CN111147239A - Offline remote authorization authentication method and system - Google Patents

Offline remote authorization authentication method and system Download PDF

Info

Publication number
CN111147239A
CN111147239A CN201911375768.6A CN201911375768A CN111147239A CN 111147239 A CN111147239 A CN 111147239A CN 201911375768 A CN201911375768 A CN 201911375768A CN 111147239 A CN111147239 A CN 111147239A
Authority
CN
China
Prior art keywords
authorization
random number
authorized
authorized device
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911375768.6A
Other languages
Chinese (zh)
Other versions
CN111147239B (en
Inventor
郭卫斌
牛国富
任嘉义
马骥
武忠品
雷宇龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinda Jiean Information Technology Co Ltd
Original Assignee
Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xinda Jiean Information Technology Co Ltd filed Critical Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority to CN201911375768.6A priority Critical patent/CN111147239B/en
Publication of CN111147239A publication Critical patent/CN111147239A/en
Application granted granted Critical
Publication of CN111147239B publication Critical patent/CN111147239B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The invention provides an off-line remote authorization authentication method and a system, wherein the method comprises the following steps: the authorized device and the authorization device are communicated in advance and synchronously obtain a secret key seed; the authorized equipment and the authorization equipment respectively use the same algorithm to calculate the secret key seeds and generate the same ordered random array for pre-storage; when the authorized equipment and the authorization equipment cannot communicate and authorization authentication is needed, a user of the authorized equipment requests authorization from an administrator through a third-party path; the administrator looks up a random number in the ordered random number group from the authorization equipment based on the user identity; the administrator informs the user of the authorized device of the random number through a third-party path; a user acquires a random number and inputs the random number into authorized equipment; and the authorized equipment searches and compares the input random number with a pre-stored ordered random array, and if the random number is found, the authorization authentication is successful. The invention meets the requirement of authorization and authentication under the offline condition.

