CN110224834A - Identity identifying method, decryption and ciphering terminal based on dynamic token - Google Patents

Identity identifying method, decryption and ciphering terminal based on dynamic token Download PDF

Info

Publication number
CN110224834A
CN110224834A CN201910438646.0A CN201910438646A CN110224834A CN 110224834 A CN110224834 A CN 110224834A CN 201910438646 A CN201910438646 A CN 201910438646A CN 110224834 A CN110224834 A CN 110224834A
Authority
CN
China
Prior art keywords
encryption
disposal password
decrypting
cryptographic calculation
personal key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910438646.0A
Other languages
Chinese (zh)
Inventor
高一川
党凡
丁旋
刘云浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
Original Assignee
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University filed Critical Tsinghua University
Priority to CN201910438646.0A priority Critical patent/CN110224834A/en
Publication of CN110224834A publication Critical patent/CN110224834A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics

Abstract

The embodiment of the present invention provides a kind of identity identifying method based on dynamic token, decryption and ciphering terminal, this method comprises: if receiving the dynamic token comprising encryption end disposal password and ID data, cryptographic calculation is then carried out to ID data according to master key, obtains decrypting end personal key;Cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, obtains decrypting end disposal password, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through;Wherein, encryption end disposal password is to encrypt after end personal key carries out cryptographic calculation to the current time stamp at encryption end to obtain, and encryption end personal key is to obtain after decryption terminal encrypts id information according to master key.Key used in each user is all different, and under the scene that Terminal security can not ensure, improves the safety of system, is not necessarily to two-way communication, is improved verifying speed, disposal password is obtained according to timestamp, can effectively avoid Replay Attack.

