CN113806721A - Access authentication method, device, equipment and computer readable storage medium - Google Patents

Access authentication method, device, equipment and computer readable storage medium Download PDF

Info

Publication number
CN113806721A
CN113806721A CN202111124484.7A CN202111124484A CN113806721A CN 113806721 A CN113806721 A CN 113806721A CN 202111124484 A CN202111124484 A CN 202111124484A CN 113806721 A CN113806721 A CN 113806721A
Authority
CN
China
Prior art keywords
authentication
data
server
token
token data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111124484.7A
Other languages
Chinese (zh)
Inventor
钟武杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN202111124484.7A priority Critical patent/CN113806721A/en
Publication of CN113806721A publication Critical patent/CN113806721A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2151Time stamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses an access authentication method, an access authentication device, electronic equipment and a computer readable storage medium, wherein the method is applied to terminal equipment waiting for access to a network, and an authentication server and a service server in the network synchronously maintain token data; the method comprises the following steps: sending the account and the password to an authentication server for verification; receiving authentication certificate data and authentication information data issued by an authentication server for terminal equipment after the authentication server passes the verification; the authentication voucher data is generated by the authentication information data and the token data through calculation of a preset algorithm; and sending the authentication certificate data and the authentication information data to a service server so that the service server can calculate the authentication information data and the token data stored locally based on a preset algorithm, and judging that the terminal equipment is successfully authenticated when the calculation result is consistent with the authentication certificate data. The method and the device can effectively solve the problem that an attacker cracks the authentication process by intercepting the data packet, and improve the safety of the access authentication process of the working network.

Description

Access authentication method, device, equipment and computer readable storage medium
Technical Field
The present application relates to the field of network communication technologies, and in particular, to an access authentication method, an access authentication device, an electronic device, and a computer-readable storage medium.
Background
With the rise of work scenes such as home and office, more and more personal devices can be connected to a work network at present. Because the number of devices to be accessed is becoming larger and larger, it is very important how to perform convenient, fast, safe and reliable authentication access on the devices.
Due to the history of network architectures, there are three main roles in currently used network architectures: the system comprises an authentication server, a service server and a BYOD (weighing away Own Device, which carries personal equipment), wherein the authentication server is used for providing an identity authentication function for the BYOD, the service server is used for providing network service for the authenticated BYOD, and the BYOD is the personal equipment provided with internet access behavior admission software.
The communication line between the authentication server and the service server is a management line, the bandwidth is small, and a high concurrency scene is not supported, so that the authentication server and the service server can only perform low-frequency few-data communication. Therefore, in the prior art, unified token data is preset in the authentication server and the service server, and other data for generating the authentication credential is transmitted by the BYOD. Therefore, once a communication data packet is intercepted and tampered, and then the authentication process is cracked, any BYOD device can be accessed into the network, and huge network safety hidden dangers are caused.
In view of the above, it is an important need for those skilled in the art to provide a solution to the above technical problems.
Disclosure of Invention
The application aims to provide an access authentication method, an access authentication device, an electronic device and a computer readable storage medium, so as to avoid equipment of an attacker from falsifying an identity to access a network through improving a defense mechanism.
In order to solve the technical problem, on one hand, the application discloses an access authentication method, which is applied to a terminal device waiting for access to a network, wherein an authentication server and a service server in the network synchronously maintain token data; the method comprises the following steps:
sending the account and the password to the authentication server for verification;
receiving authentication certificate data and authentication information data issued by the authentication server for the terminal equipment after the authentication server passes the verification; the authentication voucher data is generated by the authentication information data and the token data through calculation of a preset algorithm;
and sending the authentication voucher data and the authentication information data to the service server so that the service server can calculate the authentication information data and the token data stored locally based on the preset algorithm, and judging that the terminal equipment is successfully authenticated when the calculation result is consistent with the authentication voucher data.
Optionally, the token data is updated by the authentication server and the traffic server periodically.
Optionally, each update process of the token data includes:
after the authentication server regularly triggers token data updating operation, generating updated token data based on a secure random algorithm;
the authentication server sends the updated token data to the service server;
the service server updates local token data based on the received token data and sends an update success message to the authentication server;
and the authentication server updates the local token data after receiving the update success message.
Optionally, the generating updated token data based on the secure random algorithm includes:
and generating updated token data randomly selected within the range of 128-130 character digits based on a secure random algorithm.
Optionally, the preset algorithm is a sha256 algorithm; the authentication information data includes the account number, a time stamp, and a random number.
The application also discloses another access authentication method which is applied to a service server in a network, wherein the service server and the authentication server in the network synchronously maintain token data; the method comprises the following steps:
after the authentication server passes the verification of the account number and the password sent by the terminal equipment, receiving authentication certificate data and authentication information data from the authentication server forwarded by the terminal equipment; the authentication credential data is generated by the authentication server through calculation of a preset algorithm based on the authentication information data and the token data;
calculating the received authentication information data and locally stored token data based on the preset algorithm;
judging whether the calculation result is consistent with the received authentication voucher data or not;
and if so, judging that the authentication of the terminal equipment is successful.
In another aspect, the present application further discloses an access authentication apparatus, which is applied to a terminal device waiting for access to a network, where an authentication server and a service server in the network maintain token data synchronously; the device comprises:
the authentication request module is used for sending an account number and a password to the authentication server for verification;
the data receiving module is used for receiving authentication certificate data and authentication information data issued by the authentication server for the terminal equipment after the authentication server passes the verification; the authentication voucher data is generated by the authentication information data and the token data through calculation of a preset algorithm;
and the data forwarding module is used for sending the authentication voucher data and the authentication information data to the service server so that the service server can calculate the authentication information data and the locally stored token data based on the preset algorithm, and when the calculation result is consistent with the authentication voucher data, the authentication of the terminal equipment is judged to be successful.
The application also discloses another access authentication device which is applied to a service server in a network, wherein the service server and the authentication server in the network synchronously maintain token data; the device comprises:
the receiving processing module is used for receiving authentication certificate data and authentication information data which are forwarded by the terminal equipment and come from the authentication server after the account and the password which are sent by the authentication server to the terminal equipment are verified; the authentication credential data is generated by the authentication server through calculation of a preset algorithm based on the authentication information data and the token data;
the authentication calculation module is used for calculating the received authentication information data and the locally stored token data based on the preset algorithm;
the authentication judgment module is used for judging whether the calculation result is consistent with the received authentication voucher data or not; and if so, judging that the authentication of the terminal equipment is successful.
In another aspect, the present application also discloses an electronic device, including:
a memory for storing a computer program;
a processor for executing the computer program to implement any of the steps of the access authentication method applied to the terminal device or the steps of the access authentication method applied to the service server as described above.
In yet another aspect, the present application also discloses a computer readable storage medium, in which a computer program is stored, which, when being executed by a processor, is used to implement the steps of any one of the access authentication methods applied to the terminal device or the steps of the access authentication method applied to the service server.
The access authentication method, the access authentication device, the electronic equipment and the computer readable storage medium have the advantages that: by improving the authentication communication mechanism of the network access of the terminal equipment, the method and the device can effectively solve the problem that an attacker cracks the authentication process by intercepting and capturing the data packet, identify illegal equipment attempting to access the network by forging the identity, and improve the safety of the access authentication process of the working network.
Drawings
In order to more clearly illustrate the technical solutions in the prior art and the embodiments of the present application, the drawings that are needed to be used in the description of the prior art and the embodiments of the present application will be briefly described below. Of course, the following description of the drawings related to the embodiments of the present application is only a part of the embodiments of the present application, and it will be obvious to those skilled in the art that other drawings can be obtained from the provided drawings without any creative effort, and the obtained other drawings also belong to the protection scope of the present application.
Fig. 1 is a schematic diagram of an access authentication method in the prior art;
fig. 2 is a flowchart of an access authentication method disclosed in an embodiment of the present application;
fig. 3 is a schematic diagram of an access authentication method disclosed in an embodiment of the present application;
FIG. 4 is a schematic diagram of a token data update process disclosed in an embodiment of the present application;
fig. 5 is a flowchart of another access authentication method disclosed in the embodiment of the present application;
fig. 6 is a block diagram of an access authentication apparatus according to an embodiment of the present disclosure;
fig. 7 is a block diagram of a structure of another access authentication apparatus disclosed in the embodiment of the present application;
fig. 8 is a block diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
The core of the application is to provide an access authentication method, an access authentication device, an electronic device and a computer readable storage medium, so as to avoid the device of an attacker from falsifying an identity to access a network through improving a defense mechanism.
In order to more clearly and completely describe the technical solutions in the embodiments of the present application, the technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Currently, with the rise of work scenes such as home and office, more and more personal devices are connected to a work network. Because the number of devices to be accessed is becoming larger and larger, it is very important how to perform convenient, fast, safe and reliable authentication access on the devices.
Referring to fig. 1, fig. 1 is a schematic diagram of an access authentication method in the prior art. Due to the history of network architectures, there are three main roles in currently used network architectures: the system comprises an authentication server, a service server and a BYOD (weighing away Own Device, which carries personal equipment), wherein the authentication server is used for providing an identity authentication function for the BYOD, the service server is used for providing network service for the authenticated BYOD, and the BYOD is the personal equipment provided with internet access behavior admission software.
The communication line between the authentication server and the service server is a management line, the bandwidth is small, and a high concurrency scene is not supported, so that the authentication server and the service server can only perform low-frequency few-data communication. Service lines are arranged between the two servers and the BYOD, the bandwidth is large, and high concurrency can be supported.
For the network architecture, due to the large number of BYODs and the centralized authentication time, the service server cannot use a management line with a small bandwidth to request the authentication server to verify the identity of each BYOD. Therefore, in the related art, unified token data is usually preset in the authentication server and the service server, and other data for generating the authentication credentials are transmitted in the service lines 1 and 2 by means of BYOD. Therefore, once a communication data packet is intercepted and tampered, and the authentication process is cracked, any BYOD device can be accessed into the network, and huge network safety hidden dangers are caused. In view of this, the present application provides an access authentication scheme, which can effectively solve the above problem.
Referring to fig. 2, an embodiment of the present application discloses an access authentication method, which is applied to a terminal device waiting for access to a network, where an authentication server and a service server in the network synchronously maintain token data (token); the method comprises the following steps:
s101: and sending the account and the password to an authentication server for verification.
S102: receiving authentication certificate data (auth) and authentication information data of the terminal equipment issued by the authentication server after the authentication is passed; the authentication voucher data is generated by calculation of authentication information data and token data through a preset algorithm.
S103: and sending the authentication certificate data and the authentication information data to a service server so that the service server can calculate the authentication information data and the token data stored locally based on a preset algorithm, and judging that the terminal equipment is successfully authenticated when the calculation result is consistent with the authentication certificate data.
Specifically, the above access authentication method provided in the present application may refer to the schematic diagram shown in fig. 3, where BYOD is a terminal device of an individual requesting to access a network. First, it should be noted that the authentication server and the service server communicate through a management line, the authentication server may issue token data (token) to the service server through a TLS (Transport Layer Security) secure channel, and the service server receives and stores the token data.
Specifically, in the process (i), BYOD sends its pre-registered account and password to the authentication server for identity verification. After the authentication server passes the verification, the authentication certificate data and the authentication information data are returned in the process II. Then, in the third process, BYOD forwards the received authentication credential data and authentication information data to the service server.
As the name implies, the authentication credential data is a credential that a terminal device is allowed to access the network. And the authentication information data of the terminal device is the relevant information data of each item of authentication operation performed by the terminal device. And, the authentication credential data is generated by calculation based on the authentication information data of the terminal device and the common token data.
The service server calculates the received authentication information data and the token data stored locally, and compares whether the calculation result is consistent with the received authentication voucher data. If the BYOD is consistent with the BYOD, the BYOD can be judged to be successfully authenticated, and then a message of successful authentication can be sent to the BYOD in the process (iv) so that the BYOD jumps to a service page. If the calculated result is not consistent with the received authentication voucher data, the BYOD authentication failure can be judged, and the service server can send an authentication failure message to the BYOD in the process (iv) to enable the BYOD to jump to the authentication page again for authentication again.
In the access authentication method provided by the embodiment of the application, the data transmitted by the terminal equipment simultaneously comprises the authentication information data of the equipment and the authentication certificate data serving as the final certificate, so that the service server can automatically calculate and check the received authentication certificate data according to the authentication information data so as to identify the disguised illegal equipment. Therefore, even if an attacker cracks and counterfeits the authentication information data by intercepting the communication data packet, the attacker does not master the preset algorithm and the token data adopted by the authentication server and the service server, so that the authentication certificate data sent by the attacker is inconsistent with the correct authentication certificate data obtained by the service server through calculation, and the counterfeited identity can be recognized.
Therefore, the access authentication method provided by the application can effectively solve the problem that an attacker cracks the authentication process by intercepting the data packet by improving the authentication communication mechanism of the terminal equipment accessing the network, identifies the illegal equipment attempting to access the network by forging the identity, and improves the safety of the access authentication process of the working network.
As a specific embodiment, the access authentication method provided in the embodiment of the present application presets an algorithm as a sha256 algorithm on the basis of the above contents; the authentication information data includes an account number, a time stamp, and a random number.
Specifically, in order to further improve the security of the authentication process, the embodiment may select the sha256 algorithm as the preset algorithm for generating the authentication credential data. Namely:
auth ═ sha256 (account number, timestamp, random number, token).
Specifically, the sha Algorithm (Secure Hash Algorithm) is a series of cryptographic Hash functions designed by the national security agency, published by the national institute of standards and technology, and includes variations of sha1, sha224, sha256, sha384, and sha 512. According to the computing security requirement and the computing power condition of the application, the embodiment selects the sha256 algorithm with the hash value length of 256 bits.
Further, the authentication information data used for calculating the authentication credential data may specifically include three items, namely an account number, a timestamp, and a random number; wherein, the byte numbers respectively corresponding to the three can be 90, 8 and 8. It should be noted that, since each item of data is ordered when performing the hash calculation, the authentication server or the service server calculates the authentication credential by calculating the account number, the timestamp, the random number, and the token data in a predetermined order.
As a specific embodiment, in the access authentication method provided in the embodiment of the present application, based on the above contents, the token data is updated by the authentication server and the service server at regular time.
Specifically, the embodiment also updates the token data at regular time to further improve the security of the token data, thereby improving the security of the network access authentication.
Referring to fig. 4, fig. 4 is a schematic diagram of a token data updating process disclosed in an embodiment of the present application. Specifically, as a specific embodiment, in the access authentication method provided in the embodiment of the present application, on the basis of the foregoing content, each update process of the token data includes:
after the authentication server regularly triggers token data updating operation, generating updated token data based on a secure random algorithm;
the authentication server sends the updated token data to the service server;
the service server updates local token data based on the received token data and sends an update success message to the authentication server;
and the authentication server updates the local token data after receiving the update success message.
It should be added that, in order to further improve the security, the authentication server may perform authentication with the service server before triggering the token data update operation each time, so as to determine whether the other party is really the service server in the network. When the opposite side is determined to be the service server in the network, the authentication server can randomly update the token data and issue the token data to the service server, and after the service server finishes updating, the authentication server can also switch to use the updated token data.
In addition, the update time of the authentication server timing trigger token data in fig. 4 is 00:00 per day, and those skilled in the art can set other times by themselves, which is not limited in the present application.
As a specific embodiment, the access authentication method provided in the embodiment of the present application generates updated token data based on a secure random algorithm on the basis of the foregoing content, and includes:
and generating updated token data with the data bit number randomly selected in the range of 128-130 based on a secure random algorithm.
Specifically, when the token data is updated, the token data is updated not only by updating the data value, but also by updating the token data value within a wider range of randomly updating the character bit number of the token data, so that the security of the token data is further improved, and the token data is more difficult to attack and crack.
Furthermore, the current main idea of cracking the hash algorithm is to record all hash values by generating a data table with a rainbow table or similar linked list structure, and then obtain a hashed plaintext by looking up the table, so that, in combination with current and future computing power, the embodiment recommends that the length of token characters is 128 to 130, and the lengths of the three characters 128, 129 and 130 are randomly changed, so as to improve the prediction difficulty.
Referring to fig. 5, an embodiment of the present application discloses another access authentication method, which is applied to a service server in a network, where the service server and an authentication server in the network maintain token data synchronously; the method mainly comprises the following steps:
s201: after the authentication server passes the verification of the account number and the password sent by the terminal equipment, receiving authentication certificate data and authentication information data from the authentication server forwarded by the terminal equipment; and the authentication credential data is generated by the authentication server through calculation of a preset algorithm based on the authentication information data and the token data.
S202: and calculating the received authentication information data and the locally stored token data based on a preset algorithm.
S203: judging whether the calculation result is consistent with the received authentication voucher data or not; if yes, the process proceeds to S204.
S204: and judging that the authentication of the terminal equipment is successful.
Therefore, the access authentication method provided by the application can effectively solve the problem that an attacker cracks the authentication process by intercepting the data packet by improving the authentication communication mechanism of the terminal equipment accessing the network, identifies the illegal equipment attempting to access the network by forging the identity, and improves the safety of the access authentication process of the working network.
For the specific content of the access authentication method applied to the service server, reference may be made to the foregoing detailed description of the access authentication method applied to the terminal device, and details thereof are not repeated here.
As a specific embodiment, the access authentication method disclosed in the embodiment of the present application updates the token data by the authentication server and the service server at regular time based on the above contents.
As a specific embodiment, in the access authentication method disclosed in the embodiment of the present application, on the basis of the foregoing content, each update process of the token data includes:
the method comprises the steps that after an authentication server triggers token data updating operation at regular time and generates updated token data based on a secure random algorithm, the updated token data sent by the authentication server are received;
performing local token data update based on the received token data;
and sending an update success message to the authentication server so that the authentication server performs local token data update after receiving the update success message.
As a specific embodiment, in the access authentication method disclosed in the embodiment of the present application, on the basis of the above content, the authentication server generates updated token data based on a secure random algorithm, including:
the authentication server generates updated token data randomly selected within a range of 128-130 character digits based on a secure random algorithm.
As a specific embodiment, the access authentication method disclosed in the embodiment of the present application presets an algorithm as a sha256 algorithm on the basis of the above contents; the authentication information data includes an account number, a time stamp, and a random number.
Referring to fig. 6, an embodiment of the present application discloses an access authentication apparatus, which is applied to a terminal device waiting for access to a network, where an authentication server and a service server in the network synchronously maintain token data; the device mainly includes:
an authentication request module 301, configured to send an account and a password to an authentication server for verification;
a data receiving module 302, configured to receive authentication credential data and authentication information data issued by the authentication server for the terminal device after the authentication passes; the authentication voucher data is generated by the authentication information data and the token data through calculation of a preset algorithm;
and the data forwarding module 303 is configured to send the authentication credential data and the authentication information data to the service server, so that the service server calculates the authentication information data and the token data stored locally based on a preset algorithm, and determines that the terminal device is successfully authenticated when a calculation result is consistent with the authentication credential data.
Therefore, the access authentication device disclosed in the embodiment of the application can effectively solve the problem that an attacker cracks the authentication process by intercepting and capturing a data packet by improving the authentication communication mechanism of the terminal device accessing the network, identify the illegal device attempting to access the network by forging the identity, and improve the security of the access authentication process of the working network.
For the specific content of the above access authentication device, reference may be made to the foregoing detailed description of the access authentication method applied to the terminal device, and details are not repeated here.
As a specific embodiment, the access authentication device disclosed in the embodiment of the present application updates the token data by the authentication server and the service server at regular time based on the above contents.
As a specific embodiment, the access authentication apparatus disclosed in the embodiment of the present application, on the basis of the above contents, in each update process of the token data:
the authentication server is used for generating updated token data based on a secure random algorithm after triggering the token data updating operation at regular time and sending the updated token data to the service server;
the service server is used for updating local token data according to the received token data and sending an updating success message to the authentication server; so that the authentication server performs local token data update after receiving the update success message.
As a specific embodiment, the access authentication apparatus disclosed in the embodiment of the present application, on the basis of the above contents, when the authentication server generates the updated token data based on the secure random algorithm, is specifically configured to:
and generating updated token data randomly selected within the range of 128-130 character digits based on a secure random algorithm.
As a specific embodiment, the access authentication device disclosed in the embodiment of the present application, on the basis of the above contents, presets an algorithm as a sha256 algorithm; the authentication information data includes an account number, a time stamp, and a random number.
Referring to fig. 7, an embodiment of the present application discloses another access authentication apparatus, which is applied to a service server in a network, where the service server and an authentication server in the network maintain token data synchronously; the device includes:
the receiving processing module 401 is configured to receive, after the account and the password sent by the terminal device are verified by the authentication server, authentication credential data and authentication information data from the authentication server and forwarded by the terminal device; the authentication voucher data is generated by the authentication server through calculation of a preset algorithm based on the authentication information data and the token data;
an authentication calculation module 402, configured to calculate the received authentication information data and the locally stored token data based on a preset algorithm;
an authentication judgment module 403, configured to judge whether a calculation result is consistent with the received authentication credential data; and if so, judging that the authentication of the terminal equipment is successful.
Therefore, the access authentication device disclosed in the embodiment of the application can effectively solve the problem that an attacker cracks the authentication process by intercepting and capturing a data packet by improving the authentication communication mechanism of the terminal device accessing the network, identify the illegal device attempting to access the network by forging the identity, and improve the security of the access authentication process of the working network.
For the specific content of the above access authentication device, reference may be made to the foregoing detailed description of the access authentication method applied to the service server, and details thereof are not repeated here.
As a specific embodiment, the access authentication device disclosed in the embodiment of the present application updates the token data by the authentication server and the service server at regular time based on the above contents.
As a specific embodiment, the access authentication apparatus disclosed in the embodiment of the present application, on the basis of the above contents, in each update process of the token data:
the authentication server is used for generating updated token data based on a secure random algorithm after triggering the token data updating operation at regular time and sending the updated token data to the service server;
the service server is used for updating local token data according to the received token data and sending an updating success message to the authentication server; so that the authentication server performs local token data update after receiving the update success message.
As a specific embodiment, the access authentication apparatus disclosed in the embodiment of the present application, on the basis of the above contents, when the authentication server generates the updated token data based on the secure random algorithm, is specifically configured to:
and generating updated token data randomly selected within the range of 128-130 character digits based on a secure random algorithm.
As a specific embodiment, the access authentication device disclosed in the embodiment of the present application, on the basis of the above contents, presets an algorithm as a sha256 algorithm; the authentication information data includes an account number, a time stamp, and a random number.
Referring to fig. 8, an embodiment of the present application discloses an electronic device, including:
a memory 501 for storing a computer program;
a processor 502 for executing the computer program to implement the steps of any of the above-described access authentication methods applied to a terminal device, or the steps of any of the above-described access authentication methods applied to a service server.
Further, the present application also discloses a computer-readable storage medium, in which a computer program is stored, and the computer program is used for implementing the steps of any one of the access authentication methods applied to the terminal device, or the steps of any one of the access authentication methods applied to the service server, when executed by a processor.
For details of the electronic device and the computer-readable storage medium, reference may be made to the foregoing detailed description of the access authentication method, and details thereof are not repeated here.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the equipment disclosed by the embodiment, the description is relatively simple because the equipment corresponds to the method disclosed by the embodiment, and the relevant parts can be referred to the method part for description.
It is further noted that, throughout this document, relational terms such as "first" and "second" are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Furthermore, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The technical solutions provided by the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, without departing from the principle of the present application, several improvements and modifications can be made to the present application, and these improvements and modifications also fall into the protection scope of the present application.

Claims (10)

1. An access authentication method is characterized in that the method is applied to terminal equipment waiting for access to a network, and an authentication server and a service server in the network synchronously maintain token data; the method comprises the following steps:
sending the account and the password to the authentication server for verification;
receiving authentication certificate data and authentication information data issued by the authentication server for the terminal equipment after the authentication server passes the verification; the authentication voucher data is generated by the authentication information data and the token data through calculation of a preset algorithm;
and sending the authentication voucher data and the authentication information data to the service server so that the service server can calculate the authentication information data and the token data stored locally based on the preset algorithm, and judging that the terminal equipment is successfully authenticated when the calculation result is consistent with the authentication voucher data.
2. The method of claim 1, wherein the token data is updated by the authentication server and the traffic server periodically.
3. The method of claim 2, wherein each update of the token data comprises:
after the authentication server regularly triggers token data updating operation, generating updated token data based on a secure random algorithm;
the authentication server sends the updated token data to the service server;
the service server updates local token data based on the received token data and sends an update success message to the authentication server;
and the authentication server updates the local token data after receiving the update success message.
4. The method of claim 3, wherein generating updated token data based on the secure random algorithm comprises:
and generating updated token data randomly selected within the range of 128-130 character digits based on a secure random algorithm.
5. The method according to any one of claims 1 to 4, wherein the preset algorithm is a sha256 algorithm; the authentication information data includes the account number, a time stamp, and a random number.
6. An access authentication method is applied to a service server in a network, and token data are synchronously maintained by the service server and an authentication server in the network; the method comprises the following steps:
after the authentication server passes the verification of the account number and the password sent by the terminal equipment, receiving authentication certificate data and authentication information data from the authentication server forwarded by the terminal equipment; the authentication credential data is generated by the authentication server through calculation of a preset algorithm based on the authentication information data and the token data;
calculating the received authentication information data and locally stored token data based on the preset algorithm;
judging whether the calculation result is consistent with the received authentication voucher data or not;
and if so, judging that the authentication of the terminal equipment is successful.
7. An access authentication device is applied to a terminal device waiting for access to a network, and an authentication server and a service server in the network synchronously maintain token data; the device comprises:
the authentication request module is used for sending an account number and a password to the authentication server for verification;
the data receiving module is used for receiving authentication certificate data and authentication information data issued by the authentication server for the terminal equipment after the authentication server passes the verification; the authentication voucher data is generated by the authentication information data and the token data through calculation of a preset algorithm;
and the data forwarding module is used for sending the authentication voucher data and the authentication information data to the service server so that the service server can calculate the authentication information data and the locally stored token data based on the preset algorithm, and when the calculation result is consistent with the authentication voucher data, the authentication of the terminal equipment is judged to be successful.
8. An access authentication device is applied to a service server in a network, and the service server and an authentication server in the network synchronously maintain token data; the device comprises:
the receiving processing module is used for receiving authentication certificate data and authentication information data which are forwarded by the terminal equipment and come from the authentication server after the account and the password which are sent by the authentication server to the terminal equipment are verified; the authentication credential data is generated by the authentication server through calculation of a preset algorithm based on the authentication information data and the token data;
the authentication calculation module is used for calculating the received authentication information data and the locally stored token data based on the preset algorithm;
the authentication judgment module is used for judging whether the calculation result is consistent with the received authentication voucher data or not; and if so, judging that the authentication of the terminal equipment is successful.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to carry out the steps of the method according to any one of claims 1 to 5 or the steps of the method according to claim 6.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, is adapted to carry out the steps of the method according to any one of claims 1 to 5 or the steps of the method according to claim 6.
CN202111124484.7A 2021-09-24 2021-09-24 Access authentication method, device, equipment and computer readable storage medium Pending CN113806721A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111124484.7A CN113806721A (en) 2021-09-24 2021-09-24 Access authentication method, device, equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111124484.7A CN113806721A (en) 2021-09-24 2021-09-24 Access authentication method, device, equipment and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN113806721A true CN113806721A (en) 2021-12-17

Family

ID=78896732

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111124484.7A Pending CN113806721A (en) 2021-09-24 2021-09-24 Access authentication method, device, equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN113806721A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102299928A (en) * 2011-09-13 2011-12-28 航天科工深圳(集团)有限公司 Network terminal service authentication method and device
CN102332977A (en) * 2010-07-13 2012-01-25 F2威尔股份有限公司 Use ISP's server and certificate server authentication user's method
CN102457555A (en) * 2010-10-28 2012-05-16 中兴通讯股份有限公司 Security system and method for distributed storage
CN104125565A (en) * 2013-04-23 2014-10-29 中兴通讯股份有限公司 Method for realizing terminal authentication based on OMA DM, terminal and server
CN109672654A (en) * 2017-10-17 2019-04-23 阿里巴巴集团控股有限公司 Information authentication method, device, terminal and server
CN110830471A (en) * 2019-11-06 2020-02-21 北京一砂信息技术有限公司 OTP (one time password) verification method, server, client and computer-readable storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102332977A (en) * 2010-07-13 2012-01-25 F2威尔股份有限公司 Use ISP's server and certificate server authentication user's method
CN102457555A (en) * 2010-10-28 2012-05-16 中兴通讯股份有限公司 Security system and method for distributed storage
CN102299928A (en) * 2011-09-13 2011-12-28 航天科工深圳(集团)有限公司 Network terminal service authentication method and device
CN104125565A (en) * 2013-04-23 2014-10-29 中兴通讯股份有限公司 Method for realizing terminal authentication based on OMA DM, terminal and server
CN109672654A (en) * 2017-10-17 2019-04-23 阿里巴巴集团控股有限公司 Information authentication method, device, terminal and server
CN110830471A (en) * 2019-11-06 2020-02-21 北京一砂信息技术有限公司 OTP (one time password) verification method, server, client and computer-readable storage medium

Similar Documents

Publication Publication Date Title
CN108259502B (en) Authentication method for obtaining interface access authority, server and storage medium
CN105939326B (en) Method and device for processing message
CN105656859B (en) Tax control equipment software safety online upgrading method and system
CN106453361B (en) A kind of security protection method and system of the network information
CN108259406B (en) Method and system for verifying SSL certificate
US10630574B2 (en) Link processing method, apparatus, and system
US8176539B2 (en) Methods for protecting against cookie-poisoning attacks in networked-communication applications
CN109005142B (en) Website security detection method, device, system, computer equipment and storage medium
CN109639642A (en) Safety certifying method, device and storage medium based on MQTT
CN107295011A (en) The safety certifying method and device of webpage
CN107508822B (en) Access control method and device
CN112989426B (en) Authorization authentication method and device, and resource access token acquisition method
CN102868702B (en) System login device and system login method
CN102752269A (en) Cloud computing-based method and system for identity authentication and cloud server
CN110943840B (en) Signature verification method
CN111818088A (en) Authorization mode management method and device, computer equipment and readable storage medium
CN110311880A (en) Method for uploading, the apparatus and system of file
CN113536250B (en) Token generation method, login verification method and related equipment
CN113595985A (en) Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip
CN112351117A (en) Domain name management method and device, electronic equipment and storage medium
CN111988275A (en) Single sign-on method, single sign-on server cluster and electronic equipment
CN112968910A (en) Replay attack prevention method and device
CN109726578B (en) Dynamic two-dimensional code anti-counterfeiting solution
CN112566121B (en) Method for preventing attack, server and storage medium
CN113225348B (en) Request anti-replay verification method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination