CN110224834A - Identity identifying method, decryption and ciphering terminal based on dynamic token - Google Patents
Identity identifying method, decryption and ciphering terminal based on dynamic token Download PDFInfo
- Publication number
- CN110224834A CN110224834A CN201910438646.0A CN201910438646A CN110224834A CN 110224834 A CN110224834 A CN 110224834A CN 201910438646 A CN201910438646 A CN 201910438646A CN 110224834 A CN110224834 A CN 110224834A
- Authority
- CN
- China
- Prior art keywords
- encryption
- disposal password
- decrypting
- cryptographic calculation
- personal key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0872—Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Abstract
The embodiment of the present invention provides a kind of identity identifying method based on dynamic token, decryption and ciphering terminal, this method comprises: if receiving the dynamic token comprising encryption end disposal password and ID data, cryptographic calculation is then carried out to ID data according to master key, obtains decrypting end personal key;Cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, obtains decrypting end disposal password, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through;Wherein, encryption end disposal password is to encrypt after end personal key carries out cryptographic calculation to the current time stamp at encryption end to obtain, and encryption end personal key is to obtain after decryption terminal encrypts id information according to master key.Key used in each user is all different, and under the scene that Terminal security can not ensure, improves the safety of system, is not necessarily to two-way communication, is improved verifying speed, disposal password is obtained according to timestamp, can effectively avoid Replay Attack.
Description
Technical field
The present invention relates to field of identity authentication more particularly to a kind of identity identifying method based on dynamic token, decryption and
Ciphering terminal.
Background technique
The figures such as two dimensional code, bar code token is widely used in field of identity authentication.Particularly, in access control system etc.
In access management system, the application of figure token is quite universal.Current two dimensional code token mainly passes through static two dimensional
Code realizes, the attacks such as this method is difficult to prevent from peeping, screenshotss, so that influencing the safety of entire access management system
Property.
Currently, this problem can be avoided to a certain extent by graphical dynamic password token.It is a variety of according to time, ordinal number etc.
The factor and key generate dynamic password by certain Encryption Algorithm operation, are shown in institute with quick response code form or bar code form
On the screen stated.
But current method, to each user use master key be it is identical, dynamic password is encrypted, if certain
The equipment that user uses is attacked, and causes the Key Exposure wherein stored, it will whole system is caused to lose safety.
Summary of the invention
To solve the above-mentioned problems, the embodiment of the present invention provides a kind of identity identifying method based on dynamic token, decryption
And ciphering terminal.
In a first aspect, the embodiment of the present invention provides a kind of identity identifying method based on dynamic token, comprising: if receiving
Dynamic token comprising encrypting end disposal password and ID data then carries out cryptographic calculation to the ID data according to master key,
Obtain decrypting end personal key;Cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, is decrypted
Disposal password is held, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through;Wherein, add
Close end disposal password is to encrypt after end personal key carries out cryptographic calculation to the current time stamp at encryption end to obtain, encryption end
People's key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
Second aspect, the embodiment of the present invention provide a kind of identity identifying method based on dynamic token, comprising: according to encryption
It holds personal key to carry out cryptographic calculation to the current time stamp at encryption end, obtains encryption end disposal password;It is primary by end is encrypted
Property password and id information as dynamic token send, so that decryption terminal carries out encryption fortune to the id information according to master key
It calculates, obtains decrypting end personal key, and cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, obtain
Decrypting end disposal password, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through;Its
In, encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
The third aspect, the embodiment of the present invention provide a kind of decryption terminal, comprising: deciphering module, if including for receiving
The dynamic token of end disposal password and ID data is encrypted, then cryptographic calculation is carried out to the ID data according to master key, obtained
Decrypting end personal key;Authentication module, for carrying out cryptographic calculation to decrypting end current time stamp according to decrypting end personal key,
Decrypting end disposal password is obtained, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through;
Wherein, encryption end disposal password is to encrypt after end personal key carries out cryptographic calculation to the current time stamp at encryption end to obtain,
Encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
Fourth aspect, the embodiment of the present invention provide a kind of ciphering terminal, comprising: encrypting module, for according to encryption end
The current time stamp at people's key pair encryption end carries out cryptographic calculation, obtains encryption end disposal password;Sending module, for that will add
Close end disposal password and id information are sent as dynamic token, so that decryption terminal carries out the id information according to master key
Cryptographic calculation obtains decrypting end personal key, and carries out encryption fortune to decrypting end current time stamp according to decrypting end personal key
It calculates, obtains decrypting end disposal password, if decrypting end disposal password is consistent with encryption end disposal password, authentication is logical
It crosses;Wherein, encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
5th aspect, the embodiment of the present invention provides a kind of electronic equipment, including memory, processor and is stored in memory
Computer program that is upper and can running on a processor, processor realize first aspect or a second aspect of the present invention when executing program
The step of identity identifying method based on dynamic token.