Description

Identity identifying method, decryption and ciphering terminal based on dynamic token
Technical field
The present invention relates to field of identity authentication more particularly to a kind of identity identifying method based on dynamic token, decryption and Ciphering terminal.
Background technique
The figures such as two dimensional code, bar code token is widely used in field of identity authentication.Particularly, in access control system etc. In access management system, the application of figure token is quite universal.Current two dimensional code token mainly passes through static two dimensional Code realizes, the attacks such as this method is difficult to prevent from peeping, screenshotss, so that influencing the safety of entire access management system Property.
Currently, this problem can be avoided to a certain extent by graphical dynamic password token.It is a variety of according to time, ordinal number etc. The factor and key generate dynamic password by certain Encryption Algorithm operation, are shown in institute with quick response code form or bar code form On the screen stated.
But current method, to each user use master key be it is identical, dynamic password is encrypted, if certain The equipment that user uses is attacked, and causes the Key Exposure wherein stored, it will whole system is caused to lose safety.
Summary of the invention
To solve the above-mentioned problems, the embodiment of the present invention provides a kind of identity identifying method based on dynamic token, decryption And ciphering terminal.
In a first aspect, the embodiment of the present invention provides a kind of identity identifying method based on dynamic token, comprising: if receiving Dynamic token comprising encrypting end disposal password and ID data then carries out cryptographic calculation to the ID data according to master key, Obtain decrypting end personal key;Cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, is decrypted Disposal password is held, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through;Wherein, add Close end disposal password is to encrypt after end personal key carries out cryptographic calculation to the current time stamp at encryption end to obtain, encryption end People's key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
Second aspect, the embodiment of the present invention provide a kind of identity identifying method based on dynamic token, comprising: according to encryption It holds personal key to carry out cryptographic calculation to the current time stamp at encryption end, obtains encryption end disposal password;It is primary by end is encrypted Property password and id information as dynamic token send, so that decryption terminal carries out encryption fortune to the id information according to master key It calculates, obtains decrypting end personal key, and cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, obtain Decrypting end disposal password, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through;Its In, encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
The third aspect, the embodiment of the present invention provide a kind of decryption terminal, comprising: deciphering module, if including for receiving The dynamic token of end disposal password and ID data is encrypted, then cryptographic calculation is carried out to the ID data according to master key, obtained Decrypting end personal key;Authentication module, for carrying out cryptographic calculation to decrypting end current time stamp according to decrypting end personal key, Decrypting end disposal password is obtained, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through; Wherein, encryption end disposal password is to encrypt after end personal key carries out cryptographic calculation to the current time stamp at encryption end to obtain, Encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
Fourth aspect, the embodiment of the present invention provide a kind of ciphering terminal, comprising: encrypting module, for according to encryption end The current time stamp at people's key pair encryption end carries out cryptographic calculation, obtains encryption end disposal password;Sending module, for that will add Close end disposal password and id information are sent as dynamic token, so that decryption terminal carries out the id information according to master key Cryptographic calculation obtains decrypting end personal key, and carries out encryption fortune to decrypting end current time stamp according to decrypting end personal key It calculates, obtains decrypting end disposal password, if decrypting end disposal password is consistent with encryption end disposal password, authentication is logical It crosses;Wherein, encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
5th aspect, the embodiment of the present invention provides a kind of electronic equipment, including memory, processor and is stored in memory Computer program that is upper and can running on a processor, processor realize first aspect or a second aspect of the present invention when executing program The step of identity identifying method based on dynamic token.
6th aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, are stored thereon with calculating Machine program realizes body of the first aspect or a second aspect of the present invention based on dynamic token when the computer program is executed by processor The step of identity authentication method.
Identity identifying method based on dynamic token, decryption and ciphering terminal provided in an embodiment of the present invention, encryption end People's key is to obtain after decryption terminal carries out cryptographic calculation to id information according to master key, to realize used in each user Key is all different, and under the scene that Terminal security can not ensure, is improved the safety of system, is not necessarily in verification process Two-way communication between user equipment and verifying equipment, improves the speed of verifying and the convenience degree of user.In addition, encryption end Disposal password is to encrypt after end personal key carries out cryptographic calculation to the current time stamp at encryption end to obtain, so as to effective Avoid Replay Attack.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the identity identifying method flow chart provided in an embodiment of the present invention based on dynamic token;
Fig. 2 be another embodiment of the present invention provides the identity identifying method flow chart based on dynamic token;
Fig. 3 is decryption terminal structure chart provided in an embodiment of the present invention;
Fig. 4 is ciphering terminal structure chart provided in an embodiment of the present invention;
Fig. 5 is the entity structure schematic diagram of a kind of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
The embodiment of the present invention provides a kind of identity identifying method based on dynamic token, and this method can be applied to above-mentioned identity Certification scene.The corresponding executing subject of this method can be decryption terminal, or ciphering terminal, or by decryption terminal or Ciphering terminal interaction realizes that the present invention is not especially limit this.For ease of description, the embodiment of the present invention successively with For executing subject is decryption terminal and ciphering terminal, to the authentication side provided in an embodiment of the present invention based on dynamic token Method is illustrated.Wherein, the ciphering terminal in the embodiment of the present invention, decryption terminal can be difference according to different application scenarios Equipment.Such as in access control applications scene, decryption terminal can be access control equipment, and ciphering terminal can be the mobile phone of user.
Fig. 1 is the identity identifying method flow chart provided in an embodiment of the present invention based on dynamic token, as shown in Figure 1, this Inventive embodiments provide a kind of identity identifying method based on dynamic token, using decryption terminal as executing subject, this method packet It includes:
101, if the dynamic token comprising encryption end disposal password and ID data is received, according to master key to ID number According to cryptographic calculation is carried out, decrypting end personal key is obtained.
Wherein, encryption end disposal password is to encrypt end personal key to carry out cryptographic calculation to the current time stamp at encryption end After obtain, encryption end personal key be decryption terminal according to master key to id information carry out cryptographic calculation after obtain.
Before 101, decryption terminal carries out cryptographic calculation to ID data according to master key, such as passes through 3DES, AES encryption algorithm It carries out, obtains personal key.Before carrying out authentication, which is sent to ciphering terminal and is stored, as Encrypt the personal key at end, the ciphering process for subsequent authentication.
Ciphering terminal carries out cryptographic calculation to current time stamp according to the personal key of storage when needing authentication After obtain disposal password.The embodiment of the present invention is not especially limited the acquisition methods of disposal password, including but not limited to, Based on the Message Digest 5s such as HMAC-SHA256, HMAC-MD5, using personal key as algorithm secret key, encrypted Disposal password is obtained after operation.Current time stamp is the data coding formal of current time, and the minimum unit of time can be When, minute, second, day, the moon, year etc..For example, take present system time standard UNIX timestamp (i.e. from 1 day 00 January in 1970: The number of seconds that 00:00 passes through so far), obtain current time stamp.
When carrying out authentication, the disposal password obtained after ID data and encryption is built into one by ciphering terminal jointly A dynamic token is sent to decryption terminal and carries out authentication, is such as shown, wrapped by two dimensional code or one-dimensional bar code format It includes but the bar code of the specifications such as the two dimensional code or the CODE-128 that are not limited to the code systems such as QR, Data Matrix carries out coding progress It shows.It include the disposal password of ID data and encryption end to be verified in dynamic token.In the specific implementation process, dynamic enables One composition example of board coding are as follows: the 0th expression version number of encoded content updates for later release;Encoded content Unique ID of 1~n expression users, for encrypting generation and the decrypting end Authority Verification of end personal key;Encoded content Last m is time-based disposal password.
In 101, decryption terminal receives the dynamic token of ciphering terminal transmission, need to carry out school to the ID in dynamic token It tests.Decryption terminal carries out cryptographic calculation to ID data according to the master key of storage, obtains the personal key of decrypting end.Herein plus Close operation is carried out after cryptographic calculation obtains personal key with decryption terminal by master key, and when being sent to ciphering terminal, is used Cryptographic calculation it is identical.Unlike, the personal key from the decrypting end obtained this moment is used in decrypting end.
102, cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, it is disposable to obtain decrypting end Password, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through.
In 102, decryption terminal carries out cryptographic calculation to current time stamp, obtains according to the personal key obtained in 101 To disposal password.Obtained disposal password is compared with the disposal password in dynamic token, if result is consistent, Authentication passes through.
Identity identifying method provided in this embodiment based on dynamic token, encryption end personal key be decryption terminal according to Master key obtains after carrying out cryptographic calculation to id information, is all different to realize key used in each user, in terminal Under the scene that safety can not ensure, the safety of system is improved, without user equipment and verifying equipment in verification process Between two-way communication, improve the speed of verifying and the convenience degree of user.In addition, encryption end disposal password is encryption end Personal key obtains after carrying out cryptographic calculation to the current time stamp at encryption end, so as to effectively avoid Replay Attack.
Content based on the above embodiment works as decrypting end according to decrypting end personal key as a kind of alternative embodiment Preceding timestamp carries out cryptographic calculation, comprising: zooms in and out processing to decrypting end current time stamp;According to decrypting end personal key pair Decrypting end current time stamp after scaling processing carries out cryptographic calculation;Correspondingly, encryption end disposal password is that encryption end is personal Encryption end current time stamp after key pair scaling processing obtains after carrying out cryptographic calculation.
In view of timestamp minimum time unit be the second, point etc. compared with subsection when, if when ciphering process and decrypting process Between interval be more than minimum time unit, or be just located at two periods, then will lead to decrypting end obtain it is disposable close Code is inconsistent with encryption end, and in addition excessive timestamp value can bring biggish computing cost.Pass through in the embodiment of the present invention The current time stamp of encryption and decryption processes is zoomed in and out respectively in ciphering terminal and decryption terminal, to make to encrypt and decrypt The current time stamp of process is consistent.It should be noted that the scaling in the embodiment of the present invention is primarily referred to as reducing numerical value.Example Such as, under UNIX timestamp, the current time stamp for encrypting end is 1555000010, and the current time stamp of decrypting end is 15550000019, i.e. encrypting and decrypting process is separated by 9 seconds, using 10 times of scaling, timestamp is reduced 10 times, then encrypting and decrypting The timestamp of process is 15550001.To guarantee when verifying correct ID, the disposal password that decrypting process obtains It is consistent with the disposal password at encryption end.
Method provided in an embodiment of the present invention, by zooming in and out processing to decrypting end current time stamp, so as to mention The accuracy of high authentication, while reducing encryption end and decryption end equipment computing cost.
Content based on the above embodiment, as a kind of alternative embodiment, receive comprising encryption end disposal password and Before the dynamic token of ID data, further includes: selection is greater than or equal to 2 times of ID data length of master key, passes through Encryption Algorithm ID data are encrypted, the first half of encryption end personal key is obtained;ID data are negated, Encryption Algorithm pair is passed through Negated ID data are encrypted, and the latter half of encryption end personal key is obtained;First half and latter half are constituted Encryption end personal key be sent to ciphering terminal.
In order to improve encryption degree, chosen in the embodiment of the present invention and be greater than 2 times of ID data length of master key, to ID data into Row encryption, master key length are k.In the embodiment of the present invention, the length of the personal key of output and the length of master key are identical, defeated The length for entering ID data is k/2, if the long element of input data is filled operation polishing length to it less than k/2.Decryption is eventually End carries out symmetric cryptography using master key to input data, the preceding k/2 byte as personal key.To input data byte-by-byte Inversion operation is carried out, to the input data after inversion operation, carries out symmetric cryptography using master key, the last k/ as personal key 2 bytes.Finally, obtained personal key is sent to ciphering terminal, so that subsequent ciphering terminal generates dynamic token.
