CN111698259B - Dynamic authentication login equipment, system and method based on Bluetooth equipment - Google Patents

Dynamic authentication login equipment, system and method based on Bluetooth equipment Download PDF

Info

Publication number
CN111698259B
CN111698259B CN202010558291.1A CN202010558291A CN111698259B CN 111698259 B CN111698259 B CN 111698259B CN 202010558291 A CN202010558291 A CN 202010558291A CN 111698259 B CN111698259 B CN 111698259B
Authority
CN
China
Prior art keywords
authentication
password
user
login
dynamic authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010558291.1A
Other languages
Chinese (zh)
Other versions
CN111698259A (en
Inventor
陈德勇
陈磊
薛华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wuyou Chuangxiang Information Technology Co ltd
Original Assignee
Beijing Wuyou Chuangxiang Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wuyou Chuangxiang Information Technology Co ltd filed Critical Beijing Wuyou Chuangxiang Information Technology Co ltd
Priority to CN202010558291.1A priority Critical patent/CN111698259B/en
Publication of CN111698259A publication Critical patent/CN111698259A/en
Application granted granted Critical
Publication of CN111698259B publication Critical patent/CN111698259B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a dynamic authentication login device, a system and a method based on Bluetooth equipment, wherein the method comprises the following steps: step S1, receiving the login request, and performing first-layer authentication on the login request; step S2, after the first layer authentication is passed, verifying whether the current PC end is connected with the Bluetooth device, and when the current PC end is verified to be connected with the Bluetooth device, acquiring verification information of the current PC end for the second layer authentication, and transmitting the verification information to the Bluetooth device end and the background server; step S3, sending a password returning request to the Bluetooth device, and waiting for the dynamic authentication password returned by the Bluetooth device; step S4, when receiving the dynamic authentication password sent back by the Bluetooth equipment, stopping sending the password return request, and sending the dynamic authentication password and the user ID information sent back by the Bluetooth equipment to the background server for dynamic authentication password authentication; and step S5, processing the login result according to the obtained authentication confirmation information of the background server.

