CN108848070A - A kind of identity identifying method and system - Google Patents
A kind of identity identifying method and system Download PDFInfo
- Publication number
- CN108848070A CN108848070A CN201810541146.5A CN201810541146A CN108848070A CN 108848070 A CN108848070 A CN 108848070A CN 201810541146 A CN201810541146 A CN 201810541146A CN 108848070 A CN108848070 A CN 108848070A
- Authority
- CN
- China
- Prior art keywords
- information
- random number
- server
- client
- processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Abstract
A kind of identity identifying method and system, including:Client generates the first random number;Determine whether server is legal according to the first random number of generation.When the embodiment of the present invention is to authentication, whether server is legal to be determined, improves the safety of database password certification and user data.
Description
Technical field
Present document relates to but be not limited to secure authentication technology, espespecially a kind of identity identifying method and system.
Background technique
The first line of defence of the authentication as database security is the portal of Database Systems.Database authentication
It is to determine whether that client carries out the process of database connection with the user name that it is required, is authentication techniques and database skill
Art is combined closely.Password authentication is a kind of universal authentication techniques, and most vulnerable to a kind of security mechanism of threat.Due to
Secure password space is usually smaller, therefore more random code key is more easily under attack;Especially for offline password, using password
The exhaustive search attack of guessing attack etc is easy to crack security perimeter.User when one-time password refers to each login system
Although using is the same password, password is continually changing in transmission.Currently, one-time password is mainly using by taking
The random number SALT that the server at business device end generates (in cryptoguard technology, for the random data string of change password hash)
Plaintext transmission on network is subject to offline guessing attack, and can only realize unilateral authentication.
(K-DB database is using skills such as multi-process multithreading, Multi version concurrency control, Storage Virtualizations for K-DB database
Art.K-DB database is able to achieve heterogeneous platform automation migration.) password authentication be one-time password a kind of embodiment,
It is divided into plaintext password transmission and encrypted ones transmission;Encryption method is divided into Message Digest Algorithm 5 (MD5) and Crypt
(Crypt function is one of C language function, returns to encrypted character string).Currently, there are passwords for the certification of K-DB database password
It is easy to steal and cannot take precautions against the defect of server-spoofing attacks by illegal user.Fig. 1 is that the relevant technologies carry out authentication
Information transmit schematic diagram, as shown in Figure 1, including:
Step 101, client receive the User Identity (ID) and password (PASSWD) of user's input, will receive
User ID be sent to the server of server end;
After step 102, server receive User ID, a random number (SALT) is sent to client, for client pair
Password is encrypted;When sending random number, server saves the random number for being sent to client;
Step 103, client carry out operation to User ID and password by first function, obtain first information MD5 (ID,
PASSWD);And according to the SALT received by second function operation obtain password information MD5 (MD5 (ID, PASSWD),
SALT), and by the password information obtained is calculated it is sent to server.
When step 104, server receive password information, the first information is obtained from password information, and deposit according to local
The SALT for being sent to client of storage calculates the password authentication information obtained for matching verifying;
Step 105, server determine user's body according to the password information for calculating the password authentication information obtained and receiving
Whether part, which authenticates, passes through;Assuming that the password information received is the password information that legitimate user sends, then obtained from password information
The first information taken is legal information, equal with the password information received with the password authentication information that this calculates acquisition, then may be used
To determine that user identity authentication passes through;When calculating the password authentication information obtained and the unequal password information received, determine
User identity authentication failure.
Above-mentioned K-DB database password authentication method uses dynamic password authentication mode to a certain extent, with SALT
The difference of random number, the password information that client generates every time are different, can be to avoid the attack of static password.But the mouth
Authentication method is enabled to still remain very big defective, including:
When illegal user steals User ID, SATL and password information, by offline dictionary track, acquisition can be guessed
Password, and then calculated by the password that conjecture obtains and obtain password information;Since user usually uses significant or ratio
The short password for being easier to remember is computationally feasible as password, therefore using guessing attack.Once password is obtained,
Illegal user, which can enter in database, steals data;
Client does not carry out any certification to server, it is assumed that illegal user is sent out by false service device to client
A SALT is sent, then illegal user can obtain the password information that client is sent by false service device, due to User ID
With SALT it is known that therefore password can be obtained by offline mode.
