CN108989354A - A kind of auth method and device - Google Patents

A kind of auth method and device Download PDF

Info

Publication number
CN108989354A
CN108989354A CN201811034387.7A CN201811034387A CN108989354A CN 108989354 A CN108989354 A CN 108989354A CN 201811034387 A CN201811034387 A CN 201811034387A CN 108989354 A CN108989354 A CN 108989354A
Authority
CN
China
Prior art keywords
block
field
user
new
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811034387.7A
Other languages
Chinese (zh)
Other versions
CN108989354B (en
Inventor
文松
程虹
王敏
徐德刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei University of Arts and Science
Original Assignee
Hubei University of Arts and Science
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei University of Arts and Science filed Critical Hubei University of Arts and Science
Priority to CN201811034387.7A priority Critical patent/CN108989354B/en
Publication of CN108989354A publication Critical patent/CN108989354A/en
Application granted granted Critical
Publication of CN108989354B publication Critical patent/CN108989354B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

The disclosure provides a kind of auth method and device, is related to identity identifying technology field.The auth method and device that the disclosure provides, server-side is stored with block chain relevant with user login information to user terminal, user is when logging in, the block of user terminal is sent to by searching for last time server-side, and block information is decrypted, obtain time interval, new block is generated according to time interval, and the block is sent to server-side, server-side is after receiving the logging request and block that user terminal is sent, one new block is generated using mode corresponding with user terminal, and new block is compared with the block that user sends, to be verified to user identity, guarantee the safety of subscriber authentication.

Description

A kind of auth method and device
Technical field
This disclosure relates to identity identifying technology field, in particular to a kind of auth method and device.
Background technique
With the development of science and technology, people are using Internet resources, when accessing network application system, in order to guarantee information Safety, often the identity of user is verified, currently, the mode of authentication has very much, but is carrying out body mostly When part verifying, needs user frequently to replace entry password, not can guarantee the safety of authentication.
Summary of the invention
In view of this, the disclosure provides a kind of auth method and device.
A kind of auth method that the disclosure provides, applied to the server-side interacted with user terminal;The server-side is deposited There is a block chain relevant to user login information, the block chain includes multiple blocks, and the block includes the second field and the Three fields, second field are the data of the block, this log-on message of identity information, user and time including user Interval, the third field are block generation time;The described method includes:
Receive the logging request and the first block of the user that the user terminal is sent.
The second block that user's last login generates is searched according to the logging request and the first block.
The second field and third field of second block are decrypted, first time interval is obtained.
Third block is generated according to the first time interval.
The third block is compared with first block, if the third block and first block one It causes, determines that the subscriber authentication passes through.
Further, the method also includes: after the subscriber authentication passes through, new time interval is set.
New block is generated again according to the new time interval and current log-on message, and to the new block Second field and third field are encrypted.
The new block is stored in local.
Further, the block further includes the first field and the 4th field;Wherein,
First field is the cryptographic Hash of a upper block.
4th field is the cryptographic Hash of the block itself, and the cryptographic Hash is by hash function to first word Section, the second field and third field calculate gained.
Further, include: according to the step of first time interval generation third block
Obtain the field for the block that user's last login generates.
By the field value in the field plus the first time interval to generate new field.
Cryptographic Hash is calculated to the new field by using hash function, to generate third block.
The disclosure provides a kind of auth method, applied to the user terminal interacted with server-side;The user terminal has Block chain relevant to user login information, the block chain include multiple blocks, and the block includes the second field and third Field, second field are the data of the block, this log-on message of identity information, user including user and between the time Every the third field is block generation time;The described method includes:
Logging request is sent to the server-side, receives the 4th block that the server-side is sent, the 4th block is Last time generates when logging in and is stored in the server-side.
The second field and third field of 4th block are decrypted, the second time interval is obtained.
New block is generated according to second time interval, and the new block is sent to the server-side and is carried out Authentication.
Further, the method also includes:
Subscriber authentication passes through, and new time interval is arranged, so that the server-side is generated according to new time interval New block and the local for being stored in the server-side, are sent to the user terminal when for logging in next time.
Further, the block further includes the first field and the 4th field;Wherein.
First field is the cryptographic Hash of a upper block.
4th field be the block itself cryptographic Hash, the cryptographic Hash by hash function to the first field, Second field and third field calculate gained.
Further, new block is generated according to second time interval, and the new block is sent to described Server-side carry out authentication the step of include:
Obtain the third field in the 4th block that the server-side is sent.
By the field value in the third field plus second time interval to generate new third field.
Cryptographic Hash is calculated to new third field according to hash function, to generate the new block.
Third field value in the new block is compared with current time, if within the set range, by institute It states new block and is sent to the server-side;If within the set range, not repeating to generate the process of the new third field, To continue to generate new block, until the fiducial value of third field value and current time in the new block generated is in setting range It is interior.
The disclosure provides a kind of authentication means, applied to the server-side interacted with user terminal;The authentication dress It sets including receiving module, searching module, the first memory module, the first execution module, authentication module and the first generation module.
For first memory module for storing block chain relevant to user login information, the block chain includes multiple Block, the block include the first field, the second field, third field and the 4th field, and first field is the area Shang Yige The cryptographic Hash of block, second field are the data of the block, this log-on message of identity information, user including user and Time interval, the third field are block generation time, and the 4th field is the cryptographic Hash of the block itself, the Kazakhstan Obtained by uncommon value calculates first field, the second field and third field as hash function.
The receiving module is used to receive the logging request and the first block for the user that the user terminal is sent.
The searching module is used to search what user's last login generated according to the logging request and first block Second block.
First execution module obtains for the second field and third field of second block to be decrypted One time interval.
First generation module is used to generate third block according to the first time interval.
The authentication module carries out authentication for being compared to first block with the third block.
A kind of authentication means that the disclosure provides, applied to the user terminal of server-side interaction, the authentication dress It sets including the second memory module, the second execution module, the second generation module.
For second memory module for storing block chain relevant to user login information, the block chain includes multiple Block, the block include the first field, the second field, third field and the 4th field, and first field is the area Shang Yige The cryptographic Hash of block, second field are the data of the block, this log-on message of identity information, user including user and Time interval, the third field are block generation time, and the 4th field is the cryptographic Hash of the block itself, the Kazakhstan Obtained by uncommon value calculates first field, the second field and third field as hash function.
Second execution module is used to send logging request to the server-side, and the second field to the 4th block and Third field is decrypted, and obtains the second time interval, and the 4th block is sent by the server-side in this login It is obtained to the user terminal;4th block generates when being last log in and is stored in the server-side.
Second generation module is used to generate new block according to second time interval, and the new block is sent out It send to the server-side and carries out authentication.
The auth method and device that the disclosure provides, server-side are stored with block relevant to user login information Chain, server-side are searched according to logging request and the first block and are used after receiving the logging request and the first block that user terminal is sent The second block that family last login generates, and the second field and third field of the second block are decrypted, when obtaining first Between be spaced;Third block is generated by first time interval, third block is compared with the first block, thus to user's body Part verified, do not need user frequently replace entry password it is ensured that authentication safety, and can be according to block chain Malice is logged in and is tracked.
