CN108777615B - Dynamic password authentication method and device - Google Patents

Dynamic password authentication method and device Download PDF

Info

Publication number
CN108777615B
CN108777615B CN201811083683.6A CN201811083683A CN108777615B CN 108777615 B CN108777615 B CN 108777615B CN 201811083683 A CN201811083683 A CN 201811083683A CN 108777615 B CN108777615 B CN 108777615B
Authority
CN
China
Prior art keywords
dynamic password
information
equipment
authentication
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811083683.6A
Other languages
Chinese (zh)
Other versions
CN108777615A (en
Inventor
汤晓冬
程谦谦
魏娜
汪勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Bingsoft Technology Co ltd
Original Assignee
Shanghai Bingsoft Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Bingsoft Technology Co ltd filed Critical Shanghai Bingsoft Technology Co ltd
Priority to CN201811083683.6A priority Critical patent/CN108777615B/en
Publication of CN108777615A publication Critical patent/CN108777615A/en
Application granted granted Critical
Publication of CN108777615B publication Critical patent/CN108777615B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Abstract

The invention provides a dynamic password authentication method and a device; wherein, the method comprises the following steps: receiving an authentication instruction sent by a user; acquiring equipment information corresponding to the authentication instruction; generating a first dynamic password corresponding to the current time according to the equipment information; and feeding back the first dynamic password to the user so that the user inputs the first dynamic password to the equipment corresponding to the equipment information and authenticates the first dynamic password through the equipment. The invention can reduce the excessive dependence on network communication, so that the operation of equipment control or authentication is more convenient and safer.

Description

Dynamic password authentication method and device
Technical Field
The invention relates to the technical field of Internet of things, in particular to a dynamic password authentication method and device.
Background
With the continuous development of internet of things equipment, online mobile phone unlocking, mobile phone control equipment, equipment identity identification and the like are applied more and more frequently; as shown in fig. 1, most of the existing common methods are that a user triggers an operation through a user end (which may also be referred to as a client end), for example, a specific triggering method may be to scan a two-dimensional code of a device; the method comprises the following steps that a user side sends an execution triggering instruction to a server (specifically, a cloud server), and the server processes the instruction, such as authentication of user identity information, searching of a corresponding device identifier according to identification and the like; and after the processing is finished, the server side sends an instruction to the equipment corresponding to the equipment identifier so as to control the equipment to execute corresponding operation. However, in this way, when the device is offline (for example, disconnected or in an area without network coverage), the device cannot receive the execution request of the server. And if the server is offline or down, the device cannot execute the corresponding request.
In order to solve the problem that the conventional device control method or authentication method relies too much on network communication and control or authentication of the device is difficult to realize if the device is offline, an effective solution has not been proposed.
Disclosure of Invention
In view of the above, the present invention provides a dynamic password authentication method and apparatus to reduce excessive dependency on network communication, so that the operation of device control or authentication is more convenient and safer.
In a first aspect, an embodiment of the present invention provides a dynamic password authentication method, which is applied to a client or a server; the method comprises the following steps: receiving an authentication instruction sent by a user; acquiring equipment information corresponding to the authentication instruction; generating a first dynamic password corresponding to the current time according to the equipment information; and feeding back the first dynamic password to the user so that the user inputs the first dynamic password to the equipment corresponding to the equipment information and authenticates the first dynamic password through the equipment.
In a preferred embodiment of the present invention, the step of generating the first dynamic password corresponding to the current time according to the device information includes: performing first encryption operation on the equipment information to obtain an information key; performing second encryption operation on the information key through a preset encryption algorithm and a time parameter corresponding to the current time to obtain an initial dynamic password; the time parameter is the ratio of the current time to the preset effective time length of the password; and intercepting the initial dynamic password to obtain a first dynamic password with preset digits.
In a preferred embodiment of the present invention, the method further includes: acquiring identity information of a user or service type information selected by the user; the step of performing a first encryption operation on the device information to obtain an information key includes: performing first encryption operation on the equipment information and the identity information to obtain an information key; or, performing a first encryption operation on the device information and the service type information to obtain an information key.
In a second aspect, an embodiment of the present invention provides a dynamic password authentication method, where the method is applied to a device; the method comprises the following steps: receiving a first dynamic password input by a user; the first dynamic password is generated by the client or the server by: receiving an authentication instruction sent by a user; acquiring equipment information corresponding to the authentication instruction; generating a first dynamic password corresponding to the current time according to the equipment information; feeding back the first dynamic password to the user; generating a second dynamic password corresponding to the current time according to the equipment information of the equipment; and if the second dynamic password is matched with the received first dynamic password, determining that the dynamic password authentication is successful.
In a preferred embodiment of the present invention, the step of generating the second dynamic password corresponding to the current time according to the device information of the device itself includes: performing first encryption operation on the equipment information to obtain an information key; performing second encryption operation on the information key through a preset encryption algorithm and a time parameter corresponding to the current time to obtain an initial dynamic password; the time parameter is the ratio of the current time to the preset effective time length of the password; and intercepting the initial dynamic password to obtain a second dynamic password with preset digits.
In a preferred embodiment of the present invention, if the device stores a plurality of service type information in advance; for each service type information, the step of carrying out first encryption operation on the equipment information to obtain an information key comprises the following steps: performing first encryption operation on the equipment information and the service type information to obtain an information key; if the equipment stores the identity information of a plurality of legal users in advance; for each identity information, performing a first encryption operation on the equipment information to obtain an information key, wherein the step of obtaining the information key comprises the following steps: and carrying out first encryption operation on the equipment information and the identity information to obtain an information key.
In a preferred embodiment of the present invention, the step of determining that the dynamic password authentication is successful if the second dynamic password matches the received first dynamic password comprises: judging whether the difference value between the second dynamic password and the received first dynamic password is within a preset range; if so, it is determined that the dynamic password authentication is successful.
In a preferred embodiment of the present invention, after the step of determining that the dynamic password authentication is successful, the method further includes: and executing the task program matched with the second dynamic password.
In a third aspect, an embodiment of the present invention provides a dynamic password authentication apparatus, where the apparatus is disposed in a client or a server; the device comprises: the instruction receiving module is used for receiving an authentication instruction sent by a user; the information acquisition module is used for acquiring the equipment information corresponding to the authentication instruction; the first password generating module is used for generating a first dynamic password corresponding to the current time according to the equipment information; and the password feedback module is used for feeding the first dynamic password back to the user so that the user inputs the first dynamic password to the equipment corresponding to the equipment information and authenticates the first dynamic password through the equipment.
In a fourth aspect, an embodiment of the present invention provides a dynamic password authentication apparatus, where the apparatus is disposed in a device; the device comprises: the password receiving module is used for receiving a first dynamic password input by a user; the first dynamic password is generated by the client or the server by: receiving an authentication instruction sent by a user; acquiring equipment information corresponding to the authentication instruction; generating a first dynamic password corresponding to the current time according to the equipment information; feeding back the first dynamic password to the user; the second password generation module is used for generating a second dynamic password corresponding to the current time according to the equipment information of the equipment; and the authentication module is used for determining that the dynamic password authentication is successful if the second dynamic password is matched with the received first dynamic password.
The embodiment of the invention has the following beneficial effects:
according to the dynamic password authentication method and device provided by the embodiment of the invention, after an authentication instruction sent by a user is received, equipment information corresponding to the authentication instruction is obtained; generating a first dynamic password corresponding to the current time according to the equipment information; and finally, feeding back the first dynamic password to the user so that the user inputs the first dynamic password to the equipment corresponding to the equipment information and authenticates the first dynamic password through the equipment. The method can realize the control of the off-line equipment or the authentication of the off-line equipment to the access authority of the user through a dynamic password mode, reduces the excessive dependence on network communication, and ensures that the operation of the equipment control or authentication is more convenient and safer.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention as set forth above.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic diagram of a prior art control scheme of an apparatus;
FIG. 2 is a flowchart of a dynamic password authentication method according to an embodiment of the present invention;
FIG. 3 is a flowchart of another dynamic password authentication method according to an embodiment of the present invention;
FIG. 4 is a flowchart of another dynamic password authentication method according to an embodiment of the present invention;
FIG. 5 is a flowchart of another dynamic password authentication method according to an embodiment of the present invention;
FIG. 6 is a flowchart of another dynamic password authentication method according to an embodiment of the present invention;
FIG. 7 is a flowchart of another dynamic password authentication method according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a dynamic password authentication apparatus according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of another dynamic password authentication apparatus according to an embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In consideration of the problem that the existing equipment control mode or authentication mode depends too much on network communication and if the equipment is offline, the control or authentication of the equipment is difficult to realize, the embodiment of the invention provides a dynamic password authentication method and a dynamic password authentication device; the technology can be applied to the control of the off-line equipment or the authentication process of the off-line equipment; for the convenience of understanding the embodiment, a detailed description will be first given of a dynamic password authentication method disclosed in the embodiment of the present invention.
The embodiment of the invention provides a dynamic password authentication method, which is applied to a client or a server; in practical implementation, the method may be executed by a client or a server; the client can be a mobile terminal such as a mobile phone and a tablet personal computer; the server may specifically be a cloud server.
As shown in fig. 2, the method comprises the steps of:
step S202, receiving an authentication instruction sent by a user;
if the method is applied to the client, the authentication instruction can be obtained by clicking a corresponding button or scanning and filling corresponding information on the client by a user; for example, the user may scan a two-dimensional code on the device through the client, acquire the device information, and then send the authentication instruction. If the method is applied to the cloud server, the user can send the authentication instruction through a mobile terminal such as a mobile phone. At this time, the authentication instruction usually carries the identity information of the user, such as account information, a mobile phone number, and the like.
Step S204, acquiring equipment information corresponding to the authentication instruction;
the device information typically contains a device identification for uniquely identifying the device identity; the device information may be extracted from the authentication command or from a device identification library. For example, after a user scans a two-dimensional code of the device through a client, the device identifier of the device can be acquired from the two-dimensional code, the client carries the device identifier to the authentication instruction and then sends the authentication instruction to the cloud server, and at this time, device information can be acquired from the authentication instruction. For another example, before the user issues the authentication instruction again, the device identifier is selected from the device representation library in the client, and at this time, the device information may be obtained according to the selection of the user.
Step S206, generating a first dynamic password corresponding to the current time according to the equipment information;
specifically, a dynamic password generation algorithm may be preset, and the device information and the current time are input to the dynamic password generation algorithm as input parameters to obtain a first dynamic password; the current time may be a time when the authentication instruction is received, and the current time may be specifically represented in a form of a timestamp. The generation algorithm of the dynamic password can be specifically an encryption algorithm or other data transformation algorithms; the input parameters of the generating algorithm may include, in addition to the device information and the current time, service type information selected by the user, identity information of the user, a validity period of the dynamic password, the number of digits of the dynamic password, and the like. The first dynamic password may be specifically a character string of a specified number, and the character string may be a number, a symbol, an alphabet, a chinese character, or the like, or may include multiple types thereof at the same time.
And step S208, feeding the first dynamic password back to the user so that the user inputs the first dynamic password to the equipment corresponding to the equipment information and authenticates the first dynamic password through the equipment.
The user can input the first dynamic password into the equipment from an interactive interface on the equipment; the interactive interface can be a keyboard, a touch screen, a scanner or an image recognizer and the like; after receiving the high first dynamic password, the device can generate a second dynamic password according to the device identification of the device and the current time, and authenticate the first dynamic password according to the second dynamic password. Specifically, if the received first dynamic password matches the second dynamic password (e.g., the same or a difference between the two is within a preset range), it indicates that the first dynamic password input by the user is for the device, and at this time, the device may confirm that the user has the right to access, control or operate the device, and thus the device performs the corresponding action; e.g., unlocking the lock, initiating the device to provide the associated service, etc.
In the dynamic password authentication method provided by the embodiment of the invention, after an authentication instruction sent by a user is received, equipment information corresponding to the authentication instruction is obtained; generating a first dynamic password corresponding to the current time according to the equipment information; and finally, feeding back the first dynamic password to the user so that the user inputs the first dynamic password to the equipment corresponding to the equipment information and authenticates the first dynamic password through the equipment. The method can realize the control of the off-line equipment or the authentication of the off-line equipment to the access authority of the user through a dynamic password mode, reduces the excessive dependence on network communication, and ensures that the operation of the equipment control or authentication is more convenient and safer.
The embodiment of the invention also provides another dynamic password authentication method, which is applied to a client or a server; the method is implemented on the basis of the method shown in the above embodiment, and as shown in fig. 3, the method includes the following steps:
step S302, receiving an authentication instruction sent by a user;
step S304, acquiring equipment information corresponding to the authentication instruction; acquiring identity information of a user or service type information selected by the user;
in actual implementation, besides acquiring device information, identity information of a user or service type information selected by the user is acquired according to different types of devices; specifically, for devices providing services, such as a shared bicycle, a shared massage chair, and the like, it is necessary to acquire service type information selected by a user; since the service type information may be information such as a massage time and a massage portion for a massage chair, the service type information may be referred to as package information. For devices with confidential properties, such as an intranet monitoring camera device and the like, it is required to authenticate whether a current user has access or operation authority, and at this time, identity information of the user, such as an identity card number, a mobile phone number or human face features, needs to be acquired.
Step S306, carrying out first encryption operation on the equipment information and the identity information to obtain an information key; or, performing a first encryption operation on the device information and the service type information to obtain an information key. In addition, only the first encryption operation can be carried out on the equipment information to obtain an information key; the first encryption operation may be a hash operation, a multiple hash operation, or other cryptographic algorithm.
Step S308, performing second encryption operation on the information key through a preset encryption algorithm and a time parameter corresponding to the current time to obtain an initial dynamic password; the time parameter is the ratio of the current time to the preset effective time length of the password;
the preset encryption algorithm may be a Hash-based Message Authentication Code (HMAC) -SHA1 encryption algorithm, but may also be implemented by other encryption algorithms; the time parameter may also be referred to as a value C in a time interval, where the time interval is the valid time length of the password, and the time interval may be set according to a time requirement, for example, several seconds, several minutes, and the like; the current time may specifically include the current year, month, day, hour, minute, second, or may include only a part thereof. The current time may be represented by a current timestamp; therefore, the value of C in the time interval is equal to the current timestamp/time interval.
Since the time is always changed and the current timestamp is also changed, the initial dynamic password is usually different with the change of the time, and therefore the randomness of the initial dynamic password is higher, and the security of the dynamic password can be improved.
And step S310, intercepting the initial dynamic password to obtain a first dynamic password with preset digits.
The initial dynamic password obtained by the second encryption operation may have a long number of bits, and for the convenience of user input, the number of bits of the dynamic password may be preset, and the character with the preset number of bits is intercepted from the initial dynamic password to obtain the first dynamic password. Specifically, the first dynamic password may be formed by intercepting a character with a preset digit from a specified position at the head, tail or middle of the initial dynamic password, or by randomly extracting a character with a preset digit from the initial dynamic password.
Step S312, feeding back the first dynamic password to the user, so that the user inputs the first dynamic password to the device corresponding to the device information, and authenticating the first dynamic password through the device.
According to the dynamic password authentication method, the control of the off-line equipment or the authentication of the access authority of the off-line equipment to the user can be realized in a dynamic password mode, the excessive dependence on network communication is reduced, and the control or authentication operation of the equipment is more convenient and safer.
The embodiment of the invention also provides another dynamic password authentication method, which is applied to equipment, wherein the equipment can be equipment for providing services for shared bicycles, shared massage chairs and the like, and also can be equipment with confidentiality property such as intranet monitoring camera equipment and the like; as shown in fig. 4, the method includes the steps of:
step S402, receiving a first dynamic password input by a user; the first dynamic password is generated by the client or the server by: receiving an authentication instruction sent by a user; acquiring equipment information corresponding to the authentication instruction; generating a first dynamic password corresponding to the current time according to the equipment information; feeding back the first dynamic password to the user;
step S404, generating a second dynamic password corresponding to the current time according to the equipment information of the equipment;
specifically, a dynamic password generation algorithm may be preset, and the device information and the current time are input to the dynamic password generation algorithm as input parameters to obtain a second dynamic password; the generation algorithm is typically matched to the generation algorithm used by the client or server to generate the first dynamic password to make the second dynamic password comparable to the first dynamic password.
The current time may be a time when the authentication instruction is received, and the current time may be specifically represented in the form of a timestamp. The generation algorithm of the dynamic password can be specifically an encryption algorithm or other data transformation algorithms; the input parameters of the generating algorithm may include, in addition to the device information and the current time, service type information selected by the user, identity information of the user, a validity period of the dynamic password, the number of digits of the dynamic password, and the like. The first dynamic password may be specifically a character string of a specified number, and the character string may be a number, a symbol, an alphabet, a chinese character, or the like, or may include multiple types thereof at the same time.
Step S406, if the second dynamic password is matched with the received first dynamic password, the dynamic password authentication is determined to be successful.
Considering that a certain time difference exists between the current time of the first dynamic password and the current time of the second dynamic password, the second dynamic password and the first dynamic password may or may not be identical; if the difference value of the two is within the preset range, the dynamic password authentication can be determined to be successful.
According to the dynamic password authentication method provided by the embodiment of the invention, after receiving a first dynamic password input by a user, equipment generates a second dynamic password corresponding to the current time according to the equipment information of the equipment; if the second dynamic password matches the received first dynamic password, it is determined that the dynamic password authentication is successful. The method can realize the control of the off-line equipment or the authentication of the off-line equipment to the access authority of the user through a dynamic password mode, reduces the excessive dependence on network communication, and ensures that the operation of the equipment control or authentication is more convenient and safer.
The embodiment of the invention also provides another dynamic password authentication method, which is applied to equipment; the method is implemented on the basis of the method shown in the above embodiment, and as shown in fig. 5, the method includes the following steps:
step S502, receiving a first dynamic password input by a user; the first dynamic password is generated by the client or the server by the following way: receiving an authentication instruction sent by a user; acquiring equipment information corresponding to the authentication instruction; generating a first dynamic password corresponding to the current time according to the equipment information; feeding back the first dynamic password to the user;
step S504, if the device stores multiple service type information in advance; and for each service type information, performing first encryption operation on the equipment information and the service type information to obtain an information key. If the equipment stores the identity information of a plurality of legal users in advance; and carrying out first encryption operation on the equipment information and the identity information to obtain an information key. In addition, only the first encryption operation can be carried out on the equipment information to obtain an information key; the first encryption operation may be a hash operation, a multiple hash operation, or other cryptographic algorithm.