To sum up, there are still safety problems for the certification of K-DB database password, not can guarantee the safety of user data.
Summary of the invention
It is the general introduction to the theme being described in detail herein below.This general introduction is not the protection model in order to limit claim
It encloses.
The embodiment of the present invention provides a kind of identity identifying method and system, is able to ascend the certification of K-DB database password and uses
The safety of user data.
The embodiment of the invention provides a kind of identity identifying methods, including:
Client generates the first random number;
Determine whether server is legal according to the first random number of generation.
Optionally, whether the determining server is legal includes:
The client will generate the first information and first random number carries out the first processing, generate the second information;
Server obtains third information and the 4th information according to second information and the second random number itself generated;
The client is according to third information and the 5th information of the first generating random number itself generated;
When the client judges that the 5th information is identical as the 4th information, server legitimacy is determined;It is described
When client judges the 5th information and the 4th information difference, determine that server is illegal;
Wherein, the third information is:What the second random number and the first information obtain after the second processing
Information;4th information is the information that first random number and the second random number are obtained by third operation.
Optionally, the acquisition third information and the 4th information include:
Server carries out the after obtaining the first information in the second information that the client generates, to second information
One inversely processing obtains first random number;
The server generates the second random number, and second random number of generation and the first information are carried out institute
Second processing is stated, third information is obtained;
The server carries out third operation to first random number of acquisition and second random number of generation, obtains
Obtain the 4th information.
Optionally, the client is according to third information and the 5th packet of the first generating random number itself generated
It includes:
The client carries out second inversely processing to third information, obtains second random number;
The client is according to second random number of acquisition and first random number itself generated progress
After third operation, the 5th information is generated.
Optionally, it is described first processing include:Exclusive or processing, it is described to include to the first inversely processing of the second information progress:
Second information and the first information are subjected to exclusive or processing.
Optionally, when determining server legitimacy, the identity identifying method further includes:
The server according to the first information, first random number and second random number, to client into
Row authentication.
Optionally, described to include to client progress authentication:
The client to the first information of generation, first random number and second random number of acquisition into
The 4th operation of row obtains the 6th information;
The server is according to the first information of acquisition, first random number and generates the second random number progress institute
The 4th operation is stated, the 7th information is obtained;
When the server judges that the 7th information is identical as the 6th information, determine that the client passes through body
Part certification;When server judges the 7th information and the 6th information difference, determine that the client does not pass through identity
Certification.
On the other hand, the embodiment of the present invention also provides a kind of identity authorization system, including:Client;Wherein, client packet
It includes:
First generation unit, for generating the first random number;
First determination unit determines whether server is legal for the first random number according to generation.
Optionally, the identity authorization system further includes server, and the server includes first obtains unit;Described
One determination unit includes:First processing module, the second generation module, determining module;Wherein,
The first processing module is used for:The first information will be generated and first random number carries out the first processing, generated
Second information, and the second information of generation is sent to the server;
Second generation module is used for:Believed according to third information and first generating random number the 5th itself generated
Breath;
The determining module is used for:When judging that the 5th information is identical as the 4th information, determine that server closes
Method;When judging the 5th information and the 4th information difference, determine that server is illegal;
The first obtains unit is used for:According to second information and the second random number itself generated, third is obtained
Information and the 4th information;
Wherein, the third information is:What the second random number and the first information obtain after the second processing
Information;4th information is the information that first random number and the second random number are obtained by third operation;
Optionally, the first obtains unit is specifically used for:
After obtaining the first information in the second information that the client generates, the first inverse place is carried out to second information
Reason obtains first random number;
The second random number is generated, and second random number of generation and the first information are carried out at described second
Reason obtains third information;
Second random number of first random number and generation to acquisition carries out third operation, obtains the described 4th
Information.
Optionally, the generation module is specifically used for:
Second inversely processing is carried out to the third information, obtains second random number;
After carrying out the third operation according to second random number of acquisition and first random number itself generated,
Generate the 5th information.
Optionally, the server further includes the second determination unit, is used for according to the first information, described first at random
Several and second random number carries out authentication to client.
Optionally,
First determination unit further includes third computing module, for generation the first information, described first
Random number and second random number of acquisition carry out the 4th operation, obtain the 6th information;
The server further includes that the second determination unit includes the 4th computing module and judgment module;Wherein,
4th computing module is used for:According to the first information of acquisition, first random number and generation second
Random number carries out the 4th operation, obtains the 7th information;
The judgment module is used for:When judging that the 7th information is identical as the 6th information, the client is determined
End passes through authentication;When judging the 7th information and the 6th information difference, determine that the client does not pass through body
Part certification.
Compared with the relevant technologies, technical scheme includes:Client generates the first random number;According to the first of generation
Random number determines whether server is legal.When the embodiment of the present invention is to authentication, whether server is legal to be determined, is mentioned
The safety of database password certification and user data is risen.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by specification, right
Specifically noted structure is achieved and obtained in claim and attached drawing.
Detailed description of the invention
Attached drawing is used to provide to further understand technical solution of the present invention, and constitutes part of specification, with this
The embodiment of application technical solution for explaining the present invention together, does not constitute the limitation to technical solution of the present invention.
Fig. 1 is the information transmission schematic diagram that the relevant technologies carry out authentication;
Fig. 2 is the flow chart of identity identifying method of the embodiment of the present invention;
Fig. 3 is the structural block diagram of identity authorization system of the embodiment of the present invention;
Fig. 4 is the flow diagram of Application Example authentication of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention
Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application
Feature can mutual any combination.
Step shown in the flowchart of the accompanying drawings can be in a computer system such as a set of computer executable instructions
It executes.Also, although logical order is shown in flow charts, and it in some cases, can be to be different from herein suitable
Sequence executes shown or described step.
Fig. 2 is the flow chart of identity identifying method of the embodiment of the present invention, as shown in Fig. 2, including:
Step 201, client generate the first random number;
Step 202 determines whether server is legal according to the first random number of generation.
Optionally, whether the determining server is legal includes:
The client will generate the first information and first random number carries out the first processing, generate the second information;This
In, the first information may include:MD5 (ID, PASSWD).
Server obtains third information and the 4th information according to second information and the second random number itself generated;
Client is according to third information and the 5th information of the first generating random number itself generated;
When client judges that the 5th information is identical as the 4th information, server legitimacy is determined;The client
When the 5th information and the 4th information difference are judged in end, determine that server is illegal;
Wherein, the third information is:What the second random number and the first information obtain after the second processing
Information;4th information is the information that first random number and the second random number are obtained by third operation.
It should be noted that the first random number of the embodiment of the present invention and the second random number may each be true by the relevant technologies
The fixed random number met the requirements, for example, referring to the treatment process of Fig. 1, selection meets the satisfactory SALT of length.
The embodiment of the present invention assumes that server is illegal server, then illegal server can not be obtained directly from the second information
The first information is taken, the first random number can not be also obtained;In addition, the second random number can be generated in illegal server immediately, can not yet
It determines how and generates third information;Based on the above process, illegal server can not generate the 4th information, and client can be by upper
Process is stated to identify illegal server.
Optionally, the embodiment of the present invention obtains third information and the 4th information includes:
Server carries out the after obtaining the first information in the second information that the client generates, to second information
One inversely processing obtains first random number;
The server generates the second random number, and second random number of generation and the first information are carried out institute
Second processing is stated, third information is obtained;
The server carries out third operation to first random number of acquisition and second random number of generation, obtains
Obtain the 4th information.
Optionally, client of the embodiment of the present invention is according to third information and first generating random number itself generated the
Five information include:
The client carries out second inversely processing to third information, obtains second random number;
The client is according to second random number of acquisition and first random number itself generated progress
After third operation, the 5th information is generated.
Optionally, the embodiment of the present invention first, which is handled, includes:Exclusive or processing, it is described that first inversely processing is carried out to the second information
Including:
Second information and the first information are subjected to exclusive or processing.
It should be noted that the first processing and second processing may be the same or different;It can be by those skilled in the art
Member carries out analysis determination;Why handled using the first random number and the second random number, be in order to avoid the first information and
Second information is directly intercepted and captured in network transmission process, influences the conscientious safety of identity.The embodiment of the present invention is based on above-mentioned
Processing, improves the safety of authentication procedures.
Optionally, when determining server legitimacy, identity identifying method of the embodiment of the present invention further includes:
The server according to the first information, first random number and second random number, to client into
Row authentication.
Optionally, the embodiment of the present invention includes to client progress authentication:
The client to the first information of generation, first random number and second random number of acquisition into
The 4th operation of row obtains the 6th information;
The server is according to the first information of acquisition, first random number and generates the second random number progress institute
The 4th operation is stated, the 7th information is obtained;
When the server judges that the 7th information is identical as the 6th information, determine that the client passes through body
Part certification;When server judges the 7th information and the 6th information difference, determine that the client does not pass through identity
Certification.
It should be noted that once the first information, the first random number and the second random number of acquisition that client generates are
When invalid information, then the 6th information and the 7th information obtained by the 4th operation will not be identical, be based on this, client may be implemented
The authentication at end.In addition, the 4th operation, which can be, passes through MD5 function to the first information, the first random number and the second random number
The operation of progress.
Compared with the relevant technologies, technical scheme includes:Client generates the first random number;According to the first of generation
Random number determines whether server is legal.When the embodiment of the present invention is to authentication, whether server is legal to be determined, is mentioned
The safety of database password certification and user data is risen.
Fig. 3 is the structural block diagram of identity authorization system of the embodiment of the present invention, as shown in figure 3, including:Client;Wherein, objective
Family end includes:
First generation unit, for generating the first random number;
First determination unit determines whether server is legal for the first random number according to generation.
Optionally, identity authorization system of the embodiment of the present invention further includes server,
The server includes first obtains unit;First determination unit includes:First processing module, second generate
Module, determining module;Wherein,
The first processing module is used for:The first information will be generated and first random number carries out the first processing, generated
Second information, and the second information of generation is sent to the server;
Second generation module is used for:Believed according to third information and first generating random number the 5th itself generated
Breath;
The determining module is used for:When judging that the 5th information is identical as the 4th information, determine that server closes
Method;When judging the 5th information and the 4th information difference, determine that server is illegal;
The first obtains unit is used for:According to second information and the second random number itself generated, third is obtained
Information and the 4th information;
Wherein, the third information is:What the second random number and the first information obtain after the second processing
Information;4th information is the information that first random number and the second random number are obtained by third operation;
Optionally, first obtains unit of the embodiment of the present invention is specifically used for:
After obtaining the first information in the second information that the client generates, the first inverse place is carried out to second information
Reason obtains first random number;
The second random number is generated, and second random number of generation and the first information are carried out at described second
Reason obtains third information;
Second random number of first random number and generation to acquisition carries out third operation, obtains the described 4th
Information.
Optionally, generation module of the embodiment of the present invention is specifically used for:
Second inversely processing is carried out to the third information, obtains second random number;
After carrying out the third operation according to second random number of acquisition and first random number itself generated,
Generate the 5th information.
The embodiment of the present invention assumes that server is illegal server, then illegal server can not be obtained directly from the second information
The first information is taken, the first random number can not be also obtained;In addition, the second random number can be generated in illegal server immediately, can not yet
It determines how and generates third information;Based on the above process, illegal server can not generate the 4th information, and client can be by upper
Process is stated to identify illegal server.
Optionally, first processing module of the embodiment of the present invention is specifically used for:The first information and described first will be generated at random
Number carries out exclusive or processing, generates the second information, and the second information of generation is sent to the server.
It should be noted that the first processing and second processing may be the same or different;It can be by those skilled in the art
Member carries out analysis determination;Why handled using the first random number and the second random number, be in order to avoid the first information and
Second information is directly intercepted and captured in network transmission process, influences the conscientious safety of identity.The embodiment of the present invention is based on above-mentioned
Processing, improves the safety of authentication procedures.
Optionally, server of the embodiment of the present invention further includes the second determination unit, for according to the first information, described
First random number and second random number carry out authentication to client.
Optionally, the embodiment of the present invention
First determination unit further includes third computing module, for generation the first information, described first
Random number and second random number of acquisition carry out the 4th operation, obtain the 6th information;
The server further includes that the second determination unit includes the 4th computing module and judgment module;Wherein,
4th computing module is used for:According to the first information of acquisition, first random number and generation second
Random number carries out the 4th operation, obtains the 7th information;
The judgment module is used for:When judging that the 7th information is identical as the 6th information, the client is determined
End passes through authentication;When judging the 7th information and the 6th information difference, determine that the client does not pass through body
Part certification.It should be noted that once the first information, the first random number and the second random number of acquisition that client generates are non-
When method information, then the 6th information and the 7th information obtained by the 4th operation will not be identical, be based on this, client may be implemented
Authentication.
Present invention method is carried out to understand detailed description below by way of using example, is only used for using example old
The present invention is stated, is not intended to limit the scope of protection of the present invention.
Using example
Fig. 4 is the flow diagram of Application Example authentication of the present invention, as shown in figure 4, including:
Step 401, client receive the User ID and password of user's input;The client calculating first information=MD5 (ID,
PASSWD), and the first random number (Rc) is generated, client carries out exclusive or processing to the first random number and the first information, obtains the
After two information, User ID and the second information are sent to server;
After step 402, server receive User ID and the second information, from the file of the second information preservation username and password
The middle acquisition first information;First inversely processing is carried out to the second information, obtains the first random number;Specifically, can be by the second information
After carrying out exclusive or processing with the first information, the first random number is obtained;Server generate the second random number, and by the second random number with
The first information of acquisition carries out exclusive or processing, obtains third information;By the first random number and the second random number by MD5 function into
After row operation, the 4th information is obtained;Third information and the 4th information are sent to client;
After step 403, client receive third information and the 4th information, third information and the first information are carried out at exclusive or
After reason, the second random number is obtained;It the first random number that client is generated according to itself and obtains the second random number and calculates and obtain the
Five information;When 5th information is equal with the 4th information, server legitimacy is determined;Whens 5th information and the 4th information do not wait, determine
Server is illegal.
Optionally, when determining server legitimacy, present invention application example further includes:
Client carries out operation by MD5 to the first information of generation, the first random number and the second random number of acquisition, obtains
Obtain the 6th information;6th information and User ID are sent to server by client;
Server is to the first information of acquisition, the first random number and generates the second random number by MD5 progress operation, obtains
7th information;When server judges that the 7th information is identical as the 6th information, determine that client passes through authentication;Server is sentenced
When disconnected 7th information out and the 6th information difference, determine that client does not pass through authentication.
Present invention application example, when judging server is that illegal or client is unauthenticated, can disconnect into
The network connection of row authentication continues data theft to avoid illegal user.
Those of ordinary skill in the art will appreciate that all or part of the steps in the above method can be instructed by program
Related hardware (such as processor) is completed, and described program can store in computer readable storage medium, as read-only memory,
Disk or CD etc..Optionally, one or more integrated circuits also can be used in all or part of the steps of above-described embodiment
It realizes.Correspondingly, each module/unit in above-described embodiment can take the form of hardware realization, such as pass through integrated electricity
Its corresponding function is realized on road, can also be realized in the form of software function module, such as is stored in by processor execution
Program/instruction in memory realizes its corresponding function.The present invention is not limited to the hardware and softwares of any particular form
In conjunction with.
Although disclosed herein embodiment it is as above, the content only for ease of understanding the present invention and use
Embodiment is not intended to limit the invention.Technical staff in any fields of the present invention is taken off not departing from the present invention
Under the premise of the spirit and scope of dew, any modification and variation, but the present invention can be carried out in the form and details of implementation
Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.
Claims (14)
1. a kind of identity identifying method, which is characterized in that including:
Client generates the first random number;
Determine whether server is legal according to the first random number of generation.
2. identity identifying method according to claim 1, which is characterized in that whether the determining server is legal to include:
The client will generate the first information and first random number carries out the first processing, generate the second information;
Server obtains third information and the 4th information according to second information and the second random number itself generated;
The client is according to third information and the 5th information of the first generating random number itself generated;
When the client judges that the 5th information is identical as the 4th information, server legitimacy is determined;The client
When the 5th information and the 4th information difference are judged in end, determine that server is illegal;
Wherein, the third information is:Second random number and the first information carry out the information obtained after the second processing;
4th information is the information that first random number and the second random number are obtained by third operation.
3. identity identifying method according to claim 2, which is characterized in that the acquisition third information and the 4th packet
It includes:
It is inverse that server carries out first after obtaining the first information in the second information that the client generates, to second information
Processing obtains first random number;
The server generates the second random number, and second random number of generation and the first information are carried out described the
Two processing, obtain third information;
The server carries out third operation to first random number of acquisition and second random number of generation, obtains institute
State the 4th information.
4. identity identifying method according to claim 2, which is characterized in that the client is according to third information and itself
Generate the 5th information of the first generating random number include:
The client carries out second inversely processing to third information, obtains second random number;
The client carries out the third according to second random number of acquisition and first random number itself generated
After operation, the 5th information is generated.
5. according to the described in any item identity identifying methods of claim 2~4, which is characterized in that it is described first processing include:It is different
Or processing, it is described to include to the first inversely processing of the second information progress:
Second information and the first information are subjected to exclusive or processing.
6. according to the described in any item identity identifying methods of claim 2~4, which is characterized in that when determining server legitimacy, institute
Stating identity identifying method further includes:
The server carries out body according to the first information, first random number and second random number, to client
Part certification.
7. identity identifying method according to claim 6, which is characterized in that described to carry out authentication packet to client
It includes:
The client carries out the to the first information of generation, first random number and second random number of acquisition
Four operations obtain the 6th information;
The server is according to the first information of acquisition, first random number and generates the second random number and carries out described the
Four operations obtain the 7th information;
When the server judges that the 7th information is identical as the 6th information, determine that the client is recognized by identity
Card;When server judges the 7th information and the 6th information difference, determine that the client does not pass through authentication.
8. a kind of identity authorization system, which is characterized in that including:Client;Wherein, client includes:
First generation unit, for generating the first random number;
First determination unit determines whether server is legal for the first random number according to generation.
9. identity authorization system according to claim 8, which is characterized in that the identity authorization system further includes service
Device, the server include first obtains unit;First determination unit includes:First processing module, the second generation module,
Determining module;Wherein,
The first processing module is used for:The first information will be generated and first random number carries out the first processing, generate second
Information, and the second information of generation is sent to the server;
Second generation module is used for:According to third information and the 5th information of the first generating random number itself generated;
The determining module is used for:When judging that the 5th information is identical as the 4th information, server legitimacy is determined;Sentence
When disconnected 5th information out and the 4th information difference, determine that server is illegal;
The first obtains unit is used for:According to second information and the second random number itself generated, third information is obtained
With the 4th information;
Wherein, the third information is:Second random number and the first information carry out the information obtained after the second processing;
4th information is the information that first random number and the second random number are obtained by third operation.
10. identity authorization system according to claim 9, which is characterized in that the first obtains unit is specifically used for:
After obtaining the first information in the second information that the client generates, the first inversely processing is carried out to second information,
Obtain first random number;
The second random number is generated, and second random number of generation and the first information are subjected to the second processing, is obtained
Obtain third information;
Second random number of first random number and generation to acquisition carries out third operation, obtains the 4th letter
Breath.
11. identity authorization system according to claim 9, which is characterized in that the generation module is specifically used for:
Second inversely processing is carried out to the third information, obtains second random number;
After carrying out the third operation according to second random number of acquisition and first random number itself generated, generate
5th information.
12. according to the described in any item identity authorization systems of claim 9~11, which is characterized in that the first processing module
It is specifically used for:The first information and first random number will be generated and carry out exclusive or processing, generate the second information, and by the of generation
Two information are sent to the server.
13. according to the described in any item identity authorization systems of claim 9~11, which is characterized in that the server further includes
Second determination unit, for being carried out to client according to the first information, first random number and second random number
Authentication.
14. identity authorization system according to claim 13, which is characterized in that first determination unit further includes third
Computing module carries out for the first information to generation, first random number and second random number of acquisition
Four operations obtain the 6th information;
The server further includes that the second determination unit includes the 4th computing module and judgment module;Wherein,
4th computing module is used for:According to the first information of acquisition, first random number and generate second at random
Number carries out the 4th operation, obtains the 7th information;
The judgment module is used for:When judging that the 7th information is identical as the 6th information, determine that the client is logical
Cross authentication;When judging the 7th information and the 6th information difference, determine that the client is not recognized by identity
Card.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810541146.5A CN108848070A (en) | 2018-05-30 | 2018-05-30 | A kind of identity identifying method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810541146.5A CN108848070A (en) | 2018-05-30 | 2018-05-30 | A kind of identity identifying method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108848070A true CN108848070A (en) | 2018-11-20 |
Family
ID=64211013
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810541146.5A Pending CN108848070A (en) | 2018-05-30 | 2018-05-30 | A kind of identity identifying method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108848070A (en) |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1509005A (en) * | 2002-12-18 | 2004-06-30 | 英华达(上海)电子有限公司 | Wireless network authentication method and authenticatior encrypting method |
CN101771535A (en) * | 2008-12-30 | 2010-07-07 | 上海茂碧信息科技有限公司 | Mutual authentication method between terminal and server |
WO2010082253A1 (en) * | 2009-01-16 | 2010-07-22 | パナソニック株式会社 | Server authentication method and client terminal |
CN103095460A (en) * | 2013-01-22 | 2013-05-08 | 飞天诚信科技股份有限公司 | Intelligent card safety communication method |
CN103795545A (en) * | 2014-02-14 | 2014-05-14 | 飞天诚信科技股份有限公司 | Safety communication method and system |
KR20140114161A (en) * | 2013-03-18 | 2014-09-26 | 강병훈 | System and Method for Processing Number of Lotto Lottery for Increasing Winning Ration for Member Recommendation |
CN104156451A (en) * | 2014-08-18 | 2014-11-19 | 深圳市一五一十网络科技有限公司 | Data storage managing method and system |
CN104426657A (en) * | 2013-08-23 | 2015-03-18 | 阿里巴巴集团控股有限公司 | Service authentication method and system, server |
CN104901946A (en) * | 2015-04-10 | 2015-09-09 | 中国民航大学 | Civil aviation SWIM user authentication method based on improved Diameter/EAP-MD5 protocol |