To enable the above objects, features, and advantages of the disclosure to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate Appended attached drawing, is described in detail below.
Detailed description of the invention
In order to illustrate more clearly of the technical solution of the disclosure, letter will be made to attached drawing needed in the embodiment below It singly introduces, it should be understood that the following drawings illustrates only some embodiments of the disclosure, therefore is not construed as to range It limits, it for those of ordinary skill in the art, without creative efforts, can also be according to these attached drawings Obtain other relevant attached drawings.
Fig. 1 is a kind of flow diagram of auth method provided by the disclosure.
Fig. 2 is the block diagram of auth method provided by the disclosure.
Fig. 3 is the block chain schematic diagram of auth method provided by the disclosure.
Fig. 4 is another flow diagram of auth method provided by the disclosure.
Fig. 5 is another flow diagram of auth method provided by the disclosure.
Fig. 6 is another flow diagram of auth method provided by the disclosure.
Fig. 7 is another flow diagram of authentication means provided by the disclosure.
Fig. 8 is a kind of block diagram of authentication means provided by the disclosure.
Fig. 9 is another block diagram of authentication means provided by the disclosure.
Icon: the first authentication means of 10-;The first memory module of 11-;12- receiving module;13- searching module; The first execution module of 14-;The first generation module of 15-;16- authentication module;The second authentication means of 20-;21- second Memory module;The second execution module of 22-;The second generation module of 23-.
Specific embodiment
Below in conjunction with attached drawing in the disclosure, the technical solution in the disclosure is clearly and completely described, it is clear that Described embodiment is only disclosure a part of the embodiment, instead of all the embodiments.Usually retouched in attached drawing here The component for the disclosure stated and shown can be arranged and be designed with a variety of different configurations.Therefore, below to mentioning in the accompanying drawings The detailed description of the embodiment of the disclosure of confession is not intended to limit claimed the scope of the present disclosure, but is merely representative of this Disclosed selected embodiment.Based on embodiment of the disclosure, those skilled in the art are in the premise for not making creative work Under every other embodiment obtained, belong to the disclosure protection range.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
Identity identifying technology is the process of confirmation operation person's identity and the effective workaround that generates in a computer network. All information include that the identity information of user is all indicated with one group of specific data in the computer network world, computer It can only identify the digital identity of user, the authorization of all couples of users is also the authorization for number identity.How to guarantee with The operator that digital identity is operated is exactly this digital identity lawful owner, that is to say, that guarantees the physics body of operator Part is corresponding with digital identity, and identity identifying technology is exactly in order to solve this problem first as protected network assets Critical point, authentication play the role of very important.
Currently, the mode of authentication has very much, but user is needed frequently to replace login when carrying out authentication mostly Password guarantees the safety of authentication, if more even system when maliciously login occurs, can not find to dislike in time there are loophole Meaning is logged in or is logged in malice and is tracked.
Based on the studies above, the disclosure provides a kind of auth method and device.
Fig. 1 is please referred to, is a kind of flow diagram for auth method that the disclosure provides, the method application In the server-side interacted with user terminal;The server-side has block chain relevant to user login information, the block chain packet Multiple blocks are included, the block includes the second field and third field, and second field is the data of the block, including with Identity information, this log-on message of user and the time interval at family, the third field are block generation time.It below will be to figure Detailed process shown in 1 is described in detail.
Step S10: the logging request and the first block of the user that the user terminal is sent are received.
Step S11: the second block that user's last login generates is searched according to the logging request and the first block.
Step S12: the second field and third field of second block are decrypted, first time interval is obtained.
Wherein, entry password is arranged when first logging by user, and the server-side is calculated according to the calculation method of setting Key, the key calculated are shared by the server-side and the user terminal, and the key calculated is stored in described Server-side and the user terminal.For user when logging in next time, the server-side receives after logging request and firstth area After block, it is decrypted by the second field and third field of the second block described in key pair, obtains the first time interval.
Step S13: third block is generated according to the first time interval.
Step S14: the third block is compared with first block, judges the third block and described the Whether one block is consistent.
Wherein, if the third block is consistent with first block, i.e., information included by the described third block with Information included by first block is consistent, determines that the subscriber authentication passes through, and executes step S15, if described the Three blocks and first block are inconsistent, i.e., letter included by information included by the described third block and first block It ceases inconsistent, thens follow the steps S141.
Step S141: authentication does not pass through.
Step S15: after the subscriber authentication passes through, new time interval is set.
If being wherein not provided with new time interval, the server-side defaults new time interval and first time interval It is identical.
Step S16: new block is generated according to the new time interval and current log-on message again.
Wherein, when generating new block, the new block in addition to the new time interval and current log-on message, It further include user information etc., the new time interval is used for next user as new registration conditions and logs in generation new block Condition, current log-on message include this login time, this login time is subject to the local time.
Step S17: the new block is stored in local.
Wherein, the new block is stored in local, and for user when logging in next time, the server-side is by the new area Block is sent to the user terminal, and the server-side also again verifies user identity according to the new block.
Further, Fig. 2 is please referred to, the block further includes the first field and the 4th field;Wherein, described first Field is the cryptographic Hash of a upper block;Second field is the data of the block, identity information, user including user This log-on message and time interval;The third field is block generation time;4th field is the block itself Cryptographic Hash, the cryptographic Hash as hash function to the first field, the second field and third field calculate obtained by.
Second field is the data of the block, and wherein the identity information of user is first logged by user records Information, such as user name;This log-on message of user, the time logged in including this;Time interval is then as stepping on next time The condition of record.Wherein when the block is when being saved, second field can be encrypted with key, guarantee data Safety.
The third field is the time that block generates, and time precision may be configured as hour, minute, second, millisecond etc., by institute It states server-side own situation and determines, when the block is when being saved, the third field can be encrypted with key, Guarantee the safety of data.