Description

Offline remote authorization authentication method and system
Technical Field
The invention relates to the technical field of authorization and authentication, in particular to an offline remote authorization and authentication method and system.
Background
At present, for an application scenario requiring remote authorization, a real-time network communication link is generally required to be established between an authorizer and an authorized party, so that the authorizer authenticates authority request data sent by the authorized party, and then, remote authorization and authentication of the authorizer to the authorized party are realized.
However, the above remote authorization and authentication method requires real-time network communication between the authorizer and the authorized party, and once the authorized party is in an offline state, the authorizer cannot obtain the permission request data sent by the authorized party, and further cannot perform remote authorization and authentication on the authorized party.
Therefore, there is an urgent need to provide an off-line remote authorization and authentication method to achieve remote authorization and authentication when the authorized party and the authorized party cannot establish a network communication connection.
Disclosure of Invention
In order to solve the above problems, it is necessary to provide an offline remote authorization authentication method and system.
The invention provides an off-line remote authorization authentication method in a first aspect, which comprises the following steps:
the authorized device and the authorization device are communicated in advance and synchronously obtain a secret key seed;
the authorized device and the authorization device respectively use the same algorithm to calculate the secret key seed and generate the same ordered random array for pre-storage, wherein the ordered random array is expressed as
Figure 14996DEST_PATH_IMAGE002
When the authorized device and the authorization device cannot communicate and authorization authentication is needed, the user of the authorized device requests authorization from an administrator through a third-party path;
after the administrator verifies the user identity, the administrator looks up and obtains one random number in the ordered random number group from the authorization equipment based on the user identity
Figure 869819DEST_PATH_IMAGE004
Wherein
Figure 587240DEST_PATH_IMAGE006
The administrator passes the random number through the third party path
Figure 185711DEST_PATH_IMAGE004
Notifying a user of the authorized device;
the user acquires the random number
Figure 203346DEST_PATH_IMAGE004
And input it into the authorized device;
the authorized device is based on the input random number
Figure 229071DEST_PATH_IMAGE004
Searching and comparing in a pre-stored ordered random array, and if the random number can not be found
Figure 964945DEST_PATH_IMAGE004
If the random number is found, the authorization authentication fails
Figure 367108DEST_PATH_IMAGE004
Then the authorization authentication is successful.
Further, after the authorization authentication is successful, the method further includes:
the authorized device clears the random numbers in the ordered random array
Figure 236319DEST_PATH_IMAGE004
And the random number
Figure 432945DEST_PATH_IMAGE004
Previous random number
Figure 656116DEST_PATH_IMAGE008
Further, after the administrator consults the authorization device to obtain one random number in the ordered random number group based on the user identity, the method further comprises:
the authorization equipment clears the random numbers in the ordered random array
Figure 330811DEST_PATH_IMAGE004
And the random number
Figure 791880DEST_PATH_IMAGE004
Previous random number
Figure 690565DEST_PATH_IMAGE008
Further, the authorized device and the authorization device communicate in advance, and synchronously obtain a key seed, which specifically includes:
the authorized device sends the identification information of the authorized device to the authorization device;
the authorization equipment randomly generates a secret key seed according to the identification information, and binds and prestores the secret key seed and the identification information;
and the authorization equipment synchronizes the key seed to the authorized equipment.
Further, the administrator looks up a random number in the ordered random number array from the authorizing device based on the user identity
Figure 100002_DEST_PATH_IMAGE009
The method specifically comprises the following steps:
the authorization device prestores an association table of a user and an authorized device, and the administrator searches the association table based on the user identity to obtain the identification information of the authorized device;
the authorization equipment refers to and obtains an ordered random array with a binding relation with the identification information according to the identification information;
the administrator selects a random number from the ordered random array
Figure 338716DEST_PATH_IMAGE009
Further, after the authorization authentication fails or succeeds, the method further includes:
if the authorized device and the authorization device can communicate, and the ordered random array
Figure 100002_DEST_PATH_IMAGE010
If the key is exhausted, the authorized device and the authorization device synchronously obtain a new key seed, and respectively generate a new ordered random array according to the new key seed;
if the authorized device and the authorization device can communicate and a preset updating period is reached, the authorized device and the authorization device synchronously obtain a new secret key seed, and a new ordered random array is respectively generated according to the new secret key seed.
Further, the algorithm is any one or more of an RC4 algorithm, an RC5 algorithm, an RC6 algorithm, a DES algorithm and an AES algorithm.
Further, the third party path includes any one or more of short message, telephone, mail and instant communication.