In the embodiment of the present invention, selection is greater than or equal to 2 times of ID data length of master key, by Encryption Algorithm to ID number According to being encrypted, the first half of encryption end personal key is obtained;ID data are negated, by Encryption Algorithm to negating after ID data encrypted, obtain encryption end personal key latter half, the level of encryption of personal key can be effectively improved.
Content based on the above embodiment is also wrapped after obtaining decrypting end disposal password as a kind of alternative embodiment It includes: using preset rules, length reduction being carried out to disposal password;Correspondingly, this is default according to encrypting end disposal password Rule obtains after being reduced.
In view of the longer situation of disposal password length of acquisition, for the length for reducing disposal password, in order to dynamic Coding and identification in state token, such as the code identification of two dimensional code, bar code, in the embodiment of the present invention, to encryption end and decryption Obtained disposal password is held to carry out the reduction of digit using identical rule.For example, encryption end and decrypting end are obtained one Secondary property password is to 10mLength reduction is m by modulus.By carrying out length reduction to disposal password, opened to reduce calculating Pin.
Content based on the above embodiment works as decrypting end according to decrypting end personal key as a kind of alternative embodiment Preceding timestamp is encrypted, and decrypting end disposal password is obtained, comprising: carries out preset duration to the current time stamp of decrypting end Offset, multiple timestamps after being deviated respectively encrypt multiple timestamps according to decrypting end personal key, obtain more A decrypting end disposal password;Correspondingly, if decrypting end disposal password is consistent with encryption end disposal password, authentication Pass through, specifically: if any one in multiple decrypting end disposal passwords is consistent with encryption end disposal password, authentication Pass through.
In view of the timestamp at encryption end and decrypting end there is a situation where it is still different after inconsistent or above-mentioned zoom operations It causes, it is still not identical after 10 times of scalings for example, 15550000019 and 15550000020.In the embodiment of the present invention, decryption terminal, Cryptographic calculation is carried out to current time stamp, when obtaining disposal password, first current time stamp is deviated according to prediction duration, To obtain multiple current time stamps.Such as the preset length according to 1s, the timestamp 15550000020 of decrypting end is carried out partially It moves each 5 times, then 15550000015~15,550,000,025 11 timestamps is obtained, when according to decrypting end personal key to 11 Between stab and carry out encryption transport respectively, obtain 11 decrypting end disposal passwords.During decrypting end verifying, 11 disposable In password, any one is consistent with encryption end disposal password, then authentication passes through.Meanwhile in combination with it is above-mentioned to decrypting end and Encryption end current time stamp zooms in and out processing, further ensures the accuracy of authentication.Such as after 10 times of scalings, carry out left Right avertence moves 3 minimum units (minimum unit is the second, is then 10 seconds after 10 times of scalings), is equivalent to before and after decrypting end current time stamp 30 seconds time ranges can be consistent with encryption end.
In the embodiment of the present invention, the offset of preset duration is carried out by the current time stamp of decrypting end, after being deviated Multiple timestamps respectively encrypt multiple timestamps according to decrypting end personal key, it is disposably close to obtain multiple decrypting ends Code, to improve the accuracy of authentication.
Fig. 2 be another embodiment of the present invention provides the identity identifying method flow chart based on dynamic token, the present invention is real It applies example and a kind of identity identifying method based on dynamic token is also provided, using ciphering terminal as executing subject, this method comprises:
201, cryptographic calculation is carried out according to current time stamp of the encryption end personal key to encryption end, it is primary obtains encryption end Property password;
202, it is sent using encryption end disposal password and id information as dynamic token.
Wherein, encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to id information according to master key.
Corresponding with the method for decrypting end, before 201, decryption terminal carries out encryption fortune to ID data according to master key It calculates, is such as carried out by 3DES, AES encryption algorithm, obtain personal key.Before carrying out authentication, which is sent out It send to ciphering terminal and is stored, the ciphering process as the personal key at encryption end, for subsequent authentication.
In 201, ciphering terminal carries out current time stamp according to the personal key of storage when needing authentication Disposal password is obtained after cryptographic calculation.
In 202, the disposal password obtained after ID data and encryption is built into a dynamic jointly and enabled by ciphering terminal Board is sent to decryption terminal and carries out authentication, is such as shown by two dimensional code or one-dimensional bar code format.
After 202, decryption terminal carries out cryptographic calculation to id information according to master key, obtains decrypting end personal key, And cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, decrypting end disposal password is obtained, if solution Close end disposal password is consistent with encryption end disposal password, then authentication passes through.
Accordingly with the embodiment of above-mentioned decryption terminal, for ciphering terminal in implementation process, it is above-mentioned right equally to may also include Decrypting end current time stamp zooms in and out processing;Store the master that decryption terminal is greater than or equal to 2 times of ID data length by selection The personal key that key obtains;Using preset rules identical with decrypting end, length reduction is carried out to encryption end disposal password Etc. alternative embodiments, details are not described herein again.
Fig. 3 is decryption terminal structure chart provided in an embodiment of the present invention, as shown in figure 3, the decryption terminal includes: decryption mould Block 301 and authentication module 302.Wherein, if it includes encryption end disposal password and ID data that deciphering module 301, which is used to receive, Dynamic token then carries out cryptographic calculation to ID data according to master key, obtains decrypting end personal key;Authentication module 302 is used for Cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, obtains decrypting end disposal password, if decryption Hold disposal password consistent with encryption end disposal password, then authentication passes through.
In a pre-authentication, decryption terminal carries out cryptographic calculation to ID data according to master key, obtains personal key.It will The personal key is sent to ciphering terminal and is stored, the encryption as the personal key at encryption end, for subsequent authentication Process.
Ciphering terminal carries out cryptographic calculation to current time stamp according to the personal key of storage when needing authentication After obtain disposal password.When carrying out authentication, the disposal password obtained after ID data and encryption is total to by ciphering terminal With a dynamic token is built into, it is sent to deciphering module 301 and carries out authentication, such as pass through two dimensional code or one-dimensional bar code lattice Formula is shown.It include the disposal password of ID data and encryption end to be verified in dynamic token.
Deciphering module 301 receives the dynamic token of ciphering terminal transmission, need to verify to the ID in dynamic token.Decryption Module 301 carries out cryptographic calculation to ID data according to the master key of storage, obtains personal key.Cryptographic calculation herein, with solution Close terminal is carried out after cryptographic calculation obtains personal key by master key, and when being sent to ciphering terminal, the cryptographic calculation used It is identical.
Authentication module 302 carries out cryptographic calculation to current time stamp according to the personal key of acquisition, obtains disposable close Code.Obtained disposal password is compared with the disposal password in dynamic token, if result is consistent, authentication is logical It crosses.
Decryption terminal embodiment provided in an embodiment of the present invention is to realize above-mentioned each method embodiment, detailed process Above method embodiment is please referred to detailed content, details are not described herein again.
Fig. 4 is ciphering terminal structure chart provided in an embodiment of the present invention, as shown in figure 4, the ciphering terminal includes: encryption mould Block 401 and sending module 402.Wherein, encrypting module 401 is used for the current time stamp according to encryption end personal key to encryption end Cryptographic calculation is carried out, encryption end disposal password is obtained;Sending module 402 is made for that will encrypt end disposal password and id information Decrypting end personal key is obtained so that decryption terminal carries out cryptographic calculation to id information according to master key for dynamic token transmission, And cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, decrypting end disposal password is obtained, if solution Close end disposal password is consistent with encryption end disposal password, then authentication passes through;Wherein, encryption end personal key is decryption Terminal obtains after carrying out cryptographic calculation to id information according to master key.
Before carrying out authentication, decryption terminal carries out cryptographic calculation to ID data according to master key, obtains personal close The personal key is sent to ciphering terminal and stored by key, as the personal key at encryption end, for subsequent authentication Ciphering process.
When needing authentication, encrypting module 401 carries out encryption fortune to current time stamp according to the personal key of storage Disposal password is obtained after calculation.
The disposal password obtained after ID data and encryption is built into a dynamic token by sending module 402 jointly, is sent out It gives decryption terminal and carries out authentication, be such as shown by two dimensional code or one-dimensional bar code format.
When authentication, decryption terminal carries out cryptographic calculation to id information according to master key, and it is personal to obtain decrypting end Key, and cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, decrypting end disposal password is obtained, If decrypting end disposal password is consistent with encryption end disposal password, authentication passes through.
Ciphering terminal embodiment provided in an embodiment of the present invention be in order to realize above method embodiment, detailed process and Detailed content please refers to above method embodiment, and details are not described herein again.
Decryption terminal and ciphering terminal provided in an embodiment of the present invention, since encryption end personal key is decryption terminal root It obtains, is all different to realize key used in each user, at end after carrying out cryptographic calculation to id information according to master key Under the scene that end safety can not ensure, the safety of system is improved, is set without user equipment with verifying in verification process Two-way communication between standby, improves the speed of verifying and the convenience degree of user.In addition, encryption end disposal password is encryption End personal key obtains after carrying out cryptographic calculation to the current time stamp at encryption end, so as to effectively avoid Replay Attack.
Fig. 5 is the entity structure schematic diagram of a kind of electronic equipment provided in an embodiment of the present invention, as shown in figure 5, the electronics Equipment may include: processor (processor) 501, communication interface (Communications Interface) 502, storage Device (memory) 503 and bus 504, wherein processor 501, communication interface 502, memory 503 complete phase by bus 504 Communication between mutually.Communication interface 502 can be used for the information transmission of electronic equipment.Processor 501 can call in memory 503 Logical order, with execute include following method: if receive comprising encryption end disposal password and ID data dynamic enable Board then carries out cryptographic calculation to ID data according to master key, obtains decrypting end personal key;According to decrypting end personal key to solution Close end current time stamp carries out cryptographic calculation, obtains decrypting end disposal password, if decrypting end disposal password and encryption end one Secondary property password is consistent, then authentication passes through;Wherein, encryption end disposal password is that encryption end personal key works as encryption end Preceding timestamp obtains after carrying out cryptographic calculation, and encryption end personal key is that decryption terminal encrypts id information according to master key It is obtained after operation.
In addition, the logical order in above-mentioned memory 503 can be realized by way of SFU software functional unit and conduct Independent product when selling or using, can store in a computer readable storage medium.Based on this understanding, originally Substantially the part of the part that contributes to existing technology or the technical solution can be in other words for the technical solution of invention The form of software product embodies, which is stored in a storage medium, including some instructions to So that a computer equipment (can be personal computer, server or the network equipment etc.) executes the above-mentioned each side of the present invention The all or part of the steps of method embodiment.And storage medium above-mentioned include: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. it is various It can store the medium of program code.
On the other hand, the embodiment of the present invention also provides a kind of non-transient computer readable storage medium, is stored thereon with meter Calculation machine program, which is implemented to carry out the various embodiments described above offer method when being executed by processor, for example, If receiving the dynamic token comprising encryption end disposal password and ID data, encryption fortune is carried out to ID data according to master key It calculates, obtains decrypting end personal key;Cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, is solved Close end disposal password, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through;Wherein, Encryption end disposal password is to encrypt after end personal key carries out cryptographic calculation to the current time stamp at encryption end to obtain, and encrypts end Personal key is to obtain after decryption terminal carries out cryptographic calculation to id information according to master key.
The apparatus embodiments described above are merely exemplary, wherein unit can be as illustrated by the separation member Or may not be and be physically separated, component shown as a unit may or may not be physical unit, i.e., It can be located in one place, or may be distributed over multiple network units.It can select according to the actual needs therein Some or all of the modules achieves the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creative labor In the case where dynamic, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation The method of certain parts of example or embodiment.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features; And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and Range.