Step S506, performing second encryption operation on the information key through a preset encryption algorithm and a time parameter corresponding to the current time to obtain an initial dynamic password; the time parameter is the ratio of the current time to the preset effective time length of the password;
the preset encryption algorithm may be a Hash-based Message Authentication Code (HMAC) -SHA1 encryption algorithm, but may also be implemented by other encryption algorithms; typically, the encryption algorithm used by the device to perform the second encryption operation on the information key matches the encryption algorithm used by the client or server to perform the second encryption operation on the information key.
The time parameter may also be referred to as a value C in a time interval, where the time interval is the valid time length of the password, and the time interval may be set according to a time requirement, for example, several seconds, several minutes, and the like; the current time may specifically include the current year, month, day, hour, minute, second, or may include only a part thereof. The current time may be represented by a current timestamp; therefore, the value of C in the time interval is equal to the current timestamp/time interval.
Since the time is always changed and the current timestamp is also changed, the initial dynamic password is usually different with the change of the time, and therefore the randomness of the initial dynamic password is higher, and the security of the dynamic password can be improved.
And step S508, intercepting the initial dynamic password to obtain a second dynamic password with preset digits.
The initial dynamic password obtained by the second encryption operation may have a long number of bits, and for the convenience of user input, the number of bits of the dynamic password may be preset, and the characters of the preset number of bits are intercepted from the initial dynamic password to obtain the second dynamic password. Specifically, the characters with preset digits may be intercepted from the head, tail or middle designated position of the initial dynamic password, or the characters with preset digits may be randomly extracted from the initial dynamic password to form the second dynamic password.
Step S510, judging whether the difference value between the second dynamic password and the received first dynamic password is within a preset range; if yes, go to step S512; if not, go to step S514;
and step S512, determining that the dynamic password authentication is successful, and executing the task program matched with the second dynamic password.
Step S514, determining that the dynamic password authentication fails.
The embodiment of the invention also provides another dynamic password authentication method, which is applied to equipment; the method is implemented on the basis of the method shown in the embodiment, a specific description is given by taking the example that a plurality of service type information is pre-stored in the device; as shown in fig. 6, the method includes the steps of:
step S602, receiving a first dynamic password input by a user;
step S604, setting the initial value of i to 1;
step S606, obtaining the ith service type information from the information of a plurality of service types stored in advance;
step S608, determine whether i is less than or equal to N, N is the total number of the service type information types; if yes, executing step S610, if no, ending;
step S610, carrying out first encryption operation on the equipment information and the service type information to obtain an information key;
step S612, performing second encryption operation on the information key through a preset encryption algorithm and a time parameter corresponding to the current time to obtain an initial dynamic password; the time parameter is the ratio of the current time to the preset effective time length of the password;
and step S614, intercepting the initial dynamic password to obtain a second dynamic password with preset digits.
Step S616, determining whether the difference between the second dynamic password and the received first dynamic password is within a preset range; if yes, go to step S618; if not, i is i +1, continuing to execute step S606;
step S618 determines that the dynamic password authentication is successful, and executes the task program matched with the second dynamic password.
The above mode can realize the control of the off-line equipment or the authentication of the off-line equipment to the access authority of the user through a dynamic password mode, reduces the excessive dependence on network communication, and ensures that the operation of the equipment control or authentication is more convenient and safer.
The embodiment of the invention also provides another dynamic password authentication method, which is realized by the interaction of a user, a client or a server and an off-line device; as shown in fig. 7, the method includes the steps of:
step S702, the user sends an authentication instruction to the client or the service fee; the authentication instruction can be used for user authority authentication, unlocking, equipment operation control and the like.
Step S704, the client or the server generates a first dynamic password;
step S706, the client or the server displays the first dynamic password to the user;
step S708, inputting a first dynamic password to the equipment by a user;
step S710, the device generates a second dynamic password, and verifies the first dynamic password according to the second dynamic password;
in step S712, after the verification is passed, the device starts to execute the corresponding action.
The dynamic password authentication method provided by the embodiment is suitable for the security authentication of general off-line equipment; the off-line authentication not only can carry out user identity card, but also can bring corresponding information authentication, such as package information, authority information and the like; the method does not need the support of more user end (client) third-party hardware, such as Bluetooth/Near Field Communication (NFC) equipment and the like.
Corresponding to the above method embodiment, refer to a schematic structural diagram of a dynamic password authentication device shown in fig. 8, where the device is installed in a client or a server; the device includes:
an instruction receiving module 80, configured to receive an authentication instruction sent by a user;
an information obtaining module 81, configured to obtain device information corresponding to the authentication instruction;
a first password generating module 82, configured to generate a first dynamic password corresponding to the current time according to the device information;
and the password feedback module 83 is configured to feed back the first dynamic password to the user, so that the user inputs the first dynamic password to the device corresponding to the device information, and authenticates the first dynamic password through the device.
Referring to fig. 9, a schematic structural diagram of another dynamic password authentication apparatus is shown, which is provided in a device; the device includes:
a password receiving module 90, configured to receive a first dynamic password input by a user; the first dynamic password is generated by the client or the server by: receiving an authentication instruction sent by a user; acquiring equipment information corresponding to the authentication instruction; generating a first dynamic password corresponding to the current time according to the equipment information; feeding back the first dynamic password to the user;
a second password generating module 91, configured to generate a second dynamic password corresponding to the current time according to the device information of the device itself;
and an authentication module 92 configured to determine that the dynamic password authentication is successful if the second dynamic password matches the received first dynamic password.
The dynamic password authentication device provided by the embodiment of the invention has the same technical characteristics as the dynamic password authentication method provided by the embodiment, so the same technical problems can be solved, and the same technical effects can be achieved.
The computer program product of the dynamic password authentication method and apparatus provided in the embodiments of the present invention includes a computer readable storage medium storing a program code, where instructions included in the program code may be used to execute the method described in the foregoing method embodiments, and specific implementation may refer to the method embodiments, and will not be described herein again.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (6)

1. A dynamic password authentication method is characterized in that the method is applied to a client or a server; the method comprises the following steps:
receiving an authentication instruction sent by a user;
acquiring equipment information corresponding to the authentication instruction, and acquiring identity information of the user or service type information selected by the user;
generating a first dynamic password corresponding to the current time according to the equipment information;
feeding back the first dynamic password to the user, so that the user inputs the first dynamic password to the equipment corresponding to the equipment information, and authenticating the first dynamic password through the equipment;
wherein the step of generating a first dynamic password corresponding to the current time according to the device information comprises:
performing first encryption operation on the equipment information to obtain an information key;
performing second encryption operation on the information key through a preset encryption algorithm and a time parameter corresponding to the current time to obtain an initial dynamic password; the time parameter is the ratio of the current time to a preset password valid time length;
intercepting the initial dynamic password to obtain a first dynamic password with a preset digit;
the step of performing a first encryption operation on the device information to obtain an information key includes:
and carrying out first encryption operation on the equipment information and the service type information to obtain an information key.
2. A dynamic password authentication method is applied to equipment; the method comprises the following steps:
receiving a first dynamic password input by a user; the first dynamic password is generated by a client or a server through the following modes: receiving an authentication instruction sent by a user; acquiring equipment information corresponding to the authentication instruction; generating a first dynamic password corresponding to the current time according to the equipment information; feeding back the first dynamic password to the user;
generating a second dynamic password corresponding to the current time according to the equipment information of the equipment;
if the second dynamic password is matched with the received first dynamic password, determining that the dynamic password authentication is successful;
wherein the step of determining that dynamic password authentication is successful if the second dynamic password matches the received first dynamic password comprises:
judging whether the difference value between the second dynamic password and the received first dynamic password is within a preset range;
if so, determining that the dynamic password authentication is successful;
the step of generating a second dynamic password corresponding to the current time according to the device information of the device itself includes:
performing first encryption operation on the equipment information and the service type information to obtain an information key;
performing second encryption operation on the information key through a preset encryption algorithm and a time parameter corresponding to the current time to obtain an initial dynamic password; the time parameter is the ratio of the current time to a preset password valid time length;
and intercepting the initial dynamic password to obtain a second dynamic password with preset digits.
3. The method according to claim 2, wherein if a plurality of service type information is previously stored in the device; and for each service type information, performing first encryption operation on the equipment information and the service type information to obtain an information key.
4. The method of claim 2, wherein after the step of determining that the dynamic password authentication is successful, the method further comprises: and executing the task program matched with the second dynamic password.
5. A dynamic password authentication device is characterized in that the device is arranged at a client or a server; the device comprises:
the instruction receiving module is used for receiving an authentication instruction sent by a user;
the information acquisition module is used for acquiring the equipment information corresponding to the authentication instruction and acquiring the identity information of the user or the service type information selected by the user;
the first password generating module is used for generating a first dynamic password corresponding to the current time according to the equipment information;
the password feedback module is used for feeding the first dynamic password back to the user so that the user inputs the first dynamic password to the equipment corresponding to the equipment information and authenticates the first dynamic password through the equipment;
wherein the step of generating a first dynamic password corresponding to the current time according to the device information comprises:
performing first encryption operation on the equipment information to obtain an information key;
performing second encryption operation on the information key through a preset encryption algorithm and a time parameter corresponding to the current time to obtain an initial dynamic password; the time parameter is the ratio of the current time to a preset password valid time length;
intercepting the initial dynamic password to obtain a first dynamic password with a preset digit;
the step of performing a first encryption operation on the device information to obtain an information key includes:
and carrying out first encryption operation on the equipment information and the service type information to obtain an information key.
6. A dynamic password authentication device is characterized in that the device is arranged on equipment; the device comprises:
the password receiving module is used for receiving a first dynamic password input by a user; the first dynamic password is generated by a client or a server through the following modes: receiving an authentication instruction sent by a user; acquiring equipment information corresponding to the authentication instruction; generating a first dynamic password corresponding to the current time according to the equipment information; feeding back the first dynamic password to the user;
the second password generation module is used for generating a second dynamic password corresponding to the current time according to the equipment information of the equipment;
the authentication module is used for determining that the dynamic password authentication is successful if the second dynamic password is matched with the received first dynamic password;
wherein the step of determining that dynamic password authentication is successful if the second dynamic password matches the received first dynamic password comprises:
judging whether the difference value between the second dynamic password and the received first dynamic password is within a preset range;
if so, determining that the dynamic password authentication is successful;
the step of generating a second dynamic password corresponding to the current time according to the device information of the device itself includes:
performing first encryption operation on the equipment information and the service type information to obtain an information key;
performing second encryption operation on the information key through a preset encryption algorithm and a time parameter corresponding to the current time to obtain an initial dynamic password; the time parameter is the ratio of the current time to a preset password valid time length;
and intercepting the initial dynamic password to obtain a second dynamic password with preset digits.
CN201811083683.6A 2018-09-17 2018-09-17 Dynamic password authentication method and device Active CN108777615B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811083683.6A CN108777615B (en) 2018-09-17 2018-09-17 Dynamic password authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811083683.6A CN108777615B (en) 2018-09-17 2018-09-17 Dynamic password authentication method and device

Publications (2)

Publication Number Publication Date
CN108777615A CN108777615A (en) 2018-11-09
CN108777615B true CN108777615B (en) 2021-07-16

Family

ID=64029038

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811083683.6A Active CN108777615B (en) 2018-09-17 2018-09-17 Dynamic password authentication method and device

Country Status (1)

Country Link
CN (1) CN108777615B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109814808A (en) * 2018-12-29 2019-05-28 国网山东省电力公司博兴县供电公司 A kind of power monitoring data-link processing method and system
CN109977038B (en) * 2019-03-19 2021-02-05 湖南麒麟信安科技股份有限公司 Access control method, system and medium for encrypted USB flash disk
CN111371867A (en) * 2020-02-26 2020-07-03 杭州涂鸦信息技术有限公司 Control method and device of Internet of things equipment and electronic equipment
CN112134885A (en) * 2020-09-23 2020-12-25 国网江苏省电力有限公司泰州供电分公司 Method and system for encrypting access of internet terminal
CN113285948A (en) * 2021-05-21 2021-08-20 中国电信股份有限公司 Reverse dynamic password authentication method, device, medium and electronic equipment
CN116232634B (en) * 2022-12-05 2024-04-16 中央军委政治工作部军事人力资源保障中心 Cross-domain dynamic password identity security authentication system and method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420302A (en) * 2008-12-01 2009-04-29 成都市华为赛门铁克科技有限公司 Safe identification method and device
CN102148685A (en) * 2010-02-04 2011-08-10 陈祖石 Method and system for dynamically authenticating password by multi-password seed self-defined by user
CN103078739A (en) * 2012-12-27 2013-05-01 华为技术有限公司 Dynamic-password authenticating method, device and network system
CN103607281A (en) * 2013-11-12 2014-02-26 飞天诚信科技股份有限公司 Safety device unlocking method and system
CN107689097A (en) * 2017-08-29 2018-02-13 重庆壹元电科技有限公司 Synchronizing Passwords generation and checking system and its application based on frequency hopping

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006014035A (en) * 2004-06-28 2006-01-12 Toshiba Corp Storage medium processing method, storage medium processor and program
CN101197665B (en) * 2007-12-24 2011-11-09 北京飞天诚信科技有限公司 Dynamic password generation method and device thereof
CN101291228B (en) * 2008-06-18 2011-05-18 成都市华为赛门铁克科技有限公司 Generating, authenticating method for super code, system and device thereof
CN102843236B (en) * 2012-09-12 2014-12-10 飞天诚信科技股份有限公司 Generation and authentication method and system for dynamic password
CN103491090A (en) * 2013-09-23 2014-01-01 金蝶软件(中国)有限公司 Safety authentication method, device and system
US10078741B2 (en) * 2016-05-11 2018-09-18 Ca, Inc. Two-way authentication in single password with agent
CN107086622A (en) * 2017-05-08 2017-08-22 上海熊家信息科技有限公司 Barcode scanning charging equipment and barcode scanning charging method, system
CN107979472A (en) * 2017-12-01 2018-05-01 江苏乐希科技有限公司 A kind of coding lock system and authentication method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420302A (en) * 2008-12-01 2009-04-29 成都市华为赛门铁克科技有限公司 Safe identification method and device
CN102148685A (en) * 2010-02-04 2011-08-10 陈祖石 Method and system for dynamically authenticating password by multi-password seed self-defined by user
CN103078739A (en) * 2012-12-27 2013-05-01 华为技术有限公司 Dynamic-password authenticating method, device and network system
CN103607281A (en) * 2013-11-12 2014-02-26 飞天诚信科技股份有限公司 Safety device unlocking method and system
CN107689097A (en) * 2017-08-29 2018-02-13 重庆壹元电科技有限公司 Synchronizing Passwords generation and checking system and its application based on frequency hopping

Also Published As

Publication number Publication date
CN108777615A (en) 2018-11-09

Similar Documents

Publication Publication Date Title
CN108777615B (en) Dynamic password authentication method and device
CN107302539B (en) Electronic identity registration and authentication login method and system
EP3343831B1 (en) Identity authentication method and apparatus
US10848304B2 (en) Public-private key pair protected password manager
WO2019152892A1 (en) Technologies for private key recovery in distributed ledger systems
Ibrokhimov et al. Multi-factor authentication in cyber physical system: A state of art survey
US11468157B2 (en) Method for authenticating a user by user identifier and associated graphical password
CN108965222B (en) Identity authentication method, system and computer readable storage medium
EP2150915B1 (en) Secure login protocol
KR101451639B1 (en) Identification and theft prevention system using one times random key, and method thereof
CN108369614B (en) User authentication method and system for implementing the same
US20210234858A1 (en) Authentication system, authentication method and authentication apparatus
CN106779705B (en) Dynamic payment method and system
CN113836506A (en) Identity authentication method, device, system, electronic equipment and storage medium
CN111726369A (en) Identity authentication method, system and server
TW201544983A (en) Data communication method and system, client terminal and server
CN116543486B (en) Offline control method of coded lock and coded lock system
KR102242720B1 (en) An OTP configuration method of setting time seed with unique cycle by using active time offset window per each client
US11483166B2 (en) Methods and devices for enrolling and authenticating a user with a service
KR101451638B1 (en) Identification and theft prevention system, and method thereof
TWI621029B (en) Personal identity authentication method and system using graphic lock
CN109862008B (en) Key recovery method and device, electronic equipment and storage medium
CN113792272A (en) Method and device for managing and controlling password library, storage medium and electronic equipment
EP3757920A1 (en) Cryptocurrency key management
KR20080079761A (en) Fingerprint-information based user authentication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: Dynamic password authentication method and device

Effective date of registration: 20221216

Granted publication date: 20210716

Pledgee: Bank of Jiangsu Limited by Share Ltd. Shanghai Changning branch

Pledgor: SHANGHAI BINGSOFT TECHNOLOGY Co.,Ltd.

Registration number: Y2022310000379