CN109951417A - A kind of identity authentication method, system and terminal device - Google Patents
A kind of identity authentication method, system and terminal device Download PDFInfo
- Publication number
- CN109951417A CN109951417A CN201711383898.5A CN201711383898A CN109951417A CN 109951417 A CN109951417 A CN 109951417A CN 201711383898 A CN201711383898 A CN 201711383898A CN 109951417 A CN109951417 A CN 109951417A
- Authority
- CN
- China
- Prior art keywords
- user password
- information
- encryption algorithm
- eap
- message digest
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The present invention is suitable for field of communication technology, provide a kind of identity authentication method, system and terminal device, the identity authentication method includes: acquisition user password, hardware address and session information, user password is handled according to the first preset rules, generate the first user password, user password is handled according to the second preset rules, generate second user password, according to the first user password, second user password, hardware address and session information generate information to be transmitted, the Encryption Algorithm prestored is selected according to the first user password, information to be transmitted is encrypted according to Encryption Algorithm, obtain eap-message digest, and it is sent to server, eap-message digest is used to indicate server and carries out user identity authentication according to eap-message digest, to efficiently solve since the content that identity information includes is to be transmitted in plain text, attacker is caused to obtain user's body Part information is easier, the lower problem of safety.
Description
Technical field
The invention belongs to field of communication technology more particularly to a kind of identity authentication methods, system and terminal device.
Background technique
IPMI (Intelligent Platform Management Interface, Intelligent Platform Management Interface) is pipe
A kind of industrial standard that peripheral equipment used in business system uses is managed, which is worn by Intel, Hewlett-Packard, NEC, the U.S.
Your companies such as computer and SuperMicro formulate.User can use IPMI monitoring server physical health feature, as temperature,
Voltage, fan operating state, power supply status etc..
In the prior art, it when client and IPMI server establish session by 1.5 agreement of IPMI, needs to send body
Part information causes attacker to obtain user identity letter to server since the content that identity information includes is to be transmitted in plain text
Breath is easier, and safety is lower.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of identity authentication method, system and terminal device, it is existing to solve
Since the content that identity information includes is to be transmitted in plain text in technology, causes attacker to obtain subscriber identity information and compare appearance
Easily, the lower problem of safety.
The first aspect of the embodiment of the present invention provides a kind of identity authentication method, comprising:
Obtain user password, hardware address and session information.
The user password is handled according to the first preset rules, generates the first user password.
The user password is handled according to the second preset rules, generates second user password.
It is generated according to first user password, the second user password, the hardware address and the session information
Information to be transmitted.
The Encryption Algorithm prestored is selected according to first user password.
The information to be transmitted is encrypted according to the Encryption Algorithm, obtains eap-message digest, and be sent to server,
The eap-message digest is used to indicate the server and carries out user identity authentication according to the eap-message digest.
The second aspect of the embodiment of the present invention provides a kind of system of authentication, comprising:
Data obtaining module, for obtaining user password, hardware address and session information.
First processing module generates the first user password for handling the user password according to the first preset rules.
Second processing module generates second user password for handling the user password according to the second preset rules.
Data obtaining module to be transmitted, for according to first user password, the second user password, the hardware
Address and the session information generate information to be transmitted.
Selecting module, for selecting the Encryption Algorithm prestored according to first user password.
Information sending module obtains message and plucks for being encrypted according to the Encryption Algorithm to the information to be transmitted
It wants, and is sent to server, the eap-message digest is used to indicate the server and carries out user identity according to the eap-message digest
Certification.
The third aspect of the embodiment of the present invention provides a kind of terminal device, including memory, processor and is stored in
In the memory and the computer program that can run on the processor, when the processor executes the computer program
The step of realizing method as described above.
The fourth aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage
Media storage has the step of computer program, the computer program realizes method as described above when being executed by processor.
Existing beneficial effect is the embodiment of the present invention compared with prior art: the present embodiment by obtain user password,
Hardware address and session information handle user password according to the first preset rules, generate the first user password, default according to second
Rule process user password generates second user password, according to the first user password, second user password, hardware address and meeting
It talks about information and generates information to be transmitted, the Encryption Algorithm prestored is selected according to the first user password, according to Encryption Algorithm to be transmitted
Information is encrypted, and obtains eap-message digest, and be sent to server, eap-message digest be used to indicate server according to eap-message digest into
Row user identity authentication.The embodiment of the present invention is raw according to the first user password, second user password, hardware address and session information
Encryption Algorithm is selected at information to be transmitted, and according to the first user password, information to be transmitted is encrypted by Encryption Algorithm,
To efficiently solve since the content that identity information includes is to be transmitted in plain text, attacker is caused to obtain subscriber identity information
It is easier, the lower problem of safety.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only of the invention some
Embodiment for those of ordinary skill in the art without any creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is the implementation process schematic diagram of identity authentication method provided by one embodiment of the present invention;
Fig. 2 is the specific implementation flow schematic diagram of step S105 in Fig. 1 provided by one embodiment of the present invention;
Fig. 3 is the structural schematic diagram of the system of authentication provided by one embodiment of the present invention;
Fig. 4 is the structural schematic diagram of selecting module in Fig. 3 provided by one embodiment of the present invention;
Fig. 5 is the schematic diagram of terminal device provided by one embodiment of the present invention.
Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposed
Body details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specific
The present invention also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricity
The detailed description of road and method, in case unnecessary details interferes description of the invention.
In order to illustrate technical solutions according to the invention, the following is a description of specific embodiments.
Embodiment 1:
Fig. 1 shows the implementation process of the identity authentication method of one embodiment of the present of invention offer, and process is described in detail
It is as follows:
In step s101, user password, hardware address and session information are obtained.
In one embodiment, session refers to the process of that a terminal device is communicated with interactive system, when terminal is set
It is standby that server can automatically create a session, and distribute a session number for session when communicated for the first time with server,
Session number is sent to terminal device, at the end of terminal device and server communication, server closing session, and discharge meeting
Talk about resource.
In the present embodiment, session information includes the sequence number of session number, the data packet of session and session.
In the present embodiment, the data packet of session includes Supplicant Address, responder address, network function code, responder
Logical unit number and requesting party's logical unit number.
In the present embodiment, when terminal device sends data packet to the server of session, the data packet of session is divided into
Multiple data segments, terminal device are that each data segment distributes a sequence number, and server can be according to sequence number according to former order
The data packet of recombination data section, the session for sending terminal device is identical with the data packet of the received session of server.
By taking a concrete application scene as an example, session number 0x00000090, the Serial No. 0x00000000 of session.
In the present embodiment, hardware address can be MAC Address (Media Access Contro, hardware address).
In step s 102, user password is handled according to the first preset rules, generates the first user password.
In one embodiment, step S102 is specifically included: information coding value corresponding to user password is pre- with first
If the sum of numerical value is used as the first user password.
In the present embodiment, information coding value includes ASCII character (American Standard Code for
Information Interchange, ASCII) and binary-coded decimal (Binary-Coded Decimal, two
Into code denary number).
Optionally, information coding value corresponding to user password and the product of the first default value is close as the first user
Code.
Optionally, information coding value corresponding to user password and the ratio of the first default value is close as the first user
Code.
Optionally, information coding value corresponding to user password and the difference of the first default value is close as the first user
Code.
By taking a concrete application scene as an example, 12a is converted to ASCII character, the first default value by user password 12a
Be 1, using the corresponding ASCII character of 12a and 1 sum as the first user password.
In step s 103, user password is handled according to the second preset rules, generates second user password.
In one embodiment, step S103 is specifically included: information coding value corresponding to user password is pre- with second
If the difference of numerical value is as second user password.
Optionally, information coding value corresponding to user password and the product of the first default value is close as second user
Code.
Optionally, information coding value corresponding to user password and the ratio of the first default value is close as second user
Code.
Optionally, the sum of information coding value and the first default value corresponding to user password is close as second user
Code.
By taking a concrete application scene as an example, 2233bb is converted to ASCII character by user password 2233bb, and first is pre-
If numerical value be 1, using the corresponding ASCII character of 12a and 1 difference as second user password.
In step S104, generated according to the first user password, second user password, hardware address and session information to be passed
Defeated information.
In one embodiment, the first user password, second user password, hardware address and session information are converted to ten
Senary data, and hexadecimal data is converted into information to be transmitted according to the IPMI command format prestored.
In step s105, the Encryption Algorithm prestored is selected according to the first user password.
In the present embodiment, an Encryption Algorithm is chosen in the Encryption Algorithm prestored according to the first user password, is used
The Encryption Algorithm of selection encrypts information to be transmitted.
In step s 106, information to be transmitted is encrypted according to Encryption Algorithm, obtains eap-message digest, and be sent to clothes
Business device, eap-message digest are used to indicate server and carry out user identity authentication according to eap-message digest.
In one embodiment, step S106 is specifically included:
1) symmetric key is obtained.
2) symmetric cryptography is carried out to information to be transmitted according to symmetric key, generates data ciphertext.
3) data ciphertext is encrypted according to Encryption Algorithm, generates eap-message digest.
4) eap-message digest is sent to server.
In the present embodiment, server generates symmetric key by symmetric encipherment algorithm at random, by symmetric key and use
Symmetric encipherment algorithm be sent to terminal device, terminal device obtains the symmetrical code key and symmetric encipherment algorithm that server is sent,
And symmetric cryptography is carried out to information to be transmitted by symmetric key and symmetric encipherment algorithm, generate data ciphertext.Wherein, symmetrical to add
Close algorithm includes AES (Advanced Encryption Standard, Advanced Encryption Standard) algorithm.
In the present embodiment, information to be transmitted is encrypted by Encryption Algorithm, first message abstract is obtained, by first
Eap-message digest is sent to server.Server encrypts the information to be transmitted prestored by identical Encryption Algorithm, obtains
Second message abstract.
In one embodiment, server compares first message abstract and whether second message abstract is identical.If they are the same, then
Authentication success, server send the successful message of authentication to terminal device, so that terminal device can be with server
It is further communicated, for example, terminal device sends resource request to server.If not identical, authentication is unsuccessful,
Server sends the request for transmitting information again to terminal device, and terminal device is made to retransmit eap-message digest.
In the present embodiment, when the number that terminal device receives the request for transmitting information again is more than preset times, hair
Send warning message to contact person is prestored, warning message, which is used to indicate, prestores contact person's modification user password, improves safety.
By taking a concrete application scene as an example, preset times 4, when terminal device the 5th receives server transmission
When transmitting the request of information again, then warning message is sent to prestoring contact person.
In the present embodiment, hardware address is added in information to be transmitted, due to hardware address be it is unique, do not allow
It easily is guessed to come by attacker, and user password is handled, do not directly transmit user password, increase the difficulty cracked
Degree, improves safety.
In the present embodiment, user password is handled, generates the first user password and second user password, according to the
One user password, second user password, hardware address and session information generate information to be transmitted, and are selected according to the first user password
Encryption Algorithm is selected, information to be transmitted is encrypted by Encryption Algorithm, and is sent eap-message digest based on 1.5 agreement of IPMI
Cause attacker to obtain to server to efficiently solve since the content that identity information includes is to be transmitted in plain text and use
Family identity information is easier, the lower problem of safety.
As shown in Fig. 2, in one embodiment of the invention, step S104 is specifically included in embodiment corresponding to Fig. 1:
In step s 201, the information coding value of the first user password is obtained.
In the present embodiment, information coding value includes ASCII character and binary-coded decimal, for example, the first user password is converted to
ASCII character.
In step S202, the correspondence numerical value of preset data position in the information coding value of the first user password is calculated.
In step S203, corresponding one is chosen from the Encryption Algorithm of the preset quantity prestored according to corresponding numerical value and is added
Close algorithm.
In the present embodiment, Encryption Algorithm includes HMAC-SHA1 Encryption Algorithm, HMAC-MD5 Encryption Algorithm, md5 encryption calculation
Method, HMAC-SHA256 Encryption Algorithm and SHA1 Encryption Algorithm.
By taking a default scene as an example, the first user password is 12a, 12a is converted to ASCII character, preset data position is
The last two digits of binary data, the 4 kinds of Encryption Algorithm prestored are respectively that HMAC-SHA1 Encryption Algorithm, HMAC-MD5 add
Close algorithm, md5 encryption algorithm and HMAC-SHA256 Encryption Algorithm select HMAC- when it is 00 that preset data position, which corresponds to numerical value,
SHA1 Encryption Algorithm selects HMAC-MD5 Encryption Algorithm when it is 01 that preset data position, which corresponds to numerical value, when preset data position is corresponding
When numerical value is 10, md5 encryption algorithm is selected, when it is 11 that preset data position, which corresponds to numerical value, selects HMAC-SHA1 Encryption Algorithm,
By the corresponding ASCII character of the first user password, i.e., the corresponding ASCII character of 12a is converted into binary data
001100010011001001100001, because it is 01 that the last two bits position of binary data, which corresponds to numerical value, selection
HMAC-MD5 Encryption Algorithm.
In the present embodiment, added according to the correspondence numerical value selection of preset data position in the information coding value of the first user password
Close algorithm avoids the need for Encryption Algorithm being sent to server, the occurrence of so as to cause disclosed in Encryption Algorithm, improves
Safety.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process
Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit
It is fixed.
Embodiment 2:
Fig. 3 shows the system 100 of the authentication of one embodiment of the present of invention offer, for executing corresponding to Fig. 1
Embodiment in method and step comprising:
Data obtaining module 110, for obtaining user password, hardware address and session information.
First processing module 120 generates the first user password for handling user password according to the first preset rules.
Second processing module 130 generates second user password for handling user password according to the second preset rules.
Data obtaining module 140 to be transmitted, for according to the first user password, second user password, hardware address and meeting
It talks about information and generates information to be transmitted.
Selecting module 150, for selecting the Encryption Algorithm prestored according to the first user password.
Information sending module 160 obtains eap-message digest for encrypting according to Encryption Algorithm to information to be transmitted, and
It is sent to server, eap-message digest is used to indicate server and carries out user identity authentication according to eap-message digest.
In one embodiment, first processing module 120 is used for: by information coding value and first corresponding to user password
The sum of default value is used as the first user password.
In one embodiment, Second processing module 130 is used for: by information coding value and second corresponding to user password
The difference of default value is as second user password.
In one embodiment, information sending module 160 includes:
Key acquiring unit, for obtaining symmetric key.
First encryption unit generates data ciphertext for carrying out symmetric cryptography to information to be transmitted according to symmetric key.
Second encryption unit generates eap-message digest for encrypting according to Encryption Algorithm to data ciphertext.
Transmission unit, for eap-message digest to be sent to server.
As shown in figure 4, in one embodiment, the selecting module 150 in embodiment corresponding to Fig. 3 includes:
Encoded radio acquiring unit 151, for obtaining the information coding value of the first user password.
Computing unit 152, the correspondence numerical value of preset data position in the information coding value for calculating the first user password.
Algorithm picks unit 153, for choosing correspondence from the Encryption Algorithm of the preset quantity prestored according to corresponding numerical value
An Encryption Algorithm.
In one embodiment, the system 100 of authentication further includes other function module/unit, for realizing implementation
Method and step in example 1 in each embodiment.
Embodiment 3:
Fig. 5 is the schematic diagram for the terminal device that one embodiment of the invention provides.As shown in figure 5, the terminal of the embodiment is set
Standby 5 include: processor 50, memory 51 and are stored in the meter that can be run in the memory 51 and on the processor 50
Calculation machine program 52.The processor 50 realizes each embodiment as described in example 1 above when executing the computer program 52
Step, such as step S101 shown in FIG. 1 to step S106.Alternatively, when the processor 50 executes the computer program 52
Realize the function of each module/unit in each system embodiment as described in example 2 above, for example, module 110 shown in Fig. 3 to
160 function.
Illustratively, the computer program 52 can be divided into one or more module/units, it is one or
Multiple module/units are stored in the memory 51, and are executed by the processor 50, to complete the present invention.Described one
A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for
Implementation procedure of the computer program 52 in the terminal device 5 is described.For example, the computer program 52 can be divided
It is cut into data obtaining module, first processing module, Second processing module, data obtaining module to be transmitted, selecting module and information
Sending module.Each module concrete function is as follows:
Data obtaining module, for obtaining user password, hardware address and session information.
First processing module generates the first user password for handling user password according to the first preset rules.
Second processing module generates second user password for handling user password according to the second preset rules.
Data obtaining module to be transmitted, for being believed according to the first user password, second user password, hardware address and session
Breath generates information to be transmitted.
Selecting module, for selecting the Encryption Algorithm prestored according to the first user password.
Information sending module obtains eap-message digest, and send for encrypting according to Encryption Algorithm to information to be transmitted
To server, eap-message digest is used to indicate server and carries out user identity authentication according to eap-message digest.
The terminal device 5 can be the calculating such as desktop PC, notebook, palm PC and cloud server and set
It is standby.The terminal device 5 may include, but be not limited only to, processor 50, memory 51.It will be understood by those skilled in the art that figure
5 be only the example of terminal device 5, does not constitute the restriction to terminal device 5, may include than illustrating more or fewer portions
Part perhaps combines certain components or different components, such as the terminal device can also include input-output equipment, net
Network access device, bus etc..
Alleged processor 50 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor
Deng.
The memory 51 can be the internal storage unit of the terminal device 5, such as the hard disk or interior of terminal device 5
It deposits.The memory 51 is also possible to the External memory equipment of the terminal device 5, such as be equipped on the terminal device 5
Plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card dodge
Deposit card (Flash Card) etc..Further, the memory 51 can also both include the storage inside list of the terminal device 5
Member also includes External memory equipment.The memory 51 is for storing needed for the computer program and the terminal device
Other programs and data.The memory 51 can be also used for temporarily storing the data that has exported or will export.
Embodiment 4:
The embodiment of the invention also provides a kind of computer readable storage medium, computer-readable recording medium storage has meter
Calculation machine program is realized the step in each embodiment as described in example 1 above, such as is schemed when computer program is executed by processor
Step S101 shown in 1 to step S106.Alternatively, realizing when the computer program is executed by processor such as institute in embodiment 2
The function of each module/unit in each system embodiment stated, such as the function of module 110 to 160 shown in Fig. 3.
The computer program can be stored in a computer readable storage medium, and the computer program is by processor
When execution, it can be achieved that the step of above-mentioned each embodiment of the method.Wherein, the computer program includes computer program code,
The computer program code can be source code form, object identification code form, executable file or certain intermediate forms etc..Institute
State computer-readable medium may include: can carry the computer program code any entity or device, recording medium,
USB flash disk, mobile hard disk, magnetic disk, CD, computer storage, read-only memory (ROM, Read-Only Memory), arbitrary access
Memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It needs
It is bright, the content that the computer-readable medium includes can according in jurisdiction make laws and patent practice requirement into
Row increase and decrease appropriate, such as in certain jurisdictions, according to legislation and patent practice, computer-readable medium do not include be electricity
Carrier signal and telecommunication signal.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment
The part of load may refer to the associated description of other embodiments.
The steps in the embodiment of the present invention can be sequentially adjusted, merged and deleted according to actual needs.
Module or unit in system of the embodiment of the present invention can be combined, divided and deleted according to actual needs.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed device/terminal device and method, it can be with
It realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, institute
The division of module or unit is stated, only a kind of logical function partition, there may be another division manner in actual implementation, such as
Multiple units or components can be combined or can be integrated into another system, or some features can be ignored or not executed.Separately
A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be through some interfaces, device
Or the INDIRECT COUPLING or communication connection of unit, it can be electrical property, mechanical or other forms.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although referring to aforementioned reality
Applying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each
Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified
Or replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should all
It is included within protection scope of the present invention.
Claims (10)
1. a kind of identity authentication method characterized by comprising
Obtain user password, hardware address and session information;
The user password is handled according to the first preset rules, generates the first user password;
The user password is handled according to the second preset rules, generates second user password;
It is generated according to first user password, the second user password, the hardware address and the session information to be passed
Defeated information;
The Encryption Algorithm prestored is selected according to first user password;
The information to be transmitted is encrypted according to the Encryption Algorithm, obtains eap-message digest, and be sent to server, it is described
Eap-message digest is used to indicate the server and carries out user identity authentication according to the eap-message digest.
2. identity authentication method as described in claim 1, which is characterized in that described according to the processing of the first preset rules
User password generates the first user password, specifically includes:
It regard the sum of information coding value and the first default value corresponding to the user password as first user password.
3. identity authentication method as described in claim 1, which is characterized in that described according to the processing of the second preset rules
User password generates second user password, specifically includes:
Using information coding value corresponding to the user password and the difference of the second default value as the second user password.
4. identity authentication method as described in claim 1, which is characterized in that described to be selected according to first user password
The Encryption Algorithm prestored, specifically includes:
Obtain the information coding value of first user password;
Calculate the correspondence numerical value of preset data position in the information coding value of first user password;
A corresponding Encryption Algorithm is chosen from the Encryption Algorithm of the preset quantity prestored according to the corresponding numerical value.
5. identity authentication method as described in claim 1, which is characterized in that it is described according to the Encryption Algorithm to it is described to
Transmission information is encrypted, and is obtained eap-message digest, and be sent to predetermined server, is specifically included:
Obtain symmetric key;
Symmetric cryptography is carried out to the information to be transmitted according to the symmetric key, generates data ciphertext;
The data ciphertext is encrypted according to the Encryption Algorithm, generates the eap-message digest;
The eap-message digest is sent to the server.
6. a kind of system of authentication characterized by comprising
Data obtaining module, for obtaining user password, hardware address and session information;
First processing module generates the first user password for handling the user password according to the first preset rules;
Second processing module generates second user password for handling the user password according to the second preset rules;
Data obtaining module to be transmitted, for according to first user password, the second user password, the hardware address
Information to be transmitted is generated with the session information;
Selecting module, for selecting the Encryption Algorithm prestored according to first user password;
Information sending module obtains eap-message digest for encrypting according to the Encryption Algorithm to the information to be transmitted, and
It is sent to server, the eap-message digest is used to indicate the server and carries out user identity authentication according to the eap-message digest.
7. the system of authentication as claimed in claim 6, which is characterized in that the selecting module includes:
Encoded radio acquiring unit, for obtaining the information coding value of first user password;
Computing unit, the correspondence numerical value of preset data position in the information coding value for calculating first user password;
Algorithm picks unit, for choosing corresponding one from the Encryption Algorithm of the preset quantity prestored according to the corresponding numerical value
A Encryption Algorithm.
8. the system of authentication as claimed in claim 6, which is characterized in that the information sending module includes:
Key acquiring unit, for obtaining symmetric key;
It is close to generate data for carrying out symmetric cryptography to the information to be transmitted according to the symmetric key for first encryption unit
Text;
Second encryption unit generates the eap-message digest for encrypting according to the Encryption Algorithm to the data ciphertext;
Transmission unit, for the eap-message digest to be sent to the server.
9. a kind of terminal device, including memory, processor and storage are in the memory and can be on the processor
The computer program of operation, which is characterized in that the processor realizes such as claim 1 to 5 when executing the computer program
The step of any one the method.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists
In when the computer program is executed by processor the step of any one of such as claim 1 to 5 of realization the method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711383898.5A CN109951417B (en) | 2017-12-20 | 2017-12-20 | Identity authentication method, system and terminal equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711383898.5A CN109951417B (en) | 2017-12-20 | 2017-12-20 | Identity authentication method, system and terminal equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109951417A true CN109951417A (en) | 2019-06-28 |
CN109951417B CN109951417B (en) | 2021-06-04 |
Family
ID=67004842
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711383898.5A Active CN109951417B (en) | 2017-12-20 | 2017-12-20 | Identity authentication method, system and terminal equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109951417B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111193740A (en) * | 2019-12-31 | 2020-05-22 | 苏宁金融科技(南京)有限公司 | Encryption method, device, decryption method, computer device and storage medium |
CN111698226A (en) * | 2020-05-28 | 2020-09-22 | 中国平安财产保险股份有限公司 | Method and device for verifying and selling ticket |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101304423A (en) * | 2008-07-08 | 2008-11-12 | 北京邮电大学 | Method and system for authenticating user identification |
CN102036235A (en) * | 2009-09-28 | 2011-04-27 | 西门子(中国)有限公司 | Device and method for identity authentication |
US20170187528A1 (en) * | 2015-12-29 | 2017-06-29 | International Business Machines Corporation | Password-authenticated public key encryption and decryption |
CN107404469A (en) * | 2016-05-20 | 2017-11-28 | 广州市动景计算机科技有限公司 | A kind of secure session processing system, unit and method |
-
2017
- 2017-12-20 CN CN201711383898.5A patent/CN109951417B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101304423A (en) * | 2008-07-08 | 2008-11-12 | 北京邮电大学 | Method and system for authenticating user identification |
CN102036235A (en) * | 2009-09-28 | 2011-04-27 | 西门子(中国)有限公司 | Device and method for identity authentication |
US20170187528A1 (en) * | 2015-12-29 | 2017-06-29 | International Business Machines Corporation | Password-authenticated public key encryption and decryption |
CN107404469A (en) * | 2016-05-20 | 2017-11-28 | 广州市动景计算机科技有限公司 | A kind of secure session processing system, unit and method |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111193740A (en) * | 2019-12-31 | 2020-05-22 | 苏宁金融科技(南京)有限公司 | Encryption method, device, decryption method, computer device and storage medium |
CN111193740B (en) * | 2019-12-31 | 2023-03-14 | 苏宁金融科技(南京)有限公司 | Encryption method, device, decryption method, computer device and storage medium |
CN111698226A (en) * | 2020-05-28 | 2020-09-22 | 中国平安财产保险股份有限公司 | Method and device for verifying and selling ticket |
CN111698226B (en) * | 2020-05-28 | 2022-07-19 | 中国平安财产保险股份有限公司 | Method and device for verifying and selling ticket |
Also Published As
Publication number | Publication date |
---|---|
CN109951417B (en) | 2021-06-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109981641B (en) | Block chain technology-based safe publishing and subscribing system and publishing and subscribing method | |
CN111209334B (en) | Power terminal data security management method based on block chain | |
CN109104279A (en) | A kind of encryption method of electric power data, system and terminal device | |
CN102007727B (en) | Method for distributing encryption means | |
CN108173644A (en) | Data transfer encryption method, device, storage medium, equipment and server | |
CN107707347A (en) | The backup method and device of user key, the introduction method and device of user key | |
Velliangiri et al. | An efficient lightweight privacy-preserving mechanism for industry 4.0 based on elliptic curve cryptography | |
CN105897784B (en) | Internet-of-things terminal equipment encryption communication method and device | |
CN107454590A (en) | A kind of data ciphering method, decryption method and wireless router | |
CN108718313A (en) | Application of software data uses method, terminal device and server safely | |
CN109214201A (en) | A kind of data sharing method, terminal device and computer readable storage medium | |
CN110266582A (en) | A kind of information push method, system, server and communication terminal | |
CN113595744B (en) | Network access method, device, electronic equipment and storage medium | |
CN107483209A (en) | A kind of safe label decryption method based on heterogeneous system | |
CN114143117B (en) | Data processing method and device | |
CN110620660A (en) | Key distribution method for data communication based on block chain | |
CN205945769U (en) | Quantum key chip | |
CN108400862A (en) | A kind of intelligent power trusted end-user data fusion encryption method | |
CN110378128A (en) | Data ciphering method, device and terminal device | |
CN109547201A (en) | A kind of encryption method of root key, computer readable storage medium and terminal device | |
CN105162585B (en) | A kind of session cipher negotiating method of secret protection | |
CN108920976A (en) | A kind of contract signing method, apparatus and system | |
CN108765230A (en) | A kind of resident's household register approaches to IM and server | |
CN102222188A (en) | Information system user password generation method | |
CN109951417A (en) | A kind of identity authentication method, system and terminal device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |