CN108989354A - A kind of auth method and device - Google Patents
A kind of auth method and device Download PDFInfo
- Publication number
- CN108989354A CN108989354A CN201811034387.7A CN201811034387A CN108989354A CN 108989354 A CN108989354 A CN 108989354A CN 201811034387 A CN201811034387 A CN 201811034387A CN 108989354 A CN108989354 A CN 108989354A
- Authority
- CN
- China
- Prior art keywords
- block
- field
- user
- new
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Abstract
The disclosure provides a kind of auth method and device, is related to identity identifying technology field.The auth method and device that the disclosure provides, server-side is stored with block chain relevant with user login information to user terminal, user is when logging in, the block of user terminal is sent to by searching for last time server-side, and block information is decrypted, obtain time interval, new block is generated according to time interval, and the block is sent to server-side, server-side is after receiving the logging request and block that user terminal is sent, one new block is generated using mode corresponding with user terminal, and new block is compared with the block that user sends, to be verified to user identity, guarantee the safety of subscriber authentication.
Description
Technical field
This disclosure relates to identity identifying technology field, in particular to a kind of auth method and device.
Background technique
With the development of science and technology, people are using Internet resources, when accessing network application system, in order to guarantee information
Safety, often the identity of user is verified, currently, the mode of authentication has very much, but is carrying out body mostly
When part verifying, needs user frequently to replace entry password, not can guarantee the safety of authentication.
Summary of the invention
In view of this, the disclosure provides a kind of auth method and device.
A kind of auth method that the disclosure provides, applied to the server-side interacted with user terminal;The server-side is deposited
There is a block chain relevant to user login information, the block chain includes multiple blocks, and the block includes the second field and the
Three fields, second field are the data of the block, this log-on message of identity information, user and time including user
Interval, the third field are block generation time;The described method includes:
Receive the logging request and the first block of the user that the user terminal is sent.
The second block that user's last login generates is searched according to the logging request and the first block.
The second field and third field of second block are decrypted, first time interval is obtained.
Third block is generated according to the first time interval.
The third block is compared with first block, if the third block and first block one
It causes, determines that the subscriber authentication passes through.
Further, the method also includes: after the subscriber authentication passes through, new time interval is set.
New block is generated again according to the new time interval and current log-on message, and to the new block
Second field and third field are encrypted.
The new block is stored in local.
Further, the block further includes the first field and the 4th field;Wherein,
First field is the cryptographic Hash of a upper block.
4th field is the cryptographic Hash of the block itself, and the cryptographic Hash is by hash function to first word
Section, the second field and third field calculate gained.
Further, include: according to the step of first time interval generation third block
Obtain the field for the block that user's last login generates.
By the field value in the field plus the first time interval to generate new field.
Cryptographic Hash is calculated to the new field by using hash function, to generate third block.
The disclosure provides a kind of auth method, applied to the user terminal interacted with server-side;The user terminal has
Block chain relevant to user login information, the block chain include multiple blocks, and the block includes the second field and third
Field, second field are the data of the block, this log-on message of identity information, user including user and between the time
Every the third field is block generation time;The described method includes:
Logging request is sent to the server-side, receives the 4th block that the server-side is sent, the 4th block is
Last time generates when logging in and is stored in the server-side.
The second field and third field of 4th block are decrypted, the second time interval is obtained.
New block is generated according to second time interval, and the new block is sent to the server-side and is carried out
Authentication.
Further, the method also includes:
Subscriber authentication passes through, and new time interval is arranged, so that the server-side is generated according to new time interval
New block and the local for being stored in the server-side, are sent to the user terminal when for logging in next time.
Further, the block further includes the first field and the 4th field;Wherein.
First field is the cryptographic Hash of a upper block.
4th field be the block itself cryptographic Hash, the cryptographic Hash by hash function to the first field,
Second field and third field calculate gained.
Further, new block is generated according to second time interval, and the new block is sent to described
Server-side carry out authentication the step of include:
Obtain the third field in the 4th block that the server-side is sent.
By the field value in the third field plus second time interval to generate new third field.
Cryptographic Hash is calculated to new third field according to hash function, to generate the new block.
Third field value in the new block is compared with current time, if within the set range, by institute
It states new block and is sent to the server-side;If within the set range, not repeating to generate the process of the new third field,
To continue to generate new block, until the fiducial value of third field value and current time in the new block generated is in setting range
It is interior.
The disclosure provides a kind of authentication means, applied to the server-side interacted with user terminal;The authentication dress
It sets including receiving module, searching module, the first memory module, the first execution module, authentication module and the first generation module.
For first memory module for storing block chain relevant to user login information, the block chain includes multiple
Block, the block include the first field, the second field, third field and the 4th field, and first field is the area Shang Yige
The cryptographic Hash of block, second field are the data of the block, this log-on message of identity information, user including user and
Time interval, the third field are block generation time, and the 4th field is the cryptographic Hash of the block itself, the Kazakhstan
Obtained by uncommon value calculates first field, the second field and third field as hash function.
The receiving module is used to receive the logging request and the first block for the user that the user terminal is sent.
The searching module is used to search what user's last login generated according to the logging request and first block
Second block.
First execution module obtains for the second field and third field of second block to be decrypted
One time interval.
First generation module is used to generate third block according to the first time interval.
The authentication module carries out authentication for being compared to first block with the third block.
A kind of authentication means that the disclosure provides, applied to the user terminal of server-side interaction, the authentication dress
It sets including the second memory module, the second execution module, the second generation module.
For second memory module for storing block chain relevant to user login information, the block chain includes multiple
Block, the block include the first field, the second field, third field and the 4th field, and first field is the area Shang Yige
The cryptographic Hash of block, second field are the data of the block, this log-on message of identity information, user including user and
Time interval, the third field are block generation time, and the 4th field is the cryptographic Hash of the block itself, the Kazakhstan
Obtained by uncommon value calculates first field, the second field and third field as hash function.
Second execution module is used to send logging request to the server-side, and the second field to the 4th block and
Third field is decrypted, and obtains the second time interval, and the 4th block is sent by the server-side in this login
It is obtained to the user terminal;4th block generates when being last log in and is stored in the server-side.
Second generation module is used to generate new block according to second time interval, and the new block is sent out
It send to the server-side and carries out authentication.
The auth method and device that the disclosure provides, server-side are stored with block relevant to user login information
Chain, server-side are searched according to logging request and the first block and are used after receiving the logging request and the first block that user terminal is sent
The second block that family last login generates, and the second field and third field of the second block are decrypted, when obtaining first
Between be spaced;Third block is generated by first time interval, third block is compared with the first block, thus to user's body
Part verified, do not need user frequently replace entry password it is ensured that authentication safety, and can be according to block chain
Malice is logged in and is tracked.
To enable the above objects, features, and advantages of the disclosure to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
In order to illustrate more clearly of the technical solution of the disclosure, letter will be made to attached drawing needed in the embodiment below
It singly introduces, it should be understood that the following drawings illustrates only some embodiments of the disclosure, therefore is not construed as to range
It limits, it for those of ordinary skill in the art, without creative efforts, can also be according to these attached drawings
Obtain other relevant attached drawings.
Fig. 1 is a kind of flow diagram of auth method provided by the disclosure.
Fig. 2 is the block diagram of auth method provided by the disclosure.
Fig. 3 is the block chain schematic diagram of auth method provided by the disclosure.
Fig. 4 is another flow diagram of auth method provided by the disclosure.
Fig. 5 is another flow diagram of auth method provided by the disclosure.
Fig. 6 is another flow diagram of auth method provided by the disclosure.
Fig. 7 is another flow diagram of authentication means provided by the disclosure.
Fig. 8 is a kind of block diagram of authentication means provided by the disclosure.
Fig. 9 is another block diagram of authentication means provided by the disclosure.
Icon: the first authentication means of 10-;The first memory module of 11-;12- receiving module;13- searching module;
The first execution module of 14-;The first generation module of 15-;16- authentication module;The second authentication means of 20-;21- second
Memory module;The second execution module of 22-;The second generation module of 23-.
Specific embodiment
Below in conjunction with attached drawing in the disclosure, the technical solution in the disclosure is clearly and completely described, it is clear that
Described embodiment is only disclosure a part of the embodiment, instead of all the embodiments.Usually retouched in attached drawing here
The component for the disclosure stated and shown can be arranged and be designed with a variety of different configurations.Therefore, below to mentioning in the accompanying drawings
The detailed description of the embodiment of the disclosure of confession is not intended to limit claimed the scope of the present disclosure, but is merely representative of this
Disclosed selected embodiment.Based on embodiment of the disclosure, those skilled in the art are in the premise for not making creative work
Under every other embodiment obtained, belong to the disclosure protection range.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
Identity identifying technology is the process of confirmation operation person's identity and the effective workaround that generates in a computer network.
All information include that the identity information of user is all indicated with one group of specific data in the computer network world, computer
It can only identify the digital identity of user, the authorization of all couples of users is also the authorization for number identity.How to guarantee with
The operator that digital identity is operated is exactly this digital identity lawful owner, that is to say, that guarantees the physics body of operator
Part is corresponding with digital identity, and identity identifying technology is exactly in order to solve this problem first as protected network assets
Critical point, authentication play the role of very important.
Currently, the mode of authentication has very much, but user is needed frequently to replace login when carrying out authentication mostly
Password guarantees the safety of authentication, if more even system when maliciously login occurs, can not find to dislike in time there are loophole
Meaning is logged in or is logged in malice and is tracked.
Based on the studies above, the disclosure provides a kind of auth method and device.
Fig. 1 is please referred to, is a kind of flow diagram for auth method that the disclosure provides, the method application
In the server-side interacted with user terminal;The server-side has block chain relevant to user login information, the block chain packet
Multiple blocks are included, the block includes the second field and third field, and second field is the data of the block, including with
Identity information, this log-on message of user and the time interval at family, the third field are block generation time.It below will be to figure
Detailed process shown in 1 is described in detail.
Step S10: the logging request and the first block of the user that the user terminal is sent are received.
Step S11: the second block that user's last login generates is searched according to the logging request and the first block.
Step S12: the second field and third field of second block are decrypted, first time interval is obtained.
Wherein, entry password is arranged when first logging by user, and the server-side is calculated according to the calculation method of setting
Key, the key calculated are shared by the server-side and the user terminal, and the key calculated is stored in described
Server-side and the user terminal.For user when logging in next time, the server-side receives after logging request and firstth area
After block, it is decrypted by the second field and third field of the second block described in key pair, obtains the first time interval.
Step S13: third block is generated according to the first time interval.
Step S14: the third block is compared with first block, judges the third block and described the
Whether one block is consistent.
Wherein, if the third block is consistent with first block, i.e., information included by the described third block with
Information included by first block is consistent, determines that the subscriber authentication passes through, and executes step S15, if described the
Three blocks and first block are inconsistent, i.e., letter included by information included by the described third block and first block
It ceases inconsistent, thens follow the steps S141.
Step S141: authentication does not pass through.
Step S15: after the subscriber authentication passes through, new time interval is set.
If being wherein not provided with new time interval, the server-side defaults new time interval and first time interval
It is identical.
Step S16: new block is generated according to the new time interval and current log-on message again.
Wherein, when generating new block, the new block in addition to the new time interval and current log-on message,
It further include user information etc., the new time interval is used for next user as new registration conditions and logs in generation new block
Condition, current log-on message include this login time, this login time is subject to the local time.
Step S17: the new block is stored in local.
Wherein, the new block is stored in local, and for user when logging in next time, the server-side is by the new area
Block is sent to the user terminal, and the server-side also again verifies user identity according to the new block.
Further, Fig. 2 is please referred to, the block further includes the first field and the 4th field;Wherein, described first
Field is the cryptographic Hash of a upper block;Second field is the data of the block, identity information, user including user
This log-on message and time interval;The third field is block generation time;4th field is the block itself
Cryptographic Hash, the cryptographic Hash as hash function to the first field, the second field and third field calculate obtained by.
Second field is the data of the block, and wherein the identity information of user is first logged by user records
Information, such as user name;This log-on message of user, the time logged in including this;Time interval is then as stepping on next time
The condition of record.Wherein when the block is when being saved, second field can be encrypted with key, guarantee data
Safety.
The third field is the time that block generates, and time precision may be configured as hour, minute, second, millisecond etc., by institute
It states server-side own situation and determines, when the block is when being saved, the third field can be encrypted with key,
Guarantee the safety of data.
The cryptographic Hash of the block be calculated as field of the hash function to block obtained by, the hash function can
Think MD4, MD5, SHA-1, SHA-256 etc..Since first field is the cryptographic Hash of a upper block, and the described 4th
Field is that the cryptographic Hash of this block can be by block group chaining, as shown in figure 3, in turn may be used in order to avoid block is maliciously tampered
To verify the legitimacy of each block.
Further, Fig. 3 is please referred to, Fig. 3 is the block chain schematic diagram of auth method provided by the disclosure,
When verifying to block, cryptographic Hash can be calculated to first field, the second field and third field, by what is calculated
Cryptographic Hash is compared with the 4th field, if the cryptographic Hash calculated is equal with the 4th field, then it is assumed that should
Block is not maliciously tampered, and is that legitimate user rectifies normal calculated result, if the cryptographic Hash calculated and the 4th word
Section is unequal, then it is assumed that the block is maliciously tampered, and is not that legitimate user rectifies normal calculated result.It in turn, can be to entire area
Whether block chain is verified, equal by comparing first field and the 4th field of a upper block, if described first
Field is equal with the 4th field of a upper block, then it is assumed that the block be it is legal, when this block is it legal
Afterwards, then its legitimacy can be verified to upper a block by leading to the method for sample, and then initial module can be authenticated to always, it is right
Entire block chain is tracked.
Fig. 4 is please referred to, the server-side includes: according to the step of first time interval generation third block
Step S131: the field for the block that user's last login generates is obtained.
Wherein, multiple blocks can be generated during user's last login, and the multiple blocks generated are stored in institute together
Server-side is stated, after the server-side receives the logging request that the user terminal is sent and the first block, searches user's last time
The block finally generated in login, i.e., described second block, and the second field and third field of the block are decrypted, it obtains
To the generation time in the first time interval and third field for being stored in the second field.
Step S132: by the field value in the field plus the first time interval to generate new field.
Wherein, the server-side generates the third field of the last one block in block using user's last login, i.e.,
The time that block generates adds the first time interval on this time, forms a new third field, and described new the
Third field of three fields as third block, for example, user's last login, the time which generates is 9:00, between the time
It is divided into 5 minutes, is then added five minutes, i.e. 9:05 on the basis of 9:00, then new third field is then 9:05.For another example such as
Fruit user's last login, the time for generating the block is the 10:00 of the previous day, and time interval is 5 minutes, then in the previous day
Five minutes, the i.e. 10:05 of the previous day are added on the basis of 10:00, then new third field is then the 10:05 of the previous day, then
It is added on the basis of the 10:05 of the previous day again minute, i.e. the 10:10 of the previous day, generates new third field again, repeated
Time interval is added on the basis of upper primary, new third field is constantly generated, until being continued until current time.
Step S133: cryptographic Hash is calculated to the new field by using hash function, to generate third block.
Cryptographic Hash is calculated to the 4th field of new third field, the second field of the second block and the second block, will be counted
The cryptographic Hash calculated is as the 4th new field, using the 4th field of the second block as the first field of new block, by the
Second field of second field of two blocks as new block, third field of the new third field as new block, new the
Fourth field of four fields as new block, then constitutes new block in this way.
Wherein, one new third field of every generation then can calculate cryptographic Hash by hash function, new to generate one
Block, repetition generate new block, be continued until the generation time of the block close to current time, and using the block as
Third block is compared with the first block that the user terminal is sent, and then tests the identity of user by third block
Card.
A kind of auth method that the disclosure provides, applied to the server-side interacted with user terminal, server-side is stored with
Block chain relevant to user login information, server-side receive user terminal send logging request and the first block after, according to
Logging request and the first block search the second block that user's last login generates, and to the second field and third of the second block
Field is decrypted, and obtains first time interval;Third block is generated by first time interval, by third block and the firstth area
Block is compared, to verify to user identity, is not needed user and is frequently replaced entry password it is ensured that authentication
Safety, and can according to block chain verify block legitimacy, to malice log in be tracked,
Fig. 5 is please referred to, is a kind of flow diagram for auth method that the disclosure provides, the method application
In the user terminal interacted with server-side;The user terminal has block chain relevant to user login information, the block chain packet
Multiple blocks are included, the block includes the second field and third field, and second field is the data of the block, including with
Identity information, this log-on message of user and the time interval at family, the third field are block generation time.It below will be to figure
Detailed process shown in 5 is described in detail.
Step S20: sending logging request to the server-side, receives the 4th block that the server-side is sent.
Wherein, by generating and being stored in the server-side when last log in, the server-side exists the 4th block
When 4th block is sent to the user terminal, the server-side also preserves block identical with the 4th block simultaneously,
4th block is the block that user's last login finally generates in the process.When logging in, the server-side exists user
After the logging request for receiving user, the 4th block is just sent to the user terminal, in turn, user replaces different use
Family end can also carry out authentication by block and provide the safety of authentication so that user normally logs in.
Step S21: the second field and third field of the 4th block are decrypted, the second time interval is obtained.
Wherein, entry password is arranged when first logging by user, and the server-side is according to the password according to the meter of setting
Calculation method calculates key, and the key calculated is shared by the server-side and the user terminal, it is described calculate it is close
Key is stored in the server-side and the user terminal, and user can not learn the key, wherein the calculation method of setting can be
Then b is used as key if entry password is a, Hash (a)=b by hash function, user needs to input and oneself set in login
The entry password set, the user terminal are detecting that entry password is that correct entry password according to hash function will log in mouth
Order reverts to key, and then block is decrypted.
For example, it is 123456 that entry password is arranged when first logging by user, it is according to the calculated key of hash function
654321, user is when logging in next time, it is only necessary to input 123456, the user terminal then according to hash function, is stepped on described
Record password 123456 reverts to key 654321, and then the second field and third field of block are decrypted.
It is to be appreciated that second time interval is identical as the first time interval.
Step S22: new block is generated according to second time interval, and the new block is sent to the clothes
Business end carries out authentication.
Wherein it is possible to understand ground, the new block is that the first block is mentioned in the above process, and the server-side receives
After the new block and logging request that send to the user terminal, the area of server-side generation when last log in is searched
Block executes above-mentioned steps S10 to the corresponding process of step S17.
Step S23: subscriber authentication passes through, and new time interval is arranged, so that the server-side is according to the new time
Interval generates new block and saves the local of the server-side, and the user terminal is sent to when for logging in next time.
Wherein, new time interval can be arranged by user oneself, can be by the service if user's not self-setting
End setting.
Further, the block for being stored in the user terminal includes the first field, the second field, third field and the 4th word
Section;First field is the cryptographic Hash of a upper block;Second field is the data of the block, the body including user
Part information, this log-on message of user and time interval;The third field is block generation time;4th field is institute
The cryptographic Hash of block itself is stated, the cryptographic Hash calculates institute to the first field, the second field and third field by hash function
?.
Since the block that the user terminal saves is consistent with the block that the server-side saves, and equally constitute block
Chain can refer to the above-mentioned description to server-side block and block chain.
Please refer to Fig. 6, the new block that the user terminal is generated according to second time interval, and will be described new
Block be sent to the step of server-side carries out authentication and include:
Step S221: the third field in the 4th block that the server-side is sent is obtained.
Wherein, the user terminal receives the 4th block that the server-side is sent, and inputs entry password, the user terminal
The entry password is reverted into key according to the calculation method of setting, and then to the second field and third field of the 4th block
It is decrypted, obtains the time that the second time interval and third field generate.
Step S222: by the field value in the third field plus second time interval to generate new third word
Section.
Wherein, the user terminal uses the third field of the 4th block, i.e. the time of block generation, adds on this time
Second time interval, one new third field of formation, third field of the new third field as new block,
For example, the time that block generates is 9:00, time interval is 5 minutes, then adds five minutes, i.e. 9:05 on the basis of 9:00,
Then new third field is then 9:05, for another example the time for generating the block is the 10 of the previous day if user's last login:
00, time interval is 5 minutes, then five minutes, the i.e. 10:05 of the previous day are added on the basis of the 10:00 of the previous day, then new
Third field be then the previous day 10:05, then again on the basis of the 10:05 of the previous day add minute, i.e., the previous day
10:10 generates new third field again, repeats to add time interval on the basis of upper primary, constantly generates new third
Field, until being continued until current time.
Step S223: cryptographic Hash is calculated to new third field by using hash function, to generate the new block.
Cryptographic Hash is calculated to the 4th field of new third field, the second field of the 4th block and the 4th block, will be counted
The cryptographic Hash calculated is as the 4th new field, using the 4th field of the 4th block as the first field of new block, the
Second field of second field of four blocks as new block, third field of the new third field as new block, newly
Fourth field of the 4th field as new block, then constitute new block in this way.
Step S224: the third field value in the new block is compared with current time, judges whether setting
Determine in range.
Wherein, one new third field of every generation then can calculate cryptographic Hash by hash function, new to generate one
Block, repetition generate new block, are continued until the generation time of the block close to current time, then by the of the block
Three fields are compared with current time.
The setting range can sets itself the new block is sent out if within the set range, thening follow the steps S225
It send to the server-side.If within the set range, not returning to step S221, continue to generate new block, until generate
Third field value in new block and the fiducial value of current time are within the set range.
Step S225: the new block is sent to the server-side.
Wherein it is possible to understand ground, the new block is that the first block is mentioned in the above process, when the new block
When being sent to the server-side, the server-side executes above-mentioned steps S10 to the corresponding process of step S14, so to identity into
Row verifying.In the process, the user terminal can also save the multiple blocks regenerated, and then the area of user terminal storage
Block includes multiple blocks that the server-side is sent to the block of the user terminal and itself generates.
The above process is that user commonly logs in the process for carrying out authentication, when user first logs into, incorporated by reference to
Refering to Fig. 7, it is that user first logs into flow diagram, detailed process shown in Fig. 7 will be described in detail below.
Step S30: user's registration.
When new user's registration, user needs to be arranged the entry password of oneself, server-side and user terminal according to the entry password,
Key is calculated according to the calculation method of setting.The key is based on symmetric cryptography (system can be with free cryptographic algorithm when realizing),
For to later information encryption and the above process in encryption to block field, user and authentication are shared.
For another example server-side can store the identity information block of multiple people when user is logged in using unility computer end
Chain, and then user, when logging in, server-side also needs to find user from the identity information block chain of multiple people corresponding
Identity information block chain, in order to provide the safety of authentication, user is when first logging into, in addition to entry password is arranged, also
Specific user name can be set.For example, user sends logging request when logging in, to server-side, which includes user
User name, server-side receive user terminal transmission logging request after, according to the user name of user, from the identity of multiple people
Identity information block chain corresponding with user name is searched in information block chain, finds identity information block corresponding with user name
After chain, the block that last login is finally generated is sent to user terminal.
Step S31: initialization.
Server-side initialization, generates original block, for later verification process, wherein the first field of block by
The server-side is specified, such as is fixed as 0 or other values.
Step S32: user's automated log on for the first time.
Automatic login system after user registration success.
Step S33: the setting of next registration conditions.
After user logins successfully, setting time interval is needed, server-side is generated according to time interval and current log-on message
Original block is stored in local by original block, server-side, and is sent to user terminal and is saved.When logging in next time, pass through
Time interval generates new block, and the generation of the block will be used for the verifying of user's login.
The generation of original block block is in memory, only after user successfully logs in, and to be provided with next block
The condition of generation that is, after time interval, can just generate and be written into hard disk preservation, and the generation time of original block is that user is first
Secondary login time.
Step S35: next user logs in.
Step S36: judgement verifies whether to pass through.
The step can refer to the above-mentioned process to authentication.If the verification passes, then the condition of login next time is set.Such as
Fruit verifying does not pass through, then authentication fails.
A kind of auth method that the disclosure provides, applied to the user terminal interacted with server-side, user terminal is stored with
Block chain relevant to user login information, user terminal send logging request, take out the 4th block that user's last login generates,
And the second field and third field of the 4th block are decrypted, obtain the second time interval;It is produced by the second time interval
New block is sent to server-side by raw new block, and server-side generates block according to time interval, by new block and service
The block that end generates compares, to verify user identity, does not need user and frequently replace entry password to protect
The safety of authentication is demonstrate,proved, and the legitimacy of block can be verified according to block chain, malice is logged in and is tracked.
Fig. 8 is please referred to, is the first authentication means 10 that the disclosure provides, applied to the clothes interacted with user terminal
Business end, first authentication means 10 are used to execute the step S10 to step S17 in flow chart described in Fig. 1.Described
One authentication means 10 include receiving module 12, searching module 13, the first memory module 11, the first execution module 14, verifying
Module 16 and the first generation module 15.
First memory module 11 includes more for storing block chain relevant to user login information, the block chain
A block, the block include the first field, the second field, third field and the 4th field, and first field is upper one
The cryptographic Hash of block, second field are the data of the block, identity information, user this log-on message including user
And time interval, the third field are block generation time, the 4th field is the cryptographic Hash of the block itself, described
Obtained by cryptographic Hash calculates first field, the second field and third field as hash function.
The receiving module 12 is used to receive the logging request and the first block for the user that the user terminal is sent.
The searching module 13 is used to search user's last login according to the logging request and first block and generate
The second block.
First execution module 14 is obtained for the second field and third field of second block to be decrypted
First time interval.
First generation module 15 is used to generate third block according to the first time interval.
The authentication module 16 carries out authentication for being compared to first block with the third block.
It is apparent to those skilled in the art that for convenience and simplicity of description, the first of foregoing description
The specific work process of authentication means 10 can refer to corresponding process of the aforementioned method steps S10 into step S17,
This is no longer excessively repeated.
Fig. 9 is please referred to, for the second authentication means 20 that the disclosure provides, the user interactive applied to server-side
End, second authentication means 20 are used to execute the step S20 to step S25 in flow chart described in Fig. 5.Described second
Authentication means 20 include the second memory module 21, the second execution module 22, the second generation module 23.
Second memory module 21 includes more for storing block chain relevant to user login information, the block chain
A block, the block include the first field, the second field, third field and the 4th field, and first field is upper one
The cryptographic Hash of block, second field are the data of the block, identity information, user this log-on message including user
And time interval, the third field are block generation time, the 4th field is the cryptographic Hash of the block itself, described
Obtained by cryptographic Hash calculates first field, the second field and third field as hash function.
Second execution module 22 is used to send logging request to the server-side, and to the second field of the 4th block
And third field is decrypted, and obtains the second time interval, the 4th block when this login of the server-side by sending
It is obtained to the user terminal, the 4th block generates when being last log in and is stored in the server-side.
Second generation module 23 is used to generate new block according to second time interval, by the new block
It is sent to the server-side and carries out authentication, it is possible to understand that ground, the new block are first mentioned in the above process
Block.
It is apparent to those skilled in the art that for convenience and simplicity of description, the second of foregoing description
The specific work process of authentication means 20 can refer to corresponding process of the aforementioned method steps S20 into step S25,
This is no longer excessively repeated.
To sum up, auth method and device provided by the disclosure, server-side and user terminal are stored with simultaneously and user
The relevant block chain of log-on message, user are sent to the block of user terminal by searching for last time server-side, and to area when logging in
The second field and third field of block are decrypted, and obtain time interval, and new block, the area Bing Jianggai are generated according to time interval
Block is sent to server-side, and server-side is after receiving the logging request and block that user terminal is sent, using mistake same as user terminal
Journey also generates a new block, and new block is compared with the block that user sends, and then carries out to user identity
Verifying, do not need user frequently replace entry password it is ensured that authentication safety, and can according to block chain to malice
Login is tracked.
In several embodiments provided by the disclosure, it should be understood that disclosed device and method can also pass through
Other modes are realized.Device and method embodiment described above is only schematical, for example, the flow chart in attached drawing
The device of multiple embodiments according to the disclosure, the system in the cards of method and computer program product are shown with block diagram
Framework, function and operation.In this regard, each box in flowchart or block diagram can represent a module, program segment or generation
A part of code, a part of the module, section or code include one or more for realizing defined logic function
Executable instruction.It should also be noted that function marked in the box can also be in some implementations as replacement
Occur different from the sequence marked in attached drawing.For example, two continuous boxes can actually be basically executed in parallel, they
Sometimes it can also execute in the opposite order, this depends on the function involved.It is also noted that block diagram and or flow chart
In each box and the box in block diagram and or flow chart combination, can function or movement as defined in executing it is special
Hardware based system is realized, or can be realized using a combination of dedicated hardware and computer instructions.
In addition, each functional module in each embodiment of the disclosure can integrate one independent portion of formation together
Point, it is also possible to modules individualism, an independent part can also be integrated to form with two or more modules.Institute
If stating function to realize in the form of software function module and when sold or used as an independent product, can store at one
In computer-readable storage medium.Based on this understanding, the technical solution of the disclosure is substantially in other words to the prior art
The part to contribute or the part of the technical solution can be embodied in the form of software products, which produces
Product are stored in a storage medium, including some instructions are used so that a computer equipment (can be personal computer, electricity
Sub- equipment 10 or the network equipment etc.) execute each embodiment the method for the disclosure all or part of the steps.And it is above-mentioned
Storage medium includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory
The various media that can store program code such as (RAM, Random Access Memory), magnetic or disk.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or equipment for including a series of elements not only includes those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or equipment institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including institute
State in the process, method, article or equipment of element that there is also other identical elements.In addition, term " first ", " second " etc.
It is only used for distinguishing description, is not understood to indicate or imply relative importance.
The foregoing is merely the alternative embodiments of the disclosure, are not limited to the disclosure, for the skill of this field
For art personnel, the disclosure can have various modifications and variations.It is all within the spirit and principle of the disclosure, it is made any to repair
Change, equivalent replacement, improvement etc., should be included within the protection scope of the disclosure.
Claims (10)
1. a kind of auth method, which is characterized in that applied to the server-side interacted with user terminal;The server-side have with
The relevant block chain of user login information, the block chain include multiple blocks, and the block includes the second field and third word
Section, second field are the data of the block, this log-on message of identity information, user including user and between the time
Every the third field is block generation time;The described method includes:
Receive the logging request and the first block of the user that the user terminal is sent;
The second block that user's last login generates is searched according to the logging request and the first block;
The second field and third field of second block are decrypted, first time interval is obtained;
Third block is generated according to the first time interval;
The third block is compared with first block, if the third block is consistent with first block,
Determine that the subscriber authentication passes through.
2. auth method according to claim 1, which is characterized in that the method also includes:
After the subscriber authentication passes through, new time interval is set;
New block is generated again according to the new time interval and current log-on message, and to the second of the new block
Field and third field are encrypted;
The new block is stored in local.
3. auth method according to claim 1, which is characterized in that the block further includes the first field and the 4th
Field;Wherein,
First field is the cryptographic Hash of a upper block;
4th field be the block itself cryptographic Hash, the cryptographic Hash by hash function to first field,
Second field and third field calculate gained.
4. auth method according to claim 3, which is characterized in that generate third area according to the first time interval
The step of block includes:
Obtain the field for the block that user's last login generates;
By the field value in the field plus the first time interval to generate new field;
Cryptographic Hash is calculated to the new field by using hash function, to generate third block.
5. a kind of auth method, which is characterized in that applied to the user terminal interacted with server-side;The user terminal have with
The relevant block chain of user login information, the block chain include multiple blocks, and the block includes the second field and third word
Section, second field are the data of the block, this log-on message of identity information, user including user and between the time
Every the third field is block generation time;The described method includes:
Logging request is sent to the server-side, receives the 4th block that the server-side is sent, the 4th block is upper one
It is generated when secondary login and is stored in the server-side;
The second field and third field of 4th block are decrypted, the second time interval is obtained;
New block is generated according to second time interval, and the new block is sent to the server-side and carries out identity
Verifying.
6. auth method according to claim 5, which is characterized in that the method also includes:
After subscriber authentication passes through, new time interval is set, so that the server-side is produced according to new time interval
Raw new block and the local for being stored in the server-side, are sent to the user terminal when for logging in next time.
7. auth method according to claim 5, which is characterized in that the block further includes the first field and the 4th
Field;Wherein,
First field is the cryptographic Hash of a upper block;
4th field be the block itself cryptographic Hash, the cryptographic Hash by hash function to first field,
Second field and third field calculate gained.
8. auth method according to claim 7, which is characterized in that generated newly according to second time interval
Block, and the new block is sent to the step of server-side carries out authentication and includes:
Obtain the third field in the 4th block that the server-side is sent;
By the field value in the third field plus second time interval to generate new third field;
Cryptographic Hash is calculated to new third field according to hash function, to generate the new block;
Third field value in the new block is compared with current time, if within the set range, it will be described new
Block be sent to the server-side;If within the set range, not repeating to generate the process of the new third field, with after
It is continuous to generate new block, until the fiducial value of third field value and current time in the new block generated is within the set range.
9. a kind of authentication means, which is characterized in that applied to the server-side interacted with user terminal;The authentication means
Including receiving module, searching module, the first memory module, the first execution module, authentication module and the first generation module;
For first memory module for storing block chain relevant to user login information, the block chain includes multiple areas
Block, the block include the first field, the second field, third field and the 4th field, and first field is a upper block
Cryptographic Hash, second field is the data of the block, this log-on message of identity information, user including user and when
Between be spaced, the third field be block generation time, the 4th field be the block itself cryptographic Hash, the Hash
Obtained by value calculates first field, the second field and third field as hash function;
The receiving module is used to receive the logging request and the first block for the user that the user terminal is sent;
The searching module is used to search user's last login generates second according to the logging request and first block
Block;
First execution module is for being decrypted the second field and third field of second block, when obtaining first
Between be spaced;
First generation module is used to generate third block according to the first time interval;
The authentication module carries out authentication for being compared to first block with the third block.
10. a kind of authentication means, which is characterized in that applied to the user terminal of server-side interaction, the authentication means
Including the second memory module, the second execution module, the second generation module;
For second memory module for storing block chain relevant to user login information, the block chain includes multiple areas
Block, the block include the first field, the second field, third field and the 4th field, and first field is a upper block
Cryptographic Hash, second field is the data of the block, this log-on message of identity information, user including user and when
Between be spaced, the third field be block generation time, the 4th field be the block itself cryptographic Hash, the Hash
Obtained by value calculates first field, the second field and third field as hash function;
Second execution module is used to send logging request to the server-side, and to the second field and third of the 4th block
Field is decrypted, and obtains the second time interval, and the 4th block is sent to institute in this login by the server-side
State user terminal acquisition;4th block generates when being last log in and is stored in the server-side;
Second generation module is used to generate new block according to second time interval, and the new block is sent to
The server-side carries out authentication.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811034387.7A CN108989354B (en) | 2018-09-03 | 2018-09-03 | Identity verification method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811034387.7A CN108989354B (en) | 2018-09-03 | 2018-09-03 | Identity verification method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108989354A true CN108989354A (en) | 2018-12-11 |
CN108989354B CN108989354B (en) | 2021-06-15 |
Family
ID=64544912
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811034387.7A Active CN108989354B (en) | 2018-09-03 | 2018-09-03 | Identity verification method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108989354B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106533696A (en) * | 2016-11-18 | 2017-03-22 | 江苏通付盾科技有限公司 | Block chain-based identity authentication methods, authentication server and user terminal |
EP3236403A2 (en) * | 2016-04-22 | 2017-10-25 | Sony Corporation | Client, server, method and identity verification system |
CN108259438A (en) * | 2016-12-29 | 2018-07-06 | 中移(苏州)软件技术有限公司 | A kind of method and apparatus of the certification based on block chain technology |
WO2018143983A1 (en) * | 2017-02-01 | 2018-08-09 | Equifax, Inc. | Verifying an identity based on multiple distributed data sources using a blockchain to safeguard the identity |
-
2018
- 2018-09-03 CN CN201811034387.7A patent/CN108989354B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3236403A2 (en) * | 2016-04-22 | 2017-10-25 | Sony Corporation | Client, server, method and identity verification system |
CN106533696A (en) * | 2016-11-18 | 2017-03-22 | 江苏通付盾科技有限公司 | Block chain-based identity authentication methods, authentication server and user terminal |
CN108259438A (en) * | 2016-12-29 | 2018-07-06 | 中移(苏州)软件技术有限公司 | A kind of method and apparatus of the certification based on block chain technology |
WO2018143983A1 (en) * | 2017-02-01 | 2018-08-09 | Equifax, Inc. | Verifying an identity based on multiple distributed data sources using a blockchain to safeguard the identity |
Non-Patent Citations (2)
Title |
---|
ZHIMIN GAO: ""Blockchain-based Identity Management with Mobile Device"", 《PROCEEDINGS OF THE 1ST WORKSHOP ON CRYPTOCURRENCIES AND BLOCKCHAINS FOR DISTRIBUTED SYSTEMS》 * |
文松: ""基于可信计算的车载网认证方案"", 《湖北文理学院学报》 * |
Also Published As
Publication number | Publication date |
---|---|
CN108989354B (en) | 2021-06-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Meli et al. | How bad can it git? characterizing secret leakage in public github repositories. | |
US11658992B2 (en) | Lateral movement candidate detection in a computer network | |
Fischer et al. | Stack overflow considered harmful? the impact of copy&paste on android application security | |
CN110046482A (en) | Identity verification method and its system | |
CN105490997B (en) | Safe checking method, device, terminal and server | |
US20190342278A1 (en) | Password security | |
CN111918287A (en) | Information processing method and device | |
CN109951297A (en) | A kind of identity authorization system and its register method, login method of the reservation privacy of user towards big data | |
Ghasemisharif et al. | Towards automated auditing for account and session management flaws in single sign-on deployments | |
CN109101797A (en) | Smart machine control method, smart machine and server | |
US20200117795A1 (en) | System and method for generating and authenticating a trusted polymorphic and distributed unique hardware identifier | |
CN108737094A (en) | A kind of method and relevant device of the detection of domain cipher safety | |
Gilsenan et al. | Security and Privacy Failures in Popular {2FA} Apps | |
CN109145543B (en) | Identity authentication method | |
CN108989354A (en) | A kind of auth method and device | |
Oesch | An Analysis of Modern Password Manager Security and Usage on Desktop and Mobile Devices | |
KR101523629B1 (en) | Apparatus and method for login authentication, and storage media storing the same | |
CN107634904A (en) | A kind of instant messaging interaction method and system | |
MA | Automatic vulnerability detection and repair | |
Simpson | Modelling escalation of attacks in federated identity management | |
Wheeler et al. | Security architecture for real IoT systems | |
Prasher | Security Assurance of REST API based applications | |
Tian | Are Children Safe with Smart Watches?: Security Analysis and Ethical Hacking on Children’s Smart Watches | |
Pöhn et al. | A framework for analyzing authentication risks in account networks | |
Safaie | BYPASS: RECONSIDERING THE USABILITY OF PASSWORD MANAGERS |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |