CN108848070A - A kind of identity identifying method and system - Google Patents

A kind of identity identifying method and system Download PDF

Info

Publication number
CN108848070A
CN108848070A CN201810541146.5A CN201810541146A CN108848070A CN 108848070 A CN108848070 A CN 108848070A CN 201810541146 A CN201810541146 A CN 201810541146A CN 108848070 A CN108848070 A CN 108848070A
Authority
CN
China
Prior art keywords
information
random number
server
client
processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810541146.5A
Other languages
Chinese (zh)
Inventor
王文庆
杜彦魁
王立斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201810541146.5A priority Critical patent/CN108848070A/en
Publication of CN108848070A publication Critical patent/CN108848070A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

A kind of identity identifying method and system, including:Client generates the first random number;Determine whether server is legal according to the first random number of generation.When the embodiment of the present invention is to authentication, whether server is legal to be determined, improves the safety of database password certification and user data.

Description

A kind of identity identifying method and system
Technical field
Present document relates to but be not limited to secure authentication technology, espespecially a kind of identity identifying method and system.
Background technique
The first line of defence of the authentication as database security is the portal of Database Systems.Database authentication It is to determine whether that client carries out the process of database connection with the user name that it is required, is authentication techniques and database skill Art is combined closely.Password authentication is a kind of universal authentication techniques, and most vulnerable to a kind of security mechanism of threat.Due to Secure password space is usually smaller, therefore more random code key is more easily under attack;Especially for offline password, using password The exhaustive search attack of guessing attack etc is easy to crack security perimeter.User when one-time password refers to each login system Although using is the same password, password is continually changing in transmission.Currently, one-time password is mainly using by taking The random number SALT that the server at business device end generates (in cryptoguard technology, for the random data string of change password hash) Plaintext transmission on network is subject to offline guessing attack, and can only realize unilateral authentication.
(K-DB database is using skills such as multi-process multithreading, Multi version concurrency control, Storage Virtualizations for K-DB database Art.K-DB database is able to achieve heterogeneous platform automation migration.) password authentication be one-time password a kind of embodiment, It is divided into plaintext password transmission and encrypted ones transmission;Encryption method is divided into Message Digest Algorithm 5 (MD5) and Crypt (Crypt function is one of C language function, returns to encrypted character string).Currently, there are passwords for the certification of K-DB database password It is easy to steal and cannot take precautions against the defect of server-spoofing attacks by illegal user.Fig. 1 is that the relevant technologies carry out authentication Information transmit schematic diagram, as shown in Figure 1, including:
Step 101, client receive the User Identity (ID) and password (PASSWD) of user's input, will receive User ID be sent to the server of server end;
After step 102, server receive User ID, a random number (SALT) is sent to client, for client pair Password is encrypted;When sending random number, server saves the random number for being sent to client;
Step 103, client carry out operation to User ID and password by first function, obtain first information MD5 (ID, PASSWD);And according to the SALT received by second function operation obtain password information MD5 (MD5 (ID, PASSWD), SALT), and by the password information obtained is calculated it is sent to server.
When step 104, server receive password information, the first information is obtained from password information, and deposit according to local The SALT for being sent to client of storage calculates the password authentication information obtained for matching verifying;
Step 105, server determine user's body according to the password information for calculating the password authentication information obtained and receiving Whether part, which authenticates, passes through;Assuming that the password information received is the password information that legitimate user sends, then obtained from password information The first information taken is legal information, equal with the password information received with the password authentication information that this calculates acquisition, then may be used To determine that user identity authentication passes through;When calculating the password authentication information obtained and the unequal password information received, determine User identity authentication failure.
Above-mentioned K-DB database password authentication method uses dynamic password authentication mode to a certain extent, with SALT The difference of random number, the password information that client generates every time are different, can be to avoid the attack of static password.But the mouth Authentication method is enabled to still remain very big defective, including:
When illegal user steals User ID, SATL and password information, by offline dictionary track, acquisition can be guessed Password, and then calculated by the password that conjecture obtains and obtain password information;Since user usually uses significant or ratio The short password for being easier to remember is computationally feasible as password, therefore using guessing attack.Once password is obtained, Illegal user, which can enter in database, steals data;
Client does not carry out any certification to server, it is assumed that illegal user is sent out by false service device to client A SALT is sent, then illegal user can obtain the password information that client is sent by false service device, due to User ID With SALT it is known that therefore password can be obtained by offline mode.
To sum up, there are still safety problems for the certification of K-DB database password, not can guarantee the safety of user data.
Summary of the invention
It is the general introduction to the theme being described in detail herein below.This general introduction is not the protection model in order to limit claim It encloses.
The embodiment of the present invention provides a kind of identity identifying method and system, is able to ascend the certification of K-DB database password and uses The safety of user data.
The embodiment of the invention provides a kind of identity identifying methods, including:
Client generates the first random number;
Determine whether server is legal according to the first random number of generation.
Optionally, whether the determining server is legal includes:
The client will generate the first information and first random number carries out the first processing, generate the second information;
Server obtains third information and the 4th information according to second information and the second random number itself generated;
The client is according to third information and the 5th information of the first generating random number itself generated;
When the client judges that the 5th information is identical as the 4th information, server legitimacy is determined;It is described When client judges the 5th information and the 4th information difference, determine that server is illegal;
Wherein, the third information is:What the second random number and the first information obtain after the second processing Information;4th information is the information that first random number and the second random number are obtained by third operation.
Optionally, the acquisition third information and the 4th information include:
Server carries out the after obtaining the first information in the second information that the client generates, to second information One inversely processing obtains first random number;
The server generates the second random number, and second random number of generation and the first information are carried out institute Second processing is stated, third information is obtained;
The server carries out third operation to first random number of acquisition and second random number of generation, obtains Obtain the 4th information.
Optionally, the client is according to third information and the 5th packet of the first generating random number itself generated It includes:
The client carries out second inversely processing to third information, obtains second random number;
The client is according to second random number of acquisition and first random number itself generated progress After third operation, the 5th information is generated.
Optionally, it is described first processing include:Exclusive or processing, it is described to include to the first inversely processing of the second information progress:
Second information and the first information are subjected to exclusive or processing.
Optionally, when determining server legitimacy, the identity identifying method further includes:
The server according to the first information, first random number and second random number, to client into Row authentication.
Optionally, described to include to client progress authentication:
The client to the first information of generation, first random number and second random number of acquisition into The 4th operation of row obtains the 6th information;
The server is according to the first information of acquisition, first random number and generates the second random number progress institute The 4th operation is stated, the 7th information is obtained;
When the server judges that the 7th information is identical as the 6th information, determine that the client passes through body Part certification;When server judges the 7th information and the 6th information difference, determine that the client does not pass through identity Certification.
On the other hand, the embodiment of the present invention also provides a kind of identity authorization system, including:Client;Wherein, client packet It includes:
First generation unit, for generating the first random number;
First determination unit determines whether server is legal for the first random number according to generation.
Optionally, the identity authorization system further includes server, and the server includes first obtains unit;Described One determination unit includes:First processing module, the second generation module, determining module;Wherein,
The first processing module is used for:The first information will be generated and first random number carries out the first processing, generated Second information, and the second information of generation is sent to the server;
Second generation module is used for:Believed according to third information and first generating random number the 5th itself generated Breath;
The determining module is used for:When judging that the 5th information is identical as the 4th information, determine that server closes Method;When judging the 5th information and the 4th information difference, determine that server is illegal;
The first obtains unit is used for:According to second information and the second random number itself generated, third is obtained Information and the 4th information;
Wherein, the third information is:What the second random number and the first information obtain after the second processing Information;4th information is the information that first random number and the second random number are obtained by third operation;
Optionally, the first obtains unit is specifically used for:
After obtaining the first information in the second information that the client generates, the first inverse place is carried out to second information Reason obtains first random number;
The second random number is generated, and second random number of generation and the first information are carried out at described second Reason obtains third information;
Second random number of first random number and generation to acquisition carries out third operation, obtains the described 4th Information.
Optionally, the generation module is specifically used for:
Second inversely processing is carried out to the third information, obtains second random number;
After carrying out the third operation according to second random number of acquisition and first random number itself generated, Generate the 5th information.
Optionally, the server further includes the second determination unit, is used for according to the first information, described first at random Several and second random number carries out authentication to client.
Optionally,
First determination unit further includes third computing module, for generation the first information, described first Random number and second random number of acquisition carry out the 4th operation, obtain the 6th information;
The server further includes that the second determination unit includes the 4th computing module and judgment module;Wherein,
4th computing module is used for:According to the first information of acquisition, first random number and generation second Random number carries out the 4th operation, obtains the 7th information;
The judgment module is used for:When judging that the 7th information is identical as the 6th information, the client is determined End passes through authentication;When judging the 7th information and the 6th information difference, determine that the client does not pass through body Part certification.
Compared with the relevant technologies, technical scheme includes:Client generates the first random number;According to the first of generation Random number determines whether server is legal.When the embodiment of the present invention is to authentication, whether server is legal to be determined, is mentioned The safety of database password certification and user data is risen.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by specification, right Specifically noted structure is achieved and obtained in claim and attached drawing.
Detailed description of the invention
Attached drawing is used to provide to further understand technical solution of the present invention, and constitutes part of specification, with this The embodiment of application technical solution for explaining the present invention together, does not constitute the limitation to technical solution of the present invention.
Fig. 1 is the information transmission schematic diagram that the relevant technologies carry out authentication;
Fig. 2 is the flow chart of identity identifying method of the embodiment of the present invention;
Fig. 3 is the structural block diagram of identity authorization system of the embodiment of the present invention;
Fig. 4 is the flow diagram of Application Example authentication of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application Feature can mutual any combination.
Step shown in the flowchart of the accompanying drawings can be in a computer system such as a set of computer executable instructions It executes.Also, although logical order is shown in flow charts, and it in some cases, can be to be different from herein suitable Sequence executes shown or described step.
Fig. 2 is the flow chart of identity identifying method of the embodiment of the present invention, as shown in Fig. 2, including:
Step 201, client generate the first random number;
Step 202 determines whether server is legal according to the first random number of generation.
Optionally, whether the determining server is legal includes:
The client will generate the first information and first random number carries out the first processing, generate the second information;This In, the first information may include:MD5 (ID, PASSWD).
Server obtains third information and the 4th information according to second information and the second random number itself generated;
Client is according to third information and the 5th information of the first generating random number itself generated;
When client judges that the 5th information is identical as the 4th information, server legitimacy is determined;The client When the 5th information and the 4th information difference are judged in end, determine that server is illegal;
Wherein, the third information is:What the second random number and the first information obtain after the second processing Information;4th information is the information that first random number and the second random number are obtained by third operation.
It should be noted that the first random number of the embodiment of the present invention and the second random number may each be true by the relevant technologies The fixed random number met the requirements, for example, referring to the treatment process of Fig. 1, selection meets the satisfactory SALT of length.
The embodiment of the present invention assumes that server is illegal server, then illegal server can not be obtained directly from the second information The first information is taken, the first random number can not be also obtained;In addition, the second random number can be generated in illegal server immediately, can not yet It determines how and generates third information;Based on the above process, illegal server can not generate the 4th information, and client can be by upper Process is stated to identify illegal server.
Optionally, the embodiment of the present invention obtains third information and the 4th information includes:
Server carries out the after obtaining the first information in the second information that the client generates, to second information One inversely processing obtains first random number;
The server generates the second random number, and second random number of generation and the first information are carried out institute Second processing is stated, third information is obtained;
The server carries out third operation to first random number of acquisition and second random number of generation, obtains Obtain the 4th information.
Optionally, client of the embodiment of the present invention is according to third information and first generating random number itself generated the Five information include:
The client carries out second inversely processing to third information, obtains second random number;
The client is according to second random number of acquisition and first random number itself generated progress After third operation, the 5th information is generated.
Optionally, the embodiment of the present invention first, which is handled, includes:Exclusive or processing, it is described that first inversely processing is carried out to the second information Including:
Second information and the first information are subjected to exclusive or processing.
It should be noted that the first processing and second processing may be the same or different;It can be by those skilled in the art Member carries out analysis determination;Why handled using the first random number and the second random number, be in order to avoid the first information and Second information is directly intercepted and captured in network transmission process, influences the conscientious safety of identity.The embodiment of the present invention is based on above-mentioned Processing, improves the safety of authentication procedures.
Optionally, when determining server legitimacy, identity identifying method of the embodiment of the present invention further includes:
The server according to the first information, first random number and second random number, to client into Row authentication.
Optionally, the embodiment of the present invention includes to client progress authentication:
The client to the first information of generation, first random number and second random number of acquisition into The 4th operation of row obtains the 6th information;
The server is according to the first information of acquisition, first random number and generates the second random number progress institute The 4th operation is stated, the 7th information is obtained;
When the server judges that the 7th information is identical as the 6th information, determine that the client passes through body Part certification;When server judges the 7th information and the 6th information difference, determine that the client does not pass through identity Certification.
It should be noted that once the first information, the first random number and the second random number of acquisition that client generates are When invalid information, then the 6th information and the 7th information obtained by the 4th operation will not be identical, be based on this, client may be implemented The authentication at end.In addition, the 4th operation, which can be, passes through MD5 function to the first information, the first random number and the second random number The operation of progress.
Compared with the relevant technologies, technical scheme includes:Client generates the first random number;According to the first of generation Random number determines whether server is legal.When the embodiment of the present invention is to authentication, whether server is legal to be determined, is mentioned The safety of database password certification and user data is risen.
Fig. 3 is the structural block diagram of identity authorization system of the embodiment of the present invention, as shown in figure 3, including:Client;Wherein, objective Family end includes:
First generation unit, for generating the first random number;
First determination unit determines whether server is legal for the first random number according to generation.
Optionally, identity authorization system of the embodiment of the present invention further includes server,
The server includes first obtains unit;First determination unit includes:First processing module, second generate Module, determining module;Wherein,
The first processing module is used for:The first information will be generated and first random number carries out the first processing, generated Second information, and the second information of generation is sent to the server;
Second generation module is used for:Believed according to third information and first generating random number the 5th itself generated Breath;
The determining module is used for:When judging that the 5th information is identical as the 4th information, determine that server closes Method;When judging the 5th information and the 4th information difference, determine that server is illegal;
The first obtains unit is used for:According to second information and the second random number itself generated, third is obtained Information and the 4th information;
Wherein, the third information is:What the second random number and the first information obtain after the second processing Information;4th information is the information that first random number and the second random number are obtained by third operation;
Optionally, first obtains unit of the embodiment of the present invention is specifically used for:
After obtaining the first information in the second information that the client generates, the first inverse place is carried out to second information Reason obtains first random number;
The second random number is generated, and second random number of generation and the first information are carried out at described second Reason obtains third information;
Second random number of first random number and generation to acquisition carries out third operation, obtains the described 4th Information.
Optionally, generation module of the embodiment of the present invention is specifically used for:
Second inversely processing is carried out to the third information, obtains second random number;
After carrying out the third operation according to second random number of acquisition and first random number itself generated, Generate the 5th information.
The embodiment of the present invention assumes that server is illegal server, then illegal server can not be obtained directly from the second information The first information is taken, the first random number can not be also obtained;In addition, the second random number can be generated in illegal server immediately, can not yet It determines how and generates third information;Based on the above process, illegal server can not generate the 4th information, and client can be by upper Process is stated to identify illegal server.
Optionally, first processing module of the embodiment of the present invention is specifically used for:The first information and described first will be generated at random Number carries out exclusive or processing, generates the second information, and the second information of generation is sent to the server.
It should be noted that the first processing and second processing may be the same or different;It can be by those skilled in the art Member carries out analysis determination;Why handled using the first random number and the second random number, be in order to avoid the first information and Second information is directly intercepted and captured in network transmission process, influences the conscientious safety of identity.The embodiment of the present invention is based on above-mentioned Processing, improves the safety of authentication procedures.
Optionally, server of the embodiment of the present invention further includes the second determination unit, for according to the first information, described First random number and second random number carry out authentication to client.
Optionally, the embodiment of the present invention
First determination unit further includes third computing module, for generation the first information, described first Random number and second random number of acquisition carry out the 4th operation, obtain the 6th information;
The server further includes that the second determination unit includes the 4th computing module and judgment module;Wherein,
4th computing module is used for:According to the first information of acquisition, first random number and generation second Random number carries out the 4th operation, obtains the 7th information;
The judgment module is used for:When judging that the 7th information is identical as the 6th information, the client is determined End passes through authentication;When judging the 7th information and the 6th information difference, determine that the client does not pass through body Part certification.It should be noted that once the first information, the first random number and the second random number of acquisition that client generates are non- When method information, then the 6th information and the 7th information obtained by the 4th operation will not be identical, be based on this, client may be implemented Authentication.
Present invention method is carried out to understand detailed description below by way of using example, is only used for using example old The present invention is stated, is not intended to limit the scope of protection of the present invention.
Using example
Fig. 4 is the flow diagram of Application Example authentication of the present invention, as shown in figure 4, including:
Step 401, client receive the User ID and password of user's input;The client calculating first information=MD5 (ID, PASSWD), and the first random number (Rc) is generated, client carries out exclusive or processing to the first random number and the first information, obtains the After two information, User ID and the second information are sent to server;
After step 402, server receive User ID and the second information, from the file of the second information preservation username and password The middle acquisition first information;First inversely processing is carried out to the second information, obtains the first random number;Specifically, can be by the second information After carrying out exclusive or processing with the first information, the first random number is obtained;Server generate the second random number, and by the second random number with The first information of acquisition carries out exclusive or processing, obtains third information;By the first random number and the second random number by MD5 function into After row operation, the 4th information is obtained;Third information and the 4th information are sent to client;
After step 403, client receive third information and the 4th information, third information and the first information are carried out at exclusive or After reason, the second random number is obtained;It the first random number that client is generated according to itself and obtains the second random number and calculates and obtain the Five information;When 5th information is equal with the 4th information, server legitimacy is determined;Whens 5th information and the 4th information do not wait, determine Server is illegal.
Optionally, when determining server legitimacy, present invention application example further includes:
Client carries out operation by MD5 to the first information of generation, the first random number and the second random number of acquisition, obtains Obtain the 6th information;6th information and User ID are sent to server by client;
Server is to the first information of acquisition, the first random number and generates the second random number by MD5 progress operation, obtains 7th information;When server judges that the 7th information is identical as the 6th information, determine that client passes through authentication;Server is sentenced When disconnected 7th information out and the 6th information difference, determine that client does not pass through authentication.
Present invention application example, when judging server is that illegal or client is unauthenticated, can disconnect into The network connection of row authentication continues data theft to avoid illegal user.
Those of ordinary skill in the art will appreciate that all or part of the steps in the above method can be instructed by program Related hardware (such as processor) is completed, and described program can store in computer readable storage medium, as read-only memory, Disk or CD etc..Optionally, one or more integrated circuits also can be used in all or part of the steps of above-described embodiment It realizes.Correspondingly, each module/unit in above-described embodiment can take the form of hardware realization, such as pass through integrated electricity Its corresponding function is realized on road, can also be realized in the form of software function module, such as is stored in by processor execution Program/instruction in memory realizes its corresponding function.The present invention is not limited to the hardware and softwares of any particular form In conjunction with.
Although disclosed herein embodiment it is as above, the content only for ease of understanding the present invention and use Embodiment is not intended to limit the invention.Technical staff in any fields of the present invention is taken off not departing from the present invention Under the premise of the spirit and scope of dew, any modification and variation, but the present invention can be carried out in the form and details of implementation Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.

Claims (14)

1. a kind of identity identifying method, which is characterized in that including:
Client generates the first random number;
Determine whether server is legal according to the first random number of generation.
2. identity identifying method according to claim 1, which is characterized in that whether the determining server is legal to include:
The client will generate the first information and first random number carries out the first processing, generate the second information;
Server obtains third information and the 4th information according to second information and the second random number itself generated;
The client is according to third information and the 5th information of the first generating random number itself generated;
When the client judges that the 5th information is identical as the 4th information, server legitimacy is determined;The client When the 5th information and the 4th information difference are judged in end, determine that server is illegal;
Wherein, the third information is:Second random number and the first information carry out the information obtained after the second processing; 4th information is the information that first random number and the second random number are obtained by third operation.
3. identity identifying method according to claim 2, which is characterized in that the acquisition third information and the 4th packet It includes:
It is inverse that server carries out first after obtaining the first information in the second information that the client generates, to second information Processing obtains first random number;
The server generates the second random number, and second random number of generation and the first information are carried out described the Two processing, obtain third information;
The server carries out third operation to first random number of acquisition and second random number of generation, obtains institute State the 4th information.
4. identity identifying method according to claim 2, which is characterized in that the client is according to third information and itself Generate the 5th information of the first generating random number include:
The client carries out second inversely processing to third information, obtains second random number;
The client carries out the third according to second random number of acquisition and first random number itself generated After operation, the 5th information is generated.
5. according to the described in any item identity identifying methods of claim 2~4, which is characterized in that it is described first processing include:It is different Or processing, it is described to include to the first inversely processing of the second information progress:
Second information and the first information are subjected to exclusive or processing.
6. according to the described in any item identity identifying methods of claim 2~4, which is characterized in that when determining server legitimacy, institute Stating identity identifying method further includes:
The server carries out body according to the first information, first random number and second random number, to client Part certification.
7. identity identifying method according to claim 6, which is characterized in that described to carry out authentication packet to client It includes:
The client carries out the to the first information of generation, first random number and second random number of acquisition Four operations obtain the 6th information;
The server is according to the first information of acquisition, first random number and generates the second random number and carries out described the Four operations obtain the 7th information;
When the server judges that the 7th information is identical as the 6th information, determine that the client is recognized by identity Card;When server judges the 7th information and the 6th information difference, determine that the client does not pass through authentication.
8. a kind of identity authorization system, which is characterized in that including:Client;Wherein, client includes:
First generation unit, for generating the first random number;
First determination unit determines whether server is legal for the first random number according to generation.
9. identity authorization system according to claim 8, which is characterized in that the identity authorization system further includes service Device, the server include first obtains unit;First determination unit includes:First processing module, the second generation module, Determining module;Wherein,
The first processing module is used for:The first information will be generated and first random number carries out the first processing, generate second Information, and the second information of generation is sent to the server;
Second generation module is used for:According to third information and the 5th information of the first generating random number itself generated;
The determining module is used for:When judging that the 5th information is identical as the 4th information, server legitimacy is determined;Sentence When disconnected 5th information out and the 4th information difference, determine that server is illegal;
The first obtains unit is used for:According to second information and the second random number itself generated, third information is obtained With the 4th information;
Wherein, the third information is:Second random number and the first information carry out the information obtained after the second processing; 4th information is the information that first random number and the second random number are obtained by third operation.
10. identity authorization system according to claim 9, which is characterized in that the first obtains unit is specifically used for:
After obtaining the first information in the second information that the client generates, the first inversely processing is carried out to second information, Obtain first random number;
The second random number is generated, and second random number of generation and the first information are subjected to the second processing, is obtained Obtain third information;
Second random number of first random number and generation to acquisition carries out third operation, obtains the 4th letter Breath.
11. identity authorization system according to claim 9, which is characterized in that the generation module is specifically used for:
Second inversely processing is carried out to the third information, obtains second random number;
After carrying out the third operation according to second random number of acquisition and first random number itself generated, generate 5th information.
12. according to the described in any item identity authorization systems of claim 9~11, which is characterized in that the first processing module It is specifically used for:The first information and first random number will be generated and carry out exclusive or processing, generate the second information, and by the of generation Two information are sent to the server.
13. according to the described in any item identity authorization systems of claim 9~11, which is characterized in that the server further includes Second determination unit, for being carried out to client according to the first information, first random number and second random number Authentication.
14. identity authorization system according to claim 13, which is characterized in that first determination unit further includes third Computing module carries out for the first information to generation, first random number and second random number of acquisition Four operations obtain the 6th information;
The server further includes that the second determination unit includes the 4th computing module and judgment module;Wherein,
4th computing module is used for:According to the first information of acquisition, first random number and generate second at random Number carries out the 4th operation, obtains the 7th information;
The judgment module is used for:When judging that the 7th information is identical as the 6th information, determine that the client is logical Cross authentication;When judging the 7th information and the 6th information difference, determine that the client is not recognized by identity Card.
CN201810541146.5A 2018-05-30 2018-05-30 A kind of identity identifying method and system Pending CN108848070A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810541146.5A CN108848070A (en) 2018-05-30 2018-05-30 A kind of identity identifying method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810541146.5A CN108848070A (en) 2018-05-30 2018-05-30 A kind of identity identifying method and system

Publications (1)

Publication Number Publication Date
CN108848070A true CN108848070A (en) 2018-11-20

Family

ID=64211013

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810541146.5A Pending CN108848070A (en) 2018-05-30 2018-05-30 A kind of identity identifying method and system

Country Status (1)

Country Link
CN (1) CN108848070A (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1509005A (en) * 2002-12-18 2004-06-30 英华达(上海)电子有限公司 Wireless network authentication method and authenticatior encrypting method
CN101771535A (en) * 2008-12-30 2010-07-07 上海茂碧信息科技有限公司 Mutual authentication method between terminal and server
WO2010082253A1 (en) * 2009-01-16 2010-07-22 パナソニック株式会社 Server authentication method and client terminal
CN103095460A (en) * 2013-01-22 2013-05-08 飞天诚信科技股份有限公司 Intelligent card safety communication method
CN103795545A (en) * 2014-02-14 2014-05-14 飞天诚信科技股份有限公司 Safety communication method and system
KR20140114161A (en) * 2013-03-18 2014-09-26 강병훈 System and Method for Processing Number of Lotto Lottery for Increasing Winning Ration for Member Recommendation
CN104156451A (en) * 2014-08-18 2014-11-19 深圳市一五一十网络科技有限公司 Data storage managing method and system
CN104426657A (en) * 2013-08-23 2015-03-18 阿里巴巴集团控股有限公司 Service authentication method and system, server
CN104901946A (en) * 2015-04-10 2015-09-09 中国民航大学 Civil aviation SWIM user authentication method based on improved Diameter/EAP-MD5 protocol
CN105871920A (en) * 2016-06-08 2016-08-17 美的集团股份有限公司 Communication system and method of terminal and cloud server as well as terminal and cloud server
CN106656481A (en) * 2016-10-28 2017-05-10 美的智慧家居科技有限公司 Identity authentication method, apparatus and system
CN106790107A (en) * 2016-12-26 2017-05-31 郑州云海信息技术有限公司 A kind of access control method and server

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1509005A (en) * 2002-12-18 2004-06-30 英华达(上海)电子有限公司 Wireless network authentication method and authenticatior encrypting method
CN101771535A (en) * 2008-12-30 2010-07-07 上海茂碧信息科技有限公司 Mutual authentication method between terminal and server
WO2010082253A1 (en) * 2009-01-16 2010-07-22 パナソニック株式会社 Server authentication method and client terminal
CN103095460A (en) * 2013-01-22 2013-05-08 飞天诚信科技股份有限公司 Intelligent card safety communication method
KR20140114161A (en) * 2013-03-18 2014-09-26 강병훈 System and Method for Processing Number of Lotto Lottery for Increasing Winning Ration for Member Recommendation
CN104426657A (en) * 2013-08-23 2015-03-18 阿里巴巴集团控股有限公司 Service authentication method and system, server
CN103795545A (en) * 2014-02-14 2014-05-14 飞天诚信科技股份有限公司 Safety communication method and system
CN104156451A (en) * 2014-08-18 2014-11-19 深圳市一五一十网络科技有限公司 Data storage managing method and system
CN104901946A (en) * 2015-04-10 2015-09-09 中国民航大学 Civil aviation SWIM user authentication method based on improved Diameter/EAP-MD5 protocol
CN105871920A (en) * 2016-06-08 2016-08-17 美的集团股份有限公司 Communication system and method of terminal and cloud server as well as terminal and cloud server
CN106656481A (en) * 2016-10-28 2017-05-10 美的智慧家居科技有限公司 Identity authentication method, apparatus and system
CN106790107A (en) * 2016-12-26 2017-05-31 郑州云海信息技术有限公司 A kind of access control method and server

Similar Documents

Publication Publication Date Title
US20190149536A1 (en) Secure authentication systems and methods
US8495358B2 (en) Software based multi-channel polymorphic data obfuscation
CN109587162B (en) Login verification method, device, terminal, password server and storage medium
US9009800B2 (en) Systems and methods of authentication in a disconnected environment
US10437971B2 (en) Secure authentication of a user of a device during a session with a connected server
WO2010132093A1 (en) Authentication system and method
CN106209793A (en) A kind of auth method and checking system
Tian et al. Achieving flatness: Graph labeling can generate graphical honeywords
US20090177892A1 (en) Proximity authentication
Al Rousan et al. A comparative analysis of biometrics types: literature review
WO2015062441A1 (en) Cgi web interface multi-session verification code generation and verification method
Kwon et al. CCTV-based multi-factor authentication system
ES2937143T3 (en) Procedure for monitoring and protecting access to an online service
Bilal et al. Assessment of secure OpenID-based DAAA protocol for avoiding session hijacking in Web applications
US20170230416A1 (en) System and methods for preventing phishing attack using dynamic identifier
CN111131140B (en) Method and system for enhancing login security of Windows operating system based on message pushing
US20090271629A1 (en) Wireless pairing ceremony
Ruoti et al. End-to-end passwords
KR102284876B1 (en) System and method for federated authentication based on biometrics
CN105071993B (en) Encrypted state detection method and system
AlRousan et al. Multi-factor authentication for e-government services using a smartphone application and biometric identity verification
CN108848070A (en) A kind of identity identifying method and system
Mohammed et al. A New system for User Authentication Using Android Application
US20220303293A1 (en) Methods of monitoring and protecting access to online services
Ahmad et al. Enhancing the Authentication Mechanism of Social Media Websites using Face Detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181120

RJ01 Rejection of invention patent application after publication