Description

Dynamic authentication login equipment, system and method based on Bluetooth equipment
Technical Field
The invention relates to the technical field of background login security, in particular to dynamic authentication login equipment, a system and a method for realizing two-layer dynamic password authentication login based on Bluetooth equipment.
Background
As technology advances, network systems are shifting toward a B/S (browser/server) model, and as web application systems increase, so too are web attacks.
For an enterprise, with the expansion and development of the enterprise, the number of employees increases, the number of potential competitors in the industry increases, and the security of data inside the enterprise becomes more and more important, and for each enterprise, it is urgently needed to improve the security of the background management system thereof. The identity authentication is used as a part of a security mechanism, plays a very important role in the work of protecting network assets and protecting user information security, can prevent an attacker from acquiring the related authority of the system, and effectively protects system resources and user data, so that a set of excellent identity authentication system is designed, the identity authentication technology is improved, and the system security is crucial.
Most background management systems currently adopt identity authentication systems based on user names and static passwords, and individual companies with high requirements on security are added with mobile phone number verification codes on the basis of 'mobile phone numbers and static passwords' to confirm that the current systems are logged in by the user.
However, as the requirements of various enterprises on data confidentiality and security of the background management system are increased, the current mode cannot ensure security under the following conditions:
1) after the administrator logs in the background system, if the administrator forgets to close the background system when leaving, other people can steal the system after leaving and check or download data;
2) when the static password of the user is leaked, the illegal user can intercept and take the verification code at the short message operator, and can log in the system when the user is absent;
therefore, it is desirable to provide a dynamic authentication login technique to solve the above problems.
Disclosure of Invention
In order to overcome the defects in the prior art, the present invention provides a dynamic authentication login device, system and method based on bluetooth device, so as to provide security of background login.
In order to achieve the above object, the present invention provides a dynamic authentication login device based on a bluetooth device, comprising:
the first layer authentication unit is used for receiving a login request of a current user and carrying out first layer authentication on the login request;
the Bluetooth device connection confirming unit is used for verifying whether the dynamic authentication login device is connected with the Bluetooth device or not after the first-layer authentication of the current user passes, and if the dynamic authentication login device is verified to be connected with the Bluetooth device, obtaining verification information of the dynamic authentication login device for second-layer authentication and transmitting the verification information to the Bluetooth device and the background server;
the password returning request and receiving unit is used for sending a password returning request to the Bluetooth equipment, waiting for a dynamic authentication password returned by the Bluetooth equipment, and stopping sending the password returning request when receiving the dynamic authentication password returned by the Bluetooth equipment;
the dynamic authentication request unit is used for transmitting the dynamic authentication password transmitted back by the Bluetooth equipment and the user ID information of the current user to a background server for dynamic authentication password authentication and waiting for authentication confirmation information of the background server;
and the login processing unit is used for processing a login result according to the obtained authentication confirmation information of the background server.
Preferably, the verification information for the second-layer authentication includes a mac address of the PC side as the dynamic authentication login device and a timestamp of the PC side.
Preferably, the bluetooth device side stores in advance a bluetooth device version number, a corresponding user ID, and a preset password generation mechanism, and calculates to obtain the dynamic authentication password through the password generation mechanism according to the mac address of the PC side, the timestamp of the PC side, the bluetooth device version number, and the corresponding user ID.
Preferably, each user ID and the corresponding bluetooth device version number v and a password generation mechanism are pre-stored in the background server, and a dynamic authentication password corresponding to the user ID information is generated through the password generation mechanism according to the received mac address of the PC, the timestamp of the PC, the user ID of the current login user and the bluetooth device version number corresponding to the user ID, and is stored in the record of the user ID in the background database.
Preferably, the apparatus further comprises:
the connection state query processing unit is used for acquiring the connection state of the Bluetooth equipment corresponding to the current user at intervals of a plurality of times under the state that the current user successfully logs in, and if the connection is kept, allowing the current user to normally access the background; and if the connection is disconnected, the current user is not allowed to access the background, and a login failure message is sent to the background.
In order to achieve the above object, the present invention further provides a dynamic authentication login system based on bluetooth device, comprising:
the dynamic authentication login device is used for receiving a login request of a current user, performing first-layer authentication on the login request, verifying whether the Bluetooth device is connected or not after the first-layer authentication of the current user is passed, acquiring verification information for second-layer authentication of the dynamic authentication login device when the Bluetooth device is verified to be connected, transmitting the verification information to a Bluetooth device end and a background server, then sending a password return request to the Bluetooth device, transmitting a dynamic authentication password and user ID information of the current user to the background server to perform dynamic authentication password authentication when the dynamic authentication password returned by the Bluetooth device is received, and processing a login result according to an authentication result;
the Bluetooth equipment acquires verification information which is sent by the dynamic authentication login equipment and is used for second-layer authentication after establishing connection with the dynamic authentication login equipment, and generates a dynamic authentication password through a preset password generation mechanism and transmits the dynamic authentication password back to the dynamic authentication login equipment according to the acquired verification information in combination with the current Bluetooth equipment version number and the corresponding user ID;
