CN108848070A - A kind of identity identifying method and system - Google Patents

A kind of identity identifying method and system Download PDF

Info

Publication number
CN108848070A
CN108848070A CN201810541146.5A CN201810541146A CN108848070A CN 108848070 A CN108848070 A CN 108848070A CN 201810541146 A CN201810541146 A CN 201810541146A CN 108848070 A CN108848070 A CN 108848070A
Authority
CN
China
Prior art keywords
information
random number
server
client
generated
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810541146.5A
Other languages
Chinese (zh)
Inventor
王文庆
杜彦魁
王立斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201810541146.5A priority Critical patent/CN108848070A/en
Publication of CN108848070A publication Critical patent/CN108848070A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A kind of identity identifying method and system, including:Client generates the first random number;Determine whether server is legal according to the first random number of generation.When the embodiment of the present invention is to authentication, whether server is legal to be determined, improves the safety of database password certification and user data.

Description

Identity authentication method and system
Technical Field
The present disclosure relates to, but not limited to, security authentication techniques, and more particularly, to a method and system for identity authentication.
Background
Identity authentication is used as a first defense line for database security and is a portal of a database system. The database identity authentication is a process for judging whether the client is allowed to perform database connection with the user name required by the client, and is a close combination of an authentication technology and a database technology. Password authentication is a common authentication technique and is also the most vulnerable security mechanism. Since the secure password space is typically smaller, it is more vulnerable than a random key; especially for offline passwords, an exhaustive search attack such as a password guessing attack is easy to break the line of security. The one-time password is that the same password is used by a user when logging in the system, but the password is changed continuously during transmission. At present, the one-time password mainly adopts plaintext transmission of a random number SALT (in the password protection technology, a random data string used for modifying password hash) generated by a server at a server end on a network, is easy to suffer from offline password guessing attack, and can only realize one-way authentication.
The K-DB database (the K-DB database adopts the technologies of multi-process and multi-thread, multi-version concurrent control, storage virtualization and the like, the K-DB database can realize the automatic migration of a heterogeneous platform) password authentication is an implementation mode of a one-time password, and the implementation mode comprises plaintext password transmission and encrypted password transmission; the encryption method is divided into a fifth version (MD5) of message digest algorithm and Crypt (the Crypt function is one of C language functions and returns an encrypted character string). At present, the K-DB database password authentication has the defects that the password is easy to be stolen by illegal users and the attack of a counterfeit server cannot be prevented. Fig. 1 is a schematic diagram of information transmission for identity authentication in the related art, as shown in fig. 1, including:
step 101, a client receives a user Identification (ID) and a Password (PASSSWD) input by a user, and sends the received user ID to a server of a server;
step 102, after receiving the user ID, the server sends a random number (SALT) to the client, so that the client can encrypt the password; when sending the random number, the server stores the random number sent to the client;
step 103, the client calculates the user ID and the password through a first function to obtain first information MD5(ID, paswd); and obtains password information MD5(MD5(ID, PASSWD), SALT) by a second function operation according to the received SALT, and transmits the password information obtained by the calculation to the server.
104, when the server receives the password information, acquiring first information from the password information, and calculating and acquiring password authentication information for matching authentication according to locally stored SALT (secure sockets language) sent to the client;
step 105, the server determines whether the user identity passes the authentication according to the password verification information obtained by calculation and the received password information; if the received password information is the password information sent by a legal user, the first information acquired from the password information is legal information, and the password authentication information obtained by calculation is equal to the received password information, so that the user identity authentication can be determined to be passed; and when the calculated password verification information is not equal to the received password information, determining that the user identity authentication fails.
The K-DB database password authentication method adopts a dynamic password authentication mode to a certain extent, and password information generated by a client at each time is different along with different SALT random numbers, so that static password attack can be avoided. However, the password authentication method still has great defects, including:
when an illegal user steals user ID, SATL and password information, the password can be guessed and obtained through an off-line dictionary track, and then password information is obtained through guessing and calculating the obtained password; since users typically use short passwords as passwords, which are meaningful or easier to remember, guessing attacks using passwords is computationally feasible. Once the password is obtained, an illegal user can enter the database to steal data;
the client does not authenticate the server at all, and if an illegal user sends a SALT to the client through the false server, the illegal user can acquire password information sent by the client through the false server, and the password can be acquired in an off-line mode because the user ID and the SALT are known.
In conclusion, the K-DB database password authentication still has a security problem, and the security of user data cannot be ensured.
Disclosure of Invention
The following is a summary of the subject matter described in detail herein. This summary is not intended to limit the scope of the claims.
The embodiment of the invention provides an identity authentication method and system, which can improve the password authentication of a K-DB database and the security of user data.
The embodiment of the invention provides an identity authentication method, which comprises the following steps:
the client generates a first random number;
and determining whether the server is legal or not according to the generated first random number.
Optionally, the determining whether the server is legal includes:
the client performs first processing on the generated first information and the first random number to generate second information;
the server obtains third information and fourth information according to the second information and a second random number generated by the server;
the client generates fifth information according to the third information and the first random number generated by the client;
the client determines that the server is legal when judging that the fifth information is the same as the fourth information; the client determines that the server is illegal when judging that the fifth information is different from the fourth information;