6th aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, are stored thereon with calculating
Machine program realizes body of the first aspect or a second aspect of the present invention based on dynamic token when the computer program is executed by processor
The step of identity authentication method.
Identity identifying method based on dynamic token, decryption and ciphering terminal provided in an embodiment of the present invention, encryption end
People's key is to obtain after decryption terminal carries out cryptographic calculation to id information according to master key, to realize used in each user
Key is all different, and under the scene that Terminal security can not ensure, is improved the safety of system, is not necessarily in verification process
Two-way communication between user equipment and verifying equipment, improves the speed of verifying and the convenience degree of user.In addition, encryption end
Disposal password is to encrypt after end personal key carries out cryptographic calculation to the current time stamp at encryption end to obtain, so as to effective
Avoid Replay Attack.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair
Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the identity identifying method flow chart provided in an embodiment of the present invention based on dynamic token;
Fig. 2 be another embodiment of the present invention provides the identity identifying method flow chart based on dynamic token;
Fig. 3 is decryption terminal structure chart provided in an embodiment of the present invention;
Fig. 4 is ciphering terminal structure chart provided in an embodiment of the present invention;
Fig. 5 is the entity structure schematic diagram of a kind of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
The embodiment of the present invention provides a kind of identity identifying method based on dynamic token, and this method can be applied to above-mentioned identity
Certification scene.The corresponding executing subject of this method can be decryption terminal, or ciphering terminal, or by decryption terminal or
Ciphering terminal interaction realizes that the present invention is not especially limit this.For ease of description, the embodiment of the present invention successively with
For executing subject is decryption terminal and ciphering terminal, to the authentication side provided in an embodiment of the present invention based on dynamic token
Method is illustrated.Wherein, the ciphering terminal in the embodiment of the present invention, decryption terminal can be difference according to different application scenarios
Equipment.Such as in access control applications scene, decryption terminal can be access control equipment, and ciphering terminal can be the mobile phone of user.
Fig. 1 is the identity identifying method flow chart provided in an embodiment of the present invention based on dynamic token, as shown in Figure 1, this
Inventive embodiments provide a kind of identity identifying method based on dynamic token, using decryption terminal as executing subject, this method packet
It includes:
101, if the dynamic token comprising encryption end disposal password and ID data is received, according to master key to ID number
According to cryptographic calculation is carried out, decrypting end personal key is obtained.
Wherein, encryption end disposal password is to encrypt end personal key to carry out cryptographic calculation to the current time stamp at encryption end
After obtain, encryption end personal key be decryption terminal according to master key to id information carry out cryptographic calculation after obtain.
Before 101, decryption terminal carries out cryptographic calculation to ID data according to master key, such as passes through 3DES, AES encryption algorithm
It carries out, obtains personal key.Before carrying out authentication, which is sent to ciphering terminal and is stored, as
Encrypt the personal key at end, the ciphering process for subsequent authentication.
Ciphering terminal carries out cryptographic calculation to current time stamp according to the personal key of storage when needing authentication
After obtain disposal password.The embodiment of the present invention is not especially limited the acquisition methods of disposal password, including but not limited to,
Based on the Message Digest 5s such as HMAC-SHA256, HMAC-MD5, using personal key as algorithm secret key, encrypted
Disposal password is obtained after operation.Current time stamp is the data coding formal of current time, and the minimum unit of time can be
When, minute, second, day, the moon, year etc..For example, take present system time standard UNIX timestamp (i.e. from 1 day 00 January in 1970:
The number of seconds that 00:00 passes through so far), obtain current time stamp.
When carrying out authentication, the disposal password obtained after ID data and encryption is built into one by ciphering terminal jointly
A dynamic token is sent to decryption terminal and carries out authentication, is such as shown, wrapped by two dimensional code or one-dimensional bar code format
It includes but the bar code of the specifications such as the two dimensional code or the CODE-128 that are not limited to the code systems such as QR, Data Matrix carries out coding progress
It shows.It include the disposal password of ID data and encryption end to be verified in dynamic token.In the specific implementation process, dynamic enables
One composition example of board coding are as follows: the 0th expression version number of encoded content updates for later release;Encoded content
Unique ID of 1~n expression users, for encrypting generation and the decrypting end Authority Verification of end personal key;Encoded content
Last m is time-based disposal password.
In 101, decryption terminal receives the dynamic token of ciphering terminal transmission, need to carry out school to the ID in dynamic token
It tests.Decryption terminal carries out cryptographic calculation to ID data according to the master key of storage, obtains the personal key of decrypting end.Herein plus
Close operation is carried out after cryptographic calculation obtains personal key with decryption terminal by master key, and when being sent to ciphering terminal, is used
Cryptographic calculation it is identical.Unlike, the personal key from the decrypting end obtained this moment is used in decrypting end.
102, cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, it is disposable to obtain decrypting end
Password, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through.
In 102, decryption terminal carries out cryptographic calculation to current time stamp, obtains according to the personal key obtained in 101
To disposal password.Obtained disposal password is compared with the disposal password in dynamic token, if result is consistent,
Authentication passes through.
Identity identifying method provided in this embodiment based on dynamic token, encryption end personal key be decryption terminal according to
Master key obtains after carrying out cryptographic calculation to id information, is all different to realize key used in each user, in terminal
Under the scene that safety can not ensure, the safety of system is improved, without user equipment and verifying equipment in verification process
Between two-way communication, improve the speed of verifying and the convenience degree of user.In addition, encryption end disposal password is encryption end
Personal key obtains after carrying out cryptographic calculation to the current time stamp at encryption end, so as to effectively avoid Replay Attack.
Content based on the above embodiment works as decrypting end according to decrypting end personal key as a kind of alternative embodiment
Preceding timestamp carries out cryptographic calculation, comprising: zooms in and out processing to decrypting end current time stamp;According to decrypting end personal key pair
Decrypting end current time stamp after scaling processing carries out cryptographic calculation;Correspondingly, encryption end disposal password is that encryption end is personal
Encryption end current time stamp after key pair scaling processing obtains after carrying out cryptographic calculation.
In view of timestamp minimum time unit be the second, point etc. compared with subsection when, if when ciphering process and decrypting process
Between interval be more than minimum time unit, or be just located at two periods, then will lead to decrypting end obtain it is disposable close
Code is inconsistent with encryption end, and in addition excessive timestamp value can bring biggish computing cost.Pass through in the embodiment of the present invention
The current time stamp of encryption and decryption processes is zoomed in and out respectively in ciphering terminal and decryption terminal, to make to encrypt and decrypt
The current time stamp of process is consistent.It should be noted that the scaling in the embodiment of the present invention is primarily referred to as reducing numerical value.Example
Such as, under UNIX timestamp, the current time stamp for encrypting end is 1555000010, and the current time stamp of decrypting end is
15550000019, i.e. encrypting and decrypting process is separated by 9 seconds, using 10 times of scaling, timestamp is reduced 10 times, then encrypting and decrypting
The timestamp of process is 15550001.To guarantee when verifying correct ID, the disposal password that decrypting process obtains
It is consistent with the disposal password at encryption end.
Method provided in an embodiment of the present invention, by zooming in and out processing to decrypting end current time stamp, so as to mention
The accuracy of high authentication, while reducing encryption end and decryption end equipment computing cost.
Content based on the above embodiment, as a kind of alternative embodiment, receive comprising encryption end disposal password and
Before the dynamic token of ID data, further includes: selection is greater than or equal to 2 times of ID data length of master key, passes through Encryption Algorithm
ID data are encrypted, the first half of encryption end personal key is obtained;ID data are negated, Encryption Algorithm pair is passed through
Negated ID data are encrypted, and the latter half of encryption end personal key is obtained;First half and latter half are constituted
Encryption end personal key be sent to ciphering terminal.
In order to improve encryption degree, chosen in the embodiment of the present invention and be greater than 2 times of ID data length of master key, to ID data into
Row encryption, master key length are k.In the embodiment of the present invention, the length of the personal key of output and the length of master key are identical, defeated
The length for entering ID data is k/2, if the long element of input data is filled operation polishing length to it less than k/2.Decryption is eventually
End carries out symmetric cryptography using master key to input data, the preceding k/2 byte as personal key.To input data byte-by-byte
Inversion operation is carried out, to the input data after inversion operation, carries out symmetric cryptography using master key, the last k/ as personal key
2 bytes.Finally, obtained personal key is sent to ciphering terminal, so that subsequent ciphering terminal generates dynamic token.
In the embodiment of the present invention, selection is greater than or equal to 2 times of ID data length of master key, by Encryption Algorithm to ID number
According to being encrypted, the first half of encryption end personal key is obtained;ID data are negated, by Encryption Algorithm to negating after
ID data encrypted, obtain encryption end personal key latter half, the level of encryption of personal key can be effectively improved.
Content based on the above embodiment is also wrapped after obtaining decrypting end disposal password as a kind of alternative embodiment
It includes: using preset rules, length reduction being carried out to disposal password;Correspondingly, this is default according to encrypting end disposal password
Rule obtains after being reduced.
In view of the longer situation of disposal password length of acquisition, for the length for reducing disposal password, in order to dynamic
Coding and identification in state token, such as the code identification of two dimensional code, bar code, in the embodiment of the present invention, to encryption end and decryption
Obtained disposal password is held to carry out the reduction of digit using identical rule.For example, encryption end and decrypting end are obtained one
Secondary property password is to 10mLength reduction is m by modulus.By carrying out length reduction to disposal password, opened to reduce calculating
Pin.
Content based on the above embodiment works as decrypting end according to decrypting end personal key as a kind of alternative embodiment
Preceding timestamp is encrypted, and decrypting end disposal password is obtained, comprising: carries out preset duration to the current time stamp of decrypting end
Offset, multiple timestamps after being deviated respectively encrypt multiple timestamps according to decrypting end personal key, obtain more
A decrypting end disposal password;Correspondingly, if decrypting end disposal password is consistent with encryption end disposal password, authentication
Pass through, specifically: if any one in multiple decrypting end disposal passwords is consistent with encryption end disposal password, authentication
Pass through.
In view of the timestamp at encryption end and decrypting end there is a situation where it is still different after inconsistent or above-mentioned zoom operations
It causes, it is still not identical after 10 times of scalings for example, 15550000019 and 15550000020.In the embodiment of the present invention, decryption terminal,
Cryptographic calculation is carried out to current time stamp, when obtaining disposal password, first current time stamp is deviated according to prediction duration,
To obtain multiple current time stamps.Such as the preset length according to 1s, the timestamp 15550000020 of decrypting end is carried out partially
It moves each 5 times, then 15550000015~15,550,000,025 11 timestamps is obtained, when according to decrypting end personal key to 11
Between stab and carry out encryption transport respectively, obtain 11 decrypting end disposal passwords.During decrypting end verifying, 11 disposable
In password, any one is consistent with encryption end disposal password, then authentication passes through.Meanwhile in combination with it is above-mentioned to decrypting end and
Encryption end current time stamp zooms in and out processing, further ensures the accuracy of authentication.Such as after 10 times of scalings, carry out left
Right avertence moves 3 minimum units (minimum unit is the second, is then 10 seconds after 10 times of scalings), is equivalent to before and after decrypting end current time stamp
30 seconds time ranges can be consistent with encryption end.
In the embodiment of the present invention, the offset of preset duration is carried out by the current time stamp of decrypting end, after being deviated
Multiple timestamps respectively encrypt multiple timestamps according to decrypting end personal key, it is disposably close to obtain multiple decrypting ends
Code, to improve the accuracy of authentication.
Fig. 2 be another embodiment of the present invention provides the identity identifying method flow chart based on dynamic token, the present invention is real
It applies example and a kind of identity identifying method based on dynamic token is also provided, using ciphering terminal as executing subject, this method comprises:
201, cryptographic calculation is carried out according to current time stamp of the encryption end personal key to encryption end, it is primary obtains encryption end
Property password;
202, it is sent using encryption end disposal password and id information as dynamic token.
Wherein, encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to id information according to master key.
Corresponding with the method for decrypting end, before 201, decryption terminal carries out encryption fortune to ID data according to master key
It calculates, is such as carried out by 3DES, AES encryption algorithm, obtain personal key.Before carrying out authentication, which is sent out
It send to ciphering terminal and is stored, the ciphering process as the personal key at encryption end, for subsequent authentication.
In 201, ciphering terminal carries out current time stamp according to the personal key of storage when needing authentication
Disposal password is obtained after cryptographic calculation.
In 202, the disposal password obtained after ID data and encryption is built into a dynamic jointly and enabled by ciphering terminal
Board is sent to decryption terminal and carries out authentication, is such as shown by two dimensional code or one-dimensional bar code format.
After 202, decryption terminal carries out cryptographic calculation to id information according to master key, obtains decrypting end personal key,
And cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, decrypting end disposal password is obtained, if solution
Close end disposal password is consistent with encryption end disposal password, then authentication passes through.
Accordingly with the embodiment of above-mentioned decryption terminal, for ciphering terminal in implementation process, it is above-mentioned right equally to may also include
Decrypting end current time stamp zooms in and out processing;Store the master that decryption terminal is greater than or equal to 2 times of ID data length by selection
The personal key that key obtains;Using preset rules identical with decrypting end, length reduction is carried out to encryption end disposal password
Etc. alternative embodiments, details are not described herein again.
Fig. 3 is decryption terminal structure chart provided in an embodiment of the present invention, as shown in figure 3, the decryption terminal includes: decryption mould
Block 301 and authentication module 302.Wherein, if it includes encryption end disposal password and ID data that deciphering module 301, which is used to receive,
Dynamic token then carries out cryptographic calculation to ID data according to master key, obtains decrypting end personal key;Authentication module 302 is used for
Cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, obtains decrypting end disposal password, if decryption
Hold disposal password consistent with encryption end disposal password, then authentication passes through.
In a pre-authentication, decryption terminal carries out cryptographic calculation to ID data according to master key, obtains personal key.It will
The personal key is sent to ciphering terminal and is stored, the encryption as the personal key at encryption end, for subsequent authentication
Process.
Ciphering terminal carries out cryptographic calculation to current time stamp according to the personal key of storage when needing authentication
After obtain disposal password.When carrying out authentication, the disposal password obtained after ID data and encryption is total to by ciphering terminal
With a dynamic token is built into, it is sent to deciphering module 301 and carries out authentication, such as pass through two dimensional code or one-dimensional bar code lattice
Formula is shown.It include the disposal password of ID data and encryption end to be verified in dynamic token.
Deciphering module 301 receives the dynamic token of ciphering terminal transmission, need to verify to the ID in dynamic token.Decryption
Module 301 carries out cryptographic calculation to ID data according to the master key of storage, obtains personal key.Cryptographic calculation herein, with solution
Close terminal is carried out after cryptographic calculation obtains personal key by master key, and when being sent to ciphering terminal, the cryptographic calculation used
It is identical.
Authentication module 302 carries out cryptographic calculation to current time stamp according to the personal key of acquisition, obtains disposable close
Code.Obtained disposal password is compared with the disposal password in dynamic token, if result is consistent, authentication is logical
It crosses.
Decryption terminal embodiment provided in an embodiment of the present invention is to realize above-mentioned each method embodiment, detailed process
Above method embodiment is please referred to detailed content, details are not described herein again.
Fig. 4 is ciphering terminal structure chart provided in an embodiment of the present invention, as shown in figure 4, the ciphering terminal includes: encryption mould
Block 401 and sending module 402.Wherein, encrypting module 401 is used for the current time stamp according to encryption end personal key to encryption end
Cryptographic calculation is carried out, encryption end disposal password is obtained;Sending module 402 is made for that will encrypt end disposal password and id information
Decrypting end personal key is obtained so that decryption terminal carries out cryptographic calculation to id information according to master key for dynamic token transmission,
And cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, decrypting end disposal password is obtained, if solution
Close end disposal password is consistent with encryption end disposal password, then authentication passes through;Wherein, encryption end personal key is decryption
Terminal obtains after carrying out cryptographic calculation to id information according to master key.
Before carrying out authentication, decryption terminal carries out cryptographic calculation to ID data according to master key, obtains personal close
The personal key is sent to ciphering terminal and stored by key, as the personal key at encryption end, for subsequent authentication
Ciphering process.
When needing authentication, encrypting module 401 carries out encryption fortune to current time stamp according to the personal key of storage
Disposal password is obtained after calculation.
The disposal password obtained after ID data and encryption is built into a dynamic token by sending module 402 jointly, is sent out
It gives decryption terminal and carries out authentication, be such as shown by two dimensional code or one-dimensional bar code format.
When authentication, decryption terminal carries out cryptographic calculation to id information according to master key, and it is personal to obtain decrypting end
Key, and cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, decrypting end disposal password is obtained,
If decrypting end disposal password is consistent with encryption end disposal password, authentication passes through.
Ciphering terminal embodiment provided in an embodiment of the present invention be in order to realize above method embodiment, detailed process and
Detailed content please refers to above method embodiment, and details are not described herein again.
Decryption terminal and ciphering terminal provided in an embodiment of the present invention, since encryption end personal key is decryption terminal root
It obtains, is all different to realize key used in each user, at end after carrying out cryptographic calculation to id information according to master key
Under the scene that end safety can not ensure, the safety of system is improved, is set without user equipment with verifying in verification process
Two-way communication between standby, improves the speed of verifying and the convenience degree of user.In addition, encryption end disposal password is encryption
End personal key obtains after carrying out cryptographic calculation to the current time stamp at encryption end, so as to effectively avoid Replay Attack.
Fig. 5 is the entity structure schematic diagram of a kind of electronic equipment provided in an embodiment of the present invention, as shown in figure 5, the electronics
Equipment may include: processor (processor) 501, communication interface (Communications Interface) 502, storage
Device (memory) 503 and bus 504, wherein processor 501, communication interface 502, memory 503 complete phase by bus 504
Communication between mutually.Communication interface 502 can be used for the information transmission of electronic equipment.Processor 501 can call in memory 503
Logical order, with execute include following method: if receive comprising encryption end disposal password and ID data dynamic enable
Board then carries out cryptographic calculation to ID data according to master key, obtains decrypting end personal key;According to decrypting end personal key to solution
Close end current time stamp carries out cryptographic calculation, obtains decrypting end disposal password, if decrypting end disposal password and encryption end one
Secondary property password is consistent, then authentication passes through;Wherein, encryption end disposal password is that encryption end personal key works as encryption end
Preceding timestamp obtains after carrying out cryptographic calculation, and encryption end personal key is that decryption terminal encrypts id information according to master key
It is obtained after operation.
In addition, the logical order in above-mentioned memory 503 can be realized by way of SFU software functional unit and conduct
Independent product when selling or using, can store in a computer readable storage medium.Based on this understanding, originally
Substantially the part of the part that contributes to existing technology or the technical solution can be in other words for the technical solution of invention
The form of software product embodies, which is stored in a storage medium, including some instructions to
So that a computer equipment (can be personal computer, server or the network equipment etc.) executes the above-mentioned each side of the present invention
The all or part of the steps of method embodiment.And storage medium above-mentioned include: USB flash disk, mobile hard disk, read-only memory (ROM,
Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. it is various
It can store the medium of program code.
On the other hand, the embodiment of the present invention also provides a kind of non-transient computer readable storage medium, is stored thereon with meter
Calculation machine program, which is implemented to carry out the various embodiments described above offer method when being executed by processor, for example,
If receiving the dynamic token comprising encryption end disposal password and ID data, encryption fortune is carried out to ID data according to master key
It calculates, obtains decrypting end personal key;Cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, is solved
Close end disposal password, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through;Wherein,
Encryption end disposal password is to encrypt after end personal key carries out cryptographic calculation to the current time stamp at encryption end to obtain, and encrypts end
Personal key is to obtain after decryption terminal carries out cryptographic calculation to id information according to master key.
The apparatus embodiments described above are merely exemplary, wherein unit can be as illustrated by the separation member
Or may not be and be physically separated, component shown as a unit may or may not be physical unit, i.e.,
It can be located in one place, or may be distributed over multiple network units.It can select according to the actual needs therein
Some or all of the modules achieves the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creative labor
In the case where dynamic, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should
Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
The method of certain parts of example or embodiment.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (10)
1. a kind of identity identifying method based on dynamic token characterized by comprising
If receive comprising encryption end disposal password and ID data dynamic token, according to master key to the ID data into
Row cryptographic calculation obtains decrypting end personal key;
Cryptographic calculation is carried out to decrypting end current time stamp according to decrypting end personal key, obtains decrypting end disposal password, if
Decrypting end disposal password is consistent with encryption end disposal password, then authentication passes through;
Wherein, encryption end disposal password is to encrypt after end personal key carries out cryptographic calculation to the current time stamp at encryption end to obtain
, encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
2. the identity identifying method according to claim 1 based on dynamic token, which is characterized in that described according to decrypting end
Personal key carries out cryptographic calculation to decrypting end current time stamp, comprising:
Processing is zoomed in and out to decrypting end current time stamp;
Cryptographic calculation is carried out to the decrypting end current time stamp after scaling processing according to decrypting end personal key;
Correspondingly, encryption end disposal password is to encrypt end personal key to carry out the encryption end current time stamp after scaling processing
It is obtained after cryptographic calculation.
3. the identity identifying method according to claim 1 based on dynamic token, which is characterized in that described receive include
Before encryption end disposal password and the dynamic token of ID data, further includes:
Selection is greater than or equal to 2 times of ID data length of master key, is encrypted by Encryption Algorithm to the ID data, obtains
Encrypt the first half of end personal key;
The ID data are negated, negated ID data are encrypted by Encryption Algorithm, it is personal to obtain encryption end
The latter half of key;
The encryption end personal key that first half and latter half are constituted is sent to ciphering terminal.
4. the identity identifying method according to claim 1 based on dynamic token, which is characterized in that the acquisition decrypting end
After disposal password, further includes:
Using preset rules, length reduction is carried out to disposal password;
Correspondingly, encryption end disposal password is to obtain after being reduced according to the preset rules.
5. the identity identifying method according to claim 1 based on dynamic token, which is characterized in that described according to decrypting end
Personal key carries out cryptographic calculation to decrypting end current time stamp, obtains decrypting end disposal password, comprising:
The offset that preset duration is carried out to the current time stamp of decrypting end, multiple timestamps after being deviated, respectively according to solution
Close end personal key carries out cryptographic calculation to multiple timestamps, obtains multiple decrypting end disposal passwords;
Correspondingly, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through, specifically:
If any one in multiple decrypting end disposal passwords is consistent with encryption end disposal password, authentication passes through.
6. a kind of identity identifying method based on dynamic token characterized by comprising
Cryptographic calculation is carried out according to current time stamp of the encryption end personal key to encryption end, obtains encryption end disposal password;
Will encryption end disposal password and id information as dynamic token transmission, for decryption terminal according to master key to the ID
Information carry out cryptographic calculation, obtain decrypting end personal key, and according to decrypting end personal key to decrypting end current time stamp into
Row cryptographic calculation obtains decrypting end disposal password, if decrypting end disposal password is consistent with encryption end disposal password, body
Part certification passes through;
Wherein, encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
7. a kind of decryption terminal characterized by comprising
Deciphering module, if including the dynamic token for encrypting end disposal password and ID data for receiving, according to master key
Cryptographic calculation is carried out to the ID data, obtains decrypting end personal key;
Authentication module obtains decrypting end for carrying out cryptographic calculation to decrypting end current time stamp according to decrypting end personal key
Disposal password, if decrypting end disposal password is consistent with encryption end disposal password, authentication passes through;
Wherein, encryption end disposal password is to encrypt after end personal key carries out cryptographic calculation to the current time stamp at encryption end to obtain
, encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
8. a kind of ciphering terminal characterized by comprising
Encrypting module is encrypted for carrying out cryptographic calculation according to current time stamp of the encryption end personal key to encryption end
Hold disposal password;
Sending module, for will encrypt end disposal password and id information as dynamic token transmission, for decryption terminal according to
Master key carries out cryptographic calculation to the id information, obtains decrypting end personal key, and according to decrypting end personal key to decryption
It holds current time stamp to carry out cryptographic calculation, obtains decrypting end disposal password, if decrypting end disposal password and encryption end are primary
Property password is consistent, then authentication passes through;
Wherein, encryption end personal key is to obtain after decryption terminal carries out cryptographic calculation to the id information according to master key.
9. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor
Machine program, which is characterized in that processor is realized when executing program such as the identity of claim 1 to 6 based on dynamic token any one of
The step of authentication method.
10. a kind of non-transient computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer
The step of identity identifying method such as any one of claim 1 to 6 based on dynamic token is realized when program is executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910438646.0A CN110224834A (en) | 2019-05-24 | 2019-05-24 | Identity identifying method, decryption and ciphering terminal based on dynamic token |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910438646.0A CN110224834A (en) | 2019-05-24 | 2019-05-24 | Identity identifying method, decryption and ciphering terminal based on dynamic token |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110224834A true CN110224834A (en) | 2019-09-10 |
Family
ID=67818275
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910438646.0A Pending CN110224834A (en) | 2019-05-24 | 2019-05-24 | Identity identifying method, decryption and ciphering terminal based on dynamic token |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110224834A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112187450A (en) * | 2020-08-19 | 2021-01-05 | 如般量子科技有限公司 | Method, device, equipment and storage medium for key management communication |
CN112463281A (en) * | 2020-12-11 | 2021-03-09 | 成都知道创宇信息技术有限公司 | Remote assistance method, device, system, electronic equipment and storage medium |
CN112636910A (en) * | 2020-12-29 | 2021-04-09 | 北京深思数盾科技股份有限公司 | Method, device and system for generating and verifying temporary password |
CN112751821A (en) * | 2020-07-29 | 2021-05-04 | 上海安辰网络科技有限公司 | Data transmission method, electronic equipment and storage medium |
CN113890730A (en) * | 2021-09-23 | 2022-01-04 | 上海华兴数字科技有限公司 | Data transmission method and system |
CN114882630A (en) * | 2022-04-27 | 2022-08-09 | 广东职业技术学院 | Internet of things access control system and control method thereof |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100131756A1 (en) * | 2008-11-26 | 2010-05-27 | James Paul Schneider | Username based authentication and key generation |
CN101895527A (en) * | 2009-11-11 | 2010-11-24 | 谈剑锋 | Dynamic token time error correction method for authentication system |
CN102938696A (en) * | 2011-08-15 | 2013-02-20 | 国民技术股份有限公司 | Generating method of session key and module |
CN104185176A (en) * | 2014-08-28 | 2014-12-03 | 中国联合网络通信集团有限公司 | Method and system for remote initialization of Internet of Things virtual subscriber identity module card |
CN104618112A (en) * | 2015-01-19 | 2015-05-13 | 北京海泰方圆科技有限公司 | Method for verifying dynamic password of dynamic token |
CN104683356A (en) * | 2015-03-26 | 2015-06-03 | 上海众人网络安全技术有限公司 | Dynamic password authentication method and system based on software token |
CN106330442A (en) * | 2015-06-17 | 2017-01-11 | 中兴通讯股份有限公司 | Identity authentication method, device and system |
-
2019
- 2019-05-24 CN CN201910438646.0A patent/CN110224834A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100131756A1 (en) * | 2008-11-26 | 2010-05-27 | James Paul Schneider | Username based authentication and key generation |
CN101895527A (en) * | 2009-11-11 | 2010-11-24 | 谈剑锋 | Dynamic token time error correction method for authentication system |
CN102938696A (en) * | 2011-08-15 | 2013-02-20 | 国民技术股份有限公司 | Generating method of session key and module |
CN104185176A (en) * | 2014-08-28 | 2014-12-03 | 中国联合网络通信集团有限公司 | Method and system for remote initialization of Internet of Things virtual subscriber identity module card |
CN104618112A (en) * | 2015-01-19 | 2015-05-13 | 北京海泰方圆科技有限公司 | Method for verifying dynamic password of dynamic token |
CN104683356A (en) * | 2015-03-26 | 2015-06-03 | 上海众人网络安全技术有限公司 | Dynamic password authentication method and system based on software token |
CN106330442A (en) * | 2015-06-17 | 2017-01-11 | 中兴通讯股份有限公司 | Identity authentication method, device and system |
Non-Patent Citations (2)
Title |
---|
(美)迈耶、马特斯著: "《计算机网络保密系统设计与实现指南》", 31 July 1987, 科学技术文献出版社 * |
顾韵华,刘素英: "动态口令身份认证机制及其安全性研究", 《微计算机信息》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112751821A (en) * | 2020-07-29 | 2021-05-04 | 上海安辰网络科技有限公司 | Data transmission method, electronic equipment and storage medium |
CN112751821B (en) * | 2020-07-29 | 2022-12-13 | 上海安辰网络科技有限公司 | Data transmission method, electronic equipment and storage medium |
CN112187450A (en) * | 2020-08-19 | 2021-01-05 | 如般量子科技有限公司 | Method, device, equipment and storage medium for key management communication |
CN112187450B (en) * | 2020-08-19 | 2023-03-24 | 如般量子科技有限公司 | Method, device, equipment and storage medium for key management communication |
CN112463281A (en) * | 2020-12-11 | 2021-03-09 | 成都知道创宇信息技术有限公司 | Remote assistance method, device, system, electronic equipment and storage medium |
CN112636910A (en) * | 2020-12-29 | 2021-04-09 | 北京深思数盾科技股份有限公司 | Method, device and system for generating and verifying temporary password |
CN112636910B (en) * | 2020-12-29 | 2021-08-24 | 北京深思数盾科技股份有限公司 | Method, device and system for generating and verifying temporary password |
CN113890730A (en) * | 2021-09-23 | 2022-01-04 | 上海华兴数字科技有限公司 | Data transmission method and system |
CN114882630A (en) * | 2022-04-27 | 2022-08-09 | 广东职业技术学院 | Internet of things access control system and control method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107210914B (en) | Method for secure credential provisioning | |
CN110224834A (en) | Identity identifying method, decryption and ciphering terminal based on dynamic token | |
CN110378139B (en) | Data key protection method, system, electronic equipment and storage medium | |
US11349675B2 (en) | Tamper-resistant and scalable mutual authentication for machine-to-machine devices | |
EP3822891A1 (en) | Transaction messaging | |
CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
JP2002520905A (en) | Method and device for updating a cryptographic index key having leakage resistance | |
CN110868291B (en) | Data encryption transmission method, device, system and storage medium | |
CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
CN108471352A (en) | Processing method, system, computer equipment based on distributed private key and storage medium | |
CN110598429B (en) | Data encryption storage and reading method, terminal equipment and storage medium | |
CN104283686A (en) | Digital right management method and system | |
CN108449756A (en) | A kind of system of network cryptographic key updating, method and device | |
CN112241527B (en) | Secret key generation method and system of terminal equipment of Internet of things and electronic equipment | |
CN107707562A (en) | A kind of method, apparatus of asymmetric dynamic token Encrypt and Decrypt algorithm | |
CN200993803Y (en) | Internet banking system safety terminal | |
CN115276978A (en) | Data processing method and related device | |
CN117390676A (en) | Offline privacy protection prediction method, system and equipment of trusted execution environment | |
CN111901312A (en) | Method, system, equipment and readable storage medium for network access control | |
CN105049209B (en) | Dynamic password formation method and device | |
CN109936448A (en) | A kind of data transmission method and device | |
CN114553557A (en) | Key calling method, key calling device, computer equipment and storage medium | |
Bojanova et al. | Cryptography classes in bugs framework (BF): Encryption bugs (ENC), verification bugs (VRF), and key management bugs (KMN) | |
CN112149166A (en) | Unconventional password protection method and intelligent bank machine | |
KR101146509B1 (en) | Internet banking transaction system and the method that use maintenance of public security card to be mobile |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190910 |