a background server for receiving the verification information for the second layer authentication transmitted by the dynamic authentication login device and the user ID of the current login user, obtaining the Bluetooth device version number corresponding to the user ID from a background database according to the user ID, generating the dynamic authentication password corresponding to the user ID information through the same password generation mechanism as the Bluetooth device according to the verification information, the user ID of the current login user and the Bluetooth device version number corresponding to the user ID, storing the dynamic authentication password in the record of the user ID in a background database, verifying whether the dynamic authentication password is consistent with the password corresponding to the corresponding user ID information stored in the background database according to the user ID information after receiving the dynamic authentication password and the user ID information generated by the Bluetooth device transmitted by the dynamic authentication login device, if the authentication information is consistent with the authentication information, returning authentication confirmation information of successful verification to the dynamic authentication login equipment; and if the authentication information is inconsistent with the authentication information, returning the authentication confirmation information failed in verification to the dynamic authentication login equipment.
Preferably, the bluetooth device pre-stores a bluetooth device version number, a corresponding user ID and a preset password generation mechanism; the background server stores each user ID and the version number of the corresponding Bluetooth device in advance and a password generation mechanism which is the same as that of the Bluetooth device.
Preferably, the verification information for the second layer authentication includes a mac address of the PC side as the dynamic authentication login device and a timestamp of the PC side.
Preferably, the password generation mechanism is as follows:
intercepting the first eight digits of a user ID;
respectively acquiring 1 bit of the acquired PC terminal Mac address from every two bits, and if the acquired content is letters, converting the letters into numbers according to an alphanumeric corresponding relation table corresponding to the current Bluetooth equipment version to obtain 6 digits;
according to the obtained time stamp of the PC end, each digit of the time minute and the second is taken to obtain 6 digits;
obtaining 1 digit according to the version number of the current Bluetooth device;
and generating the dynamic authentication password with the combination of 8 digits and letters according to the obtained contents and a preset password calculation formula.
In order to achieve the above object, the present invention further provides a dynamic authentication login method based on bluetooth device, comprising the following steps:
step S1, receiving a login request, and performing first-layer authentication on the login request;
step S2, after the first layer authentication is passed, verifying whether the current PC end is connected with the Bluetooth device, and when the current PC end is verified to be connected with the Bluetooth device, acquiring verification information of the current PC end for the second layer authentication, and transmitting the verification information to the Bluetooth device end and the background server;
step S3, sending a password returning request to the Bluetooth device, and waiting for the dynamic authentication password returned by the Bluetooth device;
step S4, when receiving the dynamic authentication password returned by the Bluetooth device, stopping sending the password return request, and transmitting the dynamic authentication password returned by the Bluetooth device and the user ID information to the background server for dynamic authentication password authentication, and waiting for the authentication confirmation information of the background server;
and step S5, processing the login result according to the obtained authentication confirmation information of the background server.
Compared with the prior art, the invention has the following advantages:
the invention utilizes the Bluetooth equipment to store the password, ensures that the password is only generated and verified when logging in a background system, ensures that the password cannot be seen by surrounding people by a non-visual password storage scheme, and does not need to be specially memorized by a user;
the dynamic password authentication mechanism realizes that the password is generated when being used, different users log in different PC equipment at different time to generate and authenticate different passwords, and the unique security of the passwords is ensured;
thirdly, the Bluetooth verification mechanism at intervals of a plurality of times realizes that the background system can automatically quit when the administrator is not near the computer, thereby ensuring the safety of system data.
Drawings
Fig. 1 is a schematic structural diagram of a dynamic authentication login device based on a bluetooth device according to the present invention;
FIG. 2 is a system architecture diagram of a Bluetooth device based dynamic authentication logon system of the present invention;
fig. 3 is a flowchart illustrating steps of a dynamic authentication login method based on bluetooth devices according to the present invention.
Detailed Description
Other advantages and capabilities of the present invention will be readily apparent to those skilled in the art from the present disclosure by describing the embodiments of the present invention with specific embodiments thereof in conjunction with the accompanying drawings. The invention is capable of other and different embodiments and its several details are capable of modification in various other respects, all without departing from the spirit and scope of the present invention.
Fig. 1 is a schematic structural diagram of a dynamic authentication login device based on a bluetooth device according to the present invention. As shown in fig. 1, a dynamic authentication login device based on bluetooth device of the present invention can be a PC terminal, and includes:
a first-layer authentication unit 101, configured to receive a login request of a current user, and perform first-layer authentication on the login request.
In the specific embodiment of the present invention, when the current user logs in the PC end background management system of the PC end serving as the dynamic authentication login device, a first layer of authentication is performed first, that is, user identity authentication is performed in a conventional authentication manner, for example, in a manner of "user name + static password", or "mobile phone number + static password + short message authentication code".
A bluetooth device connection confirming unit 102, configured to verify whether the PC terminal as the dynamic authentication login device is connected to the bluetooth device after the first-layer authentication of the current user passes, and when it is verified that the dynamic authentication login device is connected to the bluetooth device, acquire related information of the dynamic authentication login device and transmit the related information to the bluetooth device terminal and the background server, in a specific embodiment of the present invention, the dynamic authentication login device establishes a bluetooth connection with the bluetooth device through a bluetooth module, and when the bluetooth device connection confirming unit 102 verifies that the bluetooth device is connected, acquire a mac address of the PC terminal and a timestamp of the PC terminal as the dynamic authentication login device and form a transmission data packet to be transmitted to the bluetooth device, and simultaneously transmit the mac address of the PC terminal as the dynamic authentication login device, the timestamp of the PC terminal and ID information of the current login user, and forming a transmission data packet and transmitting the transmission data packet to the background server. The user ID information refers to a 12-digit number randomly generated by the system for each user, such as U1 U2 U3 U4 U5 U6 U7 U8U9U10 U11 U12The user ID information is generated when each user registers an administrator in the system, and the user ID information of each administrator is different.
The password feedback request and receiving unit 103 is configured to send a password feedback request to the bluetooth device, wait for a dynamic authentication password returned by the bluetooth device, and stop sending the password feedback request when receiving the dynamic authentication password returned by the bluetooth device.
In the embodiment of the present invention, after the bluetooth device connection confirming unit 102 transmits the obtained mac address of the PC end and the timestamp of the PC end to the bluetooth device, the password returning request and receiving unit 103 sends a password returning request to the bluetooth device at intervals (for example, at intervals of 0.5s), and after the bluetooth device receives a data packet transmitted by the PC end, the dynamic authentication password is calculated by a preset password generation mechanism according to the user ID information stored in the bluetooth device, the version number of the bluetooth device, the received mac address of the PC end, and the received timestamp of the PC end, and is returned to the dynamic authentication login device, and then the password returning request and receiving unit 103 receives the dynamic authentication password sent by the bluetooth device end, and stops sending the password returning request to the bluetooth device at intervals of 0.5 s.
And the dynamic authentication request unit 104 is configured to transmit the dynamic authentication password and the user ID information of the current user, which are transmitted back by the bluetooth device, to the background server to perform dynamic authentication password authentication, and wait for authentication confirmation information of the background server.
Specifically, after the password feedback request and receiving unit 103 receives the dynamic authentication password returned by the bluetooth device, the dynamic authentication request unit 104 transmits the dynamic authentication password and the user ID information of the current user to the background server to perform a dynamic authentication request, and then waits for the authentication confirmation information of the background server.
At a background server end, after receiving a data packet which is transmitted by a bluetooth device connection confirmation unit 102 at a PC end and comprises a mac address of the PC end, a timestamp of the PC end and user ID information of a current login user, generating a dynamic authentication password for the mac address of the PC end and the timestamp of the PC end through a password generation mechanism, and storing the dynamic authentication password and the corresponding user ID information in a background database; after the background server receives the dynamic authentication password and the user ID information generated by the Bluetooth device end and transmitted by the dynamic authentication request unit 104 of the PC end, whether the dynamic authentication password is consistent with the password corresponding to the corresponding user ID information stored in the database is verified according to the user ID information, if so, authentication confirmation information of successful verification is returned to the dynamic authentication login device (namely the PC end); and if the authentication information is inconsistent with the authentication information, returning authentication confirmation information failed in verification to the dynamic authentication login equipment (namely the PC end).
And a login processing unit 105, configured to perform login result processing according to the obtained authentication confirmation information of the backend server.
Specifically, after receiving the authentication confirmation information returned by the backend server through the interface, the login processing unit 105 prompts the user on the login page that the authentication fails if the authentication is a failure message, please click a button to re-verify the authentication, and if the authentication is a success message, the current user ID logs in successfully, and allows the current user to enter the backend management center.
Preferably, one of the dynamic authentication login devices based on the bluetooth device in the present invention further includes:
the connection state query processing unit is used for acquiring the connection state of the Bluetooth equipment corresponding to the current user at intervals of a plurality of times under the state that the current user successfully logs in, and if the connection is kept, allowing the current user to normally access the background; and if the connection is disconnected, the current user is not allowed to access the background, and a login failure message is sent to the background.
Preferably, the background server judges the login state each time the user accesses the background page, and if the login state of the user is judged to be invalid, the dynamic authentication login device is enabled to jump to the login page to enable the user to log in again; and if the login state of the user is valid, allowing the user to normally access the background page in the background.
Fig. 2 is a system architecture diagram of a dynamic authentication login system based on a bluetooth device according to the present invention. As shown in fig. 2, the dynamic authentication login system based on bluetooth device of the present invention includes:
the dynamic authentication login device 20 is a PC terminal, and is configured to receive a login request of a current user, perform first-layer authentication on the login request, verify whether a bluetooth device is connected after the first-layer authentication of the current user is passed, acquire relevant information of the dynamic authentication login device when the bluetooth device is verified to be connected, transmit the relevant information to the bluetooth device terminal and the background server, send a password return request to the bluetooth device, and transmit a dynamic authentication password and user ID information of the current user to the background server to perform dynamic authentication password authentication when the dynamic authentication password returned by the bluetooth device is received.
Since the structure and function of the dynamic authentication login device 20 have been described in detail above, they are not described in detail herein.
The bluetooth device 21 pre-stores a device version number v, a corresponding user ID and a preset password generation mechanism, and after connecting with the dynamic authentication login device 20, the bluetooth device 21 acquires the relevant information of the dynamic authentication login device 20 sent by the dynamic authentication login device 20, and generates a dynamic authentication password according to the acquired information and by combining the device version number v and the corresponding user ID through the password generation mechanism and sends the dynamic authentication password back to the dynamic authentication login device 20.
That is, in order to implement the present invention, it is necessary to configure corresponding bluetooth devices for users allowed to log in, record the ID of the corresponding user and the version number of the bluetooth device in each bluetooth device, and set a password generation mechanism, and store each user ID and the version number of the bluetooth device corresponding to the user ID in a background database of a background server.
Specifically, the bluetooth device 21 further includes:
a bluetooth connection unit 210, configured to establish a bluetooth connection with the dynamic authentication login device 20.
Since the bluetooth connection establishment process of the present invention is the same as the related art, it will not be described herein.
A dynamic authentication password generating unit 210, configured to acquire information related to the dynamic authentication login device 20 sent by the dynamic authentication login device 20, and generate a dynamic authentication password based on a password generation mechanism according to the information, the stored bluetooth device version number v and the corresponding user ID, and send the dynamic authentication password back to the dynamic authentication login device 20.
In an embodiment of the present invention, the dynamic authentication password generating unit 210 obtains a mac address of a PC end and a timestamp of the PC end as the dynamic authentication login device, and calculates and obtains the dynamic authentication password through a password generating mechanism according to the mac address of the PC end, the timestamp of the PC end, the device version number v, and a corresponding user ID.
In the present invention, since different bluetooth devices store different device version numbers and user IDs, the bluetooth devices 21 corresponding to different users can obtain different passwords after receiving the PC mac address and the PC timestamp transmitted from the dynamic authentication login device 20, thereby realizing the restriction that only the currently logged-in user can access the background system.
The background server 22 stores each user ID and the corresponding Bluetooth device version number v and a password generation mechanism in advance, used for receiving a data packet transmitted by the PC side as the dynamic authentication login device and comprising the mac address of the PC side, the time stamp of the PC side and the user ID information of the current login user, obtaining the version number of the Bluetooth equipment corresponding to the user ID from a background database according to the user ID, generating a dynamic authentication password corresponding to the user ID information through a password generation mechanism according to the mac address of the PC terminal, the timestamp of the PC terminal, the user ID of the current login user and the version number of the Bluetooth equipment corresponding to the user ID, the user ID is stored in a record of the user ID in a background database, that is, the background database stores the version number v of the Bluetooth device corresponding to each user ID, an 'alphanumeric corresponding relation' table and a 'remainder and password corresponding relation' table corresponding to the version number v of each Bluetooth device in advance; after receiving the dynamic authentication password and the user ID information generated by the bluetooth device 21 transmitted by the dynamic authentication login device, verifying whether the dynamic authentication password is consistent with the password corresponding to the corresponding user ID information stored in the background database according to the user ID information, and if so, returning authentication confirmation information of successful verification to the dynamic authentication login device 20; if the authentication information is not consistent, the authentication confirmation information with failed verification is returned to the dynamic authentication login device 20.
In a specific embodiment of the present invention, the password generation mechanism of the bluetooth device and the background server is as follows:
in this embodiment, the output result of the defined cryptographic formula is a combination of 8 digits and letters, and is assumed to be X1X2X3X4X5X6X7X8The generation process is as follows:
step 1, intercepting the first eight bits of the user ID. In the present invention, the user ID is a 12-digit number randomly generated by the system for each user, such as U1 U2 U3 U4 U5 U6 U7 U8U9U10 U11 U12Taking the first eight bits to obtain U1 U2 U3U4 U5 U6 U7 U8
And 2, respectively acquiring 1 bit of the acquired PC terminal Mac address from every two bits, and if the acquired content is letters, converting the acquired content into numbers according to an alphanumeric correspondence table corresponding to the current Bluetooth equipment version to acquire 6-bit numbers. In this embodiment, if the PC mac address currently logged in the background: a a ': b b': c c ': d d': e e ': f f' (where a-f, a '-f' are letters or numbers), then take a 'b' c'd' e 'f' for it, if there is a letter in a 'b' c'd' e 'f', then convert the letter into a number according to the alphanumeric correspondence table corresponding to the current bluetooth device version v, get 6 numbers: a ", b", c ", d", e ", f"; in this embodiment, it is assumed that the alphanumeric correspondence table corresponding to the bluetooth device version v1 is shown in table 1 below:
table 1 the alphanumeric correspondence table for version v 1:
a b c d e f g h i j k l m
1 2 3 4 5 6 7 8 9 10 11 12 13
n o p q r s t u v w x y z
14 15 16 17 18 19 20 21 22 23 24 25 26
and 3, according to the obtained time stamp of the PC end, taking each digit of the time minute and the second to obtain 6 digits. In this embodiment, it is assumed that the time stamp of the PC side is obtained as: h h ': m m ': s s ' (where h, m, s, h ', m ', s ' are all numbers) gives 6 numbers h, h ', m, m ', s, s ';
step 4, obtaining 1 digit according to the version number of the current bluetooth device, in this embodiment, assuming that the version number of the current bluetooth device is v, where v is an integer greater than 0, and this embodiment takes the version number v1 as an example.
Step 5, obtaining the content according to the step 1 to the step 4Generating 8-bit password X of combination of numbers and letters according to password calculation formula1X2X3X4X5X6X7X8. In this embodiment, the 8-bit password X1X2X3X4X5X6X7X8Each digit of the code is independently calculated by using a corresponding code calculation formula to obtain a remainder, and the rest of the digits are converted according to the corresponding relation between the remainder and the code to obtain the code of the corresponding digit, wherein the code calculation formula of each digit is as follows:
X1=(u1+a”+v1) /36, taking the remainder, and converting the remainder into X according to the corresponding relation between the remainder and the password1A bit password;
X2=(u2+b”+v1) And/36, taking the remainder, and converting the remainder into X according to the corresponding relation table of the remainder and the password2A bit password;
X3=(u3+c”+h+v1) And/36, taking the remainder, and converting the remainder into X according to the corresponding relation table of the remainder and the password3A bit password;
X4=(u4+d”+h’+v1) And/36, taking the remainder, and converting the remainder into X according to the corresponding relation table of the remainder and the password4A bit password;
X5=(u5+e”+m+v1) /36, taking the remainder, and converting the remainder into X according to the corresponding relation table of the remainder and the password5A bit password;
X6=(u6+f”+m’+v1) And/36, taking the remainder, and converting the remainder into X according to the corresponding relation table of the remainder and the password6A bit password;
X7=(u7+s+v1) /36, taking the remainder, and converting the remainder into X according to the corresponding relation table of the remainder and the password7A bit password;
X8=(u8+s’+v1) And/36, taking the remainder, and converting the remainder into X according to the corresponding relation table of the remainder and the password8A bit password;
in the password formula, different calculation formulas are adopted for different digits in the password, different digits are selected from user ID information, a mac address of a PC, a PC timestamp and an equipment version number to be combined, the randomness of the password is ensured, and the dynamic property of the password is ensured by adding the PC timestamp; meanwhile, in order to generate the password with both numbers and letters, the invention considers that the numbers have 10 bits and the letters have 26 bits, so 36(10+26) is used as a divisor in the password formula, and then the rest numbers are converted into one number or letter through a remainder and password corresponding relation table.
In this embodiment, it is assumed that the correspondence table of the remainder and the password corresponding to the bluetooth device version v1 is shown in table 2 below
Table 2 remainder to password correspondence table for version v 1:
0 1 2 3 4 5 6 7 8 9 10 11
0 1 2 3 4 5 6 7 8 9 a b
12 13 14 15 16 17 18 19 20 21 22 23
c d e f g h i j k l m n
24 25 26 27 28 29 30 31 32 33 34 35
o p q r s t u v w x y z
of course, different versions of bluetooth devices correspond to different corresponding relationship tables of the remainder and the password, and the embodiment is only exemplified by the corresponding relationship table of version v1, which is not limited in the present invention.
Therefore, in the present invention, in order to calculate the password, the bluetooth device 21 and the background database 22 need to store the following information in advance:
in the bluetooth device 21, a bluetooth device version number v, a user ID, a password calculation formula of each bit, an alphanumeric correspondence table corresponding to the current version v, and a remainder and password correspondence table corresponding to the current version v need to be stored in advance; in the background database, the bluetooth device version number v corresponding to each user ID, the alphanumeric correspondence table corresponding to each bluetooth device version number v, and the remainder and password correspondence table need to be stored in advance.
Fig. 3 is a flowchart illustrating steps of a dynamic authentication login method based on a bluetooth device according to the present invention. As shown in fig. 3, the dynamic authentication login method based on bluetooth device of the present invention includes the following steps:
step S1, receiving a login request, and performing first-layer authentication on the login request.
In the specific embodiment of the present invention, when a user logs in a PC-side background management system as a dynamic authentication login device, a first layer of verification is performed first, that is, user identity verification is performed in an existing authentication manner, for example, in a manner of "user name + static password", or "mobile phone number + static password + short message verification code".
Step S2, after the first layer authentication passes, it is verified whether the current PC end is connected to the bluetooth device, and when it is verified that the current PC end is connected to the bluetooth device, the relevant information of the current PC end is obtained and transmitted to the bluetooth device end and the background server.
Step S3, sending a password return request to the bluetooth device, and waiting for the dynamic authentication password returned by the bluetooth device.
In the embodiment of the present invention, after the obtained mac address of the current PC end and the timestamp of the current PC are transmitted to the bluetooth device, the PC end sends a password return request to the bluetooth device at intervals (for example, at intervals of 0.5s), and after the bluetooth device receives a data packet transmitted by the PC end, a dynamic authentication password is calculated by a preset password generation mechanism and returned to the PC end.
And after receiving the mac address of the PC end and the timestamp of the PC end transmitted by the PC end, calculating a dynamic authentication password through the preset password generation mechanism according to the equipment version number v, the corresponding user ID, the mac address of the PC end and the timestamp of the PC end.
Step S4, when receiving the dynamic authentication password returned by the bluetooth device, stopping sending the password return request, and sending the dynamic authentication password returned by the bluetooth device and the user ID information to the background server for dynamic authentication password authentication, and waiting for the authentication confirmation information of the background server.
Specifically, after receiving the dynamic authentication password returned by the bluetooth device at the PC, the PC transmits the dynamic authentication password and the user ID information to the background server, then stops the request to the bluetooth device at intervals, and waits for the authentication confirmation information of the background server.
The method comprises the steps that each user ID and a corresponding Bluetooth equipment version number v are stored in a background server side in advance, after a transmission data packet which is transmitted by a PC side and comprises a mac address of a current PC, a timestamp of the current PC and a user ID of a current login user is received, a dynamic authentication password is generated through a password generation mechanism according to the mac address of the current PC and the timestamp of the current PC, and the dynamic authentication password and corresponding user ID information are stored in a background database; after the background server receives a dynamic authentication password generated by the Bluetooth equipment end and transmitted from the PC end, verifying whether the dynamic authentication password is consistent with a password corresponding to corresponding user ID information stored in a database according to the user ID information, and if so, returning authentication confirmation information of successful verification to the PC end; if not, the authentication confirmation information of the verification failure is returned to the PC terminal.
And step S5, processing the login result according to the obtained authentication confirmation information of the background server.
Specifically, after receiving a message returned by the background server through the interface, if the message is a message of failed authentication, the PC prompts the user that ' the authentication failed ' on the login page, please click a button to re-authenticate ', and if the message is a message of successful authentication, the current user ID is successfully logged in, and the current user is allowed to enter the background management center.
Preferably, one of the dynamic authentication login methods based on bluetooth devices in the present invention further includes the following steps:
under the successful login state, acquiring the connection state of the Bluetooth equipment corresponding to the current user at intervals of a plurality of times, and if the connection is kept, allowing the current user to normally access the background; and if the connection is disconnected, sending a login failure message to the background.
Examples
In this embodiment, the dynamic authentication login device is a PC, and first, a bluetooth device available to a background administrator is issued to the background administrator, when a user logs in the background through the PC, first, a first layer of authentication of 'a mobile phone number + a static password + a short message verification code' is performed, and after the first layer of authentication passes, a second layer of authentication is further performed.
Any static password verification mode is risky, for example, if only the mac address of the bluetooth device is verified or a fixed static password is stored in the bluetooth device, the mac address or the static password can be maliciously acquired, and then a malicious operator can transmit the static password to a background server through cracking a taken background verification interface under the condition that the bluetooth device is not taken, so that the purpose of logging in a background when a user is absent can be achieved through two-layer password authentication, and the second-layer authentication cannot adopt the static password verification mode.
In this embodiment, the procedure of the second layer verification is as follows: when a user logs in a PC end background management system, a personal Bluetooth device is required to be connected to a PC end serving as a dynamic authentication login device, Bluetooth authentication is required when the PC end logs in the system, the PC end sends a mac address and a timestamp of the PC end to the Bluetooth device, user ID information, the mac address and the timestamp of the PC end are sent to a background server, then the background server end and the Bluetooth device end respectively and independently calculate dynamic authentication passwords according to the received mac address and the received timestamp of the PC end, the user ID and the Bluetooth device version number, and the background server end compares whether a generated password of a background server is consistent with a generated password of the Bluetooth device or not so as to realize second-layer authentication of the invention.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Modifications and variations can be made to the above-described embodiments by those skilled in the art without departing from the spirit and scope of the present invention. Therefore, the scope of the invention should be determined from the following claims.

Claims (9)

1. A dynamic authentication login device based on a bluetooth device, comprising:
the first layer authentication unit is used for receiving a login request of a current user and carrying out first layer authentication on the login request;
the Bluetooth device connection confirming unit is used for verifying whether the dynamic authentication login device is connected with the Bluetooth device or not after the first-layer authentication of the current user passes, and acquiring verification information of the dynamic authentication login device for second-layer authentication if the dynamic authentication login device is verified to be connected with the Bluetooth device, and transmitting the verification information to the Bluetooth device and the background server;
the password returning request and receiving unit is used for sending a password returning request to the Bluetooth equipment and waiting for a dynamic authentication password returned by the Bluetooth equipment;
the dynamic authentication request unit is used for transmitting the dynamic authentication password transmitted back by the Bluetooth equipment and the user ID information of the current user to a background server for dynamic authentication password authentication and waiting for authentication confirmation information of the background server;
the login processing unit is used for processing a login result according to the obtained authentication confirmation information of the background server;
the connection state query processing unit is used for acquiring the connection state of the Bluetooth equipment corresponding to the current user at intervals of a plurality of times under the state that the current user successfully logs in, and if the connection is kept, allowing the current user to normally access the background; and if the connection is disconnected, the current user is not allowed to access the background, and a login failure message is sent to the background.
2. The dynamic authentication login device based on bluetooth device as claimed in claim 1, wherein: the verification information for the second layer authentication includes a mac address of the PC side as the dynamic authentication login device and a timestamp of the PC side.
3. The dynamic authentication login device based on bluetooth device as claimed in claim 2, wherein: and the Bluetooth equipment end is prestored with a Bluetooth equipment version number, a corresponding user ID and a preset password generation mechanism, and the dynamic authentication password is obtained by calculation through the password generation mechanism according to the mac address of the PC end, the timestamp of the PC end, the Bluetooth equipment version number and the corresponding user ID.
4. The dynamic authentication login device based on bluetooth device as claimed in claim 3, wherein: and the background server side prestores each user ID and the corresponding Bluetooth equipment version number v and a password generation mechanism, generates a dynamic authentication password corresponding to the user ID information through the password generation mechanism according to the received mac address of the PC side, the timestamp of the PC side, the user ID of the current login user and the Bluetooth equipment version number corresponding to the user ID, and stores the dynamic authentication password in the record of the user ID in a background database.
5. A dynamic authentication login system based on a bluetooth device, comprising:
the dynamic authentication login device is used for receiving a login request of a current user, performing first-layer authentication on the login request, verifying whether the Bluetooth device is connected or not after the first-layer authentication of the current user is passed, acquiring verification information for second-layer authentication of the dynamic authentication login device when the Bluetooth device is verified to be connected, transmitting the verification information to a Bluetooth device end and a background server, then sending a password return request to the Bluetooth device, transmitting a dynamic authentication password and user ID information of the current user to the background server to perform dynamic authentication password authentication when the dynamic authentication password returned by the Bluetooth device is received, and processing a login result according to an authentication result;
the Bluetooth equipment acquires verification information which is sent by the dynamic authentication login equipment and is used for second-layer authentication after establishing connection with the dynamic authentication login equipment, and generates a dynamic authentication password through a preset password generation mechanism and transmits the dynamic authentication password back to the dynamic authentication login equipment according to the acquired verification information in combination with the current Bluetooth equipment version number and the corresponding user ID;
a background server for receiving the verification information for the second layer authentication transmitted by the dynamic authentication login device and the user ID of the current login user, obtaining the Bluetooth device version number corresponding to the user ID from a background database according to the user ID, generating the dynamic authentication password corresponding to the user ID information through the same password generation mechanism as the Bluetooth device according to the verification information, the user ID of the current login user and the Bluetooth device version number corresponding to the user ID, storing the dynamic authentication password in the record of the user ID in a background database, verifying whether the dynamic authentication password is consistent with the password corresponding to the corresponding user ID information stored in the background database according to the user ID information after receiving the dynamic authentication password and the user ID information generated by the Bluetooth device transmitted by the dynamic authentication login device, if the authentication information is consistent with the authentication information, returning authentication confirmation information of successful verification to the dynamic authentication login equipment; and if the authentication information is inconsistent with the authentication information, returning the authentication confirmation information failed in verification to the dynamic authentication login equipment.
6. The dynamic authentication login system based on bluetooth device as claimed in claim 5, wherein: the Bluetooth device is prestored with a Bluetooth device version number, a corresponding user ID and a preset password generation mechanism; the background server stores each user ID and the version number of the corresponding Bluetooth device in advance and a password generation mechanism which is the same as that of the Bluetooth device.
7. The dynamic authentication login system based on bluetooth device as claimed in claim 6, wherein: the verification information for the second layer authentication includes a mac address of the PC side as the dynamic authentication login device and a timestamp of the PC side.
8. The dynamic authentication login system based on bluetooth device as claimed in claim 7, wherein said password generation mechanism is as follows:
intercepting the first eight digits of a user ID;
respectively acquiring 1 bit of the acquired PC terminal Mac address from every two bits, and if the acquired content is letters, converting the letters into numbers according to an alphanumeric corresponding relation table corresponding to the current Bluetooth equipment version to obtain 6 digits;
according to the obtained time stamp of the PC end, each digit of the time minute and the second is taken to obtain 6 digits;
obtaining 1 digit according to the version number of the current Bluetooth device;
and generating the dynamic authentication password with the combination of 8 digits and letters according to the obtained contents and a preset password calculation formula.
9. A dynamic authentication login method based on Bluetooth equipment comprises the following steps:
step S1, receiving a login request, and performing first-layer authentication on the login request;
step S2, after the first layer authentication is passed, verifying whether the current PC end is connected with the Bluetooth device, and when the current PC end is verified to be connected with the Bluetooth device, acquiring verification information of the current PC end for the second layer authentication, and transmitting the verification information to the Bluetooth device end and the background server;
step S3, sending a password returning request to the Bluetooth device, and waiting for the dynamic authentication password returned by the Bluetooth device;
step S4, when receiving the dynamic authentication password returned by the Bluetooth device, stopping sending the password return request, and transmitting the dynamic authentication password returned by the Bluetooth device and the user ID information to the background server for dynamic authentication password authentication, and waiting for the authentication confirmation information of the background server;
step S5, processing the login result according to the obtained authentication confirmation information of the background server; under the condition that the current user successfully logs in, acquiring the connection state of the Bluetooth equipment corresponding to the current user at intervals of a plurality of times, and if the connection is kept, allowing the current user to normally access the background; and if the connection is disconnected, the current user is not allowed to access the background, and a login failure message is sent to the background.
CN202010558291.1A 2020-06-18 2020-06-18 Dynamic authentication login equipment, system and method based on Bluetooth equipment Active CN111698259B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010558291.1A CN111698259B (en) 2020-06-18 2020-06-18 Dynamic authentication login equipment, system and method based on Bluetooth equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010558291.1A CN111698259B (en) 2020-06-18 2020-06-18 Dynamic authentication login equipment, system and method based on Bluetooth equipment

Publications (2)

Publication Number Publication Date
CN111698259A CN111698259A (en) 2020-09-22
CN111698259B true CN111698259B (en) 2022-05-10

Family

ID=72482022

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010558291.1A Active CN111698259B (en) 2020-06-18 2020-06-18 Dynamic authentication login equipment, system and method based on Bluetooth equipment

Country Status (1)

Country Link
CN (1) CN111698259B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112104672B (en) * 2020-11-12 2021-03-16 飞天诚信科技股份有限公司 Method and system for downloading Bluetooth equipment certificate through WeChat applet
CN113141604B (en) * 2021-04-27 2023-04-07 河北爱其科技有限公司 Bluetooth safety communication system
CN113422757B (en) * 2021-06-04 2023-04-07 广西电网有限责任公司 Document management system based on encryption application

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1777098A (en) * 2004-11-16 2006-05-24 上海盛大网络发展有限公司 Dynamic cipher authentication system, method and its use
CN105099713A (en) * 2015-09-30 2015-11-25 成都信汇聚源科技有限公司 Bluetooth dynamic password security authentication method for setting equipment password by means of handheld terminal based on cloud computing platform
CN105141639A (en) * 2015-09-30 2015-12-09 成都信汇聚源科技有限公司 Cloud-computing-platform-based bluetooth dynamic password security certificate method
CN105306452A (en) * 2015-09-30 2016-02-03 成都信汇聚源科技有限公司 Bluetooth dynamic password security authentication method avoiding device password transmission and based on cloud computing platform
WO2017214818A1 (en) * 2016-06-13 2017-12-21 刘文婷 Member passing authentication method and system for wireless network access device
CN110012149A (en) * 2019-02-18 2019-07-12 深圳壹账通智能科技有限公司 Application management method, device, terminal and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1777098A (en) * 2004-11-16 2006-05-24 上海盛大网络发展有限公司 Dynamic cipher authentication system, method and its use
CN105099713A (en) * 2015-09-30 2015-11-25 成都信汇聚源科技有限公司 Bluetooth dynamic password security authentication method for setting equipment password by means of handheld terminal based on cloud computing platform
CN105141639A (en) * 2015-09-30 2015-12-09 成都信汇聚源科技有限公司 Cloud-computing-platform-based bluetooth dynamic password security certificate method
CN105306452A (en) * 2015-09-30 2016-02-03 成都信汇聚源科技有限公司 Bluetooth dynamic password security authentication method avoiding device password transmission and based on cloud computing platform
WO2017214818A1 (en) * 2016-06-13 2017-12-21 刘文婷 Member passing authentication method and system for wireless network access device
CN110012149A (en) * 2019-02-18 2019-07-12 深圳壹账通智能科技有限公司 Application management method, device, terminal and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于手机蓝牙的身份认证系统研究;吴玮;《硅谷》;20091123(第22期);第45页 *

Also Published As

Publication number Publication date
CN111698259A (en) 2020-09-22

Similar Documents

Publication Publication Date Title
CN111698259B (en) Dynamic authentication login equipment, system and method based on Bluetooth equipment
CN102638473B (en) User data authorization method, device and system
CN105592065B (en) A kind of Website logging method and its login system based on SMS
US8424068B2 (en) Methods and apparatus for providing application credentials
US7024690B1 (en) Protected mutual authentication over an unsecured wireless communication channel
US20210092108A1 (en) Non-custodial tool for building decentralized computer applications
US20210234850A1 (en) System and method for accessing encrypted data remotely
CN104253784A (en) Logging and authorization method and system
CN1433537A (en) Security link management in dynamic networks
WO2012120106A1 (en) Method and system for granting access to a secured website
CN103636162A (en) Authentication system via two communication devices
CN100365974C (en) Device and method for controlling computer access
CN101136915A (en) Method and system for implementing multi-service united safety authentication
US20110185174A1 (en) System and Method for Providing a One-Time Key for Identification
CN113055185A (en) Token-based authentication method and device, storage medium and electronic device
CN116248351A (en) Resource access method and device, electronic equipment and storage medium
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN115118454B (en) Cascade authentication system and authentication method based on mobile application
JP4914725B2 (en) Authentication system, authentication program
KR100566632B1 (en) User authentication apparatus and method using internet domain information
JP2002073562A (en) Method and device for accessing plural sites by single user password
JP2000224162A (en) Client authentication method using irreversible function
CN111277571A (en) Enterprise APP login management system based on zero-knowledge proof
FI115097B (en) Circuit authentication method in online data communication, involves forming authentication key for encrypting client credentials independent of client response using client's secret
CN117579402A (en) Platform secondary authentication login system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant