN108777615B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109814808A (en) * 2018-12-29 2019-05-28 国网山东省电力公司博兴县供电公司 A kind of power monitoring data-link processing method and system
CN109977038A (en) * 2019-03-19 2019-07-05 湖南麒麟信安科技有限公司 A kind of access control method of encrypted U disk, system and medium
CN111371867A (en) * 2020-02-26 2020-07-03 杭州涂鸦信息技术有限公司 Control method and device of Internet of things equipment and electronic equipment
CN112134885A (en) * 2020-09-23 2020-12-25 国网江苏省电力有限公司泰州供电分公司 Method and system for encrypting access of internet terminal
CN113285948A (en) * 2021-05-21 2021-08-20 中国电信股份有限公司 Reverse dynamic password authentication method, device, medium and electronic equipment
CN116232634A (en) * 2022-12-05 2023-06-06 中央军委政治工作部军事人力资源保障中心 Cross-domain dynamic password identity security authentication system and method

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1977490A (en) * 2004-06-28 2007-06-06 株式会社东芝 Storage medium processing method, storage medium processing apparatus, and program
CN101197665A (en) * 2007-12-24 2008-06-11 北京飞天诚信科技有限公司 Dynamic password generation method and device thereof
CN101291228A (en) * 2008-06-18 2008-10-22 华为技术有限公司 Generating, authenticating method for super code, system and device thereof
CN101420302A (en) * 2008-12-01 2009-04-29 成都市华为赛门铁克科技有限公司 Safe identification method and device
CN102148685A (en) * 2010-02-04 2011-08-10 陈祖石 Method and system for dynamically authenticating password by multi-password seed self-defined by user
CN102843236A (en) * 2012-09-12 2012-12-26 飞天诚信科技股份有限公司 Generation and authentication method and system for dynamic password
CN103078739A (en) * 2012-12-27 2013-05-01 华为技术有限公司 Dynamic-password authenticating method, device and network system
CN103491090A (en) * 2013-09-23 2014-01-01 金蝶软件(中国)有限公司 Safety authentication method, device and system
CN103607281A (en) * 2013-11-12 2014-02-26 飞天诚信科技股份有限公司 Safety device unlocking method and system
CN107086622A (en) * 2017-05-08 2017-08-22 上海熊家信息科技有限公司 Barcode scanning charging equipment and barcode scanning charging method, system
US20170329944A1 (en) * 2016-05-11 2017-11-16 Ca, Inc. Two-way authentication in single password with agent
CN107689097A (en) * 2017-08-29 2018-02-13 重庆壹元电科技有限公司 Synchronizing Passwords generation and checking system and its application based on frequency hopping
CN107979472A (en) * 2017-12-01 2018-05-01 江苏乐希科技有限公司 A kind of coding lock system and authentication method

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1977490A (en) * 2004-06-28 2007-06-06 株式会社东芝 Storage medium processing method, storage medium processing apparatus, and program
CN101197665A (en) * 2007-12-24 2008-06-11 北京飞天诚信科技有限公司 Dynamic password generation method and device thereof
CN101291228A (en) * 2008-06-18 2008-10-22 华为技术有限公司 Generating, authenticating method for super code, system and device thereof
CN101420302A (en) * 2008-12-01 2009-04-29 成都市华为赛门铁克科技有限公司 Safe identification method and device
CN102148685A (en) * 2010-02-04 2011-08-10 陈祖石 Method and system for dynamically authenticating password by multi-password seed self-defined by user
CN102843236A (en) * 2012-09-12 2012-12-26 飞天诚信科技股份有限公司 Generation and authentication method and system for dynamic password
CN103078739A (en) * 2012-12-27 2013-05-01 华为技术有限公司 Dynamic-password authenticating method, device and network system
CN103491090A (en) * 2013-09-23 2014-01-01 金蝶软件(中国)有限公司 Safety authentication method, device and system
CN103607281A (en) * 2013-11-12 2014-02-26 飞天诚信科技股份有限公司 Safety device unlocking method and system
US20170329944A1 (en) * 2016-05-11 2017-11-16 Ca, Inc. Two-way authentication in single password with agent
CN107086622A (en) * 2017-05-08 2017-08-22 上海熊家信息科技有限公司 Barcode scanning charging equipment and barcode scanning charging method, system
CN107689097A (en) * 2017-08-29 2018-02-13 重庆壹元电科技有限公司 Synchronizing Passwords generation and checking system and its application based on frequency hopping
CN107979472A (en) * 2017-12-01 2018-05-01 江苏乐希科技有限公司 A kind of coding lock system and authentication method

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109814808A (en) * 2018-12-29 2019-05-28 国网山东省电力公司博兴县供电公司 A kind of power monitoring data-link processing method and system
CN109977038A (en) * 2019-03-19 2019-07-05 湖南麒麟信安科技有限公司 A kind of access control method of encrypted U disk, system and medium
CN109977038B (en) * 2019-03-19 2021-02-05 湖南麒麟信安科技股份有限公司 Access control method, system and medium for encrypted USB flash disk
CN111371867A (en) * 2020-02-26 2020-07-03 杭州涂鸦信息技术有限公司 Control method and device of Internet of things equipment and electronic equipment
CN112134885A (en) * 2020-09-23 2020-12-25 国网江苏省电力有限公司泰州供电分公司 Method and system for encrypting access of internet terminal
CN113285948A (en) * 2021-05-21 2021-08-20 中国电信股份有限公司 Reverse dynamic password authentication method, device, medium and electronic equipment
CN116232634A (en) * 2022-12-05 2023-06-06 中央军委政治工作部军事人力资源保障中心 Cross-domain dynamic password identity security authentication system and method
CN116232634B (en) * 2022-12-05 2024-04-16 中央军委政治工作部军事人力资源保障中心 Cross-domain dynamic password identity security authentication system and method

Also Published As

Publication number Publication date
CN108777615B (en) 2021-07-16

Similar Documents

Publication Publication Date Title
CN108777615A (en) Dynamic password authentication method and device
CN107302539B (en) Electronic identity registration and authentication login method and system
TWI578749B (en) Methods and apparatus for migrating keys
US10205711B2 (en) Multi-user strong authentication token
US9887989B2 (en) Protecting passwords and biometrics against back-end security breaches
Ibrokhimov et al. Multi-factor authentication in cyber physical system: A state of art survey
CN108965222B (en) Identity authentication method, system and computer readable storage medium
JP2017503253A (en) Authentication system and method using QR code
CN110311895B (en) Session permission verification method and system based on identity authentication and electronic equipment
KR102274285B1 (en) An OTP security management method by using dynamic shared secret distribution algorithm
WO2017117520A1 (en) A method, system and apparatus using forward-secure cryptography for passcode verification
KR101052294B1 (en) Apparatus and method for contents security
CN111726369A (en) Identity authentication method, system and server
CN113221128A (en) Account and password storage method and registration management system
CN106487758B (en) data security signature method, service terminal and private key backup server
TW201544983A (en) Data communication method and system, client terminal and server
CN111163164A (en) Cloud desktop secure transmission method and device based on Roc chip
CN109861954B (en) Authentication method, mobile terminal, PC (personal computer) terminal and auxiliary authentication server
AU2018100503A4 (en) Split data/split storage
JP7250960B2 (en) User authentication and signature device using user biometrics, and method thereof
US20210365531A1 (en) Method and electronic device for authenticating a user
CN108280330A (en) Data output method and system
TW201843613A (en) Personal identity authentication method and system using graphic lock capable of ensuring a high-security identity authentication
Johnson et al. With vaulted voice verification my voice is my key
Oduguwa et al. A Review of Password-less User Authentication Schemes

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: Dynamic password authentication method and device

Effective date of registration: 20221216

Granted publication date: 20210716

Pledgee: Bank of Jiangsu Limited by Share Ltd. Shanghai Changning branch

Pledgor: SHANGHAI BINGSOFT TECHNOLOGY Co.,Ltd.

Registration number: Y2022310000379