CN105871920A (en) * | 2016-06-08 | 2016-08-17 | 美的集团股份有限公司 | Communication system and method of terminal and cloud server as well as terminal and cloud server |
CN106656481A (en) * | 2016-10-28 | 2017-05-10 | 美的智慧家居科技有限公司 | Identity authentication method, apparatus and system |
CN106790107A (en) * | 2016-12-26 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of access control method and server |
-
2018
- 2018-05-30 CN CN201810541146.5A patent/CN108848070A/en active Pending
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1509005A (en) * | 2002-12-18 | 2004-06-30 | 英华达(上海)电子有限公司 | Wireless network authentication method and authenticatior encrypting method |
CN101771535A (en) * | 2008-12-30 | 2010-07-07 | 上海茂碧信息科技有限公司 | Mutual authentication method between terminal and server |
WO2010082253A1 (en) * | 2009-01-16 | 2010-07-22 | パナソニック株式会社 | Server authentication method and client terminal |
CN103095460A (en) * | 2013-01-22 | 2013-05-08 | 飞天诚信科技股份有限公司 | Intelligent card safety communication method |
KR20140114161A (en) * | 2013-03-18 | 2014-09-26 | 강병훈 | System and Method for Processing Number of Lotto Lottery for Increasing Winning Ration for Member Recommendation |
CN104426657A (en) * | 2013-08-23 | 2015-03-18 | 阿里巴巴集团控股有限公司 | Service authentication method and system, server |
CN103795545A (en) * | 2014-02-14 | 2014-05-14 | 飞天诚信科技股份有限公司 | Safety communication method and system |
CN104156451A (en) * | 2014-08-18 | 2014-11-19 | 深圳市一五一十网络科技有限公司 | Data storage managing method and system |
CN104901946A (en) * | 2015-04-10 | 2015-09-09 | 中国民航大学 | Civil aviation SWIM user authentication method based on improved Diameter/EAP-MD5 protocol |
CN105871920A (en) * | 2016-06-08 | 2016-08-17 | 美的集团股份有限公司 | Communication system and method of terminal and cloud server as well as terminal and cloud server |
CN106656481A (en) * | 2016-10-28 | 2017-05-10 | 美的智慧家居科技有限公司 | Identity authentication method, apparatus and system |
CN106790107A (en) * | 2016-12-26 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of access control method and server |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20190149536A1 (en) | Secure authentication systems and methods | |
US8495358B2 (en) | Software based multi-channel polymorphic data obfuscation | |
CN109587162B (en) | Login verification method, device, terminal, password server and storage medium | |
US9009800B2 (en) | Systems and methods of authentication in a disconnected environment | |
US10437971B2 (en) | Secure authentication of a user of a device during a session with a connected server | |
WO2010132093A1 (en) | Authentication system and method | |
CN106209793A (en) | A kind of auth method and checking system | |
Tian et al. | Achieving flatness: Graph labeling can generate graphical honeywords | |
US20090177892A1 (en) | Proximity authentication | |
Al Rousan et al. | A comparative analysis of biometrics types: literature review | |
WO2015062441A1 (en) | Cgi web interface multi-session verification code generation and verification method | |
Kwon et al. | CCTV-based multi-factor authentication system | |
ES2937143T3 (en) | Procedure for monitoring and protecting access to an online service | |
Bilal et al. | Assessment of secure OpenID-based DAAA protocol for avoiding session hijacking in Web applications | |
US20170230416A1 (en) | System and methods for preventing phishing attack using dynamic identifier | |
CN111131140B (en) | Method and system for enhancing login security of Windows operating system based on message pushing | |
US20090271629A1 (en) | Wireless pairing ceremony | |
Ruoti et al. | End-to-end passwords | |
KR102284876B1 (en) | System and method for federated authentication based on biometrics | |
CN105071993B (en) | Encrypted state detection method and system | |
AlRousan et al. | Multi-factor authentication for e-government services using a smartphone application and biometric identity verification | |
CN108848070A (en) | A kind of identity identifying method and system | |
Mohammed et al. | A New system for User Authentication Using Android Application | |
US20220303293A1 (en) | Methods of monitoring and protecting access to online services | |
Ahmad et al. | Enhancing the Authentication Mechanism of Social Media Websites using Face Detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181120 |
|
RJ01 | Rejection of invention patent application after publication |