Claims (10)

1. a kind of identity identifying method based on dynamic token characterized by comprising
If receive comprising encryption end disposal password and ID data dynamic token, according to master key to the ID data into Row cryptographic calculation obtains decrypting end personal key;
Cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, obtains decrypting end disposal password, if Decrypting end disposal password is consistent with encryption end disposal password, then authentication passes through;
Wherein, encryption end disposal password is to encrypt after end personal key carries out cryptographic calculation to the current time stamp at encryption end to obtain , encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
2. the identity identifying method according to claim 1 based on dynamic token, which is characterized in that described according to decrypting end Personal key carries out cryptographic calculation to decrypting end current time stamp, comprising:
Processing is zoomed in and out to decrypting end current time stamp;
Cryptographic calculation is carried out to the decrypting end current time stamp after scaling processing according to decrypting end personal key;
Correspondingly, encryption end disposal password is to encrypt end personal key to carry out the encryption end current time stamp after scaling processing It is obtained after cryptographic calculation.
3. the identity identifying method according to claim 1 based on dynamic token, which is characterized in that described receive include Before encryption end disposal password and the dynamic token of ID data, further includes:
Selection is greater than or equal to 2 times of ID data length of master key, is encrypted by Encryption Algorithm to the ID data, obtains Encrypt the first half of end personal key;
The ID data are negated, negated ID data are encrypted by Encryption Algorithm, it is personal to obtain encryption end The latter half of key;
The encryption end personal key that first half and latter half are constituted is sent to ciphering terminal.
4. the identity identifying method according to claim 1 based on dynamic token, which is characterized in that the acquisition decrypting end After disposal password, further includes:
Using preset rules, length reduction is carried out to disposal password;
Correspondingly, encryption end disposal password is to obtain after being reduced according to the preset rules.
5. the identity identifying method according to claim 1 based on dynamic token, which is characterized in that described according to decrypting end Personal key carries out cryptographic calculation to decrypting end current time stamp, obtains decrypting end disposal password, comprising:
The offset that preset duration is carried out to the current time stamp of decrypting end, multiple timestamps after being deviated, respectively according to solution Close end personal key carries out cryptographic calculation to multiple timestamps, obtains multiple decrypting end disposal passwords;
Correspondingly, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through, specifically:
If any one in multiple decrypting end disposal passwords is consistent with encryption end disposal password, authentication passes through.
6. a kind of identity identifying method based on dynamic token characterized by comprising
Cryptographic calculation is carried out according to current time stamp of the encryption end personal key to encryption end, obtains encryption end disposal password;
Will encryption end disposal password and id information as dynamic token transmission, for decryption terminal according to master key to the ID Information carry out cryptographic calculation, obtain decrypting end personal key, and according to decrypting end personal key to decrypting end current time stamp into Row cryptographic calculation obtains decrypting end disposal password, if decrypting end disposal password is consistent with encryption end disposal password, body Part certification passes through;
Wherein, encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
7. a kind of decryption terminal characterized by comprising
Deciphering module, if including the dynamic token for encrypting end disposal password and ID data for receiving, according to master key Cryptographic calculation is carried out to the ID data, obtains decrypting end personal key;
Authentication module obtains decrypting end for carrying out cryptographic calculation to decrypting end current time stamp according to decrypting end personal key Disposal password, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through;
Wherein, encryption end disposal password is to encrypt after end personal key carries out cryptographic calculation to the current time stamp at encryption end to obtain , encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
8. a kind of ciphering terminal characterized by comprising
Encrypting module is encrypted for carrying out cryptographic calculation according to current time stamp of the encryption end personal key to encryption end Hold disposal password;
Sending module, for will encrypt end disposal password and id information as dynamic token transmission, for decryption terminal according to Master key carries out cryptographic calculation to the id information, obtains decrypting end personal key, and according to decrypting end personal key to decryption It holds current time stamp to carry out cryptographic calculation, obtains decrypting end disposal password, if decrypting end disposal password and encryption end are primary Property password is consistent, then authentication passes through;
Wherein, encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
9. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor Machine program, which is characterized in that processor is realized when executing program such as the identity of claim 1 to 6 based on dynamic token any one of The step of authentication method.
10. a kind of non-transient computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer The step of identity identifying method such as any one of claim 1 to 6 based on dynamic token is realized when program is executed by processor.
CN201910438646.0A 2019-05-24 2019-05-24 Identity identifying method, decryption and ciphering terminal based on dynamic token Pending CN110224834A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910438646.0A CN110224834A (en) 2019-05-24 2019-05-24 Identity identifying method, decryption and ciphering terminal based on dynamic token

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910438646.0A CN110224834A (en) 2019-05-24 2019-05-24 Identity identifying method, decryption and ciphering terminal based on dynamic token

Publications (1)

Publication Number Publication Date
CN110224834A true CN110224834A (en) 2019-09-10

Family

ID=67818275

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910438646.0A Pending CN110224834A (en) 2019-05-24 2019-05-24 Identity identifying method, decryption and ciphering terminal based on dynamic token

Country Status (1)

Country Link
CN (1) CN110224834A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112187450A (en) * 2020-08-19 2021-01-05 如般量子科技有限公司 Method, device, equipment and storage medium for key management communication
CN112463281A (en) * 2020-12-11 2021-03-09 成都知道创宇信息技术有限公司 Remote assistance method, device, system, electronic equipment and storage medium
CN112636910A (en) * 2020-12-29 2021-04-09 北京深思数盾科技股份有限公司 Method, device and system for generating and verifying temporary password
CN112751821A (en) * 2020-07-29 2021-05-04 上海安辰网络科技有限公司 Data transmission method, electronic equipment and storage medium
CN113890730A (en) * 2021-09-23 2022-01-04 上海华兴数字科技有限公司 Data transmission method and system
CN114882630A (en) * 2022-04-27 2022-08-09 广东职业技术学院 Internet of things access control system and control method thereof

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100131756A1 (en) * 2008-11-26 2010-05-27 James Paul Schneider Username based authentication and key generation
CN101895527A (en) * 2009-11-11 2010-11-24 谈剑锋 Dynamic token time error correction method for authentication system
CN102938696A (en) * 2011-08-15 2013-02-20 国民技术股份有限公司 Generating method of session key and module
CN104185176A (en) * 2014-08-28 2014-12-03 中国联合网络通信集团有限公司 Method and system for remote initialization of Internet of Things virtual subscriber identity module card
CN104618112A (en) * 2015-01-19 2015-05-13 北京海泰方圆科技有限公司 Method for verifying dynamic password of dynamic token
CN104683356A (en) * 2015-03-26 2015-06-03 上海众人网络安全技术有限公司 Dynamic password authentication method and system based on software token
CN106330442A (en) * 2015-06-17 2017-01-11 中兴通讯股份有限公司 Identity authentication method, device and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100131756A1 (en) * 2008-11-26 2010-05-27 James Paul Schneider Username based authentication and key generation
CN101895527A (en) * 2009-11-11 2010-11-24 谈剑锋 Dynamic token time error correction method for authentication system
CN102938696A (en) * 2011-08-15 2013-02-20 国民技术股份有限公司 Generating method of session key and module
CN104185176A (en) * 2014-08-28 2014-12-03 中国联合网络通信集团有限公司 Method and system for remote initialization of Internet of Things virtual subscriber identity module card
CN104618112A (en) * 2015-01-19 2015-05-13 北京海泰方圆科技有限公司 Method for verifying dynamic password of dynamic token
CN104683356A (en) * 2015-03-26 2015-06-03 上海众人网络安全技术有限公司 Dynamic password authentication method and system based on software token
CN106330442A (en) * 2015-06-17 2017-01-11 中兴通讯股份有限公司 Identity authentication method, device and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
(美)迈耶、马特斯著: "《计算机网络保密系统设计与实现指南》", 31 July 1987, 科学技术文献出版社 *
顾韵华,刘素英: "动态口令身份认证机制及其安全性研究", 《微计算机信息》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112751821A (en) * 2020-07-29 2021-05-04 上海安辰网络科技有限公司 Data transmission method, electronic equipment and storage medium
CN112751821B (en) * 2020-07-29 2022-12-13 上海安辰网络科技有限公司 Data transmission method, electronic equipment and storage medium
CN112187450A (en) * 2020-08-19 2021-01-05 如般量子科技有限公司 Method, device, equipment and storage medium for key management communication
CN112187450B (en) * 2020-08-19 2023-03-24 如般量子科技有限公司 Method, device, equipment and storage medium for key management communication
CN112463281A (en) * 2020-12-11 2021-03-09 成都知道创宇信息技术有限公司 Remote assistance method, device, system, electronic equipment and storage medium
CN112636910A (en) * 2020-12-29 2021-04-09 北京深思数盾科技股份有限公司 Method, device and system for generating and verifying temporary password
CN112636910B (en) * 2020-12-29 2021-08-24 北京深思数盾科技股份有限公司 Method, device and system for generating and verifying temporary password
CN113890730A (en) * 2021-09-23 2022-01-04 上海华兴数字科技有限公司 Data transmission method and system
CN114882630A (en) * 2022-04-27 2022-08-09 广东职业技术学院 Internet of things access control system and control method thereof

Similar Documents

Publication Publication Date Title
CN107210914B (en) Method for secure credential provisioning
CN110224834A (en) Identity identifying method, decryption and ciphering terminal based on dynamic token
CN110378139B (en) Data key protection method, system, electronic equipment and storage medium
US11349675B2 (en) Tamper-resistant and scalable mutual authentication for machine-to-machine devices
EP3822891A1 (en) Transaction messaging
CN108199847B (en) Digital security processing method, computer device, and storage medium
JP2002520905A (en) Method and device for updating a cryptographic index key having leakage resistance
CN110868291B (en) Data encryption transmission method, device, system and storage medium
CN113691502B (en) Communication method, device, gateway server, client and storage medium
CN108471352A (en) Processing method, system, computer equipment based on distributed private key and storage medium
CN110598429B (en) Data encryption storage and reading method, terminal equipment and storage medium
CN104283686A (en) Digital right management method and system
CN108449756A (en) A kind of system of network cryptographic key updating, method and device
CN112241527B (en) Secret key generation method and system of terminal equipment of Internet of things and electronic equipment
CN107707562A (en) A kind of method, apparatus of asymmetric dynamic token Encrypt and Decrypt algorithm
CN200993803Y (en) Internet banking system safety terminal
CN115276978A (en) Data processing method and related device
CN117390676A (en) Offline privacy protection prediction method, system and equipment of trusted execution environment
CN111901312A (en) Method, system, equipment and readable storage medium for network access control
CN105049209B (en) Dynamic password formation method and device
CN109936448A (en) A kind of data transmission method and device
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium
Bojanova et al. Cryptography classes in bugs framework (BF): Encryption bugs (ENC), verification bugs (VRF), and key management bugs (KMN)
CN112149166A (en) Unconventional password protection method and intelligent bank machine
KR101146509B1 (en) Internet banking transaction system and the method that use maintenance of public security card to be mobile

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190910