wherein the third information is: the second random number and the first information are subjected to second processing to obtain information; the fourth information is information obtained by performing a third operation on the first random number and the second random number.
Optionally, the obtaining the third information and the fourth information includes:
after acquiring first information from second information generated by the client, the server performs first inverse processing on the second information to acquire the first random number;
the server generates a second random number, and performs the second processing on the generated second random number and the first information to obtain third information;
and the server performs third operation on the obtained first random number and the generated second random number to obtain the fourth information.
Optionally, the generating, by the client, fifth information according to the third information and the first random number generated by the client includes:
the client performs the second inverse processing on third information to obtain the second random number;
and the client performs the third operation according to the obtained second random number and the first random number generated by the client, and then generates the fifth information.
Optionally, the first processing includes: and exclusive-or processing, wherein the performing of the first inverse processing on the second information comprises:
and carrying out XOR processing on the second information and the first information.
Optionally, when it is determined that the server is legal, the identity authentication method further includes:
and the server performs identity authentication on the client according to the first information, the first random number and the second random number.
Optionally, the performing identity authentication on the client includes:
the client performs a fourth operation on the generated first information, the generated first random number and the obtained second random number to obtain sixth information;
the server performs the fourth operation according to the acquired first information, the first random number and a generated second random number to acquire seventh information;
the server determines that the client passes the identity authentication when judging that the seventh information is the same as the sixth information; and when judging that the seventh information is different from the sixth information, the server determines that the client fails to pass the identity authentication.
In another aspect, an embodiment of the present invention further provides an identity authentication system, including: a client; wherein, the client includes:
a first generation unit configured to generate a first random number;
and the first determining unit is used for determining whether the server is legal or not according to the generated first random number.
Optionally, the identity authentication system further includes a server, where the server includes a first obtaining unit; the first determination unit includes: the device comprises a first processing module, a second generating module and a determining module; wherein,
the first processing module is configured to: performing first processing on the generated first information and the first random number to generate second information, and sending the generated second information to the server;
the second generation module is to: generating fifth information according to the third information and the first random number generated by the third information and the first random number;
the determination module is to: determining that the server is legal when the fifth information is judged to be the same as the fourth information; determining that the server is illegal when the fifth information is judged to be different from the fourth information;
the first obtaining unit is configured to: obtaining third information and fourth information according to the second information and a second random number generated by the second information;
wherein the third information is: the second random number and the first information are subjected to second processing to obtain information; the fourth information is information obtained by the first random number and the second random number through a third operation;
optionally, the first obtaining unit is specifically configured to:
after first information is acquired from second information generated by the client, performing first inverse processing on the second information to acquire a first random number;
generating a second random number, and performing second processing on the generated second random number and the first information to obtain third information;
and performing third operation on the obtained first random number and the generated second random number to obtain the fourth information.
Optionally, the generating module is specifically configured to:
performing the second inverse processing on the third information to obtain the second random number;
and generating the fifth information after performing the third operation according to the obtained second random number and the first random number generated by the second random number.
Optionally, the server further includes a second determining unit, configured to perform identity authentication on the client according to the first information, the first random number, and the second random number.
Alternatively to this, the first and second parts may,
the first determining unit further includes a third operation module, configured to perform a fourth operation on the generated first information, the first random number, and the obtained second random number, so as to obtain sixth information;
the server also comprises a second determining unit which comprises a fourth operation module and a judging module; wherein,
the fourth operation module is configured to: performing a fourth operation according to the acquired first information, the first random number and a generated second random number to acquire seventh information;
the judging module is used for: determining that the client passes identity authentication when the seventh information is judged to be the same as the sixth information; and determining that the client fails the identity authentication when the seventh information is judged to be different from the sixth information.
Compared with the related art, the technical scheme of the application comprises the following steps: the client generates a first random number; and determining whether the server is legal or not according to the generated first random number. The embodiment of the invention determines whether the server is legal or not during identity authentication, thereby improving the security of database password authentication and user data.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the example serve to explain the principles of the invention and not to limit the invention.
FIG. 1 is a diagram illustrating information transmission for identity authentication in the related art;
FIG. 2 is a flow chart of an identity authentication method according to an embodiment of the present invention;
FIG. 3 is a block diagram of an identity authentication system according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating identity authentication according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
The steps illustrated in the flow charts of the figures may be performed in a computer system such as a set of computer-executable instructions. Also, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.
Fig. 2 is a flowchart of an identity authentication method according to an embodiment of the present invention, as shown in fig. 2, including:
step 201, a client generates a first random number;
step 202, determining whether the server is legal according to the generated first random number.
Optionally, the determining whether the server is legal includes:
the client performs first processing on the generated first information and the first random number to generate second information; here, the first information may include: MD5(ID, paswd).
The server obtains third information and fourth information according to the second information and a second random number generated by the server;
the client generates fifth information according to the third information and the first random number generated by the client;
the client determines that the server is legal when judging that the fifth information is the same as the fourth information; the client determines that the server is illegal when judging that the fifth information is different from the fourth information;
wherein the third information is: the second random number and the first information are subjected to second processing to obtain information; the fourth information is information obtained by performing a third operation on the first random number and the second random number.
It should be noted that, in the embodiment of the present invention, both the first random number and the second random number may be random numbers that satisfy requirements determined by the related art, for example, referring to the processing procedure of fig. 1, SALT that satisfies the requirement is selected.
In the embodiment of the invention, if the server is an illegal server, the illegal server cannot directly acquire the first information from the second information and cannot acquire the first random number; in addition, the illegal server can generate a second random number immediately and cannot determine how to generate third information; based on the above process, the illegal server cannot generate the fourth information, and the client can identify the illegal server through the above process.
Optionally, the obtaining the third information and the fourth information in the embodiment of the present invention includes:
after acquiring first information from second information generated by the client, the server performs first inverse processing on the second information to acquire the first random number;
the server generates a second random number, and performs the second processing on the generated second random number and the first information to obtain third information;
and the server performs third operation on the obtained first random number and the generated second random number to obtain the fourth information.
Optionally, the generating, by the client according to the third information and the first random number generated by the client itself, fifth information includes:
the client performs the second inverse processing on third information to obtain the second random number;
and the client performs the third operation according to the obtained second random number and the first random number generated by the client, and then generates the fifth information.
Optionally, the first processing in the embodiment of the present invention includes: and exclusive-or processing, wherein the performing of the first inverse processing on the second information comprises:
and carrying out XOR processing on the second information and the first information.
The first process and the second process may be the same or different; can be determined analytically by those skilled in the art; the first random number and the second random number are adopted for processing, so that the first information and the second information are prevented from being directly intercepted in the network transmission process, and the serious safety of the identity is prevented from being influenced. Based on the processing, the embodiment of the invention improves the safety of the identity authentication process.
Optionally, when it is determined that the server is legal, the identity authentication method according to the embodiment of the present invention further includes:
and the server performs identity authentication on the client according to the first information, the first random number and the second random number.
Optionally, the performing identity authentication on the client according to the embodiment of the present invention includes:
the client performs a fourth operation on the generated first information, the generated first random number and the obtained second random number to obtain sixth information;
the server performs the fourth operation according to the acquired first information, the first random number and a generated second random number to acquire seventh information;
the server determines that the client passes the identity authentication when judging that the seventh information is the same as the sixth information; and when judging that the seventh information is different from the sixth information, the server determines that the client fails to pass the identity authentication.
It should be noted that, once the first information, the first random number and the obtained second random number generated by the client are illegal information, the sixth information and the seventh information obtained through the fourth operation are different, and based on this, the identity authentication of the client can be realized. In addition, the fourth operation may be an operation performed on the first information, the first random number, and the second random number by an MD5 function.
Compared with the related art, the technical scheme of the application comprises the following steps: the client generates a first random number; and determining whether the server is legal or not according to the generated first random number. The embodiment of the invention determines whether the server is legal or not during identity authentication, thereby improving the security of database password authentication and user data.
Fig. 3 is a block diagram of an identity authentication system according to an embodiment of the present invention, as shown in fig. 3, including: a client; wherein, the client includes:
a first generation unit configured to generate a first random number;
and the first determining unit is used for determining whether the server is legal or not according to the generated first random number.
Optionally, the identity authentication system of the embodiment of the present invention further includes a server,
the server comprises a first obtaining unit; the first determination unit includes: the device comprises a first processing module, a second generating module and a determining module; wherein,
the first processing module is configured to: performing first processing on the generated first information and the first random number to generate second information, and sending the generated second information to the server;
the second generation module is to: generating fifth information according to the third information and the first random number generated by the third information and the first random number;
the determination module is to: determining that the server is legal when the fifth information is judged to be the same as the fourth information; determining that the server is illegal when the fifth information is judged to be different from the fourth information;
the first obtaining unit is configured to: obtaining third information and fourth information according to the second information and a second random number generated by the second information;
wherein the third information is: the second random number and the first information are subjected to second processing to obtain information; the fourth information is information obtained by the first random number and the second random number through a third operation;
optionally, the first obtaining unit in the embodiment of the present invention is specifically configured to:
after first information is acquired from second information generated by the client, performing first inverse processing on the second information to acquire a first random number;
generating a second random number, and performing second processing on the generated second random number and the first information to obtain third information;
and performing third operation on the obtained first random number and the generated second random number to obtain the fourth information.
Optionally, the generating module in the embodiment of the present invention is specifically configured to:
performing the second inverse processing on the third information to obtain the second random number;
and generating the fifth information after performing the third operation according to the obtained second random number and the first random number generated by the second random number.
In the embodiment of the invention, if the server is an illegal server, the illegal server cannot directly acquire the first information from the second information and cannot acquire the first random number; in addition, the illegal server can generate a second random number immediately and cannot determine how to generate third information; based on the above process, the illegal server cannot generate the fourth information, and the client can identify the illegal server through the above process.
Optionally, the first processing module in the embodiment of the present invention is specifically configured to: and carrying out XOR processing on the generated first information and the first random number to generate second information, and sending the generated second information to the server.
The first process and the second process may be the same or different; can be determined analytically by those skilled in the art; the first random number and the second random number are adopted for processing, so that the first information and the second information are prevented from being directly intercepted in the network transmission process, and the serious safety of the identity is prevented from being influenced. Based on the processing, the embodiment of the invention improves the safety of the identity authentication process.
Optionally, the server in the embodiment of the present invention further includes a second determining unit, configured to perform identity authentication on the client according to the first information, the first random number, and the second random number.
Optionally, the embodiments of the present invention
The first determining unit further includes a third operation module, configured to perform a fourth operation on the generated first information, the first random number, and the obtained second random number, so as to obtain sixth information;
the server also comprises a second determining unit which comprises a fourth operation module and a judging module; wherein,
the fourth operation module is configured to: performing a fourth operation according to the acquired first information, the first random number and a generated second random number to acquire seventh information;
the judging module is used for: determining that the client passes identity authentication when the seventh information is judged to be the same as the sixth information; and determining that the client fails the identity authentication when the seventh information is judged to be different from the sixth information. It should be noted that, once the first information, the first random number and the obtained second random number generated by the client are illegal information, the sixth information and the seventh information obtained through the fourth operation are different, and based on this, the identity authentication of the client can be realized.
The method of the embodiment of the present invention is described in detail below by using application examples, which are only used for illustrating the present invention and are not used for limiting the protection scope of the present invention.
Application example
Fig. 4 is a schematic flow chart of identity authentication according to an embodiment of the present invention, as shown in fig. 4, including:
step 401, a client receives a user ID and a password input by a user; the client calculates first information (MD5(ID, PASSDD) and generates a first random number (Rc), and the client performs exclusive-or processing on the first random number and the first information to obtain second information and then sends the user ID and the second information to the server;
step 402, after receiving the user ID and the second information, the server acquires first information from a file in which the user name and the password are stored in the second information; performing first inverse processing on the second information to obtain a first random number; specifically, the first random number may be obtained after performing xor processing on the second information and the first information; the server generates a second random number, and carries out XOR processing on the second random number and the obtained first information to obtain third information; after the first random number and the second random number are operated through an MD5 function, fourth information is obtained; sending the third information and the fourth information to the client;
step 403, after receiving the third information and the fourth information, the client performs xor processing on the third information and the first information to obtain a second random number; the client calculates and obtains fifth information according to the first random number generated by the client and the obtained second random number; when the fifth information is equal to the fourth information, determining that the server is legal; and when the fifth information is not equal to the fourth information, determining that the server is illegal.
Optionally, when determining that the server is legal, the application example of the present invention further includes:
the client calculates the generated first information, the first random number and the obtained second random number through MD5 to obtain sixth information; the client sends the sixth information and the user ID to the server;
the server calculates the acquired first information, the first random number and the generated second random number through MD5 to acquire seventh information; the server determines that the client passes the identity authentication when judging that the seventh information is the same as the sixth information; and when the server judges that the seventh information is different from the sixth information, determining that the client fails the identity authentication.
The application example of the invention can disconnect the network connection for identity authentication when judging that the server is illegal or the client fails to pass the authentication, so as to avoid the illegal user from continuing to steal data.
It will be understood by those skilled in the art that all or part of the steps of the above methods may be implemented by a program instructing associated hardware (e.g., a processor) to perform the steps, and the program may be stored in a computer readable storage medium, such as a read only memory, a magnetic or optical disk, and the like. Alternatively, all or part of the steps of the above embodiments may be implemented using one or more integrated circuits. Accordingly, each module/unit in the above embodiments may be implemented in hardware, for example, by an integrated circuit to implement its corresponding function, or in software, for example, by a processor executing a program/instruction stored in a memory to implement its corresponding function. The present invention is not limited to any specific form of combination of hardware and software.
Although the embodiments of the present invention have been described above, the above description is only for the convenience of understanding the present invention, and is not intended to limit the present invention. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (14)

1. An identity authentication method, comprising:
the client generates a first random number;
and determining whether the server is legal or not according to the generated first random number.
2. The identity authentication method of claim 1, wherein the determining whether the server is legitimate comprises:
the client performs first processing on the generated first information and the first random number to generate second information;
the server obtains third information and fourth information according to the second information and a second random number generated by the server;
the client generates fifth information according to the third information and the first random number generated by the client;
the client determines that the server is legal when judging that the fifth information is the same as the fourth information; the client determines that the server is illegal when judging that the fifth information is different from the fourth information;
wherein the third information is: the second random number and the first information are subjected to second processing to obtain information; the fourth information is information obtained by performing a third operation on the first random number and the second random number.
3. The identity authentication method of claim 2, wherein the obtaining the third information and the fourth information comprises:
after acquiring first information from second information generated by the client, the server performs first inverse processing on the second information to acquire the first random number;
the server generates a second random number, and performs the second processing on the generated second random number and the first information to obtain third information;
and the server performs third operation on the obtained first random number and the generated second random number to obtain the fourth information.
4. The identity authentication method according to claim 2, wherein the client generates fifth information according to the third information and the first random number generated by the client, and comprises:
the client performs the second inverse processing on third information to obtain the second random number;
and the client performs the third operation according to the obtained second random number and the first random number generated by the client, and then generates the fifth information.
5. An identity authentication method according to any one of claims 2 to 4, wherein the first processing comprises: and exclusive-or processing, wherein the performing of the first inverse processing on the second information comprises:
and carrying out XOR processing on the second information and the first information.
6. The identity authentication method according to any one of claims 2 to 4, wherein when it is determined that the server is legitimate, the identity authentication method further comprises:
and the server performs identity authentication on the client according to the first information, the first random number and the second random number.
7. The identity authentication method of claim 6, wherein the identity authentication of the client comprises:
the client performs a fourth operation on the generated first information, the generated first random number and the obtained second random number to obtain sixth information;
the server performs the fourth operation according to the acquired first information, the first random number and a generated second random number to acquire seventh information;
the server determines that the client passes the identity authentication when judging that the seventh information is the same as the sixth information; and when judging that the seventh information is different from the sixth information, the server determines that the client fails to pass the identity authentication.
8. An identity authentication system, comprising: a client; wherein, the client includes:
a first generation unit configured to generate a first random number;
and the first determining unit is used for determining whether the server is legal or not according to the generated first random number.
9. The identity authentication system of claim 8, further comprising a server, the server comprising a first obtaining unit; the first determination unit includes: the device comprises a first processing module, a second generating module and a determining module; wherein,
the first processing module is configured to: performing first processing on the generated first information and the first random number to generate second information, and sending the generated second information to the server;
the second generation module is to: generating fifth information according to the third information and the first random number generated by the third information and the first random number;
the determination module is to: determining that the server is legal when the fifth information is judged to be the same as the fourth information; determining that the server is illegal when the fifth information is judged to be different from the fourth information;
the first obtaining unit is configured to: obtaining third information and fourth information according to the second information and a second random number generated by the second information;
wherein the third information is: the second random number and the first information are subjected to second processing to obtain information; the fourth information is information obtained by performing a third operation on the first random number and the second random number.
10. The identity authentication system of claim 9, wherein the first obtaining unit is specifically configured to:
after first information is acquired from second information generated by the client, performing first inverse processing on the second information to acquire a first random number;
generating a second random number, and performing second processing on the generated second random number and the first information to obtain third information;
and performing third operation on the obtained first random number and the generated second random number to obtain the fourth information.
11. The identity authentication system of claim 9, wherein the generation module is specifically configured to:
performing the second inverse processing on the third information to obtain the second random number;
and generating the fifth information after performing the third operation according to the obtained second random number and the first random number generated by the second random number.
12. The identity authentication system according to any one of claims 9 to 11, wherein the first processing module is specifically configured to: and carrying out XOR processing on the generated first information and the first random number to generate second information, and sending the generated second information to the server.
13. The identity authentication system according to any one of claims 9 to 11, wherein the server further comprises a second determining unit configured to authenticate the client based on the first information, the first random number, and the second random number.
14. The identity authentication system of claim 13, wherein the first determining unit further comprises a third operation module, configured to perform a fourth operation on the generated first information, the first random number, and the obtained second random number to obtain sixth information;
the server also comprises a second determining unit which comprises a fourth operation module and a judging module; wherein,
the fourth operation module is configured to: performing a fourth operation according to the acquired first information, the first random number and a generated second random number to acquire seventh information;
the judging module is used for: determining that the client passes identity authentication when the seventh information is judged to be the same as the sixth information; and determining that the client fails the identity authentication when the seventh information is judged to be different from the sixth information.
CN201810541146.5A 2018-05-30 2018-05-30 A kind of identity identifying method and system Pending CN108848070A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810541146.5A CN108848070A (en) 2018-05-30 2018-05-30 A kind of identity identifying method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810541146.5A CN108848070A (en) 2018-05-30 2018-05-30 A kind of identity identifying method and system

Publications (1)

Publication Number Publication Date
CN108848070A true CN108848070A (en) 2018-11-20

Family

ID=64211013

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810541146.5A Pending CN108848070A (en) 2018-05-30 2018-05-30 A kind of identity identifying method and system

Country Status (1)

Country Link
CN (1) CN108848070A (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1509005A (en) * 2002-12-18 2004-06-30 英华达(上海)电子有限公司 Wireless network authentication method and authenticatior encrypting method
CN101771535A (en) * 2008-12-30 2010-07-07 上海茂碧信息科技有限公司 Mutual authentication method between terminal and server
WO2010082253A1 (en) * 2009-01-16 2010-07-22 パナソニック株式会社 Server authentication method and client terminal
CN103095460A (en) * 2013-01-22 2013-05-08 飞天诚信科技股份有限公司 Intelligent card safety communication method
CN103795545A (en) * 2014-02-14 2014-05-14 飞天诚信科技股份有限公司 Safety communication method and system
KR20140114161A (en) * 2013-03-18 2014-09-26 강병훈 System and Method for Processing Number of Lotto Lottery for Increasing Winning Ration for Member Recommendation
CN104156451A (en) * 2014-08-18 2014-11-19 深圳市一五一十网络科技有限公司 Data storage managing method and system
CN104426657A (en) * 2013-08-23 2015-03-18 阿里巴巴集团控股有限公司 Service authentication method and system, server
CN104901946A (en) * 2015-04-10 2015-09-09 中国民航大学 Civil aviation SWIM user authentication method based on improved Diameter/EAP-MD5 protocol
CN105871920A (en) * 2016-06-08 2016-08-17 美的集团股份有限公司 Communication system and method of terminal and cloud server as well as terminal and cloud server
CN106656481A (en) * 2016-10-28 2017-05-10 美的智慧家居科技有限公司 Identity authentication method, apparatus and system
CN106790107A (en) * 2016-12-26 2017-05-31 郑州云海信息技术有限公司 A kind of access control method and server

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1509005A (en) * 2002-12-18 2004-06-30 英华达(上海)电子有限公司 Wireless network authentication method and authenticatior encrypting method
CN101771535A (en) * 2008-12-30 2010-07-07 上海茂碧信息科技有限公司 Mutual authentication method between terminal and server
WO2010082253A1 (en) * 2009-01-16 2010-07-22 パナソニック株式会社 Server authentication method and client terminal
CN103095460A (en) * 2013-01-22 2013-05-08 飞天诚信科技股份有限公司 Intelligent card safety communication method
KR20140114161A (en) * 2013-03-18 2014-09-26 강병훈 System and Method for Processing Number of Lotto Lottery for Increasing Winning Ration for Member Recommendation
CN104426657A (en) * 2013-08-23 2015-03-18 阿里巴巴集团控股有限公司 Service authentication method and system, server
CN103795545A (en) * 2014-02-14 2014-05-14 飞天诚信科技股份有限公司 Safety communication method and system
CN104156451A (en) * 2014-08-18 2014-11-19 深圳市一五一十网络科技有限公司 Data storage managing method and system
CN104901946A (en) * 2015-04-10 2015-09-09 中国民航大学 Civil aviation SWIM user authentication method based on improved Diameter/EAP-MD5 protocol
CN105871920A (en) * 2016-06-08 2016-08-17 美的集团股份有限公司 Communication system and method of terminal and cloud server as well as terminal and cloud server
CN106656481A (en) * 2016-10-28 2017-05-10 美的智慧家居科技有限公司 Identity authentication method, apparatus and system
CN106790107A (en) * 2016-12-26 2017-05-31 郑州云海信息技术有限公司 A kind of access control method and server

Similar Documents

Publication Publication Date Title
CN110493202B (en) Login token generation and verification method and device and server
KR102493744B1 (en) Security Verification Method Based on Biometric Characteristics, Client Terminal, and Server
US7526654B2 (en) Method and system for detecting a secure state of a computer system
US20080189772A1 (en) Method for generating digital fingerprint using pseudo random number code
KR102137122B1 (en) Security check method, device, terminal and server
CN109347887B (en) Identity authentication method and device
CN114244522B (en) Information protection method, device, electronic equipment and computer readable storage medium
US11425165B2 (en) Methods, systems, articles of manufacture and apparatus to reduce spoofing vulnerabilities
CN111031539A (en) Method and system for enhancing login security of Windows operating system based on mobile terminal
CN111510442A (en) User verification method and device, electronic equipment and storage medium
US20240275780A1 (en) Application security through deceptive authentication
US20180039771A1 (en) Method of and server for authorizing execution of an application on an electronic device
CN114944921A (en) Login authentication method and device, electronic equipment and storage medium
WO2015062441A1 (en) Cgi web interface multi-session verification code generation and verification method
US20150170150A1 (en) Data verification
CN110807210B (en) Information processing method, platform, system and computer storage medium
CN112565156B (en) Information registration method, device and system
CN115550002B (en) TEE-based intelligent home remote control method and related device
JP2020509625A (en) Data message authentication based on random numbers
CN111131140A (en) Method and system for enhancing login security of Windows operating system based on message pushing
US20220417020A1 (en) Information processing device, information processing method, and non-transitory computer readable storage medium
CN111083100A (en) Method and system for enhancing login security of Linux operating system based on message pushing
CN106533685B (en) Identity authentication method, device and system
CN114139131A (en) Operating system login method and device and electronic equipment
CN108848070A (en) A kind of identity identifying method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181120

RJ01 Rejection of invention patent application after publication