The second aspect of the present invention further provides an offline remote authorization and authentication system, configured to implement the above offline remote authorization and authentication method, where the system includes an authorization device and an authorized device;
the authorization equipment comprises a first communication module and a password management module;
the authorized device comprises a second communication module, a secret key management module and an access control module;
the authorization device and the authorized device are respectively communicated in advance through the first communication module and the second communication module, and a secret key seed is synchronously obtained;
the password management module and the secret key management module respectively use the same algorithm to calculate the secret key seeds and generate the same ordered random array for pre-storage, and the ordered random array is expressed as
Figure 100002_DEST_PATH_IMAGE011
When the first communication module and the second communication module cannot communicate and the authorized device needs authorization authentication, the user of the authorized device requests authorization from an administrator through a third-party path; after the administrator verifies the user identity, the administrator looks up and obtains one random number in the ordered random number group from the password management module based on the user identity
Figure 100002_DEST_PATH_IMAGE012
Wherein
Figure 175958DEST_PATH_IMAGE006
(ii) a The administrator passes the random number through the third party path
Figure 100002_DEST_PATH_IMAGE013
Notifying a user of the authorized device; the user acquires the random number
Figure 225953DEST_PATH_IMAGE013
And input it into the authorized device; the access control module is used for controlling access according to the input random number
Figure 764382DEST_PATH_IMAGE013
Searching and comparing in the key management module, if the random number can not be found
Figure 696566DEST_PATH_IMAGE013
If the random number is found, the authorization authentication fails
Figure 978643DEST_PATH_IMAGE013
Then give priority toThe right authentication is successful.
Further, the authorization device further includes a user information module, where the user information module is configured to store the key seed, the identification information of the authorized device, and the user identity information in an associated manner.
The invention can realize remote authorization and password authentication of the authorized equipment under the offline condition. Meanwhile, the method and the device can be suitable for a multi-device scene, each authorized device has different offline authorization authentication passwords, and each password of the same authorized device is only valid once, so that the dynamic password is realized under the offline condition, and the safety is improved.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a flow chart illustrating an off-line remote authorization authentication method of the present invention;
fig. 2 shows a block diagram of an offline remote authorization authentication system of the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
Fig. 1 shows a flowchart of an offline remote authorization authentication method according to the present invention.
As shown in fig. 1, a first aspect of the present invention provides an offline remote authorization authentication method, including the following steps:
s101, the authorized device and the authorization device are communicated in advance, and a secret key seed is obtained synchronously;
s102, the authorized device and the authorization device respectively use the same algorithm to calculate the secret key seed, and generate the same ordered random array for pre-storage, wherein the ordered random array is expressed as
Figure DEST_PATH_IMAGE014
S103, when the authorized device and the authorization device cannot communicate and authorization authentication is needed, the user of the authorized device requests authorization from an administrator through a third-party path;
s104, after the administrator verifies the user identity, the administrator looks up and obtains one random number in the ordered random number group from the authorization equipment based on the user identity
Figure 617566DEST_PATH_IMAGE009
Wherein
Figure 858054DEST_PATH_IMAGE006
Figure 11955DEST_PATH_IMAGE009
S105, the administrator sends the random number to the server through the third party path
Figure 94793DEST_PATH_IMAGE009
Notifying a user of the authorized device;
s106, the user obtains the random number
Figure 650539DEST_PATH_IMAGE009
And input it into the authorized device;
s107, the authorized device inputs the random number according to the input
Figure 61929DEST_PATH_IMAGE009
Searching and comparing the pre-stored ordered random array, and if the random array cannot be found
Figure 437547DEST_PATH_IMAGE009
If the random number is found, the authorization authentication fails
Figure 327005DEST_PATH_IMAGE009
Then the authorization authentication is successful.
Specifically, the authorized device and the authorization device may be a mobile phone, an IPAD, a PC, or the like.
It can be understood that the authorization authentication of the authorized device by the present invention can be based on the authorization unlocking authentication of the functional module of the authorized device itself, for example: unlocking and authenticating a screen of the authorized equipment, unlocking and authenticating a camera of the authorized equipment and the like; authentication may also be authorized based on application software installed on the authorized device. But is not limited thereto.
Preferably, the ordered random array generated from the key seed includes 100 random numbers, but is not limited thereto.
Preferably, the algorithm is any one or more of an RC4 algorithm, an RC5 algorithm, an RC6 algorithm, a DES algorithm and an AES algorithm. But is not limited thereto.
Preferably, the third party path includes any one or more of short message, telephone, mail and instant communication. But is not limited thereto.