The cryptographic Hash of the block be calculated as field of the hash function to block obtained by, the hash function can Think MD4, MD5, SHA-1, SHA-256 etc..Since first field is the cryptographic Hash of a upper block, and the described 4th Field is that the cryptographic Hash of this block can be by block group chaining, as shown in figure 3, in turn may be used in order to avoid block is maliciously tampered To verify the legitimacy of each block.
Further, Fig. 3 is please referred to, Fig. 3 is the block chain schematic diagram of auth method provided by the disclosure, When verifying to block, cryptographic Hash can be calculated to first field, the second field and third field, by what is calculated Cryptographic Hash is compared with the 4th field, if the cryptographic Hash calculated is equal with the 4th field, then it is assumed that should Block is not maliciously tampered, and is that legitimate user rectifies normal calculated result, if the cryptographic Hash calculated and the 4th word Section is unequal, then it is assumed that the block is maliciously tampered, and is not that legitimate user rectifies normal calculated result.It in turn, can be to entire area Whether block chain is verified, equal by comparing first field and the 4th field of a upper block, if described first Field is equal with the 4th field of a upper block, then it is assumed that the block be it is legal, when this block is it legal Afterwards, then its legitimacy can be verified to upper a block by leading to the method for sample, and then initial module can be authenticated to always, it is right Entire block chain is tracked.
Fig. 4 is please referred to, the server-side includes: according to the step of first time interval generation third block
Step S131: the field for the block that user's last login generates is obtained.
Wherein, multiple blocks can be generated during user's last login, and the multiple blocks generated are stored in institute together Server-side is stated, after the server-side receives the logging request that the user terminal is sent and the first block, searches user's last time The block finally generated in login, i.e., described second block, and the second field and third field of the block are decrypted, it obtains To the generation time in the first time interval and third field for being stored in the second field.
Step S132: by the field value in the field plus the first time interval to generate new field.
Wherein, the server-side generates the third field of the last one block in block using user's last login, i.e., The time that block generates adds the first time interval on this time, forms a new third field, and described new the Third field of three fields as third block, for example, user's last login, the time which generates is 9:00, between the time It is divided into 5 minutes, is then added five minutes, i.e. 9:05 on the basis of 9:00, then new third field is then 9:05.For another example such as Fruit user's last login, the time for generating the block is the 10:00 of the previous day, and time interval is 5 minutes, then in the previous day Five minutes, the i.e. 10:05 of the previous day are added on the basis of 10:00, then new third field is then the 10:05 of the previous day, then It is added on the basis of the 10:05 of the previous day again minute, i.e. the 10:10 of the previous day, generates new third field again, repeated Time interval is added on the basis of upper primary, new third field is constantly generated, until being continued until current time.
Step S133: cryptographic Hash is calculated to the new field by using hash function, to generate third block.
Cryptographic Hash is calculated to the 4th field of new third field, the second field of the second block and the second block, will be counted The cryptographic Hash calculated is as the 4th new field, using the 4th field of the second block as the first field of new block, by the Second field of second field of two blocks as new block, third field of the new third field as new block, new the Fourth field of four fields as new block, then constitutes new block in this way.
Wherein, one new third field of every generation then can calculate cryptographic Hash by hash function, new to generate one Block, repetition generate new block, be continued until the generation time of the block close to current time, and using the block as Third block is compared with the first block that the user terminal is sent, and then tests the identity of user by third block Card.
A kind of auth method that the disclosure provides, applied to the server-side interacted with user terminal, server-side is stored with Block chain relevant to user login information, server-side receive user terminal send logging request and the first block after, according to Logging request and the first block search the second block that user's last login generates, and to the second field and third of the second block Field is decrypted, and obtains first time interval;Third block is generated by first time interval, by third block and the firstth area Block is compared, to verify to user identity, is not needed user and is frequently replaced entry password it is ensured that authentication Safety, and can according to block chain verify block legitimacy, to malice log in be tracked,
Fig. 5 is please referred to, is a kind of flow diagram for auth method that the disclosure provides, the method application In the user terminal interacted with server-side;The user terminal has block chain relevant to user login information, the block chain packet Multiple blocks are included, the block includes the second field and third field, and second field is the data of the block, including with Identity information, this log-on message of user and the time interval at family, the third field are block generation time.It below will be to figure Detailed process shown in 5 is described in detail.
Step S20: sending logging request to the server-side, receives the 4th block that the server-side is sent.
Wherein, by generating and being stored in the server-side when last log in, the server-side exists the 4th block When 4th block is sent to the user terminal, the server-side also preserves block identical with the 4th block simultaneously, 4th block is the block that user's last login finally generates in the process.When logging in, the server-side exists user After the logging request for receiving user, the 4th block is just sent to the user terminal, in turn, user replaces different use Family end can also carry out authentication by block and provide the safety of authentication so that user normally logs in.
Step S21: the second field and third field of the 4th block are decrypted, the second time interval is obtained.
Wherein, entry password is arranged when first logging by user, and the server-side is according to the password according to the meter of setting Calculation method calculates key, and the key calculated is shared by the server-side and the user terminal, it is described calculate it is close Key is stored in the server-side and the user terminal, and user can not learn the key, wherein the calculation method of setting can be Then b is used as key if entry password is a, Hash (a)=b by hash function, user needs to input and oneself set in login The entry password set, the user terminal are detecting that entry password is that correct entry password according to hash function will log in mouth Order reverts to key, and then block is decrypted.
For example, it is 123456 that entry password is arranged when first logging by user, it is according to the calculated key of hash function 654321, user is when logging in next time, it is only necessary to input 123456, the user terminal then according to hash function, is stepped on described Record password 123456 reverts to key 654321, and then the second field and third field of block are decrypted.
It is to be appreciated that second time interval is identical as the first time interval.
Step S22: new block is generated according to second time interval, and the new block is sent to the clothes Business end carries out authentication.
Wherein it is possible to understand ground, the new block is that the first block is mentioned in the above process, and the server-side receives After the new block and logging request that send to the user terminal, the area of server-side generation when last log in is searched Block executes above-mentioned steps S10 to the corresponding process of step S17.
Step S23: subscriber authentication passes through, and new time interval is arranged, so that the server-side is according to the new time Interval generates new block and saves the local of the server-side, and the user terminal is sent to when for logging in next time.
Wherein, new time interval can be arranged by user oneself, can be by the service if user's not self-setting End setting.
Further, the block for being stored in the user terminal includes the first field, the second field, third field and the 4th word Section;First field is the cryptographic Hash of a upper block;Second field is the data of the block, the body including user Part information, this log-on message of user and time interval;The third field is block generation time;4th field is institute The cryptographic Hash of block itself is stated, the cryptographic Hash calculates institute to the first field, the second field and third field by hash function ?.
Since the block that the user terminal saves is consistent with the block that the server-side saves, and equally constitute block Chain can refer to the above-mentioned description to server-side block and block chain.
Please refer to Fig. 6, the new block that the user terminal is generated according to second time interval, and will be described new Block be sent to the step of server-side carries out authentication and include:
Step S221: the third field in the 4th block that the server-side is sent is obtained.
Wherein, the user terminal receives the 4th block that the server-side is sent, and inputs entry password, the user terminal The entry password is reverted into key according to the calculation method of setting, and then to the second field and third field of the 4th block It is decrypted, obtains the time that the second time interval and third field generate.
Step S222: by the field value in the third field plus second time interval to generate new third word Section.
Wherein, the user terminal uses the third field of the 4th block, i.e. the time of block generation, adds on this time Second time interval, one new third field of formation, third field of the new third field as new block, For example, the time that block generates is 9:00, time interval is 5 minutes, then adds five minutes, i.e. 9:05 on the basis of 9:00, Then new third field is then 9:05, for another example the time for generating the block is the 10 of the previous day if user's last login: 00, time interval is 5 minutes, then five minutes, the i.e. 10:05 of the previous day are added on the basis of the 10:00 of the previous day, then new Third field be then the previous day 10:05, then again on the basis of the 10:05 of the previous day add minute, i.e., the previous day 10:10 generates new third field again, repeats to add time interval on the basis of upper primary, constantly generates new third Field, until being continued until current time.
Step S223: cryptographic Hash is calculated to new third field by using hash function, to generate the new block.
Cryptographic Hash is calculated to the 4th field of new third field, the second field of the 4th block and the 4th block, will be counted The cryptographic Hash calculated is as the 4th new field, using the 4th field of the 4th block as the first field of new block, the Second field of second field of four blocks as new block, third field of the new third field as new block, newly Fourth field of the 4th field as new block, then constitute new block in this way.
Step S224: the third field value in the new block is compared with current time, judges whether setting Determine in range.
Wherein, one new third field of every generation then can calculate cryptographic Hash by hash function, new to generate one Block, repetition generate new block, are continued until the generation time of the block close to current time, then by the of the block Three fields are compared with current time.
The setting range can sets itself the new block is sent out if within the set range, thening follow the steps S225 It send to the server-side.If within the set range, not returning to step S221, continue to generate new block, until generate Third field value in new block and the fiducial value of current time are within the set range.
Step S225: the new block is sent to the server-side.
Wherein it is possible to understand ground, the new block is that the first block is mentioned in the above process, when the new block When being sent to the server-side, the server-side executes above-mentioned steps S10 to the corresponding process of step S14, so to identity into Row verifying.In the process, the user terminal can also save the multiple blocks regenerated, and then the area of user terminal storage Block includes multiple blocks that the server-side is sent to the block of the user terminal and itself generates.
The above process is that user commonly logs in the process for carrying out authentication, when user first logs into, incorporated by reference to Refering to Fig. 7, it is that user first logs into flow diagram, detailed process shown in Fig. 7 will be described in detail below.
Step S30: user's registration.
When new user's registration, user needs to be arranged the entry password of oneself, server-side and user terminal according to the entry password, Key is calculated according to the calculation method of setting.The key is based on symmetric cryptography (system can be with free cryptographic algorithm when realizing), For to later information encryption and the above process in encryption to block field, user and authentication are shared.
For another example server-side can store the identity information block of multiple people when user is logged in using unility computer end Chain, and then user, when logging in, server-side also needs to find user from the identity information block chain of multiple people corresponding Identity information block chain, in order to provide the safety of authentication, user is when first logging into, in addition to entry password is arranged, also Specific user name can be set.For example, user sends logging request when logging in, to server-side, which includes user User name, server-side receive user terminal transmission logging request after, according to the user name of user, from the identity of multiple people Identity information block chain corresponding with user name is searched in information block chain, finds identity information block corresponding with user name After chain, the block that last login is finally generated is sent to user terminal.
Step S31: initialization.
Server-side initialization, generates original block, for later verification process, wherein the first field of block by The server-side is specified, such as is fixed as 0 or other values.
Step S32: user's automated log on for the first time.
Automatic login system after user registration success.
Step S33: the setting of next registration conditions.
After user logins successfully, setting time interval is needed, server-side is generated according to time interval and current log-on message Original block is stored in local by original block, server-side, and is sent to user terminal and is saved.When logging in next time, pass through Time interval generates new block, and the generation of the block will be used for the verifying of user's login.
The generation of original block block is in memory, only after user successfully logs in, and to be provided with next block The condition of generation that is, after time interval, can just generate and be written into hard disk preservation, and the generation time of original block is that user is first Secondary login time.
Step S35: next user logs in.
Step S36: judgement verifies whether to pass through.
The step can refer to the above-mentioned process to authentication.If the verification passes, then the condition of login next time is set.Such as Fruit verifying does not pass through, then authentication fails.
A kind of auth method that the disclosure provides, applied to the user terminal interacted with server-side, user terminal is stored with Block chain relevant to user login information, user terminal send logging request, take out the 4th block that user's last login generates, And the second field and third field of the 4th block are decrypted, obtain the second time interval;It is produced by the second time interval New block is sent to server-side by raw new block, and server-side generates block according to time interval, by new block and service The block that end generates compares, to verify user identity, does not need user and frequently replace entry password to protect The safety of authentication is demonstrate,proved, and the legitimacy of block can be verified according to block chain, malice is logged in and is tracked.
Fig. 8 is please referred to, is the first authentication means 10 that the disclosure provides, applied to the clothes interacted with user terminal Business end, first authentication means 10 are used to execute the step S10 to step S17 in flow chart described in Fig. 1.Described One authentication means 10 include receiving module 12, searching module 13, the first memory module 11, the first execution module 14, verifying Module 16 and the first generation module 15.
First memory module 11 includes more for storing block chain relevant to user login information, the block chain A block, the block include the first field, the second field, third field and the 4th field, and first field is upper one The cryptographic Hash of block, second field are the data of the block, identity information, user this log-on message including user And time interval, the third field are block generation time, the 4th field is the cryptographic Hash of the block itself, described Obtained by cryptographic Hash calculates first field, the second field and third field as hash function.
The receiving module 12 is used to receive the logging request and the first block for the user that the user terminal is sent.
The searching module 13 is used to search user's last login according to the logging request and first block and generate The second block.
First execution module 14 is obtained for the second field and third field of second block to be decrypted First time interval.
First generation module 15 is used to generate third block according to the first time interval.
The authentication module 16 carries out authentication for being compared to first block with the third block.
It is apparent to those skilled in the art that for convenience and simplicity of description, the first of foregoing description The specific work process of authentication means 10 can refer to corresponding process of the aforementioned method steps S10 into step S17, This is no longer excessively repeated.
Fig. 9 is please referred to, for the second authentication means 20 that the disclosure provides, the user interactive applied to server-side End, second authentication means 20 are used to execute the step S20 to step S25 in flow chart described in Fig. 5.Described second Authentication means 20 include the second memory module 21, the second execution module 22, the second generation module 23.
Second memory module 21 includes more for storing block chain relevant to user login information, the block chain A block, the block include the first field, the second field, third field and the 4th field, and first field is upper one The cryptographic Hash of block, second field are the data of the block, identity information, user this log-on message including user And time interval, the third field are block generation time, the 4th field is the cryptographic Hash of the block itself, described Obtained by cryptographic Hash calculates first field, the second field and third field as hash function.
Second execution module 22 is used to send logging request to the server-side, and to the second field of the 4th block And third field is decrypted, and obtains the second time interval, the 4th block when this login of the server-side by sending It is obtained to the user terminal, the 4th block generates when being last log in and is stored in the server-side.
Second generation module 23 is used to generate new block according to second time interval, by the new block It is sent to the server-side and carries out authentication, it is possible to understand that ground, the new block are first mentioned in the above process Block.
It is apparent to those skilled in the art that for convenience and simplicity of description, the second of foregoing description The specific work process of authentication means 20 can refer to corresponding process of the aforementioned method steps S20 into step S25, This is no longer excessively repeated.
To sum up, auth method and device provided by the disclosure, server-side and user terminal are stored with simultaneously and user The relevant block chain of log-on message, user are sent to the block of user terminal by searching for last time server-side, and to area when logging in The second field and third field of block are decrypted, and obtain time interval, and new block, the area Bing Jianggai are generated according to time interval Block is sent to server-side, and server-side is after receiving the logging request and block that user terminal is sent, using mistake same as user terminal Journey also generates a new block, and new block is compared with the block that user sends, and then carries out to user identity Verifying, do not need user frequently replace entry password it is ensured that authentication safety, and can according to block chain to malice Login is tracked.
In several embodiments provided by the disclosure, it should be understood that disclosed device and method can also pass through Other modes are realized.Device and method embodiment described above is only schematical, for example, the flow chart in attached drawing The device of multiple embodiments according to the disclosure, the system in the cards of method and computer program product are shown with block diagram Framework, function and operation.In this regard, each box in flowchart or block diagram can represent a module, program segment or generation A part of code, a part of the module, section or code include one or more for realizing defined logic function Executable instruction.It should also be noted that function marked in the box can also be in some implementations as replacement Occur different from the sequence marked in attached drawing.For example, two continuous boxes can actually be basically executed in parallel, they Sometimes it can also execute in the opposite order, this depends on the function involved.It is also noted that block diagram and or flow chart In each box and the box in block diagram and or flow chart combination, can function or movement as defined in executing it is special Hardware based system is realized, or can be realized using a combination of dedicated hardware and computer instructions.
In addition, each functional module in each embodiment of the disclosure can integrate one independent portion of formation together Point, it is also possible to modules individualism, an independent part can also be integrated to form with two or more modules.Institute If stating function to realize in the form of software function module and when sold or used as an independent product, can store at one In computer-readable storage medium.Based on this understanding, the technical solution of the disclosure is substantially in other words to the prior art The part to contribute or the part of the technical solution can be embodied in the form of software products, which produces Product are stored in a storage medium, including some instructions are used so that a computer equipment (can be personal computer, electricity Sub- equipment 10 or the network equipment etc.) execute each embodiment the method for the disclosure all or part of the steps.And it is above-mentioned Storage medium includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory The various media that can store program code such as (RAM, Random Access Memory), magnetic or disk.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or equipment for including a series of elements not only includes those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or equipment institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including institute State in the process, method, article or equipment of element that there is also other identical elements.In addition, term " first ", " second " etc. It is only used for distinguishing description, is not understood to indicate or imply relative importance.
The foregoing is merely the alternative embodiments of the disclosure, are not limited to the disclosure, for the skill of this field For art personnel, the disclosure can have various modifications and variations.It is all within the spirit and principle of the disclosure, it is made any to repair Change, equivalent replacement, improvement etc., should be included within the protection scope of the disclosure.

Claims (10)

1. a kind of auth method, which is characterized in that applied to the server-side interacted with user terminal;The server-side have with The relevant block chain of user login information, the block chain include multiple blocks, and the block includes the second field and third word Section, second field are the data of the block, this log-on message of identity information, user including user and between the time Every the third field is block generation time;The described method includes:
Receive the logging request and the first block of the user that the user terminal is sent;
The second block that user's last login generates is searched according to the logging request and the first block;
The second field and third field of second block are decrypted, first time interval is obtained;
Third block is generated according to the first time interval;
The third block is compared with first block, if the third block is consistent with first block, Determine that the subscriber authentication passes through.
2. auth method according to claim 1, which is characterized in that the method also includes:
After the subscriber authentication passes through, new time interval is set;
New block is generated again according to the new time interval and current log-on message, and to the second of the new block Field and third field are encrypted;
The new block is stored in local.
3. auth method according to claim 1, which is characterized in that the block further includes the first field and the 4th Field;Wherein,
First field is the cryptographic Hash of a upper block;
4th field be the block itself cryptographic Hash, the cryptographic Hash by hash function to first field, Second field and third field calculate gained.
4. auth method according to claim 3, which is characterized in that generate third area according to the first time interval The step of block includes:
Obtain the field for the block that user's last login generates;
By the field value in the field plus the first time interval to generate new field;
Cryptographic Hash is calculated to the new field by using hash function, to generate third block.
5. a kind of auth method, which is characterized in that applied to the user terminal interacted with server-side;The user terminal have with The relevant block chain of user login information, the block chain include multiple blocks, and the block includes the second field and third word Section, second field are the data of the block, this log-on message of identity information, user including user and between the time Every the third field is block generation time;The described method includes:
Logging request is sent to the server-side, receives the 4th block that the server-side is sent, the 4th block is upper one It is generated when secondary login and is stored in the server-side;
The second field and third field of 4th block are decrypted, the second time interval is obtained;
New block is generated according to second time interval, and the new block is sent to the server-side and carries out identity Verifying.
6. auth method according to claim 5, which is characterized in that the method also includes:
After subscriber authentication passes through, new time interval is set, so that the server-side is produced according to new time interval Raw new block and the local for being stored in the server-side, are sent to the user terminal when for logging in next time.
7. auth method according to claim 5, which is characterized in that the block further includes the first field and the 4th Field;Wherein,
First field is the cryptographic Hash of a upper block;
4th field be the block itself cryptographic Hash, the cryptographic Hash by hash function to first field, Second field and third field calculate gained.
8. auth method according to claim 7, which is characterized in that generated newly according to second time interval Block, and the new block is sent to the step of server-side carries out authentication and includes:
Obtain the third field in the 4th block that the server-side is sent;
By the field value in the third field plus second time interval to generate new third field;
Cryptographic Hash is calculated to new third field according to hash function, to generate the new block;
Third field value in the new block is compared with current time, if within the set range, it will be described new Block be sent to the server-side;If within the set range, not repeating to generate the process of the new third field, with after It is continuous to generate new block, until the fiducial value of third field value and current time in the new block generated is within the set range.
9. a kind of authentication means, which is characterized in that applied to the server-side interacted with user terminal;The authentication means Including receiving module, searching module, the first memory module, the first execution module, authentication module and the first generation module;
For first memory module for storing block chain relevant to user login information, the block chain includes multiple areas Block, the block include the first field, the second field, third field and the 4th field, and first field is a upper block Cryptographic Hash, second field is the data of the block, this log-on message of identity information, user including user and when Between be spaced, the third field be block generation time, the 4th field be the block itself cryptographic Hash, the Hash Obtained by value calculates first field, the second field and third field as hash function;
The receiving module is used to receive the logging request and the first block for the user that the user terminal is sent;
The searching module is used to search user's last login generates second according to the logging request and first block Block;
First execution module is for being decrypted the second field and third field of second block, when obtaining first Between be spaced;
First generation module is used to generate third block according to the first time interval;
The authentication module carries out authentication for being compared to first block with the third block.
10. a kind of authentication means, which is characterized in that applied to the user terminal of server-side interaction, the authentication means Including the second memory module, the second execution module, the second generation module;
For second memory module for storing block chain relevant to user login information, the block chain includes multiple areas Block, the block include the first field, the second field, third field and the 4th field, and first field is a upper block Cryptographic Hash, second field is the data of the block, this log-on message of identity information, user including user and when Between be spaced, the third field be block generation time, the 4th field be the block itself cryptographic Hash, the Hash Obtained by value calculates first field, the second field and third field as hash function;
Second execution module is used to send logging request to the server-side, and to the second field and third of the 4th block Field is decrypted, and obtains the second time interval, and the 4th block is sent to institute in this login by the server-side State user terminal acquisition;4th block generates when being last log in and is stored in the server-side;
Second generation module is used to generate new block according to second time interval, and the new block is sent to The server-side carries out authentication.
CN201811034387.7A 2018-09-03 2018-09-03 Identity verification method and device Active CN108989354B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811034387.7A CN108989354B (en) 2018-09-03 2018-09-03 Identity verification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811034387.7A CN108989354B (en) 2018-09-03 2018-09-03 Identity verification method and device

Publications (2)

Publication Number Publication Date
CN108989354A true CN108989354A (en) 2018-12-11
CN108989354B CN108989354B (en) 2021-06-15

Family

ID=64544912

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811034387.7A Active CN108989354B (en) 2018-09-03 2018-09-03 Identity verification method and device

Country Status (1)

Country Link
CN (1) CN108989354B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106533696A (en) * 2016-11-18 2017-03-22 江苏通付盾科技有限公司 Block chain-based identity authentication methods, authentication server and user terminal
EP3236403A2 (en) * 2016-04-22 2017-10-25 Sony Corporation Client, server, method and identity verification system
CN108259438A (en) * 2016-12-29 2018-07-06 中移(苏州)软件技术有限公司 A kind of method and apparatus of the certification based on block chain technology
WO2018143983A1 (en) * 2017-02-01 2018-08-09 Equifax, Inc. Verifying an identity based on multiple distributed data sources using a blockchain to safeguard the identity

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3236403A2 (en) * 2016-04-22 2017-10-25 Sony Corporation Client, server, method and identity verification system
CN106533696A (en) * 2016-11-18 2017-03-22 江苏通付盾科技有限公司 Block chain-based identity authentication methods, authentication server and user terminal
CN108259438A (en) * 2016-12-29 2018-07-06 中移(苏州)软件技术有限公司 A kind of method and apparatus of the certification based on block chain technology
WO2018143983A1 (en) * 2017-02-01 2018-08-09 Equifax, Inc. Verifying an identity based on multiple distributed data sources using a blockchain to safeguard the identity

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
ZHIMIN GAO: ""Blockchain-based Identity Management with Mobile Device"", 《PROCEEDINGS OF THE 1ST WORKSHOP ON CRYPTOCURRENCIES AND BLOCKCHAINS FOR DISTRIBUTED SYSTEMS》 *
文松: ""基于可信计算的车载网认证方案"", 《湖北文理学院学报》 *

Also Published As

Publication number Publication date
CN108989354B (en) 2021-06-15

Similar Documents

Publication Publication Date Title
Meli et al. How bad can it git? characterizing secret leakage in public github repositories.
US11658992B2 (en) Lateral movement candidate detection in a computer network
Fischer et al. Stack overflow considered harmful? the impact of copy&paste on android application security
CN110046482A (en) Identity verification method and its system
CN105490997B (en) Safe checking method, device, terminal and server
US20190342278A1 (en) Password security
CN111918287A (en) Information processing method and device
CN109951297A (en) A kind of identity authorization system and its register method, login method of the reservation privacy of user towards big data
Ghasemisharif et al. Towards automated auditing for account and session management flaws in single sign-on deployments
CN109101797A (en) Smart machine control method, smart machine and server
US20200117795A1 (en) System and method for generating and authenticating a trusted polymorphic and distributed unique hardware identifier
CN108737094A (en) A kind of method and relevant device of the detection of domain cipher safety
Gilsenan et al. Security and Privacy Failures in Popular {2FA} Apps
CN109145543B (en) Identity authentication method
CN108989354A (en) A kind of auth method and device
Oesch An Analysis of Modern Password Manager Security and Usage on Desktop and Mobile Devices
KR101523629B1 (en) Apparatus and method for login authentication, and storage media storing the same
CN107634904A (en) A kind of instant messaging interaction method and system
MA Automatic vulnerability detection and repair
Simpson Modelling escalation of attacks in federated identity management
Wheeler et al. Security architecture for real IoT systems
Prasher Security Assurance of REST API based applications
Tian Are Children Safe with Smart Watches?: Security Analysis and Ethical Hacking on Children’s Smart Watches
Pöhn et al. A framework for analyzing authentication risks in account networks
Safaie BYPASS: RECONSIDERING THE USABILITY OF PASSWORD MANAGERS

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant