CN112260831A - Security authentication method based on dynamic key - Google Patents

Security authentication method based on dynamic key Download PDF

Info

Publication number
CN112260831A
CN112260831A CN202011154759.7A CN202011154759A CN112260831A CN 112260831 A CN112260831 A CN 112260831A CN 202011154759 A CN202011154759 A CN 202011154759A CN 112260831 A CN112260831 A CN 112260831A
Authority
CN
China
Prior art keywords
dynamic key
authentication method
security authentication
verification code
based security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011154759.7A
Other languages
Chinese (zh)
Inventor
郭凤
徐兵兵
侯冬刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Inspur Business System Co Ltd
Original Assignee
Shandong Inspur Business System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Inspur Business System Co Ltd filed Critical Shandong Inspur Business System Co Ltd
Priority to CN202011154759.7A priority Critical patent/CN112260831A/en
Publication of CN112260831A publication Critical patent/CN112260831A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the field of data transmission, and particularly provides a security authentication method based on a dynamic key, which comprises the following steps: s1, the client generates a dynamic key; s2, the client side adopts dynamic key encryption transmission; s3, the server receives the authentication request and carries out attack detection; s4, intercepting by an intelligent intercepting module; s5, receiving the decrypted data, and comparing the decrypted data with a database; and S6, generating authorization information. Compared with the prior art, the method and the device can effectively solve the problem of sensitive information leakage, ensure data security, effectively identify access attack, prevent violent password cracking and improve system security.

Description

Security authentication method based on dynamic key
Technical Field
The invention relates to the field of data transmission, and particularly provides a security authentication method based on a dynamic key.
Background
The safety of data is mainly that the modern cryptographic algorithm is adopted to carry out active protection on the data, such as data confidentiality, data integrity, bidirectional identity authentication and the like, and must be based on a reliable cryptographic algorithm and a safety system. With the frequent occurrence of network attacks and sensitive data leakage events, how to protect the security of network transmission data becomes an irrevocable problem.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a security authentication method based on a dynamic key with strong practicability.
The technical scheme adopted by the invention for solving the technical problems is as follows:
a security authentication method based on dynamic keys comprises the following steps:
s1, the client generates a dynamic key;
s2, the client side adopts dynamic key encryption transmission;
s3, the server receives the authentication request and carries out attack detection;
s4, intercepting by an intelligent intercepting module;
s5, receiving the decrypted data, and comparing the decrypted data with a database;
and S6, generating authorization information.
Further, in step S1, the client requests to generate the verification code, then performs secondary MD5 encryption on the verification code, and extracts a part of the two encryption results according to a certain rule to form a 16-bit dynamic key.
Preferably, the verification code is encrypted by MD5 for the first time, 16 bits of the result of the encryption by MD5 for the first time are intercepted and then encrypted by MD5 for the second time, the last 10 bits of the result of the second encryption are taken and spliced with the first 6 bits of the result of the first encryption to form a 16-bit dynamic key.
Further, in step S2, the plaintext data is encrypted by using the AES algorithm, and the encrypted result is transcoded by using the BASE64 algorithm and then transmitted.
Further, in step S3, the validity of the verification code is checked, the verification code is invalid, the error information is recorded, the request is intercepted, and the verification code becomes invalid after the verification is completed.
Further, after verification of the verification code is passed, decryption is carried out, a key is generated according to a dynamic key rule, an attempt is made to decrypt a ciphertext, and error information is recorded when decryption fails.
Further, in step S4, the server intelligent interception module identifies an authentication request IP address, and intercepts an IP initiation request in the blacklist.
Further, in step S5, the server security management and control module receives the decrypted data, compares the decrypted data with information in the database, and identifies a password enumeration attack;
and when the password is wrong, recording the password error times of the account, and locking the current account when the error times are accumulated to exceed 5 times.
Further, in step S6, the server authentication and authorization module generates authorization information token (secret number) for the request passing the verification, and returns the authorization information token (secret number) to the client for authorization.
Compared with the prior art, the security authentication method based on the dynamic key has the following outstanding advantages that:
the security authentication method based on the dynamic key can effectively solve the problem of sensitive information leakage, ensure data security, effectively identify access attack, prevent violent password cracking and improve system security.
The authentication method can be popularized to other industries and refined into a basic universal module.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flow chart of a security authentication method based on a dynamic key.
Detailed Description
The present invention will be described in further detail with reference to specific embodiments in order to better understand the technical solutions of the present invention. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A preferred embodiment is given below:
as shown in fig. 1, a security authentication method based on a dynamic key in this embodiment includes the following steps:
s1, the client generates a dynamic key;
the client requests to generate the verification code, then the verification code is subjected to one-time MD5 encryption, and 16 bits of the encrypted result are intercepted and then subjected to one-time MD5 encryption. And taking the last 10 bits of the second encryption result, splicing with the first 6 bits of the first encryption result, and combining to form a 16-bit dynamic key.
And the randomness of the verification code is utilized, and the security of the dynamic secret key is ensured by adopting multiple encryption.
S2, the client side adopts dynamic key encryption transmission;
and encrypting the plaintext data by adopting an AES algorithm, transcoding the encrypted result by adopting a BASE64 algorithm, and then transmitting the transcoded result.
The client side adopts the dynamic key to encrypt and transmit the sensitive data, so that the data security of the transmission layer is ensured, and the information leakage is prevented.
S3, the server receives the authentication request and carries out attack detection;
verifying the validity of the verification code, making the verification code invalid, recording error information, and intercepting the request. And the verification code is invalid after verification is completed, so that the reliability of the verification code is ensured. And after the verification of the verification code is passed, decrypting. And generating a key according to the dynamic key rule, trying to decrypt the ciphertext, and recording error information when decryption fails. The number of errors of the same IP exceeds 5 times within one minute, and the error is listed in an IP black list.
S4, intercepting by an intelligent intercepting module;
and the server intelligent interception module identifies the IP address of the authentication request and intercepts the IP initiation request in the blacklist.
S5, receiving the decrypted data, and comparing the decrypted data with a database;
and the server side safety control module receives the decrypted data, compares the decrypted data with information in the database and identifies the password enumeration attack.
And when the password is wrong, recording the password error times of the account, and locking the current account when the error times are accumulated to exceed 5 times.
S6, generating authorization information;
and the server authentication and authorization module generates authorization information token for the request passing the verification and returns the authorization information token to the client for authorization.
The above embodiments are only specific cases of the present invention, and the protection scope of the present invention includes but is not limited to the above embodiments, and any suitable changes or substitutions that are consistent with the claims of a dynamic key-based security authentication method of the present invention and are made by a person having ordinary skill in the art should fall within the protection scope of the present invention.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (9)

1. A security authentication method based on dynamic keys is characterized by comprising the following steps:
s1, the client generates a dynamic key;
s2, the client side adopts dynamic key encryption transmission;
s3, the server receives the authentication request and carries out attack detection;
s4, intercepting by an intelligent intercepting module;
s5, receiving the decrypted data, and comparing the decrypted data with a database;
and S6, generating authorization information.
2. The dynamic key-based security authentication method of claim 1, wherein in step S1, the client requests to generate the verification code, then performs secondary MD5 encryption on the verification code, and extracts a part of the two encryption results to form a 16-bit dynamic key according to a certain rule.
3. The dynamic key-based security authentication method as claimed in claim 2, wherein the verification code is encrypted by MD5 for the first time, 16 bits of the result of MD5 for the first time are intercepted and then encrypted by MD5 for the second time, and the last 10 bits of the result of the second time are concatenated with the first 6 bits of the result of the first time to form the 16-bit dynamic key.
4. The dynamic key-based security authentication method of claim 1, wherein in step S2, the plaintext data is encrypted by AES algorithm, and the encrypted result is transcoded by BASE64 algorithm and then transmitted.
5. The dynamic key-based security authentication method of claim 1, wherein in step S3, the validity of the verification code is checked, the verification code is invalid, the error message is recorded, the request is intercepted, and the verification of the verification code is disabled.
6. The dynamic key-based security authentication method of claim 5, wherein the verification code is decrypted after passing verification, the key is generated according to the dynamic key rule, the encrypted text is tried to be decrypted, and error information is recorded when the decryption fails.
7. The dynamic key-based security authentication method of claim 1, wherein in step S4, the server-side intelligent interception module identifies an authentication request IP address and intercepts IP initiation requests in a blacklist.
8. The dynamic key-based security authentication method according to claim 1, wherein in step S5, the server security management and control module receives the decrypted data, compares the decrypted data with information in the database, and identifies a password enumeration attack;
and when the password is wrong, recording the password error times of the account, and locking the current account when the error times are accumulated to exceed 5 times.
9. The dynamic key-based security authentication method of claim 1, wherein in step S6, the server-side authentication and authorization module generates authorization information token for the request passing the verification, and returns the authorization information token to the client-side for authorization.
CN202011154759.7A 2020-10-26 2020-10-26 Security authentication method based on dynamic key Pending CN112260831A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011154759.7A CN112260831A (en) 2020-10-26 2020-10-26 Security authentication method based on dynamic key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011154759.7A CN112260831A (en) 2020-10-26 2020-10-26 Security authentication method based on dynamic key

Publications (1)

Publication Number Publication Date
CN112260831A true CN112260831A (en) 2021-01-22

Family

ID=74261579

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011154759.7A Pending CN112260831A (en) 2020-10-26 2020-10-26 Security authentication method based on dynamic key

Country Status (1)

Country Link
CN (1) CN112260831A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113553573A (en) * 2021-07-09 2021-10-26 深圳市高德信通信股份有限公司 Data security verification method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113553573A (en) * 2021-07-09 2021-10-26 深圳市高德信通信股份有限公司 Data security verification method
CN113553573B (en) * 2021-07-09 2024-02-06 深圳市高德信通信股份有限公司 Data security verification method

Similar Documents

Publication Publication Date Title
US6732270B1 (en) Method to authenticate a network access server to an authentication server
US10594479B2 (en) Method for managing smart home environment, method for joining smart home environment and method for connecting communication session with smart device
CN112702318A (en) Communication encryption method, decryption method, client and server
CN113626802B (en) Login verification system and method for equipment password
CN104796265A (en) Internet-of-things identity authentication method based on Bluetooth communication access
CN111224784B (en) Role separation distributed authentication and authorization method based on hardware trusted root
CN112685786A (en) Financial data encryption and decryption method, system, equipment and storage medium
KR20080050040A (en) Method for user authentication
US20230388121A1 (en) Method for encrypting and decrypting data across domains based on privacy computing
CN114282189A (en) Data security storage method, system, client and server
CN114143082A (en) Encryption communication method, system and device
Kwon et al. (In-) security of cookies in HTTPS: Cookie theft by removing cookie flags
US11784812B1 (en) Device, system, and method to facilitate secure data transmission, storage and key management
CN111541708B (en) Identity authentication method based on power distribution
CN112260831A (en) Security authentication method based on dynamic key
CN109412799B (en) System and method for generating local key
CN110912857B (en) Method and storage medium for sharing login between mobile applications
CN110995671A (en) Communication method and system
CN114553566B (en) Data encryption method, device, equipment and storage medium
KR20220128615A (en) Transmission of Security Information in Content Distribution Networks
CN112787821A (en) Asymmetric encryption Token verification method, server, client and system
Mezher et al. Secure Health Information Exchange (S-HIE) Protocol with Reduced Round-Trip Count
CN118054901B (en) Network communication method and storage device based on key identification quick transfer
TWI856757B (en) Cyber security authentication method for non-internet electronic device
KR100744603B1 (en) Authentification method for packet level user by use of bio data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210122

RJ01 Rejection of invention patent application after publication