It can be understood that the third-party path may be an available communication path on the authorized device, for example, in a specific application, a camera of the authorized device is locked, and authorization unlocking authentication needs to be performed on the camera of the authorized device, however, communication paths such as a short message and a telephone of the authorized device are still available, and then the user may request authorization authentication by calling or sending a short message to an administrator through the authorized device; the third party path may also be a communication path of the other device, for example, when the screen of the authorized device is locked, since the user can no longer enable the authorized device, authorization authentication of the authorized device may be requested from the administrator by means of the other device.
Further, after the authorization authentication is successful, the method further includes:
the authorized device clears the random numbers in the ordered random array
Figure 2837DEST_PATH_IMAGE012
And the random number
Figure 319549DEST_PATH_IMAGE012
Previous random number
Figure DEST_PATH_IMAGE015
Since the user knows the random number and uses the random number to perform an offline authorization authentication. In order to prevent the authorized device from using the same random number when the authorized device needs authorization authentication next time, the authorized device of the invention carries out clearing processing on the pre-stored random number, thereby effectively preventing the random number from being used repeatedly. Furthermore, if the user knows the random number, the user can easily deduce the previous random number, so the authorized device of the present invention still needs to clear the pre-stored previous random number, thereby greatly improving the security and reliability of the offline authorization and authentication of the authorized device.
Further, after the administrator consults the authorization device to obtain one random number in the ordered random number group based on the user identity, the method further comprises:
the authorization equipment clears the random numbers in the ordered random array
Figure 916884DEST_PATH_IMAGE013
And the random number
Figure 344454DEST_PATH_IMAGE013
Previous random number
Figure DEST_PATH_IMAGE016
If the authorized device does not perform the clearing process, the administrator is likely to refer again, but will cause the authorization authentication to fail because the authorized device has already cleared it. The invention not only clears the random number in the authorized equipment, but also clears the random number in the authorized equipment, thereby keeping the random numbers reserved in the authorized equipment and the authorized equipment consistent.
Further, the authorized device and the authorization device communicate in advance, and synchronously obtain a key seed, which specifically includes:
the authorized device sends the identification information of the authorized device to the authorization device;
the authorization equipment randomly generates a secret key seed according to the identification information, and binds and prestores the secret key seed and the identification information;
and the authorization equipment synchronizes the key seed to the authorized equipment.
Preferably, the identification information may be an ID number, an IP address, a mobile phone number, and the like of the authorized device.
Further, the administrator looks up a random number in the ordered random number array from the authorizing device based on the user identity
Figure 812475DEST_PATH_IMAGE004
The method specifically comprises the following steps:
the authorization device prestores an association table of a user and an authorized device, and the administrator searches the association table based on the user identity to obtain the identification information of the authorized device;
the authorization equipment refers to and obtains an ordered random array with a binding relation with the identification information according to the identification information;
the administrator selects a random number from the ordered random array
Figure 303018DEST_PATH_IMAGE004
Further, after the authorization authentication fails or succeeds, the method further includes:
if the authorized device and the authorization device can communicate, and the ordered random array
Figure 918807DEST_PATH_IMAGE004
If the key is exhausted, the authorized device and the authorization device synchronously obtain a new key seed, and respectively generate a new ordered random array according to the new key seed;
if the authorized device and the authorization device can communicate and a preset updating period is reached, the authorized device and the authorization device synchronously obtain a new secret key seed, and a new ordered random array is respectively generated according to the new secret key seed.
It will be appreciated that in the authorized device offline state, authorization authentication may be required more than once, for example: after the authorized device screen is successfully authorized and unlocked, the screen may be locked again due to illegal operation of the user, and at this time, the authorized device still needs to be subjected to secondary authorization and authentication. And each time of authorization authentication needs to consume one random number, when the ordered random number group is exhausted, the authorized device can not be subjected to off-line authorization authentication any more, and the authorization device and the authorized device can be continuously used as long as a new secret key seed is synchronously generated again before the ordered random number group is exhausted.
It can be understood that, when the authorized device and the authorization device can communicate with each other, the ordered random array may not be exhausted yet, and in order to further increase the difficulty of illegally obtaining the ordered random array, the authorization device and the authorized device of the present invention synchronously update the key seed according to a preset time period (such as one week, one month, etc.), and generate a new ordered random array based on the updated key seed, thereby further improving the security and reliability of the authorization authentication.
Fig. 2 shows a block diagram of an offline remote authorization authentication system of the present invention.
As shown in fig. 2, the second aspect of the present invention further provides an offline remote authorization and authentication system, for implementing the above offline remote authorization and authentication method, where the system includes an authorization device and an authorized device;
the authorization equipment comprises a first communication module and a password management module;
the authorized device comprises a second communication module, a secret key management module and an access control module;
the authorization device and the authorized device are respectively communicated in advance through the first communication module and the second communication module, and a secret key seed is synchronously obtained;
the password management module and the secret key management module respectively use the same algorithm to calculate the secret key seeds and generate the same ordered random array for pre-storage, and the ordered random array is expressed as
Figure DEST_PATH_IMAGE017
When the first communication module and the second communication module cannot communicate and the authorized device needs authorization authentication, the user of the authorized device requests authorization from an administrator through a third-party path; after the administrator verifies the user identity, the administrator looks up and obtains one random number in the ordered random number group from the password management module based on the user identity
Figure DEST_PATH_IMAGE018
Wherein
Figure 291014DEST_PATH_IMAGE006
(ii) a The administrator passes the random number through the third party path
Figure 675859DEST_PATH_IMAGE012
Notifying a user of the authorized device; the user acquires the random number
Figure 68794DEST_PATH_IMAGE012
And input it into the authorized device; the access control module is used for controlling access according to the input random number
Figure 171879DEST_PATH_IMAGE012
Searching and comparing in the key management module, if the random number can not be found
Figure 941252DEST_PATH_IMAGE012
If the random number is found, the authorization authentication fails
Figure 711762DEST_PATH_IMAGE012
Then the authorization authentication is successful.
Specifically, the first communication module and the second communication module may communicate through a wireless network or a wired network, and the wireless network may be a 4G network, a 5G network, or the like.
Preferably, the algorithm is any one or more of an RC4 algorithm, an RC5 algorithm, an RC6 algorithm, a DES algorithm and an AES algorithm. But is not limited thereto.
Preferably, the third party path includes any one or more of short message, telephone, mail and instant communication. But is not limited thereto.
Further, after the authorization authentication is successful, the authorized device clears the random numbers in the ordered random number group
Figure 272669DEST_PATH_IMAGE013
And a random number preceding the random number
Figure DEST_PATH_IMAGE019
Further, after the administrator refers to and obtains one random number in the ordered random number group from the authorization device based on the user identity, the authorization device clears the random number in the ordered random number group
Figure 66313DEST_PATH_IMAGE013
And a random number preceding the random number
Figure DEST_PATH_IMAGE020
Further, the authorization device further includes a user information module, where the user information module is configured to store the key seed, the identification information of the authorized device, and the user identity information in an associated manner.
Specifically, the authorized device sends its identification information to the authorizing device; the authorization equipment randomly generates a secret key seed according to the identification information, binds the secret key seed and the identification information and prestores the secret key seed and the identification information in a user information module; and the authorization equipment synchronizes the key seed to the authorized equipment.
The user information module is prestored with an association table of a user and authorized equipment, and the administrator searches the association table of the user information module based on the user identity to obtain the identification information of the authorized equipment; then according to the identification information, looking up and obtaining an ordered random array having a binding relationship with the identification information; the administrator selects a random number from the ordered random array
Figure 577060DEST_PATH_IMAGE004
Further, after the authorization authentication fails or succeeds, if the authorized device and the authorization device can communicate, the ordered random array
Figure DEST_PATH_IMAGE021
If the key is exhausted, the authorized device and the authorization device synchronously obtain a new key seed, and respectively generate a new ordered random array according to the new key seed;
if the authorized device and the authorization device can communicate and a preset updating period is reached, the authorized device and the authorization device synchronously obtain a new secret key seed, and a new ordered random array is respectively generated according to the new secret key seed.
The invention can realize remote authorization and password authentication of the authorized equipment under the offline condition. For example: when the authorized equipment is in a special environment or scene (for example, a remote area cannot be connected with a network), the method can be adopted to carry out offline remote authorization authentication, and the user requirements under the special scene are met.
The method and the device can be suitable for a multi-device scene, each authorized device has different offline authorization authentication passwords, and each password of the same authorized device is only valid once, so that the dynamism of the password is realized under the offline condition, and the safety is improved.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (10)

1. An off-line remote authorization authentication method, characterized in that the method comprises the following steps:
the authorized device and the authorization device are communicated in advance and synchronously obtain a secret key seed;
the authorized device and the authorization device respectively use the same algorithm to calculate the secret key seed and generate the same ordered random array for pre-storage, wherein the ordered random array is expressed as
Figure 400082DEST_PATH_IMAGE002
When the authorized device and the authorization device cannot communicate and authorization authentication is needed, the user of the authorized device requests authorization from an administrator through a third-party path;
after the administrator verifies the user identity, the administrator looks up and obtains one random number in the ordered random number group from the authorization equipment based on the user identity
Figure 989326DEST_PATH_IMAGE004
Wherein
Figure 441167DEST_PATH_IMAGE006
The administrator passes the random number through the third party path
Figure DEST_PATH_IMAGE007
Notifying a user of the authorized device;
the user acquires the random number
Figure 443234DEST_PATH_IMAGE007
And input it into the authorized device;
the authorized device is based on the input random number
Figure 929710DEST_PATH_IMAGE007
Searching and comparing in a pre-stored ordered random array, and if the random number can not be found
Figure 689855DEST_PATH_IMAGE007
If the random number is found, the authorization authentication fails
Figure 363413DEST_PATH_IMAGE007
Then the authorization authentication is successful.
2. The offline remote authorization and authentication method according to claim 1, wherein after the authorization and authentication are successful, the method further comprises:
the authorized device clears the random numbers in the ordered random array
Figure 234417DEST_PATH_IMAGE007
And the random number
Figure 575400DEST_PATH_IMAGE007
Previous random number
Figure DEST_PATH_IMAGE009
3. The offline remote authorization authentication method according to claim 1, wherein after the administrator consults and obtains one random number in the ordered random number group from the authorization device based on the user identity, the method further comprises:
the authorization equipment clears the random numbers in the ordered random array
Figure DEST_PATH_IMAGE010
And the random number
Figure 373024DEST_PATH_IMAGE010
Previous random number
Figure DEST_PATH_IMAGE011
4. The method according to claim 1, wherein the authorized device and the authorization device communicate with each other in advance and synchronously obtain a key seed, and the method specifically comprises:
the authorized device sends the identification information of the authorized device to the authorization device;
the authorization equipment randomly generates a secret key seed according to the identification information, and binds and prestores the secret key seed and the identification information;
and the authorization equipment synchronizes the key seed to the authorized equipment.
5. The method of claim 4, wherein the administrator looks up a random number in the ordered random number array from the authorizing device based on the user identity
Figure 737140DEST_PATH_IMAGE010
The method specifically comprises the following steps:
the authorization device prestores an association table of a user and an authorized device, and the administrator searches the association table based on the user identity to obtain the identification information of the authorized device;
the authorization equipment refers to and obtains an ordered random array with a binding relation with the identification information according to the identification information;
the administrator selects a random number from the ordered random array
Figure 146256DEST_PATH_IMAGE010
6. The offline remote authorization and authentication method according to claim 1, wherein after the authorization and authentication fails or succeeds, the method further comprises:
if the authorized device and the authorization device can communicate, and the ordered random array
Figure DEST_PATH_IMAGE012
If the key is exhausted, the authorized device and the authorization device synchronously obtain a new key seed, and respectively generate a new ordered random array according to the new key seed;
if the authorized device and the authorization device can communicate and a preset updating period is reached, the authorized device and the authorization device synchronously obtain a new secret key seed, and a new ordered random array is respectively generated according to the new secret key seed.
7. The method of claim 1, wherein the algorithm is any one or more of RC4 algorithm, RC5 algorithm, RC6 algorithm, DES algorithm and AES algorithm.
8. The method of claim 1, wherein the third party path comprises any one or more of short message, telephone, mail, and instant messaging.
9. An offline remote authorization and authentication system for implementing the offline remote authorization and authentication method of any one of the preceding claims 1 to 8, wherein the system comprises an authorization device and an authorized device;
the authorization equipment comprises a first communication module and a password management module;
the authorized device comprises a second communication module, a secret key management module and an access control module;
the authorization device and the authorized device are respectively communicated in advance through the first communication module and the second communication module, and a secret key seed is synchronously obtained;
the password management module and the secret key management module respectively use the same algorithm to calculate the secret key seeds and generate the same ordered random array for pre-storage, and the ordered random array is expressed as
Figure 748270DEST_PATH_IMAGE012
When the first communication module and the second communication module cannot communicate and the authorized device needs authorization authentication, the user of the authorized device requests authorization from an administrator through a third-party path; after the administrator verifies the user identity, the administrator looks up and obtains one random number in the ordered random number group from the password management module based on the user identity
Figure DEST_PATH_IMAGE013
Wherein
Figure 519392DEST_PATH_IMAGE006
(ii) a The administrator passes the random number through the third party path
Figure 698701DEST_PATH_IMAGE013
Notifying a user of the authorized device; the user acquires the random number
Figure 318032DEST_PATH_IMAGE013
And input it into the authorized device; the access control module is used for controlling access according to the input random number
Figure 368028DEST_PATH_IMAGE004
Searching and comparing in the key management module, if the random number can not be found
Figure 784752DEST_PATH_IMAGE004
If the random number is found, the authorization authentication fails
Figure 920199DEST_PATH_IMAGE004
Then the authorization authentication is successful.
10. The system of claim 9, wherein the authorization device further comprises a user information module, and the user information module is configured to store the key seed, the identification information of the authorized device, and user identity information in an associated manner.
CN201911375768.6A 2019-12-27 2019-12-27 Offline remote authorization authentication method and system Active CN111147239B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911375768.6A CN111147239B (en) 2019-12-27 2019-12-27 Offline remote authorization authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911375768.6A CN111147239B (en) 2019-12-27 2019-12-27 Offline remote authorization authentication method and system

Publications (2)

Publication Number Publication Date
CN111147239A true CN111147239A (en) 2020-05-12
CN111147239B CN111147239B (en) 2022-02-11

Family

ID=70520856

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911375768.6A Active CN111147239B (en) 2019-12-27 2019-12-27 Offline remote authorization authentication method and system

Country Status (1)

Country Link
CN (1) CN111147239B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113784344A (en) * 2021-08-19 2021-12-10 杭州宇链科技有限公司 Trusted address binding device

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070022469A1 (en) * 2005-07-20 2007-01-25 Cooper Robin R Network user authentication system and method
US20070192599A1 (en) * 2005-01-28 2007-08-16 Renesas Technology Corp. Authentication method and authentication system
CN104160652A (en) * 2011-12-27 2014-11-19 英特尔公司 Method and system for distributed off-line logon using one-time passwords
US20160072630A1 (en) * 2013-12-16 2016-03-10 Panasonic Intellectual Property Management Co., Ltd. Authentication system and authentication method
CN105471583A (en) * 2014-09-11 2016-04-06 比亚迪股份有限公司 Electronic authentication method and system of vehicle-mounted electric appliances
CN108932425A (en) * 2018-07-11 2018-12-04 飞天诚信科技股份有限公司 A kind of offline identity identifying method, Verification System and authenticating device
CN109005187A (en) * 2018-08-21 2018-12-14 广州飞硕信息科技股份有限公司 A kind of communication information guard method and device
CN109858201A (en) * 2018-12-29 2019-06-07 北京奇安信科技有限公司 A kind of security software pattern switching authorization method, client and server-side

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070192599A1 (en) * 2005-01-28 2007-08-16 Renesas Technology Corp. Authentication method and authentication system
US20070022469A1 (en) * 2005-07-20 2007-01-25 Cooper Robin R Network user authentication system and method
CN104160652A (en) * 2011-12-27 2014-11-19 英特尔公司 Method and system for distributed off-line logon using one-time passwords
US20160072630A1 (en) * 2013-12-16 2016-03-10 Panasonic Intellectual Property Management Co., Ltd. Authentication system and authentication method
CN105471583A (en) * 2014-09-11 2016-04-06 比亚迪股份有限公司 Electronic authentication method and system of vehicle-mounted electric appliances
CN108932425A (en) * 2018-07-11 2018-12-04 飞天诚信科技股份有限公司 A kind of offline identity identifying method, Verification System and authenticating device
CN109005187A (en) * 2018-08-21 2018-12-14 广州飞硕信息科技股份有限公司 A kind of communication information guard method and device
CN109858201A (en) * 2018-12-29 2019-06-07 北京奇安信科技有限公司 A kind of security software pattern switching authorization method, client and server-side

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SYEDA IFFAT NAQVI;ADEEL AKRAM: "Pseudo-random key generation for secure HMAC-MD5", 《2011 IEEE 3RD INTERNATIONAL CONFERENCE ON COMMUNICATION SOFTWARE AND NETWORKS》 *
屈娟;李艳平: "基于动态身份的远程用户认证方案", 《山东大学学报(理学版)》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113784344A (en) * 2021-08-19 2021-12-10 杭州宇链科技有限公司 Trusted address binding device

Also Published As

Publication number Publication date
CN111147239B (en) 2022-02-11

Similar Documents

Publication Publication Date Title
AU2004307800B2 (en) Method for managing the security of applications with a security module
US7734280B2 (en) Method and apparatus for authentication of mobile devices
EP1512307B1 (en) Method and system for challenge-response user authentication
KR101047641B1 (en) Enhance security and privacy for security devices
CN100583758C (en) Identification method
US8171527B2 (en) Method and apparatus for securing unlock password generation and distribution
KR101315670B1 (en) Method for smart phone registration when accessing security authentication device and method for access authentication of registered smart phone
US20150350894A1 (en) Method and System for Establishing a Secure Communication Channel
US20200076606A1 (en) Blockchain key storage on sim devices
US6892308B1 (en) Internet protocol telephony security architecture
US11245526B2 (en) Full-duplex password-less authentication
CN107733636B (en) Authentication method and authentication system
JP2005033840A (en) Method and system establishing key through air transmission
US11812263B2 (en) Methods and apparatus for securely storing, using and/or updating credentials using a network device at a customer premises
CN111512608A (en) Trusted execution environment based authentication protocol
CN109525565B (en) Defense method and system for short message interception attack
JP2008312200A (en) Method and apparatus for operating wireless home area network
CN113572791B (en) Video Internet of things big data encryption service method, system and device
JP2005276122A (en) Access source authentication method and system
US20220116385A1 (en) Full-Duplex Password-less Authentication
CN112738030B (en) Data acquisition and sharing working method for agricultural technicians through big data analysis
US6665530B1 (en) System and method for preventing replay attacks in wireless communication
CN112202770A (en) Equipment networking method and device, equipment and storage medium
JPH05503816A (en) Method for authenticating and protecting subscribers in telephone communication systems
CN108667800B (en) Access authority authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Guo Weibin

Inventor after: Niu Guofu

Inventor after: Ren Jiayi

Inventor after: Ma Ji

Inventor after: Wu Zongpin

Inventor after: Lei Yulong

Inventor before: Guo Weibin

Inventor before: Niu Guofu

Inventor before: Ren Jiayi

Inventor before: Ma Ji

Inventor before: Wu Zhongpin

Inventor before: Lei Yulong

PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A Method and System for Offline Remote Authorization and Authentication

Effective date of registration: 20230412

Granted publication date: 20220211

Pledgee: China Construction Bank Corporation Zhengzhou Jinshui sub branch

Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd.

Registration number: Y2023980037751